The following commit introduced a defect "13089: Dereference after null
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Aug 28 17:28:59 2012 -0700
Trac Ticket #437 - variable dn should not be used in ldbm_back_delete
. Enabled betxn by default on the following plugins:
7-bit check Plugin, Attribute uniqueness Plugin
Auto Membership Plugin, Class of Service Plugin
Managed Entries, MemberOf Plugin
Multimaster Replication Plugin
PAM Pass Through Auth Plugin
Referential integrity postoperation Plugin
Roles Plugin, State Change Plugin, USN Plugin
. Exposed backend transaction to plugins:
. Backend serial lock is held just before the backend transaction,
instead of at the earliest timing into the backend db plugin.
. dse: adjusting to the bepost behaviour, put betxn post hook into
. MemberOf Plugin:
+ If betxn is on, MemberOf post operations are called at the
betxn postop timing, which is aborted if the main operation
+ When betxn is on, member of operations are in the transaction
as sell as in the backend serial lock. Taking advantage of it,
memberof_lock is not held if betxn is on.
+ MemberOf fixup task uses exposed transaction APIs.
. Multimaster Replication Plugin
+ If betxn is on, Multimaster Replication bepost operations are
called at the betxn postop timing. Since betxn post callbacks
are already declared, each bepost callback is called from the
existing betxn post callbacks (see multimaster_be_betxnpostop_*).
. PAM Pass Through Auth Plugin:
+ If betxn is on, PAM Pass Through pre/post operations are called
at the betxn preop/postop timing, respectivly.
. Referential integrity postoperation Plugin
+ If betxn is on, Referential integrity post operations are called
at the betxn postop timing.
+ When betxn is on, referential integirity post operations are in
the transaction as sell as in the backend serial lock. Taking
advantage of it, referint_lock is not held if betxn is on.
+ cos_cache.h: added '#include "ldaplog.h" and removed copied
LDAPDebug from cos.c and cos_cache.c.
+ cos_cache.c: added missing CR at the end of some error messages.
+ repl5_replica.c: removed (nscpentrydn=*) from searching tombstone
+ back-ldbm.h: increased RETRY_TIMES count from 50 to 1024.
+ entry.c: in addition to "true"|"false", "yes"|"no", and digits,
let slapi_entry_attr_get_bool accept "on"|"off".
+ mapping_tree.c: changed the log level of a warning "Mapping tree
node entry for "" point to an unknown backend" issued in mtn_get_be
to BACKLDBM". This message is logged at the start up time of Class
of Service plugin from the dse hook, which is benign.
The setup is as follows. We have set up a server with 389 DS without DNS (hardcoded IP addresses in /etc/hosts) and created a CA certificate for distribution on servers and clients. The 389 client has been set up to allow users created on the server to authenticate against LDAP when logging in for the first time. However, this is failing.
The server has 389 and a CA certificate.
The client is given the CA certificate as certificate.asc. Then, we used authconfig-tui to configure the client to use LDAP authentication against the server using TLS/SSL.
In regards to a previous thread, one had brought up that there might be issues using LDAP authentication with TLS if the server is set up without DNS and has IP addresses hard-coded in /etc/hosts. Does anyone have any suggestions as to why I am unable to log in against the server from my client machine. The user created in LDAP is given POSIX attributes so that if it's a user attempting to log in for the first time, it is able to do so (since POSIX attributes includes Group ID, UID, etc.)