Created NullOutputStream.wrapOrNullStream() and used it in all tools instead of duplicating the null checks everywhere.

Fix OPENDJ-632 ldapmodify: wrong return code when an invalid port is specified

Revert commit 6559 and complete commit 6550. There were some inconsistencies in the way the connectTimeout was applied to the tools. The time out should only apply to the establishing of the connection not to every operation done in the connection. But due to a defect, the timeout was kept for all subsequent operations preventing some of them to complete. The proposed changes reset the timeout of the socket to 0 (no timeout) once the connection has been established. Default connection timeout has been reset to 30 seconds for all tools.

Ldaptools should not timeout by default when processing operations (some delete or searches may take a long time, especially subtree deletes and persistent searches).

Implements a configurable limit in the number of persistent searches a server can handle.

Fix for issue #3966. Handle notice of deconnection properly

Fix an issue with connection timeouts in CLI. The timeout is now configurable on CLI with the --connectTimeout option (expressed in milliseconds), the default is 30 000 milliseconds. This solves Issue 4196.

- RFC 3672 Subentries Control implementation : make earlier drafts based implementation obsolete; keep ldapSubEntry OC search matching criteria for backward compatibility.

Fix 4193: Cannot see ECL cookie exchange response control with ldapsearch

Revert fix for issue 3935 because it is invalid.

issue# 2624:ldapsearch: wrong return code when no password provided

Fix for issue 3935 (ldapsearch --countEntries and debugsearchindex : incorrect behavior) Parse the result sent by the server when the debugsearchindex attribute is requested.

Fix ServiceTag URN for 2.0 Fix ServiceTag Registration adding debug message in case of error Fix 2619 : ldap tools always return 1 in case of argument parsing error Fix 3690 : SNMP: incorrect value for dsServerDescription entry Fix an error in the util script when the install dir is != instance dir

Fix for issue 2764 (ldapsearch: "--countEntries" option, the number of matching entries should not be used as return code) --This line, and th se below, will be ignored-- M tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPSearchTestCase.java M src/server/org/opends/server/tools/LDAPSearch.java

Move the password prompting out of the LDAPAuthenticationHandler class so a connection to the server isn't tied up while waiting for the user to enter a password. Issue 3828.

Fix for issue 2616 (ldapsearch: error parsing command-line arguments) Use a MultiChoiceArgument instead of a StringArgument for the scope argument. The consequence of this is that the error message refers to the scope argument if no scope value is specified but the user provided the -s value. In addition to this the code has been modified to allow specifying capital letters for scopes (so now -b ONE is accepted by the command-line).

Fix for issue #3714 (ldapsearch should return exit code 10 when it receives a referral) If a referral is returned, we now return 10.

Merge ASN1 branch to trunk

Fix for issue 3718: Option '-A, --typesOnly' ignored by the ldapsearch tool

Fix for issue #3041 (ldapsearch: trailing arguments are not interpreted as attributes when --filename option is specify) Trailing arguments should be structured as follow: - If a filter file is present, trailing arguments are considered as attributes - If filter file is not present, the first trailing argument is considered the filter, the other as attributes.

Fix for issue 2130 (i18n CLI usage placeholders) The fix consists on changing the placeHolderValue from a String to a Message so that it can be localized. The interfaces and constructors of the argument objects have been updated to reflect this change. The placeholders are defined in tool.properties.

Updated the copyright statement to reflect that Sun owns the full copyright on the project files.

Modifications related to issue https://opends.dev.java.net/issues/show_bug.cgi?id=582 ldap tools (ldapsearch, ldapdelete, ldapcompare, ldapmodify, ldappasswordmodify) will now be able to use properties files.

Addresses issue 2143 which is intended to help with the readability of the usage statements by allowing options to be grouped logically by type. Many of the utilities arguments have grown to such an extent that it is difficult to sort through the various types of arguments to find what you are looking for. For instance the usage statement for the task schedulable arguments are mixed with the LDAP connection arguments which makes them difficult to ignore if they want to use the tool in offline mode. This code also make consistent the position of standard options (e.g. help, version, quiet, verbose) within usage statements. ArgumentParser (and SubCommandArgumentParse) have 4 built-in groups: General Options (for help and version commands), LDAP Connection Options (e.g. host, port), Utility Input/Output Options (e.g. quiet, verbose, no-prompt, argument file etc) and default options (for ungrouped arguments). The default group appears first in the list without a header to maintain backward consistency. Other groups can be defined for a usage statement by supplying an ArgumentGroup to the addArgument() method.

Provide a new EmbeddedUtils.initializeForClientUse() method that can be used to initialize the proper internal structures so that OpenDS code can be more easily used for client-side applications that could benefit from the code but don't want or need to be running in the same JVM as the server. Also, update the DirectoryServer.bootstrapClient() method (which is what EmbeddedUtils.initializeForClientUse() uses behind the scenes) can be called multiple times on the same server instance without interfering with any previous initialization that might have been done. In short, it will ensure that this initialization occurs no more than once during the life of the DirectoryServer object instance.

This commit is a step toward getting OpenDS internationalized. There are still issues to be resolved before we can declare that we are internationalized but this commit covers the bulk of changes needed at this time. In general this commit converts any string values that might potentially be shown to an end user (client or administrator) to a new class called Message. This includes exception messages, error log messages, alert and email text, labels, and CLI output. Message's main interface includes methods for rendering itself as a string in the default locale using toString() or a specified locale toString(Locale). In addition to addressing localization, this would allow us to potentially support controls allowing clients to set a preferred locale for server communication or output log messages in different languages. Message extends CharSequence so it can be used in some places where strings are currently used with not code change (e.g. writing to a buffer) as well as allowing messages to be composed of one another. In order to create localized messages, instead of adding them to the *Messages.java class, you define them in the corresponding properties files. In general the property file keys are used to derive the new messages severity, category, and ordinal. There are directives that can be used in the properties file in order to avoid doing this however. For instance all the properties files used internally include the 'global.category' directive at the top of the file that instructs the generator to make all the following message belong to a single category. So for internal messages the property value key will be as follows: [SEVERITY]_[DESCRIPTION]_[ORDINAL] See the properties files themselves for more information. Once your messages are in the properties file you can use the ant target 'generatemessages' to create create MessageDescriptor objects that are referred to in the Java code. In the code you might think of these objects as replacing the int-valued message IDs. To create messages you call MessageDescriptor.get() which replaces MessageHandler.getMessage(). It might be helpful then to try to define your messages before referring to them in your code since until you run 'generatemessages' you won't have any Java-code with with to create your message objects. In order to support non-localizable text in messages (host names, DN's, etc.) Message's can be created from String values by calling Message.raw(String). In this way it is also possible to circumvent the intention of changing the APIs to use Message objects instead of Strings which is to support writing of localizable messages. This method is currently used in the code as a crutch for areas of the code that need internationalization (tagged with a 'TODO: i18n' comment). It might also be used by 3rd party developers that don't intend to localize their products. However for internal use we should not be using this method to create Messages for text that is locale sensitive. Additionally this code includes a MessageBuilder that can be used in much the same way that a StringBuilder can be used. It has a method toMessage() that can be used to generate a message object when needed. At this time this method just converts the buffer contents to a raw, unlocalizable message so this will need to addressed in the future. Some other issues: - While all of the unit tests pass after this commit, there may be issues in the code where we have no or minimal test coverage. This includes much of the setup and GUI tools packages for which I have not done any testing but will begin after this commit. - The new message related Java sources are contained in package org.opends.messages and organized in a new module src/module modeled somewhat after the admin module: src/messages/src (non-generated Java source files) src/messages/generated (generated source files) src/messages/messages (properties files for messages) If you run the code from within your IDE you will have to mark all messages/src, messages/generated and messages as source directories. - To generated the MessageDescriptor files you invoke the 'generatemessages' target. - If you run the code from within your IDE you will probably ne - This commit would change the plugin API. Here are the changes caught by DirectoryServerPluginTestCase: doShutdown(String)->doShutdown(Message) doPostDisconnect(PostDisconnectPluginResult,ClientConnection,DisconnectReason,int,String) -> doPostDisconnect(PostDisconnectPluginResult,ClientConnection,DisconnectReason,Message); - This commit aligns the entire code-base behind the new Formatter class (printf style formattings like %s) as opposed to the older MessageFormat style (using curly braces for message arguments). This allows us to provide more type safety for message arguments. So for instance you can include a %c argument specifier in your format string and the MessageDescriptor will enforce specification of a Character as message creation time. - Not all of the config framework has not been converted to use Messages. Perhaps as some point we might have a 'message' syntax for locale-sensitive textural data. I'm sure Matt will have ideas about this. - In addition to Message, MessageDescriptor and MessageBuilder, the org.opends.server.message package includes enums for Category and Severity that replace the definitions formerly found in MessageHandler. - The interface for the ErrorLogger has been simplified to allow logging of messages using a single Message parameter. The severity and category of the message will be derived from the Message itself instead of specified as arguments when a message is logged. - I will provide more documentation about this plumbing on the Wiki shortly. - I will expand on the included tests soon.

Fix for issue #1015: ldapsearch --verbose option doesn't work. This change causes ldapsearch and ldapmodify verbose options to trace the contents of incoming and outgoing LDAP messages and ASN.1 elements to standard error stream. It excludes search-result-entry messages from the trace since this would be rather too verbose and not very useful. The main use for verbose output is to investigate connection problems, referral following and such. A possible improvement would be to use a separate option for the ASN.1 tracing, and add session related output such as connection details, security context details and auth details as well as referral chasing details (all this must currently be derived from the protocol trace).

Update all of the command-line tools to ensure that the exit code should always be between 0 and 255, which are the bounds enforced by most shells and operating environments. Any negative value, or any positive value greater than 255 will be changed to 255. OpenDS Issue Number: 1883

Remove the dependence on AspectJ for all non method-entry and method-exit related debug messages. All debug statements will now work w/o weaving enabled. However, method-entry and method-exit debug messages work only with weaving enabled.

issue 1430 fix (all utilities should provide as standard option -V/--version) to specify the LDAP protocol version number, we should use now -V/--ldapVersion to get the 'product' version --version In all other tools/CLIs -V/--version will print the version info

Issue [1395] NullPointerException raised by ldapsearch when prompt for bind passwd When "-w -" is passed to a command-line tool such as ldapsearch, the tool requests the bind password from standard input. OpenDS on Java 6 uses java.io.Console.readPassword method. For prior releases a utility method org.opends.server.util.PasswordReader.readPasswordUsingBackspaces is used, and this routine returns a char[] with the user-supplied password, which is used to initialize a String. In the case no password was supplied (i.e., the user just presses return at the prompt), the routine returns null, which results in an exception. This change returns char[0] in the case of an empty password, which mimics the behavior of the Java 6 java.io.Console.readPassword, and eliminates the exception.

Add ACI support for Get Effective Rights control. Issue #87.

Implement support for the virtual list view (VLV) control as defined in draft-ietf-ldapext-ldapv3-vlv. This can be used to retrieve a specified page of a search result set. Any result set that can be used with server-side sorting can also be used with VLV. The ldapsearch tool has also been updated to support this control. OpenDS Issue Number: 80

Add initial support for server-side sorting in OpenDS. This implementation will only work for indexed searches, and it operates by sorting the ID list before iterating through the entries to return them to the client. The ldapsearch tool has also been updated to support the "-S" option to specify that the entries should be sorted with a given sort order. A more complete sorting solution, which will offer the ability to sort results that are not otherwise indexed, will require a sort/VLV index mechanism like that described in issue #38. OpenDS Issue Number: 79

Make several significant changes to the OpenDS code base, including: - Narrow down the set of packages that external developers will need to access in order to write a plugin or other type of extension. Hopefully, for most things developers will only need to interact with the following packages (and their sub-packages): * org.opends.server.admin * org.opends.server.api * org.opends.server.config * org.opends.server.protocols.internal * org.opends.server.types * org.opends.server.util - As part of the attempted narrowing of packages that external developers need to access, I have moved the org.opends.server.core.Operation and org.opends.server.protocols.ldap.LDAPException classes to the org.opends.server.types package. I have also created org.opends.server.types.RawAttribute to wrap the org.opends.server.protocols.ldap.LDAPAttribute class, and org.opends.server.types.RawModification to wrap the org.opends.server.protocols.ldap.LDAPModification class. - I have updated the internal operations API to add a few new convenience methods when performing internal operations. - I have updated all of our message strings so that none of them end in periods (except those that end with an ellipsis). This will help us avoid the problem in which we see multiple periods due to embedding one message in another. - I have moved a message file from a synchronizaiton package to the messages package and resolved conflicts with existing message IDs. - I have updated a number of cases in which StaticUtils.stackTraceToSingleLineString() was used in client-facing code to replace those calls with StaticUtils.getExceptionMessage() instead. This should provide a more user-friendly message that will hopefully not reduce our ability to debug problems that may arise. - I have cleaned up some of the code in the org.opends.server.api package so that all of the classes use consistent formatting, and to fix a couple of potential Javadoc problems. - I have moved the build-tools/src directory to src/build-tools to be more consistent with other components of the server. - I have updated the build script so that the xslt task will no longer dump lots of output to the terminal when generating code. I have also gotten rid of warnings about run.classpath not being set properly.

Added the following capabilities to OpenDS: - Index rebuilding capabilities. All indexes including system and attribute indexes can be rebuilt. Each index will be rebuilt by a seperate thread to increase performance. A max number of rebuild threads could be set to limit the resources used by large rebuild jobs. Partial rebuilds of attribute indexes could also be done by specifying the attribute index type after the attribute type (ie. sn.approximate). - Index rebuilding standalone tool. Rebuilding of attribute indexes could be done with the backend online. However, rebuilds including system indexes must be done with the backend offline. - Index rebuilding task. Rebuilding of attribute indexes are done with the backend online. Rebuilds that include system indexes will be performed after bring the backend offline. The user must have index-rebuild privilages to rebuild indexes. - Approxitae indexing capability. The value of the attribute will be normalized using the approximate maching rule of that attribute type. This is used as the key for the index. Approximate indexes are fully supported by the index verify, rebuild, and import jobs. - Fixed bug in build.xml where weave is enabled even if a test.* property is set. - Consolidated some common tool messages. - Consolidated some JE backend methods common to all tools. - Added unit tests for rebuild job and approximate indexes. Fix for issues 35, 39, 40, 41

Fix CLI consistency issues: 1407 1408 1410 1411 1412 1413 1414 1416 1417 1418 1419 1420 1421

Update the LDAPSearch tool so that the "--noop" option works as expected. If it is provided, then the tool will verify that all of the arguments are valid but will not actually attempt any network communication. Fix Contributed By: Ales Novak OpenDS Issue Number: 1014

Update the LDAP client tools so that they provide error messages in a more readable format. They can now generate up to four lines of output in the following order: - A client-side explanation of the problem (if one is available) - The numeric and string representations of the result code (if not SUCCESS) - The server-provided error message /additional info (if present) - The server-provided matched DN (if present) OpenDS Issue Number: 1356

Update the LDAPConnection object and the classes that use it to ensure that it can perform an unbind before closing the connection. OpenDS Issue Number: 1357

Update the argument parser so that it will always treat "-?" as as request to see the usage information. Also, allow short identifiers to be requested using a forward slash in addition to a single dash (e.g., "/?" will be treated the same as "-?"). OpenDS Issue Number: 1345

Fixed spelling error of a debug method (org.opends.server.loggers.debug.DebugLogger.debugCought should be debugCaught).

Update all CDDL headers in source files to remove a typo.

This removes old debug logging framework method calls that are going to be automatically instrumented by AspectJ. Non instrumented debug method calls are updated to use the new debug framework methods. However, the new debug logging framework is not yet active as the Aspects are not weaved in. After this revision, debug logging will be disabled in the server until the new AOP framework is complete. - Removed debugEnter and debugConstructor from all source files. - Removed CLASS_NAME static string for debug purposes. - Removed old debug logging framework. - Added new debug logging frameworking using AOP. - Added AspectJ binary and libraries. - Change all modified files copyrights to include 2007.

Add a new key manager which provides the ability to specify which certificate should be presented based on its alias (aka its nickname). This is used both by server-side code which needs to present a certificate to clients, as well as by client-side code which needs to present a certificate to the server. OpenDS Issue Number: 1292

Update the LDAPSearch class to fix checkstyle errors, and update the RDN class to fix Javadoc warnings.

[Issue 1014] ldapsearch --noop option doesn't work

Update the ldapsearch tool to provide support for using the simple paged results control. OpenDS Issue Number: 1204

Fix a bug in ldapsearch that caused it to write two blank lines between each entry instead of just one. OpenDS Issue Number: 1069

Update the ldapsearch tool to provide a --countEntries option that can be used to count the number of matching entries. The count will be displayed as a comment at the end of the results, and will also be used as the exit code for the tool. This addresses issue #1013. This commit also includes test cases for this issue as well as the use of alternate human-readable names for certain types of controls. These test cases are more applicable to issue #989, but need the --countEntries option for verifying that the LDAP subentries control is working as expected.

Update the LDAPSearch, LDAPModify, LDAPCompare, and LDAPDelete tools to rename the "--controls" argument to "--control", since each instance only allows the user to specify information about a single control. Issue #1009. Update the LDAPSearch, LDAPModify, LDAPCompare, and LDAPDelete tools to allow multiple instances of the "-J"/"--control" argument to specify multiple arbitrary controls. Issue #1010.

Rename the "--saslOptions" argument in many of the LDAP tools to be "--saslOption", since each occurrence only specifies a single option. OpenDS Issue Number: 1008

Make a number of changes to administrative tools provided with OpenDS. These are all made under the umbrella of issue #994, but there are individual issues for each change. - Issue #979 -- Re-order LDAP tool arguments When displaying usage information for many of the LDAP tools (e.g., ldapsearch, ldapmodify, etc.), the arguments were not provided in any kind of logical grouping. This has been corrected so that the arguments are listed in a more logical ordering. - Issue #983 -- Add tool description to argument parser When displaying usage information for administrative tools, it now includes a small summary of what the tool does at the top of the argument list. - Issue #984 -- Make tool usage more compact Previously, the tool usage included a blank line between each argument, which made the usage information seem too verbose, especially for tools like ldapsearch with a lot of arguments. This extra space has been removed. Also, many of the argument descriptions have been rewritten in an attempt to avoid requiring multiple lines. - Issue #985 -- Wrap long output in administrative tools when appropriate Update most of the output for the administrative tools so that it is easier to read on 80-column displays. This primarily impacts error message, and cases in which the format of the output is important (e.g., LDIF output from ldapsearch) no changes were made. - Issue #986 -- Eliminate hard-coded strings in tools Some of the tools had hard-coded strings used for error and warning messages. They have been replaced with localizeable output from the messages files. - Issue #990 -- LDAP tools don't use trust store password The LDAP tools didn't provide any mechanism for specifying the PIN needed to access the contents of an SSL trust store. Some types of trust stores may require a PIN to access them, so it is now possible to either directly specify the PIN or to provide the path to a PIN file. - Issue #991 -- Disconnect when running stop-ds shouldn't be an error When using the stop-ds script, if the server began shutting down before it returned a response to the client, the client would provide an error message making it sound like something went wrong. The output has now been updated to indicate that the server is likely in the course of shutting down. - Issue #992 -- Tool usage should include the tool name rather than the class When displaying usage information for the administrative tools, the fully-qualified class name for the Java class was displayed, where the name of the shell script or batch file would have been more useful.

Update the server and tools to use the correct encoding for the proxied authorization v2 control. The encoding was based on a pre-RFC draft that wrapped the authorization ID in an ASN.1 octet string, but the official specification in RFC 4370 does not include this wrapper. This change removes the wrapper from the value. OpenDS Issue Number: 600

Update the LDAP client tools to avoid explicit calls to System.err instead of using the defined print stream for error messages.

Update many of the command-line tools to make them more suitable for using programatically. This includes adding an option to bypass the Directory Server initialization (which is necessary if the server is already running in the same JVM as the tool), as well as making it possible to redefine standard output and standard error (e.g., so that the output can be parsed or discarded). This also includes a SASL PLAIN test case that makes use of the LDAPSearch tool to verify that PLAIN authentication works over LDAP as well as through the internal interfaces. OpenDS Issue Numbers: 652, 653

Update a number of the client-side tools provided with OpenDS to ensure that they use consistently incrementing message IDs for requests sent to the server. In at least one case, it was possible for the same message ID to be used by the client for two consecutive requests, which could trigger a race condition that caused the server to refuse the second request. Note that the underlying race condition still exists in the Directory Server and will need to be addressed through a separate set of changes. Reviwed By: David Page OpenDS Issue Number: 614

Initial public commit of OpenDS Directory Server source code.