Bug Description:  The install would fail under these two conditions:

                   [1]  You do not specfiy a secure port, even if not using TLS
                   [2]  The suffix has a space after a comma.

Fix Description:  If the secure port is not specified set it to the default,
                  and normalize the suffix DN

https://pagure.io/389-ds-base/issue/50165

Reviewed by: ?

Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status

Bug Description:
	scripts that create online import and export tasks do not define a Time To Life of the tasks.
	As a consequence the task entry is cleared 2min (default value) after task completion.
	This is too rapid and some admin scripts may miss the final task status.

Fix Description:
	The fix is to keep the entry of completed online import and export tasks for 1 day.
	It also allows defines a default TTL to 1h (instead of 2min)

https://pagure.io/389-ds-base/issue/50177

Reviewed by: Mark Reynolds

Platforms tested: F27

Flag Day: no

Doc impact: no

Bug Description:
	When deleting a specific value of a single valued attribute,
	the deleted value can be erronously resurrected.

Fix Description:
	This second fix is a rewrite of entry state resolution.
	The original function (resolve_attribute_state_single_valued) implemented
	a main algorythm but it was heavily merged with resolution of specific cases.
	It was too difficult to make the function understandable and preserving
	the handling of the specific cases.
	The risk of that rewrite fix is that I can not guarantee it fully covers
	the set of specific cases

https://pagure.io/389-ds-base/issue/49658

Reviewed by: William Brown (Thanks !!)

Platforms tested: F27

Flag Day: no

Doc impact: no

Bug Description:
	During lookup of the virtual attribute table (filter evaluation and returned attribute)
	the lock is acquired many times in read. For example it is acquired for each targetfilter aci and for
	each evaluated entry.
	Unfortunately RW lock is expensive and appears frequently on pstacks.
	The lock exists because the table can be updated but update is very rare (addition of a new service provider).
	So it slows down general proceeding for exceptional events.

Fix Description:
	The fix is to acquire/release the read lock at the operation level and set a per-cpu flag, so that later lookup
	would just check the flag.

https://pagure.io/389-ds-base/issue/49873

Reviewed by: Ludwig Krispenz, William Brown (thanks !!)

Platforms tested: F27

Flag Day: no

Doc impact: no

Description:  Currently if you set passwordinhistory 1, it checks the last
              recorded password and the current password.  To get it to just
              check the current password we need to allow "0" in passwordinhistory.
              Then only check the current password, and not the entry's
              passwordHistory attributes (if any).

              Also added new "rebind" function to Accounts class to "rebind"
              on the current connection.

https://pagure.io/389-ds-base/issue/50155

Reviewed by: firstyear & spichugi (Thanks!!)

Bug Description: We need a generic way to add/replace/delete on
objects, that is not ldif. Ldif is wildly inaccessible and hard
to use.

Fix Description: Add a "modify" generic to cli_base, that is
used by user. It supports a syntax of:

modify <selector> <add|replace|delete>:<attr>:<value>

An example is:

... user modify demo_user add:objectclass:nsMemberOf

These can have many modifications in a single transaction:

user modify demo_user add:objectclass:nsMemberOf add:description:test

https://pagure.io/389-ds-base/issue/50151

Author: William Brown <william@blackhats.net.au>

Review by: spichugi, mreynolds, lkrispen (Thanks!)

Bug Description:  When doing a modrdn, or any memberOf update, if the entry
                  already has the memberOf attribute with the same value
                  the operation is incorrectly rejected.

Fix Description:  If we get an error 20 (type or value exists) return success.

                  Also fixed a coding mistake that causes the wrong error
                  code to be returned.  This also required fixing the CI
                  test to check for the new correct errro code.

https://pagure.io/389-ds-base/issue/50236

Reviewed by:  firstyear, spichugi, and tbordaz (Thanks!!!)

Bug Description:  Under certain conditions (found under IPA) when a backend
                  transaction plugin fails and causes a modrdn operation to
                  fail the entry cache no longer contains the original/pre
                  entry, but instead it has the post modrdn'ed entry with
                  the original entry's ID

Fix Description:  Upon failure, if the post entry is in the cache, then swap
                  it out with the original entry.

https://pagure.io/389-ds-base/issue/50238

Reviewed by: firstyear, spichugi, & tboardaz (Thanks!!!)

Description:  Implement database tab in ReactJS.

https://pagure.io/389-ds-base/issue/50215

Reviewed by: spichugi & firstyear (Thanks!!)

Bug: If the RUV entry hasa  smaller entryid than the suffix entry it will be
	exported before the suffix. If that ldif is used for import the RUV entry
	is skipped and a new one generated with a different database generation

Fix: Before exporting the RUV check that the suffix is alread exported, if not
	make the RUV entry pending and write it after all othere entries

Reviewed by: tbordaz, wbrown. Thanks

Bug: if in a onelevel search the IDList for the parentid is smaller than the filter
	threshold and smaller than the list generated by the search filter
	then the intersection is aborted and all children are returned.

Fix: In the above case we need to set the flag that the filter evaluation
	cannot be bypassed

Reviewed by: William, Thierry. Thanks

Description:  The default timeout of 10 minutes is just too long.
              Change default to 2 minutes.

https://pagure.io/389-ds-base/issue/50273

Reviewed by: tbordaz(Thanks!)

(cherry picked from commit a703d101)

Description: Add the functionality for
account-policy, attr-uniq, automember, dna, linked-attr,
managed-entries, memberof, pass-through-auth, refer-init,
retro-changelog, root-dn, usn commands.
Make DSLdapObject create an entry with only DN and attributes
(cases when RDN is not specified).
Fix two small typos in pwpolicy CLI's arguments.
Port test for DNA plugin.

https://pagure.io/389-ds-base/issue/50041

Reviewed by: wibrown, mreynolds, mhonek (Thanks!)

(cherry picked from commit 46e28cb4)

Bug Description:  If a nested backend txn plugin fails, any updates
                  it made that went into the entry cache still persist
                  after the database transaction is aborted.

Fix Description:  In order to be sure the entry cache is not corrupted
                  after a backend txn plugin failure we need to flush
                  all the cache entries that were added to the cache
                  after the parent operation was started.

                  To do this we record the start time the original operation,
                  (or parent operation), and we record the time any entry
                  is added to the cache.  Then on failure we do a comparision
                  and remove the entry from the cache if it's not in use.
                  If it is in use we add a "invalid" flag which triggers
                  the entry to be removed when the cache entry is returned
                  by the owner.

https://pagure.io/389-ds-base/issue/50260

CI tested and ASAN approved.

Reviewed by: firstyear, tbordaz, and lkrispen (Thanks!!!)

(cherry picked from commit 7ba8a80c)

Bug Description:
	The previous fix was incomplete.
	It created the thread private counter before the fork.
	The deamon process was not inheriting it.

	There is a possiblity that an callback of an internal search
	tries to update the map. (cos thread monitoring cos definition)
	In such case the RW lock was first acquired in read at the top level
	of the internal search, then later the callback try to acquire it in write.
	this created a deadlock

	It stored in in private counter a value (int) rather than the address of
	of the value (int*).

Fix Description:
	The fix consists to create the thread private counter after the deamon creation.
	In adding, when acquiring the lock in write, if the lock was already acquired
	at the top level (in read), it release the lock and reset the counter. Then acquires
	the lock in write.
	In the opposite when releasing the lock in read, if the lock was not already acquired
	it assumes it was acquired in write and do nothing

https://pagure.io/389-ds-base/issue/49873

Reviewed by: Mark Reynolds, William Brown (thanks !!)

Platforms tested: F30

Flag Day: no

Doc impact: no

Bug Description:
	When automember and memberof are enabled, if a user is member of a group
	because of an automember rule. Then when the group is deleted,
	memberof updates the member (to update 'memberof' attribute) that
	trigger automember to reevaluate the automember rule and add the member
	to the group. But at this time the group is already deleted.
	Chaining back the failure up to the top level operation the deletion
	of the group fails

Fix Description:
	The fix consists to check that if a automember rule tries to add a user
	in a group, then to check that the group exists before updating it.

https://pagure.io/389-ds-base/issue/50282

Reviewed by: Mark Reynolds, William Brown

Platforms tested: F29

Flag Day: no

Doc impact: no

Description:  Although we have set the new postop processing on by
              default in the template-dse.ldif, we do not want to
              enable it by default for upgrades (only new installs).

              So if the attribute is not set, it is assumed "off".

https://pagure.io/389-ds-base/issue/50077

Reviewed by: firstyear(Thanks!)

(cherry picked from commit d318d060)

Bug Description:
	When a failure occurs during betxn_post plugin callback, the betxn_post plugins are called again.
	This is to process some kind of undo action (for example usn or dna that manage counters).

	If MEP plugin is called for a managing entry, it deletes the managed entry (that become a tombstone).
	If later an other betxn_postop fails, then MEP is called again.
	But as it does not detect the operation failure (for DEL and ADD), then it tries again
	to delete the managed entry that is already a tombstone.

Fix Description:
	The MEP betxn_post plugin callbacks (ADD and DEL) should catch the operation failure
	and return.
	It is already in place for MODRDN and MOD.

https://pagure.io/389-ds-base/issue/49561

Reviewed by: Mark Reynold, thanks !!

Platforms tested: F28

Flag Day: no

Doc impact: no

Description:  The original version of the fix only checked if backend
              transaction "post" operation plugins failed, but it did
              not check for errors from the backend transaction "pre"
              operation plugin.  To address this we flush invalid
              entries whenever any error occurs.

              We were also not flushing invalid cache entries when
              modrdn errors occurred.  Modrdns only make changes to
              the DN hashtable inside the entry cache, but we were only
              checking the ID hashtable.  So we also need to check the
              DN hashtable in the entry cache for invalid entries.

https://pagure.io/389-ds-base/issue/50260

Reviewed by: firstyear & tbordaz(Thanks!!)

(cherry picked from commit 33fbced2)

Bug: if the local system time is set back more than 300 seconds
	a worning about too much time skew is logged and the sampled
	time is updated. This adjustment is done at every write operation
	and can increase the time skew and be logged infinitely

Fix: the intention of the adjustment was to avoid a roll over of seq_num
	if the sampled time is not increased for more than 65k oberations.
	But this is already handled with an explicite check for seq_num
	rollover. The extra adjustment for negative time skew can be removed.

Reviewed by: Thierry, William. Thanks.

Description:  We were allocating a pblock long before it was used, and
              we were returning from the function on an error before we
              freed it.  The fix just allocates the pblock right before
              it's used, and then it is properly freed.

https://pagure.io/389-ds-base/issue/50300

Reviewed by: mreynolds (one line commit rule)

(cherry picked from commit 37f919a7)

Description:

Fixed these issues:

- https://bugzilla.redhat.com/show_bug.cgi?id=1664621 - backup freezes when no suffix present

- https://bugzilla.redhat.com/show_bug.cgi?id=1685395 - Perform Backup fails when Backend Name is not configured

- https://bugzilla.redhat.com/show_bug.cgi?id=1688587 - typo when restarting instance

- https://bugzilla.redhat.com/show_bug.cgi?id=1688775 - db tree breaks when suffix contains spaces.

- https://bugzilla.redhat.com/show_bug.cgi?id=1688919 - backups fail with empty name

Also fixed issue where if you start an instance in UI the configuration is correctly loaded.

https://pagure.io/389-ds-base/issue/50289

Reviewed by: spichugi(Thanks!)

Description: Fix 'All plugins' tab rendering issue.
Fix nsds5replicalastinitstatus typo.
Fix generic_object_add logic for cases when RDN is in props and BaseDN is supplied.
Add Posix Winsync API plugin
Add PAM PTA plugin
Fix underscore issues in plugin arguments.
Fix Linked Attribute plugin Fixup task arguments and name.
Change a 'print()' function to a 'log.info()' function.

https://pagure.io/389-ds-base/issue/50292

Reviewed by: mreynolds, wibrown (Thanks!)

Bug Description:
	SSL initialization does internal searches that access the vattr_global_lock
	Thread private counter needs to be initialized by that time.
	Currently it is initialized after SSL init.

	Second problem was a leak of one 'int' per worker. It was used to keep the private counter.

Fix Description:
	Call of vattr_global_lock_create needs to be called before slapd_do_all_nss_ssl_init.
	Also, 'main' may or may not fork, the initialization fo the thread private variable
	is done either on the child or parent depending if main forks or not.

	The leak is fixed using a destructor callback of the private variable and so
	call PR_SetThreadPrivate only if there is no private variable.

https://pagure.io/389-ds-base/issue/49873

Reviewed by: Mark Reynolds, Simon Pichugi (thanks)

Platforms tested: F28

Flag Day: no

Doc impact: no

Ticket foo

Description:  Fixed two memory leaks:

    - If a worker thread had multiple binds the "bind dn"
      thread data was leaked.
    - Memory leak when processing changes in the changelog

https://pagure.io/389-ds-base/issue/50308

Reviewed by: firstyear(Thanks!)

(cherry picked from commit 6c2bb66f)

Description;  Turns out the previous commit did not address
              the changelog leak, and it introduced a compiler
              warning.  This part of the fix is being reverted.

https://pagure.io/389-ds-base/issue/50308
(cherry picked from commit 1808f317)