Ticket 47553: Enhance ACIs to have more control over MODRDN operations
Bug Description:
This is enhancement of the access control related to the MODDN/MODRDN operation.
We need the ability to specify a 'source tree' and a 'destination tree' where MODDN/MODRDN
are allowed/denied.
It is a requirement that 'source' and 'destination' targets can be specified in the same ACI.
Fix Description:
Please refer to http://directory.fedoraproject.org/wiki/Access_control_on_trees_specified_in_MODDN_operation.
Mainly:
- parse new aci syntax
- support of new 'moddn' right in aci
- Check 'moddn' right in ldbm_back_modrdn
- filter source/destination when looking for matching ressources
- support of 'moddn' rights in GER control
- new nsslapd-moddn-aci compatibility config flag
- aci logging summary (display source/destination)
- Skip readonly backend
https://fedorahosted.org/389/ticket/47553
Reviewed by: Rich Megginson (Big thanks Rich !!)
Platforms tested: F17
Flag Day: no
Doc impact: yes