We want to be able to have non-DM manage replication agreements. As part of the cleanallruv process it is recommended that the replica being deleted be put into read-only mode.
We delegate permissions for managing replication so need to create an aci granting write permission to nsslapd-readonly. To do this it needs to be added to the schema
We want to add an aci like:
aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)
It fails with:
Invalid syntax: targetattr "nsslapd-readonly" does not exist in schema. Please add attributeTypes "nsslapd-readonly" to schema if necessary.
see also ticket#42
This is really a schema problem, unless we can think of some clever way to skip schema/syntax checking in the aci code when the attribute is defined via extensibleObject in the cn=config tree.
git merge ticket429
ldap/schema/01core389.ldif | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
git push origin master
Counting objects: 9, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 542 bytes, done.
Total 5 (delta 4), reused 0 (delta 0)
819910d..fb54b67 master -> master
reopening so I can clone it
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=852087
Added initial screened field value.
Metadata Update from @rmeggins:
- Issue assigned to rmeggins
- Issue set to the milestone: 184.108.40.206
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
to comment on this ticket.