#51222 It should not be allowed to delete Managed Entry manually
Closed: wontfix 2 years ago by spichugi. Opened 2 years ago by spichugi.

Issue Description

It should raise an error when attempting to delete a managed entry.

Package Version and Platform

389-ds-base-1.4.4.4-20200727git9c12300c9.fc32.x86_64

Steps to reproduce

  1. Enable Managed Entries Plugin
  2. Create a managed entry (by following the documentation)
  3. Try to delete the entry

Actual results

Entry is successfully removed

Expected results

Unwilling to perform error should be raised


It looks a good idea. Would it make sense to allow 'cn=directory manager' to delete such entry on direct update ?

Metadata Update from @tbordaz:
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None

2 years ago

Why not have an objectClass that prevents deletes except by cn=directory manager or internal ops, and just automatically add it to entries created by managed entries? That could be re-used in plenty of other cases then I think ...

Why not have an objectClass that prevents deletes except by cn=directory manager or internal ops, and just automatically add it to entries created by managed entries? That could be re-used in plenty of other cases then I think ...

Nice but I think it is a separated rfe (ticket), that indeed could be used by mep plugin in this ticket

A consequence of such value (for example: objectClass: protectedEntry) is that it would be detected at the core server level, so as soon as a betxn plugin adds this value it will loose some control on their entry. If the checking with the current ticket is done by mep, we can imagine that in addition to the failure it could also return a result message explaining the reason of the failure. This is not possible if failure is returned by core server.

It looks a good idea. Would it make sense to allow 'cn=directory manager' to delete such entry on direct update ?

Sounds good. I've added the change to PR:
https://pagure.io/389-ds-base/pull-request/51224

Why not have an objectClass that prevents deletes except by cn=directory manager or internal ops, and just automatically add it to entries created by managed entries? That could be re-used in plenty of other cases then I think ...

Nice but I think it is a separated rfe (ticket), that indeed could be used by mep plugin in this ticket

Agree... It should be a separate issue, I think

2c8e339..594bf91 master -> origin/master
e4d41b9..bf2da9c 389-ds-base-1.4.2 -> 389-ds-base-1.4.2
54cdd73..f7e1b17 389-ds-base-1.4.3 -> 389-ds-base-1.4.3

Metadata Update from @spichugi:
- Issue set to the milestone: 1.4.2

2 years ago

Metadata Update from @spichugi:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1859878

2 years ago

Metadata Update from @spichugi:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/4275

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

2 years ago

Login to comment on this ticket.

Metadata