389-ds-base

Clone
Source Code
GIT

#551 Multivalued rootdn-days-allowed in RootDN Access Control plugin always results in access control violation
Closed: wontfix None Opened 11 years ago by mreynolds.

Closed: wontfix
Reopen Issue

Description of problem:
RootDN Access Control plugin allows to configure additional restrictions for root account. Attribute rootdn-days-allowed specifies, on which days is RootDN allowed to bind. However, if rootdn-days-allowed has multiple values, root can never bind - attempt will always fail on access control violation.

Steps to Reproduce:

[jrusnack@rhel-63-ds ~]$ ldapsearch -h localhost -p 22222 -D "cn=directory manager" -w Secret123 -b "cn=RootDN Access Control,cn=plugins,cn=config " -LL
version: 1

dn: cn=RootDN Access Control,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: RootDN Access Control
nsslapd-pluginPath: librootdn-access-plugin.so
nsslapd-pluginInitfunc: rootdn_init
nsslapd-pluginType: internalpreoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: Root DN Access Control
nsslapd-pluginVersion: 1.2.11.15
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: Root DN Access Control plugin
rootdn-open-time: 0800
rootdn-close-time: 1800
rootdn-days-allowed: Sat, Wed
rootdn-days-allowed: Mon, Thu

[jrusnack@rhel-63-ds ~]$ /usr/lib64/dirsrv/slapd-dstet/restart-slapd
[jrusnack@rhel-63-ds ~]$ ldapsearch -h localhost -p 22222 -D "cn=directory manager" -w Secret123 -b "cn=RootDN Access Control,cn=plugins,cn=config " -LL
ldap_bind: Server is unwilling to perform (53)
additional info: RootDN access control violation
[jrusnack@rhel-63-ds ~]$ date
Thu Jan 10 12:09:47 EST 2013

[jrusnack@rhel-63-ds ~]$ rpm -qa 389*
389-ds-base-libs-1.2.11.15-9.el6.x86_64
389-ds-base-1.2.11.15-9.el6.x86_64

git merge ticket551
Updating 00349f6..4569c95
Fast-forward
ldap/ldif/template-dse.ldif.in | 2 +-
ldap/schema/01core389.ldif | 12 +++++++++++-
ldap/servers/slapd/dse.c | 28 ++++++++++++++++++++--------
3 files changed, 32 insertions(+), 10 deletions(-)

[mareynol@localhost ds]$ git push origin master
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.66 KiB, done.
Total 10 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
00349f6..4569c95 master -> master

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.1
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/551

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
ack
QE
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.