389-ds-base

Clone
Source Code
GIT

#92 RFE: add exception to removal of attributes in cn=config for aci
Closed: wontfix None Opened 12 years ago by mkosek.

Closed: wontfix
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=566320

Description of problem:

It is not possible to do an online deletion of an attribute from cn=config
(probably a good thing).

It would be nice to be able to have an exception that acis can be removed
online.

Version-Release number of selected component (if applicable):

389-ds-base-1.2.3-1.fc12.x86_64

batch update to FUTURE milestone

set default ticket origin to Community

Added initial screened field value.

The functionality is already supported.
How to set up aci to allow to delete:
{{{
1. add 'aci' to nsslapd-allowed-to-delete-attrs in cn=config like this:
cn=config
nsslapd-allowed-to-delete-attrs: nsslapd-securelistenhost aci
2. restart the server
}}}

Test steps:
{{{
Here's the sample aci's set to cn=config:
$ ldapsearch ... -b "cn=config" -s base aci
dn: cn=config
aci:: KHRhcmdldGF0dHI9KikodmVyc2lvbiAzLjA7IGFjbCAiYWNsMSI7IGFsbG93KHdyaXRlKSB1c2VyZG4gPSAibGRhcDovLy9zZWxmIjspIA==
aci: (targetattr=)(version 3.0; acl "acl2"; allow(write) groupdn = "ldap:///cn=Directory Administrators, dc=example,dc=com";)
aci: (targetattr=)(version 3.0; acl "acl3"; allow(read, search, compare) userdn = "ldap:///anyone";)

This ldapdelete eliminates the specified aci:
$ ldapdelete ... << EOF
dn: cn=config
changetype: modify
delete: aci
aci: (targetattr=*)(version 3.0; acl "acl2"; allow(write) groupdn = "ldap:///cn=Directory Administrators, dc=example,dc=com";)
EOF

$ ldapsearch ... -b "cn=config" -s base aci
dn: cn=config
aci:: KHRhcmdldGF0dHI9KikodmVyc2lvbiAzLjA7IGFjbCAiYWNsMSI7IGFsbG93KHdyaXRlKSB1c2VyZG4gPSAibGRhcDovLy9zZWxmIjspIA==
aci: (targetattr=*)(version 3.0; acl "acl3"; allow(read, search, compare) userdn = "ldap:///anyone";)

This ldapdelete eliminates the all aci's:
$ ldapdelete ... << EOF
dn: cn=config
changetype: modify
delete: aci
EOF

$ ldapsearch ... -b "cn=config" -s base aci
dn: cn=config
$
}}}

Metadata Update from @nhosoi:
- Issue set to the milestone: 1.3.0.rc1
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/92

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Invalid)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
major
Needs Review
IPA
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.