https://bugzilla.redhat.com/show_bug.cgi?id=566320
Description of problem: It is not possible to do an online deletion of an attribute from cn=config (probably a good thing). It would be nice to be able to have an exception that acis can be removed online. Version-Release number of selected component (if applicable): 389-ds-base-1.2.3-1.fc12.x86_64
batch update to FUTURE milestone
set default ticket origin to Community
Added initial screened field value.
The functionality is already supported. How to set up aci to allow to delete: {{{ 1. add 'aci' to nsslapd-allowed-to-delete-attrs in cn=config like this: cn=config nsslapd-allowed-to-delete-attrs: nsslapd-securelistenhost aci 2. restart the server }}}
Test steps: {{{ Here's the sample aci's set to cn=config: $ ldapsearch ... -b "cn=config" -s base aci dn: cn=config aci:: KHRhcmdldGF0dHI9KikodmVyc2lvbiAzLjA7IGFjbCAiYWNsMSI7IGFsbG93KHdyaXRlKSB1c2VyZG4gPSAibGRhcDovLy9zZWxmIjspIA== aci: (targetattr=)(version 3.0; acl "acl2"; allow(write) groupdn = "ldap:///cn=Directory Administrators, dc=example,dc=com";) aci: (targetattr=)(version 3.0; acl "acl3"; allow(read, search, compare) userdn = "ldap:///anyone";)
This ldapdelete eliminates the specified aci: $ ldapdelete ... << EOF dn: cn=config changetype: modify delete: aci aci: (targetattr=*)(version 3.0; acl "acl2"; allow(write) groupdn = "ldap:///cn=Directory Administrators, dc=example,dc=com";) EOF
$ ldapsearch ... -b "cn=config" -s base aci dn: cn=config aci:: KHRhcmdldGF0dHI9KikodmVyc2lvbiAzLjA7IGFjbCAiYWNsMSI7IGFsbG93KHdyaXRlKSB1c2VyZG4gPSAibGRhcDovLy9zZWxmIjspIA== aci: (targetattr=*)(version 3.0; acl "acl3"; allow(read, search, compare) userdn = "ldap:///anyone";)
This ldapdelete eliminates the all aci's: $ ldapdelete ... << EOF dn: cn=config changetype: modify delete: aci EOF
$ ldapsearch ... -b "cn=config" -s base aci dn: cn=config $ }}}
Metadata Update from @nhosoi: - Issue set to the milestone: 1.3.0.rc1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/92
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.