sanderw / freeipa

Forked from freeipa 5 years ago
Clone
Source Code
GIT

f6a651d Allow anonymous access to parentID attribute

1 file Authored by abbra 5 years ago, Committed by frenaud 5 years ago,
raw patch tree parent
1 file changed. 4 lines added. 0 lines removed.
install/updates/20-aci.update
file modified
+4 -0 
    Allow anonymous access to parentID attribute
    
    Due to optimizations in 389-ds performed as result of
    https://pagure.io/389-ds-base/issue/49372, LDAP search filter
    is rewritten to include parentID information. It implies that parentID
    has to be readable for a bound identity performing the search. This is
    what 389-ds expects right now but FreeIPA DS instance does not allow it.
    
    As result, searches with a one-level scope fail to return results that
    otherwise are matched in a sub scope search.
    
    While 389-ds developers are working on the fix for issue
    https://pagure.io/389-ds-base/issue/49617, we can fix it by adding an
    explicit ACI to allow reading parentID attribute at the suffix level.
    
    Fixes: https://pagure.io/freeipa/issue/7466
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
file modified
+4 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.