Bug 453756

Summary: Plugins - ability to control behavior of modifyTimestamp/modifiersName
Product: [Retired] 389 Reporter: Andrey Ivanov <andrey.ivanov>
Component: Server - PluginsAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: high    
Version: 1.1.2CC: benl, nkinder
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.11-0.1.a1.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-04 23:21:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 495079, 512820, 690319    

Description Andrey Ivanov 2008-07-02 12:32:17 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

Description of problem:
It would be a nice feature (for example, some additional functions in the plug-in API) that the plugins could execute internal modification operations without changing the operational attributes (modifiersName, modifyTimestamp etc).

It would greatly simplify the management of an LDAP infrastructure in case there are many admins and unit managers - one could see right away who was the last person to change the entry. Today in our production environment we have to write and stock full audit logs to follow these changes.

The problem is that each time an internal plug-in modifies the entry (in particular it concerns the referential integrity and memberOf plugins in our production environment) the modifiersName is changed to the plug-in configuration DN (and the attribute modifyTimestamp accordingly).

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. Make a modification that concerns a plug-in like memberOf or referential integrity.


Actual Results:
Take a look at the attributes modifiersName and modifyTimestamp. Even if we have not DIRECTLY changed the entry we will find these attributes changed. Example :

nscpentryWSI: creatorsName: uid=andrey.ivanov,ou=person...
nscpentryWSI: modifiersName: cn=MemberOf,cn=plugins,cn=config
nscpentryWSI: createTimestamp: 20070803092138Z
nscpentryWSI: modifyTimestamp: 20080419154554Z


Expected Results:
An option should allow to avoid touching the modifiersName and modifyTimestamp by internal plug-in modification operations.

Additional info:
This is not a bug, it is a feature request. It is linked in a certain way to the bug 434914.
Comment 1 Rich Megginson 2009-04-09 17:28:04 UTC 
See also bug 249327 and bug 305131 which are somewhat related
Comment 3 Martin Kosek 2012-01-04 13:43:30 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/111
Comment 4 Nathan Kinder 2013-03-04 23:21:18 UTC 
This was fixed in 389-ds-base-1.2.11-0.1.a1.fc17.  Closing.