Bug 788753
| Summary: | aci on cn=monitor warning about connection attribute | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Rich Megginson <rmeggins> |
| Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.3 | CC: | amsharma, jgalipea, mreynolds, nhosoi |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 389-ds-base-1.2.10.0-1.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: do an anonymous search on cn=monitor, and request the "connection" attribute, which should be denied by the default aci
Consequence: "connection" is returned
Fix: Still process the aci even though the attribute is not in the schema
Result: do not display "connection" if an aci denies access to it
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 07:14:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Rich Megginson
2012-02-08 23:07:37 UTC
see upstream ticket for steps to verify This should be the expected results: [1] ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" connection dn: cn=monitor [2] ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" aci dn: cn=monitor [3] ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" version dn: cn=monitor version: 389-Directory/1.2.10.rc1.git0ac8d3a B2012.025.2145 [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" connection dn: cn=monitor [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" aci dn: cn=monitor [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" version dn: cn=monitor version: 389-Directory/1.2.10.2 B2012.124.1435 [root@dhcp201-194 /]# 1. -->> Why this one blank line appended in all the results?? LDIF usually ends with a single blank line - in LDIF an empty line denotes the end of an entry or change record. Added a test case for trac42 (bug 788753) -- -- M acl/search.sh Cleared the NEEDINFO flag. Marking the bug as VERIFIED. [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" connection dn: cn=monitor [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" aci dn: cn=monitor [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" version dn: cn=monitor version: 389-Directory/1.2.10.2 B2012.124.1435
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: do an anonymous search on cn=monitor, and request the "connection" attribute, which should be denied by the default aci
Consequence: "connection" is returned
Fix: Still process the aci even though the attribute is not in the schema
Result: do not display "connection" if an aci denies access to it
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0813.html |