Bug 893986
Summary: | Multivalued rootdn-days-allowed in RootDN Access Control plugin always results in access control violation | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ján Rusnačko <jrusnack> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Sankar Ramalingam <sramling> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | 7.0 | CC: | amsharma, arubin, jgalipea, mreynolds, nhosoi, nkinder, vashirov |
Target Milestone: | rc | ||
Target Release: | 7.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.3.1.2-1.el7 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Adding multiple rootdn-days-allowed attributes to the root dn access control plugin
Consequence: Access is always denied, regardless of the day.
Fix: Update schema definitions to properly set the expected syntax.
Result: The root dn access plugin enforces proper configuration.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 09:52:40 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ján Rusnačko
2013-01-10 13:01:02 UTC
Created ticket: https://fedorahosted.org/389/ticket/551 Committed upstream to 1.3.1 commit hash: 4569c95e91282a57b4b4a0a27f783cbea7bb0f59 moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata). When the errata is created, the bugs should be automatically moved back to ON_QA. dn: cn=RootDN Access Control,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: RootDN Access Control nsslapd-pluginPath: librootdn-access-plugin.so nsslapd-pluginInitfunc: rootdn_init nsslapd-pluginType: internalpreoperation nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginId: Root DN Access Control nsslapd-pluginVersion: 1.2.11.15 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: Root DN Access Control plugin rootdn-open-time: 0800 rootdn-close-time: 1800 rootdn-days-allowed: Sat, Wed rootdn-days-allowed: Mon, Thu /usr/lib64/dirsrv/slapd-dhcp201-149/start-slapd Nov 07 14:23:32 dhcp201-149.englab.pnq.redhat.com ns-slapd[31921]: [07/Nov/2013:14:23:32 +051800] - Entry "cn=RootDN Access Control,cn=plugins,cn=config" single-valued attribute "rootdn-days-allowed" has multiple values Nov 07 14:23:32 dhcp201-149.englab.pnq.redhat.com ns-slapd[31921]: [07/Nov/2013:14:23:32 +051800] dse - Could not load config file [dse.ldif] Nov 07 14:23:32 dhcp201-149.englab.pnq.redhat.com ns-slapd[31921]: [07/Nov/2013:14:23:32 +051800] dse - Please edit the file to correct the reported problems and then restart the server. ================================================================================ dn: cn=RootDN Access Control,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: RootDN Access Control nsslapd-pluginPath: librootdn-access-plugin.so nsslapd-pluginInitfunc: rootdn_init nsslapd-pluginType: internalpreoperation nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginId: RootDN Access Control nsslapd-pluginVersion: 1.3.1.6 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: RootDN Access Control plugin rootdn-open-time: 0800 rootdn-close-time: 1800 rootdn-days-allowed: Sat, Wed, Mon, Thu [root@dhcp201-149 yum.repos.d]# /usr/lib64/dirsrv/slapd-dhcp201-149/start-slapd Instance started successfully. Hence Verified. rootdn-days-allowed: Sat, Wed, Mon, Thu [root@dhcp201-149 ~]# ldapsearch -h localhost -p 389 -D "cn=directory manager" -w Secret123 -b "cn=RootDN Access Control,cn=plugins,cn=config " -LL ldap_bind: Server is unwilling to perform (53) additional info: RootDN access control violation [root@dhcp201-149 ~]# date Fri Jan 31 11:37:34 IST 2014 ========================================================================= [root@dhcp201-149 ~]# vim /etc/dirsrv/slapd-dhcp201-149/dse.ldif [root@dhcp201-149 ~]# /usr/lib64/dirsrv/slapd-dhcp201-149/start-slapd [root@dhcp201-149 ~]# ldapsearch -h localhost -p 389 -D "cn=directory manager" -w Secret123 -b "cn=RootDN Access Control,cn=plugins,cn=config " -LL version: 1 dn: cn=RootDN Access Control,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: rootDNPluginConfig cn: RootDN Access Control nsslapd-pluginPath: librootdn-access-plugin.so nsslapd-pluginInitfunc: rootdn_init nsslapd-pluginType: internalpreoperation nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginId: RootDN Access Control nsslapd-pluginVersion: 1.3.1.6 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: RootDN Access Control plugin rootdn-open-time: 0800 rootdn-close-time: 1800 rootdn-days-allowed: Sat, Wed, Mon, Fri This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |