Bug 453756 - Plugins - ability to control behavior of modifyTimestamp/modifiersName
Summary: Plugins - ability to control behavior of modifyTimestamp/modifiersName
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Server - Plugins   
(Show other bugs)
Version: 1.1.2
Hardware: All Linux
high
low
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 389_1.3.0 512820 690319
TreeView+ depends on / blocked
 
Reported: 2008-07-02 12:32 UTC by Andrey Ivanov
Modified: 2015-01-04 23:33 UTC (History)
2 users (show)

Fixed In Version: 389-ds-base-1.2.11-0.1.a1.fc17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-04 23:21:18 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Andrey Ivanov 2008-07-02 12:32:17 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

Description of problem:
It would be a nice feature (for example, some additional functions in the plug-in API) that the plugins could execute internal modification operations without changing the operational attributes (modifiersName, modifyTimestamp etc).

It would greatly simplify the management of an LDAP infrastructure in case there are many admins and unit managers - one could see right away who was the last person to change the entry. Today in our production environment we have to write and stock full audit logs to follow these changes.

The problem is that each time an internal plug-in modifies the entry (in particular it concerns the referential integrity and memberOf plugins in our production environment) the modifiersName is changed to the plug-in configuration DN (and the attribute modifyTimestamp accordingly).

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. Make a modification that concerns a plug-in like memberOf or referential integrity.


Actual Results:
Take a look at the attributes modifiersName and modifyTimestamp. Even if we have not DIRECTLY changed the entry we will find these attributes changed. Example :

nscpentryWSI: creatorsName: uid=andrey.ivanov,ou=person...
nscpentryWSI: modifiersName: cn=MemberOf,cn=plugins,cn=config
nscpentryWSI: createTimestamp: 20070803092138Z
nscpentryWSI: modifyTimestamp: 20080419154554Z


Expected Results:
An option should allow to avoid touching the modifiersName and modifyTimestamp by internal plug-in modification operations.

Additional info:
This is not a bug, it is a feature request. It is linked in a certain way to the bug 434914.

Comment 1 Rich Megginson 2009-04-09 17:28:04 UTC
See also bug 249327 and bug 305131 which are somewhat related

Comment 3 Martin Kosek 2012-01-04 13:43:30 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/111

Comment 4 Nathan Kinder 2013-03-04 23:21:18 UTC
This was fixed in 389-ds-base-1.2.11-0.1.a1.fc17.  Closing.


Note You need to log in before you can comment on or make changes to this bug.