Bug 453756 - Plugins - ability to control behavior of modifyTimestamp/modifiersName
Plugins - ability to control behavior of modifyTimestamp/modifiersName
Product: 389
Classification: Community
Component: Server - Plugins (Show other bugs)
All Linux
high Severity low
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
Depends On:
Blocks: 389_1.3.0 512820 690319
  Show dependency treegraph
Reported: 2008-07-02 08:32 EDT by Andrey Ivanov
Modified: 2015-01-04 18:33 EST (History)
2 users (show)

See Also:
Fixed In Version: 389-ds-base-1.2.11-0.1.a1.fc17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-03-04 18:21:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrey Ivanov 2008-07-02 08:32:17 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

Description of problem:
It would be a nice feature (for example, some additional functions in the plug-in API) that the plugins could execute internal modification operations without changing the operational attributes (modifiersName, modifyTimestamp etc).

It would greatly simplify the management of an LDAP infrastructure in case there are many admins and unit managers - one could see right away who was the last person to change the entry. Today in our production environment we have to write and stock full audit logs to follow these changes.

The problem is that each time an internal plug-in modifies the entry (in particular it concerns the referential integrity and memberOf plugins in our production environment) the modifiersName is changed to the plug-in configuration DN (and the attribute modifyTimestamp accordingly).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Make a modification that concerns a plug-in like memberOf or referential integrity.

Actual Results:
Take a look at the attributes modifiersName and modifyTimestamp. Even if we have not DIRECTLY changed the entry we will find these attributes changed. Example :

nscpentryWSI: creatorsName: uid=andrey.ivanov,ou=person...
nscpentryWSI: modifiersName: cn=MemberOf,cn=plugins,cn=config
nscpentryWSI: createTimestamp: 20070803092138Z
nscpentryWSI: modifyTimestamp: 20080419154554Z

Expected Results:
An option should allow to avoid touching the modifiersName and modifyTimestamp by internal plug-in modification operations.

Additional info:
This is not a bug, it is a feature request. It is linked in a certain way to the bug 434914.
Comment 1 Rich Megginson 2009-04-09 13:28:04 EDT
See also bug 249327 and bug 305131 which are somewhat related
Comment 3 Martin Kosek 2012-01-04 08:43:30 EST
Upstream ticket:
Comment 4 Nathan Kinder 2013-03-04 18:21:18 EST
This was fixed in 389-ds-base-1.2.11-0.1.a1.fc17.  Closing.

Note You need to log in before you can comment on or make changes to this bug.