Red Hat Bugzilla – Bug 453756
Plugins - ability to control behavior of modifyTimestamp/modifiersName
Last modified: 2015-01-04 18:33:12 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Description of problem:
It would be a nice feature (for example, some additional functions in the plug-in API) that the plugins could execute internal modification operations without changing the operational attributes (modifiersName, modifyTimestamp etc).
It would greatly simplify the management of an LDAP infrastructure in case there are many admins and unit managers - one could see right away who was the last person to change the entry. Today in our production environment we have to write and stock full audit logs to follow these changes.
The problem is that each time an internal plug-in modifies the entry (in particular it concerns the referential integrity and memberOf plugins in our production environment) the modifiersName is changed to the plug-in configuration DN (and the attribute modifyTimestamp accordingly).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Make a modification that concerns a plug-in like memberOf or referential integrity.
Take a look at the attributes modifiersName and modifyTimestamp. Even if we have not DIRECTLY changed the entry we will find these attributes changed. Example :
nscpentryWSI: creatorsName: uid=andrey.ivanov,ou=person...
nscpentryWSI: modifiersName: cn=MemberOf,cn=plugins,cn=config
nscpentryWSI: createTimestamp: 20070803092138Z
nscpentryWSI: modifyTimestamp: 20080419154554Z
An option should allow to avoid touching the modifiersName and modifyTimestamp by internal plug-in modification operations.
This is not a bug, it is a feature request. It is linked in a certain way to the bug 434914.
See also bug 249327 and bug 305131 which are somewhat related
This was fixed in 389-ds-base-1.2.11-0.1.a1.fc17. Closing.