Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 646707

Summary: [RFE] Add ACI support for ldapi
Product: [Retired] 389 Reporter: Anthony Messina <amessina>
Component: Security - Access Control (ACL)Assignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.2.6CC: benl, jgalipea, mreynolds, nkinder
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.2.0-1.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-18 19:37:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 512820, 690319    

Description Anthony Messina 2010-10-26 01:01:55 UTC
Based on the two following threads, please add support to create ACIs for ldapi socket connections.  Apparently, support does not exist at this time.

http://lists.fedoraproject.org/pipermail/389-users/2010-July/011765.html
http://lists.fedoraproject.org/pipermail/389-users/2010-October/012367.html

This is a feature request.  Thanks.

Comment 2 Martin Kosek 2012-01-04 13:30:11 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/77

Comment 3 mreynolds 2013-04-09 16:33:48 UTC
This has been pushed to 1.3.2

commit 579fcf46d3205406618692bd87359a2d3c79b8d4

The fix consists of extending the authmethod keyword to accept "ldapi":

(targetattr = "*") (version 3.0;acl "ldapi";allow (all)
(userdn = "ldap:///anyone" and authmethod = "ldapi");)

Comment 4 Nathan Kinder 2013-12-18 19:37:35 UTC
This was fixed in 389-ds-base-1.3.2.0-1.fc20.