Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/389/ticket/42 https://bugzilla.redhat.com/show_bug.cgi?id=705222 {{{ The aci on cn=monitor references an attribute named "connection" - the aci code warns because this attribute is not in the schema. The effect is that the aci code ignores the aci. }}}
see upstream ticket for steps to verify
This should be the expected results: [1] ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" connection dn: cn=monitor [2] ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" aci dn: cn=monitor [3] ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" version dn: cn=monitor version: 389-Directory/1.2.10.rc1.git0ac8d3a B2012.025.2145
[root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" connection dn: cn=monitor [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" aci dn: cn=monitor [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" version dn: cn=monitor version: 389-Directory/1.2.10.2 B2012.124.1435 [root@dhcp201-194 /]# 1. -->> Why this one blank line appended in all the results??
LDIF usually ends with a single blank line - in LDIF an empty line denotes the end of an entry or change record.
Added a test case for trac42 (bug 788753) -- -- M acl/search.sh Cleared the NEEDINFO flag.
Marking the bug as VERIFIED. [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" connection dn: cn=monitor [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" aci dn: cn=monitor [root@dhcp201-194 /]# ldapsearch -LLLx -h localhost -p 389 -s base -b "cn=monitor" version dn: cn=monitor version: 389-Directory/1.2.10.2 B2012.124.1435
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: do an anonymous search on cn=monitor, and request the "connection" attribute, which should be denied by the default aci Consequence: "connection" is returned Fix: Still process the aci even though the attribute is not in the schema Result: do not display "connection" if an aci denies access to it
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0813.html