Bug 852087 - [RFE] add attribute nsslapd-readonly so we can reference it in acis
[RFE] add attribute nsslapd-readonly so we can reference it in acis
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
6.4
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Rich Megginson
Sankar Ramalingam
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-27 11:10 EDT by Rich Megginson
Modified: 2013-02-21 03:20 EST (History)
4 users (show)

See Also:
Fixed In Version: 389-ds-base-1.2.11.12-1.el6
Doc Type: Enhancement
Doc Text:
Feature: Schema Reason: Unable to setup access control for this attribute Result (if any): Allowed to set up an aci for this attribute.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 03:20:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rich Megginson 2012-08-27 11:10:55 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/429

We want to be able to have non-DM manage replication agreements. As part of the cleanallruv process it is recommended that the replica being deleted be put into read-only mode.

We delegate permissions for managing replication so need to create an aci granting write permission to nsslapd-readonly. To do this it needs to be added to the schema

We want to add an aci like:

aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)


It fails with:

Invalid syntax: targetattr "nsslapd-readonly" does not exist in schema. Please add attributeTypes "nsslapd-readonly" to schema if necessary.
Comment 2 Ján Rusnačko 2012-10-24 04:27:17 EDT
[jrusnack@dstet dstet]$ grep "nsslapd-readonly" /etc/dirsrv/slapd-dstet/schema/*
/etc/dirsrv/slapd-dstet/schema/01core389.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
[jrusnack@dstet dstet]$ rpm -qa | grep 389
389-ds-base-1.2.11.15-2.el6.x86_64

Verified.
Comment 3 errata-xmlrpc 2013-02-21 03:20:32 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0503.html

Note You need to log in before you can comment on or make changes to this bug.