Bug 852087 - [RFE] add attribute nsslapd-readonly so we can reference it in acis
[RFE] add attribute nsslapd-readonly so we can reference it in acis
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Rich Megginson
Sankar Ramalingam
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2012-08-27 11:10 EDT by Rich Megginson
Modified: 2013-02-21 03:20 EST (History)
4 users (show)

See Also:
Fixed In Version: 389-ds-base-
Doc Type: Enhancement
Doc Text:
Feature: Schema Reason: Unable to setup access control for this attribute Result (if any): Allowed to set up an aci for this attribute.
Story Points: ---
Clone Of:
Last Closed: 2013-02-21 03:20:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rich Megginson 2012-08-27 11:10:55 EDT
This bug is created as a clone of upstream ticket:

We want to be able to have non-DM manage replication agreements. As part of the cleanallruv process it is recommended that the replica being deleted be put into read-only mode.

We delegate permissions for managing replication so need to create an aci granting write permission to nsslapd-readonly. To do this it needs to be added to the schema

We want to add an aci like:

aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)

It fails with:

Invalid syntax: targetattr "nsslapd-readonly" does not exist in schema. Please add attributeTypes "nsslapd-readonly" to schema if necessary.
Comment 2 Ján Rusnačko 2012-10-24 04:27:17 EDT
[jrusnack@dstet dstet]$ grep "nsslapd-readonly" /etc/dirsrv/slapd-dstet/schema/*
/etc/dirsrv/slapd-dstet/schema/01core389.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'Netscape defined attribute type' SYNTAX SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
[jrusnack@dstet dstet]$ rpm -qa | grep 389

Comment 3 errata-xmlrpc 2013-02-21 03:20:32 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.