Bug 852087 - [RFE] add attribute nsslapd-readonly so we can reference it in acis
Summary: [RFE] add attribute nsslapd-readonly so we can reference it in acis
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.4
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: Sankar Ramalingam
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-08-27 15:10 UTC by Rich Megginson
Modified: 2013-02-21 08:20 UTC (History)
4 users (show)

Fixed In Version: 389-ds-base-1.2.11.12-1.el6
Doc Type: Enhancement
Doc Text:
Feature: Schema Reason: Unable to setup access control for this attribute Result (if any): Allowed to set up an aci for this attribute.
Clone Of:
Environment:
Last Closed: 2013-02-21 08:20:32 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0503 normal SHIPPED_LIVE Moderate: 389-ds-base security, bug fix, and enhancement update 2013-02-21 08:18:44 UTC

Description Rich Megginson 2012-08-27 15:10:55 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/429

We want to be able to have non-DM manage replication agreements. As part of the cleanallruv process it is recommended that the replica being deleted be put into read-only mode.

We delegate permissions for managing replication so need to create an aci granting write permission to nsslapd-readonly. To do this it needs to be added to the schema

We want to add an aci like:

aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)


It fails with:

Invalid syntax: targetattr "nsslapd-readonly" does not exist in schema. Please add attributeTypes "nsslapd-readonly" to schema if necessary.

Comment 2 Ján Rusnačko 2012-10-24 08:27:17 UTC
[jrusnack@dstet dstet]$ grep "nsslapd-readonly" /etc/dirsrv/slapd-dstet/schema/*
/etc/dirsrv/slapd-dstet/schema/01core389.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
[jrusnack@dstet dstet]$ rpm -qa | grep 389
389-ds-base-1.2.11.15-2.el6.x86_64

Verified.

Comment 3 errata-xmlrpc 2013-02-21 08:20:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0503.html


Note You need to log in before you can comment on or make changes to this bug.