Bug 852087 - [RFE] add attribute nsslapd-readonly so we can reference it in acis
Summary: [RFE] add attribute nsslapd-readonly so we can reference it in acis
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: Sankar Ramalingam
Depends On:
TreeView+ depends on / blocked
Reported: 2012-08-27 15:10 UTC by Rich Megginson
Modified: 2013-02-21 08:20 UTC (History)
4 users (show)

Fixed In Version: 389-ds-base-
Doc Type: Enhancement
Doc Text:
Feature: Schema Reason: Unable to setup access control for this attribute Result (if any): Allowed to set up an aci for this attribute.
Clone Of:
Last Closed: 2013-02-21 08:20:32 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0503 normal SHIPPED_LIVE Moderate: 389-ds-base security, bug fix, and enhancement update 2013-02-21 08:18:44 UTC

Description Rich Megginson 2012-08-27 15:10:55 UTC
This bug is created as a clone of upstream ticket:

We want to be able to have non-DM manage replication agreements. As part of the cleanallruv process it is recommended that the replica being deleted be put into read-only mode.

We delegate permissions for managing replication so need to create an aci granting write permission to nsslapd-readonly. To do this it needs to be added to the schema

We want to add an aci like:

aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)

It fails with:

Invalid syntax: targetattr "nsslapd-readonly" does not exist in schema. Please add attributeTypes "nsslapd-readonly" to schema if necessary.

Comment 2 Ján Rusnačko 2012-10-24 08:27:17 UTC
[jrusnack@dstet dstet]$ grep "nsslapd-readonly" /etc/dirsrv/slapd-dstet/schema/*
/etc/dirsrv/slapd-dstet/schema/01core389.ldif:attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'Netscape defined attribute type' SYNTAX SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
[jrusnack@dstet dstet]$ rpm -qa | grep 389


Comment 3 errata-xmlrpc 2013-02-21 08:20:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.