We want to be able to have non-DM manage replication agreements. As part of the cleanallruv process it is recommended that the replica being deleted be put into read-only mode.
We delegate permissions for managing replication so need to create an aci granting write permission to nsslapd-readonly. To do this it needs to be added to the schema
We want to add an aci like:
aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)
It fails with:
Invalid syntax: targetattr "nsslapd-readonly" does not exist in schema. Please add attributeTypes "nsslapd-readonly" to schema if necessary.
see also ticket#42
This is really a schema problem, unless we can think of some clever way to skip schema/syntax checking in the aci code when the attribute is defined via extensibleObject in the cn=config tree.
attachment 0001-Ticket-429-Add-nsslapd-readonly-to-schema.patch
git merge ticket429 Updating 819910d..fb54b67 Fast-forward ldap/schema/01core389.ldif | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)
git push origin master Counting objects: 9, done. Delta compression using up to 4 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (5/5), 542 bytes, done. Total 5 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 819910d..fb54b67 master -> master
reopening so I can clone it
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=852087
Added initial screened field value.
Metadata Update from @rmeggins: - Issue assigned to rmeggins - Issue set to the milestone: 1.2.11.11
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/429
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.