389-ds-base

Clone
Source Code
GIT

#552 Adding rootdn-open-time without rootdn-close-time to RootDN Acess Control results in inconsistent configuration
Closed: wontfix None Opened 11 years ago by mreynolds.

Closed: wontfix
Reopen Issue

Description of problem:
RootDN Access Control plugin allows to configure additional restrictions for root account. Attributes rootdn-open-time and rootdn-close-time specify time of day when rootDN can bind. Specifying one without another is meaningless. Despite this DS allows to specify just one of these.

Version-Release number of selected component (if applicable):
389-ds-base-1.2.11.15-9.el6.x86_64

Steps to Reproduce:
[jrusnack@rhel-63-ds dstet]$ ldapsearch -h localhost -p 22222 -D "cn=directory manager" -w Secret123 -b "cn=RootDN Access Control,cn=plugins,cn=config " -LL
version: 1

dn: cn=RootDN Access Control,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: RootDN Access Control
nsslapd-pluginPath: librootdn-access-plugin.so
nsslapd-pluginInitfunc: rootdn_init
nsslapd-pluginType: internalpreoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: Root DN Access Control
nsslapd-pluginVersion: 1.2.11.15
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: Root DN Access Control plugin

[jrusnack@rhel-63-ds dstet]$ ldapmodify -h localhost -p 22222 -D "cn=Directory manager" -w Secret123 -v <<EOF
dn: cn=RootDN Access Control,cn=plugins,cn=config
changetype: modify
add: rootdn-open-time
rootdn-open-time: 0800
EOF
ldap_initialize( ldap://localhost:22222 )
add rootdn-open-time:
0800
modifying entry "cn=RootDN Access Control,cn=plugins,cn=config"
modify complete

[jrusnack@rhel-63-ds dstet]$ /usr/lib64/dirsrv/slapd-dstet/restart-slapd
[10/Jan/2013:09:10:06 -0500] rootdn-access-control-plugin - rootdn_load_config: there must be a open and a close time
[10/Jan/2013:09:10:06 -0500] rootdn-access-control-plugin - rootdn_start: unable to load plug-in configuration
[10/Jan/2013:09:10:06 -0500] - Init function "rootdn_init" for "RootDN Access Control" plugin in library "librootdn-access-plugin.so" failed
[10/Jan/2013:09:10:06 -0500] - Unable to load plugin "cn=RootDN Access Control,cn=plugins,cn=config"

Expected results:
DS should refuse operation that results in inconsistent configuration.

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=894015 (''Red Hat Enterprise Linux 6'')

Thanks for the review Rich!

git merge ticket552
Updating 3d212a5..00349f6
Fast-forward
ldap/servers/plugins/rootdn_access/rootdn_access.c | 11 ++++++-----
ldap/servers/plugins/rootdn_access/rootdn_access.h | 10 ++++------
2 files changed, 10 insertions(+), 11 deletions(-)

[mareynol@localhost ds]$ git push origin master
Counting objects: 15, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 1.03 KiB, done.
Total 8 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
3d212a5..00349f6 master -> master

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.1
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/552

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
ack
QE
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.