Description of problem: RootDN Access Control plugin allows to configure additional restrictions for root account. Attributes rootdn-open-time and rootdn-close-time specify time of day when rootDN can bind. Specifying one without another is meaningless. Despite this DS allows to specify just one of these.
Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-9.el6.x86_64
Steps to Reproduce: [jrusnack@rhel-63-ds dstet]$ ldapsearch -h localhost -p 22222 -D "cn=directory manager" -w Secret123 -b "cn=RootDN Access Control,cn=plugins,cn=config " -LL version: 1
dn: cn=RootDN Access Control,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: RootDN Access Control nsslapd-pluginPath: librootdn-access-plugin.so nsslapd-pluginInitfunc: rootdn_init nsslapd-pluginType: internalpreoperation nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginId: Root DN Access Control nsslapd-pluginVersion: 1.2.11.15 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: Root DN Access Control plugin
[jrusnack@rhel-63-ds dstet]$ ldapmodify -h localhost -p 22222 -D "cn=Directory manager" -w Secret123 -v <<EOF dn: cn=RootDN Access Control,cn=plugins,cn=config changetype: modify add: rootdn-open-time rootdn-open-time: 0800 EOF ldap_initialize( ldap://localhost:22222 ) add rootdn-open-time: 0800 modifying entry "cn=RootDN Access Control,cn=plugins,cn=config" modify complete
[jrusnack@rhel-63-ds dstet]$ /usr/lib64/dirsrv/slapd-dstet/restart-slapd [10/Jan/2013:09:10:06 -0500] rootdn-access-control-plugin - rootdn_load_config: there must be a open and a close time [10/Jan/2013:09:10:06 -0500] rootdn-access-control-plugin - rootdn_start: unable to load plug-in configuration [10/Jan/2013:09:10:06 -0500] - Init function "rootdn_init" for "RootDN Access Control" plugin in library "librootdn-access-plugin.so" failed [10/Jan/2013:09:10:06 -0500] - Unable to load plugin "cn=RootDN Access Control,cn=plugins,cn=config"
Expected results: DS should refuse operation that results in inconsistent configuration.
attachment 0001-Ticket-552-Adding-rootdn-open-time-without-rootdn-cl.patch
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=894015 (''Red Hat Enterprise Linux 6'')
Thanks for the review Rich!
git merge ticket552 Updating 3d212a5..00349f6 Fast-forward ldap/servers/plugins/rootdn_access/rootdn_access.c | 11 ++++++----- ldap/servers/plugins/rootdn_access/rootdn_access.h | 10 ++++------ 2 files changed, 10 insertions(+), 11 deletions(-)
[mareynol@localhost ds]$ git push origin master Counting objects: 15, done. Delta compression using up to 4 threads. Compressing objects: 100% (8/8), done. Writing objects: 100% (8/8), 1.03 KiB, done. Total 8 (delta 5), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 3d212a5..00349f6 master -> master
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/552
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.