[389-devel] Please review: [Bug 602456] Allow to add any cn=config attributes; allow to delete some cn=config attributes
Noriko Hosoi
nhosoi at redhat.com
Wed Oct 13 16:41:07 UTC 2010
https://bugzilla.redhat.com/show_bug.cgi?id=602456
https://bugzilla.redhat.com/attachment.cgi?id=453248&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=453248&action=edit
Description:
1. Originally, configuration attributes are designed not to allow
adding or deleting, but to allow just replacing. Due to a defect
in checking the add operation, adding (LDAP_MOD_ADD) is not rejected.
Instead of fixing the add checking to disallow adding, this patch
logs the operation in the error log.
2. On the other hand, deleting configuration attributes is rejected
by LDAP_UNWILLING_TO_PERFORM. We have a request that some attributes
need to allow to delete. This patch introduces a config attribute
nsslapd-allowed-to-delete-attrs, which value is configuration
attributes separated by a space ' '. If an attribute is in the list,
the attribute is allowed to delete. The delete operation is also
logged in the error log.
Files:
ldap/servers/slapd/configdse.c
ldap/servers/slapd/libglobs.c
ldap/servers/slapd/proto-slap.h
ldap/servers/slapd/slap.h
Thanks,
--noriko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6646 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-devel/attachments/20101013/f9defcbb/attachment.bin
More information about the 389-devel
mailing list