[389-devel] Please review (take 2): [Bug 602456] Allow to add any cn=config attributes; allow to delete some cn=config attributes
Noriko Hosoi
nhosoi at redhat.com
Wed Oct 13 18:38:22 UTC 2010
https://bugzilla.redhat.com/show_bug.cgi?id=602456
https://bugzilla.redhat.com/attachment.cgi?id=453261&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=453261&action=edit
Thanks to Nathan for his review on the first proposal. I'm adding this
change following Rich's suggestion.
Following the suggestion by Rich, adding "nsslapd-securelistenhost" to the
default nsslapd-allowed-to-delete-attrs list.
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 6b58dde..a7cc1bc 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1013,6 +1013,8 @@ FrontendConfig_init () {
cfg->entryusn_global = LDAP_OFF;
slapi_ch_array_add(&(cfg->allowed_to_delete_attrs),
slapi_ch_strdup("nsslapd-listenhost"));
+ slapi_ch_array_add(&(cfg->allowed_to_delete_attrs),
+ slapi_ch_strdup("nsslapd-securelistenhost"));
#ifdef MEMPOOL_EXPERIMENTAL
cfg->mempool_switch = LDAP_ON;
> Description:
> 1. Originally, configuration attributes are designed not to allow
> adding or deleting, but to allow just replacing. Due to a defect
> in checking the add operation, adding (LDAP_MOD_ADD) is not rejected.
> Instead of fixing the add checking to disallow adding, this patch
> logs the operation in the error log.
> 2. On the other hand, deleting configuration attributes is rejected
> by LDAP_UNWILLING_TO_PERFORM. We have a request that some attributes
> need to allow to delete. This patch introduces a config attribute
> nsslapd-allowed-to-delete-attrs, which value is configuration
> attributes separated by a space ' '. If an attribute is in the list,
> the attribute is allowed to delete. The delete operation is also
> logged in the error log.
By default, the list contains "nsslapd-listenhost" and
"nsslapd-securelistenhost".
> Files:
> ldap/servers/slapd/configdse.c
> ldap/servers/slapd/libglobs.c
> ldap/servers/slapd/proto-slap.h
> ldap/servers/slapd/slap.h
>
>
> Thanks,
> --noriko
>
>
> --
> 389-devel mailing list
> 389-devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-devel/attachments/20101013/9dc29322/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6646 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-devel/attachments/20101013/9dc29322/attachment-0001.bin
More information about the 389-devel
mailing list