First Last Prev Next    This bug is not in your last search results.
Bug 49389 - allow new ACL after "access to attrs=userPassword,krb5Key,sambaNTPassword,sambaLMPassword,..." ACL
allow new ACL after "access to attrs=userPassword,krb5Key,sambaNTPassword,sam...
Status: CLOSED DUPLICATE of bug 49390
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-0-errata
Assigned To: Florian Best
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-29 16:00 CEST by Felix Botner
Modified: 2019-05-27 13:21 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2019-04-29 16:00:19 CEST 
in 60univention-ldap-server_acl-slave we need something like (after the "access to attrs=userPassword,krb5Key,sambaNTPassword,sambaLMPassword,..." ACL)

 if configRegistry['ldap/hostdn']:
        print '   by dn.base="%s" read' % configRegistry['ldap/hostdn']
 @!@   by * none

+access to attrs=entry,objectClass
+   by * read break
+
+
 @!@
Comment 1 Florian Best univentionstaff 2019-05-07 13:37:36 CEST 
We should find out what the sense of this rule is. this allows everybody to read every object (but only the object class without further attributes).

Please check if this is still necessary, it could be legacy code for the ldap-bind-proxy-service. 

As well here, instead of adding exceptions to our file a new file 59foo can be defined with the following content:

access to attrs=entry,objectClass
   by * read break
Comment 2 Florian Best univentionstaff 2019-05-07 13:41:57 CEST 

*** This bug has been marked as a duplicate of bug 49390 ***
First Last Prev Next    This bug is not in your last search results.