Univention Bugzilla – Full Text Bug Listing |
Summary: | allow adding "by" clause to monitor ACL | ||
---|---|---|---|
Product: | UCS | Reporter: | Felix Botner <botner> |
Component: | LDAP | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | best |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Feature Request | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | Yes | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Felix Botner
2019-04-29 15:47:59 CEST
We should introcude a UCR variable which allows access for further groups via the set syntax. Patch available in branch fbest/ldap-patches-49386-49391. Please test and reopen for merging. ucr set ldap/monitor/acl/read/groups/foo="cn=Domain Users,cn=groups,$(ucr get ldap/base)". OK, works fine -> ucr set ldap/monitor/acl/read/groups/domusers="cn=Domain Users,cn=groups,dc=four,dc=four" -> univention-ldapsearch -x -D uid=test1,cn=users,dc=four,dc=four -w univention -b cn=Monitor ... univention-ldap (15.0.0-21) 861ecba43398 | Bug #49387: allow further groups via UCR to acceess the cn=monitor backend univention-ldap.yaml 861ecba43398 | Bug #49387: allow further groups via UCR to acceess the cn=monitor backend OK - univention-ldap.yaml OK - ldap/create-ldap-server-policy UCRV description OK - univention-ldap -> univention-ldapsearch -LLL -b 'cn=Monitor' -s sub '*' '+' No such object (32) -> ucr set ldap/monitor/acl/read/groups/backup_hosts='cn=DC Backup Hosts,cn=groups,dc=w2k12,dc=test' -> service slapd restart -> univention-ldapsearch -LLL -b 'cn=Monitor' -s sub '*' '+' dn: cn=Monitor objectClass: monitorServer structuralObjectClass: monitorServer cn: Monitor creatorsName: modifiersName: createTimestamp: 20190628231239Z modifyTimestamp: 20190628231239Z description: This subtree contains monitoring/managing objects. description: This object contains information about this server. description: Most of the information is held in operational attributes, which must be explicitly requested. monitoredInfo: OpenLDAP: slapd (Aug 6 2018 15:28:57) entryDN: cn=Monitor subschemaSubentry: cn=Subschema hasSubordinates: TRUE ... |