Enhancement #2757
Flexible "what" clause in enforceAccessDirective()
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-directory | |||
| Target version: | v6.5 | |||
| Resolution: | NEEDINFO: | No |
Description
In NethServer::Directory Perl module, the enforceAccessDirective() method allows setting ACL per attribute (attrs= form) or on everything (*).
From slapd.access manual:
dn[.<dnstyle>]=<dnpattern>
filter=<ldapfilter>
attrs=<attrlist>[ val[/matchingRule][.<attrstyle>]=<attrval>]
Allow also dn and filter forms.
Associated revisions
NethServer::Directory (enforceAccessDirective): $field argument is now a full WHAT clause. Refs #2757
The old $field argument is now interpreted as a full WHAT clause. Only
the presence of an equal sign (=) triggers the old behaviour: "attrs="
is prepended.
Refer to slapd.access documentation for WHAT clause syntax.
Fix previous commit if WHAT is "*". Refs #2757
Directory (enforceAccessDirective): OLCSUFFIX placeholder. Refs #2757
Some ACLs depends on actual backend olcSuffix attribute. The
placeholder is replaced with the value from the backend dynamically.
History
#1
Updated by Davide Principi about 7 years ago
- Description updated (diff)
#2
Updated by Davide Principi about 7 years ago
We should change the function on $field parsing
Roughly, if $field contains = is a real WHAT field, as described in the manual and must be inserted literally. Otherwise it's an attrlist and must be prepended with attrs=.
#3
Updated by Davide Principi about 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#4
Updated by Davide Principi about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#5
Updated by Davide Principi about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
After upgrade, check script exits cleanly:
# /etc/e-smith/events/actions/nethserver-directory-dit-setup # echo $? 0
And adding a new ACL works:
# perl -MNethServer::Directory -e '$l = NethServer::Directory->new(); $l->enforceAccessDirective("by anonymous read", "dn.exact=\"ou=Phonebook,dc=directory,dc=nh\"");'
# ldapsearch -LLL -Y EXTERNAL -b cn=config olcAccess=* olcAccess
[... check directive is reported...]
#6
Updated by Davide Principi about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:nethserver-directory-2.0.2-9.0gita715ad97.ns6.noarch.rpm
#7
Updated by Davide Principi about 7 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
#8
Updated by Davide Principi about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#9
Updated by Davide Principi about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
#10
Updated by Davide Principi about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-directory-2.0.2-10.0gitc5832af6.ns6.noarch.rpm
#11
Updated by Giacomo Sanchietti about 7 years ago
- Assignee set to Andrea Marchionni
#12
Updated by Andrea Marchionni about 7 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Verified: ok
#13
Updated by Giacomo Sanchietti about 7 years ago
- Assignee deleted (
Andrea Marchionni)
#14
Updated by Giacomo Sanchietti about 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-directory-2.0.3-1.ns6.noarch.rpm