Enhancement #2757
Flexible "what" clause in enforceAccessDirective()
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-directory | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
In NethServer::Directory
Perl module, the enforceAccessDirective()
method allows setting ACL per attribute (attrs=
form) or on everything (*
).
From slapd.access manual:
dn[.<dnstyle>]=<dnpattern> filter=<ldapfilter> attrs=<attrlist>[ val[/matchingRule][.<attrstyle>]=<attrval>]
Allow also dn
and filter
forms.
Associated revisions
NethServer::Directory (enforceAccessDirective): $field argument is now a full WHAT clause. Refs #2757
The old $field argument is now interpreted as a full WHAT clause. Only
the presence of an equal sign (=) triggers the old behaviour: "attrs="
is prepended.
Refer to slapd.access documentation for WHAT clause syntax.
Fix previous commit if WHAT is "*". Refs #2757
Directory (enforceAccessDirective): OLCSUFFIX placeholder. Refs #2757
Some ACLs depends on actual backend olcSuffix attribute. The
placeholder is replaced with the value from the backend dynamically.
History
#1 Updated by Davide Principi about 7 years ago
- Description updated (diff)
#2 Updated by Davide Principi about 7 years ago
We should change the function on $field parsing
Roughly, if $field
contains =
is a real WHAT field, as described in the manual and must be inserted literally. Otherwise it's an attrlist
and must be prepended with attrs=
.
#3 Updated by Davide Principi about 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#4 Updated by Davide Principi about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#5 Updated by Davide Principi about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
After upgrade, check script exits cleanly:
# /etc/e-smith/events/actions/nethserver-directory-dit-setup # echo $? 0
And adding a new ACL works:
# perl -MNethServer::Directory -e '$l = NethServer::Directory->new(); $l->enforceAccessDirective("by anonymous read", "dn.exact=\"ou=Phonebook,dc=directory,dc=nh\"");' # ldapsearch -LLL -Y EXTERNAL -b cn=config olcAccess=* olcAccess [... check directive is reported...]
#6 Updated by Davide Principi about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:nethserver-directory-2.0.2-9.0gita715ad97.ns6.noarch.rpm
#7 Updated by Davide Principi about 7 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
#8 Updated by Davide Principi about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#9 Updated by Davide Principi about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
#10 Updated by Davide Principi about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-directory-2.0.2-10.0gitc5832af6.ns6.noarch.rpm
#11 Updated by Giacomo Sanchietti about 7 years ago
- Assignee set to Andrea Marchionni
#12 Updated by Andrea Marchionni about 7 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Verified: ok
#13 Updated by Giacomo Sanchietti about 7 years ago
- Assignee deleted (
Andrea Marchionni)
#14 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-directory-2.0.3-1.ns6.noarch.rpm