https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245369 Resolves: bug 245369 Bug Description: mod_admserv: Task cache refresh uses wrong credentials Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: When the user requests a Task url, the admin server firstfigures out which server instance (or product) the request is for, then checks
to see if it has seen that server or product before. If not, it uses the function sync_task_sie_data() to read the task data from the SIEs and ISIEs. However, it needs to use the credentials of the currently authenticated userto do so, because the tasks are protected by ACIs, and the user should only be
allowed to read those tasks the user has access to. The interface to read these tasks is not great. It expects the SIE is a user with a password, andit attempts to bind as that user, instead of the currently authenticated user.
I had to hack it to force it to use the current userdn and password instead of the SIE DN and SIE password. The SIE DN and password are now deprecated for binding. There were a couple of places where the SIE was used for both the bind DN and the SIE DN. I'vecreated another structure member for the admservSieDN for use as the SIE (the configuration base DN) instead of as a bind DN, and deprecated the use of the
SIE as the bind DN elsewhere in the code. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157632&action=diff
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
