https://bugzilla.redhat.com/show_bug.cgi?id=602456 https://bugzilla.redhat.com/attachment.cgi?id=453248&action=diff https://bugzilla.redhat.com/attachment.cgi?id=453248&action=edit Description: 1. Originally, configuration attributes are designed not to allow adding or deleting, but to allow just replacing. Due to a defect in checking the add operation, adding (LDAP_MOD_ADD) is not rejected. Instead of fixing the add checking to disallow adding, this patch logs the operation in the error log. 2. On the other hand, deleting configuration attributes is rejected by LDAP_UNWILLING_TO_PERFORM. We have a request that some attributes need to allow to delete. This patch introduces a config attribute nsslapd-allowed-to-delete-attrs, which value is configuration attributes separated by a space ' '. If an attribute is in the list, the attribute is allowed to delete. The delete operation is also logged in the error log. Files: ldap/servers/slapd/configdse.c ldap/servers/slapd/libglobs.c ldap/servers/slapd/proto-slap.h ldap/servers/slapd/slap.h Thanks, --noriko
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
