Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1351

Require a privilege needed for searching cn=changelog

    Details

    • Support Ticket IDs:
    • Sprint:
      Sprint 36

      Description

      We would like to be able to "fail fast" when searching the changelog. Currently this is not possible due to ACI checks only being carried out for search candidates.

      Adding a new privilege required for accessing the changelog would solve this. It would also simplify a number of default global ACI rules.

      This new privilege would be somewhat analogous to the current config-read privilege.

      We may want to also require this privilege when checking for persistent searches as well.

      If we used it for psearches as well as cn=changelog access, "changes-read" might be an appropriate name.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gaetan Gaetan Boismal
                Reporter:
                cjr Chris Ridd
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: