Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-2534

Add FR transaction ID control OID to global-aci

    XMLWordPrintable

Details

    • Improvement
    • Status: Done
    • Major
    • Resolution: Fixed
    • 3.0.0
    • 3.0.0
    • core server
    • None

    Description

      With ForgeRock Common Audit, client applications communicate a ForgeRock transaction ID over LDAP by using the TransactionID request control with OID 1.3.6.1.4.1.36733.2.1.5.1.

      It would be nice to have this OID in the global-aci for "Anonymous control access".

      The upside is that it makes it easier to transmit transaction IDs to OpenDJ. You don't have to remember to allow access to this control, which is in a com.forgerock package and so only documented in code.

      One downside is that any client could send a FR transaction ID request control. If the advanced global parameter to trust transaction IDs has been set, and the global-aci is not edited for production use, this could lead to common audit event handlers trusting arbitrary IDs sent by clients.

      Attachments

        Activity

          People

            Mark Mark Craig
            Mark Mark Craig
            Mark Craig Mark Craig
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: