Found with 6.5.0
In our tests for proxy/dj in production mode, we check that we can use pre-read action when a user is authenticated.
With a simple DJ in production mode:
./DJ_PROD1/opendj/bin/ldapmodify -h ig-linux.internal.forgerock.com -p 1411 -D "cn=myself" -w password --preReadAttributes description --useStartTLS -X dn: uid=user.0,ou=people,dc=example,dc=com changetype: modify replace: description description: binary form of 73 is 1001001 which is the age of user.0 # MODIFY operation successful for DN uid=user.0,ou=people,dc=example,dc=com # Target entry before the operation: dn: uid=user.0,ou=People,dc=example,dc=com description: This is the description for Aaccf Amar.
With a Proxy in production mode in front of a DJ in production mode:
/PROXY1/opendj/bin/ldapmodify -h nameserver.example.com -p 1391 -D "uid=data admin,dc=example,dc=com" -w '$up3r$tr0ng' --preReadAttributes description --useStartTLS -X dn: uid=user.0,ou=people,dc=example,dc=com changetype: modify replace: description description: binary form of 73 is 1001001 which is the age of user.0 # MODIFY operation successful for DN uid=user.0,ou=people,dc=example,dc=com #
Is there something missing in ACIs?
See test:
./run-pybot.py -n -v -s proxy_group.ProductionMode -t Authenticated_User_Can_Request_Pre_Read opendj