Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6065

Backport OPENDJ-6039: AM Config Store Profile doesn't have enough access in ProductionMode when upgrading AM.

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0
    • Fix Version/s: 6.5.1
    • Component/s: setup
    • Labels:
      None
    • Story Points:
      0.5

      Description

      When DS is installed as an AM Configuration Store with Production Mode active, AM is not able to run an upgrade. See OPENAM-14333.

      During upgrade, AM tries to read the SubSchemaSubentry operational attribute to access the schema, but there is no ACI that grants access to operational attributes.

      A simple fix would be to allow the AM config Admin to read, update all operational attributes, in effect, in the profile base-entries.ldif file, replacing:

      aci: (targetattr="*")(version 3.0;acl "Allow CRUDQ operations";
 allow (search, read, write, add, delete)
 (userdn = "ldap:///uid=am-config,ou=admins,&{AM_CONFIG_BASE_DN}");)

      With:

      aci: (targetattr="*||+")(version 3.0;acl "Allow CRUDQ operations";
 allow (search, read, write, add, delete)
 (userdn = "ldap:///uid=am-config,ou=admins,&{AM_CONFIG_BASE_DN}");)

        Attachments

          Issue Links

          is a backport of

          Bug - A problem which impairs or prevents the functions of the product. OPENDJ-6039 AM Config Store Profile doesn't have enough access in ProductionMode when upgrading AM.

          • Major - Major loss of function.
          • Done

            Activity

              People

              • Assignee:
                cjr Chris Ridd
                Reporter:
                cjr Chris Ridd
                Dev Assignee:
                Chris Ridd
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: