-
Type:
Task
-
Status: QA Backlog
-
Priority:
Blocker
-
Resolution: Unresolved
-
Affects Version/s: 7.0.0
-
Fix Version/s: 7.0.0
-
Component/s: access control, security, setup, tech-debt
-
Labels:None
-
Epic Link:
-
Story Points:4
While reviewing https://stash.forgerock.org/projects/OPENDJ/repos/opendj/pull-requests/5020 it became clear that many of our existing default ACIs, including those used by profiles, are badly placed (global instead of located with their data), arbitrary (e.g. include pre-read, but not assertion control), duplicate other ACIs (CTS includes ACIs for StartTLS), etc.
This JIRA can be closed once we have reviewed and cleaned up the various ACIs that we provide in a freshly installed server.
- is duplicated by
-
OPENDJ-7284 AM profiles: cts profile in 7 does not come with the minimal ACIs
-
- Done
-
- is related to
-
OPENDJ-7276 Monitor user cannot read monitoring data
-
- Done
-
-
OPENDJ-7355 Provide a "proxied-server" setup profile for servers that sit behind a proxy
-
- QA Backlog
-
-
OPENDJ-7260 Allow controls and extended ops to be specified by aliases in ACIs
-
- QA Backlog
-
- relates to
-
OPENDJ-4109 The ldappasswordmodify command fails when requested through a directory proxy server
-
- Dev backlog
-
-
OPENDJ-6957 Update documentation to clarify access in evaluation profile vs. production
-
- Done
-
-
OPENDJ-7207 Retest the distribution example
-
- Done
-