-
Type:
Bug
-
Status: Done
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 6.5.2, 7.0.0
-
Component/s: documentation
-
Labels:
-
Epic Link:
-
Story Points:0.5
-
Support Ticket IDs:
DS 6.5 admin guide has:
https://backstage.forgerock.com/docs/ds/6.5/admin-guide/#read-ecl-as-regular-user
To Allow a User to Read the Change Log For a user to read the changelog, the user must have access to read, search, and compare changelog attributes, might have access to use the control to read the external changelog, and must have the changelog-read privilege.
Additionally, the user may also need access to read changelog-related attributes in the root DSE (e.g. IDM 6.5 requires this for liveSync to work, if not using "cn=directory manager"):
ds-cfg-global-aci: (target="ldap:///")(targetscope="base")(targetattr="changeLog||firstChangeNumber||lastchangenumber")(version 3.0; acl "Root DSE changelog attrs for livesyncuser"; allow (read) userdn="ldap:///uid=livesyncuser,dc=example,dc=com";)