Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6893

Document ACI for regular user to access changelog attributes in root DSE

    Details

    • Type: Bug
    • Status: Done
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 6.5.2, 7.0.0
    • Fix Version/s: 6.5.3, 7.0.0
    • Component/s: documentation
    • Labels:
    • Epic Link:
    • Story Points:
      0.5
    • Support Ticket IDs:

      Description

      DS 6.5 admin guide has:

      https://backstage.forgerock.com/docs/ds/6.5/admin-guide/#read-ecl-as-regular-user

       

      To Allow a User to Read the Change Log
      For a user to read the changelog, the user must have access to read, search, and compare changelog attributes, might have access to use the control to read the external changelog, and must have the changelog-read privilege.
      

       

       

      Additionally, the user may also need access to read changelog-related attributes in the root DSE (e.g. IDM 6.5 requires this for liveSync to work, if not using "cn=directory manager"):

      ds-cfg-global-aci: (target="ldap:///")(targetscope="base")(targetattr="changeLog||firstChangeNumber||lastchangenumber")(version 3.0; acl "Root DSE changelog attrs for livesyncuser"; allow (read) userdn="ldap:///uid=livesyncuser,dc=example,dc=com";)

       

        Attachments

          Activity

            People

            • Assignee:
              michal.severin Michal Severin
              Reporter:
              wei-yee.lum Wei-Yee Lum
              Dev Assignee:
              Mark Craig
              QA Assignee:
              Michal Severin
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: