mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: d7b918 | patch | commitdiff
Mark Craig
11.56.2015 73e8c616a2b67f8b6002eae5b7ae34654a2941c5
refs
author Mark Craig <mark.craig@forgerock.com>
Friday, December 11, 2015 13:56 +0100
committer Mark Craig <mark.craig@forgerock.com>
Friday, December 11, 2015 14:57 +0100
commit73e8c616a2b67f8b6002eae5b7ae34654a2941c5
tree 5fe76023e3c7c61efee56986d81bc14e905cf29a tree | zip | gz
parent d7b918ddbbbf1158286f04b7cec14cbd8360e7af view | diff 
OPENDJ-2534 Add FR transaction ID control OID to global-aci

This patch adds the ForgeRock Transaction ID request control OID
to the global-aci for "Anonymous control access".

The intention is to allow transmission of Common Audit transaction IDs
out of the box from LDAP client applications to OpenDJ directory server.

In order to let bind operations transmit the transaction ID,
even anonymous users are granted use of the request control.
This does let any LDAP client send spurious transaction IDs.
Since OpenDJ does not trust transaction IDs by default, however,
the administrator must decide to trust them before they are used.

If we decide not to make this change to the global-aci,
the administrator configuring Common Audit can make the change instead.
The step would need documenting in the procedures for Common Audit,
which are part of a pending PR for opendj-docs.
1 files modified
2 ■■■ changed files
opendj-server-legacy/resource/config/config.ldif 2 ●●● diff | view | raw | blame | history