From 95780900edac514e060d5289b8b0e476aa517dbf Mon Sep 17 00:00:00 2001
From: Gaetan Boismal <gaetan.boismal@forgerock.com>
Date: Fri, 20 Jun 2014 12:49:48 +0000
Subject: [PATCH] OPENDJ-1351 (CR-3814) Require a privilege needed for searching cn=changelog * config.ldiff ** Add the 'changelog-read' value to the 'ds-default-root-privilege-name' multi-valued attribute * GlobalConfiguration.xml RootDNConfiguration.xml ADSContext.java Privilege.java RootPrivilegeChangeListener.java ** Add the 'changelog-read' privilege where is was needed * GlobalCfgDefn.properties RootDNCfgDefn.properties ** Add 'changelog-read' privilege definition * replication.properties replication_fr.properties ** Add messages to prevent user that he needs to have the 'changelog-read' privilege if he wants to search on changelog * ECLSearchOperation.java ** Add a check to verify that the current connection has the 'changelog-read' privilege before starting the changelog search * ExternalChangeLogTest.java ** Unit test which ensure that is not possible to perform a changelog search without the 'changelog-read' privilege 

---
 opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
index 8657a5b..4e880f1 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
@@ -23,7 +23,7 @@
   !
   !
   !      Copyright 2007-2010 Sun Microsystems, Inc.
-  !      Portions Copyright 2011 ForgeRock AS
+  !      Portions Copyright 2014 ForgeRock AS
   ! -->
 <adm:managed-object name="root-dn" plural-name="root-dns"
   package="org.opends.server.admin.std"
@@ -77,6 +77,7 @@
         <adm:value>privilege-change</adm:value>
         <adm:value>unindexed-search</adm:value>
         <adm:value>subentry-write</adm:value>
+        <adm:value>changelog-read</adm:value>
       </adm:defined>
     </adm:default-behavior>
     <adm:syntax>
@@ -217,6 +218,11 @@
             operations.
           </adm:synopsis>
         </adm:value>
+        <adm:value name="changelog-read">
+          <adm:synopsis>
+            Allows the user to perform read operations on the changelog
+          </adm:synopsis>
+        </adm:value>
       </adm:enumeration>
     </adm:syntax>
     <adm:profile name="ldap">

--
Gitblit v1.10.0