From 95780900edac514e060d5289b8b0e476aa517dbf Mon Sep 17 00:00:00 2001
From: Gaetan Boismal <gaetan.boismal@forgerock.com>
Date: Fri, 20 Jun 2014 12:49:48 +0000
Subject: [PATCH] OPENDJ-1351 (CR-3814) Require a privilege needed for searching cn=changelog * config.ldiff ** Add the 'changelog-read' value to the 'ds-default-root-privilege-name' multi-valued attribute * GlobalConfiguration.xml RootDNConfiguration.xml ADSContext.java Privilege.java RootPrivilegeChangeListener.java ** Add the 'changelog-read' privilege where is was needed * GlobalCfgDefn.properties RootDNCfgDefn.properties ** Add 'changelog-read' privilege definition * replication.properties replication_fr.properties ** Add messages to prevent user that he needs to have the 'changelog-read' privilege if he wants to search on changelog * ECLSearchOperation.java ** Add a check to verify that the current connection has the 'changelog-read' privilege before starting the changelog search * ExternalChangeLogTest.java ** Unit test which ensure that is not possible to perform a changelog search without the 'changelog-read' privilege 

---
 opends/src/admin/messages/GlobalCfgDefn.properties |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/opends/src/admin/messages/GlobalCfgDefn.properties b/opends/src/admin/messages/GlobalCfgDefn.properties
index 4d326f8..948cb4d 100644
--- a/opends/src/admin/messages/GlobalCfgDefn.properties
+++ b/opends/src/admin/messages/GlobalCfgDefn.properties
@@ -20,6 +20,7 @@
 property.disabled-privilege.syntax.enumeration.value.bypass-acl.synopsis=Allows the associated user to bypass access control checks performed by the server.
 property.disabled-privilege.syntax.enumeration.value.bypass-lockdown.synopsis=Allows the associated user to bypass server lockdown mode.
 property.disabled-privilege.syntax.enumeration.value.cancel-request.synopsis=Allows the user to cancel operations in progress on other client connections.
+property.disabled-privilege.syntax.enumeration.value.changelog-read.synopsis=The privilege that provides the ability to perform read operations on the changelog
 property.disabled-privilege.syntax.enumeration.value.config-read.synopsis=Allows the associated user to read the server configuration.
 property.disabled-privilege.syntax.enumeration.value.config-write.synopsis=Allows the associated user to update the server configuration. The config-read privilege is also required.
 property.disabled-privilege.syntax.enumeration.value.data-sync.synopsis=Allows the user to participate in data synchronization.

--
Gitblit v1.10.0