Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-23503

Expand localhost exception to include role creation

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.3.3
    • Fix Version/s: 3.3.5
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Epic Link:
    • Sprint:
      Security 12 (04/01/16), Security 13 (04/22/16)

      Description

      In order to support bootstrapping a system with LDAP authorization turned on we need to expand the localhost exception to include role creation for the initial role mapping.

      Once the first role has been created the localhost exception will be disabled (as is the case when creating the first user). In pseudo code:

      exceptionEnabled = (LDAP Authz On && no roles in $external) || an admin user exists
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              spencer.jackson Spencer Jackson
              Reporter:
              andreas.nilsson Andreas Nilsson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: