Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-1014

ACI Example deleteAci apparently wrong in web documents

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.0.2
    • None
    • doc
    • None
    • Web documentation

    Description

      Page http://directory.apache.org/apacheds/1.0/userclasses.html has an example for "Combining Multiple UserClass Specification Mechanisms". The example shows the syntax:
      userClasses
      {
      thisEntry,
      name

      { "uid=jbean,ou=users,ou=system" }

      ,
      name

      { "uid=jdoe,ou=users,ou=system" }

      ,
      userGroup

      { "cn=Administrators,ou=groups,ou=system" }


      },
      I've found that this doesn't work. What appears to work (from my code) is:
      userClasses {
      name

      { "cn=SA,ou=users,dc=mqsoftware,dc=com", "cn=fred,ou=users,dc=mqsoftware,dc=com" }

      },

      The when using the documented syntax, I get the following in the log:
      [12:43:10] ERROR [org.apache.directory.server.core.authz.TupleCache] - ACIItem parser failure on
      'null'
      due to syntax error. Cannnot add ACITuples to TupleCache.
      Check that the syntax of the ACI item is correct.
      Until this error is fixed your security settings will not be as expected.

      java.text.ParseException: Parser failure on ACIItem:
      { identificationTag "userAdminPermissions", precedence 16, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { name

      { "cn=SA,ou=users,dc=mqsoftware,dc=com" }

      , name

      { "cn=fred,ou=users,dc=mqsoftware,dc=com" }

      }, userPermissions { { protectedItems

      { entry, allUserAttributeTypesAndValues }

      , grantsAndDenials

      { grantAdd, grantDiscloseOnError, grantRead, grantRemove, grantBrowse, grantExport, grantImport, grantModify, grantRename, grantReturnDN, grantCompare, grantFilterMatch, grantInvoke }

      } } } }
      Antlr exception trace:
      User Classes cannot be duplicated. Adding duplicate keys is not permitted.

      at org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)

      at org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)

      at org.apache.directory.server.core.authz.AuthorizationService.add(AuthorizationService.java:383)

      at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)

      at org.apache.directory.server.core.referral.ReferralService.add(ReferralService.java:329)

      at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)

      at org.apache.directory.server.core.authn.AuthenticationService.add(AuthenticationService.java:197)

      at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)

      at org.apache.directory.server.core.normalization.NormalizationService.add(NormalizationService.java:103)

      at org.apache.directory.server.core.interceptor.InterceptorChain.add(InterceptorChain.java:706)

      at org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:325)

      at org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:313)

      at org.apache.directory.server.core.jndi.ServerDirContext.createSubcontext(ServerDirContext.java:409)

      Attachments

        Activity

          People

            ersiner Ersin Er
            wdtj Wayne Johnson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: