Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-257

[Access Control] Autonomous areas for AC must not overlap

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Trivial
    • Resolution: Unresolved
    • Affects Version/s: 1.0.2, 1.5.0
    • Fix Version/s: 2.1.0
    • Component/s: core
    • Labels:
      None

      Description

      Presently the subentry subsystem associates entries with all selecting subentries regardless of autonomous area demarcations. What this means is AAA's can overlap. When the AP of an accessControlSpecificArea is the decendent of the AP of another accessControlSpecificArea those areas should not intersect such that the subentries of the first area do not effect entries of the second area. This is not the case. The subentry subsystem associates entries with effecting subentires without checking to see if those subentries are in a different AAA in these configurations where an AAA is under another AAA.

      We need to track all AP of AAA's within the system. Before associating an entry with an AP's subentries checks should be made to determine under which AAA the entry resides. Only those subentries associated with that AAA should be associated with the entry.

        Attachments

          Activity

            People

            • Assignee:
              akarasulu Alex Karasulu
              Reporter:
              akarasulu Alex Karasulu
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: