Directory ApacheDS
  1. Directory ApacheDS
  2. DIRSERVER-725

Access control permission Import is only meaningful for prescriptive ACI

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: pre-1.0, 1.0-RC1, 1.0-RC2, 1.0-RC3, 1.0-RC4, 1.5.0
    • Fix Version/s: 1.0-RC4, 1.5.0
    • Component/s: None
    • Labels:
      None

      Description

      As stated in X.501 L.4:

      "If granted, allows entries, including all subordinates, to be relocated at the designated location in the DIT
      in a ModifyDN operation. Import is only meaningful as prescriptive ACI."

      However our current implementation considers also entry ACIs that includes Import permissions.

      Here is a code snippet from our implementation:

      Collection destTuples = new HashSet();
      addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
      addEntryAciTuples( destTuples, entry );
      addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
      engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
      null, IMPORT_PERMS, tuples, entry );

      The line
      addEntryAciTuples( destTuples, entry );
      needs to be removed in from the relevant code parts.

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open In Progress In Progress
        10h 16m 1 Ersin Er 30/Aug/06 07:34
        In Progress In Progress Open Open
        33m 26s 1 Ersin Er 30/Aug/06 08:07
        Open Open Closed Closed
        17s 1 Ersin Er 30/Aug/06 08:08
        Ersin Er made changes -
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Closed [ 6 ]
        Hide
        Ersin Er added a comment -
        Show
        Ersin Er added a comment - Fixed for 1.1 here: http://svn.apache.org/viewvc?rev=438406&view=rev
        Ersin Er made changes -
        Status In Progress [ 3 ] Open [ 1 ]
        Hide
        Ersin Er added a comment -
        Show
        Ersin Er added a comment - Fixed for 1.0 here: http://svn.apache.org/viewvc?rev=438396&view=rev
        Ersin Er made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Ersin Er made changes -
        Field Original Value New Value
        Assignee Ersin Er [ ersiner ]
        Ersin Er created issue -

          People

          • Assignee:
            Ersin Er
            Reporter:
            Ersin Er
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development