Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-725

Access control permission Import is only meaningful for prescriptive ACI

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • pre-1.0, 1.0-RC1, 1.0-RC2, 1.0-RC3, 1.0-RC4, 1.5.0
    • 1.0-RC4, 1.5.0
    • None
    • None

    Description

      As stated in X.501 L.4:

      "If granted, allows entries, including all subordinates, to be relocated at the designated location in the DIT
      in a ModifyDN operation. Import is only meaningful as prescriptive ACI."

      However our current implementation considers also entry ACIs that includes Import permissions.

      Here is a code snippet from our implementation:

      Collection destTuples = new HashSet();
      addPerscriptiveAciTuples( proxy, destTuples, oriChildName, entry );
      addEntryAciTuples( destTuples, entry );
      addSubentryAciTuples( proxy, destTuples, oriChildName, entry );
      engine.checkPermission( proxy, userGroups, userName, principal.getAuthenticationLevel(), oriChildName, null,
      null, IMPORT_PERMS, tuples, entry );

      The line
      addEntryAciTuples( destTuples, entry );
      needs to be removed in from the relevant code parts.

      Attachments

        Activity

          People

            ersiner Ersin Er
            ersiner Ersin Er
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: