directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject [apacheds]ACI support classes never consider "attributeValue" in ACIItem
Date Wed, 19 Oct 2005 04:39:03 GMT

Within the package nothing checks to see if the 
"attributeValue" field in a protectedItem is adhered too.  For this 
reason permission checks are failing.  Let me give you an example that I 
have in a testcase:

I have the following ACIItem:

  identificationTag "searchAci"
  precedence 14
  authenticationLevel none,
  itemOrUserFirst userFirst:
    userClasses { allUsers },
         protectedItems {entry, attributeType { ou }, allAttributeValues 
{ objectClass }, attributeValue { ou=0, ou=1, ou=2 } }, grantsAndDenials 
{ grantRead, grantReturnDN, grantBrowse } }

This should only allow the return of ou values that are "0", "1" and "2" 
and not allow the return of other ou values in a search.  However it's 
not doing that.  Nothing in the support pkg seems to test to see if the 
value is equal to any of these values.

Could you advise on what's happening?


View raw message