directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tony Blanchard (JIRA)" <directory-...@incubator.apache.org>
Subject [jira] Created: (DIR-126) ACI problem when using com.sun.jndi.ldap.LdapCtxFactory as the INITIAL_CONTEXT_FACTORY
Date Wed, 01 Feb 2006 11:28:05 GMT
ACI problem when using com.sun.jndi.ldap.LdapCtxFactory as the INITIAL_CONTEXT_FACTORY
--------------------------------------------------------------------------------------

         Key: DIR-126
         URL: http://issues.apache.org/jira/browse/DIR-126
     Project: Directory
        Type: Bug
 Environment: Win XP SP2
JRE1.5_04
    Reporter: Tony Blanchard
 Assigned to: Alex Karasulu 


As mentioned by Gianmaria Clerici, 
the use of com.sun.jndi.ldap.LdapCtxFactory instead of org.apache.ldap.server.jndi.CoreContextFactory
as the INITIAL_CONTEXT_FACTORY makes ACIs not working.

Here is an explanationof the problem I sent on the list :

I have some troubles to add some ACIs on ou=system to enable users to do
what they want with their own entry.
I added an "accessControlSpecificArea" value to the "administrativeRole"
attribute on ou=system.
I used the following subtree specification : "{}" and the following
value for my  prescriptiveACI on the accesControlSubentry I created
under ou=system  :
" { identificationTag "enableUserSelfModification", precedence 1,
authenticationLevel simple, itemOrUserFirst userFirst:{ userClasses {
thisEntry }, userPermissions { { protectedItems { entry,
allUserAttributeTypesAndValues }, grantsAndDenials { grantAdd,
grantRemove, grantModify, grantFilterMatch, grantCompare, grantRead,
grantReturnDN, grantBrowse } } } } }"

When i create a new user with admin rights and try to log under this
user, i get a 50 error code : noPermission. This is not an 49 error code
: AuthenticationException 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message