directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-606) ou=users, ou=system - user cannot see their own entry
Date Sun, 23 Apr 2006 17:19:06 GMT
    [ http://issues.apache.org/jira/browse/DIRSERVER-606?page=comments#action_12375893 ] 

Emmanuel Lecharny commented on DIRSERVER-606:
---------------------------------------------

Ok, I think that we can fix the code this way :

...
                if ( dn.startsWith( USER_BASE_DN ) || dn.startsWith( GROUP_BASE_DN ) )
                {
                        // check that it's not the user himself.
                	if ( dn.equals( dnParser.parse( principalDn.toString() ) ) )
                	{
                		return true;
                	}
                	
                    return false;
                }
...

The problem is that, if you do it, you will get the userPassword :

ldapsearch -x -h localhost -p 10389 -D "cn=Fiona apple,ou=users,ou=system" -w machine -s one
-b "ou=users,ou=system" "(objectClass=*)"
# extended LDIF
...
# Fiona Apple, users, system
dn: cn=Fiona Apple,ou=users,ou=system
...
userpassword:: bWFjaGluZQ==

and it's easy to check that bWFjaGluZQ== is the base 64 encoded value for "machine"...

Is it what we want? I don't think so.

wdyt ?


> ou=users, ou=system - user cannot see their own entry
> -----------------------------------------------------
>
>          Key: DIRSERVER-606
>          URL: http://issues.apache.org/jira/browse/DIRSERVER-606
>      Project: Directory ApacheDS
>         Type: Bug

>     Versions: 1.0-RC1
>  Environment: JDK 1.4.1
> Tried both JXplorer, and from ACEGI security
>     Reporter: Marc Batchelor
>     Assignee: Stefan Zoerner
>     Priority: Critical
>  Attachments: patch.txt
>
> User binds to ApacheDS as a user under ou=users, ou=system. The user cannot see their
own entry to get their own attributes.
> Documentation states: Users cannot see other user entries under the 'ou=users,ou=system'
entry.
> Agreed and understood. But, the user, after binding with the directory, cannot even find
their own entry to get their own attributes. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message