directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-606) ou=users, ou=system - user cannot see their own entry
Date Sun, 23 Apr 2006 16:45:06 GMT
    [ http://issues.apache.org/jira/browse/DIRSERVER-606?page=comments#action_12375889 ] 

Emmanuel Lecharny commented on DIRSERVER-606:
---------------------------------------------

I have a different behavior. I also have created the same entry (with LdapBrowser, and it's
not easy, becuase if you don't create a file to store the password, then there is no way you
can modify the entry after having added it.)

Now, if I try to do :
ldapsearch -h localhost -p 10389 -D "cn=fiona apple,ou=users,ou=system" -w machine -s sub
-b "ou=users,ou=system" "(objectClass=*)" dn

I got :
ldap_sasl_interactive_bind_s: Insufficient access (50)
        additional info: failed on search operation

I changed the command to : 
ldapsearch -x -h localhost -p 10389 -D "cn=fiona apple,ou=users,ou=system" -w machine -s sub
-b "ou=users,ou=system" "(objectClass=*)" dn

(the  -x is for Simple authentication)

Now, I get this error :
ldap_bind: Invalid credentials (49)
        additional info: Bind failed


Of course, if I use the admin DN to authenticate, it works :
ldapsearch -x -h localhost -p 10389 -D "uid=admin,ou=system" -w secret -s sub -b "ou=users,ou=system"
"(objectClass=*)" dn

gives the following result :

# extended LDIF
#
# LDAPv3
# base <ou=users,ou=system> with scope sub
# filter: (objectClass=*)
# requesting: dn
#

# users, system
dn: ou=users,ou=system

# Fiona Apple, users, system
dn: cn=Fiona Apple,ou=users,ou=system

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2




> ou=users, ou=system - user cannot see their own entry
> -----------------------------------------------------
>
>          Key: DIRSERVER-606
>          URL: http://issues.apache.org/jira/browse/DIRSERVER-606
>      Project: Directory ApacheDS
>         Type: Bug

>     Versions: 1.0-RC1
>  Environment: JDK 1.4.1
> Tried both JXplorer, and from ACEGI security
>     Reporter: Marc Batchelor
>     Assignee: Stefan Zoerner
>     Priority: Critical
>  Attachments: patch.txt
>
> User binds to ApacheDS as a user under ou=users, ou=system. The user cannot see their
own entry to get their own attributes.
> Documentation states: Users cannot see other user entries under the 'ou=users,ou=system'
entry.
> Agreed and understood. But, the user, after binding with the directory, cannot even find
their own entry to get their own attributes. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message