directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-606) ou=users, ou=system - user cannot see their own entry
Date Sat, 15 Apr 2006 16:28:00 GMT
    [ http://issues.apache.org/jira/browse/DIRSERVER-606?page=comments#action_12374641 ] 

Stefan Zoerner commented on DIRSERVER-606:
------------------------------------------

Able to reproduce. It is just like Marc describes. Starting from a default RC1, I used the
admin to add an entry like this:

dn: cn=Fiona Apple,ou=users,ou=system
objectclass: top
objectclass: person
cn: Fiona Apple
sn: Apple
userpassword: machine

Performing a
$ ldapsearch -h localhost -p 10389 -D "cn=Fiona Apple,ou=users,ou=system" -w machine -s one
-b "ou=users,ou=system" "(objectClass=*)" dn
gives no results

I assume an error in the OldAuthorizationService component. If I comment this interceptor
out in the server.xml (name=oldAuthorizationService), the search op above gives Fionas entry
(and all others).

$ ldapsearch -h localhost ...
version: 1
dn: cn=Fiona Apple,ou=users,ou=system

dn: cn=Kate Bush,ou=users,ou=system
$



> ou=users, ou=system - user cannot see their own entry
> -----------------------------------------------------
>
>          Key: DIRSERVER-606
>          URL: http://issues.apache.org/jira/browse/DIRSERVER-606
>      Project: Directory ApacheDS
>         Type: Bug

>     Versions: 1.0-RC1
>  Environment: JDK 1.4.1
> Tried both JXplorer, and from ACEGI security
>     Reporter: Marc Batchelor
>     Assignee: Stefan Zoerner
>     Priority: Critical

>
> User binds to ApacheDS as a user under ou=users, ou=system. The user cannot see their
own entry to get their own attributes.
> Documentation states: Users cannot see other user entries under the 'ou=users,ou=system'
entry.
> Agreed and understood. But, the user, after binding with the directory, cannot even find
their own entry to get their own attributes. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message