Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 41906 invoked from network); 21 Apr 2006 08:37:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 21 Apr 2006 08:37:11 -0000 Received: (qmail 64920 invoked by uid 500); 21 Apr 2006 08:37:10 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 64882 invoked by uid 500); 21 Apr 2006 08:37:09 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 64871 invoked by uid 99); 21 Apr 2006 08:37:09 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Apr 2006 01:37:09 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Apr 2006 01:37:09 -0700 Received: from brutus (localhost.localdomain [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 0D4BE7142D5 for ; Fri, 21 Apr 2006 08:36:06 +0000 (GMT) Message-ID: <5180980.1145608566036.JavaMail.jira@brutus> Date: Fri, 21 Apr 2006 08:36:06 +0000 (GMT+00:00) From: "Stefan Zoerner (JIRA)" To: dev@directory.apache.org Subject: [jira] Updated: (DIRSERVER-606) ou=users, ou=system - user cannot see their own entry In-Reply-To: <1942518626.1144099366669.JavaMail.jira@ajax> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/DIRSERVER-606?page=all ] Stefan Zoerner updated DIRSERVER-606: ------------------------------------- Attachment: patch.txt This small patch (1 line) allows users to search their own entry. It changes a condition within the isSearchable method of OldAuthorizationService. There is still a problem left, if the DN of the user contains uppercase letters, or if s/he uses uppercase letters in the bind DN. In these cases, the issue still exists. The reason for this is the equals method of org.apache.directory.shared.ldap.name.LdapName, which is used frequently in OldAuthorizationService, and which is case sensitive. Two options here: a) modify equals() in LdapName to ignore case b) perform special checks in OldAuthorizationService which ignore case > ou=users, ou=system - user cannot see their own entry > ----------------------------------------------------- > > Key: DIRSERVER-606 > URL: http://issues.apache.org/jira/browse/DIRSERVER-606 > Project: Directory ApacheDS > Type: Bug > Versions: 1.0-RC1 > Environment: JDK 1.4.1 > Tried both JXplorer, and from ACEGI security > Reporter: Marc Batchelor > Assignee: Stefan Zoerner > Priority: Critical > Attachments: patch.txt > > User binds to ApacheDS as a user under ou=users, ou=system. The user cannot see their own entry to get their own attributes. > Documentation states: Users cannot see other user entries under the 'ou=users,ou=system' entry. > Agreed and understood. But, the user, after binding with the directory, cannot even find their own entry to get their own attributes. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira