directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy Quinn (JIRA)" <directory-...@incubator.apache.org>
Subject [jira] Created: (DIR-207) Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry
Date Tue, 27 Mar 2007 00:19:32 GMT
Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry
-------------------------------------------------------------------------

                 Key: DIR-207
                 URL: https://issues.apache.org/jira/browse/DIR-207
             Project: Directory
          Issue Type: Bug
         Environment: Confirmed on Windows XP and Mac OSX 10.4.8
            Reporter: Timothy Quinn
         Assigned To: Alex Karasulu
            Priority: Critical


:: Summary ::
ApacheDS server fails to start when a Access Control Subentry exists that contains a malformed
prescriptiveACI. Just by simply removing a single brace from the ACI, the server startup fails
on validation of the entry.

:: Steps To Reproduce ::
1) Installed fresh version of ApacheDS (ok)
2) Started Server (ok)
3) Connected to server using LDAP Studio (ok)
4) Added administrativeRole attribute to entry (ok)
5) Added a good ACI Entry (copied from working sever - ok)
6) Removed a curly brace from the prescriptiveaci attribute (ok)
7) Stopped and restarted server (barf)
... Server barfed out the error and server fails to start!:
~err_snip~
TupleCache.subentryAdded - ACIItem parser failure on 'null'. Cannnot add ACITuples to TupleCache.
java.text.ParseException: Parser failure on ACIItem:
        {
    identificationTag "enableSearchForAllUsers",
    precedence 14,
    .... ~skipping aci details for lack of relevance to issue~ ...
}
Antlr exception trace:
unexpected token: name
        at org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)
        at org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)
        at org.apache.directory.server.core.authz.TupleCache.initialize (TupleCache.java:139)
        at org.apache.directory.server.core.authz.TupleCache.<init>(TupleCache.java:101)
~/err_snip~
8) Try turning off accessControlEnabled flag in config.xml (ok)
9) Try Starting the server (barf)
... This is the most intuitive step to fix it but did not help.
... Server will still not start up!

:: Workaround Steps ::
1) Comment out Authorization bean entry in server.xml (ok)
2) Restarted server (ok (whew!))
3) Connect to and fix bad ACI Entry using LDAP Studio (ok)
4) Stop the server (ok)
5) Remove Comment of Authorization bean entry in server.xml (ok)
6) Restarted server (ok)
... YeeeHaaa - Server started without any problems =)

Notes:
- See ApacheDS March 2007 Users mailing list thread titled "[ApacheDS Authorization] HELP
- Server will no longer start"

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message