directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DIRSERVER-884) Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry
Date Wed, 28 Mar 2007 10:43:33 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-884?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emmanuel Lecharny updated DIRSERVER-884:
----------------------------------------

    Affects Version/s: 1.5.0
                       1.0.1
        Fix Version/s: 1.0.2
                       1.5.1

Moved to DIRSERVER

> Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry
> -------------------------------------------------------------------------
>
>                 Key: DIRSERVER-884
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-884
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.0.1, 1.5.0
>         Environment: Confirmed on Windows XP and Mac OSX 10.4.8
>            Reporter: Timothy Quinn
>         Assigned To: Alex Karasulu
>            Priority: Critical
>             Fix For: 1.5.1, 1.0.2
>
>
> :: Summary ::
> ApacheDS server fails to start when a Access Control Subentry exists that contains a
malformed prescriptiveACI. Just by simply removing a single brace from the ACI, the server
startup fails on validation of the entry.
> :: Steps To Reproduce ::
> 1) Installed fresh version of ApacheDS (ok)
> 2) Started Server (ok)
> 3) Connected to server using LDAP Studio (ok)
> 4) Added administrativeRole attribute to entry (ok)
> 5) Added a good ACI Entry (copied from working sever - ok)
> 6) Removed a curly brace from the prescriptiveaci attribute (ok)
> 7) Stopped and restarted server (barf)
> ... Server barfed out the error and server fails to start!:
> ~err_snip~
> TupleCache.subentryAdded - ACIItem parser failure on 'null'. Cannnot add ACITuples to
TupleCache.
> java.text.ParseException: Parser failure on ACIItem:
>         {
>     identificationTag "enableSearchForAllUsers",
>     precedence 14,
>     .... ~skipping aci details for lack of relevance to issue~ ...
> }
> Antlr exception trace:
> unexpected token: name
>         at org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)
>         at org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)
>         at org.apache.directory.server.core.authz.TupleCache.initialize (TupleCache.java:139)
>         at org.apache.directory.server.core.authz.TupleCache.<init>(TupleCache.java:101)
> ~/err_snip~
> 8) Try turning off accessControlEnabled flag in config.xml (ok)
> 9) Try Starting the server (barf)
> ... This is the most intuitive step to fix it but did not help.
> ... Server will still not start up!
> :: Workaround Steps ::
> 1) Comment out Authorization bean entry in server.xml (ok)
> 2) Restarted server (ok (whew!))
> 3) Connect to and fix bad ACI Entry using LDAP Studio (ok)
> 4) Stop the server (ok)
> 5) Remove Comment of Authorization bean entry in server.xml (ok)
> 6) Restarted server (ok)
> ... YeeeHaaa - Server started without any problems =)
> Notes:
> - See ApacheDS March 2007 Users mailing list thread titled "[ApacheDS Authorization]
HELP - Server will no longer start"

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message