Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 13047 invoked from network); 27 Mar 2007 00:19:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Mar 2007 00:19:54 -0000 Received: (qmail 68719 invoked by uid 500); 27 Mar 2007 00:20:01 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 68535 invoked by uid 500); 27 Mar 2007 00:20:00 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 68479 invoked by uid 99); 27 Mar 2007 00:20:00 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Mar 2007 17:20:00 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Mar 2007 17:19:52 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 69404714064 for ; Mon, 26 Mar 2007 17:19:32 -0700 (PDT) Message-ID: <10047965.1174954772428.JavaMail.jira@brutus> Date: Mon, 26 Mar 2007 17:19:32 -0700 (PDT) From: "Timothy Quinn (JIRA)" To: dev@directory.apache.org Subject: [jira] Created: (DIR-207) Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry ------------------------------------------------------------------------- Key: DIR-207 URL: https://issues.apache.org/jira/browse/DIR-207 Project: Directory Issue Type: Bug Environment: Confirmed on Windows XP and Mac OSX 10.4.8 Reporter: Timothy Quinn Assigned To: Alex Karasulu Priority: Critical :: Summary :: ApacheDS server fails to start when a Access Control Subentry exists that contains a malformed prescriptiveACI. Just by simply removing a single brace from the ACI, the server startup fails on validation of the entry. :: Steps To Reproduce :: 1) Installed fresh version of ApacheDS (ok) 2) Started Server (ok) 3) Connected to server using LDAP Studio (ok) 4) Added administrativeRole attribute to entry (ok) 5) Added a good ACI Entry (copied from working sever - ok) 6) Removed a curly brace from the prescriptiveaci attribute (ok) 7) Stopped and restarted server (barf) ... Server barfed out the error and server fails to start!: ~err_snip~ TupleCache.subentryAdded - ACIItem parser failure on 'null'. Cannnot add ACITuples to TupleCache. java.text.ParseException: Parser failure on ACIItem: { identificationTag "enableSearchForAllUsers", precedence 14, .... ~skipping aci details for lack of relevance to issue~ ... } Antlr exception trace: unexpected token: name at org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128) at org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186) at org.apache.directory.server.core.authz.TupleCache.initialize (TupleCache.java:139) at org.apache.directory.server.core.authz.TupleCache.(TupleCache.java:101) ~/err_snip~ 8) Try turning off accessControlEnabled flag in config.xml (ok) 9) Try Starting the server (barf) ... This is the most intuitive step to fix it but did not help. ... Server will still not start up! :: Workaround Steps :: 1) Comment out Authorization bean entry in server.xml (ok) 2) Restarted server (ok (whew!)) 3) Connect to and fix bad ACI Entry using LDAP Studio (ok) 4) Stop the server (ok) 5) Remove Comment of Authorization bean entry in server.xml (ok) 6) Restarted server (ok) ... YeeeHaaa - Server started without any problems =) Notes: - See ApacheDS March 2007 Users mailing list thread titled "[ApacheDS Authorization] HELP - Server will no longer start" -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.