directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Swanson (JIRA)" <j...@apache.org>
Subject [jira] Created: (DIRSERVER-907) Overflowing the stack with ACI
Date Sun, 22 Apr 2007 06:02:15 GMT
Overflowing the stack with ACI
------------------------------

                 Key: DIRSERVER-907
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-907
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: 1.0.1
         Environment: Linux, Java 6
            Reporter: Mark Swanson
            Priority: Minor


Hello,

I enabled ACI and ldapsearch now puts the server into an infinite loop:

ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b "dc=home2,dc=mark" -v -W "objectClass=*"

org.apache.directory.server.core.interceptor.InterceptorException: Unexpected exception. [Root
exception is java.lang.StackOverflowError]
    at org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510)
    at org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52)
    at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106)
    at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
    at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
    at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
    at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)

Configured with this:

dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
changetype: add
objectclass: top
objectclass: subentry
objectclass: accessControlSubentry
cn: swAuthorizationRequirementsACISubentry
subtreeSpecification: {}
prescriptiveACI: {
    identificationTag "directoryManagerFullAccessACI",
    precedence 11,
    authenticationLevel simple,
    itemOrUserFirst userFirst:
    {
      userClasses
      {
        name { "uid=44,dc=home2,dc=mark" }
      },
      userPermissions {
        {
          protectedItems { entry, allUserAttributeTypesAndValues },
          grantsAndDenials {
            grantAdd, grantDiscloseOnError, grantRead,
            grantRemove, grantBrowse, grantExport, grantImport,
            grantModify, grantRename, grantReturnDN,
            grantCompare, grantFilterMatch, grantInvoke
          }
        }
      }
    }
  }
prescriptiveACI: {
    identificationTag "allUsersACI",
    precedence 10,
    authenticationLevel none,
    itemOrUserFirst userFirst:
    {
      userClasses {
        allUsers
      },
      userPermissions {
        {
          protectedItems { entry, allUserAttributeTypesAndValues },
          grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
                             grantCompare, grantFilterMatch, grantDiscloseOnError }
        },
        {
          protectedItems { attributeType { userPassword } },
          grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
        }
      }
    }
  } 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message