directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Swanson <m...@ScheduleWorld.com>
Subject Overflowing the stack with ACI
Date Wed, 18 Apr 2007 19:07:39 GMT
Hello,

I enabled ACI and ldapsearch now puts the server into an infinite loop:

ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b 
"dc=home2,dc=mark" -v -W "objectClass=*"

org.apache.directory.server.core.interceptor.InterceptorException: 
Unexpected exception. [Root exception is java.lang.StackOverflowError]
     at 
org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510)
     at 
org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52)
     at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106)
     at 
org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
     at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
     at 
org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
     at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)

Configured with this:

dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
changetype: add
objectclass: top
objectclass: subentry
objectclass: accessControlSubentry
cn: swAuthorizationRequirementsACISubentry
subtreeSpecification: {}
prescriptiveACI: {
     identificationTag "directoryManagerFullAccessACI",
     precedence 11,
     authenticationLevel simple,
     itemOrUserFirst userFirst:
     {
       userClasses
       {
         name { "uid=44,dc=home2,dc=mark" }
       },
       userPermissions {
         {
           protectedItems { entry, allUserAttributeTypesAndValues },
           grantsAndDenials {
             grantAdd, grantDiscloseOnError, grantRead,
             grantRemove, grantBrowse, grantExport, grantImport,
             grantModify, grantRename, grantReturnDN,
             grantCompare, grantFilterMatch, grantInvoke
           }
         }
       }
     }
   }
prescriptiveACI: {
     identificationTag "allUsersACI",
     precedence 10,
     authenticationLevel none,
     itemOrUserFirst userFirst:
     {
       userClasses {
         allUsers
       },
       userPermissions {
         {
           protectedItems { entry, allUserAttributeTypesAndValues },
           grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
                              grantCompare, grantFilterMatch, 
grantDiscloseOnError }
         },
         {
           protectedItems { attributeType { userPassword } },
           grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
         }
       }
     }
   }

Should I log this as a bug or is my config causing this?

Cheers.

-- 
http://www.ScheduleWorld.com/
Free Google Calendar synchronization with Outlook, Evolution,
cell phones, BlackBerry, PalmOS, Exchange, Mozilla, Thunderbird,
Pocket PC/Windows Mobile. Also sync tasks, notes and contacts!
WebDAV, vfreebusy, RSS, LDAP, iCalendar, iTIP, iMIP support.

Mime
View raw message