directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject Re: Overflowing the stack with ACI
Date Wed, 18 Apr 2007 19:12:08 GMT
Mark Swanson a écrit :

Hi Mark,

feel free to open an issue, with the log, the ACI, so that we will not 
forget to fix it.

If it's not a bug (not likely :), no problem :  we can close the JIRA 
immediatly.

Thanks !

> Hello,
>
> I enabled ACI and ldapsearch now puts the server into an infinite loop:
>
> ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b 
> "dc=home2,dc=mark" -v -W "objectClass=*"
>
> org.apache.directory.server.core.interceptor.InterceptorException: 
> Unexpected exception. [Root exception is java.lang.StackOverflowError]
>     at 
> org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510)

>
>     at 
> org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52)

>
>     at 
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106)

>
>     at 
> org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)

>
>     at 
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)

>
>     at 
> org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)

>
>     at 
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)

>
>
> Configured with this:
>
> dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
> changetype: add
> objectclass: top
> objectclass: subentry
> objectclass: accessControlSubentry
> cn: swAuthorizationRequirementsACISubentry
> subtreeSpecification: {}
> prescriptiveACI: {
>     identificationTag "directoryManagerFullAccessACI",
>     precedence 11,
>     authenticationLevel simple,
>     itemOrUserFirst userFirst:
>     {
>       userClasses
>       {
>         name { "uid=44,dc=home2,dc=mark" }
>       },
>       userPermissions {
>         {
>           protectedItems { entry, allUserAttributeTypesAndValues },
>           grantsAndDenials {
>             grantAdd, grantDiscloseOnError, grantRead,
>             grantRemove, grantBrowse, grantExport, grantImport,
>             grantModify, grantRename, grantReturnDN,
>             grantCompare, grantFilterMatch, grantInvoke
>           }
>         }
>       }
>     }
>   }
> prescriptiveACI: {
>     identificationTag "allUsersACI",
>     precedence 10,
>     authenticationLevel none,
>     itemOrUserFirst userFirst:
>     {
>       userClasses {
>         allUsers
>       },
>       userPermissions {
>         {
>           protectedItems { entry, allUserAttributeTypesAndValues },
>           grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
>                              grantCompare, grantFilterMatch, 
> grantDiscloseOnError }
>         },
>         {
>           protectedItems { attributeType { userPassword } },
>           grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
>         }
>       }
>     }
>   }
>
> Should I log this as a bug or is my config causing this?
>
> Cheers.
>


Mime
View raw message