directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [jira] Commented: (DIRSERVER-884) Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry
Date Thu, 19 Apr 2007 19:13:38 GMT
Yeah I'm on this issue. Let me knock it out.


On 4/19/07, Emmanuel Lecharny (JIRA) <jira@apache.org> wrote:
>
>
>     [
> https://issues.apache.org/jira/browse/DIRSERVER-884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12490144]
>
> Emmanuel Lecharny commented on DIRSERVER-884:
> ---------------------------------------------
>
> Interesting, Alex,
>
> It would worth it to test this code with 1.5, where the syntaxCheckers are
> active, just to check if we are not having an infinite loop.
>
> > Authorization, Prescriptive ACI Bug - Server start fails on bad ACI
> Entry
> >
> -------------------------------------------------------------------------
> >
> >                 Key: DIRSERVER-884
> >                 URL: https://issues.apache.org/jira/browse/DIRSERVER-884
> >             Project: Directory ApacheDS
> >          Issue Type: Bug
> >    Affects Versions: 1.0.1, 1.5.0
> >         Environment: Confirmed on Windows XP and Mac OSX 10.4.8
> >            Reporter: Timothy Quinn
> >         Assigned To: Alex Karasulu
> >            Priority: Critical
> >             Fix For: 1.5.1, 1.0.2
> >
> >
> > :: Summary ::
> > ApacheDS server fails to start when a Access Control Subentry exists
> that contains a malformed prescriptiveACI. Just by simply removing a single
> brace from the ACI, the server startup fails on validation of the entry.
> > :: Steps To Reproduce ::
> > 1) Installed fresh version of ApacheDS (ok)
> > 2) Started Server (ok)
> > 3) Connected to server using LDAP Studio (ok)
> > 4) Added administrativeRole attribute to entry (ok)
> > 5) Added a good ACI Entry (copied from working sever - ok)
> > 6) Removed a curly brace from the prescriptiveaci attribute (ok)
> > 7) Stopped and restarted server (barf)
> > ... Server barfed out the error and server fails to start!:
> > ~err_snip~
> > TupleCache.subentryAdded - ACIItem parser failure on 'null'. Cannnot add
> ACITuples to TupleCache.
> > java.text.ParseException: Parser failure on ACIItem:
> >         {
> >     identificationTag "enableSearchForAllUsers",
> >     precedence 14,
> >     .... ~skipping aci details for lack of relevance to issue~ ...
> > }
> > Antlr exception trace:
> > unexpected token: name
> >         at org.apache.directory.shared.ldap.aci.ACIItemParser.parse(
> ACIItemParser.java:128)
> >         at
> org.apache.directory.server.core.authz.TupleCache.subentryAdded(
> TupleCache.java:186)
> >         at org.apache.directory.server.core.authz.TupleCache.initialize(
> TupleCache.java:139)
> >         at org.apache.directory.server.core.authz.TupleCache.<init>(
> TupleCache.java:101)
> > ~/err_snip~
> > 8) Try turning off accessControlEnabled flag in config.xml (ok)
> > 9) Try Starting the server (barf)
> > ... This is the most intuitive step to fix it but did not help.
> > ... Server will still not start up!
> > :: Workaround Steps ::
> > 1) Comment out Authorization bean entry in server.xml (ok)
> > 2) Restarted server (ok (whew!))
> > 3) Connect to and fix bad ACI Entry using LDAP Studio (ok)
> > 4) Stop the server (ok)
> > 5) Remove Comment of Authorization bean entry in server.xml (ok)
> > 6) Restarted server (ok)
> > ... YeeeHaaa - Server started without any problems =)
> > Notes:
> > - See ApacheDS March 2007 Users mailing list thread titled "[ApacheDS
> Authorization] HELP - Server will no longer start"
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
>

Mime
View raw message