directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er (JIRA)" <j...@apache.org>
Subject [jira] Created: (DIRSERVER-989) allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
Date Wed, 04 Jul 2007 13:10:04 GMT
allAttributeValues protected item is not handled correctly by the Authorization subsystem in
Modify operations
--------------------------------------------------------------------------------------------------------------

                 Key: DIRSERVER-989
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-989
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: core
    Affects Versions: 1.5.0, 1.0.2
            Reporter: Ersin Er
             Fix For: 1.5.1, 1.0.3


allAttributeValues protectedItem only applies to attribute values, not attribute types. So
if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute
can be added. To create a new attribute with an initial value, grantAdd permission is needed
for both the attribute type and the value. This can be achieved with several combinations
like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes,
attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications
including deletes.

The explanations here are based on the Security chapter of the X.500 spec and and the related
chapter in the X.500 book by Chadwick.

To comply with this approach, modify operations should be handled with more granularity in
the AuthorizationService and some existing unit tests need to be updated.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message