directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wayne Johnson (JIRA)" <j...@apache.org>
Subject [jira] Created: (DIRSERVER-1014) ACI Example deleteAci apparently wrong in web documents
Date Tue, 07 Aug 2007 17:45:59 GMT
ACI Example deleteAci apparently wrong in web documents
-------------------------------------------------------

                 Key: DIRSERVER-1014
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1014
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: doc
    Affects Versions: 1.0.2
         Environment: Web documentation
            Reporter: Wayne Johnson


Page http://directory.apache.org/apacheds/1.0/userclasses.html has an example for "Combining
Multiple UserClass Specification Mechanisms".  The example shows the syntax:
      userClasses 
        { 
           thisEntry, 
           name { "uid=jbean,ou=users,ou=system" }, 
           name { "uid=jdoe,ou=users,ou=system" }, 
           userGroup { "cn=Administrators,ou=groups,ou=system" } 
        },
I've found that this doesn't work.  What appears to work (from my code) is:
    userClasses { 
      name { "cn=SA,ou=users,dc=mqsoftware,dc=com",
      "cn=fred,ou=users,dc=mqsoftware,dc=com" }
    }, 

The when using the documented syntax, I get the following in the log:
[12:43:10] ERROR [org.apache.directory.server.core.authz.TupleCache] - ACIItem parser failure
on 
'null'
due to syntax error. Cannnot add ACITuples to TupleCache.
Check that the syntax of the ACI item is correct. 
Until this error is fixed your security settings will not be as expected.

java.text.ParseException: Parser failure on ACIItem:
	{  identificationTag "userAdminPermissions",  precedence 16,  authenticationLevel simple,
itemOrUserFirst userFirst: {    userClasses {      name { "cn=SA,ou=users,dc=mqsoftware,dc=com"
},     name { "cn=fred,ou=users,dc=mqsoftware,dc=com" }   },    userPermissions    {     
{        protectedItems { entry, allUserAttributeTypesAndValues },        grantsAndDenials
{ grantAdd, grantDiscloseOnError, grantRead,          grantRemove, grantBrowse, grantExport,
grantImport, grantModify,          grantRename, grantReturnDN, grantCompare, grantFilterMatch,
         grantInvoke }      }    }  } }
Antlr exception trace:
User Classes cannot be duplicated. Adding duplicate keys is not permitted.

	at org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)

	at org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)

	at org.apache.directory.server.core.authz.AuthorizationService.add(AuthorizationService.java:383)

	at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)

	at org.apache.directory.server.core.referral.ReferralService.add(ReferralService.java:329)

	at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)

	at org.apache.directory.server.core.authn.AuthenticationService.add(AuthenticationService.java:197)

	at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)

	at org.apache.directory.server.core.normalization.NormalizationService.add(NormalizationService.java:103)

	at org.apache.directory.server.core.interceptor.InterceptorChain.add(InterceptorChain.java:706)

	at org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:325)

	at org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:313)

	at org.apache.directory.server.core.jndi.ServerDirContext.createSubcontext(ServerDirContext.java:409)



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message