directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel L├ęcharny <>
Subject Re: Creating ACIs in trunk code
Date Fri, 13 May 2011 11:10:27 GMT
I have applied a fix to trunk :

Can you give it a try ?

On 5/13/11 11:47 AM, Richard Evans wrote:
> Hi Emmanuel
> But I'm running a new build from a recent (yesterday) checkout of trunk-with-dependencies.
 Judging from the commit log for the fix for 1524, I have the fix in the source I have checked
out and built.  The log shows that AciAuthorizationInterceptor is being initialised and reading
the tuple cache.
> I'd like to put together an Aci entry for the RootDSE to allow anonymous access.  Is
there an example (or documentation) anywhere?
> I do the test searches using ldapsearch or the javax.naming APIs.  With access control
enabled but no Aci loaded I don't get the error, just an empty search.
> Richard
> -----Original Message-----
> From: Emmanuel Lecharny []
> Sent: 13 May 2011 10:43
> To: Apache Directory Developers List
> Subject: Re: Creating ACIs in trunk code
> Hi Richard,
> On 5/12/11 6:17 PM, Richard Evans wrote:
>> I'm running a 1.5.8 snapshot freshly built from trunk-with-dependencies.  I'm set
up access controls and am trying to define the 'enable search for all users' ACI entry as
explained in the online docs.
> <snip/>
>> This looks a bit like DIRSERVER-1524.  Have I created the Aci entry correctly for
trunk code?
> This is exactly the problem. It has been fixed in trunk. Otherwise, your
> entries are perfectly fine.
>> A couple of other related queries:
>> 1. With access controls enabled, I can't connect anonymously to the RootDSE - do
I need another Aci entry for this?
> Yes. RootDSE is also controlled by access controls rules.
>> 2. Attempting a search as a test user, I would expect searches to fail with an error,
instead I just get no results.  Is this intentional?
> Depends on the LDAP API you are using. In any case, if you check the
> ResultCode, you should have a *insufficientAccessRights* error (or
> something similar)

Emmanuel L├ęcharny

View raw message