directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Evans <richard.ev...@datanomic.com>
Subject RE: Creating ACIs in trunk code
Date Fri, 13 May 2011 09:47:00 GMT
Hi Emmanuel

But I'm running a new build from a recent (yesterday) checkout of trunk-with-dependencies.
 Judging from the commit log for the fix for 1524, I have the fix in the source I have checked
out and built.  The log shows that AciAuthorizationInterceptor is being initialised and reading
the tuple cache.

I'd like to put together an Aci entry for the RootDSE to allow anonymous access.  Is there
an example (or documentation) anywhere?

I do the test searches using ldapsearch or the javax.naming APIs.  With access control enabled
but no Aci loaded I don't get the error, just an empty search.

Richard

-----Original Message-----
From: Emmanuel Lecharny [mailto:elecharny@gmail.com] 
Sent: 13 May 2011 10:43
To: Apache Directory Developers List
Subject: Re: Creating ACIs in trunk code

Hi Richard,

On 5/12/11 6:17 PM, Richard Evans wrote:
> I'm running a 1.5.8 snapshot freshly built from trunk-with-dependencies.  I'm set up
access controls and am trying to define the 'enable search for all users' ACI entry as explained
in the online docs.
<snip/>

> This looks a bit like DIRSERVER-1524.  Have I created the Aci entry correctly for trunk
code?
This is exactly the problem. It has been fixed in trunk. Otherwise, your 
entries are perfectly fine.
> A couple of other related queries:
>
> 1. With access controls enabled, I can't connect anonymously to the RootDSE - do I need
another Aci entry for this?
Yes. RootDSE is also controlled by access controls rules.
> 2. Attempting a search as a test user, I would expect searches to fail with an error,
instead I just get no results.  Is this intentional?
Depends on the LDAP API you are using. In any case, if you check the 
ResultCode, you should have a *insufficientAccessRights* error (or 
something similar)


-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message