directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Evans <richard.ev...@datanomic.com>
Subject RE: Creating ACIs in trunk code
Date Fri, 20 May 2011 15:25:31 GMT
Just a small follow up on this.  The patch works fine, so I now want to create an Aci to allow
anonymous access to the RootDSE.  I'm a bit unclear as to the details of the Aci entries,
so can someone give me some tips on this?

Thanks

Richard

-----Original Message-----
From: Emmanuel L├ęcharny [mailto:elecharny@apache.org] 
Sent: 13 May 2011 12:10
Cc: Apache Directory Developers List
Subject: Re: Creating ACIs in trunk code

I have applied a fix to trunk :

http://svn.apache.org/viewvc?rev=1102672&view=rev

Can you give it a try ?



On 5/13/11 11:47 AM, Richard Evans wrote:
> Hi Emmanuel
>
> But I'm running a new build from a recent (yesterday) checkout of trunk-with-dependencies.
 Judging from the commit log for the fix for 1524, I have the fix in the source I have checked
out and built.  The log shows that AciAuthorizationInterceptor is being initialised and reading
the tuple cache.
>
> I'd like to put together an Aci entry for the RootDSE to allow anonymous access.  Is
there an example (or documentation) anywhere?
>
> I do the test searches using ldapsearch or the javax.naming APIs.  With access control
enabled but no Aci loaded I don't get the error, just an empty search.
>
> Richard
>
> -----Original Message-----
> From: Emmanuel Lecharny [mailto:elecharny@gmail.com]
> Sent: 13 May 2011 10:43
> To: Apache Directory Developers List
> Subject: Re: Creating ACIs in trunk code
>
> Hi Richard,
>
> On 5/12/11 6:17 PM, Richard Evans wrote:
>> I'm running a 1.5.8 snapshot freshly built from trunk-with-dependencies.  I'm set
up access controls and am trying to define the 'enable search for all users' ACI entry as
explained in the online docs.
> <snip/>
>
>> This looks a bit like DIRSERVER-1524.  Have I created the Aci entry correctly for
trunk code?
> This is exactly the problem. It has been fixed in trunk. Otherwise, your
> entries are perfectly fine.
>> A couple of other related queries:
>>
>> 1. With access controls enabled, I can't connect anonymously to the RootDSE - do
I need another Aci entry for this?
> Yes. RootDSE is also controlled by access controls rules.
>> 2. Attempting a search as a test user, I would expect searches to fail with an error,
instead I just get no results.  Is this intentional?
> Depends on the LDAP API you are using. In any case, if you check the
> ResultCode, you should have a *insufficientAccessRights* error (or
> something similar)
>
>


-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message