directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Getting a LdapSchemaViolationException when modifying a prescriptiveAci on an administrativeSubEntry
Date Fri, 17 Jun 2011 15:14:19 GMT
Hi Mike, this seems to be a side effect of the recent changes done to the
lookup() method, can you file a bug report in JIRA, thanks

On 17-Jun-2011 7:48 PM, "Mike Adamson" <mikeatdot@gmail.com> wrote:

Hi,

I am attempting to replace a prescriptiveAci on a sub entry using:

Entry subEntry = session.lookup(subEntryDn, "+");
ModifyRequest modifyRequest = new
ModifyRequestImpl().setName(subEntryDn).replace("prescriptiveAci", aci);
session.modify(modifyRequest);

but this always throws a LdapSchemaViolationException.

I have done some debugging in the code and found that this is coming from
the TupleCache.hasPrecriptiveAci method. It is thrown because this methods
identifies the dn as an administrative sub entry but can't find the
precriptiveAci on it. The root cause of this is this code at the bottom of
the AciAuthorizationInterceptor.modify method:

        Entry modifiedEntry = modifyContext.lookup( dn,
ByPassConstants.LOOKUP_BYPASS );
        tupleCache.subentryModified( dn, mods, modifiedEntry );

This lookup does not return the operationalAttributes so will always fail
when modifying an operationalAttribute.

Is this by design? E.g. is it not possible to modify operationalAttributes
in this way.

Thanks,

Mike Adamson

Mime
View raw message