I've done some digging around and found the problem.

I should have been using directoryService.setPartitions to add my custom partition to the directory service before calling startup rather than calling addPartition after startup. The problem being that the AciAuthorizationInteceptor was initializing it's group cache in the startup and my users and groups are in the custom partition.

Apologies for wasting time.

Mike Adamson

On 13 June 2011 15:03, Mike Adamson <mikeatdot@gmail.com> wrote:

The code I provided is in a StartStopListener in order to start the DirectoryService when a web app starts up. After this I import a couple of ldif files into the service if the data doesn't already exist.

I updated from trunk last Friday so I should have that fix. I seem to have an issue with restarting my server. I'll try debugging into the search and see if it I can see anything.


Mike Adamson

On 13 June 2011 13:54, Emmanuel Lecharny <elecharny@apache.org> wrote:

On Mon, Jun 13, 2011 at 2:35 PM, Mike Adamson <mikeatdot@gmail.com> wrote:


I am using an embedded DirectoryService instance from trunk. If I start the service and inject my test data with ACIs they work correctly. E.g. users can access the data allowed by the ACIs. If I stop the server and start it again they can't. If I connect to the server as the admin user I can see that my data is still there and the subEntries are visible they just don't seem to be being interpreted.

I remember seeing a message on these forums that this was a bug in 1.5.7 but had been fixed on trunk. I am using the following code to start the service:

Yes, it was fixed in trunk, and the last fix was applied less than a month ago.

        InstanceLayout instanceLayout = new InstanceLayout(workingDir);
        directoryService = new DefaultDirectoryService();

        Partition systemPartition = createPartition("system", ServerDNConstants.SYSTEM_DN);


        Partition ratPartition = createPartition(partitionId, partitionDn);
        addIndex(ratPartition, "objectClass", "ou", "uid");

        SchemaPartition schemaPartition = directoryService.getSchemaService().getSchemaPartition();
        schemaPartition.setWrappedPartition( schemaLdifPartition );
        schemaPartition.setSchemaManager( schemaManager );


Is there something more I need to do to reload the ACI cache?

Hmmm, the code you expose won't do anything else than starting the server, no ? 

Emmanuel Lécharny