Return-Path: 
 <dev-return-38375-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-dev-archive@www.apache.org
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id F3A654423
	for <apmail-directory-dev-archive@www.apache.org>;
 Fri, 17 Jun 2011 15:25:54 +0000 (UTC)
Received: (qmail 10270 invoked by uid 500); 17 Jun 2011 15:25:54 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 10233 invoked by uid 500); 17 Jun 2011 15:25:54 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 10226 invoked by uid 99); 17 Jun 2011 15:25:54 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Jun 2011 15:25:54 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of mikeatdot@gmail.com designates
 209.85.216.171 as permitted sender)
Received: from [209.85.216.171] (HELO mail-qy0-f171.google.com)
 (209.85.216.171)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Jun 2011 15:25:46 +0000
Received: by qyl38 with SMTP id 38so625537qyl.16
        for <dev@directory.apache.org>; Fri, 17 Jun 2011 08:25:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type;
        bh=Sy/HGNUTo5BR898p6DfPMSSDUaK50h97fl7z8L9bsSc=;
        b=nxkOc2l/tkel0X3EWGU5EHX2m/ACJg+UzquyCOZyiBE1td8UIKFY+6HsiqSXa9cjnR
         PbfZ7urnGi6LK7725X79PyWzFsmkZl6NmV24t1PB0n7SxufVxLCtEkH2NvDTF6vSMxo3
         Z6YtnnKVinjluPqFjY1eaWiKfZ/GpykWnxdBc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=dwZcGfS7+xm9oT2nXGAQhO7U8I8MiqXNnf/UKcNmEbA8ZfY9z/Qg1wKygghJjghsgD
         bn2mdOZEnHsEawGB+VK70IkrSUast4PZI8iVVHGxGOGbLYlWdk7Q5/XXcMpKw1oKbtiU
         KhLYQPzfN9zIxtKPxYRSlt4H2HkeWUcyHg9a0=
MIME-Version: 1.0
Received: by 10.224.27.129 with SMTP id i1mr1691190qac.312.1308324325794; Fri,
 17 Jun 2011 08:25:25 -0700 (PDT)
Received: by 10.229.237.206 with HTTP; Fri, 17 Jun 2011 08:25:25 -0700 (PDT)
In-Reply-To: <BANLkTik5tPxnDLk5P65Mk2MrMrA-RDfSdA@mail.gmail.com>
References: <BANLkTi=G+=7YvYx2pboqfLJMVDKYbiFNCA@mail.gmail.com>
	<BANLkTik5tPxnDLk5P65Mk2MrMrA-RDfSdA@mail.gmail.com>
Date: Fri, 17 Jun 2011 16:25:25 +0100
Message-ID: <BANLkTimvgMvRS1OfTvU8KFTV7q6sa0j4cw@mail.gmail.com>
Subject: Re: Getting a LdapSchemaViolationException when modifying a
 prescriptiveAci on an administrativeSubEntry
From: Mike Adamson <mikeatdot@gmail.com>
To: Apache Directory Developers List <dev@directory.apache.org>
Content-Type: multipart/alternative; boundary=bcaec51a8c80b0a39204a5e9fe4d
X-Virus-Checked: Checked by ClamAV on apache.org

--bcaec51a8c80b0a39204a5e9fe4d
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I will raise one first thing on Monday, unfortunately I've been told I've
got to stop now and pack the car.

I have managed to work around this problem for the time being by using the
adminSession to set the acis but this isn't ideal because it loses the audit
trail.

MikeA

On 17 June 2011 16:14, Kiran Ayyagari <kayyagari@apache.org> wrote:

> Hi Mike, this seems to be a side effect of the recent changes done to the
> lookup() method, can you file a bug report in JIRA, thanks
>
> On 17-Jun-2011 7:48 PM, "Mike Adamson" <mikeatdot@gmail.com> wrote:
>
> Hi,
>
> I am attempting to replace a prescriptiveAci on a sub entry using:
>
> Entry subEntry = session.lookup(subEntryDn, "+");
> ModifyRequest modifyRequest = new
> ModifyRequestImpl().setName(subEntryDn).replace("prescriptiveAci", aci);
> session.modify(modifyRequest);
>
> but this always throws a LdapSchemaViolationException.
>
> I have done some debugging in the code and found that this is coming from
> the TupleCache.hasPrecriptiveAci method. It is thrown because this methods
> identifies the dn as an administrative sub entry but can't find the
> precriptiveAci on it. The root cause of this is this code at the bottom of
> the AciAuthorizationInterceptor.modify method:
>
>         Entry modifiedEntry = modifyContext.lookup( dn,
> ByPassConstants.LOOKUP_BYPASS );
>         tupleCache.subentryModified( dn, mods, modifiedEntry );
>
> This lookup does not return the operationalAttributes so will always fail
> when modifying an operationalAttribute.
>
> Is this by design? E.g. is it not possible to modify operationalAttributes
> in this way.
>
> Thanks,
>
> Mike Adamson
>
>
>

--bcaec51a8c80b0a39204a5e9fe4d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi,<br><br>I will raise one first thing on Monday, unfortunately I&#39;ve b=
een told I&#39;ve got to stop now and pack the car.<br><br>I have managed t=
o work around this problem for the time being by using the adminSession to =
set the acis but this isn&#39;t ideal because it loses the audit trail.<br>
<br>MikeA<br><br><div class=3D"gmail_quote">On 17 June 2011 16:14, Kiran Ay=
yagari <span dir=3D"ltr">&lt;<a href=3D"mailto:kayyagari@apache.org">kayyag=
ari@apache.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<p>Hi Mike, this seems to be a side effect of the recent changes done to th=
e lookup() method, can you file a bug report in JIRA, thanks</p><div><div><=
/div><div class=3D"h5">
<p></p><blockquote type=3D"cite">On 17-Jun-2011 7:48 PM, &quot;Mike Adamson=
&quot; &lt;<a href=3D"mailto:mikeatdot@gmail.com" target=3D"_blank">mikeatd=
ot@gmail.com</a>&gt; wrote:<br><br>Hi,<br><br>I am attempting to replace a =
prescriptiveAci on a sub entry using:<br>

<br>Entry subEntry =3D session.lookup(subEntryDn, &quot;+&quot;);<br>Modify=
Request modifyRequest =3D new ModifyRequestImpl().setName(subEntryDn).repla=
ce(&quot;prescriptiveAci&quot;, aci);<br>
session.modify(modifyRequest);<br><br>but this always throws a LdapSchemaVi=
olationException.<br><br>I have done some debugging in the code and found t=
hat this is coming from the TupleCache.hasPrecriptiveAci method. It is thro=
wn because this methods identifies the dn as an administrative sub entry bu=
t can&#39;t find the precriptiveAci on it. The root cause of this is this c=
ode at the bottom of the AciAuthorizationInterceptor.modify method:<br>


<br>=A0=A0=A0=A0=A0=A0=A0 Entry modifiedEntry =3D modifyContext.lookup( dn,=
 ByPassConstants.LOOKUP_BYPASS );<br>=A0=A0=A0=A0=A0=A0=A0 tupleCache.suben=
tryModified( dn, mods, modifiedEntry );<br><br>This lookup does not return =
the operationalAttributes so will always fail when modifying an operational=
Attribute.<br>


<br>Is this by design? E.g. is it not possible to modify operationalAttribu=
tes in this way.<br><br>Thanks,<br><font color=3D"#888888"><br>Mike Adamson=
<br><br><br>
</font></blockquote><p></p>
</div></div></blockquote></div><br>

--bcaec51a8c80b0a39204a5e9fe4d--