directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Przybylski (JIRA)" <>
Subject [jira] [Created] (DIRSERVER-1947) maxValueCount not working correctly
Date Mon, 06 Jan 2014 05:42:50 GMT
Michael Przybylski created DIRSERVER-1947:

             Summary: maxValueCount not working correctly
                 Key: DIRSERVER-1947
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: ldap
    Affects Versions: 2.0.0-M15
         Environment: Server environment:
Oracle JDK 1.7u45
ApacheDS 2.0.0-M15
Debian 7.3, AMD64

Client environment:
Apache Directory Studio 2.0.0.v20130628
Oracle JDK 1.7u45
OS X 10.9.1
            Reporter: Michael Przybylski

I’ve been teaching myself how to use Apache Directory Server’s access control subsystem.

Before getting too cute, I figured I’d try out the recipes here:

Both work as advertised, but as I’ve been reading more, some have suggested refining…

…to use maxValueCount to prevent (someone claiming to be) the user from inserting multiple
userPassword values.  However, as soon as I put maxValueCount in any protectedItems clause
of my prescriptiveACI, all of my unprivileged user’s attributes become invisible to him.

If I weren’t such a n00b, I’d think this was a bug.

Here is the prescriptiveACI that I think should work:

   identificationTag "userSelfModifyPassword",
   precedence 0,
   authenticationLevel none,
   itemOrUserFirst userFirst: 
       userClasses { thisEntry },
                       { type userPassword, maxCount 1 }
                   allAttributeValues { userPassword } 
               grantsAndDenials { grantAdd, grantRemove } 
               protectedItems { entry },

Kiran Ayyagari ( ) was able to reproduce and asked me to file this bug.

This message was sent by Atlassian JIRA

View raw message