directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1966) Delete of ACI generates NPE
Date Wed, 26 Mar 2014 09:33:16 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13947726#comment-13947726
] 

Emmanuel Lecharny commented on DIRSERVER-1966:
----------------------------------------------

We check that the subtreeSpecification base is existing.

Now, I can't reproduce the NPE when I inject the two entries, as the second one can't be added
in my test. Are you sure you see it when you add it ?

> Delete of ACI generates NPE
> ---------------------------
>
>                 Key: DIRSERVER-1966
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1966
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M16
>         Environment: Studio 2.0.0.v20130628
>            Reporter: Pierre Smits
>
> I have created two ACI for a partition.
> The first ACI  has following content:
> dn: cn=orrtizACISubEntry,dc=orrtiz,dc=com
> objectClass: top
> objectClass: accessControlSubentry
> objectClass: subentry
> cn: orrtizACISubEntry
> prescriptiveACI: { identificationTag "directoryManagerFullAccessACI", preced
>  ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass
>  es { name { "cn=nl04748,ou=users,dc=orrtiz,dc=com" } }, userPermissions { {
>   protectedItems { allUserAttributeTypesAndValues, entry }, grantsAndDenials
>   { grantReturnDN, grantFilterMatch, grantBrowse, grantCompare, grantAdd, gr
>  antInvoke, grantModify, grantImport, grantDiscloseOnError, grantRename, gra
>  ntRemove, grantRead, grantExport } } } } }
> prescriptiveACI: { identificationTag "allUsersACI", precedence 10, authentic
>  ationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, use
>  rPermissions { { protectedItems { allUserAttributeTypesAndValues, entry }, 
>  grantsAndDenials { grantReturnDN, grantFilterMatch, grantBrowse, grantCompa
>  re, grantDiscloseOnError, grantRead } }, { protectedItems { attributeType {
>   userPassword } }, grantsAndDenials { denyRead, denyFilterMatch, denyCompar
>  e } } } } }
> subtreeSpecification: { }
> accessControlSubentries: 2.5.4.3=orrtizacisubentry,0.9.2342.19200300.100.1.2
>  5=orrtiz,0.9.2342.19200300.100.1.25=com
> createTimestamp: 20140325202223.905Z
> creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> entryCSN: 20140325202223.905000Z#000000#001#000000
> entryDN: cn=orrtizACISubEntry,dc=orrtiz,dc=com
> entryParentId: a22442b4-f41f-46bb-89d8-e567ed1a5800
> entryUUID:: ZWE0MTQxNTMtMzdjYS00NWU5LWE2ZTItODhkZTU2YTUzYzE2
> The second ACI has following content:
> dn: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> objectClass: top
> objectClass: accessControlSubentry
> objectClass: subentry
> cn: orrtizAuthReqACISubEntry
> prescriptiveACI: { identificationTag "directoryManagerFullAccessACI", preced
>  ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass
>  es { name { "cn=nl04748,ou=users,dc=orrtiz,dc=com" } }, userPermissions { {
>   protectedItems { allUserAttributeTypesAndValues, entry }, grantsAndDenials
>   { grantReturnDN, grantFilterMatch, grantBrowse, grantCompare, grantAdd, gr
>  antInvoke, grantModify, grantImport, grantDiscloseOnError, grantRename, gra
>  ntRemove, grantRead, grantExport } } } } }
> prescriptiveACI: { identificationTag "allUsersACI", precedence 10, authentic
>  ationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, use
>  rPermissions { { protectedItems { allUserAttributeTypesAndValues, entry }, 
>  grantsAndDenials { grantReturnDN, grantFilterMatch, grantBrowse, grantCompa
>  re, grantDiscloseOnError, grantRead } }, { protectedItems { attributeType {
>   userPassword } }, grantsAndDenials { denyRead, denyFilterMatch, denyCompar
>  e } } } } }
> subtreeSpecification: { base "dc=orrtiz,dc=com" }
> accessControlSubentries: 2.5.4.3=orrtizacisubentry,0.9.2342.19200300.100.1.2
>  5=orrtiz,0.9.2342.19200300.100.1.25=com
> createTimestamp: 20140325182443.296Z
> creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> entryCSN: 20140325200009.087000Z#000000#001#000000
> entryDN: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> entryParentId: a22442b4-f41f-46bb-89d8-e567ed1a5800
> entryUUID:: MWViMTQxMDktNzEzOC00NzFkLTlmYzEtZTgyMTM1NzI1ZDU1
> modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> modifyTimestamp: 20140325200009.087Z
> The difference between the two is the subtreeSpecifications whereby the first is {},
and the second { base "dc=orrtiz,dc=com" }
> Deleting the first ACI generates no problem. Deleting the second  ACI generates following
error:
> #!RESULT ERROR
> #!CONNECTION ldap://director.somonar.prd:389
> #!DATE 2014-03-25T20:38:04.044
> #!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : DEL_REQUEST Message ID
: 23     Del request         Entry : 'cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com' org.apache.directory.api.ldap.model.message.DeleteRequestImpl@90241f8:
null: java.lang.NullPointerException at org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:1043)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.operational.OperationalAttributeInterceptor.delete(OperationalAttributeInterceptor.java:462)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.exception.ExceptionInterceptor.delete(ExceptionInterceptor.java:207)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.admin.AdministrativePointInterceptor.delete(AdministrativePointInterceptor.java:1261)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor.delete(DefaultAuthorizationInterceptor.java:172)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.authz.AciAuthorizationInterceptor.delete(AciAuthorizationInterceptor.java:678)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.referral.ReferralInterceptor.delete(ReferralInterceptor.java:288)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.authn.AuthenticationInterceptor.delete(AuthenticationInterceptor.java:749)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.normalization.NormalizationInterceptor.delete(NormalizationInterceptor.java:174)
at org.apache.directory.server.core.DefaultOperationManager.delete(DefaultOperationManager.java:641)
at org.apache.directory.server.core.shared.DefaultCoreSession.delete(DefaultCoreSession.java:923)
at org.apache.directory.server.core.shared.DefaultCoreSession.delete(DefaultCoreSession.java:906)
at org.apache.directory.server.ldap.handlers.request.DeleteRequestHandler.handle(DeleteRequestHandler.java:55)
at org.apache.directory.server.ldap.handlers.request.DeleteRequestHandler.handle(DeleteRequestHandler.java:39)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Thread.java:662) ]
> dn: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> changetype: delete
> I did this with uid=admin,ou=system.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message