directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] [Commented] (FC-33) AuditMgr.getUserAuthZ cannot pull back faileOnly
Date Mon, 27 Apr 2015 14:39:39 GMT


Emmanuel Lecharny commented on FC-33:

I think that the very first ACL will block the read if the proxy is not a users :

access to *
	by users read

Also I think there is something wrong in the various {{access to dn.base=""}} : My perception
is that the only one will be used, and all the other ignored.

The way ACLs work in OpenLDAP is that the engine will try to apply each rule from the top
to the end, and as soon as one fits, it stops.

> AuditMgr.getUserAuthZ cannot pull back faileOnly
> ------------------------------------------------
>                 Key: FC-33
>                 URL:
>             Project: FORTRESS
>          Issue Type: Bug
>    Affects Versions: 1.0.0-RC39
>            Reporter: Shawn McKinney
>             Fix For: 1.0.0
> This search filter:
> filter += "(" + REQASSERTION + "=" + GlobalIds.AUTH_Z_FAILED_VALUE + ")";
> in AuditDAO.getAllAuthZs does not work.  It appears the reqAssertion attribute cannot
be searched on within the auditCompare object class.  Have tested with ldapbrowser and does
not pull back entries.  Will need to come up with a work around.

This message was sent by Atlassian JIRA

View raw message