Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 37388 invoked from network); 25 Mar 2007 23:26:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Mar 2007 23:26:23 -0000 Received: (qmail 61829 invoked by uid 500); 25 Mar 2007 23:26:30 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 61810 invoked by uid 500); 25 Mar 2007 23:26:30 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 61799 invoked by uid 99); 25 Mar 2007 23:26:30 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 25 Mar 2007 16:26:30 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of akarasulu@gmail.com designates 66.249.82.232 as permitted sender) Received: from [66.249.82.232] (HELO wx-out-0506.google.com) (66.249.82.232) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 25 Mar 2007 16:26:22 -0700 Received: by wx-out-0506.google.com with SMTP id h31so1939495wxd for ; Sun, 25 Mar 2007 16:26:01 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=PqL/8+HCEi+7uUqu/h/a9L0aNMEwydjtbxYUfoLahWLxG2LB7LLPr16w9BK6FXx58HfiLKN776F+ypob8M+pPaIG9cXLBHUvVNWDLc2ZkjjbcGZlMvtEErQnHbewUWcuiSl9JN0NRiK6Kb5OYzy2NFJVTH3h7agG0A576VCkcEo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=dQgffe94cNMaZQGCXCGEO2iA2bONukt7fUOW/XZSj0WYGcodSvJguRt3lCb2gRAb7pcO6bOR1vhLoy78W1714jof+BJlf21QtApp7nLdrW8suLFwQtACP2ZPK87qfmlGvfZvDBjmLlyfTv/Wvld/tEQ/JLThs4D8Wp5BLgAmClM= Received: by 10.70.29.14 with SMTP id c14mr9553390wxc.1174865160887; Sun, 25 Mar 2007 16:26:00 -0700 (PDT) Received: by 10.70.78.18 with HTTP; Sun, 25 Mar 2007 16:26:00 -0700 (PDT) Message-ID: Date: Sun, 25 Mar 2007 19:26:00 -0400 From: "Alex Karasulu" Sender: akarasulu@gmail.com To: users@directory.apache.org Subject: Re: [ApacheDS Authorization] HELP - Server will no longer start In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_105807_22120572.1174865160820" References: X-Google-Sender-Auth: 847e6f5f4e7356a1 X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_105807_22120572.1174865160820 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline The interceptor's tuple case may still be initialized even though the interceptor is really not doing any work. The problem is perhaps due to it's encountering a bad ACIITem and blowing chunks. Alex On 3/24/07, Ersin Er wrote: > > On 3/24/07, Tim Quinn wrote: > > > > > > > > As it's currently implemented if accessControlEnabled is set to false > > > authz.AuthorizationService does not make any authorization operations > > and > > > just bypasses the requests (and responses). So you rproblem may be > > related > > > to something different. > > > > > > > > > I just verified again. By removing just the last close curly brace, the > > start fails with the following > > > > ~snip~ > > 2007-03-23 18:12:13,062 [Thread-0] WARN 191 TupleCache.subentryAdded - > > ACIItem parser failure on 'null'. Cannnot add ACITuples to TupleCache. > > java.text.ParseException: Parser failure on ACIItem: > > { > > identificationTag "enableSearchForADSGenReader_ACI", > > precedence 10, > > authenticationLevel none, > > itemOrUserFirst userFirst: > > { > > userClasses > > { > > name { "uid=ADSGenReader,ou=admin,ou=system" } > > }, > > userPermissions > > { > > { > > protectedItems { entry, allUserAttributeTypesAndValues }, > > grantsAndDenials { grantRead, grantBrowse, grantReturnDN, > > grantCompare, grantFilterMatch, > > grantDiscloseOnError } > > }, > > { > > protectedItems { attributeType { userPassword } }, > > grantsAndDenials { denyRead, denyCompare, denyFilterMatch } > > } > > } > > } > > Antlr exception trace: > > expecting CLOSE_CURLY, found 'null' > > at org.apache.directory.shared.ldap.aci.ACIItemParser.parse( > > ACIItemParser.java:128) > > at > org.apache.directory.server.core.authz.TupleCache.subentryAdded > > ( > > TupleCache.java:186) > > ~/snip~ > > > > This error shows up and the server fails to start regardless of the > > accessControlEnabled setting in config.xml. > > > > If you want, I can build up a test case on a OOTB fresh installation to > > make > > sure that it is not related to some of my own jars. > > > Test cases are always greatly appreciated :-) > > ..TQ > > > > > > -- > Ersin > ------=_Part_105807_22120572.1174865160820--