directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er" <ersin...@gmail.com>
Subject Re: Unable to make ACI to work
Date Mon, 16 Jun 2008 04:33:24 GMT
Hi,

You may need to add white spaces before and after some curly braces.

HTH,

Ersin Er
http://www.ersin-er.name

On Sun, Jun 15, 2008 at 22:35, Andreas Kyrmegalos <andreask1@vivodinet.gr>
wrote:

> Hello again,
>  this is what gets logged when the aci related subentry is created:
>
> [22:07:09] ERROR [org.apache.directory.server.core.authz.TupleCache] -
> ACIItem parser failure on
> 'null'
> due to syntax error. Cannnot add ACITuples to TupleCache.
> Check that the syntax of the ACI item is correct.
> Until this error is fixed your security settings will not be as expected.
> java.text.ParseException: Parser failure on ACIItem:
>   {
>  identificationTag "directoryManagerFullAccessACI",
>  precedence 11,
>  authenticationLevel simple,
>  itemOrUserFirst userFirst:
>  {
>   userClasses{name{"uid=testme,ou=people,o=testpar"}},
>   userPermissions
>   {
>     {
>       protectedItems{entry},
>
> grantsAndDenials{grantAdd,grantDiscloseOnError,grantRead,grantRemove,grantBrowse,grantExport,grantImport,grantModify,grantRename,grantReturnDN}
>     },
>     {
>       protectedItems{allUserAttributeTypesAndValues},
>
> grantsAndDenials{grantAdd,grantDiscloseOnError,grantRead,grantRemove,grantCompare,grantFilterMatch,grantInvoke}
>     }
>   }
>  }
> }
> Antlr exception trace:
> unexpected token: {
>   at
> org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)
>   at
> org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)
>   at
> org.apache.directory.server.core.authz.AuthorizationService.add(AuthorizationService.java:383)
>   at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
>   at
> org.apache.directory.server.core.referral.ReferralService.add(ReferralService.java:329)
>   at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
>   at
> org.apache.directory.server.core.authn.AuthenticationService.add(AuthenticationService.java:197)
>   at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
>   at
> org.apache.directory.server.core.normalization.NormalizationService.add(NormalizationService.java:103)
>   at
> org.apache.directory.server.core.interceptor.InterceptorChain.add(InterceptorChain.java:706)
>   at
> org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:325)
>   at
> org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:313)
>   at
> org.apache.directory.server.core.jndi.ServerDirContext.createSubcontext(ServerDirContext.java:409)
>   at javax.naming.directory.InitialDirContext.createSubcontext(Unknown
> Source)
>   at
> org.apache.directory.server.ldap.support.AddHandler.messageReceived(AddHandler.java:82)
>   at
> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:144)
>   at
> org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(LdapProtocolProvider.java:403)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>   at
> org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60)
>   at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:190)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>   at
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>   at
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>   at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>   at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>   at java.lang.Thread.run(Unknown Source)
> [22:07:09] ERROR [org.apache.directory.server.core.authz.TupleCache] -
> ACIItem parser failure on
> 'null'
> due to syntax error. Cannnot add ACITuples to TupleCache.
> Check that the syntax of the ACI item is correct.
> Until this error is fixed your security settings will not be as expected.
> java.text.ParseException: Parser failure on ACIItem:
>   {
>  identificationTag "allUsersACI",
>  precedence 10,
>  authenticationLevel none,
>  itemOrUserFirst userFirst:
>  {
>   userClasses{allUsers},
>   userPermissions
>   {
>     {
>       protectedItems{entry},
>
> grantsAndDenials{grantDiscloseOnError,grantRead,grantBrowse,grantReturnDN}
>     },
>     {
>       protectedItems{allUserAttributeTypesAndValues},
>
> grantsAndDenials{grantDiscloseOnError,grantRead,grantCompare,grantFilterMatch}
>     },
>     {
>       protectedItems{attributeType{userPassword}},
>       grantsAndDenials{denyRead,denyCompare,denyFilterMatch}
>     },
>     {
>       protectedItems{attributeValue{superUser}},
>       grantsAndDenials{denyRead,denyCompare,denyFilterMatch}
>     }
>   }
>  }
> }
> Antlr exception trace:
> unexpected token: {
>   at
> org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)
>   at
> org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)
>   at
> org.apache.directory.server.core.authz.AuthorizationService.add(AuthorizationService.java:383)
>   at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
>   at
> org.apache.directory.server.core.referral.ReferralService.add(ReferralService.java:329)
>   at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
>   at
> org.apache.directory.server.core.authn.AuthenticationService.add(AuthenticationService.java:197)
>   at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
>   at
> org.apache.directory.server.core.normalization.NormalizationService.add(NormalizationService.java:103)
>   at
> org.apache.directory.server.core.interceptor.InterceptorChain.add(InterceptorChain.java:706)
>   at
> org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:325)
>   at
> org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:313)
>   at
> org.apache.directory.server.core.jndi.ServerDirContext.createSubcontext(ServerDirContext.java:409)
>   at javax.naming.directory.InitialDirContext.createSubcontext(Unknown
> Source)
>   at
> org.apache.directory.server.ldap.support.AddHandler.messageReceived(AddHandler.java:82)
>   at
> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:144)
>   at
> org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(LdapProtocolProvider.java:403)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>   at
> org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60)
>   at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:190)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>   at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>   at
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>   at
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>   at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>   at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>   at java.lang.Thread.run(Unknown Source)
>
>
> Hope it helps to shed some light on the matter.
>
> Andreas
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message