directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurent Gauthier <lgauth...@modulusdata.com>
Subject Basic authorization example broken in 2.0.0-M23?
Date Mon, 03 Oct 2016 20:07:33 GMT
I followed the instructions in section  3.2 - Basic authorization on a 
ApachedDS 2.0.0-M23 installation and although the configuration appears 
to be identical to the documented one,  I am not able to obtain the 
expected result.

For example, using "uid=admin,ou=system"  yields the following:
****
**
$ ldapsearch -h apacheds -p 10389 -D "uid=admin,ou=system" -w secret -b 
"o=sevenSeas" -s sub "(objectclass=person)" uid userPassword
# extended LDIF
#
# LDAPv3
# base <o=sevenSeas> with scope subtree
# filter: (objectclass=person)
# requesting: uid userPassword
#

# Thomas Masterman Hardy, people, sevenseas
dn: cn=Thomas Masterman Hardy,ou=people,o=sevenseas
userpassword:: e1NIQX1uVTRlSTcxYmNuQkdxZU8wdDl0WHZZMXU1b1E9
uid: thardy

...etc..

# search result
search: 2
result: 0 Success

# numResponses: 12
# numEntries: 11


While, if I use "cn=Horatio Nelson,ou=people,o=sevenSeas", I get an 
emtpy result:

$ ldapsearch -h apacheds -p 10389 -D "cn=Horatio 
Nelson,ou=people,o=sevenSeas" -w pass  -b "o=sevenSeas" -s sub 
"(objectclass=person)" uid userPassword
# extended LDIF
#
# LDAPv3
# base <o=sevenSeas> with scope subtree
# filter: (objectclass=person)
# requesting: uid userPassword
#


# search result
search: 2
result: 0 Success

# numResponses: 1


Having turned on debugging in the logging configuration, I can see that 
both commands actually retrieve identical search results but in the 
second case, it appears the result is filtered out possibly by the 
org.apache.directory.server.core.authz.AciAuthorizationInterceptor.AuthorizationFilter. 


As fas as I can tell, my configuration is exactly as specified in the 
documentation and I am not seeing any kind of error message in the logs 
or elesewhere.

Anybody with any idea about where the problem may lie?

/Laurent



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message