[
https://issues.apache.org/jira/browse/DIRSERVER-884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12490144
]
Emmanuel Lecharny commented on DIRSERVER-884:
---------------------------------------------
Interesting, Alex,
It would worth it to test this code with 1.5, where the syntaxCheckers are
active, just to check if we are not having an infinite loop.
> Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry
> -------------------------------------------------------------------------
>
> Key: DIRSERVER-884
> URL: https://issues.apache.org/jira/browse/DIRSERVER-884
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 1.0.1, 1.5.0
> Environment: Confirmed on Windows XP and Mac OSX 10.4.8
> Reporter: Timothy Quinn
> Assigned To: Alex Karasulu
> Priority: Critical
> Fix For: 1.5.1, 1.0.2
>
>
> :: Summary ::
> ApacheDS server fails to start when a Access Control Subentry exists that
> contains a malformed prescriptiveACI. Just by simply removing a single brace
> from the ACI, the server startup fails on validation of the entry.
> :: Steps To Reproduce ::
> 1) Installed fresh version of ApacheDS (ok)
> 2) Started Server (ok)
> 3) Connected to server using LDAP Studio (ok)
> 4) Added administrativeRole attribute to entry (ok)
> 5) Added a good ACI Entry (copied from working sever - ok)
> 6) Removed a curly brace from the prescriptiveaci attribute (ok)
> 7) Stopped and restarted server (barf)
> ... Server barfed out the error and server fails to start!:
> ~err_snip~
> TupleCache.subentryAdded - ACIItem parser failure on 'null'. Cannnot add
> ACITuples to TupleCache.
> java.text.ParseException: Parser failure on ACIItem:
> {
> identificationTag "enableSearchForAllUsers",
> precedence 14,
> .... ~skipping aci details for lack of relevance to issue~ ...
> }
> Antlr exception trace:
> unexpected token: name
> at
> org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)
> at
> org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)
> at org.apache.directory.server.core.authz.TupleCache.initialize
> (TupleCache.java:139)
> at
> org.apache.directory.server.core.authz.TupleCache.<init>(TupleCache.java:101)
> ~/err_snip~
> 8) Try turning off accessControlEnabled flag in config.xml (ok)
> 9) Try Starting the server (barf)
> ... This is the most intuitive step to fix it but did not help.
> ... Server will still not start up!
> :: Workaround Steps ::
> 1) Comment out Authorization bean entry in server.xml (ok)
> 2) Restarted server (ok (whew!))
> 3) Connect to and fix bad ACI Entry using LDAP Studio (ok)
> 4) Stop the server (ok)
> 5) Remove Comment of Authorization bean entry in server.xml (ok)
> 6) Restarted server (ok)
> ... YeeeHaaa - Server started without any problems =)
> Notes:
> - See ApacheDS March 2007 Users mailing list thread titled "[ApacheDS
> Authorization] HELP - Server will no longer start"
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
