allAttributeValues protected item is not handled correctly by the Authorization
subsystem in Modify operations
--------------------------------------------------------------------------------------------------------------
Key: DIRSERVER-989
URL: https://issues.apache.org/jira/browse/DIRSERVER-989
Project: Directory ApacheDS
Issue Type: Bug
Components: core
Affects Versions: 1.5.0, 1.0.2
Reporter: Ersin Er
Fix For: 1.5.1, 1.0.3
allAttributeValues protectedItem only applies to attribute values, not
attribute types. So if grantAdd is permitted only for allAttributeValue, only a
new value to an existing attribute can be added. To create a new attribute with
an initial value, grantAdd permission is needed for both the attribute type and
the value. This can be achieved with several combinations like
{attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues},
{allAttributeTypes, attributeValues}, {allUserAttributeValuesAndTypes}. The
same approach applies to modifications including deletes.
The explanations here are based on the Security chapter of the X.500 spec and
and the related chapter in the X.500 book by Chadwick.
To comply with this approach, modify operations should be handled with more
granularity in the AuthorizationService and some existing unit tests need to be
updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
