Trustin,
Within the o.a.l.s.authz.support package nothing checks to see if the
"attributeValue" field in a protectedItem is adhered too. For this
reason permission checks are failing. Let me give you an example that I
have in a testcase:
I have the following ACIItem:
{
identificationTag "searchAci"
precedence 14
authenticationLevel none,
itemOrUserFirst userFirst:
{
userClasses { allUsers },
userPermissions
{
{
protectedItems {entry, attributeType { ou }, allAttributeValues
{ objectClass }, attributeValue { ou=0, ou=1, ou=2 } }, grantsAndDenials
{ grantRead, grantReturnDN, grantBrowse } }
}
}
}
This should only allow the return of ou values that are "0", "1" and "2"
and not allow the return of other ou values in a search. However it's
not doing that. Nothing in the support pkg seems to test to see if the
value is equal to any of these values.
Could you advise on what's happening?
Alex
