You could also disable the ACI subsystem if you're using your own ACI
subsystem.
Alex
On 5/23/07, Emmanuel Lecharny (JIRA) <[EMAIL PROTECTED]> wrote:
[
https://issues.apache.org/jira/browse/DIRSERVER-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12498144]
Emmanuel Lecharny commented on DIRSERVER-907:
---------------------------------------------
At least, some data would help (a ldif file)
If you get an infinite loop, then a jvm dump would help (kill -3 on the
JVM on linux, I don't know how to get it on windows)
> Overflowing the stack with ACI
> ------------------------------
>
> Key: DIRSERVER-907
> URL: https://issues.apache.org/jira/browse/DIRSERVER-907
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Linux, Java 6
> Reporter: Mark Swanson
> Priority: Minor
>
> Hello,
> I enabled ACI and ldapsearch now puts the server into an infinite loop:
> ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b
"dc=home2,dc=mark" -v -W "objectClass=*"
> org.apache.directory.server.core.interceptor.InterceptorException:
Unexpected exception. [Root exception is java.lang.StackOverflowError]
> at
org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException
(InterceptorChain.java:1510)
> at
org.apache.directory.server.core.interceptor.InterceptorChain.access$700(
InterceptorChain.java:52)
> at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName
(InterceptorChain.java:1106)
> at
org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName
(BaseInterceptor.java:116)
> at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName
(InterceptorChain.java:1098)
> at
org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName
(BaseInterceptor.java:116)
> at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName
(InterceptorChain.java:1098)
> Configured with this:
> dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
> changetype: add
> objectclass: top
> objectclass: subentry
> objectclass: accessControlSubentry
> cn: swAuthorizationRequirementsACISubentry
> subtreeSpecification: {}
> prescriptiveACI: {
> identificationTag "directoryManagerFullAccessACI",
> precedence 11,
> authenticationLevel simple,
> itemOrUserFirst userFirst:
> {
> userClasses
> {
> name { "uid=44,dc=home2,dc=mark" }
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials {
> grantAdd, grantDiscloseOnError, grantRead,
> grantRemove, grantBrowse, grantExport, grantImport,
> grantModify, grantRename, grantReturnDN,
> grantCompare, grantFilterMatch, grantInvoke
> }
> }
> }
> }
> }
> prescriptiveACI: {
> identificationTag "allUsersACI",
> precedence 10,
> authenticationLevel none,
> itemOrUserFirst userFirst:
> {
> userClasses {
> allUsers
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
> grantCompare, grantFilterMatch,
grantDiscloseOnError }
> },
> {
> protectedItems { attributeType { userPassword } },
> grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
> }
> }
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
