ACI Example deleteAci apparently wrong in web documents
-------------------------------------------------------
Key: DIRSERVER-1014
URL: https://issues.apache.org/jira/browse/DIRSERVER-1014
Project: Directory ApacheDS
Issue Type: Bug
Components: doc
Affects Versions: 1.0.2
Environment: Web documentation
Reporter: Wayne Johnson
Page http://directory.apache.org/apacheds/1.0/userclasses.html has an example
for "Combining Multiple UserClass Specification Mechanisms". The example shows
the syntax:
userClasses
{
thisEntry,
name { "uid=jbean,ou=users,ou=system" },
name { "uid=jdoe,ou=users,ou=system" },
userGroup { "cn=Administrators,ou=groups,ou=system" }
},
I've found that this doesn't work. What appears to work (from my code) is:
userClasses {
name { "cn=SA,ou=users,dc=mqsoftware,dc=com",
"cn=fred,ou=users,dc=mqsoftware,dc=com" }
},
The when using the documented syntax, I get the following in the log:
[12:43:10] ERROR [org.apache.directory.server.core.authz.TupleCache] - ACIItem
parser failure on
'null'
due to syntax error. Cannnot add ACITuples to TupleCache.
Check that the syntax of the ACI item is correct.
Until this error is fixed your security settings will not be as expected.
java.text.ParseException: Parser failure on ACIItem:
{ identificationTag "userAdminPermissions", precedence 16,
authenticationLevel simple, itemOrUserFirst userFirst: { userClasses {
name { "cn=SA,ou=users,dc=mqsoftware,dc=com" }, name {
"cn=fred,ou=users,dc=mqsoftware,dc=com" } }, userPermissions { {
protectedItems { entry, allUserAttributeTypesAndValues },
grantsAndDenials { grantAdd, grantDiscloseOnError, grantRead,
grantRemove, grantBrowse, grantExport, grantImport, grantModify,
grantRename, grantReturnDN, grantCompare, grantFilterMatch,
grantInvoke } } } } }
Antlr exception trace:
User Classes cannot be duplicated. Adding duplicate keys is not permitted.
at
org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)
at
org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)
at
org.apache.directory.server.core.authz.AuthorizationService.add(AuthorizationService.java:383)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
at
org.apache.directory.server.core.referral.ReferralService.add(ReferralService.java:329)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
at
org.apache.directory.server.core.authn.AuthenticationService.add(AuthenticationService.java:197)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
at
org.apache.directory.server.core.normalization.NormalizationService.add(NormalizationService.java:103)
at
org.apache.directory.server.core.interceptor.InterceptorChain.add(InterceptorChain.java:706)
at
org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:325)
at
org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:313)
at
org.apache.directory.server.core.jndi.ServerDirContext.createSubcontext(ServerDirContext.java:409)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
