[
https://issues.apache.org/jira/browse/DIRSERVER-1014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ersin Er resolved DIRSERVER-1014.
---------------------------------
Resolution: Fixed
Assignee: Ersin Er
Fixed. Combined "name" user classes into a single one.
> ACI Example deleteAci apparently wrong in web documents
> -------------------------------------------------------
>
> Key: DIRSERVER-1014
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1014
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: doc
> Affects Versions: 1.0.2
> Environment: Web documentation
> Reporter: Wayne Johnson
> Assignee: Ersin Er
>
> Page http://directory.apache.org/apacheds/1.0/userclasses.html has an example
> for "Combining Multiple UserClass Specification Mechanisms". The example
> shows the syntax:
> userClasses
> {
> thisEntry,
> name { "uid=jbean,ou=users,ou=system" },
> name { "uid=jdoe,ou=users,ou=system" },
> userGroup { "cn=Administrators,ou=groups,ou=system" }
> },
> I've found that this doesn't work. What appears to work (from my code) is:
> userClasses {
> name { "cn=SA,ou=users,dc=mqsoftware,dc=com",
> "cn=fred,ou=users,dc=mqsoftware,dc=com" }
> },
> The when using the documented syntax, I get the following in the log:
> [12:43:10] ERROR [org.apache.directory.server.core.authz.TupleCache] -
> ACIItem parser failure on
> 'null'
> due to syntax error. Cannnot add ACITuples to TupleCache.
> Check that the syntax of the ACI item is correct.
> Until this error is fixed your security settings will not be as expected.
> java.text.ParseException: Parser failure on ACIItem:
> { identificationTag "userAdminPermissions", precedence 16,
> authenticationLevel simple, itemOrUserFirst userFirst: { userClasses {
> name { "cn=SA,ou=users,dc=mqsoftware,dc=com" }, name {
> "cn=fred,ou=users,dc=mqsoftware,dc=com" } }, userPermissions { {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials { grantAdd, grantDiscloseOnError, grantRead,
> grantRemove, grantBrowse, grantExport, grantImport, grantModify,
> grantRename, grantReturnDN, grantCompare, grantFilterMatch,
> grantInvoke } } } } }
> Antlr exception trace:
> User Classes cannot be duplicated. Adding duplicate keys is not permitted.
> at
> org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)
> at
> org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)
> at
> org.apache.directory.server.core.authz.AuthorizationService.add(AuthorizationService.java:383)
> at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
> at
> org.apache.directory.server.core.referral.ReferralService.add(ReferralService.java:329)
> at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
> at
> org.apache.directory.server.core.authn.AuthenticationService.add(AuthenticationService.java:197)
> at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
> at
> org.apache.directory.server.core.normalization.NormalizationService.add(NormalizationService.java:103)
> at
> org.apache.directory.server.core.interceptor.InterceptorChain.add(InterceptorChain.java:706)
> at
> org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:325)
> at
> org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:313)
> at
> org.apache.directory.server.core.jndi.ServerDirContext.createSubcontext(ServerDirContext.java:409)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
