[
https://issues.apache.org/jira/browse/DIRSERVER-257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny updated DIRSERVER-257:
----------------------------------------
Issue Type: Improvement (was: Bug)
Fix Version/s: 2.1.0
(was: 2.0.0-RC1)
This is due to the fact we don't currently support Inner AP. All our AAA are
IAP in fact.
I don't think we can fix that for 2.0, I would rather do it for 2.1.
Note that it's a problem that can be worked around by adding a chopAfter
restriction, where the DN used on the chopAfter is the lower AP DN.
> [Access Control] Autonomous areas for AC must not overlap
> ---------------------------------------------------------
>
> Key: DIRSERVER-257
> URL: https://issues.apache.org/jira/browse/DIRSERVER-257
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: core
> Affects Versions: 1.5.0, 1.0.2
> Reporter: Alex Karasulu
> Assignee: Alex Karasulu
> Priority: Trivial
> Fix For: 2.1.0
>
>
> Presently the subentry subsystem associates entries with all selecting
> subentries regardless of autonomous area demarcations. What this means is
> AAA's can overlap. When the AP of an accessControlSpecificArea is the
> decendent of the AP of another accessControlSpecificArea those areas should
> not intersect such that the subentries of the first area do not effect
> entries of the second area. This is not the case. The subentry subsystem
> associates entries with effecting subentires without checking to see if those
> subentries are in a different AAA in these configurations where an AAA is
> under another AAA.
> We need to track all AP of AAA's within the system. Before associating an
> entry with an AP's subentries checks should be made to determine under which
> AAA the entry resides. Only those subentries associated with that AAA should
> be associated with the entry.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
