[jira] [Commented] (FC-33) AuditMgr.getUserAuthZ cannot pull back faileOnly

Mon, 27 Apr 2015 07:37:16 -0700 

    [ 
https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14514205#comment-14514205
 ] 

Emmanuel Lecharny commented on FC-33:
-------------------------------------

(moving Shawn's comments into this JIRA) :

Yes, ACL’s could be the problem.  I’m still learning how docker works and must 
admit that I don’t know how to navigate inside the container to find the 
settings.

Below are the ACL’s that typically would be set on openldap for fortress.  
Nothing much going on there.  Once I figure out how to look inside the fishbowl 
I’ll report back here.

{code}
### ACLs
access to dn="" by * read
access to *
        by self write
        by users read
        by anonymous auth
        by sockurl="^ldapi:///$" write

### This one allows user to modify their own password (needed for pw policies):
### This also allows user to modify their own ftmod attributes (needed for 
audit):
access to attrs=userpassword
         by self write
         by * auth

### Must allow access to dn.base to read supported features on this directory:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
        by self write
        by anonymous auth

### Disable null base search of rootDSE
### This disables auto-discovery capabilities of clients.
# Changed -> access to dn.base="" by * read <- to the following:
access to dn.base=""
     by * none
password-hash {SSHA}
{code}

> AuditMgr.getUserAuthZ cannot pull back faileOnly
> ------------------------------------------------
>
>                 Key: FC-33
>                 URL: https://issues.apache.org/jira/browse/FC-33
>             Project: FORTRESS
>          Issue Type: Bug
>    Affects Versions: 1.0.0-RC39
>            Reporter: Shawn McKinney
>             Fix For: 1.0.0
>
>
> This search filter:
> filter += "(" + REQASSERTION + "=" + GlobalIds.AUTH_Z_FAILED_VALUE + ")";
> in AuditDAO.getAllAuthZs does not work.  It appears the reqAssertion 
> attribute cannot be searched on within the auditCompare object class.  Have 
> tested with ldapbrowser and does not pull back entries.  Will need to come up 
> with a work around.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to