[
https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14514216#comment-14514216
]
Emmanuel Lecharny commented on FC-33:
-------------------------------------
I think that the very first ACL will block the read if the proxy is not a users
:
{code}
access to *
...
by users read
...
{code}
Also I think there is something wrong in the various {{access to dn.base=""}} :
My perception is that the only one will be used, and all the other ignored.
The way ACLs work in OpenLDAP is that the engine will try to apply each rule
from the top to the end, and as soon as one fits, it stops.
> AuditMgr.getUserAuthZ cannot pull back faileOnly
> ------------------------------------------------
>
> Key: FC-33
> URL: https://issues.apache.org/jira/browse/FC-33
> Project: FORTRESS
> Issue Type: Bug
> Affects Versions: 1.0.0-RC39
> Reporter: Shawn McKinney
> Fix For: 1.0.0
>
>
> This search filter:
> filter += "(" + REQASSERTION + "=" + GlobalIds.AUTH_Z_FAILED_VALUE + ")";
> in AuditDAO.getAllAuthZs does not work. It appears the reqAssertion
> attribute cannot be searched on within the auditCompare object class. Have
> tested with ldapbrowser and does not pull back entries. Will need to come up
> with a work around.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
