[jira] [Updated] (DIRSERVER-1947) maxValueCount not working correctly

Thu, 27 Jun 2019 23:35:14 -0700 


     [ 
https://issues.apache.org/jira/browse/DIRSERVER-1947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRSERVER-1947:
-----------------------------------------
    Component/s:     (was: ldap)
                 aci

> maxValueCount not working correctly
> -----------------------------------
>
>                 Key: DIRSERVER-1947
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1947
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: aci
>    Affects Versions: 2.0.0-M15
>         Environment: Server environment:
> Oracle JDK 1.7u45
> ApacheDS 2.0.0-M15
> Debian 7.3, AMD64
> Client environment:
> Apache Directory Studio 2.0.0.v20130628
> Oracle JDK 1.7u45
> OS X 10.9.1
>            Reporter: Michael Przybylski
>            Priority: Major
>
> I’ve been teaching myself how to use Apache Directory Server’s access control 
> subsystem.
> Before getting too cute, I figured I’d try out the recipes here:
> http://directory.apache.org/apacheds/advanced-ug/4.2.7-using-acis-trail.html
> Both work as advertised, but as I’ve been reading more, some have suggested 
> refining…
> http://directory.apache.org/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html
> …to use maxValueCount to prevent (someone claiming to be) the user from 
> inserting multiple userPassword values.  However, as soon as I put 
> maxValueCount in any protectedItems clause of my prescriptiveACI, all of my 
> unprivileged user’s attributes become invisible to him.
> If I weren’t such a n00b, I’d think this was a bug.
> Here is the prescriptiveACI that I think should work:
> {
>    identificationTag "userSelfModifyPassword",
>    precedence 0,
>    authenticationLevel none,
>    itemOrUserFirst userFirst: 
>    {
>        userClasses { thisEntry },
>        userPermissions 
>        {
>            {
>                protectedItems 
>                {
>                    maxValueCount 
>                    {
>                        { type userPassword, maxCount 1 }
>                    }
>                    ,
>                    allAttributeValues { userPassword } 
>                }
>                ,
>                grantsAndDenials { grantAdd, grantRemove } 
>            }
>            ,
>            {
>                protectedItems { entry },
>                grantsAndDenials 
>                {
>                    grantRead,
>                    grantBrowse,
>                    grantModify 
>                }
>            }
>        }
>    }
> }
> Kiran Ayyagari ( [email protected] ) was able to reproduce and asked me to 
> file this bug.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to