[
https://issues.apache.org/jira/browse/DIRSERVER-257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny updated DIRSERVER-257:
----------------------------------------
Component/s: (was: core)
adminRole
> [Access Control] Autonomous areas for AC must not overlap
> ---------------------------------------------------------
>
> Key: DIRSERVER-257
> URL: https://issues.apache.org/jira/browse/DIRSERVER-257
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: adminRole
> Affects Versions: 1.0.2, 1.5.0
> Reporter: Alex Karasulu
> Assignee: Alex Karasulu
> Priority: Trivial
> Fix For: 2.1.0
>
>
> Presently the subentry subsystem associates entries with all selecting
> subentries regardless of autonomous area demarcations. What this means is
> AAA's can overlap. When the AP of an accessControlSpecificArea is the
> decendent of the AP of another accessControlSpecificArea those areas should
> not intersect such that the subentries of the first area do not effect
> entries of the second area. This is not the case. The subentry subsystem
> associates entries with effecting subentires without checking to see if those
> subentries are in a different AAA in these configurations where an AAA is
> under another AAA.
> We need to track all AP of AAA's within the system. Before associating an
> entry with an AP's subentries checks should be made to determine under which
> AAA the entry resides. Only those subentries associated with that AAA should
> be associated with the entry.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
