On Mon, Aug 22, 2011 at 1:08 PM, Bas Vodde <[email protected]> wrote: > > Hi all, > > I wonder if anyone could help me with this. I've been debugging this for > quite a while and ran out of ideas. > > I set-up a ApacheDS and configured it. Everything works fine, no problems > so far. But then when I add access control, I run into some interesting > problems. I've changed the server.xml to turn access control on. I've used > ApacheDS to add the administrativeRole to our main entry in the partition. > After that, I created an accessControlSubentry with the prescriptionACI. All > works fine and the access control works! > > Except.... when I restart.When I do so, I found this in the error log: > > [09:30:44] WARN [org.apache.directory.server.core.authz.TupleCache] - Found > accessControlSubentry 'cn=oddesubentry, dc=odd-e,dc=com' without any > prescriptiveACI > > Though when I load via the admin user via Studio of via ldapsearch, I can > find it there. When I modify something in the entry (via Studio) or delete > it and re-add it via ldapdelete and ldapmodify -a then it works find again. > But then, when I restart, I get the same warning message. > > I checked the code and the warning seems to come from the initialize from > TupleCache and if it logs this then it will continue without adding the ACI > to the list, which would explain why it doesn't work with the warning. > However, I'm unclear why it can't find the prescriptiveACI entry on startup. > > We're using ApacheDS 1.5.7 > > There's a known bug with preserving ACI's across restarts in this version of the server. The bug has since been fixed. The 2.0-M2 release should address this concern.
-- Best Regards, -- Alex
