You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Mark Swanson <ma...@ScheduleWorld.com> on 2007/04/18 21:07:39 UTC
Overflowing the stack with ACI
Hello,
I enabled ACI and ldapsearch now puts the server into an infinite loop:
ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b
"dc=home2,dc=mark" -v -W "objectClass=*"
org.apache.directory.server.core.interceptor.InterceptorException:
Unexpected exception. [Root exception is java.lang.StackOverflowError]
at
org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510)
at
org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106)
at
org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
at
org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
Configured with this:
dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
changetype: add
objectclass: top
objectclass: subentry
objectclass: accessControlSubentry
cn: swAuthorizationRequirementsACISubentry
subtreeSpecification: {}
prescriptiveACI: {
identificationTag "directoryManagerFullAccessACI",
precedence 11,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses
{
name { "uid=44,dc=home2,dc=mark" }
},
userPermissions {
{
protectedItems { entry, allUserAttributeTypesAndValues },
grantsAndDenials {
grantAdd, grantDiscloseOnError, grantRead,
grantRemove, grantBrowse, grantExport, grantImport,
grantModify, grantRename, grantReturnDN,
grantCompare, grantFilterMatch, grantInvoke
}
}
}
}
}
prescriptiveACI: {
identificationTag "allUsersACI",
precedence 10,
authenticationLevel none,
itemOrUserFirst userFirst:
{
userClasses {
allUsers
},
userPermissions {
{
protectedItems { entry, allUserAttributeTypesAndValues },
grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
grantCompare, grantFilterMatch,
grantDiscloseOnError }
},
{
protectedItems { attributeType { userPassword } },
grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
}
}
}
}
Should I log this as a bug or is my config causing this?
Cheers.
--
http://www.ScheduleWorld.com/
Free Google Calendar synchronization with Outlook, Evolution,
cell phones, BlackBerry, PalmOS, Exchange, Mozilla, Thunderbird,
Pocket PC/Windows Mobile. Also sync tasks, notes and contacts!
WebDAV, vfreebusy, RSS, LDAP, iCalendar, iTIP, iMIP support.
Re: Overflowing the stack with ACI
Posted by Mark Swanson <ma...@ScheduleWorld.com>.
Emmanuel Lecharny wrote:
> Mark Swanson a écrit :
>
> Hi Mark,
>
> feel free to open an issue, with the log, the ACI, so that we will not
> forget to fix it.
>
> If it's not a bug (not likely :), no problem : we can close the JIRA
> immediatly.
It is done. Sorry for the delay.
OT: Whoa... creating my own partition was unexpectedly difficult if you
also want searching/filters to work well. I totally understand why this
has been put off.
Cheers.
--
http://www.ScheduleWorld.com/
Free Google Calendar synchronization with Outlook, Evolution,
cell phones, BlackBerry, PalmOS, Exchange, Mozilla, Thunderbird,
Pocket PC/Windows Mobile. Also sync tasks, notes and contacts!
WebDAV, vfreebusy, RSS, LDAP, iCalendar, iTIP, iMIP support.
Re: Overflowing the stack with ACI
Posted by Emmanuel Lecharny <el...@gmail.com>.
Mark Swanson a écrit :
Hi Mark,
feel free to open an issue, with the log, the ACI, so that we will not
forget to fix it.
If it's not a bug (not likely :), no problem : we can close the JIRA
immediatly.
Thanks !
> Hello,
>
> I enabled ACI and ldapsearch now puts the server into an infinite loop:
>
> ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b
> "dc=home2,dc=mark" -v -W "objectClass=*"
>
> org.apache.directory.server.core.interceptor.InterceptorException:
> Unexpected exception. [Root exception is java.lang.StackOverflowError]
> at
> org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510)
>
> at
> org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52)
>
> at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106)
>
> at
> org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
>
> at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
>
> at
> org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
>
> at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
>
>
> Configured with this:
>
> dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
> changetype: add
> objectclass: top
> objectclass: subentry
> objectclass: accessControlSubentry
> cn: swAuthorizationRequirementsACISubentry
> subtreeSpecification: {}
> prescriptiveACI: {
> identificationTag "directoryManagerFullAccessACI",
> precedence 11,
> authenticationLevel simple,
> itemOrUserFirst userFirst:
> {
> userClasses
> {
> name { "uid=44,dc=home2,dc=mark" }
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials {
> grantAdd, grantDiscloseOnError, grantRead,
> grantRemove, grantBrowse, grantExport, grantImport,
> grantModify, grantRename, grantReturnDN,
> grantCompare, grantFilterMatch, grantInvoke
> }
> }
> }
> }
> }
> prescriptiveACI: {
> identificationTag "allUsersACI",
> precedence 10,
> authenticationLevel none,
> itemOrUserFirst userFirst:
> {
> userClasses {
> allUsers
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
> grantCompare, grantFilterMatch,
> grantDiscloseOnError }
> },
> {
> protectedItems { attributeType { userPassword } },
> grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
> }
> }
> }
> }
>
> Should I log this as a bug or is my config causing this?
>
> Cheers.
>