You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Mark Swanson (JIRA)" <ji...@apache.org> on 2007/04/22 08:02:15 UTC
[jira] Created: (DIRSERVER-907) Overflowing the stack with ACI
Overflowing the stack with ACI
------------------------------
Key: DIRSERVER-907
URL: https://issues.apache.org/jira/browse/DIRSERVER-907
Project: Directory ApacheDS
Issue Type: Bug
Affects Versions: 1.0.1
Environment: Linux, Java 6
Reporter: Mark Swanson
Priority: Minor
Hello,
I enabled ACI and ldapsearch now puts the server into an infinite loop:
ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b "dc=home2,dc=mark" -v -W "objectClass=*"
org.apache.directory.server.core.interceptor.InterceptorException: Unexpected exception. [Root exception is java.lang.StackOverflowError]
at org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510)
at org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106)
at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
Configured with this:
dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
changetype: add
objectclass: top
objectclass: subentry
objectclass: accessControlSubentry
cn: swAuthorizationRequirementsACISubentry
subtreeSpecification: {}
prescriptiveACI: {
identificationTag "directoryManagerFullAccessACI",
precedence 11,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses
{
name { "uid=44,dc=home2,dc=mark" }
},
userPermissions {
{
protectedItems { entry, allUserAttributeTypesAndValues },
grantsAndDenials {
grantAdd, grantDiscloseOnError, grantRead,
grantRemove, grantBrowse, grantExport, grantImport,
grantModify, grantRename, grantReturnDN,
grantCompare, grantFilterMatch, grantInvoke
}
}
}
}
}
prescriptiveACI: {
identificationTag "allUsersACI",
precedence 10,
authenticationLevel none,
itemOrUserFirst userFirst:
{
userClasses {
allUsers
},
userPermissions {
{
protectedItems { entry, allUserAttributeTypesAndValues },
grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
grantCompare, grantFilterMatch, grantDiscloseOnError }
},
{
protectedItems { attributeType { userPassword } },
grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
}
}
}
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Commented: (DIRSERVER-907) Overflowing the stack with ACI
Posted by Alex Karasulu <ak...@apache.org>.
You could also disable the ACI subsystem if you're using your own ACI
subsystem.
Alex
On 5/23/07, Emmanuel Lecharny (JIRA) <ji...@apache.org> wrote:
>
>
> [
> https://issues.apache.org/jira/browse/DIRSERVER-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12498144]
>
> Emmanuel Lecharny commented on DIRSERVER-907:
> ---------------------------------------------
>
> At least, some data would help (a ldif file)
>
> If you get an infinite loop, then a jvm dump would help (kill -3 on the
> JVM on linux, I don't know how to get it on windows)
>
> > Overflowing the stack with ACI
> > ------------------------------
> >
> > Key: DIRSERVER-907
> > URL: https://issues.apache.org/jira/browse/DIRSERVER-907
> > Project: Directory ApacheDS
> > Issue Type: Bug
> > Affects Versions: 1.0.1
> > Environment: Linux, Java 6
> > Reporter: Mark Swanson
> > Priority: Minor
> >
> > Hello,
> > I enabled ACI and ldapsearch now puts the server into an infinite loop:
> > ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b
> "dc=home2,dc=mark" -v -W "objectClass=*"
> > org.apache.directory.server.core.interceptor.InterceptorException:
> Unexpected exception. [Root exception is java.lang.StackOverflowError]
> > at
> org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException
> (InterceptorChain.java:1510)
> > at
> org.apache.directory.server.core.interceptor.InterceptorChain.access$700(
> InterceptorChain.java:52)
> > at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName
> (InterceptorChain.java:1106)
> > at
> org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName
> (BaseInterceptor.java:116)
> > at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName
> (InterceptorChain.java:1098)
> > at
> org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName
> (BaseInterceptor.java:116)
> > at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName
> (InterceptorChain.java:1098)
> > Configured with this:
> > dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
> > changetype: add
> > objectclass: top
> > objectclass: subentry
> > objectclass: accessControlSubentry
> > cn: swAuthorizationRequirementsACISubentry
> > subtreeSpecification: {}
> > prescriptiveACI: {
> > identificationTag "directoryManagerFullAccessACI",
> > precedence 11,
> > authenticationLevel simple,
> > itemOrUserFirst userFirst:
> > {
> > userClasses
> > {
> > name { "uid=44,dc=home2,dc=mark" }
> > },
> > userPermissions {
> > {
> > protectedItems { entry, allUserAttributeTypesAndValues },
> > grantsAndDenials {
> > grantAdd, grantDiscloseOnError, grantRead,
> > grantRemove, grantBrowse, grantExport, grantImport,
> > grantModify, grantRename, grantReturnDN,
> > grantCompare, grantFilterMatch, grantInvoke
> > }
> > }
> > }
> > }
> > }
> > prescriptiveACI: {
> > identificationTag "allUsersACI",
> > precedence 10,
> > authenticationLevel none,
> > itemOrUserFirst userFirst:
> > {
> > userClasses {
> > allUsers
> > },
> > userPermissions {
> > {
> > protectedItems { entry, allUserAttributeTypesAndValues },
> > grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
> > grantCompare, grantFilterMatch,
> grantDiscloseOnError }
> > },
> > {
> > protectedItems { attributeType { userPassword } },
> > grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
> > }
> > }
> > }
> > }
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
>
[jira] Commented: (DIRSERVER-907) Overflowing the stack with ACI
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12498144 ]
Emmanuel Lecharny commented on DIRSERVER-907:
---------------------------------------------
At least, some data would help (a ldif file)
If you get an infinite loop, then a jvm dump would help (kill -3 on the JVM on linux, I don't know how to get it on windows)
> Overflowing the stack with ACI
> ------------------------------
>
> Key: DIRSERVER-907
> URL: https://issues.apache.org/jira/browse/DIRSERVER-907
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Linux, Java 6
> Reporter: Mark Swanson
> Priority: Minor
>
> Hello,
> I enabled ACI and ldapsearch now puts the server into an infinite loop:
> ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b "dc=home2,dc=mark" -v -W "objectClass=*"
> org.apache.directory.server.core.interceptor.InterceptorException: Unexpected exception. [Root exception is java.lang.StackOverflowError]
> at org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510)
> at org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106)
> at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
> at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
> Configured with this:
> dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
> changetype: add
> objectclass: top
> objectclass: subentry
> objectclass: accessControlSubentry
> cn: swAuthorizationRequirementsACISubentry
> subtreeSpecification: {}
> prescriptiveACI: {
> identificationTag "directoryManagerFullAccessACI",
> precedence 11,
> authenticationLevel simple,
> itemOrUserFirst userFirst:
> {
> userClasses
> {
> name { "uid=44,dc=home2,dc=mark" }
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials {
> grantAdd, grantDiscloseOnError, grantRead,
> grantRemove, grantBrowse, grantExport, grantImport,
> grantModify, grantRename, grantReturnDN,
> grantCompare, grantFilterMatch, grantInvoke
> }
> }
> }
> }
> }
> prescriptiveACI: {
> identificationTag "allUsersACI",
> precedence 10,
> authenticationLevel none,
> itemOrUserFirst userFirst:
> {
> userClasses {
> allUsers
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
> grantCompare, grantFilterMatch, grantDiscloseOnError }
> },
> {
> protectedItems { attributeType { userPassword } },
> grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
> }
> }
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Commented: (DIRSERVER-907) Overflowing the stack with ACI
Posted by Ersin Er <er...@gmail.com>.
On 5/23/07, Mark Swanson <ma...@scheduleworld.com> wrote:
> Ersin Er (JIRA) wrote:
> > [ https://issues.apache.org/jira/browse/DIRSERVER-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12498015 ]
> >
> > Ersin Er commented on DIRSERVER-907:
> > ------------------------------------
> >
> > Can you elaborate on this more Mark? I tried a similar setup and it was successful for me. A more detailed stack trace and a test case would be great.
>
> Thanks for looking into this.
> I'm sorry, but I can't elaborate. Because the ADS design makes it so
> easy to add new features I just created my own ADS authorization and
> authentication implementations and I've been using them ever since. So
> I'm no longer using/testing this system.
Well, we should still have to know the state of the issue. If we
cannot regenerate the condition, we'll mark it as invalid.
> Cheers.
>
> --
> http://www.ScheduleWorld.com/
> Free Google Calendar synchronization with Outlook, Evolution,
> cell phones, BlackBerry, PalmOS, Exchange, Mozilla, Thunderbird,
> Pocket PC/Windows Mobile. Also sync tasks, notes and contacts!
> WebDAV, vfreebusy, RSS, LDAP, iCalendar, iTIP, iMIP support.
>
--
Ersin
Re: [jira] Commented: (DIRSERVER-907) Overflowing the stack with
ACI
Posted by Mark Swanson <ma...@ScheduleWorld.com>.
Ersin Er (JIRA) wrote:
> [ https://issues.apache.org/jira/browse/DIRSERVER-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12498015 ]
>
> Ersin Er commented on DIRSERVER-907:
> ------------------------------------
>
> Can you elaborate on this more Mark? I tried a similar setup and it was successful for me. A more detailed stack trace and a test case would be great.
Thanks for looking into this.
I'm sorry, but I can't elaborate. Because the ADS design makes it so
easy to add new features I just created my own ADS authorization and
authentication implementations and I've been using them ever since. So
I'm no longer using/testing this system.
Cheers.
--
http://www.ScheduleWorld.com/
Free Google Calendar synchronization with Outlook, Evolution,
cell phones, BlackBerry, PalmOS, Exchange, Mozilla, Thunderbird,
Pocket PC/Windows Mobile. Also sync tasks, notes and contacts!
WebDAV, vfreebusy, RSS, LDAP, iCalendar, iTIP, iMIP support.
[jira] Commented: (DIRSERVER-907) Overflowing the stack with ACI
Posted by "Ersin Er (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12498015 ]
Ersin Er commented on DIRSERVER-907:
------------------------------------
Can you elaborate on this more Mark? I tried a similar setup and it was successful for me. A more detailed stack trace and a test case would be great.
> Overflowing the stack with ACI
> ------------------------------
>
> Key: DIRSERVER-907
> URL: https://issues.apache.org/jira/browse/DIRSERVER-907
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Linux, Java 6
> Reporter: Mark Swanson
> Priority: Minor
>
> Hello,
> I enabled ACI and ldapsearch now puts the server into an infinite loop:
> ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b "dc=home2,dc=mark" -v -W "objectClass=*"
> org.apache.directory.server.core.interceptor.InterceptorException: Unexpected exception. [Root exception is java.lang.StackOverflowError]
> at org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510)
> at org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106)
> at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
> at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
> Configured with this:
> dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
> changetype: add
> objectclass: top
> objectclass: subentry
> objectclass: accessControlSubentry
> cn: swAuthorizationRequirementsACISubentry
> subtreeSpecification: {}
> prescriptiveACI: {
> identificationTag "directoryManagerFullAccessACI",
> precedence 11,
> authenticationLevel simple,
> itemOrUserFirst userFirst:
> {
> userClasses
> {
> name { "uid=44,dc=home2,dc=mark" }
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials {
> grantAdd, grantDiscloseOnError, grantRead,
> grantRemove, grantBrowse, grantExport, grantImport,
> grantModify, grantRename, grantReturnDN,
> grantCompare, grantFilterMatch, grantInvoke
> }
> }
> }
> }
> }
> prescriptiveACI: {
> identificationTag "allUsersACI",
> precedence 10,
> authenticationLevel none,
> itemOrUserFirst userFirst:
> {
> userClasses {
> allUsers
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
> grantCompare, grantFilterMatch, grantDiscloseOnError }
> },
> {
> protectedItems { attributeType { userPassword } },
> grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
> }
> }
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Updated: (DIRSERVER-907) Overflowing the stack with ACI
Posted by Mark Swanson <ma...@ScheduleWorld.com>.
Emmanuel Lecharny (JIRA) wrote:
> [ https://issues.apache.org/jira/browse/DIRSERVER-907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Emmanuel Lecharny updated DIRSERVER-907:
> ----------------------------------------
>
> Fix Version/s: 1.0.3
>
> We should either try to reproduce and fix this bug, or if we can't reproduce it, close it.
>
> Mark, any status ?
No. Sorry, I'm not able to comment on this bug any more.
I'm having a hard time keeping up with ads emails - there are 331 unread
in that folder atm.
Cheers.
--
http://www.ScheduleWorld.com/
Free Google Calendar synchronization with Outlook, Evolution,
cell phones, BlackBerry, PalmOS, Exchange, Mozilla, Thunderbird,
Pocket PC/Windows Mobile. Also sync tasks, notes and contacts!
WebDAV, vfreebusy, RSS, LDAP, iCalendar, iTIP, iMIP support.
[jira] Updated: (DIRSERVER-907) Overflowing the stack with ACI
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSERVER-907:
----------------------------------------
Fix Version/s: 1.0.3
We should either try to reproduce and fix this bug, or if we can't reproduce it, close it.
Mark, any status ?
> Overflowing the stack with ACI
> ------------------------------
>
> Key: DIRSERVER-907
> URL: https://issues.apache.org/jira/browse/DIRSERVER-907
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Linux, Java 6
> Reporter: Mark Swanson
> Priority: Minor
> Fix For: 1.0.3
>
>
> Hello,
> I enabled ACI and ldapsearch now puts the server into an infinite loop:
> ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b "dc=home2,dc=mark" -v -W "objectClass=*"
> org.apache.directory.server.core.interceptor.InterceptorException: Unexpected exception. [Root exception is java.lang.StackOverflowError]
> at org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510)
> at org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106)
> at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
> at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098)
> Configured with this:
> dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
> changetype: add
> objectclass: top
> objectclass: subentry
> objectclass: accessControlSubentry
> cn: swAuthorizationRequirementsACISubentry
> subtreeSpecification: {}
> prescriptiveACI: {
> identificationTag "directoryManagerFullAccessACI",
> precedence 11,
> authenticationLevel simple,
> itemOrUserFirst userFirst:
> {
> userClasses
> {
> name { "uid=44,dc=home2,dc=mark" }
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials {
> grantAdd, grantDiscloseOnError, grantRead,
> grantRemove, grantBrowse, grantExport, grantImport,
> grantModify, grantRename, grantReturnDN,
> grantCompare, grantFilterMatch, grantInvoke
> }
> }
> }
> }
> }
> prescriptiveACI: {
> identificationTag "allUsersACI",
> precedence 10,
> authenticationLevel none,
> itemOrUserFirst userFirst:
> {
> userClasses {
> allUsers
> },
> userPermissions {
> {
> protectedItems { entry, allUserAttributeTypesAndValues },
> grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
> grantCompare, grantFilterMatch, grantDiscloseOnError }
> },
> {
> protectedItems { attributeType { userPassword } },
> grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
> }
> }
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.