You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Christian Felsing (JIRA)" <ji...@apache.org> on 2013/09/03 17:55:03 UTC
[jira] [Created] (DIRSERVER-1895) ACLs have no effect
Christian Felsing created DIRSERVER-1895:
--------------------------------------------
Summary: ACLs have no effect
Key: DIRSERVER-1895
URL: https://issues.apache.org/jira/browse/DIRSERVER-1895
Project: Directory ApacheDS
Issue Type: Bug
Components: ldap
Affects Versions: 2.0.0-M15
Environment: FreeBSD 9.1-RELEASE-p6
Reporter: Christian Felsing
Following ACL does not what I expected:
{
identificationTag "mtaAclElement",
precedence 0,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses
{
name { "cn=mta,dc=ip6,dc=li" }
}
,
userPermissions
{
{
protectedItems
{
entry,
attributeType
{
tsnetDomainName,
tsnetMailHost,
uid
}
}
,
grantsAndDenials
{
grantBrowse,
grantRead,
grantReturnDN,
grantCompare
}
}
}
}
}
This ACL should allow DN cn=mta,dc=ip6,dc=li access to attributes
uid
tsnetDomainName
tsnetMailHost
and to list all DN entries. A test (temporary allow to list all
attributes) proved that this ACL matches.
but
ldapsearch -H ldap://192.168.116.29:10389 -x -D "cn=mta,dc=ip6,dc=li" -w
VerySecretPassword -b "dc=ip6,dc=li"
lists DN entries only:
# pug@felsing.net, freemail, ip6.li
dn: uid=pug@felsing.net,ou=freemail,dc=ip6,dc=li
...
Attributes listed on attributeType are not shown.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira