You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Pierre Smits <pi...@gmail.com> on 2014/03/25 21:45:07 UTC
AD M16 and Studio M2: deleting ACI generates error
Hi all,
When I tried to delete an ACI I got the following error:
#!RESULT ERROR
#!CONNECTION ldap://director.somonar.prd:389
#!DATE 2014-03-25T20:38:04.044
#!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : DEL_REQUEST
Message ID : 23 Del request Entry :
'cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com'
org.apache.directory.api.ldap.model.message.DeleteRequestImpl@90241f8:
null: java.lang.NullPointerException at
org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:1043)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at
org.apache.directory.server.core.operational.OperationalAttributeInterceptor.delete(OperationalAttributeInterceptor.java:462)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at
org.apache.directory.server.core.exception.ExceptionInterceptor.delete(ExceptionInterceptor.java:207)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at
org.apache.directory.server.core.admin.AdministrativePointInterceptor.delete(AdministrativePointInterceptor.java:1261)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at
org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor.delete(DefaultAuthorizationInterceptor.java:172)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at
org.apache.directory.server.core.authz.AciAuthorizationInterceptor.delete(AciAuthorizationInterceptor.java:678)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at
org.apache.directory.server.core.referral.ReferralInterceptor.delete(ReferralInterceptor.java:288)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.delete(AuthenticationInterceptor.java:749)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.delete(NormalizationInterceptor.java:174)
at
org.apache.directory.server.core.DefaultOperationManager.delete(DefaultOperationManager.java:641)
at
org.apache.directory.server.core.shared.DefaultCoreSession.delete(DefaultCoreSession.java:923)
at
org.apache.directory.server.core.shared.DefaultCoreSession.delete(DefaultCoreSession.java:906)
at
org.apache.directory.server.ldap.handlers.request.DeleteRequestHandler.handle(DeleteRequestHandler.java:55)
at
org.apache.directory.server.ldap.handlers.request.DeleteRequestHandler.handle(DeleteRequestHandler.java:39)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at
org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Thread.java:662) ]
dn: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
changetype: delete
I did this with uid=admin,ou=system. Am I doing something wrong?
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
Re: AD M16 and Studio M2: deleting ACI generates error
Posted by Pierre Smits <pi...@gmail.com>.
Emmanuel,
Thank you. Will create one shortly.
Regards,
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
On Tue, Mar 25, 2014 at 10:09 PM, Emmanuel Lécharny <el...@gmail.com>wrote:
> Le 3/25/14 9:58 PM, Pierre Smits a écrit :
> > The content is:
> >
> > dn: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> > objectClass: top
> > objectClass: accessControlSubentry
> > objectClass: subentry
> > cn: orrtizAuthReqACISubEntry
> > prescriptiveACI: { identificationTag "directoryManagerFullAccessACI",
> preced
> > ence 11, authenticationLevel simple, itemOrUserFirst userFirst: {
> userClass
> > es { name { "cn=nl04748,ou=users,dc=orrtiz,dc=com" } }, userPermissions
> { {
> > protectedItems { allUserAttributeTypesAndValues, entry },
> grantsAndDenials
> > { grantReturnDN, grantFilterMatch, grantBrowse, grantCompare,
> grantAdd, gr
> > antInvoke, grantModify, grantImport, grantDiscloseOnError, grantRename,
> gra
> > ntRemove, grantRead, grantExport } } } } }
> > prescriptiveACI: { identificationTag "allUsersACI", precedence 10,
> authentic
> > ationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers },
> use
> > rPermissions { { protectedItems { allUserAttributeTypesAndValues, entry
> },
> > grantsAndDenials { grantReturnDN, grantFilterMatch, grantBrowse,
> grantCompa
> > re, grantDiscloseOnError, grantRead } }, { protectedItems {
> attributeType {
> > userPassword } }, grantsAndDenials { denyRead, denyFilterMatch,
> denyCompar
> > e } } } } }
> > subtreeSpecification: { base "dc=orrtiz,dc=com" }
> > accessControlSubentries:
> 2.5.4.3=orrtizacisubentry,0.9.2342.19200300.100.1.2
> > 5=orrtiz,0.9.2342.19200300.100.1.25=com
> > createTimestamp: 20140325182443.296Z
> > creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> > entryCSN: 20140325200009.087000Z#000000#001#000000
> > entryDN: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> > entryParentId: a22442b4-f41f-46bb-89d8-e567ed1a5800
> > entryUUID:: MWViMTQxMDktNzEzOC00NzFkLTlmYzEtZTgyMTM1NzI1ZDU1
> > modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> > modifyTimestamp: 20140325200009.087Z
>
>
>
> That's weird... The subtreeSpecification is not null, not is its base,
> you should not get the NPE you have had...
>
> At this point, I'll need to have a test case to reproduce this problem,
> in order to find the bug.
>
> Can you provide the elements that led to this situation ? (preferably in
> a JIRA)
>
> Thanks !
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>
Re: AD M16 and Studio M2: deleting ACI generates error
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 3/25/14 9:58 PM, Pierre Smits a écrit :
> The content is:
>
> dn: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> objectClass: top
> objectClass: accessControlSubentry
> objectClass: subentry
> cn: orrtizAuthReqACISubEntry
> prescriptiveACI: { identificationTag "directoryManagerFullAccessACI", preced
> ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass
> es { name { "cn=nl04748,ou=users,dc=orrtiz,dc=com" } }, userPermissions { {
> protectedItems { allUserAttributeTypesAndValues, entry }, grantsAndDenials
> { grantReturnDN, grantFilterMatch, grantBrowse, grantCompare, grantAdd, gr
> antInvoke, grantModify, grantImport, grantDiscloseOnError, grantRename, gra
> ntRemove, grantRead, grantExport } } } } }
> prescriptiveACI: { identificationTag "allUsersACI", precedence 10, authentic
> ationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, use
> rPermissions { { protectedItems { allUserAttributeTypesAndValues, entry },
> grantsAndDenials { grantReturnDN, grantFilterMatch, grantBrowse, grantCompa
> re, grantDiscloseOnError, grantRead } }, { protectedItems { attributeType {
> userPassword } }, grantsAndDenials { denyRead, denyFilterMatch, denyCompar
> e } } } } }
> subtreeSpecification: { base "dc=orrtiz,dc=com" }
> accessControlSubentries: 2.5.4.3=orrtizacisubentry,0.9.2342.19200300.100.1.2
> 5=orrtiz,0.9.2342.19200300.100.1.25=com
> createTimestamp: 20140325182443.296Z
> creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> entryCSN: 20140325200009.087000Z#000000#001#000000
> entryDN: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> entryParentId: a22442b4-f41f-46bb-89d8-e567ed1a5800
> entryUUID:: MWViMTQxMDktNzEzOC00NzFkLTlmYzEtZTgyMTM1NzI1ZDU1
> modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> modifyTimestamp: 20140325200009.087Z
That's weird... The subtreeSpecification is not null, not is its base,
you should not get the NPE you have had...
At this point, I'll need to have a test case to reproduce this problem,
in order to find the bug.
Can you provide the elements that led to this situation ? (preferably in
a JIRA)
Thanks !
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: AD M16 and Studio M2: deleting ACI generates error
Posted by Pierre Smits <pi...@gmail.com>.
The content is:
dn: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
objectClass: top
objectClass: accessControlSubentry
objectClass: subentry
cn: orrtizAuthReqACISubEntry
prescriptiveACI: { identificationTag "directoryManagerFullAccessACI", preced
ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass
es { name { "cn=nl04748,ou=users,dc=orrtiz,dc=com" } }, userPermissions { {
protectedItems { allUserAttributeTypesAndValues, entry }, grantsAndDenials
{ grantReturnDN, grantFilterMatch, grantBrowse, grantCompare, grantAdd, gr
antInvoke, grantModify, grantImport, grantDiscloseOnError, grantRename, gra
ntRemove, grantRead, grantExport } } } } }
prescriptiveACI: { identificationTag "allUsersACI", precedence 10, authentic
ationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, use
rPermissions { { protectedItems { allUserAttributeTypesAndValues, entry },
grantsAndDenials { grantReturnDN, grantFilterMatch, grantBrowse, grantCompa
re, grantDiscloseOnError, grantRead } }, { protectedItems { attributeType {
userPassword } }, grantsAndDenials { denyRead, denyFilterMatch, denyCompar
e } } } } }
subtreeSpecification: { base "dc=orrtiz,dc=com" }
accessControlSubentries: 2.5.4.3=orrtizacisubentry,0.9.2342.19200300.100.1.2
5=orrtiz,0.9.2342.19200300.100.1.25=com
createTimestamp: 20140325182443.296Z
creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
entryCSN: 20140325200009.087000Z#000000#001#000000
entryDN: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
entryParentId: a22442b4-f41f-46bb-89d8-e567ed1a5800
entryUUID:: MWViMTQxMDktNzEzOC00NzFkLTlmYzEtZTgyMTM1NzI1ZDU1
modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
modifyTimestamp: 20140325200009.087Z
Regards,
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
On Tue, Mar 25, 2014 at 9:48 PM, Emmanuel Lécharny <el...@gmail.com>wrote:
> Le 3/25/14 9:45 PM, Pierre Smits a écrit :
> > Hi all,
> >
> > When I tried to delete an ACI I got the following error:
>
>
> What is the content of the subentry ?
>
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>
Re: AD M16 and Studio M2: deleting ACI generates error
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 3/25/14 9:45 PM, Pierre Smits a écrit :
> Hi all,
>
> When I tried to delete an ACI I got the following error:
What is the content of the subentry ?
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com