You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Ersin Er (JIRA)" <ji...@apache.org> on 2007/08/07 20:19:59 UTC
[jira] Resolved: (DIRSERVER-1014) ACI Example deleteAci apparently
wrong in web documents
[ https://issues.apache.org/jira/browse/DIRSERVER-1014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ersin Er resolved DIRSERVER-1014.
---------------------------------
Resolution: Fixed
Assignee: Ersin Er
Fixed. Combined "name" user classes into a single one.
> ACI Example deleteAci apparently wrong in web documents
> -------------------------------------------------------
>
> Key: DIRSERVER-1014
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1014
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: doc
> Affects Versions: 1.0.2
> Environment: Web documentation
> Reporter: Wayne Johnson
> Assignee: Ersin Er
>
> Page http://directory.apache.org/apacheds/1.0/userclasses.html has an example for "Combining Multiple UserClass Specification Mechanisms". The example shows the syntax:
> userClasses
> {
> thisEntry,
> name { "uid=jbean,ou=users,ou=system" },
> name { "uid=jdoe,ou=users,ou=system" },
> userGroup { "cn=Administrators,ou=groups,ou=system" }
> },
> I've found that this doesn't work. What appears to work (from my code) is:
> userClasses {
> name { "cn=SA,ou=users,dc=mqsoftware,dc=com",
> "cn=fred,ou=users,dc=mqsoftware,dc=com" }
> },
> The when using the documented syntax, I get the following in the log:
> [12:43:10] ERROR [org.apache.directory.server.core.authz.TupleCache] - ACIItem parser failure on
> 'null'
> due to syntax error. Cannnot add ACITuples to TupleCache.
> Check that the syntax of the ACI item is correct.
> Until this error is fixed your security settings will not be as expected.
> java.text.ParseException: Parser failure on ACIItem:
> { identificationTag "userAdminPermissions", precedence 16, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { name { "cn=SA,ou=users,dc=mqsoftware,dc=com" }, name { "cn=fred,ou=users,dc=mqsoftware,dc=com" } }, userPermissions { { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDenials { grantAdd, grantDiscloseOnError, grantRead, grantRemove, grantBrowse, grantExport, grantImport, grantModify, grantRename, grantReturnDN, grantCompare, grantFilterMatch, grantInvoke } } } } }
> Antlr exception trace:
> User Classes cannot be duplicated. Adding duplicate keys is not permitted.
> at org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)
> at org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)
> at org.apache.directory.server.core.authz.AuthorizationService.add(AuthorizationService.java:383)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
> at org.apache.directory.server.core.referral.ReferralService.add(ReferralService.java:329)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
> at org.apache.directory.server.core.authn.AuthenticationService.add(AuthenticationService.java:197)
> at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1181)
> at org.apache.directory.server.core.normalization.NormalizationService.add(NormalizationService.java:103)
> at org.apache.directory.server.core.interceptor.InterceptorChain.add(InterceptorChain.java:706)
> at org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:325)
> at org.apache.directory.server.core.partition.PartitionNexusProxy.add(PartitionNexusProxy.java:313)
> at org.apache.directory.server.core.jndi.ServerDirContext.createSubcontext(ServerDirContext.java:409)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.