Overflowing the stack with ACI

Wed, 18 Apr 2007 12:08:33 -0700 

Hello,

I enabled ACI and ldapsearch now puts the server into an infinite loop:
ldapsearch -h rock -p 11389 -x -D "uid=70,dc=home2,dc=mark" -b "dc=home2,dc=mark" -v -W "objectClass=*"
org.apache.directory.server.core.interceptor.InterceptorException: Unexpected exception. [Root exception is java.lang.StackOverflowError] at org.apache.directory.server.core.interceptor.InterceptorChain.throwInterceptorException(InterceptorChain.java:1510) at org.apache.directory.server.core.interceptor.InterceptorChain.access$700(InterceptorChain.java:52) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1106) at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098) at org.apache.directory.server.core.interceptor.BaseInterceptor.getMatchedName(BaseInterceptor.java:116) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.getMatchedName(InterceptorChain.java:1098) 

Configured with this:

dn: cn=swAuthorizationRequirementsACISubentry,dc=home2,dc=mark
changetype: add
objectclass: top
objectclass: subentry
objectclass: accessControlSubentry
cn: swAuthorizationRequirementsACISubentry
subtreeSpecification: {}
prescriptiveACI: {
    identificationTag "directoryManagerFullAccessACI",
    precedence 11,
    authenticationLevel simple,
    itemOrUserFirst userFirst:
    {
      userClasses
      {
        name { "uid=44,dc=home2,dc=mark" }
      },
      userPermissions {
        {
          protectedItems { entry, allUserAttributeTypesAndValues },
          grantsAndDenials {
            grantAdd, grantDiscloseOnError, grantRead,
            grantRemove, grantBrowse, grantExport, grantImport,
            grantModify, grantRename, grantReturnDN,
            grantCompare, grantFilterMatch, grantInvoke
          }
        }
      }
    }
  }
prescriptiveACI: {
    identificationTag "allUsersACI",
    precedence 10,
    authenticationLevel none,
    itemOrUserFirst userFirst:
    {
      userClasses {
        allUsers
      },
      userPermissions {
        {
          protectedItems { entry, allUserAttributeTypesAndValues },
          grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
grantCompare, grantFilterMatch, grantDiscloseOnError } 
        },
        {
          protectedItems { attributeType { userPassword } },
          grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
        }
      }
    }
  }

Should I log this as a bug or is my config causing this?

Cheers.

--
http://www.ScheduleWorld.com/
Free Google Calendar synchronization with Outlook, Evolution,
cell phones, BlackBerry, PalmOS, Exchange, Mozilla, Thunderbird,
Pocket PC/Windows Mobile. Also sync tasks, notes and contacts!
WebDAV, vfreebusy, RSS, LDAP, iCalendar, iTIP, iMIP support.

Reply via email to