I have applied a fix to trunk :
http://svn.apache.org/viewvc?rev=1102672&view=rev
Can you give it a try ?
On 5/13/11 11:47 AM, Richard Evans wrote:
Hi Emmanuel
But I'm running a new build from a recent (yesterday) checkout of
trunk-with-dependencies. Judging from the commit log for the fix for 1524, I
have the fix in the source I have checked out and built. The log shows that
AciAuthorizationInterceptor is being initialised and reading the tuple cache.
I'd like to put together an Aci entry for the RootDSE to allow anonymous
access. Is there an example (or documentation) anywhere?
I do the test searches using ldapsearch or the javax.naming APIs. With access
control enabled but no Aci loaded I don't get the error, just an empty search.
Richard
-----Original Message-----
From: Emmanuel Lecharny [mailto:elecha...@gmail.com]
Sent: 13 May 2011 10:43
To: Apache Directory Developers List
Subject: Re: Creating ACIs in trunk code
Hi Richard,
On 5/12/11 6:17 PM, Richard Evans wrote:
I'm running a 1.5.8 snapshot freshly built from trunk-with-dependencies. I'm
set up access controls and am trying to define the 'enable search for all
users' ACI entry as explained in the online docs.
<snip/>
This looks a bit like DIRSERVER-1524. Have I created the Aci entry correctly
for trunk code?
This is exactly the problem. It has been fixed in trunk. Otherwise, your
entries are perfectly fine.
A couple of other related queries:
1. With access controls enabled, I can't connect anonymously to the RootDSE -
do I need another Aci entry for this?
Yes. RootDSE is also controlled by access controls rules.
2. Attempting a search as a test user, I would expect searches to fail with an
error, instead I just get no results. Is this intentional?
Depends on the LDAP API you are using. In any case, if you check the
ResultCode, you should have a *insufficientAccessRights* error (or
something similar)
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
