Just a small follow up on this. The patch works fine, so I now want to create an Aci to allow anonymous access to the RootDSE. I'm a bit unclear as to the details of the Aci entries, so can someone give me some tips on this?
Thanks Richard -----Original Message----- From: Emmanuel Lécharny [mailto:elecha...@apache.org] Sent: 13 May 2011 12:10 Cc: Apache Directory Developers List Subject: Re: Creating ACIs in trunk code I have applied a fix to trunk : http://svn.apache.org/viewvc?rev=1102672&view=rev Can you give it a try ? On 5/13/11 11:47 AM, Richard Evans wrote: > Hi Emmanuel > > But I'm running a new build from a recent (yesterday) checkout of > trunk-with-dependencies. Judging from the commit log for the fix for 1524, I > have the fix in the source I have checked out and built. The log shows that > AciAuthorizationInterceptor is being initialised and reading the tuple cache. > > I'd like to put together an Aci entry for the RootDSE to allow anonymous > access. Is there an example (or documentation) anywhere? > > I do the test searches using ldapsearch or the javax.naming APIs. With > access control enabled but no Aci loaded I don't get the error, just an empty > search. > > Richard > > -----Original Message----- > From: Emmanuel Lecharny [mailto:elecha...@gmail.com] > Sent: 13 May 2011 10:43 > To: Apache Directory Developers List > Subject: Re: Creating ACIs in trunk code > > Hi Richard, > > On 5/12/11 6:17 PM, Richard Evans wrote: >> I'm running a 1.5.8 snapshot freshly built from trunk-with-dependencies. >> I'm set up access controls and am trying to define the 'enable search for >> all users' ACI entry as explained in the online docs. > <snip/> > >> This looks a bit like DIRSERVER-1524. Have I created the Aci entry >> correctly for trunk code? > This is exactly the problem. It has been fixed in trunk. Otherwise, your > entries are perfectly fine. >> A couple of other related queries: >> >> 1. With access controls enabled, I can't connect anonymously to the RootDSE >> - do I need another Aci entry for this? > Yes. RootDSE is also controlled by access controls rules. >> 2. Attempting a search as a test user, I would expect searches to fail with >> an error, instead I just get no results. Is this intentional? > Depends on the LDAP API you are using. In any case, if you check the > ResultCode, you should have a *insufficientAccessRights* error (or > something similar) > > -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com