[ https://issues.apache.org/jira/browse/DIRSERVER-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Smits updated DIRSERVER-2206: ------------------------------------ Fix Version/s: Upcoming release (was: 2.0.0.AM27) > RefinementEvaluator fails when "objectClass" attribute is not present in the > list of attributes > ----------------------------------------------------------------------------------------------- > > Key: DIRSERVER-2206 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2206 > Project: Directory ApacheDS > Issue Type: Bug > Components: aci > Affects Versions: 2.0.0-M24 > Reporter: Kiran Ayyagari > Priority: Major > Fix For: Upcoming release > > Attachments: allowreadusers.ldif > > > I have a ACI that filters entries based on the the {{classes}} protected item > but when > the search request doesn't contain {{objectClass}} in the requested > attributes the below > exception is thrown. > {noformat} > org.apache.directory.api.ldap.model.message.SearchRequestImpl@c452319: > ERR_296 objectClasses cannot be null: > java.lang.IllegalArgumentException: ERR_296 objectClasses cannot be null > at > org.apache.directory.server.core.api.subtree.RefinementEvaluator.evaluate(RefinementEvaluator.java:65) > at > org.apache.directory.server.core.authz.support.RelatedProtectedItemFilter.isRelated(RelatedProtectedItemFilter.java:213) > at > org.apache.directory.server.core.authz.support.RelatedProtectedItemFilter.filter(RelatedProtectedItemFilter.java:86) > at > org.apache.directory.server.core.authz.support.ACDFEngine.hasPermission(ACDFEngine.java:160) > at > org.apache.directory.server.core.authz.AciAuthorizationInterceptor.filter(AciAuthorizationInterceptor.java:1368) > at > org.apache.directory.server.core.authz.AciAuthorizationInterceptor.access$200(AciAuthorizationInterceptor.java:91) > at > org.apache.directory.server.core.authz.AciAuthorizationInterceptor$AuthorizationFilter.accept(AciAuthorizationInterceptor.java:1428) > at > org.apache.directory.server.core.api.filtering.EntryFilteringCursorImpl.next(EntryFilteringCursorImpl.java:454) > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.writeResults(SearchRequestHandler.java:380) > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:840) > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1164) > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleWithReferrals(SearchRequestHandler.java:1258) > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:212) > at > org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:92) > at > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:222) > at > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) > at > org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:243) > at > org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:216) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:858) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:947) > at > org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) > at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) > at > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:476) > at > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:430) > at java.lang.Thread.run(Thread.java:745) > {noformat} > Steps to reproduce: > # Apply the allowreadusers.ldif > # restart the server > # run the command ldapsearch -H ldap://localhost:10389 -D "" -b > "uid=kayyagari,ou=Users,dc=example,dc=com" -s base -a always > "(objectClass=*)" "uid" > Note that if you request "objectClass" attribute along with "uid" then the > request succeeds. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org