I followed the instructions in section 3.2 - Basic authorization on a
ApachedDS 2.0.0-M23 installation and although the configuration appears
to be identical to the documented one, I am not able to obtain the
expected result.
For example, using "uid=admin,ou=system" yields the following:
****
**
$ ldapsearch -h apacheds -p 10389 -D "uid=admin,ou=system" -w secret -b
"o=sevenSeas" -s sub "(objectclass=person)" uid userPassword
# extended LDIF
#
# LDAPv3
# base <o=sevenSeas> with scope subtree
# filter: (objectclass=person)
# requesting: uid userPassword
#
# Thomas Masterman Hardy, people, sevenseas
dn: cn=Thomas Masterman Hardy,ou=people,o=sevenseas
userpassword:: e1NIQX1uVTRlSTcxYmNuQkdxZU8wdDl0WHZZMXU1b1E9
uid: thardy
...etc..
# search result
search: 2
result: 0 Success
# numResponses: 12
# numEntries: 11
While, if I use "cn=Horatio Nelson,ou=people,o=sevenSeas", I get an
emtpy result:
$ ldapsearch -h apacheds -p 10389 -D "cn=Horatio
Nelson,ou=people,o=sevenSeas" -w pass -b "o=sevenSeas" -s sub
"(objectclass=person)" uid userPassword
# extended LDIF
#
# LDAPv3
# base <o=sevenSeas> with scope subtree
# filter: (objectclass=person)
# requesting: uid userPassword
#
# search result
search: 2
result: 0 Success
# numResponses: 1
Having turned on debugging in the logging configuration, I can see that
both commands actually retrieve identical search results but in the
second case, it appears the result is filtered out possibly by the
org.apache.directory.server.core.authz.AciAuthorizationInterceptor.AuthorizationFilter.
As fas as I can tell, my configuration is exactly as specified in the
documentation and I am not seeing any kind of error message in the logs
or elesewhere.
Anybody with any idea about where the problem may lie?
/Laurent