directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <>
Subject [jira] Commented: (DIRSERVER-606) ou=users, ou=system - user cannot see their own entry
Date Sat, 15 Apr 2006 16:28:00 GMT
    [ ] 

Stefan Zoerner commented on DIRSERVER-606:

Able to reproduce. It is just like Marc describes. Starting from a default RC1, I used the
admin to add an entry like this:

dn: cn=Fiona Apple,ou=users,ou=system
objectclass: top
objectclass: person
cn: Fiona Apple
sn: Apple
userpassword: machine

Performing a
$ ldapsearch -h localhost -p 10389 -D "cn=Fiona Apple,ou=users,ou=system" -w machine -s one
-b "ou=users,ou=system" "(objectClass=*)" dn
gives no results

I assume an error in the OldAuthorizationService component. If I comment this interceptor
out in the server.xml (name=oldAuthorizationService), the search op above gives Fionas entry
(and all others).

$ ldapsearch -h localhost ...
version: 1
dn: cn=Fiona Apple,ou=users,ou=system

dn: cn=Kate Bush,ou=users,ou=system

> ou=users, ou=system - user cannot see their own entry
> -----------------------------------------------------
>          Key: DIRSERVER-606
>          URL:
>      Project: Directory ApacheDS
>         Type: Bug

>     Versions: 1.0-RC1
>  Environment: JDK 1.4.1
> Tried both JXplorer, and from ACEGI security
>     Reporter: Marc Batchelor
>     Assignee: Stefan Zoerner
>     Priority: Critical

> User binds to ApacheDS as a user under ou=users, ou=system. The user cannot see their
own entry to get their own attributes.
> Documentation states: Users cannot see other user entries under the 'ou=users,ou=system'
> Agreed and understood. But, the user, after binding with the directory, cannot even find
their own entry to get their own attributes. 

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message