directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DIRSERVER-1947) maxValueCount not working correctly
Date Fri, 28 Jun 2019 06:35:00 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emmanuel Lecharny updated DIRSERVER-1947:
-----------------------------------------
    Component/s:     (was: ldap)
                 aci

> maxValueCount not working correctly
> -----------------------------------
>
>                 Key: DIRSERVER-1947
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1947
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: aci
>    Affects Versions: 2.0.0-M15
>         Environment: Server environment:
> Oracle JDK 1.7u45
> ApacheDS 2.0.0-M15
> Debian 7.3, AMD64
> Client environment:
> Apache Directory Studio 2.0.0.v20130628
> Oracle JDK 1.7u45
> OS X 10.9.1
>            Reporter: Michael Przybylski
>            Priority: Major
>
> I’ve been teaching myself how to use Apache Directory Server’s access control subsystem.
> Before getting too cute, I figured I’d try out the recipes here:
> http://directory.apache.org/apacheds/advanced-ug/4.2.7-using-acis-trail.html
> Both work as advertised, but as I’ve been reading more, some have suggested refining…
> http://directory.apache.org/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html
> …to use maxValueCount to prevent (someone claiming to be) the user from inserting multiple
userPassword values.  However, as soon as I put maxValueCount in any protectedItems clause
of my prescriptiveACI, all of my unprivileged user’s attributes become invisible to him.
> If I weren’t such a n00b, I’d think this was a bug.
> Here is the prescriptiveACI that I think should work:
> {
>    identificationTag "userSelfModifyPassword",
>    precedence 0,
>    authenticationLevel none,
>    itemOrUserFirst userFirst: 
>    {
>        userClasses { thisEntry },
>        userPermissions 
>        {
>            {
>                protectedItems 
>                {
>                    maxValueCount 
>                    {
>                        { type userPassword, maxCount 1 }
>                    }
>                    ,
>                    allAttributeValues { userPassword } 
>                }
>                ,
>                grantsAndDenials { grantAdd, grantRemove } 
>            }
>            ,
>            {
>                protectedItems { entry },
>                grantsAndDenials 
>                {
>                    grantRead,
>                    grantBrowse,
>                    grantModify 
>                }
>            }
>        }
>    }
> }
> Kiran Ayyagari ( kayyagari@apache.org ) was able to reproduce and asked me to file this
bug.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org


Mime
View raw message