Apache Directory Project - [apacheds]ACI support classes never consider "attributeValue" in

This is Interesting: Free IT Magazines  
Home > Archive > Apache Directory Project > October 2005 > [apacheds]ACI support classes never consider "attributeValue" in





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author [apacheds]ACI support classes never consider "attributeValue" in
Alex Karasulu

2005-10-19, 5:46 pm

Trustin,

Within the o.a.l.s.authz.support package nothing checks to see if the
"attributeValue" field in a protectedItem is adhered too. For this
reason permission checks are failing. Let me give you an example that I
have in a testcase:

I have the following ACIItem:

{
identificationTag "searchAci"
precedence 14
authenticationLevel none,
itemOrUserFirst userFirst:
{
userClasses { allUsers },
userPermissions
{
{
protectedItems {entry, attributeType { ou }, allAttributeValues
{ objectClass }, attributeValue { ou=0, ou=1, ou=2 } }, grantsAndDenials
{ grantRead, grantReturnDN, grantBrowse } }
}
}
}

This should only allow the return of ou values that are "0", "1" and "2"
and not allow the return of other ou values in a search. However it's
not doing that. Nothing in the support pkg seems to test to see if the
value is equal to any of these values.

Could you advise on what's happening?

Alex


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com