Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-3921

Proxy default ACI may evaluate superior attributes both in include and exclude lists

    XMLWordPrintable

Details

    • Bug
    • Status: Done
    • Major
    • Resolution: Fixed
    • 4.0.0
    • 4.0.0
    • access control, proxy
    • None

    Description

      After installing a simple proxy server,

      /setup proxy-server --baseDN dc=example,dc=com -p 10389 -D cn=directory\ manager -w password --proxyUserBindDn cn=directory\ manager --proxyUserBindPassword password --staticPrimaryServer localhost:1389 --adminConnectorPort 10444 -h localhost
      

      searches using objectClass in the filter

      bin/ldapsearch -p 10389 -D uid=user.12,ou=People,dc=example,dc=com -w password -b dc=example,dc=com objectclass=\*
      

      return

      # The LDAP search request failed: 50 (Insufficient Access Rights)
      

      Attachments

        Activity

          People

            fabiop Fabio Pistolesi
            fabiop Fabio Pistolesi
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: