Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-3921

Proxy default ACI may evaluate superior attributes both in include and exclude lists

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0
    • Fix Version/s: 4.0.0
    • Component/s: access control, proxy
    • Labels:
      None

      Description

      After installing a simple proxy server,

      /setup proxy-server --baseDN dc=example,dc=com -p 10389 -D cn=directory\ manager -w password --proxyUserBindDn cn=directory\ manager --proxyUserBindPassword password --staticPrimaryServer localhost:1389 --adminConnectorPort 10444 -h localhost
      

      searches using objectClass in the filter

      bin/ldapsearch -p 10389 -D uid=user.12,ou=People,dc=example,dc=com -w password -b dc=example,dc=com objectclass=\*
      

      return

      # The LDAP search request failed: 50 (Insufficient Access Rights)
      

        Attachments

          Activity

            People

            • Assignee:
              fabiop Fabio Pistolesi
              Reporter:
              fabiop Fabio Pistolesi
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: