Bug 768934
| Summary: | Protocol error in proxied operations | |||
|---|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | Juan <okelet> | |
| Component: | Directory Server | Assignee: | Rich Megginson <rmeggins> | |
| Status: | CLOSED UPSTREAM | QA Contact: | Chandrasekar Kannan <ckannan> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 1.2.5 | CC: | benl | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | 389-ds-base-1.2.10.rc1 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 781537 (view as bug list) | Environment: | ||
| Last Closed: | 2012-02-07 16:11:15 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 743970, 781537 | |||
Upstream ticket: https://fedorahosted.org/389/ticket/6 marking as screened because it has been cloned upstream Fixed in 389-ds-base-1.2.10.rc1 now in Fedora/EPEL Testing |
Description of problem: I am trying to test the proxied operations in 389 DS. For now, I have written a small script using UnboundID LDAP SDK [1]: ModifyRequest modifyRequest = new ModifyRequest("uid=XXXXXXXX,ou=People,o=XXXXXXXX,dc=XXXXXXXX,dc=XXXXXXXX", new Modification(ModificationType.REPLACE, "address", "Nueva dirección")); modifyRequest.addControl(new ProxiedAuthorizationV2RequestControl( "dn:" + proxiedUserEntry.getDN()) ); try { LDAPResult modifyResult = ldapConnectable.getConnection(session).modify(modifyRequest); // If we got here, then the modify was successful. } catch (LDAPException le) { System.out.println(le.getDiagnosticMessage() + " (" + le.getResultCode() + ")"); } Although I have not yet assigned any ACIS as described in [2], I supposed to get a denied response, not a protocol error as I get: unable to parse proxied authorization control (2 (protocol error)) This error is returned by the LDAP server, although it is not reported in the error LOG. [1] http://www.unboundid.com/products/ldapsdk/docs/javadoc/index.html [2] http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Access_Control-Access_Control_Usage_Examples.html#Access_Control_Usage_Examples-Proxied_Authorization_ACI_Example Version-Release number of selected component (if applicable): Tested in 1.2.5 How reproducible / Steps to Reproduce: Running the code below. Actual results: unable to parse proxied authorization control (2 (protocol error)) Expected results: An access denied in this case, as not applied any proxying configuration, or the actual proxied search result if configured.