mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 8bd07b | patch | commitdiff
dugan
26.12.2007 745d3ccec1c5673231f872a7bc8d9ff6fa655279
refs
author dugan <dugan@localhost>
Thursday, July 26, 2007 01:12 +0200
committer dugan <dugan@localhost>
Thursday, July 26, 2007 01:12 +0200
commit745d3ccec1c5673231f872a7bc8d9ff6fa655279
tree 1e6fc6e68b3371c29dbeeadb8d5d41cf6e4ea63a tree | zip | gz
parent 8bd07b3052a42c8a092e8d50e23e9b44ff3944d0 view | diff 
Add new ACI keyword "extop" that can be used to enforce access
based on the OID of an extended operation. For example, a new global
access extended operation rule is also being added:

ds-cfg-global-aci: 
(extop="1.3.6.1.4.1.26027.1.6.1 || 1.3.6.1.4.1.4203.1.11.1 || 1.3.6.1.4.1.1466.20037 || 1.3.6.1.4.1.4203.1.11.3")
 (version 3.0; acl "Anonymous extended operation access"; allow(read) userdn="ldap:///anyone";)

which allows anonymous access to the following extended operations:

- StartTLS 1.3.6.1.4.1.1466.20037 
- password policy state 1.3.6.1.4.1.26027.1.6.1
- password modify 1.3.6.1.4.1.4203.1.11.1
- Who Am I 1.3.6.1.4.1.4203.1.11.3

A wildcard can also be specified:

aci: (extop="*")(version 3.0; acl "Anonymous extended operation access"; allow(read) userdn="ldap:///anyone";)

Issue #443.
18 files modified
2 files added
814 ■■■■ changed files
opends/resource/config/config.ldif 1 ●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/Aci.java 64 ●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java 26 ●●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java 33 ●●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/AciLDAPOperationContainer.java 30 ●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/AciTargetMatchContext.java 21 ●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java 116 ●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/EnumTargetKeyword.java 7 ●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/ExtOp.java 104 ●●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/TargetControl.java 2 ●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/messages/AciMessages.java 17 ●●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/resource/config-changes.ldif 6 ●●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTestCase.java 38 ●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java 29 ●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AlternateRootDN.java 10 ●●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/ExtOpTestCase.java 240 ●●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/GetEffectiveRightsTestCase.java 3 ●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/IPTestCase.java 1 ●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetAttrTestCase.java 5 ●●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetControlTestCase.java 61 ●●●● diff | view | raw | blame | history