mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: f8660f | patch | commitdiff
neil_a_wilson
17.29.2007 d9572cbdff869801cecc5bf653c3449062de07bc
refs
author neil_a_wilson <neil_a_wilson@localhost>
Saturday, March 17, 2007 23:29 +0100
committer neil_a_wilson <neil_a_wilson@localhost>
Saturday, March 17, 2007 23:29 +0100
commitd9572cbdff869801cecc5bf653c3449062de07bc
tree 462b0d81b9ffd9dcf28fa93c3b17e293a1058867 tree | zip | gz
parent f8660f72658a609eaa1b997a448229d22af0dcbb view | diff 
Update the dseecompat access control implementation to provide a mechanism for
detecting and warning administrators about the use of non-canonical hostnames
in the "dns" bind rule.  The dns bind rule requires that all addresses be
provided in canonical form or they will not match the intended target.

This change also includes special handling for the "localhost" name.  In the
event that it does not match its canonical representation, then the
corresponding rule will automatically allow the canonical name as well.  This
may be needed in some environments because the canonical hostname for the
loopback address may be something else, like "localhost.localdomain", and the
hostname "localhost" is likely to appear more commonly than other kinds of
hostnames.

With these changes, a number of reported mysterious ACI failures should go away
and the AciTests should now pass cleanly.

OpenDS Issue Number:  1385
2 files modified
119 ■■■■■ changed files
opends/src/server/org/opends/server/authorization/dseecompat/AciMessages.java 50 ●●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/DNS.java 69 ●●●●● diff | view | raw | blame | history