external-software/github_OpenIdentityPlatform_OpenDJ.git

Fix 1525 (Cannot disable access control handler)

With Access control enabled (Dsee compat)

dn: cn=Access Control Handler,cn=config
objectClass: top
objectClass: ds-cfg-access-control-handler
objectClass: ds-cfg-dseecompat-access-control-handler
ds-cfg-global-aci: (targetattr!="userPassword||authPassword")(version 3.0; acl "Anonymous read access"; allow (read,search,compare) userdn="ldap:///anyone";)
ds-cfg-global-aci: (targetattr="*")(version 3.0; acl "Self entry modification"; allow (write) userdn="ldap:///self";)
cn: Access Control Handler
ds-cfg-acl-handler-class: org.opends.server.authorization.dseecompat.AciProvider
ds-cfg-acl-handler-enabled: true

./bin/start-ds -N
[19/Apr/2007:13:51:44 +0200] category=CORE severity=NOTICE id=458886 msg="OpenDS Directory Server 0.1.0 starting up."
[19/Apr/2007:13:51:48 +0200] category=CONFIG severity=NOTICE id=3605006 msg="Access control has been enabled and will use the org.opends.server.authorization.dseecompat.AciProvider implementation."
[19/Apr/2007:13:51:50 +0200] category=BACKEND severity=NOTICE id=8847402 msg="A database backend containing 0 entries has started."
[19/Apr/2007:13:51:52 +0200] category=CORE severity=NOTICE id=458887 msg="The Directory Server has started successfully."
[19/Apr/2007:13:51:52 +0200] category=CORE severity=NOTICE id=458891 msg="The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887):  The Directory Server has started successfully.."

With Access control disabled

dn: cn=Access Control Handler,cn=config
objectClass: top
objectClass: ds-cfg-access-control-handler
objectClass: ds-cfg-dseecompat-access-control-handler
ds-cfg-global-aci: (targetattr!="userPassword||authPassword")(version 3.0; acl "Anonymous read access"; allow (read,search,compare) userdn="ldap:///anyone";)
ds-cfg-global-aci: (targetattr="*")(version 3.0; acl "Self entry modification"; allow (write) userdn="ldap:///self";)
cn: Access Control Handler
ds-cfg-acl-handler-class: org.opends.server.authorization.dseecompat.AciProvider
ds-cfg-acl-handler-enabled: false

./bin/start-ds -N
[19/Apr/2007:13:54:29 +0200] category=CORE severity=NOTICE id=458886 msg="OpenDS Directory Server 0.1.0 starting up."
[19/Apr/2007:13:54:31 +0200] category=CONFIG severity=SEVERE_WARNING id=3277325 msg="Access control has been disabled."
[19/Apr/2007:13:54:31 +0200] category=BACKEND severity=NOTICE id=8847402 msg="A database backend containing 0 entries has started."
[19/Apr/2007:13:54:32 +0200] category=CORE severity=NOTICE id=458887 msg="The Directory Server has started successfully."
[19/Apr/2007:13:54:32 +0200] category=CORE severity=NOTICE id=458891 msg="The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887):  The Directory Server has started successfully.."

	opends/src/server/org/opends/server/core/AccessControlConfigManager.java	7 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/core/DefaultAccessControlProvider.java	3 ●●●●● patch \| view \| raw \| blame \| history

			@@ -221,8 +221,15 @@
			if (newHandlerClass != null) {
			AccessControlProvider<? extends AccessControlHandlerCfg> newHandler ;
			try {
			if (newConfiguration.isEnabled())
			{
			newHandler = loadProvider(newHandlerClass.getName(), newConfiguration
			.getConfiguration());
			}
			else
			{
			newHandler = new DefaultAccessControlProvider();
			}
			} catch (Exception e) {
			if (debugEnabled())
			{

			@@ -43,7 +43,8 @@
			* access control is disabled and implements a default access control
			* decision function which grants access to everything and anyone.
			*/
			class DefaultAccessControlProvider implements AccessControlProvider {
			class DefaultAccessControlProvider
			implements AccessControlProvider <AccessControlHandlerCfg> {

			/**
			* The single handler instance.