mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -24,6 +24,7 @@ * * Copyright 2008-2010 Sun Microsystems, Inc. * Portions Copyright 2011-2012 ForgeRock AS * Portions Copyright 2013 Manuel Gaupp */ package org.opends.server.authorization.dseecompat; @@ -479,9 +480,8 @@ ret = false; } } boolean rdnEquals = oldRDN.equals(newRDN); // Perform the RDN access checks only if the RDNs are not equal. if (ret && !rdnEquals) // Perform the RDN access checks. if (ret) { ret = aciCheckRDNs(operation, oldRDN, newRDN); } @@ -495,6 +495,7 @@ operation.getOriginalEntry()); // The RDNs are not equal, skip the proxy check since it was // already performed in the aciCheckRDNs call above. boolean rdnEquals = oldRDN.equals(newRDN); if (!rdnEquals) { operationContainer.setSeenEntry(true); opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java
@@ -24,6 +24,7 @@ * * Copyright 2008-2010 Sun Microsystems, Inc. * Portions Copyright 2011-2012 ForgeRock AS * Portions Copyright 2013 Manuel Gaupp * */ package org.opends.server.authorization.dseecompat; @@ -37,6 +38,7 @@ import static org.testng.Assert.assertEquals; import org.testng.Assert; import static org.opends.server.util.ServerConstants.EOL; import org.opends.server.protocols.ldap.LDAPResultCode; import org.opends.server.util.LDIFReader; import org.opends.server.util.LDIFWriter; import static org.opends.server.config.ConfigConstants.*; @@ -1929,6 +1931,18 @@ throw e; } } /** * Test anonymous modify DN with the same RDN. */ @Test() public void testAnonymousModDNSameRDN() throws Throwable { addEntries(BASIC_LDIF__GROUP_SEARCH_TESTS, DIR_MGR_DN, DIR_MGR_PW); String modRDNLdif = makeModDN(OU_LEAF_DN, "ou=leaf", "1", null); LDIFModify(modRDNLdif, "", "", null, LDAPResultCode.INSUFFICIENT_ACCESS_RIGHTS); } /** * Test selfwrite right. Attempt to bind as level3 user and remove level1 * user from a group, should fail.
