On 18 Nov 2019, at 10:09, Graham Leggett <minfrin(a)sharp.fm>
wrote:
On 18 Nov 2019, at 01:19, William Brown <wbrown(a)suse.de> wrote:
> As I'm sure you're aware, the docs are here:
>
>
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11...
>
> I think you don't need to request the entrylevelrights or attributelevelrights on
the search (the log looks like you're requesting them). You probably just want * or +
here instead.
I tried that, but it made no difference. I also noticed that despite asking for
attributes “*” and “+”, the java code didn’t give me any operational attributes back at
all.
I’m assuming that entryLevelRights/attributeLevelRights are operational attributes and
389ds won’t return them with a “*” attribute on it’s own?
The attributes you "request" are the attributes it will do an effective rights
check on, and the server just "puts" the *rights attributes in your response
without asking (well, you did ask because of the control)
I’m trying to work out whether this is a java issue or a 389ds issue.
Why not both?
Are there any known issues when trying to return operational attributes from 389ds to
java JNDI calls?
Controls and extended ops are difficult to get right at the best of times - I had to do so
recently with python for something and it was a few days of hair tearing. So the error
could be ... anywhere.
> Otherwise I'm not 100% sure here. Perhaps the best thing is actually to attach
gdb to the server and break on:
>
> br _ger_parse_control
>
> And then step through with: "next" to see what logic paths are being taken
on the dn parser - or if you even reach that stage.
>
> You could alternately break on acl_get_effective_rights to see the full extended op
processing logic too.
>
> Sorry I can't give a more concrete piece of advice here :(
gdb stops on these breakpoints, so the logic is definitely triggered, although I
don't have any debuginfos configured to step through the code. Let me dig further on
this.
If you are on RH/Fedora, it will issue you a command such as "missing debuginfo
....." and a command you can run to install them :)
Regards,
Graham
—
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs