directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r570324 [2/2] - in /directory/sandbox/djencks/triplesec-jacc2: ./ admin-api2/ admin-api2/src/main/java/org/apache/directory/triplesec/admin/ admin-api2/src/main/java/org/apache/directory/triplesec/admin/persistence/ admin-api2/src/test/java...
Date Tue, 28 Aug 2007 06:23:33 GMT
Modified: directory/sandbox/djencks/triplesec-jacc2/sms/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/sms/pom.xml?rev=570324&r1=570323&r2=570324&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/sms/pom.xml (original)
+++ directory/sandbox/djencks/triplesec-jacc2/sms/pom.xml Mon Aug 27 23:23:30 2007
@@ -41,10 +41,10 @@
       <groupId>commons-logging</groupId>
       <artifactId>commons-logging</artifactId>
     </dependency>
-    <dependency>
-      <groupId>log4j</groupId>
-      <artifactId>log4j</artifactId>
-    </dependency>
+    <!--<dependency>-->
+      <!--<groupId>log4j</groupId>-->
+      <!--<artifactId>log4j</artifactId>-->
+    <!--</dependency>-->
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>

Modified: directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/ApplicationAciManager.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/ApplicationAciManager.java?rev=570324&r1=570323&r2=570324&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/ApplicationAciManager.java
(original)
+++ directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/ApplicationAciManager.java
Mon Aug 27 23:23:30 2007
@@ -23,31 +23,27 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
-import java.util.Set;
 import java.util.Map;
+import java.util.Set;
 
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 
-import org.apache.directory.server.core.invocation.InvocationStack;
-import org.apache.directory.server.core.partition.PartitionNexusProxy;
-import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
+import org.apache.directory.server.core.authn.AuthenticationService;
+import org.apache.directory.server.core.authz.AuthorizationService;
+import org.apache.directory.server.core.collective.CollectiveAttributeService;
 import org.apache.directory.server.core.interceptor.context.AddOperationContext;
-import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
+import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
+import org.apache.directory.server.core.interceptor.context.GetSuffixOperationContext;
 import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
+import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
+import org.apache.directory.server.core.interceptor.context.OperationContext;
+import org.apache.directory.server.core.invocation.InvocationStack;
 import org.apache.directory.server.core.normalization.NormalizationService;
-import org.apache.directory.server.core.authn.AuthenticationService;
-import org.apache.directory.server.core.referral.ReferralService;
-import org.apache.directory.server.core.authz.AuthorizationService;
-import org.apache.directory.server.core.authz.DefaultAuthorizationService;
-import org.apache.directory.server.core.operational.OperationalAttributeService;
+import org.apache.directory.server.core.partition.PartitionNexusProxy;
 import org.apache.directory.server.core.schema.SchemaService;
-import org.apache.directory.server.core.subtree.SubentryService;
-import org.apache.directory.server.core.event.EventService;
-import org.apache.directory.server.core.collective.CollectiveAttributeService;
 import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
 import org.apache.directory.shared.ldap.exception.LdapNameAlreadyBoundException;
 import org.apache.directory.shared.ldap.message.AttributeImpl;
@@ -109,9 +105,9 @@
     }
 
     /** LUT of normalized DNs for existing ou=groups entries of suffixes */
-    private final Set groupsLut = new HashSet();
+    private final Set<String> groupsLut = new HashSet<String>();
     /** LUT of normalized suffix DNs which are already ASCAs */
-    private final Set acsaLut = new HashSet();
+    private final Set<String> acsaLut = new HashSet<String>();
 
     private final Map<String, OidNormalizer> normalizerMap;
     private final AttributeType administrativeRoleType;
@@ -129,10 +125,10 @@
      * access their subtree.  This method should be invoked immediately after the application
entry
      * is created.
      *
-     * @param appDn the user provided DN string for the entry being added
-     * @param appDn the normalized DN for the entry being added
+     * @param appDn operation context for the application being added
+     * @throws javax.naming.NamingException on error
      */
-    public void appAdded( OperationContext appDn ) throws NamingException
+    public void appAdded( AddOperationContext appDn ) throws NamingException
     {
         // get the current invocation object's proxy to access it's nexus proxy
         PartitionNexusProxy proxy = InvocationStack.getInstance().peek().getProxy();
@@ -144,19 +140,22 @@
     /**
      * Deletes the access control subentry added to the top most AAA for application access.
 This
      * method should be invoked immediately after the application entry is removed.
+     * @param appDn operation context for removed application
+     * @throws javax.naming.NamingException on error
      */
-    public void appRemoved( OperationContext appDn ) throws NamingException
+    public void appRemoved( DeleteOperationContext appDn ) throws NamingException
     {
+        GetSuffixOperationContext getSuffixOperationContext = new GetSuffixOperationContext(
appDn.getDn() );
         // get the current invocation object's proxy to access it's nexus proxy
         PartitionNexusProxy proxy = InvocationStack.getInstance().peek().getProxy();
         try {
-            removeApplicationAdminGroup( proxy, appDn );
+            removeApplicationAdminGroup( proxy, getSuffixOperationContext );
         } catch (NamingException e) {
             //ignore, if app was renamed this will happen
             log.warn("Could not delete ApplicationAdminGroup for app: " + appDn  + ". Perhaps
the app was renamed", e);
         }
         try {
-            removeApplicationSubentry( proxy, appDn );
+            removeApplicationSubentry( proxy, getSuffixOperationContext );
         } catch (NamingException e) {
             //ignore, if app was renamed this will happen
             log.warn("Could not delete Application ACI subentry for app: " + appDn  + ".
Perhaps the app was renamed", e);
@@ -189,7 +188,7 @@
 //    }
 
 
-    private void removeApplicationAdminGroup( PartitionNexusProxy proxy, OperationContext
opContext ) throws NamingException
+    private void removeApplicationAdminGroup( PartitionNexusProxy proxy, GetSuffixOperationContext
opContext ) throws NamingException
     {
         LdapDN appDn = opContext.getDn();
         // bypass all interceptors and ask for the partition suffix for this application's
entry
@@ -205,7 +204,7 @@
         buf.append( APPADMIN_GROUP_SUFFIX_LOWWER );
         groupDn.add( buf.toString() );
 
-        OperationContext groupContext = new DeleteOperationContext(groupDn);
+        DeleteOperationContext groupContext = new DeleteOperationContext(groupDn);
 
         // blow away the group entry
         groupDn.normalize( normalizerMap );
@@ -221,12 +220,13 @@
      * @param opContext the OperationContext containing the normalized name for the application
      * @throws NamingException if add operations fail
      */
-    private void addApplicationAdminGroup( PartitionNexusProxy proxy, OperationContext opContext
) throws NamingException
+    private void addApplicationAdminGroup( PartitionNexusProxy proxy, AddOperationContext
opContext ) throws NamingException
     {
         LdapDN appDn = opContext.getDn();
         // bypass all interceptors and ask for the partition suffix for this application's
entry
         // the suffix entry will be used as the administrative point for a ACSA starting
at it
-        LdapDN suffix = proxy.getSuffix( opContext, PartitionNexusProxy.BYPASS_ALL_COLLECTION
);
+        GetSuffixOperationContext getSuffixOperationContext = new GetSuffixOperationContext(
opContext.getDn() );
+        LdapDN suffix = proxy.getSuffix( getSuffixOperationContext, PartitionNexusProxy.BYPASS_ALL_COLLECTION
);
         String appUpName = NamespaceTools.getRdnValue( appDn.getRdn().getUpName() );
 
         // calculate the names of the group container and create ou=groups if we have to
@@ -251,10 +251,8 @@
         // not need since admin can do anything but we need one member at least
         group.put( "uniqueMember", "uid=admin,ou=system" );
 
-        OperationContext groupContext = new AddOperationContext(groupDn, group);
+        AddOperationContext groupContext = new AddOperationContext(groupDn, group);
         createGroupsContainer( proxy, groupContext );
-
-        proxy.add( groupContext, ADD_BYPASS );
     }
 
 
@@ -265,7 +263,7 @@
      * @param opContext op context containing the normalized name for ou=groups under a suffix
      * @throws NamingException if add operations fail
      */
-    private void createGroupsContainer( PartitionNexusProxy proxy, OperationContext opContext
) throws NamingException
+    private void createGroupsContainer( PartitionNexusProxy proxy, AddOperationContext opContext
) throws NamingException
     {
         LdapDN groupDn = opContext.getDn();
         if ( groupsLut.contains( groupDn.getNormName() ) )
@@ -278,7 +276,7 @@
         groups.get( "objectClass" ).add( "organizationalUnit" );
         groups.put( "ou", "Groups" );
 
-        OperationContext addContext = new AddOperationContext(groupDn, groups);
+        AddOperationContext addContext = new AddOperationContext(groupDn, groups);
         try
         {
             proxy.add( addContext, ADD_BYPASS );
@@ -295,7 +293,7 @@
 
 
 
-    void removeApplicationSubentry( PartitionNexusProxy proxy, OperationContext opContext
) throws NamingException
+    void removeApplicationSubentry( PartitionNexusProxy proxy, GetSuffixOperationContext
opContext ) throws NamingException
     {
         LdapDN appDn = opContext.getDn();
         // bypass all interceptors and ask for the partition suffix for this application's
entry
@@ -311,7 +309,7 @@
 
         // delete the access control subentry
         subentryDn.normalize( normalizerMap );
-        OperationContext deleteContext = new DeleteOperationContext( subentryDn );
+        DeleteOperationContext deleteContext = new DeleteOperationContext( subentryDn );
         proxy.delete( deleteContext, DEL_BYPASS );
     }
 
@@ -324,12 +322,13 @@
      * @param opContext the OperationContext holding the normalized name for the application
entry being added
      * @throws NamingException if add operations fail
      */
-    void addApplicationSubentry( PartitionNexusProxy proxy, OperationContext opContext )
throws NamingException
+    void addApplicationSubentry( PartitionNexusProxy proxy, AddOperationContext opContext
) throws NamingException
     {
         LdapDN appDn = opContext.getDn();
         // bypass all interceptors and ask for the partition suffix for this application's
entry
         // the suffix entry will be used as the administrative point for a ACSA starting
at it
-        LdapDN suffix = proxy.getSuffix( opContext, PartitionNexusProxy.BYPASS_ALL_COLLECTION
);
+        GetSuffixOperationContext getSuffixOperationContext = new GetSuffixOperationContext(
opContext.getDn() );
+        LdapDN suffix = proxy.getSuffix( getSuffixOperationContext, PartitionNexusProxy.BYPASS_ALL_COLLECTION
);
         String appUpName = NamespaceTools.getRdnValue( appDn.getRdn().getUpName() );
         String appName = NamespaceTools.getRdnValue( appDn.get( appDn.size() - 1 ) );
         createAccessControlArea( proxy, suffix );
@@ -375,7 +374,7 @@
         LdapDN subentryDn = ( LdapDN ) suffix.clone();
         subentryDn.add( buf.toString() );
         subentryDn.normalize( normalizerMap );
-        OperationContext addContext = new AddOperationContext(subentryDn, subentry);
+        AddOperationContext addContext = new AddOperationContext(subentryDn, subentry);
         proxy.add( addContext, ADD_BYPASS );
     }
 
@@ -384,10 +383,11 @@
      * Checks cache to see if the entry at apDn is an access control specific area (ACSA),
if
      * not the entry is accessed to check if it is an administrative point for an ACSA. 
If
      * the entry is an ACSA AP, then the cache is updated.  If the entry is NOT an ACSA AP
then
-     * the entry at apDn is promoted to an ACSA.
+     * the entry at apDn is promoted to an ACSA. TODO this may be unnecessary -- ldif can't
load without acsa present
      *
      * @param appDn info on where to do it
-     * @throws NamingException
+     * @param proxy ldap proxy
+     * @throws NamingException on error
      */
     private void createAccessControlArea( PartitionNexusProxy proxy, LdapDN appDn ) throws
NamingException
     {
@@ -395,7 +395,7 @@
         {
             return;
         }
-        OperationContext lookupContext = new LookupOperationContext(appDn, RETURN_ADMINROLE);
+        LookupOperationContext lookupContext = new LookupOperationContext(appDn, RETURN_ADMINROLE);
 
         Attributes acsa = proxy.lookup( lookupContext, LOOKUP_BYPASS );
         Attribute administrativeRole = AttributeUtils.getAttribute( acsa, administrativeRoleType
);
@@ -415,7 +415,7 @@
 //        Attributes mods = new AttributesImpl();
 //        mods.put( "administrativeRole", "accessControlSpecificArea" );
         ModificationItemImpl[] mods = new ModificationItemImpl[] { new ModificationItemImpl(DirContext.ADD_ATTRIBUTE,
new AttributeImpl( "administrativeRole", "accessControlSpecificArea" )) };
-        OperationContext modContext = new ModifyOperationContext(appDn, mods);
+        ModifyOperationContext modContext = new ModifyOperationContext(appDn, mods);
         proxy.modify( modContext );
         acsaLut.add( appDn.getNormName() );
     }

Modified: directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java?rev=570324&r1=570323&r2=570324&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java
(original)
+++ directory/sandbox/djencks/triplesec-jacc2/store/src/main/java/org/apache/directory/triplesec/store/interceptor/PolicyProtectionInterceptor.java
Mon Aug 27 23:23:30 2007
@@ -40,6 +40,8 @@
 import org.apache.directory.server.core.interceptor.context.OperationContext;
 import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
 import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
+import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
+import org.apache.directory.server.core.interceptor.context.GetSuffixOperationContext;
 import org.apache.directory.server.core.invocation.InvocationStack;
 import org.apache.directory.server.core.partition.PartitionNexusProxy;
 import org.apache.directory.shared.ldap.filter.ExprNode;
@@ -77,12 +79,12 @@
     }
 
     
-    public void add( NextInterceptor next, OperationContext opContext ) throws NamingException
+    public void add( NextInterceptor next, AddOperationContext opContext ) throws NamingException
     {
         boolean policyEntry = false;
         boolean isApplication = false;
 
-        Attributes attrs = ((AddOperationContext)opContext).getEntry();
+        Attributes attrs = opContext.getEntry();
         Attribute attr = getObjectClass( attrs );
         NamingEnumeration ocList = attr.getAll();
         try
@@ -150,7 +152,7 @@
     }
 
     
-    public void delete( NextInterceptor next, OperationContext operationContext ) throws
NamingException
+    public void delete( NextInterceptor next, DeleteOperationContext operationContext ) throws
NamingException
     {
         boolean isApplication = isPolicyApplication( operationContext.getDn() );
 
@@ -214,7 +216,7 @@
 //    }
 
     
-    public void modify( NextInterceptor next, OperationContext opContext ) throws NamingException
+    public void modify( NextInterceptor next, ModifyOperationContext opContext ) throws NamingException
     {
         LdapDN baseName = getBaseName( next, opContext );
         if( baseName == null )
@@ -223,7 +225,7 @@
             return;
         }
 
-        ModificationItem[] modItems = ((ModifyOperationContext)opContext).getModItems();
+        ModificationItem[] modItems = opContext.getModItems();
         for( int i = modItems.length - 1; i >= 0; i-- )
         {
             Attribute attr = modItems[ i ].getAttribute();
@@ -242,10 +244,9 @@
     }
 
     
-    public void rename( NextInterceptor next, OperationContext operationContext ) throws
NamingException
+    public void rename( NextInterceptor next, RenameOperationContext opContext ) throws NamingException
     {
-        RenameOperationContext opContext = (RenameOperationContext) operationContext;
-        boolean isApplication = isPolicyApplication(operationContext.getDn());
+        boolean isApplication = isPolicyApplication(opContext.getDn());
         LdapDN name = opContext.getDn();
 
 
@@ -256,10 +257,14 @@
 
         if ( isApplication )
         {
+            //TODO to support rename, we'd have to add permissions, roles, etc to app before
doing the ACI stuff.
+            //also we should move permissions etc.
+            throw new NamingException("rename not supported for applications");
             // we don't need to mess around with deleting and adding the admin group (don't
want to loose info either)
-            aciManager.removeApplicationSubentry( proxy, opContext );
+//            aciManager.removeApplicationSubentry( proxy, new GetSuffixOperationContext(
name ) );//name?? baseName????
         }
         next.rename( opContext );
+/*
         if ( isApplication )
         {
             // calculate the new name
@@ -270,34 +275,35 @@
             LdapDN newDn = ( LdapDN ) name.clone();
             newDn.remove( name.size() - 1 );
             newDn.add( rdn.get( 0 ) );
-            RenameOperationContext newOpContext = new RenameOperationContext(name, rdn.get(0),
opContext.getDelOldDn());
+            AddOperationContext newOpContext = new AddOperationContext(newDn);
             aciManager.addApplicationSubentry( proxy, newOpContext );
         }
+*/
     }
 
-    public void move( NextInterceptor next, OperationContext operationContext ) throws NamingException
+    public void move( NextInterceptor next, MoveOperationContext operationContext ) throws
NamingException
     {
         boolean isApplication = isPolicyApplication(operationContext.getDn());
-        MoveOperationContext opContext = (MoveOperationContext) operationContext;
 
         // calculate the new name
 //        LdapDN newNameUpDn = ( LdapDN ) opContext.getParent().clone();
 //        newNameUpDn.add( opContext.getDn().get(0) ); //?????
 //        LdapDN rdn = new LdapDN( newRN );
-        LdapDN newDn = ( LdapDN ) opContext.getParent().clone();
-        newDn.add( opContext.getDn().get( 0 ) );
-        MoveOperationContext newOpContext = new MoveOperationContext(newDn, opContext.getParent());//really?
+        LdapDN newDn = ( LdapDN ) operationContext.getParent().clone();
+        newDn.add( operationContext.getDn().get( 0 ) );
+        AddOperationContext newOpContext = new AddOperationContext(newDn);//really?
 
         PartitionNexusProxy proxy = InvocationStack.getInstance().peek().getProxy();
-        LdapDN baseName = getBaseName( next, opContext );
+        LdapDN baseName = getBaseName( next, operationContext );
 
-        checkModification( next, baseName, opContext.getDn() );
+        checkModification( next, baseName, operationContext.getDn() );
         if ( isApplication )
         {
             // we don't need to mess around with deleting and adding the admin group (don't
want to loose info either)
-            aciManager.removeApplicationSubentry( proxy, opContext );
+            GetSuffixOperationContext deleteOperationContext = new GetSuffixOperationContext(
operationContext.getDn() );
+            aciManager.removeApplicationSubentry( proxy, deleteOperationContext );
         }
-        next.move( opContext );
+        next.move( operationContext );
         if ( isApplication )
         {
             aciManager.addApplicationSubentry( proxy, newOpContext );
@@ -358,7 +364,7 @@
         LdapDN name = opContext.getDn();
         if( name.size() >= 3 )
         {
-            Attributes attrs = next.lookup( opContext );
+            Attributes attrs = next.lookup( new LookupOperationContext( name ) );
             Attribute attr = getObjectClass( attrs );
             NamingEnumeration e = attr.getAll();
             try
@@ -395,7 +401,7 @@
             {
                 name = ( LdapDN ) name.clone();
                 name.remove( name.size() - 1 );
-                Attributes attrs = next.lookup( opContext );
+                Attributes attrs = next.lookup( new LookupOperationContext( name ) );
                 Attribute attr = getObjectClass( attrs );
                 NamingEnumeration e = attr.getAll();
                 try
@@ -461,7 +467,7 @@
     private boolean isPolicyApplication( LdapDN dn ) throws NamingException
     {
         PartitionNexusProxy proxy = InvocationStack.getInstance().peek().getProxy();
-        OperationContext opContext = new LookupOperationContext(dn, OBJECT_CLASS_ATTRS);
+        LookupOperationContext opContext = new LookupOperationContext(dn, OBJECT_CLASS_ATTRS);
         Attributes entry = proxy.lookup( opContext, PartitionNexusProxy.LOOKUP_BYPASS );
         Attribute oc = getObjectClass( entry );
 
@@ -507,7 +513,7 @@
         {
             try
             {
-                Attributes entry = next.lookup( opContext );
+                Attributes entry = next.lookup( new LookupOperationContext( name ) );
                 Attribute attr = getObjectClass( entry );
                 NamingEnumeration e = attr.getAll();
                 try
@@ -543,7 +549,7 @@
     
 
     private void checkAttributeAddition( NextInterceptor next, LdapDN baseName, Attribute
attr )
-        throws NamingException, SchemaViolationException
+        throws NamingException
     {
 
         // If the attribute is a permission
@@ -600,7 +606,7 @@
     }
 
     
-    private void checkAttributeRemoval( Attribute attr ) throws NamingException, SchemaViolationException
+    private void checkAttributeRemoval( Attribute attr ) throws NamingException
     {
         if( !"objectClass".equalsIgnoreCase( attr.getID() ) )
         {
@@ -632,7 +638,7 @@
     private static final String ROLENAME_ATTR_OID = "1.3.6.1.4.1.18060.0.4.6.2.204";
     
     private void checkNotInUse( NextInterceptor next, LdapDN baseName, LdapDN name )
-        throws NamingException, SchemaViolationException
+        throws NamingException
     {
         String nameType = NamespaceTools.getRdnAttribute( name.get( name.size() - 1 ) );
         String nameValue = NamespaceTools.getRdnValue( name.get( name.size() - 1 ) );
@@ -699,7 +705,7 @@
 
     
     private void checkModification( NextInterceptor next, LdapDN baseName, LdapDN name )

-        throws SchemaViolationException, NamingException
+        throws NamingException
     {
         if( isEntityGroup( name ) )
         {

Modified: directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema
URL: http://svn.apache.org/viewvc/directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema?rev=570324&r1=570323&r2=570324&view=diff
==============================================================================
--- directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema (original)
+++ directory/sandbox/djencks/triplesec-jacc2/store/src/main/schema/triplesec.schema Mon Aug
27 23:23:30 2007
@@ -149,7 +149,7 @@
 
 objectclass ( 1.3.6.1.4.1.18060.0.4.6.3.202 NAME 'policyPermission'
     SUP top
-    AUXILIARY
+    STRUCTURAL
     MUST ( permName )
     MAY ( description )
     )
@@ -198,13 +198,13 @@
 
 objectclass ( 1.3.6.1.4.1.18060.0.4.6.3.203 NAME 'policyRole'
     SUP top
-    AUXILIARY
+    STRUCTURAL
     MUST ( roleName )
     MAY  ( grants $ denials $ description ) )
 
 objectclass ( 1.3.6.1.4.1.18060.0.4.6.3.204 NAME 'policyProfile'
     SUP top
-    AUXILIARY
+    STRUCTURAL
     MUST ( profileId $ user )
     MAY  ( grants $ denials $ roles $ userPassword $ description $ triplesecDisabled ) )
 



Mime
View raw message