directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Blanchard <>
Subject [APACHDS] [ACI] problem to use ACIs
Date Mon, 23 Jan 2006 12:14:58 GMT
Hi ,

I have some troubles to add some ACIs on ou=system to enable users to do
what they want with their own entry.
I added an "accessControlSpecificArea" value to the "administrativeRole"
attribute on ou=system.
I used the following subtree specification : "{}" and the following
value for my  prescriptiveACI on the accesControlSubentry I created
under ou=system  :
" { identificationTag "enableUserSelfModification", precedence 1,
authenticationLevel simple, itemOrUserFirst userFirst:{ userClasses {
thisEntry }, userPermissions { { protectedItems { entry,
allUserAttributeTypesAndValues }, grantsAndDenials { grantAdd,
grantRemove, grantModify, grantFilterMatch, grantCompare, grantRead,
grantReturnDN, grantBrowse } } } } }"

When i create a new user with admin rights and try to log under this
user, i get a 50 error code : noPermission. This is not an 49 error code
: AuthenticationException

Should i use "authenticationLevel none" for some kind of permissions
before expecting to go ahead with other authorizations ?
Has someone an idea on what is my error ?
Thanks to all,
Tony Blanchard

View raw message