directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel L├ęcharny <elecha...@apache.org>
Subject Re: Handling of dSAOperation attributes
Date Thu, 23 Dec 2010 14:20:09 GMT
On 12/23/10 3:10 PM, Stefan Seelmann wrote:
> Hi Emmanuel,
>
> On Thu, Dec 23, 2010 at 3:06 PM, Emmanuel Lecharny<elecharny@gmail.com>  wrote:
>> Hi,
>>
>> I have an issue. When trying to update the seqNumber attribute in an
>> AdminsitrativePoint, I get an error :
>> org.apache.directory.shared.ldap.exception.LdapNoPermissionException: ERR_52
>> Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.4.1.18060.0.4.1.2.51
>>   NAME 'APSeqNumber'
>>   DESC A sequential number used for Administration Point entries
>>   EQUALITY integerMatch
>>   SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
>>   SINGLE-VALUE
>>   NO-USER-MODIFICATION
>>   USAGE dSAOperation
>>   )
>>
>> There is a check that forbid us to modify such an attribute (it can be
>> added, deleted, but not replaced)
>>
>> I'm using the admin users.
>>
>> Should we allow such a modification when the user is the admin ?
> Is the check located in the SchemaInterceptor?
Yes

> If so, I think there
> are some Interceptor by-passes to avoid such checks.
True. No need to check the entry when it's manipulated by the server.

Thanks for the heads up !
> Kind Regards,
> Stefan
>


-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com


Mime
View raw message