directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Russell <>
Subject [LdapFileLoader] discrepancies in loading ldif files
Date Thu, 20 Dec 2012 20:04:15 GMT
<font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2">My goal is
to create a user with read-only access.&nbsp;<div><br></div><div>I
have two ldifs that I use to acheive this, one modifies the area that I want to grant access
to:</div><div><br></div><div><div>version: 1</div><div><br></div><div>dn:
ou=system</div><div>changetype: modify</div><div>add: administrativeRole</div><div>administrativeRole:
the other creates the user:</div><div><div>dn: cn=enableSearchForAllUsers,ou=system</div><div>objectClass:
top</div><div>objectClass: subentry</div><div>objectClass: accessControlSubentry</div><div>subtreeSpecification:
{}</div><div>cn: enableSearchForAllUsers</div><div>prescriptiveACI:
{ identificationTag "enableSearchForAllUsers", precedence 14, authenticationLevel simple,
itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems
{entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, grantReturnDN, grantBrowse
} } } } }</div><div><br></div><div># User account</div><div>dn:
uid=READER ,ou=users,ou=system</div><div>cn: READER</div><div>sn:
Reader</div><div>uid: READER</div><div>uidNumber: 10000</div><div>gidNumber:
10000</div><div>objectClass: top</div><div>objectClass: inetOrgPerson</div><div>objectClass:
organizationalPerson</div><div>objectClass: person</div><div>userPassword:
I import both of these ldifs using Apache Directory Studio, it works as I expect -- the user
is created, and it has read only access.</div><div><br></div><div>However,
when I load the same files, in the same order, using LdifFileLoader:</div><div><div>&nbsp;
&nbsp; &nbsp; &nbsp; LdifFileLoader ldifLoader = new LdifFileLoader(service.getAdminSession(),
workingSchemaPath);</div><div>&nbsp; &nbsp; &nbsp; &nbsp; ldifLoader.execute();</div></div><div><br></div><div>The
result is not the same. No error messages are given, the end result is that the user is created,
but with no read-only access. Since the user is created, I know that it's loading the ldifs
from the proper place, and I haven't had trouble with other modification-based ldifs in the
past. Do you know why this&nbsp;discrepancy&nbsp;would be there, and if there's anything
I can do to get around it? It is difficult since there don't appear to be any errors, so I'm
not sure what to search for...</div><div><br></div><div>Thanks,</div><div>Jon

View raw message