directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1792) Replication and Modification of ACIs
Date Fri, 18 Jan 2013 17:48:13 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13557392#comment-13557392
] 

Emmanuel Lecharny commented on DIRSERVER-1792:
----------------------------------------------

The accessControlSubentries AT has a NO-USER-MODIFICATION type, which means you can't modify
its content.

The only solution would be to delete it and recreate it.

The former error is a different beast. We need to investigate.
                
> Replication and Modification of ACIs
> ------------------------------------
>
>                 Key: DIRSERVER-1792
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1792
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M9
>         Environment: Linux 64bit
> OpenJDK Runtime Environment (IcedTea6 1.8.13) (6b18-1.8.13-0+squeeze2)
>            Reporter: Michael Simon
>
> Creating an ou with administrativeRole set works and replicates on the Slave nodes. Modifying
the administrativeRole to accessControlSpecificArea for example on an existing ou throws an
Exception:
> [13:04:07] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_54
Cannot add a value which is already present : organizationalUnit
> [13:04:07] ERROR [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ERR_54 Cannot add a value which is already present : organizationalUnit
> org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException: ERR_54 Cannot
add a value which is already present : organizationalUnit
>         at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739)
>         at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
>         at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
> More or less the same things happens with accessControlSubentries. Creating an entry
is working and replicating, but modifying the prescriptiveACI throws an exception:
> [13:10:58] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_52
Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.4.1.18060.0.4.1.2.11
>  NAME 'accessControlSubentries'
>  DESC Used to track a subentry associated with access control areas
>  EQUALITY distinguishedNameMatch
>  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
>  NO-USER-MODIFICATION
>  USAGE directoryOperation
>  )
>         at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:716)
>         at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
>         at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message