directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashton Davis (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DIRSERVER-1994) Can't apply ACI to ou=schema
Date Mon, 25 Aug 2014 19:52:58 GMT
Ashton Davis created DIRSERVER-1994:
---------------------------------------

             Summary: Can't apply ACI to ou=schema
                 Key: DIRSERVER-1994
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1994
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: schema
    Affects Versions: 2.0.0-M17, 2.0.0-M16
            Reporter: Ashton Davis


I'd like to allow a user to have read-only privileges to ou=schema - I can accomplish this
a few ways (apply an existing ACI to ou=schema, create a new ACI subentry in ou=schema, etc)
- but I can't seem to do it.  Below are the kinds of error messages I get.

#!RESULT ERROR
#!DATE 2014-08-25T19:41:34.756
#!ERROR [LDAP: error code 53 - UNWILLING_TO_PERFORM: failed for MessageType : MODIFY_REQUEST
Message ID : 16     Modify Request         Object : 'ou=schema'             Modification[0]
                Operation :  add                 Modification administrativeRole: accessControlInnerAreaorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@5f2a5fc2:
null]
dn: ou=schema
changetype: modify
add: administrativeRole
administrativeRole: accessControlInnerArea
-

#!RESULT ERROR
#!DATE 2014-08-25T19:46:49.450
#!ERROR [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST
Message ID : 25     Modify Request         Object : 'ou=schema'             Modification[0]
                Operation :  add                 Modification accessControlSubentries: cn=openOTPProxyUserACI,dc=ntent,dc=comorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@85bc62b0:
ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries'
	DESC 'Used to track a subentry associated with access control areas' 	EQUALITY distinguishedNameMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 	NO-USER-MODIFICATION 	USAGE directoryOperation )]
dn: ou=schema
changetype: modify
add: accessControlSubentries
accessControlSubentries: cn=openOTPProxyUserACI,dc=ntent,dc=com
-




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message