directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Roemmich (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1994) Can't apply ACI to ou=schema
Date Fri, 12 Feb 2016 08:33:18 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15144262#comment-15144262
] 

Chris Roemmich commented on DIRSERVER-1994:
-------------------------------------------

Any update on this? Having the same issue on M21.

> Can't apply ACI to ou=schema
> ----------------------------
>
>                 Key: DIRSERVER-1994
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1994
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: schema
>    Affects Versions: 2.0.0-M16, 2.0.0-M17
>            Reporter: Ashton Davis
>
> I'd like to allow a user to have read-only privileges to ou=schema - I can accomplish
this a few ways (apply an existing ACI to ou=schema, create a new ACI subentry in ou=schema,
etc) - but I can't seem to do it.  Below are the kinds of error messages I get.
> #!RESULT ERROR
> #!DATE 2014-08-25T19:41:34.756
> #!ERROR [LDAP: error code 53 - UNWILLING_TO_PERFORM: failed for MessageType : MODIFY_REQUEST
Message ID : 16     Modify Request         Object : 'ou=schema'             Modification[0]
                Operation :  add                 Modification administrativeRole: accessControlInnerAreaorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@5f2a5fc2:
null]
> dn: ou=schema
> changetype: modify
> add: administrativeRole
> administrativeRole: accessControlInnerArea
> -
> #!RESULT ERROR
> #!DATE 2014-08-25T19:46:49.450
> #!ERROR [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST
Message ID : 25     Modify Request         Object : 'ou=schema'             Modification[0]
                Operation :  add                 Modification accessControlSubentries: cn=openOTPProxyUserACI,dc=ntent,dc=comorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@85bc62b0:
ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries'
	DESC 'Used to track a subentry associated with access control areas' 	EQUALITY distinguishedNameMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 	NO-USER-MODIFICATION 	USAGE directoryOperation )]
> dn: ou=schema
> changetype: modify
> add: accessControlSubentries
> accessControlSubentries: cn=openOTPProxyUserACI,dc=ntent,dc=com
> -



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message