directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeroen Vriesman" <linuxifica...@gmail.com>
Subject Re: ldif file of auth howto's
Date Thu, 22 May 2008 13:32:21 GMT
aha,

so the "add" attribute does the trick, I'm used to openldap, so that's why I
was looking for an objectclass with m-may or m-must = administrativerole

thanks,
Jeroen.

On Thu, May 22, 2008 at 3:26 PM, Stefan Seelmann <seelmann@apache.org>
wrote:

> Hi Jeroen,
>
> Here is an example how to add the administrativeRole:
>
> http://directory.apache.org/apacheds/1.5/32-basic-authorization.data/authz_sevenSeas.ldif
>
> In the  "Basic Users Guide" there are some examples how to set up
> authorization:
> http://directory.apache.org/apacheds/1.5/32-basic-authorization.html
>
> Kind Regards
> Stefan
>
>
> Jeroen Vriesman schrieb:
> > Hi,
> >
> > thanks, this it doesn't complain about the syntax anymore.
> >
> > now it wants an "administrativeRole", which I would like to set to
> > "accessControlSpecificArea"
> >
> > In the doc's I can only find how to do that programmatically, but I'm not
> > java programmer, what would be the ldif for such an operation?
> >
> > thanks,
> > Jeroen.
> >
> >
> > On Thu, May 22, 2008 at 2:26 PM, Emmanuel Lecharny <elecharny@apache.org
> >
> > wrote:
> >
> >
> >> Sorry, I forgot to add the " around enableSearchForAllUsers in the
> >> prescriptiveACI attribute. Try this :
> >>
> >> dn: cn=enableSearchForAllUsers,dc=example,dc=com
> >> cn: enableSearchForAllUsers
> >> objectClass: top
> >> objectClass: subentry
> >> objectClass: accessControlSubentry
> >> subtreeSpecification: {}
> >> prescriptiveACI: { identificationTag "enableSearchForAllUsers",
> precedence
> >> 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses
> {
> >> allUsers }, userPermissions { { protectedItems {entry,
> >> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
> >> grantReturnDN, grantBrowse } } } } }
> >>
> >>
> >>
> >>
> >> Jeroen Vriesman wrote:
> >>
> >>
> >>> Hi,
> >>>
> >>> this gives me:
> >>>
> >>> adding new entry "cn=enableSearchForAllUsers, o=hivos"
> >>> ldap_add: Invalid syntax (21)
> >>>    additional info: failed to add entry
> >>> cn=enableSearchForAllUsers,o=hivos:
> >>> Attribute value '{ identificationTag enableSearchForAllUsers,
> precedence
> >>> 14,
> >>> authenticationLevel simple, itemOrUserFirst userFirst: { userClasses {
> >>> allUsers }, userPermissions { { protectedItems {entry,
> >>> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
> >>> grantReturnDN, grantBrowse } } } } }' for attribute 'prescriptiveaci'
> is
> >>> syntactically incorrect
> >>>
> >>>
> >>> any idea why?
> >>>
> >>> On Thu, May 22, 2008 at 1:33 PM, Emmanuel Lecharny <
> elecharny@apache.org>
> >>> wrote:
> >>>
> >>>
> >>>
> >>>
> >>>> Jeroen Vriesman wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> Hi all
> >>>>>
> >>>>> I was looking at the howto:
> >>>>>
> http://directory.apache.org/apacheds/1.5/enablesearchforallusers.html
> >>>>>
> >>>>> it has a link to
> >>>>> enableSearchForAllUsers.ldif<
> >>>>>
> >>>>>
> http://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=DIRxSRVx11&title=enableSearchForAllUsers.ldif&linkCreation=true&fromPageId=55229
> >>>>>
> >>>>>
> >>>>>
> >>>>>> which
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>> points to a wiki, but I cannot find the ldif files of the example
> >>>>> authentication configurations.
> >>>>>
> >>>>> Does anyone here have a link to the ldif files?
> >>>>>
> >>>>> cheers,
> >>>>> Jeroen.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>> It seems that the link is broken. Can you fill a JIRA so that we
> remember
> >>>> to fix it ?
> >>>>
> >>>> Here is the LDIF file, just in case :
> >>>>
> >>>> dn: cn=enableSearchForAllUsers,dc=example,dc=com
> >>>> cn: enableSearchForAllUsers
> >>>> objectClass: top
> >>>> objectClass: subentry
> >>>> objectClass: accessControlSubentry
> >>>> subtreeSpecification: {}
> >>>> prescriptiveACI: { identificationTag enableSearchForAllUsers,
> precedence
> >>>> 14, authenticationLevel simple, itemOrUserFirst userFirst: {
> userClasses
> >>>> {
> >>>> allUsers }, userPermissions { { protectedItems {entry,
> >>>> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
> >>>> grantReturnDN, grantBrowse } } } } }
> >>>>
> >>>>
> >>>> --
> >>>> --
> >>>> cordialement, regards,
> >>>> Emmanuel L├ęcharny
> >>>> www.iktek.com
> >>>> directory.apache.org
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >> --
> >> --
> >> cordialement, regards,
> >> Emmanuel L├ęcharny
> >> www.iktek.com
> >> directory.apache.org
> >>
> >>
> >>
> >>
> >
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message