directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: ldif file of auth howto's
Date Thu, 22 May 2008 13:26:49 GMT
Hi Jeroen,

Here is an example how to add the administrativeRole:
http://directory.apache.org/apacheds/1.5/32-basic-authorization.data/authz_sevenSeas.ldif

In the  "Basic Users Guide" there are some examples how to set up
authorization:
http://directory.apache.org/apacheds/1.5/32-basic-authorization.html

Kind Regards
Stefan


Jeroen Vriesman schrieb:
> Hi,
>
> thanks, this it doesn't complain about the syntax anymore.
>
> now it wants an "administrativeRole", which I would like to set to
> "accessControlSpecificArea"
>
> In the doc's I can only find how to do that programmatically, but I'm not
> java programmer, what would be the ldif for such an operation?
>
> thanks,
> Jeroen.
>
>
> On Thu, May 22, 2008 at 2:26 PM, Emmanuel Lecharny <elecharny@apache.org>
> wrote:
>
>   
>> Sorry, I forgot to add the " around enableSearchForAllUsers in the
>> prescriptiveACI attribute. Try this :
>>
>> dn: cn=enableSearchForAllUsers,dc=example,dc=com
>> cn: enableSearchForAllUsers
>> objectClass: top
>> objectClass: subentry
>> objectClass: accessControlSubentry
>> subtreeSpecification: {}
>> prescriptiveACI: { identificationTag "enableSearchForAllUsers", precedence
>> 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses {
>> allUsers }, userPermissions { { protectedItems {entry,
>> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
>> grantReturnDN, grantBrowse } } } } }
>>
>>
>>
>>
>> Jeroen Vriesman wrote:
>>
>>     
>>> Hi,
>>>
>>> this gives me:
>>>
>>> adding new entry "cn=enableSearchForAllUsers, o=hivos"
>>> ldap_add: Invalid syntax (21)
>>>    additional info: failed to add entry
>>> cn=enableSearchForAllUsers,o=hivos:
>>> Attribute value '{ identificationTag enableSearchForAllUsers, precedence
>>> 14,
>>> authenticationLevel simple, itemOrUserFirst userFirst: { userClasses {
>>> allUsers }, userPermissions { { protectedItems {entry,
>>> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
>>> grantReturnDN, grantBrowse } } } } }' for attribute 'prescriptiveaci' is
>>> syntactically incorrect
>>>
>>>
>>> any idea why?
>>>
>>> On Thu, May 22, 2008 at 1:33 PM, Emmanuel Lecharny <elecharny@apache.org>
>>> wrote:
>>>
>>>
>>>
>>>       
>>>> Jeroen Vriesman wrote:
>>>>
>>>>
>>>>
>>>>         
>>>>> Hi all
>>>>>
>>>>> I was looking at the howto:
>>>>> http://directory.apache.org/apacheds/1.5/enablesearchforallusers.html
>>>>>
>>>>> it has a link to
>>>>> enableSearchForAllUsers.ldif<
>>>>>
>>>>> http://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=DIRxSRVx11&title=enableSearchForAllUsers.ldif&linkCreation=true&fromPageId=55229
>>>>>
>>>>>
>>>>>           
>>>>>> which
>>>>>>
>>>>>>
>>>>>>             
>>>>> points to a wiki, but I cannot find the ldif files of the example
>>>>> authentication configurations.
>>>>>
>>>>> Does anyone here have a link to the ldif files?
>>>>>
>>>>> cheers,
>>>>> Jeroen.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>           
>>>> It seems that the link is broken. Can you fill a JIRA so that we remember
>>>> to fix it ?
>>>>
>>>> Here is the LDIF file, just in case :
>>>>
>>>> dn: cn=enableSearchForAllUsers,dc=example,dc=com
>>>> cn: enableSearchForAllUsers
>>>> objectClass: top
>>>> objectClass: subentry
>>>> objectClass: accessControlSubentry
>>>> subtreeSpecification: {}
>>>> prescriptiveACI: { identificationTag enableSearchForAllUsers, precedence
>>>> 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses
>>>> {
>>>> allUsers }, userPermissions { { protectedItems {entry,
>>>> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
>>>> grantReturnDN, grantBrowse } } } } }
>>>>
>>>>
>>>> --
>>>> --
>>>> cordialement, regards,
>>>> Emmanuel L├ęcharny
>>>> www.iktek.com
>>>> directory.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>         
>>>
>>>       
>> --
>> --
>> cordialement, regards,
>> Emmanuel L├ęcharny
>> www.iktek.com
>> directory.apache.org
>>
>>
>>
>>     
>
>   


Mime
View raw message