directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tanja Ertl" <>
Subject RE: admin user
Date Fri, 27 Jun 2008 09:33:41 GMT
Hi Emmanuel,

I have just created DIRSERVER-1191.

I tried to create another user and to give him the rights. I'm using ACI mechanism. For my
own partition it works fine, but when I try to use this user in Studio, I can not browse the
tree anymore, I see only the RootDSE, nothing more.
How can I grant permissions for this user on the system/schema tree? I tried to supply an
administrativeRole and accessControlSubentry in the schema tree, but I got the error, that
this is not allowed here.    


-----Original Message-----
From: Emmanuel Lecharny [] On Behalf Of Emmanuel Lecharny
Sent: Friday, June 27, 2008 10:23 AM
Subject: Re: admin user

Tanja Ertl wrote:
> I would like to embedd ApacheDirectory in another application which has already this
concept of a root user and I would like to be both the same.
Makes sense.
> I can change it in 1.0.x versions, right? 
Sadly, not...
> At least the name is configurable via the spring configuration, I didn't try it.
The fact is that this uid=admin, ou=system appears in the Spring 
configuration was a mistake, as it make users think they can change it. 
This is the reason why its not any more present in the 1.5.2 
configuration file.
> Is it at least possible to change the password for the admin in 1.5.2?
Yes. Just use Studio to change it.

FYI, we have already had many discussion about what should be done 
regarding the admin user. I would say that defining a configurable admin 
user make sense. I also would suggest that you fill a JIRA in order to 
remind us to do it when we have a couple of days to deal with this issue.

Btw, why not considering creating another user which will be a kind of 
admin ? The current admin is mainly used the first time you launch the 
server, in order to be able to 'bootstrap' the server, and also for 
internal manipulation of data. As soon as you have created a new user, 
assigned it the correct access, then you will be all done.

cordialement, regards,
Emmanuel L├ęcharny

View raw message