directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: [apacheds] issues with ACI
Date Thu, 18 Jun 2009 14:10:44 GMT
Hi Varun,

Varun Dev wrote:
> Hi,
> I am new to apacheds and LDAP, I have recently downloaded and installed
> apacheds. I want setup access control in my directory. When I import the
> example files on a fresh installation
> 
> apache_ds_tutorial.ldif
> authz_sevenSeas.ldif
> 
> the user - Horatio Nelson does not have any permissions as per
> prescriptiveaci in  sevenSeasAuthorizationRequirementsACISubentry
> 
> In apacheds 1.0, Horatio Nelson can login, when I try to edit some
> attribute of a user I get following error in the apache studio and I
> don't see any trace in log files.
I haven't tested with 1.0, please use 1.5.4.


> In apacheds 1.5, Horatio Nelson can't even log in throwing the following
> error 
> Error while opening connection
>  - [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for
> SearchReques
> 
You get this error using Studio, right?

I also get this error when using Studio, however this is an issues of
Studio, call it bug or feature ;-). When opening the connection Studio
tries to fetch all available namingContexts (ou=system, ou=schema) and
the schema (cn=schema). However with activated access control the server
rejects this with error 50. So one option is to allow the read access to
these trees using ACIs. But we have to consider to change studio to not
search for those entries or to pop up this messages.

Anyway, when I click away the error message it works fine. Horatio
Nelson could browse and edit the o=sevenSeas tree. And other sailors
could browse, but not edit and don't see the userPassword attribute.

Could you test please?

Kind Regards,
Stefan


Mime
View raw message