directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: [apacheds] issues with ACI
Date Fri, 19 Jun 2009 15:42:35 GMT
Hi Varun,

> I think fetching all available namingContexts is a server behavior not
> the studio behavior. When I login using PhpLdapAdmin, same happens.

No, the client sends the search request. Seelms like PhpLdapAdmin does
the same the. If I use the command line I get all the entries and no error:

ldapsearch -H ldap://localhost:10389 -x -D "cn=Horatio
Nelson,ou=people,o=sevenSeas" -w "pass" -b "o=sevenSeas" -s sub

> With apacheds 1.0, apache studio and PhpLdapAdmin logs in fine and also
> works fine with the example.
> I need a web interface that is why I am using PhpLdapAdmin, and it fails
> to work because of the exceptions that apacheds 1.5 throws when loging
> in.

So maybe apacheds 1.5 is a bit more strict here.

> Can this be fixed???

Well, apacheds could just return nothing instead of error 50. What is
the recommendation in RFCs or X.500?

> As you also mentioned, I guess I can try to give search permissions to
> all users as a temporary fix to login without exceptions, but am not
> sure if it will work. Can you tell me how can I do this, will I have to
> create accessControlSubentry for each context?

Exactly. you need to repeat the precedure for each context:
- add the administrativeRole: accessControlSpecificArea attribute
- add the subentry

Kind Regards,
Stefan


Mime
View raw message