directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sudheer Kumar <sudheerarim...@gmail.com>
Subject Warning while loading ACI (Apache DS 1.5.7)
Date Thu, 17 Jun 2010 08:57:36 GMT
Hi

I get the following warning during startup of Apache ds 1.5.7.

WARN [org.apache.directory.server.core.authz.TupleCache] - Found
accessControlSubentry 'cn=RDSAuthorizationACISubentry,dc=xxx,dc=xx' without
any prescriptiveACI


My ACI is as follows:

# Create a subentry subordinate to "dc=xxx,dc=xx" to grant all operations'
permissions
# to "uid=adminuser,ou=people,dc=xxx,dc=xx", to grant search and compare
permissions
# to all users (even anonymous ones) and to deny search and compare
permissions for
# userPassword attribute to all users.
#
dn: cn=RDSAuthorizationACISubentry,dc=xxx,dc=xx
changetype: add
objectclass: top
objectclass: subentry
objectclass: accessControlSubentry
cn: RDSAuthorizationACISubentry
subtreeSpecification: {}
prescriptiveACI: {
    identificationTag "directoryManagerFullAccessACI",
    precedence 11,
    authenticationLevel simple,
    itemOrUserFirst userFirst:
    {
      userClasses
      {
        name { "uid=adminuser,ou=people,dc=xxx,dc=com" }
      },
      userPermissions
      {
        {
          protectedItems
          {
            entry, allUserAttributeTypesAndValues
          },
          grantsAndDenials
          {
            grantAdd, grantDiscloseOnError, grantRead,
            grantRemove, grantBrowse, grantExport, grantImport,
            grantModify, grantRename, grantReturnDN,
            grantCompare, grantFilterMatch, grantInvoke
          }
        }
      }
    }
  }
prescriptiveACI: {
    identificationTag "allUsersACI",
    precedence 10,
    authenticationLevel none,
    itemOrUserFirst userFirst:
    {
      userClasses
      {
        allUsers
      },
      userPermissions
      {
        {
          protectedItems { entry, allUserAttributeTypesAndValues },
          grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
                             grantCompare, grantFilterMatch,
grantDiscloseOnError }
        },
        {
          protectedItems { attributeType { userPassword } },
          grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
        }
      }
    }
  }

Please let me know if my ACI syntax is wrong or anything else I need to
add/remove?
Note:The same ACI is working with Apache DS 1.5.4.

-- 
Sudheer Kumar Arimbra

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message