I also have this warining in 1.5.7 but i'm using the demo ACI provided
in the getting started example:
cn="sevenSeasAuthorizationRequirementsACISubentry"
subtreeSpecification="{}"
prescriptiveACI="{
identificationTag "directoryManagerFullAccessACI",
precedence 11,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses
{
name { "cn=Horatio Nelson,ou=people,o=sevenSeas" }
},
userPermissions
{
{
protectedItems
{
entry, allUserAttributeTypesAndValues
},
grantsAndDenials
{
grantAdd, grantDiscloseOnError, grantRead,
grantRemove, grantBrowse, grantExport, grantImport,
grantModify, grantRename, grantReturnDN,
grantCompare, grantFilterMatch, grantInvoke
}
}
}
}
}"
in my case the aci doesn't loads.. so i'm unable to use ACI in ApacheDS.
So i'm now using OpenDS in production, but i'm really waiting for a fix
or a solution (i prefer ApacheDS but i need strong Access control)
> The second prescriptiveACI seems to be ok, except that the
> 'grantDiscloseOnError' element starts on a new line without a space at
> first position.
PS. what do you think about JSON for ACI syntax in a next version of
ApacheDS?
Stefano.
Il 25/06/2010 22:03, Emmanuel Lecharny ha scritto:
> On 6/17/10 10:57 AM, Sudheer Kumar wrote:
>> dn: cn=RDSAuthorizationACISubentry,dc=xxx,dc=xx
>> changetype: add
>> objectclass: top
>> objectclass: subentry
>> objectclass: accessControlSubentry
>> cn: RDSAuthorizationACISubentry
>> subtreeSpecification: {}
>> prescriptiveACI: {
>> identificationTag "directoryManagerFullAccessACI",
>> precedence 11,
>> authenticationLevel simple,
>> itemOrUserFirst userFirst:
>> {
>> userClasses
>> {
>> name { "uid=adminuser,ou=people,dc=xxx,dc=com" }
>> },
>> userPermissions
>> {
>> {
>> protectedItems
>> {
>> entry, allUserAttributeTypesAndValues
>> },
>> grantsAndDenials
>> {
>> grantAdd, grantDiscloseOnError, grantRead,
>> grantRemove, grantBrowse, grantExport, grantImport,
>> grantModify, grantRename, grantReturnDN,
>> grantCompare, grantFilterMatch, grantInvoke
>> }
>> }
>> }
>> }
>> }
>> prescriptiveACI: {
>> identificationTag "allUsersACI",
>> precedence 10,
>> authenticationLevel none,
>> itemOrUserFirst userFirst:
>> {
>> userClasses
>> {
>> allUsers
>> },
>> userPermissions
>> {
>> {
>> protectedItems { entry, allUserAttributeTypesAndValues },
>> grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
>> grantCompare, grantFilterMatch,
>> grantDiscloseOnError }
>> },
>> {
>> protectedItems { attributeType { userPassword } },
>> grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
>> }
>> }
>> }
>> }
> The second prescriptiveACI seems to be ok, except that the
> 'grantDiscloseOnError' element starts on a new line without a space at
> first position.
>
> I don't know if it's a mail artifact or not, can you check that ?
>
|