directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Darko Hojnik" <hoj...@virtualizing.org>
Subject Error with impimeting acl
Date Sun, 17 Apr 2011 04:16:07 GMT
Hi there,

I've tried a few hours along to get an working acl on the partition  
example.com. I've read and tried the sample on the apacheds wiki with the  
sevenSeas sample also at last do it all self with ApacheDS Studio.
By restarting ApacheDS I always get an error massage such like

[05:49:06] WARN [org.apache.directory.server.core.authz.TupleCache] -  
Found accessControlSubentry  
'cn=domainfullAuthorizationRequirementsACISubentry,dc=example,dc=com'  
without any prescriptiveACI

I got it with ApacheDS 1.5.7 and I've compiled 1.5.8-snapshot just to  
verify. After restarting ApacheDS users in dc=example,dc=com stands  
without proper permissions there.  So at last can anyone tell me whats  
going wrong and will do the trick?

Sorry I'm little bit in panic. For a new job my customer has asked me for  
an good solution about LDAP and Kerberos for Samba and NFSv4. I thought  
ApacheDS will do it perfectly

here my export as an XML. It's stored as an attachment too


<?xml version="1.0" encoding="UTF-8"?>
<batchResponse xmlns:xsd="http://www.w3c.org/2001/XMLSchema"  
xmlns:xsi="http://www.w3c.org/2001/XMLSchema-instance">
    <searchResponse>
       <searchResultEntry  
dn="cn=domainfullAuthorizationRequirementsACISubentry,dc=example,dc=com">
          <attr name="createtimestamp">
             <value>20110417034445Z</value>
          </attr>
          <attr name="cn">
             <value>domainfullAuthorizationRequirementsACISubentry</value>
          </attr>
          <attr name="entryuuid">
             <value  
xsi:type="xsd:base64Binary">Y2I2Njk0MTgtMjg2OC00NTIwLWIzY2QtMDg3MWZhNWExY2E2</value>
          </attr>
          <attr name="prescriptiveaci">
             <value>{ identificationTag "domainManagerFullAccessACI",  
precedence 0, authenticationLevel simple, itemOrUserFirst userFirst: {  
userClasses { name { "uid=domainadmin,dc=example,dc=com" } },  
userPermissions { { protectedItems { allUserAttributeTypesAndValues, entry  
}, grantsAndDenials { grantDiscloseOnError, grantReturnDN,  
grantFilterMatch, grantAdd, grantBrowse, grantImport, grantModify,  
grantRename, grantRemove, grantCompare, grantExport, grantRead,  
grantInvoke } } } } }</value>
             <value>{ identificationTag "", precedence 0,  
authenticationLevel simple, itemOrUserFirst userFirst: { userClasses {  
allUsers }, userPermissions { { protectedItems {  
allUserAttributeTypesAndValues, entry }, grantsAndDenials { grantCompare,  
grantReturnDN, grantDiscloseOnError, grantFilterMatch, grantRead,  
grantBrowse } }, { protectedItems { attributeType { userPassword } },  
grantsAndDenials { denyRead, denyCompare, denyFilterMatch } } } } }</value>
          </attr>
          <attr name="modifiersname">
             <value>0.9.2342.19200300.100.1.1=admin,2.5.4.11=system</value>
          </attr>
          <attr name="modifytimestamp">
             <value>20110417034826Z</value>
          </attr>
          <attr name="entrycsn">
             <value>20110417054826.064000Z#000000#000#000000</value>
          </attr>
          <attr name="objectclass">
             <value>subentry</value>
             <value>accessControlSubentry</value>
             <value>top</value>
          </attr>
          <attr name="subtreespecification">
             <value>{ }</value>
          </attr>
          <attr name="accesscontrolsubentries">
             <value>2.5.4.3=domainfullauthorizationrequirementsacisubentry,0.9.2342.19200300.100.1.25=example,0.9.2342.19200300.100.1.25=com</value>
          </attr>
          <attr name="creatorsname">
             <value>0.9.2342.19200300.100.1.1=admin,2.5.4.11=system</value>
          </attr>
       </searchResultEntry>
       <searchResultDone>
          <resultCode code="0" descr="success"/>
       </searchResultDone>
    </searchResponse>
</batchResponse>



kind regards
Darko Hojnik
Mime
View raw message