directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel L├ęcharny <>
Subject Re: [ApacheDS] Re: Access Restriction
Date Fri, 04 Nov 2011 13:39:47 GMT
On 11/4/11 2:29 PM, Kevin Hamilton wrote:
> The cn=admin2Test,uid=admin2,ou=system was never created because the
> error occurred while I was trying to create it.
> I was following Oliver's instructions by doing the following:
> 2) Add a new entry below the entry where you have added the
> "administrativeRole" attribute. Use the object classes
> "accessControlSubentry", "subentry" and "top". As RDN attribute name, use
> "cn" and choose a name of your preference.
> 2a) You will be asked to specify the subentry. Leave it empty.
> 2b) You will be asked to specify the ACI element:
>       * Identificator:<your choice>
>       * Priority: 0
>       * Authentication level: simple=non-SASL / strong=SASL (I would choose
> simple first)
>       * User or element first: User
>       * User classes: Choose "name" and specify your admin2
>       * User permissions:
>         * Protected elements: "entry", "all user attribute types and values"
>         * Grants and denials: Here, you can grant everything
> When he says add a new entry below the entry where I added
> administrativeRole, he means I should right click on the
> uid=admin,ou=system and add an entry to that, right? That is what I
> have been doing. Is this incorrect?

No, this is the way it should be done.

The error message is a bit suprising...

What version of ADS are you using ?

Emmanuel L├ęcharny

View raw message