directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Hamilton <khamil...@umem.org>
Subject Re: [ApacheDS] Re: Access Restriction
Date Fri, 04 Nov 2011 16:33:51 GMT
Ok, so if I remove the userPassword, sn, and mail attributes from the
entry (the new accessControlSubentry) then it lets me create it. The
record exists as a subentry of the uid=admin2 object. When I bind to
ApacheDS as admin2, I still cannot see anything but the tree root.

Any more advice on this and why it would say my userPassword, sn, and
mail attributes were invalid for the accessControlSubentry, subentry,
and top objectclasses?

Thanks,
Kevin

On Fri, Nov 4, 2011 at 9:48 AM, Kevin Hamilton <khamilton@umem.org> wrote:
> I am using ADS 2.0.0-M2.
>
> Thanks,
> Kevin
>
> On Fri, Nov 4, 2011 at 9:39 AM, Emmanuel Lécharny <elecharny@apache.org> wrote:
>> On 11/4/11 2:29 PM, Kevin Hamilton wrote:
>>>
>>> The cn=admin2Test,uid=admin2,ou=system was never created because the
>>> error occurred while I was trying to create it.
>>>
>>> I was following Oliver's instructions by doing the following:
>>> 2) Add a new entry below the entry where you have added the
>>> "administrativeRole" attribute. Use the object classes
>>> "accessControlSubentry", "subentry" and "top". As RDN attribute name, use
>>> "cn" and choose a name of your preference.
>>> 2a) You will be asked to specify the subentry. Leave it empty.
>>> 2b) You will be asked to specify the ACI element:
>>>      * Identificator:<your choice>
>>>      * Priority: 0
>>>      * Authentication level: simple=non-SASL / strong=SASL (I would choose
>>> simple first)
>>>      * User or element first: User
>>>      * User classes: Choose "name" and specify your admin2
>>>      * User permissions:
>>>        * Protected elements: "entry", "all user attribute types and
>>> values"
>>>        * Grants and denials: Here, you can grant everything
>>>
>>>
>>> When he says add a new entry below the entry where I added
>>> administrativeRole, he means I should right click on the
>>> uid=admin,ou=system and add an entry to that, right? That is what I
>>> have been doing. Is this incorrect?
>>
>> No, this is the way it should be done.
>>
>> The error message is a bit suprising...
>>
>> What version of ADS are you using ?
>>
>>
>> --
>> Regards,
>> Cordialement,
>> Emmanuel Lécharny
>> www.iktek.com
>>
>>
>
>
>
> --
> Thanks,
> Kevin
>



-- 
Thanks,
Kevin

Mime
View raw message