directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Hamilton <>
Subject Re: [ApacheDS] Re: Access Restriction
Date Fri, 04 Nov 2011 13:29:10 GMT
The cn=admin2Test,uid=admin2,ou=system was never created because the
error occurred while I was trying to create it.

I was following Oliver's instructions by doing the following:
2) Add a new entry below the entry where you have added the
"administrativeRole" attribute. Use the object classes
"accessControlSubentry", "subentry" and "top". As RDN attribute name, use
"cn" and choose a name of your preference.
2a) You will be asked to specify the subentry. Leave it empty.
2b) You will be asked to specify the ACI element:
     * Identificator: <your choice>
     * Priority: 0
     * Authentication level: simple=non-SASL / strong=SASL (I would choose
simple first)
     * User or element first: User
     * User classes: Choose "name" and specify your admin2
     * User permissions:
       * Protected elements: "entry", "all user attribute types and values"
       * Grants and denials: Here, you can grant everything

When he says add a new entry below the entry where I added
administrativeRole, he means I should right click on the
uid=admin,ou=system and add an entry to that, right? That is what I
have been doing. Is this incorrect?


On Fri, Nov 4, 2011 at 9:18 AM, Emmanuel Lécharny <> wrote:
> On 11/4/11 2:13 PM, Kevin Hamilton wrote:
>> version: 1
>> dn: uid=admin2,ou=systemobjectclass: organizationalPersonobjectclass:
>> personobjectclass: inetOrgPersonobjectclass: topcn: admin2sn:
>> admin2mail:admin@umem.orguid:  admin2userPassword:: REMOVED for
>> e-mailadministrativeRole: accessControlSpecificAreacreateTimestamp:
>> 20111104121155ZcreatorsName:
>> 0.9.2342.19200300.100.1.1=admin,
>> 20111104121347.312000Z#000000#000#000000entryParentId: 1entryUUID::
>> REMOVED for e-mailmodifiersName:
>> 0.9.2342.19200300.100.1.1=admin,
>> 20111104121347ZpwdHistory:: REMOVED for e-mail
> Thanks, but the error messag was not for this entry, but for
> cn=admin2Test,uid=admin2,ou=system
> Do you have the LDIF for this entry ?
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny


View raw message