Return-Path: 
 <users-return-4239-apmail-directory-users-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-users-archive@www.apache.org
Delivered-To: apmail-directory-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 4EB4E9D5A
	for <apmail-directory-users-archive@www.apache.org>;
 Fri,  4 Nov 2011 13:14:26 +0000 (UTC)
Received: (qmail 28816 invoked by uid 500); 4 Nov 2011 13:14:23 -0000
Delivered-To: apmail-directory-users-archive@directory.apache.org
Received: (qmail 28784 invoked by uid 500); 4 Nov 2011 13:14:23 -0000
Mailing-List: contact users-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@directory.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@directory.apache.org>
List-Post: <mailto:users@directory.apache.org>
List-Id: <users.directory.apache.org>
Reply-To: users@directory.apache.org
Delivered-To: mailing list users@directory.apache.org
Received: (qmail 28751 invoked by uid 99); 4 Nov 2011 13:14:23 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 13:14:23 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: 209.85.215.178 is neither permitted
 nor denied by domain of khamilton@umem.org)
Received: from [209.85.215.178] (HELO mail-ey0-f178.google.com)
 (209.85.215.178)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 13:14:18 +0000
Received: by eye13 with SMTP id 13so2209004eye.37
        for <users@directory.apache.org>;
 Fri, 04 Nov 2011 06:13:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.14.24.155 with SMTP id x27mr1385440eex.243.1320412436437; Fri,
 04 Nov 2011 06:13:56 -0700 (PDT)
Received: by 10.14.29.14 with HTTP; Fri, 4 Nov 2011 06:13:56 -0700 (PDT)
In-Reply-To: <4EB3E227.3070704@gmail.com>
References: 
 <CAJZgDFeUJutVLp=pkS-evikmsn75Svr0w4tTPRNqdbmwu+KP6w@mail.gmail.com>
	<op.v4by5ymr40e0dd@dell-c521.fritz.box>
	<CAJZgDFdjbxSy7Zh=buQ0CqH1aUpvhExAEt5qAG-36Ny63AxTpQ@mail.gmail.com>
	<op.v4e6kzpy40e0dd@oliversnb.mgm-edv.de>
	<CAJZgDFe7n041_tZG-6+YHDXiDoPJycJ_ZFz2MM1Z0ShD6q-9dQ@mail.gmail.com>
	<4EB3E227.3070704@gmail.com>
Date: Fri, 4 Nov 2011 09:13:56 -0400
Message-ID: 
 <CAJZgDFepdruDX6Q9k39wH719TtE=MM7c4UfJj6EFs8YvDO+keA@mail.gmail.com>
Subject: Re: [ApacheDS] Re: Access Restriction
From: Kevin Hamilton <khamilton@umem.org>
To: users@directory.apache.org, elecharny@apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

version: 1
dn: uid=3Dadmin2,ou=3Dsystemobjectclass: organizationalPersonobjectclass:
personobjectclass: inetOrgPersonobjectclass: topcn: admin2sn:
admin2mail: admin@umem.orguid: admin2userPassword:: REMOVED for
e-mailadministrativeRole: accessControlSpecificAreacreateTimestamp:
20111104121155ZcreatorsName:
0.9.2342.19200300.100.1.1=3Dadmin,2.5.4.11=3DsystementryCSN:
20111104121347.312000Z#000000#000#000000entryParentId: 1entryUUID::
REMOVED for e-mailmodifiersName:
0.9.2342.19200300.100.1.1=3Dadmin,2.5.4.11=3DsystemmodifyTimestamp:
20111104121347ZpwdHistory:: REMOVED for e-mail

On Fri, Nov 4, 2011 at 9:01 AM, Emmanuel Lecharny <elecharny@gmail.com> wro=
te:
> On 11/4/11 1:23 PM, Kevin Hamilton wrote:
>>
>> Hey Oliver,
>>
>> Thanks so much for your response. I followed your instructions and
>> still had trouble.
>>
>> I checked the source of the prescriptive ACI in my new entry. The
>> source is below.
>>
>> {
>> =A0 =A0 identificationTag "admin2Tag",
>> =A0 =A0 precedence 0,
>> =A0 =A0 authenticationLevel simple,
>> =A0 =A0 itemOrUserFirst userFirst:
>> =A0 =A0 {
>> =A0 =A0 =A0 =A0 userClasses
>> =A0 =A0 =A0 =A0 {
>> =A0 =A0 =A0 =A0 =A0 =A0 name { "uid=3Dadmin2,ou=3Dsystem" }
>> =A0 =A0 =A0 =A0 }
>> =A0 =A0 =A0 =A0 ,
>> =A0 =A0 =A0 =A0 userPermissions
>> =A0 =A0 =A0 =A0 {
>> =A0 =A0 =A0 =A0 =A0 =A0 {
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 protectedItems { allUserAttributeTypesAn=
dValues, entry },
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantsAndDenials
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 {
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantBrowse,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantCompare,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantRename,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantExport,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantRead,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantModify,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantDiscloseOnError,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantFilterMatch,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantImport,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantAdd,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantInvoke,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantRemove,
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 grantReturnDN
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
>> =A0 =A0 =A0 =A0 =A0 =A0 }
>> =A0 =A0 =A0 =A0 }
>> =A0 =A0 }
>> }
>>
>>
>> When I try to add this, I get a constraint violation that says ERR_277
>> Attribute userPassword not declared in objectClasses of entry
>> cn=3Dadmin2Test,uid=3Dadmin2,ou=3Dsystem
>
> Can you provide the LDIF for this entry ?
>
>
> --
> Regards,
> Cordialement,
> Emmanuel L=E9charny
> www.iktek.com
>
>



--=20
Thanks,
Kevin