directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Böhm <tbo...@fabis.de>
Subject [ApacheDS] Authorization
Date Wed, 11 Jul 2012 15:14:38 GMT
Hello all,

it is hard to get the Authorization to work. I have tried the examples and read the documentation
under http://directory.apache.org/apacheds/1.5/25-authorization.html but it is not working.
Maybe you can help me with my problem.

Version: ApacheDS 2.0.0-M7
Structure:

-          dc=example

o   ou=peoples,dc=example

o   ou=users,dc=example

The persons who can log in are users and the other peoples. The "peoples" are used for a big
address book. Now I want to grant the "users" the search, read right on "ou=peoples,dc=example".
I have done the following things.


1.       Adding the "administrativeRole" to "ou=peoples,dc=example"
this.peopleEntry = new DefaultEntry(this.getSchemaManager(),
                           "ou=peoples," + this.suffixDn);
              this.peopleEntry.put(SchemaConstants.OBJECT_CLASS_AT,
                           SchemaConstants.TOP_OC, SchemaConstants.ORGANIZATIONAL_UNIT_OC);
              this.peopleEntry.put(SchemaConstants.OU_AT, "peoples");
              this.peopleEntry.put("description", "The Fabis people element");

              this.peopleEntry.put("administrativeRole", "accessControlSpecificArea");

2.       Adding a securityEntry under "ou=peoples,dc=example"
this.securityEntry = new DefaultEntry(this.getSchemaManager(),
                           "cn=enableSearchForAllUsers," + this.peopleEntry.getDn());
             this.securityEntry.put(SchemaConstants.OBJECT_CLASS_AT,
                           SchemaConstants.TOP_OC, SchemaConstants.SUBENTRY_OC,
                           SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC);
             this.securityEntry.put("subtreeSpecification", "{}");
             this.securityEntry.put("prescriptiveACI",
                "{ \n" +
                "  identificationTag \"enableSearchForAllUsers\",\n" +
                "  precedence 14,\n" +
                "  authenticationLevel simple,\n" +
                "  itemOrUserFirst userFirst: \n" +
                "  { \n" +
                "    userClasses { allUsers }, \n" +
                "    userPermissions \n" +
                "    { \n" +
                "      {\n" +
                "        protectedItems {entry, allUserAttributeTypesAndValues}, \n" +
                "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } \n" +
                "      }\n" +
                "    } \n" +
                "  } \n" +

                "}");

I can connect with my user "uid=test,ou=users,dc=example" but I cant see any kind of content.
What I am missing?

I would be really happy if you can help me.

Kind regards,
Tobias Boehm

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message