Return-Path: 
 <users-return-4768-apmail-directory-users-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-users-archive@www.apache.org
Delivered-To: apmail-directory-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 528FDD6A5
	for <apmail-directory-users-archive@www.apache.org>;
 Wed, 11 Jul 2012 17:33:02 +0000 (UTC)
Received: (qmail 88664 invoked by uid 500); 11 Jul 2012 17:33:02 -0000
Delivered-To: apmail-directory-users-archive@directory.apache.org
Received: (qmail 88602 invoked by uid 500); 11 Jul 2012 17:33:02 -0000
Mailing-List: contact users-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@directory.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@directory.apache.org>
List-Post: <mailto:users@directory.apache.org>
List-Id: <users.directory.apache.org>
Reply-To: users@directory.apache.org
Delivered-To: mailing list users@directory.apache.org
Delivered-To: moderator for users@directory.apache.org
Received: (qmail 41418 invoked by uid 99); 11 Jul 2012 15:15:18 -0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of tboehm@fabis.de designates
 216.32.180.186 as permitted sender)
X-Forefront-Antispam-Report: 
 CIP:157.56.252.5;KIP:(null);UIP:(null);IPV:NLI;H:DB3PRD0310HT004.eurprd03.prod.outlook.com;RD:none;EFVD:NLI
X-SpamScore: -2
X-BigFish: 
 PS-2(zz1be0Ic85dh14ffIzz1202hzz8275bh8275dhz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail162-co1: domain of fabis.de designates 157.56.252.5 as
 permitted sender) client-ip=157.56.252.5; envelope-from=tboehm@fabis.de;
 helo=DB3PRD0310HT004.eurprd03.prod.outlook.com ;.outlook.com ;
From: =?iso-8859-1?Q?Tobias_B=F6hm?= <tboehm@fabis.de>
To: "users@directory.apache.org" <users@directory.apache.org>
Subject: [ApacheDS] Authorization
Thread-Topic: [ApacheDS] Authorization
Thread-Index: Ac1fdeXvLTRn3s56TiqqAi2VR7OVhQ==
Date: Wed, 11 Jul 2012 15:14:38 +0000
Message-ID: 
 <A4920FCD7438A145896F9B03B11D38D21C25E1DA@DB3PRD0310MB357.eurprd03.prod.outlook.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [93.200.78.195]
Content-Type: multipart/alternative;
	boundary="_000_A4920FCD7438A145896F9B03B11D38D21C25E1DADB3PRD0310MB357_"
MIME-Version: 1.0
X-OriginatorOrg: fabis.de

--_000_A4920FCD7438A145896F9B03B11D38D21C25E1DADB3PRD0310MB357_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello all,

it is hard to get the Authorization to work. I have tried the examples and =
read the documentation under http://directory.apache.org/apacheds/1.5/25-au=
thorization.html but it is not working. Maybe you can help me with my probl=
em.

Version: ApacheDS 2.0.0-M7
Structure:

-          dc=3Dexample

o   ou=3Dpeoples,dc=3Dexample

o   ou=3Dusers,dc=3Dexample

The persons who can log in are users and the other peoples. The "peoples" a=
re used for a big address book. Now I want to grant the "users" the search,=
 read right on "ou=3Dpeoples,dc=3Dexample". I have done the following thing=
s.


1.       Adding the "administrativeRole" to "ou=3Dpeoples,dc=3Dexample"
this.peopleEntry =3D new DefaultEntry(this.getSchemaManager(),
                           "ou=3Dpeoples," + this.suffixDn);
              this.peopleEntry.put(SchemaConstants.OBJECT_CLASS_AT,
                           SchemaConstants.TOP_OC, SchemaConstants.ORGANIZA=
TIONAL_UNIT_OC);
              this.peopleEntry.put(SchemaConstants.OU_AT, "peoples");
              this.peopleEntry.put("description", "The Fabis people element=
");

              this.peopleEntry.put("administrativeRole", "accessControlSpec=
ificArea");

2.       Adding a securityEntry under "ou=3Dpeoples,dc=3Dexample"
this.securityEntry =3D new DefaultEntry(this.getSchemaManager(),
                           "cn=3DenableSearchForAllUsers," + this.peopleEnt=
ry.getDn());
             this.securityEntry.put(SchemaConstants.OBJECT_CLASS_AT,
                           SchemaConstants.TOP_OC, SchemaConstants.SUBENTRY=
_OC,
                           SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC);
             this.securityEntry.put("subtreeSpecification", "{}");
             this.securityEntry.put("prescriptiveACI",
                "{ \n" +
                "  identificationTag \"enableSearchForAllUsers\",\n" +
                "  precedence 14,\n" +
                "  authenticationLevel simple,\n" +
                "  itemOrUserFirst userFirst: \n" +
                "  { \n" +
                "    userClasses { allUsers }, \n" +
                "    userPermissions \n" +
                "    { \n" +
                "      {\n" +
                "        protectedItems {entry, allUserAttributeTypesAndVal=
ues}, \n" +
                "        grantsAndDenials { grantRead, grantReturnDN, grant=
Browse } \n" +
                "      }\n" +
                "    } \n" +
                "  } \n" +

                "}");

I can connect with my user "uid=3Dtest,ou=3Dusers,dc=3Dexample" but I cant =
see any kind of content. What I am missing?

I would be really happy if you can help me.

Kind regards,
Tobias Boehm

--_000_A4920FCD7438A145896F9B03B11D38D21C25E1DADB3PRD0310MB357_--