directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: How to disable anonymous access for embedded ApacheDS
Date Fri, 23 Nov 2012 07:54:16 GMT
the branch to which you want to add the prescriptiveACI
add the attribute administrativeRole with the value
accessControlSpecificArea

On Fri, Nov 23, 2012 at 1:20 PM, Eugene Prokopiev <enp@itx.ru> wrote:

> The problem is \"enableSearchForAllUsers\" substring, backslashes are not
> needed.
>
> Now I have another problem:
>
> $ ldapadd -h localhost -p 10389 -D "uid=admin,ou=system" -W -f aci.ldif
> Enter LDAP Password:
> adding new entry "cn=enableSearchForAllUsers,dc=home"
> ldap_add: No such attribute (16)
>         additional info: NO_SUCH_ATTRIBUTE: failed for     Add Request :
> ClientEntry
>     dn: cn=enableSearchForAllUsers,dc=home
>     objectClass: top
>     objectClass: subentry
>     objectClass: accessControlSubentry
>     cn: enableSearchForAllUsers
>     prescriptiveACI: { identificationTag "enableSearchForAllUsers",
> precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: {
> userClasses { allUsers }, userPermissions { { protectedItems {entry,
> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
> grantReturnDN, grantBrowse } } } } }
>     administrativeRole: accessControlSpecificArea
>     subtreeSpecification: {}
> : Administration point 0.9.2342.19200300.100.1.25=home does not contain an
> administrativeRole attribute! An administrativeRole attribute in the
> administrative point is required to add a subordinate subentry.
>
> Which entry must contain administrativeRole attribute? Which objectClass
> defines this attribute?
>
> --
> Regards,
> Eugene Prokopiev
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message