directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: How to disable anonymous access for embedded ApacheDS
Date Fri, 23 Nov 2012 07:43:41 GMT
looks like the lack of precedence value in user permissions is causing this
try this(note that the only addition is 'precedence 1,')

{
    identificationTag "enableSearchForAllUsers",
    precedence 11,
    authenticationLevel simple,
    itemOrUserFirst userFirst:
    {
        userClasses { allUsers },
        userPermissions
        {
            {
                precedence 1,
                protectedItems { entry, allUserAttributeTypesAndValues },
                grantsAndDenials
                {
                    grantRead,
                    grantBrowse,
                    grantReturnDN
                }
            }
        }
    }
}

On Fri, Nov 23, 2012 at 1:04 PM, Eugene Prokopiev <enp@itx.ru> wrote:

> I tried to allow search for all users as described in
> http://directory.apache.org/apacheds/1.5/enablesearchforallusers.html:
>
> $ ldapadd -h localhost -p 10389 -D "uid=admin,ou=system" -W -f aci.ldif
> Enter LDAP Password:
> adding new entry "cn=enableSearchForAllUsers,dc=home"
> ldap_add: Invalid syntax (21)
>         additional info: INVALID_ATTRIBUTE_SYNTAX: failed for     Add
> Request :
> ClientEntry
>     dn: cn=enableSearchForAllUsers,dc=home
>     objectClass: top
>     objectClass: subentry
>     objectClass: accessControlSubentry
>     cn: enableSearchForAllUsers
>     prescriptiveACI: { identificationTag \"enableSearchForAllUsers\",
> precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: {
> userClasses { allUsers }, userPermissions { { protectedItems {entry,
> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
> grantReturnDN, grantBrowse } } } } }
>     subtreeSpecification: {}
> : Attribute value '{ identificationTag \"enableSearchForAllUsers\",
> precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: {
> userClasses { allUsers }, userPermissions { { protectedItems {entry,
> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
> grantReturnDN, grantBrowse } } } } }' for attribute 'prescriptiveACI' is
> syntactically incorrect
>
> What is wrong?
>
> --
> Regards,
> Eugene Prokopiev
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message