directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kuschnir, Mark" <Mark.Kusch...@softwareag.com>
Subject Enabling ACLs problem?
Date Mon, 29 Jul 2013 09:39:59 GMT
I'm having problems enabling ACLs in my ApacheDS instance.
I'm running latest ApacheDS + Directory Studio on Windows7 64.

I'm attempting to follow the instructions here:
http://directory.apache.org/apacheds/basic-ug/3.2-basic-authorization.html
http://directory.apache.org/apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html
but it doesn't work as expected.

I have turned on "Enable Access Control" for my server.

I seem to permanently get an error when trying to define the administrativeRole attribute.
When attempting to add the attribute I see a warning of the form:
"Warning! According to the schema attribute administrativeRole is not allowed!"
If I still continue to add the value I end up with an error as below (even though there doesn't
appear to such an attribute):

Error while executing LDIF
- [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType : MODIFY_REQUEST
  java.lang.Exception: [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType
: MODIFY_REQUEST
Message ID : 12
   Modify Request
        Object : 'ou=system'
            Modification[0]
                Operation :  add
                Modification
administrativeRole: accessControlSpecificArea
org.apache.directory.api.ldap.model.message.ModifyRequestImpl@361be2e8: ERR_54 Cannot add
a value which is already present : accessControlSpecificArea]
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1280)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$4.run(DirectoryApiConnectionWrapper.java:726)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1109)
                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.modifyEntry(DirectoryApiConnectionWrapper.java:748)
                at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:514)
                at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272)
                at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.executeLdif(ExecuteLdifRunnable.java:157)
                at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.run(ExecuteLdifRunnable.java:123)
                at org.apache.directory.studio.ldapbrowser.core.jobs.UpdateEntryRunnable.run(UpdateEntryRunnable.java:59)
                at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:112)
                at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)

  [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType : MODIFY_REQUEST
Message ID : 12
    Modify Request
        Object : 'ou=system'
            Modification[0]
                Operation :  add
                Modification
administrativeRole: accessControlSpecificArea
org.apache.directory.api.ldap.model.message.ModifyRequestImpl@361be2e8: ERR_54 Cannot add
a value which is already present : accessControlSpecificArea]
This communication contains information which is confidential and may also be privileged.
It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s),
please note that any distribution, copying, or use of this communication or the information
in it, is strictly prohibited. If you have received this communication in error please notify
us by e-mail and then delete the e-mail and any copies of it.
Software AG (UK) Limited Registered in England & Wales 1310740 - http://www.softwareag.com/uk


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message