directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre-Arnaud Marcelot ...@marcelot.net>
Subject Re: Enabling ACLs problem?
Date Mon, 29 Jul 2013 09:50:21 GMT
Looks like the first attempt at adding the value was successful and now the server indicates
that it cannot add the same value a second time.

What happens is actually that the 'administrativeRole' attribute is an operational attribute.
Apache Directory Studio, by default, doesn't display operational attributes unless:
- You require them by right clicking on the entry and selecting "Fetch" > "Fetch Operational
Attributes"
- Or, you enable on the connection, the "Fetch operational attributes while browsing" option
in the Connections properties ("Browser Options" tab).

Hope this helps,
Pierre-Arnaud


On 29 juil. 2013, at 11:39, "Kuschnir, Mark" <Mark.Kuschnir@softwareag.com> wrote:

> I'm having problems enabling ACLs in my ApacheDS instance.
> I'm running latest ApacheDS + Directory Studio on Windows7 64.
> 
> I'm attempting to follow the instructions here:
> http://directory.apache.org/apacheds/basic-ug/3.2-basic-authorization.html
> http://directory.apache.org/apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html
> but it doesn't work as expected.
> 
> I have turned on "Enable Access Control" for my server.
> 
> I seem to permanently get an error when trying to define the administrativeRole attribute.
> When attempting to add the attribute I see a warning of the form:
> "Warning! According to the schema attribute administrativeRole is not allowed!"
> If I still continue to add the value I end up with an error as below (even though there
doesn't appear to such an attribute):
> 
> Error while executing LDIF
> - [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType : MODIFY_REQUEST
>  java.lang.Exception: [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType
: MODIFY_REQUEST
> Message ID : 12
>   Modify Request
>        Object : 'ou=system'
>            Modification[0]
>                Operation :  add
>                Modification
> administrativeRole: accessControlSpecificArea
> org.apache.directory.api.ldap.model.message.ModifyRequestImpl@361be2e8: ERR_54 Cannot
add a value which is already present : accessControlSpecificArea]
>                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1280)
>                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
>                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$4.run(DirectoryApiConnectionWrapper.java:726)
>                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
>                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1109)
>                at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.modifyEntry(DirectoryApiConnectionWrapper.java:748)
>                at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:514)
>                at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272)
>                at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.executeLdif(ExecuteLdifRunnable.java:157)
>                at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.run(ExecuteLdifRunnable.java:123)
>                at org.apache.directory.studio.ldapbrowser.core.jobs.UpdateEntryRunnable.run(UpdateEntryRunnable.java:59)
>                at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:112)
>                at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
> 
>  [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType : MODIFY_REQUEST
> Message ID : 12
>    Modify Request
>        Object : 'ou=system'
>            Modification[0]
>                Operation :  add
>                Modification
> administrativeRole: accessControlSpecificArea
> org.apache.directory.api.ldap.model.message.ModifyRequestImpl@361be2e8: ERR_54 Cannot
add a value which is already present : accessControlSpecificArea]
> This communication contains information which is confidential and may also be privileged.
It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s),
please note that any distribution, copying, or use of this communication or the information
in it, is strictly prohibited. If you have received this communication in error please notify
us by e-mail and then delete the e-mail and any copies of it.
> Software AG (UK) Limited Registered in England & Wales 1310740 - http://www.softwareag.com/uk
> 


Mime
View raw message