directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: [ApacheDS] - Simple example for the ACI subsystem not working
Date Thu, 18 Jul 2013 10:19:03 GMT
I just tried this with the same data and am able to connect as "Horatio
Nelson" and browse/modify all data


On Thu, Jul 18, 2013 at 10:47 AM, Tayler M. Albitz <albitzt@rcn.com> wrote:

> Hi,
>
> I'm running apacheds 2.0M11 and Studio 2.0.0v20130308.
>
> I'm looking at the example in the documentation here:
>
> http://directory.apache.org/apacheds/basic-ug/3.2-basic-authorization.html
>
> I have access control enabled and created the operational attribute
> administrativeRole with value "accessControlSpecificArea" in the entry
> "o=sevenSeas".
>
> I have created created a subentry subordinate to "o=sevenSeas" to grant
> all operations' permissions to "cn=Horatio Nelson,ou=people,o=sevenSeas",
> who acts as directory manager
>
> I have created a new attribute value should added to the previously
> created Subentry's prescriptiveACI attribute to grant search and compare
> permissions to all users.
>
> cn: sevenseasAuthorizationRequirementsACISubentry
> createTimestamp: 20130718045513.434Z
> creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> entryCSN: 20130718050528.059000Z#000000#001#000000
> entryDN: cn=sevenseasAuthorizationRequirementsACISubentry,o=sevenseas
> entryParentId: b38b8ff5-1ea8-4a05-a4b5-a3c6aa1d5063
> entryUUID:: NTk2ZGEwMjUtYmIzMy00NDgzLWE1YmEtYmY0YmJhM2Y3NGMx
> modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> modifyTimestamp: 20130718050528.059Z
> objectClass: subentry
> objectClass: top
> prescriptiveACI: { identificationTag "allUsersSearchAndCompareACI",
> preceden
> ce 10, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses
> { allUsers }, userPermissions { { protectedItems { entry, allUserAttribute
> TypesAndValues }, grantsAndDenials { grantFilterMatch, grantRead, grantComp
> are, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }
> prescriptiveACI: { identificationTag "directoryManagerFullAccessACI",
> preced
> ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass
> es { name { "cn=Horatio Nelson,ou=people,o=sevenseas" } }, userPermissions
> { { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDeni
> als { grantFilterMatch, grantInvoke, grantRemove, grantBrowse, grantDisclos
> eOnError, grantModify, grantRename, grantExport, grantRead, grantImport, gr
> antCompare, grantReturnDN, grantAdd } } } } }
> subtreeSpecification: { }
>
> I can get connected as user "Horatio Nelson" and set my base to
> ou=people,o=sevenseas, but I don't see any data. I suspect I'm missing
> something. Just not sure what.
>
> Thanks in advance,
> -Tayler
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message