Mailing-List: contact users-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@directory.apache.org
Received-SPF: pass (athena.apache.org: domain of mikhail_perelman@hotmail.com
 designates 65.55.116.103 as permitted sender)
Message-ID: <BLU179-W79CD5FAE23ED820E0FAB96FF160@phx.gbl>
Content-Type: multipart/alternative;
	boundary="_4607085e-b3f2-424a-8239-e30b53ef00d2_"
From: Michael Perelman <mikhail_perelman@hotmail.com>
To: "users@directory.apache.org" <users@directory.apache.org>
Subject: Re: ldif import works in studio, fails with LdifFileLoader
Date: Tue, 24 Feb 2015 01:54:38 -0600
Importance: Normal
MIME-Version: 1.0

--_4607085e-b3f2-424a-8239-e30b53ef00d2_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Ok=2C I understand the need for proper order within an .ldif file when load=
ing one via LdifFileLoader=2C thanks!

What I am still not clear about is how to properly add administrativeRole e=
ntry. I have modified my .ldif file to look like this:
=0A=
dn: dc=3Dmycompany=2Cdc=3Dcom=0A=
objectclass: domain=0A=
objectclass: top=0A=
objectclass: extensibleObject=0A=
dc: mycompany=0A=
ou: mycompany=0A=
=0A=
dn: dc=3Dmycompany=2Cdc=3Dcom=0A=
changetype: modify=0A=
add: administrativeRole=0A=
administrativeRole: accessControlSpecificArea=0A=
=0A=
dn: cn=3DallowUserSelfMod=2Cdc=3Dmycompany=2Cdc=3Dcom=0A=
objectClass: subentry=0A=
objectClass: accessControlSubentry=0A=
objectClass: top=0A=
cn: allowUserSelfMod=0A=
prescriptiveACI: { identificationTag ""=2C precedence 0=2C authenticationLe=
vel s=0A=
 imple=2C itemOrUserFirst userFirst: { userClasses { thisEntry }=2C userPer=
missi=0A=
 ons { { protectedItems { entry }=2C grantsAndDenials { grantBrowse=2C gran=
tRetu=0A=
 rnDN=2C grantModify=2C grantRead } }=2C { protectedItems { allAttributeVal=
ues { u=0A=
 serPassword } }=2C grantsAndDenials { grantRemove=2C grantAdd } } } } }=0A=
subtreeSpecification: { }

dn: ou=3Dpeople=2Cdc=3Dmycompany=2Cdc=3Dcom=0A=
objectClass: organizationalUnit=0A=
objectClass: top=0A=
ou: people

This is still not loading properly via LdifFileLoader. In your previous res=
ponse=2C you stated that administrativeRole must be added to the entry imme=
diately=2C yet I was still not able to make it work. Please show me the pro=
per way to configure it.

To answer your last question=2C I am using an admin session to import the .=
ldif file.

Thanks!

On 11/02/15 19:26=2C Michael Perelman wrote :=0A=
> Hi. My case involves an embedded instance of ADS-M17 where I load a simpl=
e .ldif file=0A=
during start-up using LdifFileLoader instance. I always use the Studio to p=
erform initial=0A=
tests=2C and it works in this particular case. But when I use LdifFileLoade=
r=2C the security-related=0A=
entities are never created. Here is what the .ldif looks like:=0A=
=0A=
LdapStudio will order the LDIF before injecting it. The LdifLoader wont.=0A=
Typically=2C here=2C the dc=3DmyCompany=2Cdc=3Dcom is not the first entry=
=2C and the=0A=
loader will yell at you because it's messing when it will try to load=0A=
the first entry (ou=3Dpeople=2Cdc=3Dmycompany=2Cdc=3Dco).=0A=
=0A=
Another thing : why are you modifying the entry you just injected before=0A=
(dc=3Dmycompany=2Cdc=3Dcom)? It's a better idea to add the administrativeRo=
le=0A=
attribute to the entry immediately.=0A=
=0A=
Last=2C not least: which user are you using to inject the entries ?=0A=
=0A=
>=0A=
> dn: ou=3Dpeople=2Cdc=3Dmycompany=2Cdc=3Dcom=0A=
> objectClass: organizationalUnit=0A=
> objectClass: top=0A=
> ou: people=0A=
>=0A=
> dn: dc=3Dmycompany=2Cdc=3Dcom=0A=
> objectclass: domain=0A=
> objectclass: top=0A=
> objectclass: extensibleObject=0A=
> dc: mycompany=0A=
> ou: mycompany=0A=
>=0A=
> dn: dc=3Dmycompany=2Cdc=3Dcom=0A=
> changetype: modify=0A=
> add: administrativeRole=0A=
> administrativeRole: accessControlSpecificArea=0A=
>=0A=
> dn: cn=3DallowUserSelfMod=2Cdc=3Dmycompany=2Cdc=3Dcom=0A=
> objectClass: subentry=0A=
> objectClass: accessControlSubentry=0A=
> objectClass: top=0A=
> cn: allowUserSelfMod=0A=
> prescriptiveACI: { identificationTag ""=2C precedence 0=2C authentication=
Level s=0A=
>  imple=2C itemOrUserFirst userFirst: { userClasses { thisEntry }=2C userP=
ermissi=0A=
>  ons { { protectedItems { entry }=2C grantsAndDenials { grantBrowse=2C gr=
antRetu=0A=
>  rnDN=2C grantModify=2C grantRead } }=2C { protectedItems { allAttributeV=
alues { u=0A=
>  serPassword } }=2C grantsAndDenials { grantRemove=2C grantAdd } } } } }=
=0A=
> subtreeSpecification: { }=0A=
>=0A=
> The dc=3Dmycompany=2Cdc=3Dcom partition and its ou=3Dpeople org unit are =
created successfully=0A=
when using either the Studio or the LdifFileLoader. Yet partition's adminis=
trativeRole and=0A=
accessControlSubentry are only created when using the Studio=2C while impor=
ting via LdifFileLoader=0A=
does not! And no exceptions are thrown at any time.=0A=
>=0A=
> Thanks!=0A=
>  		 	   		  =

--_4607085e-b3f2-424a-8239-e30b53ef00d2_--