Re: [ApacheDS] - Simple example for the ACI subsystem not working
Yes, ads-dsaccesscontrolenabled value is set to TRUE and the LDAP server has been restarted. I also ended up breaking up the LDIF file in the tutorials example and was able to get enough working to test. The same result occurred. I can connect, but not see anything but the root dse . I also tested this out on a later version in case there was a bug. Same issue on apacheds 2.0.0-M11 w/ Studio v2.0.0 v20130308 . Any other thoughts? Were you able to review the document provided with my screenshots? Did everything look okay? One thing I tried different on the second setup was previously I was creating more than one prescriptiveaci entry. This time, I created a single entry add just added additional values. Could you possibly provide an export to LDIF of this from your environment where it is working? As well as confirm the version you successfully completed this on? Thanks, -Tayler - Original Message - From: Kiran Ayyagari kayyag...@apache.org To: users@directory.apache.org Sent: Monday, July 22, 2013 3:34:12 AM Subject: Re: [ApacheDS] - Simple example for the ACI subsystem not working On Mon, Jul 22, 2013 at 6:07 AM, Tayler M. Albitz albi...@rcn.com wrote: Hi Kiran, Thanks so much for the reply. I'm not sure what I'm missing, other than probably user error (as I am new to apacheds). I have created a word document with screenshots, can you give it a look please? did you change the ads-dsaccesscontrolenabled value to TRUE in the entry ads-directoryServiceId=default,ou=config and restart the server? Link to screenshots: http://www.filedropper.com/apachedsauthorization Also, the LDIF file (provided in the tutorial) doesn't work for me either. I figured I would reverse engineer it to figure my issue, but it yields the following error: check for any unwanted new lines that were introduced during copy-paste Error while importing LDIF - Record is invalid: Unexpected Token javax.naming.NamingException: Record is invalid: Unexpected Token at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:409) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.run(ImportLdifRunnable.java:218) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Record is invalid: Unexpected Token Thanks again, -Tayler -- Kiran Ayyagari http://keydap.com
Re: [ApacheDS] - Simple example for the ACI subsystem not working
On Mon, Jul 22, 2013 at 6:07 AM, Tayler M. Albitz albi...@rcn.com wrote: Hi Kiran, Thanks so much for the reply. I'm not sure what I'm missing, other than probably user error (as I am new to apacheds). I have created a word document with screenshots, can you give it a look please? did you change the ads-dsaccesscontrolenabled value to TRUE in the entry ads-directoryServiceId=default,ou=config and restart the server? Link to screenshots: http://www.filedropper.com/apachedsauthorization Also, the LDIF file (provided in the tutorial) doesn't work for me either. I figured I would reverse engineer it to figure my issue, but it yields the following error: check for any unwanted new lines that were introduced during copy-paste Error while importing LDIF - Record is invalid: Unexpected Token javax.naming.NamingException: Record is invalid: Unexpected Token at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:409) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.run(ImportLdifRunnable.java:218) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Record is invalid: Unexpected Token Thanks again, -Tayler -- Kiran Ayyagari http://keydap.com
Re: [ApacheDS] - Simple example for the ACI subsystem not working
Hi Kiran, Thanks so much for the reply. I'm not sure what I'm missing, other than probably user error (as I am new to apacheds). I have created a word document with screenshots, can you give it a look please? Link to screenshots: http://www.filedropper.com/apachedsauthorization Also, the LDIF file (provided in the tutorial) doesn't work for me either. I figured I would reverse engineer it to figure my issue, but it yields the following error: Error while importing LDIF - Record is invalid: Unexpected Token javax.naming.NamingException: Record is invalid: Unexpected Token at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:409) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.run(ImportLdifRunnable.java:218) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Record is invalid: Unexpected Token Thanks again, -Tayler
Re: [ApacheDS] - Simple example for the ACI subsystem not working
Hi Kiran, Thanks so much for the reply. I'm not sure what I'm missing, other than probably user error (as I am new to apacheds). I have created a word document with screenshots, can you give it a look please? Link to screenshots: http://www.filedropper.com/apachedsauthorization Also, the LDIF file (provided in the tutorial) doesn't work for me either. I figured I would reverse engineer it to figure my issue, but it yields the following error: Error while importing LDIF - Record is invalid: Unexpected Token javax.naming.NamingException: Record is invalid: Unexpected Token at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:409) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.run(ImportLdifRunnable.java:218) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Record is invalid: Unexpected Token Thanks again, -Tayler
Re: [ApacheDS] - Simple example for the ACI subsystem not working
I just tried this with the same data and am able to connect as Horatio
Nelson and browse/modify all data
On Thu, Jul 18, 2013 at 10:47 AM, Tayler M. Albitz albi...@rcn.com wrote:
Hi,
I'm running apacheds 2.0M11 and Studio 2.0.0v20130308.
I'm looking at the example in the documentation here:
http://directory.apache.org/apacheds/basic-ug/3.2-basic-authorization.html
I have access control enabled and created the operational attribute
administrativeRole with value accessControlSpecificArea in the entry
o=sevenSeas.
I have created created a subentry subordinate to o=sevenSeas to grant
all operations' permissions to cn=Horatio Nelson,ou=people,o=sevenSeas,
who acts as directory manager
I have created a new attribute value should added to the previously
created Subentry's prescriptiveACI attribute to grant search and compare
permissions to all users.
cn: sevenseasAuthorizationRequirementsACISubentry
createTimestamp: 20130718045513.434Z
creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
entryCSN: 20130718050528.059000Z#00#001#00
entryDN: cn=sevenseasAuthorizationRequirementsACISubentry,o=sevenseas
entryParentId: b38b8ff5-1ea8-4a05-a4b5-a3c6aa1d5063
entryUUID:: NTk2ZGEwMjUtYmIzMy00NDgzLWE1YmEtYmY0YmJhM2Y3NGMx
modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
modifyTimestamp: 20130718050528.059Z
objectClass: subentry
objectClass: top
prescriptiveACI: { identificationTag allUsersSearchAndCompareACI,
preceden
ce 10, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses
{ allUsers }, userPermissions { { protectedItems { entry, allUserAttribute
TypesAndValues }, grantsAndDenials { grantFilterMatch, grantRead, grantComp
are, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } }
prescriptiveACI: { identificationTag directoryManagerFullAccessACI,
preced
ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass
es { name { cn=Horatio Nelson,ou=people,o=sevenseas } }, userPermissions
{ { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDeni
als { grantFilterMatch, grantInvoke, grantRemove, grantBrowse, grantDisclos
eOnError, grantModify, grantRename, grantExport, grantRead, grantImport, gr
antCompare, grantReturnDN, grantAdd } } } } }
subtreeSpecification: { }
I can get connected as user Horatio Nelson and set my base to
ou=people,o=sevenseas, but I don't see any data. I suspect I'm missing
something. Just not sure what.
Thanks in advance,
-Tayler
--
Kiran Ayyagari
http://keydap.com
