Re: [ApacheDS] - Simple example for the ACI subsystem not working
Yes, ads-dsaccesscontrolenabled value is set to TRUE and the LDAP server has been restarted. I also ended up breaking up the LDIF file in the tutorials example and was able to get enough working to test. The same result occurred. I can connect, but not see anything but the root dse . I also tested this out on a later version in case there was a bug. Same issue on apacheds 2.0.0-M11 w/ Studio v2.0.0 v20130308 . Any other thoughts? Were you able to review the document provided with my screenshots? Did everything look okay? One thing I tried different on the second setup was previously I was creating more than one prescriptiveaci entry. This time, I created a single entry add just added additional values. Could you possibly provide an export to LDIF of this from your environment where it is working? As well as confirm the version you successfully completed this on? Thanks, -Tayler - Original Message - From: Kiran Ayyagari kayyag...@apache.org To: users@directory.apache.org Sent: Monday, July 22, 2013 3:34:12 AM Subject: Re: [ApacheDS] - Simple example for the ACI subsystem not working On Mon, Jul 22, 2013 at 6:07 AM, Tayler M. Albitz albi...@rcn.com wrote: Hi Kiran, Thanks so much for the reply. I'm not sure what I'm missing, other than probably user error (as I am new to apacheds). I have created a word document with screenshots, can you give it a look please? did you change the ads-dsaccesscontrolenabled value to TRUE in the entry ads-directoryServiceId=default,ou=config and restart the server? Link to screenshots: http://www.filedropper.com/apachedsauthorization Also, the LDIF file (provided in the tutorial) doesn't work for me either. I figured I would reverse engineer it to figure my issue, but it yields the following error: check for any unwanted new lines that were introduced during copy-paste Error while importing LDIF - Record is invalid: Unexpected Token javax.naming.NamingException: Record is invalid: Unexpected Token at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:409) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.run(ImportLdifRunnable.java:218) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Record is invalid: Unexpected Token Thanks again, -Tayler -- Kiran Ayyagari http://keydap.com
Re: [ApacheDS] - Simple example for the ACI subsystem not working
On Mon, Jul 22, 2013 at 6:07 AM, Tayler M. Albitz albi...@rcn.com wrote: Hi Kiran, Thanks so much for the reply. I'm not sure what I'm missing, other than probably user error (as I am new to apacheds). I have created a word document with screenshots, can you give it a look please? did you change the ads-dsaccesscontrolenabled value to TRUE in the entry ads-directoryServiceId=default,ou=config and restart the server? Link to screenshots: http://www.filedropper.com/apachedsauthorization Also, the LDIF file (provided in the tutorial) doesn't work for me either. I figured I would reverse engineer it to figure my issue, but it yields the following error: check for any unwanted new lines that were introduced during copy-paste Error while importing LDIF - Record is invalid: Unexpected Token javax.naming.NamingException: Record is invalid: Unexpected Token at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:409) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.run(ImportLdifRunnable.java:218) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Record is invalid: Unexpected Token Thanks again, -Tayler -- Kiran Ayyagari http://keydap.com
Re: [ApacheDS] - Simple example for the ACI subsystem not working
Hi Kiran, Thanks so much for the reply. I'm not sure what I'm missing, other than probably user error (as I am new to apacheds). I have created a word document with screenshots, can you give it a look please? Link to screenshots: http://www.filedropper.com/apachedsauthorization Also, the LDIF file (provided in the tutorial) doesn't work for me either. I figured I would reverse engineer it to figure my issue, but it yields the following error: Error while importing LDIF - Record is invalid: Unexpected Token javax.naming.NamingException: Record is invalid: Unexpected Token at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:409) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.run(ImportLdifRunnable.java:218) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Record is invalid: Unexpected Token Thanks again, -Tayler
Re: [ApacheDS] - Simple example for the ACI subsystem not working
Hi Kiran, Thanks so much for the reply. I'm not sure what I'm missing, other than probably user error (as I am new to apacheds). I have created a word document with screenshots, can you give it a look please? Link to screenshots: http://www.filedropper.com/apachedsauthorization Also, the LDIF file (provided in the tutorial) doesn't work for me either. I figured I would reverse engineer it to figure my issue, but it yields the following error: Error while importing LDIF - Record is invalid: Unexpected Token javax.naming.NamingException: Record is invalid: Unexpected Token at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:409) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.run(ImportLdifRunnable.java:218) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Record is invalid: Unexpected Token Thanks again, -Tayler
Re: [ApacheDS] - Simple example for the ACI subsystem not working
I just tried this with the same data and am able to connect as Horatio Nelson and browse/modify all data On Thu, Jul 18, 2013 at 10:47 AM, Tayler M. Albitz albi...@rcn.com wrote: Hi, I'm running apacheds 2.0M11 and Studio 2.0.0v20130308. I'm looking at the example in the documentation here: http://directory.apache.org/apacheds/basic-ug/3.2-basic-authorization.html I have access control enabled and created the operational attribute administrativeRole with value accessControlSpecificArea in the entry o=sevenSeas. I have created created a subentry subordinate to o=sevenSeas to grant all operations' permissions to cn=Horatio Nelson,ou=people,o=sevenSeas, who acts as directory manager I have created a new attribute value should added to the previously created Subentry's prescriptiveACI attribute to grant search and compare permissions to all users. cn: sevenseasAuthorizationRequirementsACISubentry createTimestamp: 20130718045513.434Z creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system entryCSN: 20130718050528.059000Z#00#001#00 entryDN: cn=sevenseasAuthorizationRequirementsACISubentry,o=sevenseas entryParentId: b38b8ff5-1ea8-4a05-a4b5-a3c6aa1d5063 entryUUID:: NTk2ZGEwMjUtYmIzMy00NDgzLWE1YmEtYmY0YmJhM2Y3NGMx modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system modifyTimestamp: 20130718050528.059Z objectClass: subentry objectClass: top prescriptiveACI: { identificationTag allUsersSearchAndCompareACI, preceden ce 10, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems { entry, allUserAttribute TypesAndValues }, grantsAndDenials { grantFilterMatch, grantRead, grantComp are, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } } prescriptiveACI: { identificationTag directoryManagerFullAccessACI, preced ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass es { name { cn=Horatio Nelson,ou=people,o=sevenseas } }, userPermissions { { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDeni als { grantFilterMatch, grantInvoke, grantRemove, grantBrowse, grantDisclos eOnError, grantModify, grantRename, grantExport, grantRead, grantImport, gr antCompare, grantReturnDN, grantAdd } } } } } subtreeSpecification: { } I can get connected as user Horatio Nelson and set my base to ou=people,o=sevenseas, but I don't see any data. I suspect I'm missing something. Just not sure what. Thanks in advance, -Tayler -- Kiran Ayyagari http://keydap.com