[ http://issues.apache.org/jira/browse/DIR-126?page=comments#action_12426419 ] Alex Karasulu commented on DIR-126: -----------------------------------
Could I have a status please on this issue from either Tony or Giamma? > ACI problem when using com.sun.jndi.ldap.LdapCtxFactory as the > INITIAL_CONTEXT_FACTORY > -------------------------------------------------------------------------------------- > > Key: DIR-126 > URL: http://issues.apache.org/jira/browse/DIR-126 > Project: Directory > Issue Type: Bug > Environment: Win XP SP2 > JRE1.5_04 > Reporter: Tony Blanchard > Assigned To: Alex Karasulu > > As mentioned by Gianmaria Clerici, > the use of com.sun.jndi.ldap.LdapCtxFactory instead of > org.apache.ldap.server.jndi.CoreContextFactory as the INITIAL_CONTEXT_FACTORY > makes ACIs not working. > Here is an explanationof the problem I sent on the list : > I have some troubles to add some ACIs on ou=system to enable users to do > what they want with their own entry. > I added an "accessControlSpecificArea" value to the "administrativeRole" > attribute on ou=system. > I used the following subtree specification : "{}" and the following > value for my prescriptiveACI on the accesControlSubentry I created > under ou=system : > " { identificationTag "enableUserSelfModification", precedence 1, > authenticationLevel simple, itemOrUserFirst userFirst:{ userClasses { > thisEntry }, userPermissions { { protectedItems { entry, > allUserAttributeTypesAndValues }, grantsAndDenials { grantAdd, > grantRemove, grantModify, grantFilterMatch, grantCompare, grantRead, > grantReturnDN, grantBrowse } } } } }" > When i create a new user with admin rights and try to log under this > user, i get a 50 error code : noPermission. This is not an 49 error code > : AuthenticationException -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
