[ApacheDS] Enable access control to allow search for all users in embedded mode

Sun, 28 Sep 2008 09:44:29 -0700 

Hi everybody!

I followed the tutorial for embedding ApacheDS as a WebApp at
http://directory.apache.org/apacheds/1.5/embedding-apacheds-as-a-web-application.html
, everything's working fine, I can create users from code, etc. Now I want
to enable access control and allow search to all users. I followed this
guide http://directory.apache.org/apacheds/1.5/enablesearchforallusers.html
for doing so, but I can't manage to make it work.

I have this method at StartStopListener.java for creating an access control
subentry:
////////
private void createAccessControlSubentry(DirContext ctx, String cn, String
subtree, String aciItem) throws NamingException
{
  try
  {
  // modify ou=system to be an AP for an A/C AA if it is not already
  Attributes ap = ctx.getAttributes("", new String[]{"administrativeRole"});
  Attribute administrativeRole = ap.get("administrativeRole");
  if (administrativeRole == null ||
!administrativeRole.contains(SubentryService.AC_AREA))
  {
    Attributes changes = new BasicAttributes("administrativeRole",
SubentryService.AC_AREA, true);
    ctx.modifyAttributes("", DirContext.ADD_ATTRIBUTE, changes);
  }

  // now add the A/C subentry below ou=system
  Attributes subentry = new BasicAttributes("cn", cn, true);
  Attribute objectClass = new BasicAttribute("objectClass");
  subentry.put(objectClass);
  objectClass.add("top");
  objectClass.add("subentry");
  objectClass.add("accessControlSubentry");
  subentry.put("subtreeSpecification", subtree);
  subentry.put("prescriptiveACI", aciItem);
  ctx.createSubcontext("cn=" + cn, subentry);
  }
  catch (Exception e)
  {
    e.printStackTrace();
  }
}
////////

After creating an InitialDirContext I call the method like this:
...
DirContext ctx = new InitialDirContext(env);
createAccessControlSubentry(ctx, "enableSearchForAllUsers", "{}",
        "{ \n" +
        "  identificationTag \"enableSearchForAllUsers\",\n" +
        "  precedence 14,\n" +
        "  authenticationLevel simple,\n" +
        "  itemOrUserFirst userFirst: \n" +
        "  { \n" +
        "    userClasses { allUsers }, \n" +
        "    userPermissions \n" +
        "    { \n" +
        "      {\n" +
        "        protectedItems {entry, allUserAttributeTypesAndValues}, \n"
+
        "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
\n" +
        "      }\n" +
        "    } \n" +
        "  } \n" +
        "}");

Everything compiles fine, but then I get an exception at runtime:

[20:42:11] ERROR [org.apache.directory.server.core.schema.SchemaService] -
Entry  does not contain a STRUCTURAL ObjectClass
org.apache.directory.shared.ldap.exception.LdapSchemaViolationException:
Entry  does not contain a STRUCTURAL ObjectClass
        at
org.apache.directory.server.core.schema.SchemaService.assertObjectClasses(SchemaService.java:1926)
        at
org.apache.directory.server.core.schema.SchemaService.check(SchemaService.java:1742)
        at
org.apache.directory.server.core.schema.SchemaService.modify(SchemaService.java:1501)
        at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
        at
org.apache.directory.server.core.operational.OperationalAttributeService.modify(OperationalAttributeService.java:197)
        at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
        at
org.apache.directory.server.core.exception.ExceptionService.modify(ExceptionService.java:354)
        at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
        at
org.apache.directory.server.core.authz.DefaultAuthorizationService.modify(DefaultAuthorizationService.java:286)
        at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
        at
org.apache.directory.server.core.authz.AuthorizationService.modify(AuthorizationService.java:538)
        at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
        at
org.apache.directory.server.core.referral.ReferralService.modify(ReferralService.java:835)
        at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
        at
org.apache.directory.server.core.authn.AuthenticationService.modify(AuthenticationService.java:399)
        at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
        at
org.apache.directory.server.core.normalization.NormalizationService.modify(NormalizationService.java:141)
        at
org.apache.directory.server.core.interceptor.InterceptorChain.modify(InterceptorChain.java:815)
        at
org.apache.directory.server.core.partition.PartitionNexusProxy.modify(PartitionNexusProxy.java:398)
        at
org.apache.directory.server.core.partition.PartitionNexusProxy.modify(PartitionNexusProxy.java:385)
        at
org.apache.directory.server.core.jndi.ServerContext.doModifyOperation(ServerContext.java:383)
        at
org.apache.directory.server.core.jndi.ServerDirContext.modifyAttributes(ServerDirContext.java:178)
        at
org.apache.directory.server.core.jndi.ServerDirContext.modifyAttributes(ServerDirContext.java:153)
        at
javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:138)
        at
org.apache.directory.embed.webapp.StartStopListener.createAccessControlSubentry(StartStopListener.java:135)
        at
org.apache.directory.embed.webapp.StartStopListener.contextInitialized(StartStopListener.java:77)
        at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
        at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4350)
        at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
        at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
        at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
        at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
        at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:511)
        at
org.apache.catalina.startup.HostConfig.check(HostConfig.java:1229)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at
org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
        at
com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
        at
com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
        at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
        at
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
        at
org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1465)
        at
org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:821)
        at
org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:349)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:196)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
        at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:595)

I know this might be a very newbie question but I really can't find a
solution... help please. :(

-- 
View this message in context: 
http://www.nabble.com/-ApacheDS--Enable-access-control-to-allow-search-for-all-users-in-embedded-mode-tp19712967p19712967.html
Sent from the Apache Directory Project mailing list archive at Nabble.com.

Reply via email to