Ashton Davis created DIRSERVER-1994:
---------------------------------------
Summary: Can't apply ACI to ou=schema
Key: DIRSERVER-1994
URL: https://issues.apache.org/jira/browse/DIRSERVER-1994
Project: Directory ApacheDS
Issue Type: Bug
Components: schema
Affects Versions: 2.0.0-M17, 2.0.0-M16
Reporter: Ashton Davis
I'd like to allow a user to have read-only privileges to ou=schema - I can
accomplish this a few ways (apply an existing ACI to ou=schema, create a new
ACI subentry in ou=schema, etc) - but I can't seem to do it. Below are the
kinds of error messages I get.
#!RESULT ERROR
#!DATE 2014-08-25T19:41:34.756
#!ERROR [LDAP: error code 53 - UNWILLING_TO_PERFORM: failed for MessageType :
MODIFY_REQUEST Message ID : 16 Modify Request Object : 'ou=schema'
Modification[0] Operation : add
Modification administrativeRole:
accessControlInnerAreaorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@5f2a5fc2:
null]
dn: ou=schema
changetype: modify
add: administrativeRole
administrativeRole: accessControlInnerArea
-
#!RESULT ERROR
#!DATE 2014-08-25T19:46:49.450
#!ERROR [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for
MessageType : MODIFY_REQUEST Message ID : 25 Modify Request Object
: 'ou=schema' Modification[0] Operation : add
Modification accessControlSubentries:
cn=openOTPProxyUserACI,dc=ntent,dc=comorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@85bc62b0:
ERR_52 Cannot modify the attribute : attributetype (
1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries' DESC 'Used to
track a subentry associated with access control areas' EQUALITY
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
NO-USER-MODIFICATION USAGE directoryOperation )]
dn: ou=schema
changetype: modify
add: accessControlSubentries
accessControlSubentries: cn=openOTPProxyUserACI,dc=ntent,dc=com
-
--
This message was sent by Atlassian JIRA
(v6.2#6252)
