[jira] [Commented] (DIRSERVER-1994) Can't apply ACI to ou=schema

Fri, 12 Feb 2016 00:34:10 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15144262#comment-15144262
 ] 

Chris Roemmich commented on DIRSERVER-1994:
-------------------------------------------

Any update on this? Having the same issue on M21.

> Can't apply ACI to ou=schema
> ----------------------------
>
>                 Key: DIRSERVER-1994
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1994
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: schema
>    Affects Versions: 2.0.0-M16, 2.0.0-M17
>            Reporter: Ashton Davis
>
> I'd like to allow a user to have read-only privileges to ou=schema - I can 
> accomplish this a few ways (apply an existing ACI to ou=schema, create a new 
> ACI subentry in ou=schema, etc) - but I can't seem to do it.  Below are the 
> kinds of error messages I get.
> #!RESULT ERROR
> #!DATE 2014-08-25T19:41:34.756
> #!ERROR [LDAP: error code 53 - UNWILLING_TO_PERFORM: failed for MessageType : 
> MODIFY_REQUEST Message ID : 16     Modify Request         Object : 
> 'ou=schema'             Modification[0]                 Operation :  add      
>            Modification administrativeRole: 
> accessControlInnerAreaorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@5f2a5fc2:
>  null]
> dn: ou=schema
> changetype: modify
> add: administrativeRole
> administrativeRole: accessControlInnerArea
> -
> #!RESULT ERROR
> #!DATE 2014-08-25T19:46:49.450
> #!ERROR [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for 
> MessageType : MODIFY_REQUEST Message ID : 25     Modify Request         
> Object : 'ou=schema'             Modification[0]                 Operation :  
> add                 Modification accessControlSubentries: 
> cn=openOTPProxyUserACI,dc=ntent,dc=comorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@85bc62b0:
>  ERR_52 Cannot modify the attribute : attributetype ( 
> 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries'  DESC 'Used to 
> track a subentry associated with access control areas'    EQUALITY 
> distinguishedNameMatch         SYNTAX 1.3.6.1.4.1.1466.115.121.1.12    
> NO-USER-MODIFICATION    USAGE directoryOperation )]
> dn: ou=schema
> changetype: modify
> add: accessControlSubentries
> accessControlSubentries: cn=openOTPProxyUserACI,dc=ntent,dc=com
> -



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to