Re: [ApacheDS]How delete "accessControlSubentries" object

Wed, 13 Mar 2019 02:36:00 -0700 

Hi!

This is not the simplest part of the server...
Basically, accessControlSubentries cannot be deleted by the user - even by admin -. This operational attribute is automatically injected in an entry. 

If you want to remove it, you have to remove the full entry.

On 13/03/2019 03:30, Loading..... wrote:

Hi guys,
I'm try to do something with ACI , I follow this article
https://directory.apache.org/apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html
and it's works, but when I try to delete test "accessControlSubentries" object there some error happend 

when i click OK there ERROR occured

Here is Details:

Error while executing LDIF
 - [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUES   java.lang.Exception: [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST 
Message ID : 224
    Modify Request
        Object : 'dc=example,dc=com'
            Modification[0]
                Operation :  delete
                Modification
accessControlSubentries: (null)org.apache.directory.api.ldap.model.message.ModifyRequestImpl@fcdf11fa: ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries' 
DESC 'Used to track a subentry associated with access control areas'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
NO-USER-MODIFICATION
USAGE directoryOperation )]
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1418) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$11(DirectoryApiConnectionWrapper.java:1386) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$4.run(DirectoryApiConnectionWrapper.java:787) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1312) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1256) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.modifyEntry(DirectoryApiConnectionWrapper.java:809) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:515) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.executeLdif(ExecuteLdifRunnable.java:157) at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.run(ExecuteLdifRunnable.java:123) at org.apache.directory.studio.ldapbrowser.core.jobs.UpdateEntryRunnable.run(UpdateEntryRunnable.java:59) at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:129) at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)
  [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST 
Message ID : 224
    Modify Request
        Object : 'dc=example,dc=com'
            Modification[0]
                Operation :  delete
                Modification
accessControlSubentries: (null)org.apache.directory.api.ldap.model.message.ModifyRequestImpl@fcdf11fa: ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries' 
DESC 'Used to track a subentry associated with access control areas'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
NO-USER-MODIFICATION
USAGE directoryOperation )]


Here is Modification log:

#!RESULT ERROR

#!CONNECTION ldap://172.17.40.137:10636

#!DATE 2019-03-13T02:22:17.423
#!ERROR [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST Message ID : 224 Modify Request Object : 'dc=example,dc=com' Modification[0] Operation :delete Modification accessControlSubentries: (null)org.apache.directory.api.ldap.model.message.ModifyRequestImpl@fcdf11fa: ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries' DESC 'Used to track a subentry associated with access control areas' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation )] 

*dn**: **dc=example,dc=com*

*changetype**: **modify*

*delete**: **accessControlSubentries*

*-*


I'm use "uid=admin,ou=system" to login
am i missing something?
look forward your reply! Thanks!

Mike Yoo

Reply via email to