Hi Andreas,
thanks for that! I'll post it to the user list in case anyone else has
the same problem :-)
cheers,
Chris
> Hello Chris
>
> I got some more working with this access rules:
>
> access to dn.base=""
> by * read
> access to dn.base="cn=schema"
> by * read
> access to dn.base="cn=subschema"
> by * read
> so if anybody ask this again. This is it for OpenLDAP slapd.access
>
> Thanks for your great work with JXplorer
> Andy
>
>
> Chris Betts wrote:
>> Hi Andreas,
>>
>> either a) change your 'dn.base' to = "cn=schema",
>> *or*
>> configure your server to publish the value "cn=subSchema" when the
>> 'suchemaSubentry' attribute is queried from the root DN.
>>
>> ... this is really a server config problem; you might be better off
>> asking for exact details of how to do this from the open ldap folks :-).
>> Usually open ldap does the right thing by default though... so maybe
>> these access control rules are messing things up? Why do you need to
>> access control your schema anyway? This would usually be a bad idea...
>> :-)
>>
>> cheers,
>>
>> Chris
>>
>>> Hello Chris
>>>
>>> I'm using a OpenLDAP server and I must admit, I'm not the LDAP expert.
>>> Now I use this access line to grant JXplorer access to the schema's.
>>>
>>> access to dn.base="cn=subSchema"
>>> by dn="uid=admin,o=foo,c=CH" read
>>>
>>> From the command line I was able to read the schema's with queries like:
>>>
>>> ldapsearch -LLL -x -W -D "cn=admin,dc=foo,dc=bar" -h localhost -b
>>> "cn=subSchema" -s base "objectClass=subschema" "matchingRules"
>>>
>>> ldapsearch -LLL -x -W -D "cn=admin,dc=foo,dc=bar" -h localhost -b
>>> "cn=subSchema" -s base "objectClass=subschema" "objectClassess"
>>>
>>> ldapsearch -LLL -x -W -D "cn=admin,dc=foo,dc=bar" -h localhost -b
>>> "cn=subSchema" -s base "objectClass=subschema" attributeTypes"
>>>
>>> But somehow not from JXplorer. Without any access restrictons I can get
>>> the schema's.
>>>
>>> Thanks for your help
>>> Andy
>>>
>>> [EMAIL PROTECTED] wrote:
>>>> Hi Andy,
>>>> It's a little complex, as servers are sometimes a bit patchy
>>>> following the ldap standards. The first thing JXplorer does is try to
>>>> read the 'subschemaSubentry' attribute from the root entry of the
>>>> directory. Usually this resolves to be 'cn=schema', but if JX can't
>>>> find a subschemaSubentry it will then default to 'cn=schema' anyway, as
>>>> this is sort of the defacto standard.
>>>> All the magic is in the java class 'SchemaOps.java' -
>>>> http://jxplorer.cvs.sourceforge.net/jxplorer/javasrc/com/ca/commons/jnd
>>>> i/Sch emaOps.java?view=markup
>>>> ... However from what you've said below, your server looks like it is
>>>> using a schema root of 'cn=subSchema', which is perfectly valid, so
>>>> long as it is correctly advertising it in the 'subschemaSubentry'
>>>> attribute of the root entry?
>>>> Other possibilities are to try to change your schema entry from
>>>> cn=subschema to cn=schema, or if the subschemaSubentry attribute is set
>>>> correctly there may be a bug in JXplorer, in which case let me know and
>>>> I'll try to fix it... there were problems a few years ago in
>>>> recognising the sub schema sub entry...
>>>> cheers!
>>>> - Chris
>>>>>
>>>>> Message body follows:
>>>>> Hello
>>>>> I really like JXplorer. Thanks for the great work. Now I've
>>>>> run into a problem with a server of mine concerning access
>>>>> rights. Somehow JXplorer can't list the Schema's. I've
>>>>> checked from the command line with
>>>>> ldapsearch -LLL -x -W -D "uid=admin*****" -h localhost -b
>>>>> "cn=subSchema" -s base "objectClass=subschema" "matchingRules"
>>>>> and I could read the schema's. So what request does JXplorer
>>>>> exactly send to request the schema's?
>>>>> I use the newest beta and other servers that don't have
>>>>> access rights work well so it is on my side but I need to
>>>>> know the exact query for debugging.
>>>>> Thanks
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Jxplorer-users mailing list
Jxplorer-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jxplorer-users
