aha, so the "add" attribute does the trick, I'm used to openldap, so that's why I was looking for an objectclass with m-may or m-must = administrativerole
thanks, Jeroen. On Thu, May 22, 2008 at 3:26 PM, Stefan Seelmann <[EMAIL PROTECTED]> wrote: > Hi Jeroen, > > Here is an example how to add the administrativeRole: > > http://directory.apache.org/apacheds/1.5/32-basic-authorization.data/authz_sevenSeas.ldif > > In the "Basic Users Guide" there are some examples how to set up > authorization: > http://directory.apache.org/apacheds/1.5/32-basic-authorization.html > > Kind Regards > Stefan > > > Jeroen Vriesman schrieb: > > Hi, > > > > thanks, this it doesn't complain about the syntax anymore. > > > > now it wants an "administrativeRole", which I would like to set to > > "accessControlSpecificArea" > > > > In the doc's I can only find how to do that programmatically, but I'm not > > java programmer, what would be the ldif for such an operation? > > > > thanks, > > Jeroen. > > > > > > On Thu, May 22, 2008 at 2:26 PM, Emmanuel Lecharny <[EMAIL PROTECTED] > > > > wrote: > > > > > >> Sorry, I forgot to add the " around enableSearchForAllUsers in the > >> prescriptiveACI attribute. Try this : > >> > >> dn: cn=enableSearchForAllUsers,dc=example,dc=com > >> cn: enableSearchForAllUsers > >> objectClass: top > >> objectClass: subentry > >> objectClass: accessControlSubentry > >> subtreeSpecification: {} > >> prescriptiveACI: { identificationTag "enableSearchForAllUsers", > precedence > >> 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses > { > >> allUsers }, userPermissions { { protectedItems {entry, > >> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, > >> grantReturnDN, grantBrowse } } } } } > >> > >> > >> > >> > >> Jeroen Vriesman wrote: > >> > >> > >>> Hi, > >>> > >>> this gives me: > >>> > >>> adding new entry "cn=enableSearchForAllUsers, o=hivos" > >>> ldap_add: Invalid syntax (21) > >>> additional info: failed to add entry > >>> cn=enableSearchForAllUsers,o=hivos: > >>> Attribute value '{ identificationTag enableSearchForAllUsers, > precedence > >>> 14, > >>> authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { > >>> allUsers }, userPermissions { { protectedItems {entry, > >>> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, > >>> grantReturnDN, grantBrowse } } } } }' for attribute 'prescriptiveaci' > is > >>> syntactically incorrect > >>> > >>> > >>> any idea why? > >>> > >>> On Thu, May 22, 2008 at 1:33 PM, Emmanuel Lecharny < > [EMAIL PROTECTED]> > >>> wrote: > >>> > >>> > >>> > >>> > >>>> Jeroen Vriesman wrote: > >>>> > >>>> > >>>> > >>>> > >>>>> Hi all > >>>>> > >>>>> I was looking at the howto: > >>>>> > http://directory.apache.org/apacheds/1.5/enablesearchforallusers.html > >>>>> > >>>>> it has a link to > >>>>> enableSearchForAllUsers.ldif< > >>>>> > >>>>> > http://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=DIRxSRVx11&title=enableSearchForAllUsers.ldif&linkCreation=true&fromPageId=55229 > >>>>> > >>>>> > >>>>> > >>>>>> which > >>>>>> > >>>>>> > >>>>>> > >>>>> points to a wiki, but I cannot find the ldif files of the example > >>>>> authentication configurations. > >>>>> > >>>>> Does anyone here have a link to the ldif files? > >>>>> > >>>>> cheers, > >>>>> Jeroen. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>> It seems that the link is broken. Can you fill a JIRA so that we > remember > >>>> to fix it ? > >>>> > >>>> Here is the LDIF file, just in case : > >>>> > >>>> dn: cn=enableSearchForAllUsers,dc=example,dc=com > >>>> cn: enableSearchForAllUsers > >>>> objectClass: top > >>>> objectClass: subentry > >>>> objectClass: accessControlSubentry > >>>> subtreeSpecification: {} > >>>> prescriptiveACI: { identificationTag enableSearchForAllUsers, > precedence > >>>> 14, authenticationLevel simple, itemOrUserFirst userFirst: { > userClasses > >>>> { > >>>> allUsers }, userPermissions { { protectedItems {entry, > >>>> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, > >>>> grantReturnDN, grantBrowse } } } } } > >>>> > >>>> > >>>> -- > >>>> -- > >>>> cordialement, regards, > >>>> Emmanuel Lécharny > >>>> www.iktek.com > >>>> directory.apache.org > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >>> > >> -- > >> -- > >> cordialement, regards, > >> Emmanuel Lécharny > >> www.iktek.com > >> directory.apache.org > >> > >> > >> > >> > > > > > >
