Hi Varun, Varun Dev wrote: > Hi, > I am new to apacheds and LDAP, I have recently downloaded and installed > apacheds. I want setup access control in my directory. When I import the > example files on a fresh installation > > apache_ds_tutorial.ldif > authz_sevenSeas.ldif > > the user - Horatio Nelson does not have any permissions as per > prescriptiveaci in sevenSeasAuthorizationRequirementsACISubentry > > In apacheds 1.0, Horatio Nelson can login, when I try to edit some > attribute of a user I get following error in the apache studio and I > don't see any trace in log files. I haven't tested with 1.0, please use 1.5.4.
> In apacheds 1.5, Horatio Nelson can't even log in throwing the following > error > Error while opening connection > - [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for > SearchReques > You get this error using Studio, right? I also get this error when using Studio, however this is an issues of Studio, call it bug or feature ;-). When opening the connection Studio tries to fetch all available namingContexts (ou=system, ou=schema) and the schema (cn=schema). However with activated access control the server rejects this with error 50. So one option is to allow the read access to these trees using ACIs. But we have to consider to change studio to not search for those entries or to pop up this messages. Anyway, when I click away the error message it works fine. Horatio Nelson could browse and edit the o=sevenSeas tree. And other sailors could browse, but not edit and don't see the userPassword attribute. Could you test please? Kind Regards, Stefan
