Hi Stefan, Thank you for your response.. please find my further replies inline.
> >Hi Varun, > >Varun Dev wrote: >> Hi, >> I am new to apacheds and LDAP, I have recently downloaded and installed >> apacheds. I want setup access control in my directory. When I import the >> example files on a fresh installation >> >> apache_ds_tutorial.ldif >> authz_sevenSeas.ldif >> >> the user - Horatio Nelson does not have any permissions as per >> prescriptiveaci in sevenSeasAuthorizationRequirementsACISubentry >> >> In apacheds 1.0, Horatio Nelson can login, when I try to edit some >> attribute of a user I get following error in the apache studio and I >> don't see any trace in log files. >I haven't tested with 1.0, please use 1.5.4. > > >> In apacheds 1.5, Horatio Nelson can't even log in throwing the following >> error >> Error while opening connection >> - [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for >> SearchReques >> >You get this error using Studio, right? > >I also get this error when using Studio, however this is an issues of >Studio, call it bug or feature ;-). When opening the connection Studio >tries to fetch all available namingContexts (ou=system, ou=schema) and >the schema (cn=schema). However with activated access control the server >rejects this with error 50. So one option is to allow the read access to >these trees using ACIs. But we have to consider to change studio to not >search for those entries or to pop up this messages. I think fetching all available namingContexts is a server behavior not the studio behavior. When I login using PhpLdapAdmin, same happens. > >Anyway, when I click away the error message it works fine. Horatio >Nelson could browse and edit the o=sevenSeas tree. And other sailors >could browse, but not edit and don't see the userPassword attribute. > >Could you test please? > Yes I tried again and it behaves in the same way as you explained. >Kind Regards, >Stefan > > With apacheds 1.0, apache studio and PhpLdapAdmin logs in fine and also works fine with the example. I need a web interface that is why I am using PhpLdapAdmin, and it fails to work because of the exceptions that apacheds 1.5 throws when loging in. Can this be fixed??? As you also mentioned, I guess I can try to give search permissions to all users as a temporary fix to login without exceptions, but am not sure if it will work. Can you tell me how can I do this, will I have to create accessControlSubentry for each context? Regards Varun
============================== DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Further, this e-mail may contain viruses and all reasonable precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not liable for any damage sustained by you as a result of any virus in this e-mail. All applicable virus checks should be carried out by you before opening this e-mail or any attachment thereto. Thank you - OnMobile Global Limited. ==============================
