On my partition, dc=example, dc=com
administrativeRole is set to accessControlSpecificArea
I also created an accessControlSubentry, set a prescriptiveaci on
dc=example,dc=com
It's working...but
ou=schema is locked
If I try to connect as a normal user...
Error while opening connection
- [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for
SearchReques
- No schema information returned by server, using default schema.
javax.naming.NoPermissionException: [LDAP: error code 50 -
INSUFFICIENT_ACCESS_RIGHTS: failed for SearchRequest
baseDn : '2.5.4.3=schema'
filter : '(objectClass=subschema)'
scope : base object
typesOnly : false
Size Limit : no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes : 'objectclasses', 'attributetypes',
'ldapsyntaxes', 'matchingrules', 'matchingruleuse', 'createtimestamp',
'modifytimestamp'
: null]; remaining name 'cn=schema'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1812)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$1.run(JNDIConnectionWrapper.java:341)
at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1116)
at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.checkConnectionAndRunAndMonitor(JNDIConnectionWrapper.java:1047)
at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.search(JNDIConnectionWrapper.java:433)
at
org.apache.directory.studio.ldapbrowser.core.jobs.SearchRunnable.search(SearchRunnable.java:478)
at
org.apache.directory.studio.ldapbrowser.core.jobs.ExportLdifJob.search(ExportLdifJob.java:211)
at
org.apache.directory.studio.ldapbrowser.core.jobs.ReloadSchemaRunnable.reloadSchema(ReloadSchemaRunnable.java:175)
at
org.apache.directory.studio.ldapbrowser.core.BrowserConnectionListener.openBrowserConnection(BrowserConnectionListener.java:115)
at
org.apache.directory.studio.ldapbrowser.core.BrowserConnectionListener.connectionOpened(BrowserConnectionListener.java:65)
at
org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:125)
at
org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:113)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)
[LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for
SearchRequest
baseDn : '2.5.4.3=schema'
filter : '(objectClass=subschema)'
scope : base object
typesOnly : false
Size Limit : no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes : 'objectclasses', 'attributetypes',
'ldapsyntaxes', 'matchingrules', 'matchingruleuse', 'createtimestamp',
'modifytimestamp'
: null]
No schema information returned by server, using default schema.
Can anyone assist? I can't add an administrativeRole to ou=schema, it
won't let me, so how can I make it readable by users?
Thanks!
