Re: [ApacheDS] Re: Access Restriction

Fri, 04 Nov 2011 06:29:40 -0700 

The cn=admin2Test,uid=admin2,ou=system was never created because the
error occurred while I was trying to create it.

I was following Oliver's instructions by doing the following:
2) Add a new entry below the entry where you have added the
"administrativeRole" attribute. Use the object classes
"accessControlSubentry", "subentry" and "top". As RDN attribute name, use
"cn" and choose a name of your preference.
2a) You will be asked to specify the subentry. Leave it empty.
2b) You will be asked to specify the ACI element:
     * Identificator: <your choice>
     * Priority: 0
     * Authentication level: simple=non-SASL / strong=SASL (I would choose
simple first)
     * User or element first: User
     * User classes: Choose "name" and specify your admin2
     * User permissions:
       * Protected elements: "entry", "all user attribute types and values"
       * Grants and denials: Here, you can grant everything


When he says add a new entry below the entry where I added
administrativeRole, he means I should right click on the
uid=admin,ou=system and add an entry to that, right? That is what I
have been doing. Is this incorrect?

Thanks,
Kevin


On Fri, Nov 4, 2011 at 9:18 AM, Emmanuel Lécharny <[email protected]> wrote:
> On 11/4/11 2:13 PM, Kevin Hamilton wrote:
>>
>> version: 1
>> dn: uid=admin2,ou=systemobjectclass: organizationalPersonobjectclass:
>> personobjectclass: inetOrgPersonobjectclass: topcn: admin2sn:
>> admin2mail:[email protected]:  admin2userPassword:: REMOVED for
>> e-mailadministrativeRole: accessControlSpecificAreacreateTimestamp:
>> 20111104121155ZcreatorsName:
>> 0.9.2342.19200300.100.1.1=admin,2.5.4.11=systementryCSN:
>> 20111104121347.312000Z#000000#000#000000entryParentId: 1entryUUID::
>> REMOVED for e-mailmodifiersName:
>> 0.9.2342.19200300.100.1.1=admin,2.5.4.11=systemmodifyTimestamp:
>> 20111104121347ZpwdHistory:: REMOVED for e-mail
>
> Thanks, but the error messag was not for this entry, but for
> cn=admin2Test,uid=admin2,ou=system
>
> Do you have the LDIF for this entry ?
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>



-- 
Thanks,
Kevin

Reply via email to