On 11/4/11 2:29 PM, Kevin Hamilton wrote:
The cn=admin2Test,uid=admin2,ou=system was never created because the error occurred while I was trying to create it.I was following Oliver's instructions by doing the following: 2) Add a new entry below the entry where you have added the "administrativeRole" attribute. Use the object classes "accessControlSubentry", "subentry" and "top". As RDN attribute name, use "cn" and choose a name of your preference. 2a) You will be asked to specify the subentry. Leave it empty. 2b) You will be asked to specify the ACI element: * Identificator:<your choice> * Priority: 0 * Authentication level: simple=non-SASL / strong=SASL (I would choose simple first) * User or element first: User * User classes: Choose "name" and specify your admin2 * User permissions: * Protected elements: "entry", "all user attribute types and values" * Grants and denials: Here, you can grant everything When he says add a new entry below the entry where I added administrativeRole, he means I should right click on the uid=admin,ou=system and add an entry to that, right? That is what I have been doing. Is this incorrect?
No, this is the way it should be done. The error message is a bit suprising... What version of ADS are you using ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
