Hello all,
it is hard to get the Authorization to work. I have tried the examples and read
the documentation under
http://directory.apache.org/apacheds/1.5/25-authorization.html but it is not
working. Maybe you can help me with my problem.
Version: ApacheDS 2.0.0-M7
Structure:
- dc=example
o ou=peoples,dc=example
o ou=users,dc=example
The persons who can log in are users and the other peoples. The "peoples" are
used for a big address book. Now I want to grant the "users" the search, read
right on "ou=peoples,dc=example". I have done the following things.
1. Adding the "administrativeRole" to "ou=peoples,dc=example"
this.peopleEntry = new DefaultEntry(this.getSchemaManager(),
"ou=peoples," + this.suffixDn);
this.peopleEntry.put(SchemaConstants.OBJECT_CLASS_AT,
SchemaConstants.TOP_OC,
SchemaConstants.ORGANIZATIONAL_UNIT_OC);
this.peopleEntry.put(SchemaConstants.OU_AT, "peoples");
this.peopleEntry.put("description", "The Fabis people element");
this.peopleEntry.put("administrativeRole",
"accessControlSpecificArea");
2. Adding a securityEntry under "ou=peoples,dc=example"
this.securityEntry = new DefaultEntry(this.getSchemaManager(),
"cn=enableSearchForAllUsers," +
this.peopleEntry.getDn());
this.securityEntry.put(SchemaConstants.OBJECT_CLASS_AT,
SchemaConstants.TOP_OC, SchemaConstants.SUBENTRY_OC,
SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC);
this.securityEntry.put("subtreeSpecification", "{}");
this.securityEntry.put("prescriptiveACI",
"{ \n" +
" identificationTag \"enableSearchForAllUsers\",\n" +
" precedence 14,\n" +
" authenticationLevel simple,\n" +
" itemOrUserFirst userFirst: \n" +
" { \n" +
" userClasses { allUsers }, \n" +
" userPermissions \n" +
" { \n" +
" {\n" +
" protectedItems {entry,
allUserAttributeTypesAndValues}, \n" +
" grantsAndDenials { grantRead, grantReturnDN,
grantBrowse } \n" +
" }\n" +
" } \n" +
" } \n" +
"}");
I can connect with my user "uid=test,ou=users,dc=example" but I cant see any
kind of content. What I am missing?
I would be really happy if you can help me.
Kind regards,
Tobias Boehm
