looks like the lack of precedence value in user permissions is causing this
try this(note that the only addition is 'precedence 1,')
{
identificationTag "enableSearchForAllUsers",
precedence 11,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses { allUsers },
userPermissions
{
{
precedence 1,
protectedItems { entry, allUserAttributeTypesAndValues },
grantsAndDenials
{
grantRead,
grantBrowse,
grantReturnDN
}
}
}
}
}
On Fri, Nov 23, 2012 at 1:04 PM, Eugene Prokopiev <[email protected]> wrote:
> I tried to allow search for all users as described in
> http://directory.apache.org/apacheds/1.5/enablesearchforallusers.html:
>
> $ ldapadd -h localhost -p 10389 -D "uid=admin,ou=system" -W -f aci.ldif
> Enter LDAP Password:
> adding new entry "cn=enableSearchForAllUsers,dc=home"
> ldap_add: Invalid syntax (21)
> additional info: INVALID_ATTRIBUTE_SYNTAX: failed for Add
> Request :
> ClientEntry
> dn: cn=enableSearchForAllUsers,dc=home
> objectClass: top
> objectClass: subentry
> objectClass: accessControlSubentry
> cn: enableSearchForAllUsers
> prescriptiveACI: { identificationTag \"enableSearchForAllUsers\",
> precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: {
> userClasses { allUsers }, userPermissions { { protectedItems {entry,
> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
> grantReturnDN, grantBrowse } } } } }
> subtreeSpecification: {}
> : Attribute value '{ identificationTag \"enableSearchForAllUsers\",
> precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: {
> userClasses { allUsers }, userPermissions { { protectedItems {entry,
> allUserAttributeTypesAndValues}, grantsAndDenials { grantRead,
> grantReturnDN, grantBrowse } } } } }' for attribute 'prescriptiveACI' is
> syntactically incorrect
>
> What is wrong?
>
> --
> Regards,
> Eugene Prokopiev
>
--
Kiran Ayyagari
http://keydap.com
