Hi, I'm running apacheds 2.0M11 and Studio 2.0.0v20130308.
I'm looking at the example in the documentation here: http://directory.apache.org/apacheds/basic-ug/3.2-basic-authorization.html I have access control enabled and created the operational attribute administrativeRole with value "accessControlSpecificArea" in the entry "o=sevenSeas". I have created created a subentry subordinate to "o=sevenSeas" to grant all operations' permissions to "cn=Horatio Nelson,ou=people,o=sevenSeas", who acts as directory manager I have created a new attribute value should added to the previously created Subentry's prescriptiveACI attribute to grant search and compare permissions to all users. cn: sevenseasAuthorizationRequirementsACISubentry createTimestamp: 20130718045513.434Z creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system entryCSN: 20130718050528.059000Z#000000#001#000000 entryDN: cn=sevenseasAuthorizationRequirementsACISubentry,o=sevenseas entryParentId: b38b8ff5-1ea8-4a05-a4b5-a3c6aa1d5063 entryUUID:: NTk2ZGEwMjUtYmIzMy00NDgzLWE1YmEtYmY0YmJhM2Y3NGMx modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system modifyTimestamp: 20130718050528.059Z objectClass: subentry objectClass: top prescriptiveACI: { identificationTag "allUsersSearchAndCompareACI", preceden ce 10, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems { entry, allUserAttribute TypesAndValues }, grantsAndDenials { grantFilterMatch, grantRead, grantComp are, grantReturnDN, grantBrowse, grantDiscloseOnError } } } } } prescriptiveACI: { identificationTag "directoryManagerFullAccessACI", preced ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass es { name { "cn=Horatio Nelson,ou=people,o=sevenseas" } }, userPermissions { { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDeni als { grantFilterMatch, grantInvoke, grantRemove, grantBrowse, grantDisclos eOnError, grantModify, grantRename, grantExport, grantRead, grantImport, gr antCompare, grantReturnDN, grantAdd } } } } } subtreeSpecification: { } I can get connected as user "Horatio Nelson" and set my base to ou=people,o=sevenseas, but I don't see any data. I suspect I'm missing something. Just not sure what. Thanks in advance, -Tayler
