Re: Enabling ACLs problem?

Pierre-Arnaud Marcelot Mon, 29 Jul 2013 02:52:10 -0700

Looks like the first attempt at adding the value was successful and now the 
server indicates that it cannot add the same value a second time.


What happens is actually that the 'administrativeRole' attribute is an 
operational attribute.
Apache Directory Studio, by default, doesn't display operational attributes 
unless:
- You require them by right clicking on the entry and selecting "Fetch" > 
"Fetch Operational Attributes"
- Or, you enable on the connection, the "Fetch operational attributes while 
browsing" option in the Connections properties ("Browser Options" tab).

Hope this helps,
Pierre-Arnaud


On 29 juil. 2013, at 11:39, "Kuschnir, Mark" <[email protected]> 
wrote:

> I'm having problems enabling ACLs in my ApacheDS instance.
> I'm running latest ApacheDS + Directory Studio on Windows7 64.
> 
> I'm attempting to follow the instructions here:
> http://directory.apache.org/apacheds/basic-ug/3.2-basic-authorization.html
> http://directory.apache.org/apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html
> but it doesn't work as expected.
> 
> I have turned on "Enable Access Control" for my server.
> 
> I seem to permanently get an error when trying to define the 
> administrativeRole attribute.
> When attempting to add the attribute I see a warning of the form:
> "Warning! According to the schema attribute administrativeRole is not 
> allowed!"
> If I still continue to add the value I end up with an error as below (even 
> though there doesn't appear to such an attribute):
> 
> Error while executing LDIF
> - [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType : 
> MODIFY_REQUEST
>  java.lang.Exception: [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: 
> failed for MessageType : MODIFY_REQUEST
> Message ID : 12
>   Modify Request
>        Object : 'ou=system'
>            Modification[0]
>                Operation :  add
>                Modification
> administrativeRole: accessControlSpecificArea
> org.apache.directory.api.ldap.model.message.ModifyRequestImpl@361be2e8: 
> ERR_54 Cannot add a value which is already present : 
> accessControlSpecificArea]
>                at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1280)
>                at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
>                at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$4.run(DirectoryApiConnectionWrapper.java:726)
>                at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
>                at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1109)
>                at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.modifyEntry(DirectoryApiConnectionWrapper.java:748)
>                at 
> org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:514)
>                at 
> org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272)
>                at 
> org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.executeLdif(ExecuteLdifRunnable.java:157)
>                at 
> org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.run(ExecuteLdifRunnable.java:123)
>                at 
> org.apache.directory.studio.ldapbrowser.core.jobs.UpdateEntryRunnable.run(UpdateEntryRunnable.java:59)
>                at 
> org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:112)
>                at 
> org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
> 
>  [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType : 
> MODIFY_REQUEST
> Message ID : 12
>    Modify Request
>        Object : 'ou=system'
>            Modification[0]
>                Operation :  add
>                Modification
> administrativeRole: accessControlSpecificArea
> org.apache.directory.api.ldap.model.message.ModifyRequestImpl@361be2e8: 
> ERR_54 Cannot add a value which is already present : 
> accessControlSpecificArea]
> This communication contains information which is confidential and may also be 
> privileged. It is for the exclusive use of the intended recipient(s). If you 
> are not the intended recipient(s), please note that any distribution, 
> copying, or use of this communication or the information in it, is strictly 
> prohibited. If you have received this communication in error please notify us 
> by e-mail and then delete the e-mail and any copies of it.
> Software AG (UK) Limited Registered in England & Wales 1310740 - 
> http://www.softwareag.com/uk
>

Re: Enabling ACLs problem?

Reply via email to