Ok, I understand the need for proper order within an .ldif file when loading
one via LdifFileLoader, thanks!
What I am still not clear about is how to properly add administrativeRole
entry. I have modified my .ldif file to look like this:
dn: dc=mycompany,dc=com
objectclass: domain
objectclass: top
objectclass: extensibleObject
dc: mycompany
ou: mycompany
dn: dc=mycompany,dc=com
changetype: modify
add: administrativeRole
administrativeRole: accessControlSpecificArea
dn: cn=allowUserSelfMod,dc=mycompany,dc=com
objectClass: subentry
objectClass: accessControlSubentry
objectClass: top
cn: allowUserSelfMod
prescriptiveACI: { identificationTag "", precedence 0, authenticationLevel s
imple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissi
ons { { protectedItems { entry }, grantsAndDenials { grantBrowse, grantRetu
rnDN, grantModify, grantRead } }, { protectedItems { allAttributeValues { u
serPassword } }, grantsAndDenials { grantRemove, grantAdd } } } } }
subtreeSpecification: { }
dn: ou=people,dc=mycompany,dc=com
objectClass: organizationalUnit
objectClass: top
ou: people
This is still not loading properly via LdifFileLoader. In your previous
response, you stated that administrativeRole must be added to the entry
immediately, yet I was still not able to make it work. Please show me the
proper way to configure it.
To answer your last question, I am using an admin session to import the .ldif
file.
Thanks!
On 11/02/15 19:26, Michael Perelman wrote :
> Hi. My case involves an embedded instance of ADS-M17 where I load a simple
> .ldif file
during start-up using LdifFileLoader instance. I always use the Studio to
perform initial
tests, and it works in this particular case. But when I use LdifFileLoader, the
security-related
entities are never created. Here is what the .ldif looks like:
LdapStudio will order the LDIF before injecting it. The LdifLoader wont.
Typically, here, the dc=myCompany,dc=com is not the first entry, and the
loader will yell at you because it's messing when it will try to load
the first entry (ou=people,dc=mycompany,dc=co).
Another thing : why are you modifying the entry you just injected before
(dc=mycompany,dc=com)? It's a better idea to add the administrativeRole
attribute to the entry immediately.
Last, not least: which user are you using to inject the entries ?
>
> dn: ou=people,dc=mycompany,dc=com
> objectClass: organizationalUnit
> objectClass: top
> ou: people
>
> dn: dc=mycompany,dc=com
> objectclass: domain
> objectclass: top
> objectclass: extensibleObject
> dc: mycompany
> ou: mycompany
>
> dn: dc=mycompany,dc=com
> changetype: modify
> add: administrativeRole
> administrativeRole: accessControlSpecificArea
>
> dn: cn=allowUserSelfMod,dc=mycompany,dc=com
> objectClass: subentry
> objectClass: accessControlSubentry
> objectClass: top
> cn: allowUserSelfMod
> prescriptiveACI: { identificationTag "", precedence 0, authenticationLevel s
> imple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissi
> ons { { protectedItems { entry }, grantsAndDenials { grantBrowse, grantRetu
> rnDN, grantModify, grantRead } }, { protectedItems { allAttributeValues { u
> serPassword } }, grantsAndDenials { grantRemove, grantAdd } } } } }
> subtreeSpecification: { }
>
> The dc=mycompany,dc=com partition and its ou=people org unit are created
> successfully
when using either the Studio or the LdifFileLoader. Yet partition's
administrativeRole and
accessControlSubentry are only created when using the Studio, while importing
via LdifFileLoader
does not! And no exceptions are thrown at any time.
>
> Thanks!
>
