Hello,
I am having troubles with ACI. IN all cases the default admin account works.
I have created the following structure:
* dc=domain,dc=dc (default using ApacheDS Studio)
-- * ou=users
---- * uid=platform-admin (inetOrgPerson)
---- * uid=testUser (inetOrgPerson)
-- * ou=groups
---- * ...etc
With ACL turned on....
Whenever I login using:
* uid=platform-admin,ou=users,dc=domain,dc=com
I cannot view the list of partitions. If I add base DN:
* dc=domain,dc=com
I see nothing. Not even the default partition. Only Root DSE(6)
NOTE: I can see/modify non-system partitions with ACL disabled.
I have added [ administrativeRole=accessControlSpecificArea ] to the base
partition (dc=domain,dc=dc)
I have added the following subEntry:
* objectClass=accessControlSubentry
* objectClass=accessControlSubentry
* top
prescriptiveACI=
{
identificationTag "ACI",
precedence 0,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses { allUsers },
userPermissions
{
{
protectedItems { },
grantsAndDenials
{
grantReturnDN,
grantRead,
grantDiscloseOnError,
grantRemove,
grantAdd,
grantInvoke,
grantCompare,
grantImport,
grantRename,
grantExport,
grantModify,
grantBrowse,
grantFilterMatch
}
}
}
}
NOTE:
When I restart the server the accessControlSubentries seem to get added as an
attribute to the DN:dc=domain,dc=dc. I can no longer delete them. As a result
I now have multiple accumulated entries. However, I created a new partition
and see the same issue.
Summary of the Issue:
with ACL enabled I cannot get a regular user to see any partitions or DN.
With/without administrativeRole enabled.
Any ideas?
