Le 06/01/2017 à 06:38, Lamar Hansford a écrit :
> Ok,
>
> I understand mostly what is going on now. protectedItems is an unfortunate
> name as this field actually indicates the view-able items. All items seem to
> be protected by default.
Blame X.500 for the naming convention :-)
OTOH, it's all about the way data are considered : at risk of being
exposed, so they need to be protected.
>
> It appears that the policy is restrictive
Indeed.
> and you must explicitly indicate each attribute which is to be exposed
> (unless you indicate all).
yes.
> This can be done by add attributeType and allAttributeValues.
>
> example:
> protectedItems
> {
> entry,
> attributeType { uid, publicKey },
> allAttributeValues { uid, publicKey }
> }
using allUserAttributeTypesAndValues { uid, publicKey } should work, too.
>
>
> Also, two points of interest in ApacheDS Studio:
>
> Point 1:
> * To view ACI subEntries you must select an entry, right-click,
> fetch->sub-entries.
> Point 2:
> There is a bug in the User Permission Editor where you cannot edit an ACI
> Attribute which contains an existing ProtectedItems->All Attribute values.
> The source for this element becomes corrupted and must be re-entered.
Can you fill a JIRA for this bug ?
Many thanks for your patience. This is not exactly the area where
ApacheDS is good, nor documented... That needs to be improved, and
explained !
--
Emmanuel Lecharny
Symas.com
directory.apache.org
