|
If you were logged in you would be able to see more operations.
|
|
|
| Resolution Date: |
17/Aug/06 08:54 PM
|
|
As mentioned by Gianmaria Clerici,
the use of com.sun.jndi.ldap.LdapCtxFactory instead of org.apache.ldap.server.jndi.CoreContextFactory as the INITIAL_CONTEXT_FACTORY makes ACIs not working.
Here is an explanationof the problem I sent on the list :
I have some troubles to add some ACIs on ou=system to enable users to do
what they want with their own entry.
I added an "accessControlSpecificArea" value to the "administrativeRole"
attribute on ou=system.
I used the following subtree specification : "{}" and the following
value for my prescriptiveACI on the accesControlSubentry I created
under ou=system :
" { identificationTag "enableUserSelfModification", precedence 1,
authenticationLevel simple, itemOrUserFirst userFirst:{ userClasses {
thisEntry }, userPermissions { { protectedItems { entry,
allUserAttributeTypesAndValues }, grantsAndDenials { grantAdd,
grantRemove, grantModify, grantFilterMatch, grantCompare, grantRead,
grantReturnDN, grantBrowse } } } } }"
When i create a new user with admin rights and try to log under this
user, i get a 50 error code : noPermission. This is not an 49 error code
: AuthenticationException
|
|
Description
|
As mentioned by Gianmaria Clerici,
the use of com.sun.jndi.ldap.LdapCtxFactory instead of org.apache.ldap.server.jndi.CoreContextFactory as the INITIAL_CONTEXT_FACTORY makes ACIs not working.
Here is an explanationof the problem I sent on the list :
I have some troubles to add some ACIs on ou=system to enable users to do
what they want with their own entry.
I added an "accessControlSpecificArea" value to the "administrativeRole"
attribute on ou=system.
I used the following subtree specification : "{}" and the following
value for my prescriptiveACI on the accesControlSubentry I created
under ou=system :
" { identificationTag "enableUserSelfModification", precedence 1,
authenticationLevel simple, itemOrUserFirst userFirst:{ userClasses {
thisEntry }, userPermissions { { protectedItems { entry,
allUserAttributeTypesAndValues }, grantsAndDenials { grantAdd,
grantRemove, grantModify, grantFilterMatch, grantCompare, grantRead,
grantReturnDN, grantBrowse } } } } }"
When i create a new user with admin rights and try to log under this
user, i get a 50 error code : noPermission. This is not an 49 error code
: AuthenticationException |
Show » |
| There are no subversion log entries for this issue yet.
|
|
Bug
Closed
Major
ACI problem when using com.sun.jndi.ldap.LdapCtxFactory as the INITIAL_CONTEXT_FACTORY
