Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.0.0-M16, 2.0.0-M17
-
None
-
None
Description
I'd like to allow a user to have read-only privileges to ou=schema - I can accomplish this a few ways (apply an existing ACI to ou=schema, create a new ACI subentry in ou=schema, etc) - but I can't seem to do it. Below are the kinds of error messages I get.
#!RESULT ERROR
#!DATE 2014-08-25T19:41:34.756
#!ERROR [LDAP: error code 53 - UNWILLING_TO_PERFORM: failed for MessageType : MODIFY_REQUEST Message ID : 16 Modify Request Object : 'ou=schema' Modification[0] Operation : add Modification administrativeRole: accessControlInnerAreaorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@5f2a5fc2: null]
dn: ou=schema
changetype: modify
add: administrativeRole
administrativeRole: accessControlInnerArea
-
#!RESULT ERROR
#!DATE 2014-08-25T19:46:49.450
#!ERROR [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST Message ID : 25 Modify Request Object : 'ou=schema' Modification[0] Operation : add Modification accessControlSubentries: cn=openOTPProxyUserACI,dc=ntent,dc=comorg.apache.directory.api.ldap.model.message.ModifyRequestImpl@85bc62b0: ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries' DESC 'Used to track a subentry associated with access control areas' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation )]
dn: ou=schema
changetype: modify
add: accessControlSubentries
accessControlSubentries: cn=openOTPProxyUserACI,dc=ntent,dc=com
-