Pardon me for replying to such an old message (the original is from July 11), but I have ran into exactly the same problem as Mr. Taft. Since it seems like the question was never answered, I am making a try.
To recap: after enabling access control as described at http://directory.apache.org/apacheds/1.5/32-basic-authorization.html, I get an error message which is identical to the one below. Jonas Lindström Dylan Taft wrote: > On my partition, dc=example, dc=com > administrativeRole is set to accessControlSpecificArea I also created an accessControlSubentry, set a prescriptiveaci on dc=example,dc=com > > It's working...but > > ou=schema is locked > If I try to connect as a normal user... > > Error while opening connection > - [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for SearchReques > - No schema information returned by server, using default schema. > javax.naming.NoPermissionException: [LDAP: error code 50 - > INSUFFICIENT_ACCESS_RIGHTS: failed for SearchRequest > baseDn : '2.5.4.3=schema' > filter : '(objectClass=subschema)' > scope : base object > typesOnly : false > Size Limit : no limit > Time Limit : no limit > Deref Aliases : deref Always > attributes : 'objectclasses', 'attributetypes', 'ldapsyntaxes', 'matchingrules', 'matchingruleuse', 'createtimestamp', 'modifytimestamp' > : null]; remaining name 'cn=schema' > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3013) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758) > at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1812) > at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735) > at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) > at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$1.run(JNDIConnectionWrapper.java:341) > at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1116) > at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.checkConnectionAndRunAndMonitor(JNDIConnectionWrapper.java:1047) > at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.search(JNDIConnectionWrapper.java:433) > at org.apache.directory.studio.ldapbrowser.core.jobs.SearchRunnable.search(SearchRunnable.java:478) > at org.apache.directory.studio.ldapbrowser.core.jobs.ExportLdifJob.search(ExportLdifJob.java:211) > at org.apache.directory.studio.ldapbrowser.core.jobs.ReloadSchemaRunnable.reloadSchema(ReloadSchemaRunnable.java:175) > at org.apache.directory.studio.ldapbrowser.core.BrowserConnectionListener.openBrowserConnection(BrowserConnectionListener.java:115) > at org.apache.directory.studio.ldapbrowser.core.BrowserConnectionListener.connectionOpened(BrowserConnectionListener.java:65) > at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:125) > at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:113) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) > > [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for SearchRequest > baseDn : '2.5.4.3=schema' > filter : '(objectClass=subschema)' > scope : base object > typesOnly : false > Size Limit : no limit > Time Limit : no limit > Deref Aliases : deref Always > attributes : 'objectclasses', 'attributetypes', 'ldapsyntaxes', 'matchingrules', 'matchingruleuse', 'createtimestamp', 'modifytimestamp' > : null] > No schema information returned by server, using default schema. > > > Can anyone assist? I can't add an administrativeRole to ou=schema, it won't let me, so how can I make it readable by users? > > Thanks!
