Hi
I get the following warning during startup of Apache ds 1.5.7.
WARN [org.apache.directory.server.core.authz.TupleCache] - Found
accessControlSubentry 'cn=RDSAuthorizationACISubentry,dc=xxx,dc=xx' without
any prescriptiveACI
My ACI is as follows:
# Create a subentry subordinate to "dc=xxx,dc=xx" to grant all operations'
permissions
# to "uid=adminuser,ou=people,dc=xxx,dc=xx", to grant search and compare
permissions
# to all users (even anonymous ones) and to deny search and compare
permissions for
# userPassword attribute to all users.
#
dn: cn=RDSAuthorizationACISubentry,dc=xxx,dc=xx
changetype: add
objectclass: top
objectclass: subentry
objectclass: accessControlSubentry
cn: RDSAuthorizationACISubentry
subtreeSpecification: {}
prescriptiveACI: {
identificationTag "directoryManagerFullAccessACI",
precedence 11,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses
{
name { "uid=adminuser,ou=people,dc=xxx,dc=com" }
},
userPermissions
{
{
protectedItems
{
entry, allUserAttributeTypesAndValues
},
grantsAndDenials
{
grantAdd, grantDiscloseOnError, grantRead,
grantRemove, grantBrowse, grantExport, grantImport,
grantModify, grantRename, grantReturnDN,
grantCompare, grantFilterMatch, grantInvoke
}
}
}
}
}
prescriptiveACI: {
identificationTag "allUsersACI",
precedence 10,
authenticationLevel none,
itemOrUserFirst userFirst:
{
userClasses
{
allUsers
},
userPermissions
{
{
protectedItems { entry, allUserAttributeTypesAndValues },
grantsAndDenials { grantRead, grantBrowse, grantReturnDN,
grantCompare, grantFilterMatch,
grantDiscloseOnError }
},
{
protectedItems { attributeType { userPassword } },
grantsAndDenials { denyRead, denyCompare, denyFilterMatch }
}
}
}
}
Please let me know if my ACI syntax is wrong or anything else I need to
add/remove?
Note:The same ACI is working with Apache DS 1.5.4.
--
Sudheer Kumar Arimbra
