here is a screenshoot with the errors and the ApacheDirectoryStudio
window in background where you can see my ACI entry just configured like
described in the wiki page you passed in last mail:
http://i47.tinypic.com/28mk65z.png
pratical effects: if i leave ACI turned on my users are unable to see
anything in the ldap tree...!
Best regards,
Stefano Gargiulo.
2010/7/5 Emmanuel Lecharny <[email protected]
<mailto:[email protected]>>
On 7/5/10 5:54 PM, Stefano Gargiulo wrote:
I also have this warining in 1.5.7 but i'm using the demo ACI
provided in the getting started example:
cn="sevenSeasAuthorizationRequirementsACISubentry"
subtreeSpecification="{}"
prescriptiveACI="{
identificationTag
"directoryManagerFullAccessACI",
precedence 11,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses
{
name { "cn=Horatio
Nelson,ou=people,o=sevenSeas" }
},
userPermissions
{
{
protectedItems
{
entry, allUserAttributeTypesAndValues
},
grantsAndDenials
{
grantAdd, grantDiscloseOnError,
grantRead,
grantRemove, grantBrowse,
grantExport, grantImport,
grantModify, grantRename, grantReturnDN,
grantCompare, grantFilterMatch,
grantInvoke
}
}
}
}
}"
in my case the aci doesn't loads.. so i'm unable to use ACI in
ApacheDS.
Hmmm... What message do you get ?
The second prescriptiveACI seems to be ok, except that the
'grantDiscloseOnError' element starts on a new line without a
space at first position.
PS. what do you think about JSON for ACI syntax in a next
version of ApacheDS?
here, the syntax is handled by Apache Directory Studio, you don't
even have to manipulate the text itself.
Have a look at the next documentation we are currently rewritting :
https://cwiki.apache.org/confluence/display/DIRxSRVx20/2.5.7.1+Enable+Authenticated+Users+to+Browse+and+Read+Entries
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com <http://www.iktek.com>
