Hi,
I wonder if someone could point out if I'm doing anything wrong here, or if
this *should* work and just doesn't.
I'm implementing an access control list by creating an accessControlSubentry
class and within that class giving it a prescriptiveACI attribute which I would
like to be applied to multiple userGroup instances:
...
userClasses
{
userGroup { "cn=Group 1,ou=groups,ou=system" },
userGroup { "cn=Group 2,ou=groups,ou=system" }
},
...
However, when I do this I get an error saying the following:
#!ERROR [LDAP: error code 21 - INVALID_ATTRIBUTE_SYNTAX: failed for MessageType
: ADD_REQUEST Message ID : 448 Add Request : Entry ...' for the
AttributeType 'ATTRIBUTE_TYPE ( 2.5.24.4 NAME 'prescriptiveACI' DESC Access
control information that applies to a set of entries EQUALITY
directoryStringFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 USAGE
directoryOperation ) ']
If I only have one userGroup within the userClasses then it works fine, but
this means that I need to split each userGroup out into its own prescriptiveACI
entry, each with identical userPermissions.
Am I doing something wrong here with my userClasses definition, or can you not
have more than one group?
Thanks,
Rich
______________________________________________________________________
The Company gives no warranty as to the accuracy or completeness of electronic
mail messages sent over the Internet and accepts no responsibility for changes
made after it was sent. Any opinion expressed in this email may be personal to
the author, may not necessarily reflect the opinions of the Company or its
affiliates and may be subject to change without notice.
The information contained in this communication is confidential and/or
proprietary business or technical data. If you are not the intended recipient,
you are hereby notified that any dissemination, copying or distribution of this
communication, or the taking of any action in reliance on the contents of this
communication, is strictly prohibited. If you have received this communication
in error, please immediately notify us electronically by return message, and
delete or destroy all copies of this communication.
Quicksilva Limited, Reg No 3860799, Incorporated at Companies House, Cardiff.
Registered Office: Langley Gate, Swindon Road, Chippenham, Wiltshire, SN15 5SE.
Vat Reg No 762 8082 16.
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
