I'm having problems enabling ACLs in my ApacheDS instance. I'm running latest ApacheDS + Directory Studio on Windows7 64.
I'm attempting to follow the instructions here: http://directory.apache.org/apacheds/basic-ug/3.2-basic-authorization.html http://directory.apache.org/apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html but it doesn't work as expected. I have turned on "Enable Access Control" for my server. I seem to permanently get an error when trying to define the administrativeRole attribute. When attempting to add the attribute I see a warning of the form: "Warning! According to the schema attribute administrativeRole is not allowed!" If I still continue to add the value I end up with an error as below (even though there doesn't appear to such an attribute): Error while executing LDIF - [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType : MODIFY_REQUEST java.lang.Exception: [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType : MODIFY_REQUEST Message ID : 12 Modify Request Object : 'ou=system' Modification[0] Operation : add Modification administrativeRole: accessControlSpecificArea org.apache.directory.api.ldap.model.message.ModifyRequestImpl@361be2e8: ERR_54 Cannot add a value which is already present : accessControlSpecificArea] at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1280) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$4.run(DirectoryApiConnectionWrapper.java:726) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1109) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.modifyEntry(DirectoryApiConnectionWrapper.java:748) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:514) at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272) at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.executeLdif(ExecuteLdifRunnable.java:157) at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.run(ExecuteLdifRunnable.java:123) at org.apache.directory.studio.ldapbrowser.core.jobs.UpdateEntryRunnable.run(UpdateEntryRunnable.java:59) at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:112) at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121) [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for MessageType : MODIFY_REQUEST Message ID : 12 Modify Request Object : 'ou=system' Modification[0] Operation : add Modification administrativeRole: accessControlSpecificArea org.apache.directory.api.ldap.model.message.ModifyRequestImpl@361be2e8: ERR_54 Cannot add a value which is already present : accessControlSpecificArea] This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it, is strictly prohibited. If you have received this communication in error please notify us by e-mail and then delete the e-mail and any copies of it. Software AG (UK) Limited Registered in England & Wales 1310740 - http://www.softwareag.com/uk