[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Creating branches using ACIs: Insufficient access ('entry' access to a non-existing object)
[For the archives]
Quoting Turbo Fredriksson <turbo@bayour.com>:
> I'm trying to create an object just below (one of) my top
> DNs.
>
> The object I try to create looks like:
> ----- s n i p -----
> dn: o=Testing,c=SE
> o: Testing
> objectClass: organization
> objectClass: phpQLAdminBranch
> ----- s n i p -----
>
> The ACIs (in c=SE) look like (I'm correctly mapped, as seen below):
> ----- s n i p -----
> dn: c=SE
> OpenLDAPaci: 1.2.3#entry#grant;r;[entry];r,s,c;objectClass,entry#public#
> OpenLDAPaci: 1.2.3#entry#grant;r,s,c;c,userReference,branchReference,administrator#public#
> OpenLDAPaci: 1.2.3#entry#grant;w,r,s,c;[children]#access-id#cn=Turbo Fredriksson,ou=People,o=Fredriksson,c=SE
> OpenLDAPaci: 1.2.3#entry#grant;w,r,s,c,x;[all]#access-id#cn=Turbo Fredriksson,ou=People,o=Fredriksson,c=SE
> ----- s n i p -----
If adding OpenLDAPaci attribute at the time of adding the object, it works.
Ie, adding the object LDIF like this makes it work...
----- s n i p -----
dn: o=Testing,c=SE
o: Testing
objectClass: organization
objectClass: phpQLAdminBranch
OpenLDAPaci: 1.2.3#entry#grant;w;[entry]#access-id#cn=Turbo Fredriksson,ou=People,o=Fredriksson,c=SE
[more OpenLDAPaci here]
----- s n i p -----