[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Creating branches using ACIs: Insufficient access ('entry' access to a non-existing object)



[For the archives]

Quoting Turbo Fredriksson <turbo@bayour.com>:

> I'm trying to create an object just below (one of) my top 
> DNs.
> 
> The object I try to create looks like:
> ----- s n i p -----
> dn: o=Testing,c=SE
> o: Testing
> objectClass: organization
> objectClass: phpQLAdminBranch
> ----- s n i p -----
> 
> The ACIs (in c=SE) look like (I'm correctly mapped, as seen below):
> ----- s n i p -----
> dn: c=SE
> OpenLDAPaci: 1.2.3#entry#grant;r;[entry];r,s,c;objectClass,entry#public#
> OpenLDAPaci: 1.2.3#entry#grant;r,s,c;c,userReference,branchReference,administrator#public#
> OpenLDAPaci: 1.2.3#entry#grant;w,r,s,c;[children]#access-id#cn=Turbo Fredriksson,ou=People,o=Fredriksson,c=SE
> OpenLDAPaci: 1.2.3#entry#grant;w,r,s,c,x;[all]#access-id#cn=Turbo Fredriksson,ou=People,o=Fredriksson,c=SE
> ----- s n i p -----

If adding OpenLDAPaci attribute at the time of adding the object, it works.

Ie, adding the object LDIF like this makes it work...
----- s n i p -----
dn: o=Testing,c=SE
o: Testing
objectClass: organization
objectClass: phpQLAdminBranch
OpenLDAPaci: 1.2.3#entry#grant;w;[entry]#access-id#cn=Turbo Fredriksson,ou=People,o=Fredriksson,c=SE
[more OpenLDAPaci here] 
----- s n i p -----