You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Amila Suriarachchi <am...@gmail.com> on 2010/01/27 18:03:24 UTC
Setting the Access control details
hi,
Currently I am looking into the possibilities of setting the access control
details with Apache directory service.
As I saw if we create a user under ou=users,ou=system, then only that user
(except admin) can access his details but others can not.
How can I do the same thing under a different partition.
eg ou=foo
With the given user guide and using Directory studio I learned that I can
use accessControlSubEntry and SubEntry Object classes for that
by giving access control polices with prescriptiveACI. In fact I could get
the given samples work.
How can I write the prescriptiveACI for the above requirement. From the
Directory Studio UI I saw user type called "This Entry" and Item type
"self value". Can those values use for that?
thanks,
Amila.
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/
Re: Setting the Access control details
Posted by Amila Suriarachchi <am...@gmail.com>.
On Thu, Jan 28, 2010 at 12:31 PM, Kiran Ayyagari <ay...@gmail.com>wrote:
>
> hi Amila,
>
>
>
>> but seems to be adminEntry.put("userPassword","admin"); is not working.
>>
>>
> try setting the password this way
>
> adminEntry.put("userPassword","admin".getBytes() );
>
It works thanks. Can you please look at the first issue as well?
thanks,
Amila.
>
> HTH
> Kiran Ayyagari
>
--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/
Re: Setting the Access control details
Posted by Kiran Ayyagari <ay...@gmail.com>.
hi Amila,
>
> but seems to be adminEntry.put("userPassword","admin"); is not working.
>
try setting the password this way
adminEntry.put("userPassword","admin".getBytes() );
HTH
Kiran Ayyagari
Re: Setting the Access control details
Posted by Amila Suriarachchi <am...@gmail.com>.
how to add a userPassoword filed as well. Could someone please help me on
this?
I use this to add new entries to the new partition.
LdapDN wso2dn = new LdapDN("ou=wso2");
ServerEntry wso2Entry = service.newEntry(wso2dn);
wso2Entry.add("objectClass", "top", "organizationalUnit",
"extensibleObject");
wso2Entry.add("ou", "wso2");
wso2Entry.add("administrativeRole",
"accessControlSpecificArea");
service.getAdminSession().add(wso2Entry);
// add the admin user
LdapDN admindn = new LdapDN("uid=admin,ou=wso2");
ServerEntry adminEntry = service.newEntry(admindn);
adminEntry.add("objectClass", "inetOrgPerson",
"organizationalPerson", "person", "top");
adminEntry.add("uid", "admin");
adminEntry.add("sn", "admin");
adminEntry.add("cn", "admin");
adminEntry.put("userPassword","admin");
service.getAdminSession().add(adminEntry);
but seems to be adminEntry.put("userPassword","admin"); is not working.
thanks,
Amila.
On Wed, Jan 27, 2010 at 10:33 PM, Amila Suriarachchi <
amilasuriarachchi@gmail.com> wrote:
> hi,
>
> Currently I am looking into the possibilities of setting the access control
> details with Apache directory service.
>
> As I saw if we create a user under ou=users,ou=system, then only that user
> (except admin) can access his details but others can not.
>
> How can I do the same thing under a different partition.
>
> eg ou=foo
>
> With the given user guide and using Directory studio I learned that I can
> use accessControlSubEntry and SubEntry Object classes for that
> by giving access control polices with prescriptiveACI. In fact I could get
> the given samples work.
>
> How can I write the prescriptiveACI for the above requirement. From the
> Directory Studio UI I saw user type called "This Entry" and Item type
> "self value". Can those values use for that?
>
> thanks,
> Amila.
>
> Amila Suriarachchi
> WSO2 Inc.
> blog: http://amilachinthaka.blogspot.com/
>
--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/