我正在尝试向OpenDS运行Windows添加帐户。 我使用spring,opends2.2.1,hibernate和Jboss 5.1 当我尝试添加用户时,出现以下错误。
javax.faces.FacesException: #{user.save}: org.springframework.ldap.UncategorizedLdapException: Operation failed; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - The entry uid=test@info.com,ou=People,o=Drive,dc=company,dc=com cannot be added due to insufficient access rights]; remaining name 'uid=test@info.com, ou=People, o=Drive'
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
at javax.faces.component.UICommand.broadcast(UICommand.java:315)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:794)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1259)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
答案 0 :(得分:1)
您需要授予password-reset
使用radmin的权限(或者您尝试更改密码的用户):
请参阅:https://backstage.forgerock.com/#!/docs/opendj/3/admin-guide#about-privileges
"例如,为了重置用户的密码,管理员 需要
password-reset
权限和访问控制权限 在用户条目上写userPassword
个值。"
答案 1 :(得分:0)
请验证LDAP目录是否配置正确 连接到LDAP目录中的权限。
此错误是LDAP端的权限配置问题
您的LDAP管理员需要授予LDAP绑定用户权限 编辑属性所需的权限。具体如何设置将根据您使用的LDAP服务器类型而有所不同。
从目录服务器检索LDAP用户,组和成员身份。通过应用程序管理屏幕修改用户,组或成员身份时,更改将直接应用于LDAP目录服务器。请确保为应用程序指定的LDAP用户具有LDAP目录服务器的修改权限。
我希望我的答案对你的情况有用。因为根据日志,它表示您在修改LDAP条目时面临权限问题。