LDAP授权设置

时间:2018-08-28 07:45:57

标签: java ldap

我对LDAP没有太多经验。我使用Apache Directory Studio设置了服务器以进行测试。然后,我创建了一个域(dc = test),并添加了带有“ accessControlSubentry”对象类的子条目,并添加了“ prescriptiveACI”属性。 然后我用Apache Directory Studio重新连接到LDAP,找不到子条目 之前创建,但是域(dc = test)具有新的属性accessControlSubentries,其值为2.5.4.3 = enableallusersread,0.9.2342.19200300.100.1.25 = test,0.9.2342.19200300.100.1.25 = com, 而我尝试修改或删除此属性将引发异常

Error while executing LDIF
 - [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUES
  java.lang.Exception: [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST
Message ID : 23
    Modify Request
        Object : 'dc=test,dc=com'
            Modification[0]
                Operation :  delete
                Modification
accessControlSubentries: (null)org.apache.directory.api.ldap.model.message.ModifyRequestImpl@f5171ff4: ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries'
	DESC 'Used to track a subentry associated with access control areas'
	EQUALITY distinguishedNameMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
	NO-USER-MODIFICATION
	USAGE directoryOperation )]
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1374)
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$9(DirectoryApiConnectionWrapper.java:1342)
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$4.run(DirectoryApiConnectionWrapper.java:736)
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1269)
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1205)
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.modifyEntry(DirectoryApiConnectionWrapper.java:758)
	at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:515)
	at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272)
	at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.executeLdif(ExecuteLdifRunnable.java:157)
	at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.run(ExecuteLdifRunnable.java:123)
	at org.apache.directory.studio.ldapbrowser.core.jobs.UpdateEntryRunnable.run(UpdateEntryRunnable.java:59)
	at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:116)
	at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)

  [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST
Message ID : 23
    Modify Request
        Object : 'dc=test,dc=com'
            Modification[0]
                Operation :  delete
                Modification
accessControlSubentries: (null)org.apache.directory.api.ldap.model.message.ModifyRequestImpl@f5171ff4: ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries'
	DESC 'Used to track a subentry associated with access control areas'
	EQUALITY distinguishedNameMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
	NO-USER-MODIFICATION
	USAGE directoryOperation )]

all attribute of the domain

如何解决?或以其他方式修改“ accessControlSubentry”属性?

0 个答案:

没有答案
相关问题
最新问题