У меня нет большого опыта работы с LDAP. Я настроил сервер с Apache Directory Studio для целей тестирования. Затем я создал домен (dc = test) и добавил подстатью с объектным классом «accessControlSubentry» и добавил атрибут «prescriptiveACI».
Затем я использовал Apache Directory Studio, переподключенную к LDAP, и не могу найти подстатью.
созданный ранее, но домен (dc = test) имел новый атрибут accessControlSubentries со значением 2.5.4.3 = enableallusersread, 0.9.2342.19200300.100.1.25 = test, 0.9.2342.19200300.100.1.25 = com,
и я пытаюсь изменить или удалить этот атрибут, выдает исключение
Error while executing LDIF
- [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUES
java.lang.Exception: [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST
Message ID : 23
Modify Request
Object : 'dc=test,dc=com'
Modification[0]
Operation : delete
Modification
accessControlSubentries: (null)org.apache.directory.api.ldap.model.message.ModifyRequestImpl@f5171ff4: ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries'
DESC 'Used to track a subentry associated with access control areas'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
NO-USER-MODIFICATION
USAGE directoryOperation )]
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1374)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$9(DirectoryApiConnectionWrapper.java:1342)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$4.run(DirectoryApiConnectionWrapper.java:736)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1269)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1205)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.modifyEntry(DirectoryApiConnectionWrapper.java:758)
at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:515)
at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272)
at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.executeLdif(ExecuteLdifRunnable.java:157)
at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.run(ExecuteLdifRunnable.java:123)
at org.apache.directory.studio.ldapbrowser.core.jobs.UpdateEntryRunnable.run(UpdateEntryRunnable.java:59)
at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:116)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)
[LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST
Message ID : 23
Modify Request
Object : 'dc=test,dc=com'
Modification[0]
Operation : delete
Modification
accessControlSubentries: (null)org.apache.directory.api.ldap.model.message.ModifyRequestImpl@f5171ff4: ERR_52 Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries'
DESC 'Used to track a subentry associated with access control areas'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
NO-USER-MODIFICATION
USAGE directoryOperation )]
все атрибуты домена
Как ее решить? или каким-либо другим способом изменить атрибут «accessControlSubentry»?