[midPoint] Re. Permission error when modifying entry using LDAP Connector (OpenDJ)

Ivan Noris ivan.noris at evolveum.com
Wed Mar 26 20:36:08 CET 2014 

Hi Deepak,

On 03/26/2014 06:50 PM, Deepak Natarajan wrote:
> Hi -
>
> On my local environment I use OpenDJ as the identity store (mainly to
> test various configurations before moving to a proper test environment
> which runs Midpoint against Active Directory etc.).
>
> While testing the outward provisioning of changes to OU's, I run into a
> permission error (I've attached the relevant log (This works quite well
> with the AD connector, btw) :

Can you please check the following page and apply the permissions?
Personally, I'm a bit surprised, because I've tested renaming entries
extensively (yet, several weeks ago)...

http://opendj.forgerock.org/opendj-server/doc/admin-guide/index/chap-privileges-acis.html

Which version od OpenDJ are you using...? I was working with 2.4.6.
Maybe something has changed in OpenDJ implementation and more
permissions are now required... If you succeed, please let us know so
that we can fix the wiki. I'll try the rename if I find some time.

Regards,
Ivan


> Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 -
> The entry uid=lonfo-apos,ou=Vuggestuen Regnbuen -
> Valmuen,ou=Daginstitutioner,ou=Dagtilbud,ou=Børne- og
> Ungeforvaltningen,ou=Vejle Kommune,ou=apos,dc=vejle,dc=dk cannot be
> renamed due to insufficient access rights]
> 	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3095) ~[na:1.7.0_45]
> 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
> ~[na:1.7.0_45]
> 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
> ~[na:1.7.0_45]
> 	at com.sun.jndi.ldap.LdapCtx.c_rename(LdapCtx.java:726) ~[na:1.7.0_45]
> 	at
> com.sun.jndi.toolkit.ctx.ComponentContext.p_rename(ComponentContext.java:711)
> ~[na:1.7.0_45]
> 	at
> com.sun.jndi.toolkit.ctx.PartialCompositeContext.rename(PartialCompositeContext.java:269)
> ~[na:1.7.0_45]
> 	at
> com.sun.jndi.toolkit.ctx.PartialCompositeContext.rename(PartialCompositeContext.java:258)
> ~[na:1.7.0_45]
> 	at javax.naming.InitialContext.rename(InitialContext.java:443)
> ~[na:1.7.0_45]
> 	at
> org.identityconnectors.ldap.schema.LdapSchemaMapping.rename(LdapSchemaMapping.java:410)
> ~[ldap-connector-1.1.0.em2.jar:1.1.0.em2]
> 	... 54 common frames omitted
>
> I have followed the instructions to set the ACI's etc for
> Midpoint+OpenDJ (as in the Wiki) and creating, updating user attributes
> etc works correctly. The error occurs when I try to modify anything
> related to the OU (i.e move the user to a different org).
>
> Thanks for any suggestions.
>
> BR/Deepak
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com
  ___________________________________________
           "Idem per idem - semper idem Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140326/f8e1cf16/attachment.htm>

More information about the midPoint mailing list