[midPoint] Re. Permission error when modifying entry using LDAP Connector (OpenDJ)
Deepak Natarajan
dnataraj at gmail.com
Wed Mar 26 18:50:01 CET 2014
Hi -
On my local environment I use OpenDJ as the identity store (mainly to
test various configurations before moving to a proper test environment
which runs Midpoint against Active Directory etc.).
While testing the outward provisioning of changes to OU's, I run into a
permission error (I've attached the relevant log (This works quite well
with the AD connector, btw) :
Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 -
The entry uid=lonfo-apos,ou=Vuggestuen Regnbuen -
Valmuen,ou=Daginstitutioner,ou=Dagtilbud,ou=Børne- og
Ungeforvaltningen,ou=Vejle Kommune,ou=apos,dc=vejle,dc=dk cannot be
renamed due to insufficient access rights]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3095) ~[na:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
~[na:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
~[na:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.c_rename(LdapCtx.java:726) ~[na:1.7.0_45]
at
com.sun.jndi.toolkit.ctx.ComponentContext.p_rename(ComponentContext.java:711)
~[na:1.7.0_45]
at
com.sun.jndi.toolkit.ctx.PartialCompositeContext.rename(PartialCompositeContext.java:269)
~[na:1.7.0_45]
at
com.sun.jndi.toolkit.ctx.PartialCompositeContext.rename(PartialCompositeContext.java:258)
~[na:1.7.0_45]
at javax.naming.InitialContext.rename(InitialContext.java:443)
~[na:1.7.0_45]
at
org.identityconnectors.ldap.schema.LdapSchemaMapping.rename(LdapSchemaMapping.java:410)
~[ldap-connector-1.1.0.em2.jar:1.1.0.em2]
... 54 common frames omitted
I have followed the instructions to set the ACI's etc for
Midpoint+OpenDJ (as in the Wiki) and creating, updating user attributes
etc works correctly. The error occurs when I try to modify anything
related to the OU (i.e move the user to a different org).
Thanks for any suggestions.
BR/Deepak
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: idm-ldap-error-local.log
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140326/a8cc1ec9/attachment.ksh>
More information about the midPoint
mailing list