<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Deepak,<br>
<br>
<div class="moz-cite-prefix">On 03/26/2014 06:50 PM, Deepak
Natarajan wrote:<br>
</div>
<blockquote cite="mid:53331349.3010807@gmail.com" type="cite">
<pre wrap="">
Hi -
On my local environment I use OpenDJ as the identity store (mainly to
test various configurations before moving to a proper test environment
which runs Midpoint against Active Directory etc.).
While testing the outward provisioning of changes to OU's, I run into a
permission error (I've attached the relevant log (This works quite well
with the AD connector, btw) :
</pre>
</blockquote>
<br>
Can you please check the following page and apply the permissions?
Personally, I'm a bit surprised, because I've tested renaming
entries extensively (yet, several weeks ago)...<br>
<br>
<a class="moz-txt-link-freetext" href="http://opendj.forgerock.org/opendj-server/doc/admin-guide/index/chap-privileges-acis.html">http://opendj.forgerock.org/opendj-server/doc/admin-guide/index/chap-privileges-acis.html</a><br>
<br>
Which version od OpenDJ are you using...? I was working with 2.4.6.
Maybe something has changed in OpenDJ implementation and more
permissions are now required... If you succeed, please let us know
so that we can fix the wiki. I'll try the rename if I find some
time.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<br>
<blockquote cite="mid:53331349.3010807@gmail.com" type="cite">
<pre wrap="">
Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 -
The entry uid=lonfo-apos,ou=Vuggestuen Regnbuen -
Valmuen,ou=Daginstitutioner,ou=Dagtilbud,ou=Børne- og
Ungeforvaltningen,ou=Vejle Kommune,ou=apos,dc=vejle,dc=dk cannot be
renamed due to insufficient access rights]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3095) ~[na:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
~[na:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
~[na:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.c_rename(LdapCtx.java:726) ~[na:1.7.0_45]
at
com.sun.jndi.toolkit.ctx.ComponentContext.p_rename(ComponentContext.java:711)
~[na:1.7.0_45]
at
com.sun.jndi.toolkit.ctx.PartialCompositeContext.rename(PartialCompositeContext.java:269)
~[na:1.7.0_45]
at
com.sun.jndi.toolkit.ctx.PartialCompositeContext.rename(PartialCompositeContext.java:258)
~[na:1.7.0_45]
at javax.naming.InitialContext.rename(InitialContext.java:443)
~[na:1.7.0_45]
at
org.identityconnectors.ldap.schema.LdapSchemaMapping.rename(LdapSchemaMapping.java:410)
~[ldap-connector-1.1.0.em2.jar:1.1.0.em2]
... 54 common frames omitted
I have followed the instructions to set the ACI's etc for
Midpoint+OpenDJ (as in the Wiki) and creating, updating user attributes
etc works correctly. The error occurs when I try to modify anything
related to the OU (i.e move the user to a different org).
Thanks for any suggestions.
BR/Deepak
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com
___________________________________________
"Idem per idem - semper idem Vix."
</pre>
</body>
</html>