OID Synchronization import LDIF-file Insufficient Access Rights
Date: Tue, 5 Feb 2008 06:26:10 -0800 (PST)
Message-ID: <b0959cc7-d2d0-4fa5-a8e9-3e553f855900@s8g2000prg.googlegroups.com>
Export synchronization works fins now (for thouse of you that have
followed my struggle learning OID...). But import does not.
I am trying to do an OID import Synchronization from an LDIF-file. When I look in the log-file
C:\OraHome_1\ldap\odi\log\MYPROFILE.trc
I can see this error:
Total # of Mod Items : 1
Exception Modifying Entry : javax.naming.NoPermissionException: [LDAP:
error code 50 - Insufficient Access Rights]; remaining name
'cn=hans,dc=mu'
[LDAP: error code 50 - Insufficient Access Rights]
javax.naming.NoPermissionException: [LDAP: error code 50 -
Insufficient Access Rights]; remaining name 'cn=hans,dc=mu'
According to
http://forums.oracle.com/forums/thread.jspa?threadID=262585
this error can be corrected by modifying a file called grantrole.ldif
which is provided in the samples that can be downloaded from here:
http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/samplefiles.zip
This is the contetns of the grantrole.ldif
dn: cn=Users,dc=acme,dc=com
changetype: modify
add: orclaci
orclaci: access to entry by group="cn=IASAdmins,
cn=groups,cn=OracleContext,dc=acme,dc=com"
added_object_constraint=(objectclass=orclcontainer) (browse,add)
orclaci: access to entry by group="cn=oracledascreategroup,
cn=groups,cn=OracleContext,dc=acme,dc=com"
added_object_constraint=(objectclass=orclgroup*) (browse,add) by
group="cn=Common Group Attributes,
cn=Groups,cn=OracleContext,dc=acme,dc=com" (browse)
orclaci: access to entry filter=(&(objectclass=orclgroup)
(orclisvisible=false)) by groupattr=(owner) (browse, add, delete) by
dnattr=(owner) (browse, add, delete) by group="cn=Common Group
Attributes, cn=Groups,cn=OracleContext,dc=acme,dc=com" (browse) by *
(none)
orclaci: access to entry filter=(&(objectclass=orclgroup)(!
(orclisvisible=false))) by group="cn=oracledascreategroup,
cn=groups,cn=OracleContext,dc=acme,dc=com"
added_object_constraint=(objectclass=orclgroup) (browse,add) by
group="cn=oracledasdeletegroup,
cn=groups,cn=OracleContext,dc=acme,dc=com" (browse,delete) by
group="cn=oracledaseditgroup,
cn=Groups,cn=OracleContext,dc=acme,dc=com" (browse) by
groupattr=(owner) (browse, add, delete) by dnattr=(owner) (browse,
add, delete) by group="cn=Common Group Attributes,
cn=Groups,cn=OracleContext,dc=acme,dc=com" (browse)
orclaci: access to attr=(*) filter=(&(objectclass=orclgroup)
(orclisvisible=false)) by groupattr=(owner)
(read,search,write,compare) by dnattr=(owner)
(read,search,write,compare) by * (none) by group="cn=Common Group
Attributes, cn=Groups,cn=OracleContext,dc=acme,dc=com" (read, search,
compare)
orclaci: access to attr=(*) filter=(&(objectclass=orclgroup)(!
(orclisvisible=false))) by groupattr=(owner)
(read,search,write,compare) by dnattr=(owner)
(read,search,write,compare) by group="cn=oracledaseditgroup,
cn=groups,cn=OracleContext,dc=acme,dc=com" (read,search,write,compare) by group="cn=Common Group Attributes, cn=Groups,cn=OracleContext,dc=acme,dc=com" (read, search, compare)
dn: cn=Users,dc=acme,dc=com
changetype: modify
add: orclentrylevelaci
orclentrylevelaci: access to entry by group="cn=oracledascreategroup,
cn=groups,cn=OracleContext,dc=acme,dc=com"
added_object_constraint=(objectclass=orclgroup) (browse, add) by group="cn=IASAdmins, cn=groups,cn=OracleContext,dc=acme,dc=com" added_object_constraint=(objectclass=orclcontainer) (browse,add) by *
(browse)
This is my DIT:
dn: dc=mu
dc: mu
objectclass: top
objectclass: domain
dn: cn=Hans,dc=mu cn: Hans sn: Malmgren
objectclass: top
objectclass: person
telephonenumber: 100000
How can I modify the grantrole.ldif so it will allow changes to my DIT
from the synchronization profile? I tryed to follow the instructions
found here:
http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/basics02.htm#Grant
But I can't get it to work.
Please help!
This is my mapping file:
DomainRules
dc=mu:dc=mu
AttributeRules
cn: : :person:cn: :person:
sn: : :person:sn: :person:
telephonenumber: : :person :telephonenumber : :person :
And this is an example of a LDIF file that I put in C:\OraHome_1\ldap\odi\data\import
dn: cn=hans,dc=mu
changetype: MODIFY
REPLACE: telephonenumber
telephonenumber: 145542
-
/ Mattias Received on Tue Feb 05 2008 - 08:26:10 CST