Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13159

ACI example in CTS preperation steps - uid is wrong

    Details

    • Support Ticket IDs:

      Description

      Referencing 6.0 guide:https://backstage.forgerock.com/docs/openam/13/install-guide/#cts-nonadmin-creation 

      Step 5:

      Create an LDIF file called cts_acis.ldif to add the ACIs to allow the CTS user to create, search, modify, delete, and allow persistent search to the CTS repository:

      dn: dc=cts,dc=example,dc=com
      changetype: modify
      add: aci
      aci: (targetattr="*")(version 3.0;acl "Allow entry search";
       allow (search, read)(userdn = "ldap:///uid=openam_cts,ou=admins,dc=cts,dc=example,dc=com");)
      aci: (targetattr="*")(version 3.0;acl "Modify entries"; allow (write)
       (userdn = "ldap:///uid=openam_cts,ou=admins,dc=cts,dc=example,dc=com");)
      aci: (targetcontrol="2.16.840.1.113730.3.4.3")(version 3.0;
       acl "Allow persistentsearch";allow (search, read)
       (userdn = "ldap:///uid=openamcts,ou=admins,dc=cts,dc=example,dc=com");)
      aci: (version 3.0;acl "Add config entry"; allow (add)(userdn =
       "ldap:///uid=openam_cts,ou=admins,dc=cts,dc=example,dc=com");)
      aci: (version 3.0;acl "Delete entries"; allow (delete)(userdn =
       "ldap:///uid=openam_cts,ou=admins,dc=cts,dc=example,dc=com");)

      Note

      aci: (targetcontrol="2.16.840.1.113730.3.4.3")(version 3.0;
       acl "Allow persistentsearch";allow (search, read)
       (userdn = "ldap:///uid=openamcts,ou=admins,dc=cts,dc=example,dc=com");)

      the uid is: 

      uid=openamcts

      when it should be

      uid=openam_cts

      as previous acis. This causes issues with user's access rights as customers copy and paste the above file. Note this is correct in the KB: https://backstage.forgerock.com/knowledge/kb/article/a46985800 

        Attachments

          Activity

            People

            • Assignee:
              chris.lee Chris Lee
              Reporter:
              anastasios.kampas Tasos Kampas
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: