This content has been marked as final. Show 4 replies
This might be just an error in the logging.
Did you grant the proper access right to the calendar administrator account?
Can you also verify the directory server access log and verify whether the operation indeed return insufficient access right?
I set the writedn and writednpassword to the Directory Manager user/password, though i just came across the dir_usewritednforadmin directive which is not set. I figured setting the writedn and password should have been all that i needed to do. Granted I'd rather not have the calendar access the directory as the manager, I was just testing to see if it actually worked.
When you run the uniuser -add, do you authenticate as the node calendar administrator (SYSOP) or as end user who has been granted some access right. If it's the sysop entry, then you don't need to set the "writedn..." parameters.
Simply grant the sysop entry some access right to be able to perform some modification in the directory. I believe there should be a documentation on what access rights are required for these entries. Directory server access log is always useful to find whom the operation is performed as.
the unidsacisetup(8) command can be used to add the ACI for Sun Directory server. The ACI it sets is a little to loose for my liking so I modified it slightly.
(target="ldap:///dc=domain,dc=com") (targetattr = "*") (version 3.0; acl "Calendar Administrators Group"; allow(all) groupdn = "ldap:///cn=OracleCalendarAdminGroup,ou=OracleCalendar,dc=domain,dc=com";)
(target="ldap:///dc=domain,dc=com") (targetattr = "*") (version 3.0; acl "Calendar Administrators Group"; allow(read,write,compare) groupdn = "ldap:///cn=OracleCalendarAdminGroup,ou=OracleCalendar,dc=domain,dc=com";)