OpenDS DSMLv2 authentication

Question

I have set up OpenDS and installed the DSML service in Tomcat.

I can verify that the setup works correctly. However, I cannot authenticate to make changes using the DSML service.

In soapUI, I have prepared a request. I have put the principal and password in the HTTP basic authentication properties of the request.

However, when executing the call, I get the following error message in the response from the service:

The entry o=TestOrgUnit,dc=example,dc=com cannot be added due to insufficient access rights

What is the correct way of specifying the credentials otherwise? Is it something that must be done in the SOAP request message?

Answer 1

This should work as long as the principal is in the form of a DN (of an existing user). The server should also have access controls setup to allow that users to Add entries.

Insufficient access rights seems to indicate that either the LDAP connection was not authenticated, or the ACI do not allow that user to add to the OpenDS directory.

You might want to check OpenDJ DSML gateway as it offers more capabilities that OpenDS with regards to authentication (including support for LDAPS). The trunk or OpenDJ 2.5.0-Xpress1 have that support.

Kind regards,

Ludovic Poitou

ForgeRock - Product Manager for OpenDJ. http://opendj.forgerock.org/