are profiles in subtree of people container of an idrepo valid users?
I have configured an idrepo pointing to an external ldap for a realm to get user profile under ou=people. Our ldap structure has subtree under ou=people, e.g. ou=company1, ou=people and ou=company2, ou=people.
After configuration, when i login to the console, all users under both ou=company1 and ou=company2 are being listed on the users function of subjects of the realm. However, when I click on the user entry trying to edit the user profile of the user, I got error message.
Does am 7.0 idrepo supports this mapping?
Thanks,
[555 byte] By [
612158a] at [2007-11-27 6:32:15]
# 1
This should work fine. Probably one of the default configurations is not working. The first thing to decide is what types of entries are stored in the directory and whether they are editable. Here is a good configuration for a read only repository
<AttributeValuePair>
<Attribute name="sunIdRepoSupportedOperations"/>
<!-- set according to LDAPv3Repo loadSupportedOps() -->
<Value>user=read,service</Value>
<!-- need this so we can assign services to the subrealm -->
<Value>realm=read,service</Value>
<Value>role=read</Value>
<Value>filteredrole=read</Value>
<Value>group=read</Value>
</AttributeValuePair>
Next if your are only reading users completely clear out all the agent attribute values. Finally I had to clear out the people container name and people container value attribute values. If you still have problems post the exceptions from the /var/opt/SUNWam/debug/LDAPv3Repo log here
