I need to set up an apacheDS instance. I am using standalone 1.5.5 on Linux. I have removed the example partition and added two of my own, each with their own suffixes. I have imported LDIFs for the two partitions and everything looks correct data-wise.

I need to configure ApacheDS to disallow anonymous access. I was able to do that by following some of the directions here: http://directory.apache.org/apacheds/1.5/145-enable-and-disable-anonymous-access.html http://directory.apache.org/apacheds/1.5/32-basic-authorization.html

Now only the administrator account (uid=admin,ou=system) can log in and make queries.

I need to establish an admin account, and a "regular user" account which can read and write only certain entries within each partition. I tried to read the above docs and I got nuthin'. The second page "basic authorization" is completely incomprehensible to me.

When I tried to add a "prescriptiveACI" to it using Apache Directory Studio, I get:

Administration point 2.5.4.11=abc,2.5.4.10=efg does not contain an administrativeRole attribute! An administrativeRole attribute in the administrative point is required to add a subordinate subentry.

where my partition is "ou=abc,o=def". I have no clue what is going on and the docs are really not helping, I am at a complete loss here. How can it possibly be this hard to just restrict access?

P.S. can someone with proper rep please change the tag "apache" to the new tag "ApacheDS"?