public static ResultCodeEnum createAccessControlSubentry( String cn, String subtree, String aciItem )
throws Exception
{
LdapConnection connection = getAdminConnection();
Entry systemEntry = ( ( SearchResultEntry ) connection.lookup( ServerDNConstants.SYSTEM_DN, "+", "*" ) )
.getEntry();
// modify ou=system to be an AP for an A/C AA if it is not already
EntryAttribute administrativeRole = systemEntry.get( "administrativeRole" );
if ( administrativeRole == null || !administrativeRole.contains( SubentryInterceptor.AC_AREA ) )
{
ModifyRequest modReq = new ModifyRequest( systemEntry.getDn() );
modReq.add( "administrativeRole", SubentryInterceptor.AC_AREA );
connection.modify( modReq );
}
// now add the A/C subentry below ou=system
Entry subEntry = new DefaultClientEntry( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
subEntry.add( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC,
SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC );
subEntry.add( SchemaConstants.SUBTREE_SPECIFICATION_AT, subtree );
subEntry.add( SchemaConstants.PRESCRIPTIVE_ACI_AT, aciItem );
AddResponse addResp = connection.add( subEntry );
return addResp.getLdapResult().getResultCode();
}