I successfully installed Tolven and got the home page to come up. I was then able to create a new account and go through the email-verification process and sign into the account.
The account was an eCHR account for a Clinic. Now I am finding that none of the admin features seem to allow any changes. I am unable to create new patients, or new staff. All such operations result in this message in a popup:
Error: NO_MODIFICATION_ALLOWED_ERR: DOM Exception 7
Any idea what happened?
Thanks.
-Raj
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The user selected as rootDN (by default cn=Manager,dc=tolven,dc=com), does not have the power to create (and hence modify) users. In a default easy set up, you would have that user in your slapd.cong file as rootDN, which means it does have the power to do so.
Check you plugins.xml in the ldap section to ensure you have a capable user defined. I've not tried this, but you could also try using something like JXplorer to login in as that rootDN user, and see if you can change a different user…if you get the same error, then you know something is up. If you need me to try it on my system, let me know.
Joe
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, I tried the mini test on my system….I logged into JXplorer as cn=Manager,dc=tolven,dc=com and modified some innocuous attribute like a telephone number on one of the other users, and it worked. I then logged in as admin, and it failed with a window stating:
Unable to perform Modify operation
So, it's either user permissions, or something else about the LDAP that you are using.
Joe
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2010-06-04
Joe,
Here is what my LDAP looks like (form jXplorer)
World
|-com
|-tolven
|-admin
|-groups
|-people
The entry "tolven" above has the following attributes:
dc tolven
o tolven.com
objectClass dcObject
objectClass organization
description My LDAP Root
businessCategory
destinationIndicator
facsimileTelephoneNumber
internationaliSDNNumber
l
physicalDeliveryOfficeName
postalAddress
postalCode
postOfficeBox
preferredDeliveryMethod
registeredAddress
searchGuide
seeAlso
st
street
telephoneNumber
teletexTerminalIdentifier
telexNumber
userPassword
x121Address
Admin:
cn admin
objectClass organizationalRole
description
destinationIndicator
facsimileTelephoneNumber
internationaliSDNNumber
l
ou
physicalDeliveryOfficeName
postalAddress
postalCode
postOfficeBox
preferredDeliveryMethod
registeredAddress
roleOccupant
seeAlso
st
street
telephoneNumber
teletexTerminalIdentifier
telexNumber
x121Address
There is also an admin under people that looks like this:
cn admin
objectClass inetOrgPerson
sn admin
uid admin
userPassword (non string data)
audio
businessCategory
carLicense
departmentNumber
description
destinationIndicator
displayName
employeeNumber
employeeType
facsimileTelephoneNumber
givenName
homePhone
homePostalAddress
initials
internationaliSDNNumber
jpegPhoto
l
labeledURI
mail
manager
mobile
o
ou
pager
photo
physicalDeliveryOfficeName
postalAddress
postalCode
postOfficeBox
preferredDeliveryMethod
preferredLanguage
registeredAddress
roomNumber
secretary
seeAlso
st
street
telephoneNumber
teletexTerminalIdentifier
telexNumber
title
userCertificate
userPKCS12
userSMIMECertificate
x121Address
x500UniqueIdentifier
Does soemthing jump at you?
Thanks.
-Raj
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes…it's obviously wrong, and in exactly the way I told you that you ran the risk of it being wrong in another thread :-) "If" Tolven had created those entries, by your following the instructions at the link I gave you, admin would be under people, and your have the Manager where admin is, and you'd be working….what can I say?
Now you have a problem…..have you already generated data in your database, that you need to keep?
Joe
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2010-06-05
Joe,
I forgot to add that my plugin.xml has been setup to match this:
Oh…then all is not lost….you are doubling what is normally cn=Manager,dc=tovlen,dc=com as rootDN. I'm not sure that I would give the admin of TPF that power, but there is no harm in that alone.
So, it's back to that admin probably does not have the power to modify users. Do you have JXplorer, and are you able to log in using it as admin and get the error I mentioned earlier?
Joe
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Actually, if setting up JXplorer is out of your way, the next question is, I know that you mentioned that LDAP has changed in some ways for you set up, so I can only ask in the setups I've seen, and you can map across. But does your slapd.conf (if it even exists), state the rootDN? And if so, is it cn=admin,dc=tolven,dc=com as you have here?
Joe
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2010-06-05
Joe,
The above was produced by using jXplorer to log in as cn=admin,dc=tolven,dc=com. What should I enter as "User DN" to log in as the other admin?
-Raj
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2010-06-05
The LDAP config had the following reference to rootDN:
You'd better check that you only have one rootDN entry in that file, and not some other one overriding you further lines down. Then you'd better check the docs for that LDAP….a dumb guess could be that they expect just cn=admin on the line you mention, because they add the suffix? That's a long shot though.
Wait a minute….Was mdbuser created under people by the TPF? If so, then you must have permissions to create users? So, it's got to be something else. TPF is doing what JBoss is doing at that point. Also check the JBoss deploy directory's tolven-ldap-service.xml to ensure that the properties match up…they should.
I do vaguely remember seeing a reference to this problem in the past…..it might have been someone on Vista..I can't remember the details, but it was some obscure setting…..you might need to google.
Joe
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What browser are you using….Try using a test using a different browser, if it's Safari….it's only a vague memory to me now. Try FireFox.
Joe
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2010-06-05
Now I want to scream! For the past two days I was using Chrome on Mac. I switched to Firefox and now its happy! I am amazed that this was a browser problem!!
Thanks for working with me on this. I am now able to create patients. I'll poke around for the rest of the stuff.
-Raj
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It was Chrome now that you mention it. At first I couldn't recall the situation, because even the first time I could not under why the browser would be involved? Maybe I just assumed modify, as in modifying LDAP which happens around then, while it's talking about modifying something else. And I still don't know what. I suppose it will have to be sorted out at some point, since Chrome is becoming less obscure. But maybe someone will mention something if they stumble on this thread.
Joe
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I successfully installed Tolven and got the home page to come up. I was then able to create a new account and go through the email-verification process and sign into the account.
The account was an eCHR account for a Clinic. Now I am finding that none of the admin features seem to allow any changes. I am unable to create new patients, or new staff. All such operations result in this message in a popup:
Any idea what happened?
Thanks.
-Raj
The user selected as rootDN (by default cn=Manager,dc=tolven,dc=com), does not have the power to create (and hence modify) users. In a default easy set up, you would have that user in your slapd.cong file as rootDN, which means it does have the power to do so.
Check you plugins.xml in the ldap section to ensure you have a capable user defined. I've not tried this, but you could also try using something like JXplorer to login in as that rootDN user, and see if you can change a different user…if you get the same error, then you know something is up. If you need me to try it on my system, let me know.
Joe
Well, I tried the mini test on my system….I logged into JXplorer as cn=Manager,dc=tolven,dc=com and modified some innocuous attribute like a telephone number on one of the other users, and it worked. I then logged in as admin, and it failed with a window stating:
Unable to perform Modify operation
So, it's either user permissions, or something else about the LDAP that you are using.
Joe
Joe,
Here is what my LDAP looks like (form jXplorer)
World
|-com
|-tolven
|-admin
|-groups
|-people
The entry "tolven" above has the following attributes:
Admin:
There is also an admin under people that looks like this:
Does soemthing jump at you?
Thanks.
-Raj
Yes…it's obviously wrong, and in exactly the way I told you that you ran the risk of it being wrong in another thread :-) "If" Tolven had created those entries, by your following the instructions at the link I gave you, admin would be under people, and your have the Manager where admin is, and you'd be working….what can I say?
Now you have a problem…..have you already generated data in your database, that you need to keep?
Joe
Joe,
I forgot to add that my plugin.xml has been setup to match this:
Thanks for your help.
-Raj
Oh…then all is not lost….you are doubling what is normally cn=Manager,dc=tovlen,dc=com as rootDN. I'm not sure that I would give the admin of TPF that power, but there is no harm in that alone.
So, it's back to that admin probably does not have the power to modify users. Do you have JXplorer, and are you able to log in using it as admin and get the error I mentioned earlier?
Joe
Actually, if setting up JXplorer is out of your way, the next question is, I know that you mentioned that LDAP has changed in some ways for you set up, so I can only ask in the setups I've seen, and you can map across. But does your slapd.conf (if it even exists), state the rootDN? And if so, is it cn=admin,dc=tolven,dc=com as you have here?
Joe
Joe,
The above was produced by using jXplorer to log in as cn=admin,dc=tolven,dc=com. What should I enter as "User DN" to log in as the other admin?
-Raj
The LDAP config had the following reference to rootDN:
Oh!….It looks right. And I normally see:
rootDN=cn=Manager,dc=tolven,dc=com
in a default LDAP setup.
You'd better check that you only have one rootDN entry in that file, and not some other one overriding you further lines down. Then you'd better check the docs for that LDAP….a dumb guess could be that they expect just cn=admin on the line you mention, because they add the suffix? That's a long shot though.
Wait a minute….Was mdbuser created under people by the TPF? If so, then you must have permissions to create users? So, it's got to be something else. TPF is doing what JBoss is doing at that point. Also check the JBoss deploy directory's tolven-ldap-service.xml to ensure that the properties match up…they should.
I do vaguely remember seeing a reference to this problem in the past…..it might have been someone on Vista..I can't remember the details, but it was some obscure setting…..you might need to google.
Joe
What browser are you using….Try using a test using a different browser, if it's Safari….it's only a vague memory to me now. Try FireFox.
Joe
Now I want to scream! For the past two days I was using Chrome on Mac. I switched to Firefox and now its happy! I am amazed that this was a browser problem!!
Thanks for working with me on this. I am now able to create patients. I'll poke around for the rest of the stuff.
-Raj
It was Chrome now that you mention it. At first I couldn't recall the situation, because even the first time I could not under why the browser would be involved? Maybe I just assumed modify, as in modifying LDAP which happens around then, while it's talking about modifying something else. And I still don't know what. I suppose it will have to be sorted out at some point, since Chrome is becoming less obscure. But maybe someone will mention something if they stumble on this thread.
Joe
A new version of tolvenweb (v0.0.71) is now available. Does it solve the NO_MODIFICATION_ALLOWED_ERR in Chrome?
Joe