On Wednesday 29 July 2009 16:11:02 Roberto Polli wrote:
now I'm tcpdumping, but really strange
tcpdump says the
requests made by the local to the remote are almost identical
both contains the user proxied (uid=admin)
both contains the controls (proxy and loop detection)
2.16.840.1.113730.3.4.12
1.3.6.1.4.1.1466.29539.12
packages are:
fedora-ds-1.1.2-1.fc6
fedora-ds-base-1.1.3-2.fc6
Peace,
R.
old details down.
Peace,
R.
> Roberto Polli wrote:
> > On Thursday 23 July 2009 19:10:26 Rich Megginson wrote:> >>>
case1)
> >
> >>>>> * I bind with uid=admin to the local DS tree to modify the
> >>>>> "givenName" of a user on the remote server
> >>>>> * the modify is successful, as the uid=admin is proxied and
the
> >>>>> "uid=admin" is replicated on the remote server
> >>>>>
> >>>>> case2)
> >>>>> * same as case1 but I try to modify "userPassword"
> >>>>> * the modify fails as the remote server won't evaluate aci
on
> >>>>> "uid=admin" but on "dn:proxyuser"
> >>
> >> So the user uid=admin - is that the Directory Manager (rootdn)?
> >
> > no
> >
> >> is it a member of roledn = "ldap:///cn=SA role,dc=babel,dc=it"?
> >
> > yes, and it can modify users' attribute, but password
> >
> >> Does roledn = "ldap:///cn=SA role,dc=babel,dc=it" exist on both
the
> >> local and remote servers?
> >
> > yes
> >
> >
> > it seems that when I try to modify userPassword, the reference to
> > uid=admin is not forwarded and only the proxyuser rights are used..
>
> I suppose you could turn on ACL summary logging to see what's going on.
>
http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
>
> > Peace,
> > R.
--
Roberto Polli
Babel S.r.l. -
http://www.babel.it
Tel. +39.06.91801075 - fax +39.06.91612446
Tel. cel +39.340.6522736
P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma)
"Il seguente messaggio contiene informazioni riservate. Qualora questo
messaggio fosse da Voi ricevuto per errore, Vogliate cortesemente darcene
notizia a mezzo e-mail. Vi sollecitiamo altresì a distruggere il messaggio
erroneamente ricevuto. Quanto precede Vi viene chiesto ai fini del rispetto
della legge in materia di protezione dei dati personali."