Claudio Bisegni wrote:
Hi all,
i'm writing a middle tier that use a ldap pooled connection to 389
directory server.
The connection are made using Application Server special user for bind
operation. When an user is authenticated, all the operation are made
using the special user polled connection that use the current logged
user as proxy user. The DN for the Application Server user have only
privilege to read and make proxy.
This is the scenario and with this i have two issue.
1) using the proxy user i can't write the userPassword Attribute but i
can do all operation on all other attribute(the user used for proxy
have all privilege on all the tree) the error i receive is:
'Insufficient 'write' privilege to the 'userPassword' attribute of
entry
'infnuuid=31e4ebe9-36c2-4244-b00c-18e6e87fe407,ou=people,dc=infn,dc=it'
If i get a connection making the bind with this user, all work. All
other operation except add or modify "userPassword" attribute work
well using the proxy user as aspected(so proxy is working)
https://bugzilla.redhat.com/show_bug.cgi?id=520151
2)for all other operation that work using the proxy user the problem
is that on 389 log is shown only the real and not the proxy one. Can
be 389 server configured to shown the real and proxy user, to log the
operation?
It cannot currently be configured as such. Please file a
bug/enhancement request at
https://bugzilla.redhat.com/enter_bug.cgi?product=389
Thanks in advanced.
Best Reguards
Claudio Bisegni
------------------------------------------------------------------------
--
389 users mailing list
389-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users