Roberto Polli wrote:
Following
http://www.mail-archive.com/fedora-directory-
users(a)redhat.com/msg09799.html
As of now, no solution but give to proxy user write access on entries..
if you succeeded in another way you're welcome to post.
I looked+gdb the code of modify.c: when I try to change userPassword another
flow is done.
modify.c:
...
if (has_password_mod):
PasswordFlow
return
StandardFlow
return
in PasswordFlow, the function
op_shared_allow_pw_change()
change the password ignoring controls and evaluating proxy user access
permissions as a local user
Thanks for debugging this. So the problem is that
slapi_acl_check_mods() at line 945 is failing?
in StandardFlow, all the controls are evaluated and the proxy_dn is
set
To make a specific request using only the interesting controls, avoiding
evaluation of unneeded ones (), I used the following options to ldapmodify|
passwd
* -g -R -J 2.16.840.1.113730.3.4.18
Peace,
R.