Following http://www.mail-archive.com/fedora-directory- users@redhat.com/msg09799.html
As of now, no solution but give to proxy user write access on entries.. if you succeeded in another way you're welcome to post.
I looked+gdb the code of modify.c: when I try to change userPassword another flow is done.
modify.c: ... if (has_password_mod): PasswordFlow return
StandardFlow return
in PasswordFlow, the function op_shared_allow_pw_change() change the password ignoring controls and evaluating proxy user access permissions as a local user
in StandardFlow, all the controls are evaluated and the proxy_dn is set
To make a specific request using only the interesting controls, avoiding evaluation of unneeded ones (), I used the following options to ldapmodify| passwd * -g -R -J 2.16.840.1.113730.3.4.18
Peace, R.
Roberto Polli wrote:
Following http://www.mail-archive.com/fedora-directory- users@redhat.com/msg09799.html
As of now, no solution but give to proxy user write access on entries.. if you succeeded in another way you're welcome to post.
I looked+gdb the code of modify.c: when I try to change userPassword another flow is done.
modify.c: ... if (has_password_mod): PasswordFlow return
StandardFlow return
in PasswordFlow, the function op_shared_allow_pw_change() change the password ignoring controls and evaluating proxy user access permissions as a local user
Thanks for debugging this. So the problem is that slapi_acl_check_mods() at line 945 is failing?
in StandardFlow, all the controls are evaluated and the proxy_dn is set
To make a specific request using only the interesting controls, avoiding evaluation of unneeded ones (), I used the following options to ldapmodify| passwd
- -g -R -J 2.16.840.1.113730.3.4.18
Peace, R.
On Monday 10 August 2009 19:55:39 Rich Megginson wrote:
in PasswordFlow, the function op_shared_allow_pw_change() change the password ignoring controls and evaluating proxy user access permissions as a local user
Thanks for debugging this. So the problem is that slapi_acl_check_mods() at line 945 is failing?
I got slapi_acl_check_mods() on line 934 fds release is fedora-ds-base-1.1.2
the difference is that
in StandardFlow, all the controls are evaluated and the proxy_dn is set
in PasswordFlow the controls are not evaluated
Peace, R.
Roberto Polli wrote:
On Monday 10 August 2009 19:55:39 Rich Megginson wrote:
in PasswordFlow, the function op_shared_allow_pw_change() change the password ignoring controls and evaluating proxy user access permissions as a local user
Thanks for debugging this. So the problem is that slapi_acl_check_mods() at line 945 is failing?
I got slapi_acl_check_mods() on line 934 fds release is fedora-ds-base-1.1.2
the difference is that
in StandardFlow, all the controls are evaluated and the proxy_dn is set
in PasswordFlow the controls are not evaluated
Peace, R.
Thanks - I think this is a bug - please file a bug about this issue.
389-users@lists.fedoraproject.org