DSGW problem - browser user tries to change password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John A. Sullivan III wrote:
> Hello, all.  As explained in the last email, we do not allow anonymous
> browsing but have a specific user with limited rights browsing the tree
> to find users' identities for logging into DSGW.  We also have a policy
> that users must change their passwords after a reset.
>
> We have a test user sue.sutter.  We reset her password and then had her
> attempt to login to DSGW.  Sure enough, she was told she needed to
> changed her password and was given the option to do so.  However, the
> attempt failed with the below error messages:
>
> Editing sue.sutter... 
> Sending changes to the directory server...
>
> An error occurred while contacting the LDAP server. 
> (Insufficient access - Insufficient 'write' privilege to the
> 'userPassword' attribute of entry
> 'uid=sue.sutter,ou=users,o=a0000-0006,o=internal,dc=ssiservices,dc=biz'. )
> You do not have sufficient privileges to perform the operation. 
>
> That seemed very strange because when we test changing passwords using
> her posix account, it works just fine.  We then gave the browsing user
> (not sue.sutter) full rights to the tree and, lo and behold, it worked:
>
> Giving the directory browser user all rights allowed a successful
> password change.
>
> It appears the browsing user is the one attempting to change the user's
> password and not the user.  Is that the way it's supposed to be? I
> certainly would not want a browse only utility user able to change user
> passwords.  Perhaps I am missing something.  Thanks - John
>   
I suppose it is because you have configured the DSGW to use the browsing 
user.  I'm not sure how to change the DSGW to use the browsing user for 
some operations but not others, or even if it is possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20081202/677287b1/attachment.bin 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux