Roberto Polli wrote: > Following http://www.mail-archive.com/fedora-directory- > users at redhat.com/msg09799.html > > As of now, no solution but give to proxy user write access on entries.. > if you succeeded in another way you're welcome to post. > > > I looked+gdb the code of modify.c: when I try to change userPassword another > flow is done. > > modify.c: > ... > if (has_password_mod): > PasswordFlow > return > > StandardFlow > return > > > > in PasswordFlow, the function > op_shared_allow_pw_change() > change the password ignoring controls and evaluating proxy user access > permissions as a local user > Thanks for debugging this. So the problem is that slapi_acl_check_mods() at line 945 is failing? > in StandardFlow, all the controls are evaluated and the proxy_dn is set > > To make a specific request using only the interesting controls, avoiding > evaluation of unneeded ones (), I used the following options to ldapmodify| > passwd > * -g -R -J 2.16.840.1.113730.3.4.18 > > > Peace, > R. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090810/5fe33c22/attachment.bin
