Roberto Polli wrote: > On Thursday 23 July 2009 19:10:26 Rich Megginson wrote:> >>> case1) > >>>>> * I bind with uid=admin to the local DS tree to modify the "givenName" >>>>> of a user on the remote server >>>>> * the modify is successful, as the uid=admin is proxied and the >>>>> "uid=admin" is replicated on the remote server >>>>> >>>>> case2) >>>>> * same as case1 but I try to modify "userPassword" >>>>> * the modify fails as the remote server won't evaluate aci on >>>>> "uid=admin" but on "dn:proxyuser" >>>>> > > >> So the user uid=admin - is that the Directory Manager (rootdn)? >> > no > > >> If not, >> is it a member of roledn = "ldap:///cn=SA role,dc=babel,dc=it"? >> > yes, and it can modify users' attribute, but password > > >> Does roledn = "ldap:///cn=SA role,dc=babel,dc=it" exist on both the >> local and remote servers? >> > yes > > it seems that when I try to modify userPassword, the reference to uid=admin is > not forwarded and only the proxyuser rights are used.. > I suppose you could turn on ACL summary logging to see what's going on. http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting > > Peace, > R. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090723/e382179b/attachment.bin
