So I'm hoping somebody can assist with a confusing problem I am having. I am running 389-ds-1.2.1-1. I have nodes in a subtree where I am unable to modify the userPassword attribute through perl-LDAP, but I can through the 389-console. However, this same exact perl-LDAP code /can/ make changes to objects in a different subtree (works in ou=People, fails in ou=Special Users). The perl script uses an administrative account to make the changes (admin in ou=Administrators,ou=TopologyManagement,o=NetscapeRoot), which should have access to the entire tree. ACI's on the subtrees are identical, I have even compared them in the ldif export of the tree. The commit works if I use ldapmodify (same user/password), it works if I do it with 389-console, but it fails when I use perl-LDAP. I am current on perl-LDAP as well. The only reason I am still poking at the directory server, is because the directory server is returning the 'no such attribute' error 16, even in the logfiles. Is there any way to get some more .. readable logs from the directory server? Is there a way to filter the ds logs, perhaps? Specify that logs regarding specific nodes are sent at different levels? I suspect that perl-LDAP is committing the change in a manner differently than ldapmodify/389-console, but I cannot figure out how. What really confuses me is that perl-LDAP /works/ fine on ou=People, but not ou=Special Users. Thoughts? Help? Suggested directions to look? Thanks, -Brandon -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
