These are the ACIs I added based on the PWM guide - dn: ou=People,dc=mycompany,dc=com changetype: modify add: aci aci: (targetattr = "*") (target = "ldap:///ou=People,dc=mycompany,dc=com";) (version 3.0; acl "PWM Proxy Add Users"; allow (add) (userdn = "ldap:///cn=pwmproxy,ou=People,dc=mycompany,dc=com";);) dn: ou=People,dc=mycompany,dc=com changetype: modify add: aci aci: (targetattr = "userpassword || pwmResponseSet") (version 3.0;acl "PWM Allow self entry modification";allow (write)(userdn = "ldap:///self";);) dn: ou=People,dc=mycompany,dc=com changetype: modify add: aci aci: (targetattr = "pwmGUID || pwmlastPwdUpdate || userPassword || objectClass || pwmEventLog") (target = "ldap:///ou=People,dc=mycompany,dc=com";) (version 3.0; acl "PWM Proxy Reset Password"; allow (write) (userdn = "ldap:///cn=pwmproxy,ou=People,dc=mycompany,dc=com";);) > Can you post your ACIs? It really sounds like that might be the issue. I > have PWM running against 389DS with no real trouble. > > Josh > > > -- > Joshua Ellsworth > Senior Systems Administrator > Primatics Financial > > > > -----Original Message----- > From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx > [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Elizabeth > Jones > Sent: Tuesday, March 05, 2013 12:12 PM > To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx > Subject: using PWM with 389 DS > > I was wondering if anyone here has integrated PWM into your 389 DS and > might be able to help me out. > > We want to use PWM just for allowing users to change their passwords. I > followed the documentation that is here > > https://docs.google.com/document/d/1I9u1xaVrIOTFj8Le7uzCM5zGqrODCi9Udo2gGZyAapc/edit?pli=1#heading=h.rvkap1ozsaom > > to add the users and aci's that PWM needs, following the directions in the > doc (except that I had to change from replace to add to the aci section or > it wiped out our existing acis). > > Following this doc, I added users pwmproxy and pwmtest to > People,mycompany,com > > Using PWM, I can access the pwmproxy and pwmtest users at the People level > and change their passwords. I can also add additional test/generic users > at this level (People, mycompany, com)and access those using pwm. But if I > try to access any of our existing users IDs that are below People, i.e. > > internal,people,company,com > external,people,company,com > > PWM says it can't find those users. > > Any thoughts on what else I might need to do to get to those users? > > thanks > > EJ > > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > Email Disclaimer: This email and any files transmitted with it may be > confidential, legally privileged and are intended solely for the use of > the individual(s) or entity to whom they are addressed. If you are not the > intended recipient, you are hereby notified that any use, sharing, > dissemination, or reproduction of information contained in the email is > strictly prohibited and may be unlawful. If you are not the intended > recipient, please notify the sender by return email that you have received > this email in error and destroy all copies of the original message. > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
