Hello, all. I'm seeing a strange problem in our set up to synchronize passwords between Directory Server 8.0 and Active Directory. If I change a user's password from idm-console, the password synchronizes. If I change it from Active Directory, the password synchronizes. However, if the user changes their own password (they use Ubuntu 8.0.4 KDE desktops), the passwords do not synchronize. We do see an entry in the error log: Entry "uid=mlap,ou=Desks,o=a0,o=Int,dc=mycompany,dc=com" -- attribute "shadowLastChange" not allowed That seemed straightforward so I checked the ACIs and we do allow users to change this attribute: (targetattr != "nsroledn||aci") (version 3.0; acl "Allow self entry modification except for nsroledn and aci attributes"; allow (read,compare,search,write) (userdn = "ldap:///self";) ;) Any idea why we are receiving these errors? Would this cause password synchronization to fail? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx http://www.spiritualoutreach.com Making Christianity intelligible to secular society -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
