Roberto Polli wrote:
On Thursday 23 July 2009 19:10:26 Rich Megginson wrote:> >>> case1)* I bind with uid=admin to the local DS tree to modify the "givenName" of a user on the remote server * the modify is successful, as the uid=admin is proxied and the "uid=admin" is replicated on the remote server case2) * same as case1 but I try to modify "userPassword" * the modify fails as the remote server won't evaluate aci on "uid=admin" but on "dn:proxyuser"So the user uid=admin - is that the Directory Manager (rootdn)?noIf not, is it a member of roledn = "ldap:///cn=SA role,dc=babel,dc=it"?yes, and it can modify users' attribute, but passwordDoes roledn = "ldap:///cn=SA role,dc=babel,dc=it" exist on both the local and remote servers?yesit seems that when I try to modify userPassword, the reference to uid=admin is not forwarded and only the proxyuser rights are used..
I suppose you could turn on ACL summary logging to see what's going on. http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
Peace, R.
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
