Roberto Polli wrote:
On Wednesday 29 July 2009 16:11:02 Roberto Polli wrote:tcpdump says the requests made by the local to the remote are almost identicalnow I'm tcpdumping, but really strangeboth contains the user proxied (uid=admin) both contains the controls (proxy and loop detection) 2.16.840.1.113730.3.4.121.3.6.1.4.1.1466.29539.12packages are: fedora-ds-1.1.2-1.fc6 fedora-ds-base-1.1.3-2.fc6
Does this give any useful information? http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Configuring_Directory_Databases-Creating_and_Maintaining_Database_Links.html#Creating_and_Maintaining_Database_Links-Database_Links_and_Access_Control_Evaluation
Peace, R.old details down. Peace, R.Roberto Polli wrote:On Thursday 23 July 2009 19:10:26 Rich Megginson wrote:> >>> case1)* I bind with uid=admin to the local DS tree to modify the "givenName" of a user on the remote server * the modify is successful, as the uid=admin is proxied and the "uid=admin" is replicated on the remote server case2) * same as case1 but I try to modify "userPassword" * the modify fails as the remote server won't evaluate aci on "uid=admin" but on "dn:proxyuser"So the user uid=admin - is that the Directory Manager (rootdn)?nois it a member of roledn = "ldap:///cn=SA role,dc=babel,dc=it"?yes, and it can modify users' attribute, but passwordDoes roledn = "ldap:///cn=SA role,dc=babel,dc=it" exist on both the local and remote servers?yes it seems that when I try to modify userPassword, the reference to uid=admin is not forwarded and only the proxyuser rights are used..I suppose you could turn on ACL summary logging to see what's going on. http://directory.fedoraproject.org/wiki/FAQ#TroubleshootingPeace, R.
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
