Roberto Polli wrote:
Thanks for debugging this. So the problem is that slapi_acl_check_mods() at line 945 is failing?Following http://www.mail-archive.com/fedora-directory- users@xxxxxxxxxx/msg09799.html As of now, no solution but give to proxy user write access on entries.. if you succeeded in another way you're welcome to post.I looked+gdb the code of modify.c: when I try to change userPassword another flow is done.modify.c: ... if (has_password_mod): PasswordFlow return StandardFlow return in PasswordFlow, the functionop_shared_allow_pw_change() change the password ignoring controls and evaluating proxy user access permissions as a local user
in StandardFlow, all the controls are evaluated and the proxy_dn is setTo make a specific request using only the interesting controls, avoiding evaluation of unneeded ones (), I used the following options to ldapmodify|passwd* -g -R -J 2.16.840.1.113730.3.4.18Peace, R.
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
