directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject ApacheDS changing value of pwdPolicySubEntry after creation
Date Mon, 14 Nov 2011 14:08:33 GMT
Hi, I'm stuck on this issue, any feedback is most appreciated.

I have two types of users -  'inside' and 'outside' . There exists a password policy for each
When users are created, the pwdPolicySubEntry attribute is added with the DN of the relevant
policy. - OK

We have a case were users can be moved from inside to outside and vice versa.

LdapContext.rename(strOldDn, strNewDn);

Moving the user object as shown above works fine but I cannot figure out how to update the
policy afterwards.

Tried to replace or delete the attribute, the following exception occurs.
[LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST
Message ID : 45     Modify Request
Object : 'uid=1320878789594,ou=users,ou=ext,o=cpro'
Operation :  replace
Modification     pwdPolicySubEntry: ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config<>:
ERR_52 Cannot modify the attribute : ATTRIBUTE_TYPE (  NAME 'pwdPolicySubentry'
 DESC The pwdPolicy subentry in effect for this object  EQUALITY distinguishedNameMatch  SYNTAX  SINGLE-VALUE  NO-USER-MODIFICATION  USAGE directoryOperation
 ) ]

Is there a way to do this without creating a new entry and copying all the attributes?

More generally, is there an administrative type connection in which operational attributes
can be updated?

Thanks Carlo

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message