directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Carlo.Acco...@ibs-ag.com>
Subject RE: ApacheDS changing value of pwdPolicySubEntry after creation
Date Fri, 18 Nov 2011 16:19:26 GMT
The trunk is fine, I just pull down and rebuild . Thanks! 

Regards,
Carlo Accorsi


-----Original Message-----
From: ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] On Behalf Of Kiran Ayyagari
Sent: Friday, November 18, 2011 11:14 AM
To: users@directory.apache.org
Subject: Re: ApacheDS changing value of pwdPolicySubEntry after creation

I have found the issue in the code that is preventing the admin user from modifying it.
Committed the fix in trunk, let me know if you want to apply this to a specific version (only
on 2.0 milestone releases) I can provide the patch for you On Tue, Nov 15, 2011 at 11:17 AM,
 <Carlo.Accorsi@ibs-ag.com> wrote:
> Hi, we're definitely using an admin to bind  'uid=admin,ou=system'
> The schema has a read-only flag so I don't know if what I'm asking to do is even possible?
>
> ( 1.3.6.1.4.1.42.2.27.8.1.23
> NAME 'pwdPolicySubentry'
> DESC 'The pwdPolicy subentry in effect for this object'
> EQUALITY distinguishedNameMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
> SINGLE-VALUE
> NO-USER-MODIFICATION
> USAGE directoryOperation
> X-SCHEMA 'null' )
>
>
> Regards,
> Carlo Accorsi
>
> -----Original Message-----
> From: ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] On 
> Behalf Of Kiran Ayyagari
> Sent: Tuesday, November 15, 2011 10:06 AM
> To: users@directory.apache.org
> Subject: Re: ApacheDS changing value of pwdPolicySubEntry after 
> creation
>
> are you modifying this entry as a admin user? if not try modifying with a admin user
connection/session let us know if there are any issues.
>
> On Mon, Nov 14, 2011 at 10:11 PM, Kiran Ayyagari <kayyagari@apache.org> wrote:
>> sorry for the late reply, will take a look at this tomorrow and let 
>> you know
>>
>> On Mon, Nov 14, 2011 at 9:08 AM,  <Carlo.Accorsi@ibs-ag.com> wrote:
>>> Hi, I'm stuck on this issue, any feedback is most appreciated.
>>>
>>> I have two types of users -  'inside' and 'outside' . There exists a password
policy for each type.
>>> When users are created, the pwdPolicySubEntry attribute is added 
>>> with the DN of the relevant policy. - OK
>>>
>>> We have a case were users can be moved from inside to outside and vice versa.
>>>
>>> LdapContext.rename(strOldDn, strNewDn);
>>>
>>> Moving the user object as shown above works fine but I cannot figure out how
to update the policy afterwards.
>>>
>>> Tried to replace or delete the attribute, the following exception occurs.
>>> [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for 
>>> MessageType : MODIFY_REQUEST Message ID : 45     Modify Request Object : 'uid=1320878789594,ou=users,ou=ext,o=cpro'
>>> Modification[0]
>>> Operation :  replace
>>> Modification     pwdPolicySubEntry:
>>> ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticati
>>> o 
>>> nInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=confi
>>> g 
>>> org.apache.directory.shared.ldap.model.message.ModifyRequestImpl@878
>>> a 
>>> d1e1<mailto:org.apache.directory.shared.ldap.model.message.ModifyReq
>>> u
>>> estImpl@878ad1e1>: ERR_52 Cannot modify the attribute :
>>> ATTRIBUTE_TYPE ( 1.3.6.1.4.1.42.2.27.8.1.23  NAME 'pwdPolicySubentry'
>>> DESC The pwdPolicy subentry in effect for this object  EQUALITY 
>>> distinguishedNameMatch  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 
>>> SINGLE-VALUE  NO-USER-MODIFICATION  USAGE directoryOperation  ) ]
>>>
>>> Is there a way to do this without creating a new entry and copying all the attributes?
>>>
>>> More generally, is there an administrative type connection in which operational
attributes can be updated?
>>>
>>> Thanks Carlo
>>>
>>>
>>
>>
>>
>> --
>> Kiran Ayyagari
>>
>
>
>
> --
> Kiran Ayyagari
>



--
Kiran Ayyagari

Mime
View raw message