<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 11/10/2014 12:22 PM, Alberto Viana
wrote:<br>
</div>
<blockquote
cite="mid:CAD5whWfUmXRoerEYwc=iQtY7UHsL9zTKXF+eP9L0UeSUgU78+g@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>389-Directory/<a moz-do-not-send="true"
href="http://1.3.2.17">1.3.2.17</a> B2014.182.124</div>
</div>
<div><br>
</div>
<div><br>
</div>
I'm trying to add an user (whitout using the manager, with a
regular user):
<div>
<div><br>
</div>
<div>Without any aci:</div>
<div><br>
</div>
<div>
<div>ldap_add: Insufficient access (50)</div>
<div><span class="" style="white-space:pre"> </span>additional
info: Insufficient 'add' privilege to the 'userPassword'
attribute</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>My aci:</div>
<div><br>
</div>
<div>
<div>dn: ou=test,dc=my,dc=domain</div>
<div>changetype: modify</div>
<div>add: aci</div>
<div>aci: (targetattr = "*") (target =
<a class="moz-txt-link-rfc2396E" href="ldap:///test,dc=my,dc=domain">"ldap:///test,dc=my,dc=domain"</a>) (version 3.0;acl "POP-AL
write permission";allow (all) (userdn =
<a class="moz-txt-link-rfc2396E" href="ldap:///uid=my_user,ou=app,dc=my,dc=domain">"ldap:///uid=my_user,ou=app,dc=my,dc=domain"</a>);)</div>
<div><br>
</div>
<div>Also tried without "target" with same result.</div>
</div>
<div><br>
</div>
<div>
<div>ldap_add: Constraint violation (19)</div>
<div><span class="" style="white-space:pre"> </span>additional
info: invalid password syntax - passwords with storage
scheme are not allowed</div>
</div>
</div>
</div>
</blockquote>
Hi Alberto<br>
<br>
Only a Password Administrator or the root dn(cn=directory manager)
can add prehashed passwords. Please see this doc for more info:<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.port389.org/docs/389ds/design/password-administrator.html">http://www.port389.org/docs/389ds/design/password-administrator.html</a><br>
<br>
Regards,<br>
Mark<br>
<blockquote
cite="mid:CAD5whWfUmXRoerEYwc=iQtY7UHsL9zTKXF+eP9L0UeSUgU78+g@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div><br>
</div>
<div><br>
</div>
<div>I have an older server 389-Directory/<a
moz-do-not-send="true" href="http://1.3.2.17">1.3.2.17</a>
B2014.182.124, and this works fine.</div>
<div>What am I missing in the newer version? Or is that a bug?</div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>Alberto Viana</div>
<div><br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>