<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <br>
    <div class="moz-cite-prefix">On 11/10/2014 12:22 PM, Alberto Viana
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAD5whWfUmXRoerEYwc=iQtY7UHsL9zTKXF+eP9L0UeSUgU78+g@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>389-Directory/<a moz-do-not-send="true"
              href="http://1.3.2.17">1.3.2.17</a> B2014.182.124</div>
        </div>
        <div><br>
        </div>
        <div><br>
        </div>
        I'm trying to add an user (whitout using the manager, with a
        regular user):
        <div>
          <div><br>
          </div>
          <div>Without any aci:</div>
          <div><br>
          </div>
          <div>
            <div>ldap_add: Insufficient access (50)</div>
            <div><span class="" style="white-space:pre"> </span>additional
              info: Insufficient 'add' privilege to the 'userPassword'
              attribute</div>
          </div>
          <div><br>
          </div>
          <div><br>
          </div>
          <div>My aci:</div>
          <div><br>
          </div>
          <div>
            <div>dn: ou=test,dc=my,dc=domain</div>
            <div>changetype: modify</div>
            <div>add: aci</div>
            <div>aci: (targetattr = "*") (target =
              <a class="moz-txt-link-rfc2396E" href="ldap:///test,dc=my,dc=domain">"ldap:///test,dc=my,dc=domain"</a>) (version 3.0;acl "POP-AL
              write permission";allow (all) (userdn =
              <a class="moz-txt-link-rfc2396E" href="ldap:///uid=my_user,ou=app,dc=my,dc=domain">"ldap:///uid=my_user,ou=app,dc=my,dc=domain"</a>);)</div>
            <div><br>
            </div>
            <div>Also tried without "target" with same result.</div>
          </div>
          <div><br>
          </div>
          <div>
            <div>ldap_add: Constraint violation (19)</div>
            <div><span class="" style="white-space:pre"> </span>additional
              info: invalid password syntax - passwords with storage
              scheme are not allowed</div>
          </div>
        </div>
      </div>
    </blockquote>
    Hi Alberto<br>
    <br>
    Only a Password Administrator or the root dn(cn=directory manager)
    can add prehashed passwords.  Please see this doc for more info:<br>
    <br>
    <a class="moz-txt-link-freetext" href="http://www.port389.org/docs/389ds/design/password-administrator.html">http://www.port389.org/docs/389ds/design/password-administrator.html</a><br>
    <br>
    Regards,<br>
    Mark<br>
    <blockquote
cite="mid:CAD5whWfUmXRoerEYwc=iQtY7UHsL9zTKXF+eP9L0UeSUgU78+g@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div><br>
          </div>
          <div><br>
          </div>
          <div>I have an older server 389-Directory/<a
              moz-do-not-send="true" href="http://1.3.2.17">1.3.2.17</a>
            B2014.182.124, and this works fine.</div>
          <div>What am I missing in the newer version? Or is that a bug?</div>
          <div><br>
          </div>
          <div>Thanks</div>
          <div><br>
          </div>
          <div>Alberto Viana</div>
          <div><br>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
    </blockquote>
    <br>
  </body>
</html>