On 11/13/2014 07:22 AM, Alberto Viana wrote:

Mark,

It works, but when I do a ldapserch to this entry, it shows me that:

passwordAdminDN:: C9cq90J/

Is the expected behavior?

Hi Alberto,

Yeah this is a known bug (the value is being base64 encoded), but the feature should still work correctly though.

Regards,
Mark

I put a group on it. In 389-console show even more strange characters  :)

Thanks

On Mon, Nov 10, 2014 at 5:10 PM, Mark Reynolds <mareynol@redhat.com> wrote:

On 11/10/2014 12:22 PM, Alberto Viana wrote:

389-Directory/1.3.2.17 B2014.182.124

I'm trying to add an user (whitout using the manager, with a regular user):

Without any aci:

ldap_add: Insufficient access (50)

additional info: Insufficient 'add' privilege to the 'userPassword' attribute

My aci:

dn: ou=test,dc=my,dc=domain

changetype: modify

add: aci

aci: (targetattr = "*") (target = "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write permission";allow (all) (userdn = "ldap:///uid=my_user,ou=app,dc=my,dc=domain");)

Also tried without "target" with same result.

ldap_add: Constraint violation (19)

additional info: invalid password syntax - passwords with storage scheme are not allowed

Hi Alberto

Only a Password Administrator or the root dn(cn=directory manager) can add prehashed passwords.  Please see this doc for more info:

http://www.port389.org/docs/389ds/design/password-administrator.html

Regards,
Mark

I have an older server 389-Directory/1.3.2.17 B2014.182.124, and this works fine.

What am I missing in the newer version? Or is that a bug?

Thanks

Alberto Viana

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users