It works, but when I do a ldapserch to this entry, it shows me that:

passwordAdminDN:: C9cq90J/

Is the expected behavior?

I put a group on it. In 389-console show even more strange characters  :)


On Mon, Nov 10, 2014 at 5:10 PM, Mark Reynolds <> wrote:

On 11/10/2014 12:22 PM, Alberto Viana wrote:
389-Directory/ B2014.182.124

I'm trying to add an user (whitout using the manager, with a regular user):

Without any aci:

ldap_add: Insufficient access (50)
additional info: Insufficient 'add' privilege to the 'userPassword' attribute

My aci:

dn: ou=test,dc=my,dc=domain
changetype: modify
add: aci
aci: (targetattr = "*") (target = "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write permission";allow (all) (userdn = "ldap:///uid=my_user,ou=app,dc=my,dc=domain");)

Also tried without "target" with same result.

ldap_add: Constraint violation (19)
additional info: invalid password syntax - passwords with storage scheme are not allowed
Hi Alberto

Only a Password Administrator or the root dn(cn=directory manager) can add prehashed passwords.  Please see this doc for more info:


I have an older server 389-Directory/ B2014.182.124, and this works fine.
What am I missing in the newer version? Or is that a bug?


Alberto Viana

389 users mailing list