389-Directory/1.3.2.17 B2014.182.124
I'm trying to add an user (whitout using the manager, with a regular user):
Without any aci:
ldap_add: Insufficient access (50) additional info: Insufficient 'add' privilege to the 'userPassword' attribute
My aci:
dn: ou=test,dc=my,dc=domain changetype: modify add: aci aci: (targetattr = "*") (target = "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write permission";allow (all) (userdn = "ldap:///uid=my_user,ou=app,dc=my,dc=domain");)
Also tried without "target" with same result.
ldap_add: Constraint violation (19) additional info: invalid password syntax - passwords with storage scheme are not allowed
I have an older server 389-Directory/1.3.2.17 B2014.182.124, and this works fine. What am I missing in the newer version? Or is that a bug?
Thanks
Alberto Viana
On 11/10/2014 12:22 PM, Alberto Viana wrote:
389-Directory/1.3.2.17 http://1.3.2.17 B2014.182.124
I'm trying to add an user (whitout using the manager, with a regular user):
Without any aci:
ldap_add: Insufficient access (50) additional info: Insufficient 'add' privilege to the 'userPassword' attribute
My aci:
dn: ou=test,dc=my,dc=domain changetype: modify add: aci aci: (targetattr = "*") (target = "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write permission";allow (all) (userdn = "ldap:///uid=my_user,ou=app,dc=my,dc=domain");)
Also tried without "target" with same result.
ldap_add: Constraint violation (19) additional info: invalid password syntax - passwords with storage scheme are not allowed
Hi Alberto
Only a Password Administrator or the root dn(cn=directory manager) can add prehashed passwords. Please see this doc for more info:
http://www.port389.org/docs/389ds/design/password-administrator.html
Regards, Mark
I have an older server 389-Directory/1.3.2.17 http://1.3.2.17 B2014.182.124, and this works fine. What am I missing in the newer version? Or is that a bug?
Thanks
Alberto Viana
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Mark,
It works, but when I do a ldapserch to this entry, it shows me that:
passwordAdminDN:: C9cq90J/
Is the expected behavior?
I put a group on it. In 389-console show even more strange characters :)
Thanks
On Mon, Nov 10, 2014 at 5:10 PM, Mark Reynolds mareynol@redhat.com wrote:
On 11/10/2014 12:22 PM, Alberto Viana wrote:
389-Directory/1.3.2.17 B2014.182.124
I'm trying to add an user (whitout using the manager, with a regular user):
Without any aci:
ldap_add: Insufficient access (50) additional info: Insufficient 'add' privilege to the 'userPassword' attribute
My aci:
dn: ou=test,dc=my,dc=domain changetype: modify add: aci aci: (targetattr = "*") (target = "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write permission";allow (all) (userdn = "ldap:///uid=my_user,ou=app,dc=my,dc=domain");)
Also tried without "target" with same result.
ldap_add: Constraint violation (19) additional info: invalid password syntax - passwords with storage scheme are not allowed
Hi Alberto
Only a Password Administrator or the root dn(cn=directory manager) can add prehashed passwords. Please see this doc for more info:
http://www.port389.org/docs/389ds/design/password-administrator.html
Regards, Mark
I have an older server 389-Directory/1.3.2.17 B2014.182.124, and this works fine. What am I missing in the newer version? Or is that a bug?
Thanks
Alberto Viana
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
On 11/13/2014 07:22 AM, Alberto Viana wrote:
Mark,
It works, but when I do a ldapserch to this entry, it shows me that:
passwordAdminDN:: C9cq90J/
Is the expected behavior?
Hi Alberto,
Yeah this is a known bug (the value is being base64 encoded), but the feature should still work correctly though.
Regards, Mark
I put a group on it. In 389-console show even more strange characters :)
Thanks
On Mon, Nov 10, 2014 at 5:10 PM, Mark Reynolds <mareynol@redhat.com mailto:mareynol@redhat.com> wrote:
On 11/10/2014 12:22 PM, Alberto Viana wrote:
389-Directory/1.3.2.17 <http://1.3.2.17> B2014.182.124 I'm trying to add an user (whitout using the manager, with a regular user): Without any aci: ldap_add: Insufficient access (50) additional info: Insufficient 'add' privilege to the 'userPassword' attribute My aci: dn: ou=test,dc=my,dc=domain changetype: modify add: aci aci: (targetattr = "*") (target = "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write permission";allow (all) (userdn = "ldap:///uid=my_user,ou=app,dc=my,dc=domain");) Also tried without "target" with same result. ldap_add: Constraint violation (19) additional info: invalid password syntax - passwords with storage scheme are not allowed
Hi Alberto Only a Password Administrator or the root dn(cn=directory manager) can add prehashed passwords. Please see this doc for more info: http://www.port389.org/docs/389ds/design/password-administrator.html Regards, Mark
I have an older server 389-Directory/1.3.2.17 <http://1.3.2.17> B2014.182.124, and this works fine. What am I missing in the newer version? Or is that a bug? Thanks Alberto Viana -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 11/13/2014 07:26 AM, Mark Reynolds wrote:
On 11/13/2014 07:22 AM, Alberto Viana wrote:
Mark,
It works, but when I do a ldapserch to this entry, it shows me that:
passwordAdminDN:: C9cq90J/
Is the expected behavior?
Hi Alberto,
Yeah this is a known bug (the value is being base64 encoded), but the feature should still work correctly though.
Regards, Mark
What is the value supposed to be? A human readable DN?
$ python
import base64 base64.b64decode('C9cq90J/')
'\x0b\xd7*\xf7B\x7f'
That doesn't look like a DN - it looks like random bytes.
I put a group on it. In 389-console show even more strange characters :)
Thanks
On Mon, Nov 10, 2014 at 5:10 PM, Mark Reynolds <mareynol@redhat.com mailto:mareynol@redhat.com> wrote:
On 11/10/2014 12:22 PM, Alberto Viana wrote:
389-Directory/1.3.2.17 <http://1.3.2.17> B2014.182.124 I'm trying to add an user (whitout using the manager, with a regular user): Without any aci: ldap_add: Insufficient access (50) additional info: Insufficient 'add' privilege to the 'userPassword' attribute My aci: dn: ou=test,dc=my,dc=domain changetype: modify add: aci aci: (targetattr = "*") (target = "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write permission";allow (all) (userdn = "ldap:///uid=my_user,ou=app,dc=my,dc=domain");) Also tried without "target" with same result. ldap_add: Constraint violation (19) additional info: invalid password syntax - passwords with storage scheme are not allowed
Hi Alberto Only a Password Administrator or the root dn(cn=directory manager) can add prehashed passwords. Please see this doc for more info: http://www.port389.org/docs/389ds/design/password-administrator.html Regards, Mark
I have an older server 389-Directory/1.3.2.17 <http://1.3.2.17> B2014.182.124, and this works fine. What am I missing in the newer version? Or is that a bug? Thanks Alberto Viana -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 11/13/2014 03:49 PM, Rich Megginson wrote:
On 11/13/2014 07:26 AM, Mark Reynolds wrote:
On 11/13/2014 07:22 AM, Alberto Viana wrote:
Mark,
It works, but when I do a ldapserch to this entry, it shows me that:
passwordAdminDN:: C9cq90J/
Is the expected behavior?
Hi Alberto,
Yeah this is a known bug (the value is being base64 encoded), but the feature should still work correctly though.
Regards, Mark
What is the value supposed to be? A human readable DN?
$ python
import base64 base64.b64decode('C9cq90J/')
'\x0b\xd7*\xf7B\x7f'
That doesn't look like a DN - it looks like random bytes.
looks like: https://fedorahosted.org/389/ticket/47952
I put a group on it. In 389-console show even more strange characters :)
Thanks
On Mon, Nov 10, 2014 at 5:10 PM, Mark Reynolds <mareynol@redhat.com mailto:mareynol@redhat.com> wrote:
On 11/10/2014 12:22 PM, Alberto Viana wrote:
389-Directory/1.3.2.17 <http://1.3.2.17> B2014.182.124 I'm trying to add an user (whitout using the manager, with a regular user): Without any aci: ldap_add: Insufficient access (50) additional info: Insufficient 'add' privilege to the 'userPassword' attribute My aci: dn: ou=test,dc=my,dc=domain changetype: modify add: aci aci: (targetattr = "*") (target = "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write permission";allow (all) (userdn = "ldap:///uid=my_user,ou=app,dc=my,dc=domain");) Also tried without "target" with same result. ldap_add: Constraint violation (19) additional info: invalid password syntax - passwords with storage scheme are not allowed
Hi Alberto Only a Password Administrator or the root dn(cn=directory manager) can add prehashed passwords. Please see this doc for more info: http://www.port389.org/docs/389ds/design/password-administrator.html Regards, Mark
I have an older server 389-Directory/1.3.2.17 <http://1.3.2.17> B2014.182.124, and this works fine. What am I missing in the newer version? Or is that a bug? Thanks Alberto Viana -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org