[389-users] Chaining and LDAP_UNWILLING_TO_PERFORM problem

Roberto Polli rpolli at babel.it
Wed Jul 29 23:06:31 UTC 2009 

On Wednesday 29 July 2009 18:35:56 you wrote:
> Roberto Polli wrote:
> > On Wednesday 29 July 2009 18:09:17 Rich Megginson wrote:
> >> Does this give any useful information?
> >> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Configuring_Directo
> >>ry_
> >> Databases-Creating_and_Maintaining_Database_Links.html#Creating_and_Main
> >>tain ing_Database_Links-Database_Links_and_Access_Control_Evaluation
> >
> > I read it more than once..made some slides too
> > http://docs.google.com/present/view?id=dd4mpk7p_10366hxdsmn
> >
> > nonethless I may have made some mistake.
> >
> > what I didn't understood is why - when updating userPassword - the remote
> > server states that
> >
> >> NSACLPlugin - proxied authorization dn is ()
> >
> > instead of
> >
> >> NSACLPlugin - proxied authorization dn is (uid=u1,ou=serv
> >> ice administrators,dc=babel,dc=it)
> >
> > hope this could clarify a bit my problem..
>

> Are you using the ldappasswd command to update the password?
ldapmodify:
dn: uid=pippo,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: pippo1242102d32d322d8321p8enxnc093212190cx321


> You may have to allow that component to chain.
> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Configuring_Directo
>ry_Databases-Creating_and_Maintaining_Database_Links.html#Configuring_the_Ch
>aining_Policy-Chaining_Component_Operations

Even if I don't use SASL, anyway I enabled chaining of PasswordPolicy 
controls, but nothing changes.
..

but..is it right that in aclplugin.c the function 
acl_get_proxyauth_dn( pb, &proxy_dn, &errtext )
returns proxy_dn = "" ?

Peace, 
R.
-- 

Roberto Polli
Babel S.r.l. - http://www.babel.it
Tel. +39.06.91801075 - fax +39.06.91612446
Tel. cel +39.340.6522736
P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma)

"Il seguente messaggio contiene informazioni riservate. Qualora questo 
messaggio fosse da Voi ricevuto per errore, Vogliate cortesemente darcene 
notizia a mezzo e-mail. Vi sollecitiamo altresì a distruggere il messaggio 
erroneamente ricevuto. Quanto precede Vi viene chiesto ai fini del rispetto 
della legge in materia di protezione dei dati personali."

More information about the 389-users mailing list