[389-users] add user aci problem
Rich Megginson
rmeggins at redhat.com
Thu Nov 13 14:49:49 UTC 2014
On 11/13/2014 07:26 AM, Mark Reynolds wrote:
>
> On 11/13/2014 07:22 AM, Alberto Viana wrote:
>> Mark,
>>
>> It works, but when I do a ldapserch to this entry, it shows me that:
>>
>> passwordAdminDN:: C9cq90J/
>>
>> Is the expected behavior?
> Hi Alberto,
>
> Yeah this is a known bug (the value is being base64 encoded), but the
> feature should still work correctly though.
>
> Regards,
> Mark
What is the value supposed to be? A human readable DN?
$ python
>>> import base64
>>> base64.b64decode('C9cq90J/')
'\x0b\xd7*\xf7B\x7f'
That doesn't look like a DN - it looks like random bytes.
>>
>> I put a group on it. In 389-console show even more strange characters :)
>>
>> Thanks
>>
>> On Mon, Nov 10, 2014 at 5:10 PM, Mark Reynolds <mareynol at redhat.com
>> <mailto:mareynol at redhat.com>> wrote:
>>
>>
>> On 11/10/2014 12:22 PM, Alberto Viana wrote:
>>> 389-Directory/1.3.2.17 <http://1.3.2.17> B2014.182.124
>>>
>>>
>>> I'm trying to add an user (whitout using the manager, with a
>>> regular user):
>>>
>>> Without any aci:
>>>
>>> ldap_add: Insufficient access (50)
>>> additional info: Insufficient 'add' privilege to the
>>> 'userPassword' attribute
>>>
>>>
>>> My aci:
>>>
>>> dn: ou=test,dc=my,dc=domain
>>> changetype: modify
>>> add: aci
>>> aci: (targetattr = "*") (target =
>>> "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write
>>> permission";allow (all) (userdn =
>>> "ldap:///uid=my_user,ou=app,dc=my,dc=domain");)
>>>
>>> Also tried without "target" with same result.
>>>
>>> ldap_add: Constraint violation (19)
>>> additional info: invalid password syntax - passwords with
>>> storage scheme are not allowed
>> Hi Alberto
>>
>> Only a Password Administrator or the root dn(cn=directory
>> manager) can add prehashed passwords. Please see this doc for
>> more info:
>>
>> http://www.port389.org/docs/389ds/design/password-administrator.html
>>
>> Regards,
>> Mark
>>>
>>>
>>> I have an older server 389-Directory/1.3.2.17 <http://1.3.2.17>
>>> B2014.182.124, and this works fine.
>>> What am I missing in the newer version? Or is that a bug?
>>>
>>> Thanks
>>>
>>> Alberto Viana
>>>
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20141113/8e678dcc/attachment.html>
More information about the 389-users
mailing list