[389-users] add user aci problem
Ludwig Krispenz
lkrispen at redhat.com
Thu Nov 13 14:59:39 UTC 2014
On 11/13/2014 03:49 PM, Rich Megginson wrote:
> On 11/13/2014 07:26 AM, Mark Reynolds wrote:
>>
>> On 11/13/2014 07:22 AM, Alberto Viana wrote:
>>> Mark,
>>>
>>> It works, but when I do a ldapserch to this entry, it shows me that:
>>>
>>> passwordAdminDN:: C9cq90J/
>>>
>>> Is the expected behavior?
>> Hi Alberto,
>>
>> Yeah this is a known bug (the value is being base64 encoded), but the
>> feature should still work correctly though.
>>
>> Regards,
>> Mark
>
> What is the value supposed to be? A human readable DN?
>
> $ python
> >>> import base64
> >>> base64.b64decode('C9cq90J/')
> '\x0b\xd7*\xf7B\x7f'
>
> That doesn't look like a DN - it looks like random bytes.
looks like: https://fedorahosted.org/389/ticket/47952
>
>>>
>>> I put a group on it. In 389-console show even more strange
>>> characters :)
>>>
>>> Thanks
>>>
>>> On Mon, Nov 10, 2014 at 5:10 PM, Mark Reynolds <mareynol at redhat.com
>>> <mailto:mareynol at redhat.com>> wrote:
>>>
>>>
>>> On 11/10/2014 12:22 PM, Alberto Viana wrote:
>>>> 389-Directory/1.3.2.17 <http://1.3.2.17> B2014.182.124
>>>>
>>>>
>>>> I'm trying to add an user (whitout using the manager, with a
>>>> regular user):
>>>>
>>>> Without any aci:
>>>>
>>>> ldap_add: Insufficient access (50)
>>>> additional info: Insufficient 'add' privilege to the
>>>> 'userPassword' attribute
>>>>
>>>>
>>>> My aci:
>>>>
>>>> dn: ou=test,dc=my,dc=domain
>>>> changetype: modify
>>>> add: aci
>>>> aci: (targetattr = "*") (target =
>>>> "ldap:///test,dc=my,dc=domain") (version 3.0;acl "POP-AL write
>>>> permission";allow (all) (userdn =
>>>> "ldap:///uid=my_user,ou=app,dc=my,dc=domain");)
>>>>
>>>> Also tried without "target" with same result.
>>>>
>>>> ldap_add: Constraint violation (19)
>>>> additional info: invalid password syntax - passwords with
>>>> storage scheme are not allowed
>>> Hi Alberto
>>>
>>> Only a Password Administrator or the root dn(cn=directory
>>> manager) can add prehashed passwords. Please see this doc for
>>> more info:
>>>
>>> http://www.port389.org/docs/389ds/design/password-administrator.html
>>>
>>> Regards,
>>> Mark
>>>>
>>>>
>>>> I have an older server 389-Directory/1.3.2.17 <http://1.3.2.17>
>>>> B2014.182.124, and this works fine.
>>>> What am I missing in the newer version? Or is that a bug?
>>>>
>>>> Thanks
>>>>
>>>> Alberto Viana
>>>>
>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20141113/e84d3d53/attachment.html>
More information about the 389-users
mailing list