Omer Faruk Sen
2007-Jul-11 14:03 UTC
[Fedora-directory-users] disallow_pw_change_aci problem
Hi, I have installed fedora-ds 1.0.4 to Fedora 6 server. I am trying to install mail ldap cluster. I have added a domain like dc=my,dc=domain,dc=com and added a virtual domain like ou=virtdomain.com,dc=my,dc=domain,dc=com after adding a user like: uid=user,ou=virtdomain.com,dc=my,dc=domain,dc=com and changing its password gives me that error: aci: (targetattr = "userPassword") ( version 3.0; acl "disallow_pw_change_aci"; deny (write ) userdn = "ldap:///self";) I have read http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html and added an aci like: aci: (targetattr="userPassword || homePhone || homePostalAddress") (version 3.0; acl "Write my.domain.com"; allow (write) userdn= "ldap:///self";) for ou=virtdomain.com,dc=my,dc=domain,dc=com But I still get aci: (targetattr = "userPassword") ( version 3.0; acl "disallow_pw_change_aci"; deny (write ) userdn = "ldap:///self";) error. How can I disable disallow_pw_change aci since I couldn''t find this aci anywhere using directory admin gui. By the way I think this comes from userRoot database. But I can''t find a place to disable disallow_pw_change Best Regards, ____________________________________________________________________________________ Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php
Ulf Weltman
2007-Jul-11 17:48 UTC
Re: [Fedora-directory-users] disallow_pw_change_aci problem
This ACI is automatically added to each root entry when the passwordChange global password policy is set to off (in the GUI, when "User may change password" is unchecked). Omer Faruk Sen wrote:> Hi, > > I have installed fedora-ds 1.0.4 to Fedora 6 server. I am trying to install mail ldap cluster. I have added a domain like dc=my,dc=domain,dc=com and added a virtual domain like ou=virtdomain.com,dc=my,dc=domain,dc=com after adding a user like: > > uid=user,ou=virtdomain.com,dc=my,dc=domain,dc=com > > and changing its password gives me that error: > > aci: (targetattr = "userPassword") ( version 3.0; acl "disallow_pw_change_aci"; deny (write ) userdn = "ldap:///self";) > > > I have read http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html and added an aci like: > > aci: (targetattr="userPassword || homePhone || > homePostalAddress") (version 3.0; acl "Write my.domain.com"; allow > (write) userdn= "ldap:///self";) > > for ou=virtdomain.com,dc=my,dc=domain,dc=com > > But I still get aci: (targetattr = "userPassword") ( version 3.0; acl "disallow_pw_change_aci"; deny (write ) userdn = "ldap:///self";) > > error. How can I disable disallow_pw_change aci since I couldn''t find this aci anywhere using directory admin gui. > > > By the way I think this comes from userRoot database. But I can''t find a place to disable disallow_pw_change > > Best Regards, > > > > > > > ____________________________________________________________________________________ > Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. > http://new.toolbar.yahoo.com/toolbar/features/norton/index.php > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >