[389-users] Chaining and LDAP_UNWILLING_TO_PERFORM problem

Rich Megginson rmeggins at redhat.com
Wed Jul 29 23:15:00 UTC 2009 

Roberto Polli wrote:
> On Wednesday 29 July 2009 18:35:56 you wrote:
>   
>> Roberto Polli wrote:
>>     
>>> On Wednesday 29 July 2009 18:09:17 Rich Megginson wrote:
>>>       
>>>> Does this give any useful information?
>>>> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Configuring_Directo
>>>> ry_
>>>> Databases-Creating_and_Maintaining_Database_Links.html#Creating_and_Main
>>>> tain ing_Database_Links-Database_Links_and_Access_Control_Evaluation
>>>>         
>>> I read it more than once..made some slides too
>>> http://docs.google.com/present/view?id=dd4mpk7p_10366hxdsmn
>>>
>>> nonethless I may have made some mistake.
>>>
>>> what I didn't understood is why - when updating userPassword - the remote
>>> server states that
>>>
>>>       
>>>> NSACLPlugin - proxied authorization dn is ()
>>>>         
>>> instead of
>>>
>>>       
>>>> NSACLPlugin - proxied authorization dn is (uid=u1,ou=serv
>>>> ice administrators,dc=babel,dc=it)
>>>>         
>>> hope this could clarify a bit my problem..
>>>       
>
>   
>> Are you using the ldappasswd command to update the password?
>>     
> ldapmodify:
> dn: uid=pippo,dc=example,dc=com
> changetype: modify
> replace: userPassword
> userPassword: pippo1242102d32d322d8321p8enxnc093212190cx321
>
>
>   
>> You may have to allow that component to chain.
>> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Configuring_Directo
>> ry_Databases-Creating_and_Maintaining_Database_Links.html#Configuring_the_Ch
>> aining_Policy-Chaining_Component_Operations
>>     
>
> Even if I don't use SASL, anyway I enabled chaining of PasswordPolicy 
> controls, but nothing changes.
> ..
>
> but..is it right that in aclplugin.c the function 
> acl_get_proxyauth_dn( pb, &proxy_dn, &errtext )
> returns proxy_dn = "" ?
>   
It is if there is no proxy auth control being sent.
> Peace, 
> R.
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090729/0e8c19dc/attachment.bin>

More information about the Fedora-directory-users mailing list