[389-users] Issue for operation that use proxy user
Claudio Bisegni
Claudio.Bisegni at lnf.infn.it
Mon Oct 19 12:22:57 UTC 2009
Hi all,
i'm writing a middle tier that use a ldap pooled connection to 389
directory server.
The connection are made using Application Server special user for bind
operation. When an user is authenticated, all the operation are made
using the special user polled connection that use the current logged
user as proxy user. The DN for the Application Server user have only
privilege to read and make proxy.
This is the scenario and with this i have two issue.
1) using the proxy user i can't write the userPassword Attribute but i
can do all operation on all other attribute(the user used for proxy
have all privilege on all the tree) the error i receive is:
'Insufficient 'write' privilege to the 'userPassword' attribute of
entry 'infnuuid=31e4ebe9-36c2-4244-
b00c-18e6e87fe407,ou=people,dc=infn,dc=it'
If i get a connection making the bind with this user, all work. All
other operation except add or modify "userPassword" attribute work
well using the proxy user as aspected(so proxy is working)
2)for all other operation that work using the proxy user the problem
is that on 389 log is shown only the real and not the proxy one. Can
be 389 server configured to shown the real and proxy user, to log the
operation?
Thanks in advanced.
Best Reguards
Claudio Bisegni
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091019/4ba1b250/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1758 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091019/4ba1b250/attachment.p7s>
More information about the Fedora-directory-users
mailing list