[389-users] Issue for operation that use proxy user

[Claudio Bisegni]

Hi all,

i'm writing a middle tier that use a ldap pooled connection to 389  
directory server.
The connection are made using Application Server special user for bind  
operation. When an user is authenticated, all the operation  are made  
using the special user polled connection that use the current logged  
user as proxy user. The DN for the Application Server user have only  
privilege to read and make proxy.
This is the scenario and with this i have two issue.

1) using the proxy user i can't write the userPassword Attribute but i  
can do all operation on all other attribute(the user used for proxy  
have all privilege on all the tree) the error i receive is:
'Insufficient 'write' privilege to the 'userPassword' attribute of  
entry 'infnuuid=31e4ebe9-36c2-4244- 
b00c-18e6e87fe407,ou=people,dc=infn,dc=it'
  If i get a connection making the bind with this user, all work. All  
other operation except add or modify "userPassword" attribute work  
well using the proxy user as aspected(so proxy is working)

2)for all other operation that work using the proxy user the problem  
is that on 389 log is shown only the real and not the proxy one. Can  
be 389 server configured to shown the real and proxy user, to log the  
operation?

Thanks in advanced.

Best Reguards
	Claudio Bisegni

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091019/4ba1b250/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1758 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091019/4ba1b250/attachment.p7s>