[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6270) Conflict between ppolicy (pwdReset flag) and unique overlays

To: openldap-its@OpenLDAP.org
Subject: (ITS#6270) Conflict between ppolicy (pwdReset flag) and unique overlays
From: clem.oudot@gmail.com
Date: Mon, 24 Aug 2009 14:45:39 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Clement OUDOT
Version: 2.4.16
OS: RHEL 5.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (83.145.72.122)


Hello,

I use both ppolicy and unique overlays.

I try to modify the password of an account whose pwdReset attribute is set to
TRUE. I get this LDAP error:

ldap_modify: Insufficient access (50)
        additional info: unique_search failed

In OpenLDAP logs, we can see:

connection restricted to password changing only
send_ldap_result: conn=20 op=2 p=3
send_ldap_result: err=50 matched="" text="Operations are restricted to
bind/unbind/abandon/StartTLS/modify password"
send_ldap_result: conn=20 op=2 p=3
send_ldap_result: err=50 matched="" text="unique_search failed"
send_ldap_response: msgid=3 tag=103 err=50


So it seems the unique overlay cannot do a search because the connection is
restricted by the ppolicy overlay.

Prev by Date: Re: (ITS#6266) uninitialized var in overlays/dynlist.c:dl_cfgen()
Next by Date: Re: (ITS#6270) Conflict between ppolicy (pwdReset flag) and unique overlays
Index(es):
- Chronological
- Thread