Hello,
We are running version 1.2.10.14 and we have run into a problem with access to the unhashed#user#password attribute during modify operations.
The directory server returns err=50 insufficient access to the unhashed#user#password attribute when updating the userPassword attribute. This happens even though the user performing the operation has full access to the userPassword attribute.
I believe our problem is tracked by the ticket below:
https://fedorahosted.org/389/ticket/455
https://fedorahosted.org/389/attachment/ticket/455/0001-Trac-Ticket-455-Insufficient-rights-to-unhashed-user.patch
However, since userPassword is a multivalued attribute, does this patch account for attribute adds as well as deletes? I do not see a case for LDAP_MOD_ADD in the switch statement but perhaps I'm missing something. I can reproduce this issue with both userPassword attribute add and attribute delete operations, but replace works just fine as expected.
We are currently using an aci that explicitly allows full access to the unhashed#user#password attribute as a work around.
Thanks, Brendan
Brendan,
This should of been fixed in ticket 394 for 1.3.0
Is there anyway you can test the latest version?
Also here is the patch or 1.3.0:
https://fedorahosted.org/389/attachment/ticket/394/0001-Ticket-394-modify-delete-userpassword.patch
Thanks, Mark
Closing as works for me, as it works in the latest version 1.3.0.
Thanks, Mark. We are planning to test but have not done so yet. Will report back if we find 1.3.0 does not solve our problem.
Metadata Update from @mreynolds: - Issue assigned to rmeggins - Issue set to the milestone: N/A
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/544
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.