You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Ca...@ibs-ag.com on 2011/11/10 19:48:30 UTC
Reassignment of password policy
Hi Folks, last question today.
I have two types of users - 'inside' and 'outside' . There exists a password policy for each type.
When users are created, the pwdPolicySubEntry attribute is added with the DN of the relevant policy. - OK
We have a case were users can be moved from inside to outside and vice versa.
LdapContext.rename(strOldDn, strNewDn);
Moving the user object as shown above works fine but I cannot figure out how to update the policy afterwards.
Tried to replace or delete the attribute, the following exception occurs.
[LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST Message ID : 45 Modify Request
Object : 'uid=1320878789594,ou=users,ou=ext,o=cpro'
Modification[0]
Operation : replace
Modification pwdPolicySubEntry: ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
org.apache.directory.shared.ldap.model.message.ModifyRequestImpl@878ad1e1: ERR_52 Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' DESC The pwdPolicy subentry in effect for this object EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ]
Is there a way to do this without creating a new entry and copying all the attributes? Thanks Carlo