clem.oudot@gmail.com wrote:

Full_Name: Clement OUDOT Version: 2.4.16 OS: RHEL 5.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (83.145.72.122)

Hello,

I use both ppolicy and unique overlays.

I try to modify the password of an account whose pwdReset attribute is set to TRUE. I get this LDAP error:

ldap_modify: Insufficient access (50) additional info: unique_search failed

In OpenLDAP logs, we can see:

connection restricted to password changing only send_ldap_result: conn=20 op=2 p=3 send_ldap_result: err=50 matched="" text="Operations are restricted to bind/unbind/abandon/StartTLS/modify password" send_ldap_result: conn=20 op=2 p=3 send_ldap_result: err=50 matched="" text="unique_search failed" send_ldap_response: msgid=3 tag=103 err=50

So it seems the unique overlay cannot do a search because the connection is restricted by the ppolicy overlay.

Given the configuration you provided, this should now be fixed with the unique.c in CVS HEAD.