clem.oudot(a)gmail.com wrote:
Full_Name: Clement OUDOT
Version: 2.4.16
OS: RHEL 5.2
URL:
ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (83.145.72.122)
Hello,
I use both ppolicy and unique overlays.
I try to modify the password of an account whose pwdReset attribute is set to
TRUE. I get this LDAP error:
ldap_modify: Insufficient access (50)
additional info: unique_search failed
In OpenLDAP logs, we can see:
connection restricted to password changing only
send_ldap_result: conn=20 op=2 p=3
send_ldap_result: err=50 matched="" text="Operations are restricted to
bind/unbind/abandon/StartTLS/modify password"
send_ldap_result: conn=20 op=2 p=3
send_ldap_result: err=50 matched="" text="unique_search failed"
send_ldap_response: msgid=3 tag=103 err=50
So it seems the unique overlay cannot do a search because the connection is
restricted by the ppolicy overlay.
Given the configuration you provided, this should now be fixed with the
unique.c in CVS HEAD.
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/