Raul Hernandez hernandezr@gmail.com schrieb am 16.09.2014 um 23:36 in
Nachricht CAL3GdwNJfDBDvwHmxFntggndsRC=wZ+SHM0LVeBbYQEm3ZGaEw@mail.gmail.com:
[...]
the my HDB access configuration, and realize that my chaining (cn=syncrepluser,ou=security,dc=example,dc=com) user had "write" permissions on userPassword, pwdFailuretime, pwdChangedTime, pwdHistory, pwdAccountLockedTime attributes and that wasn't enough. I changed the "write" permission to "manage" and everything started working.
[...]
I read the slapd.access manual page, aand could not get it: -- The level access model relies on an incremental interpretation of the access privileges. The possible levels are none, disclose, auth, com- pare, search, read, write, and manage. Each access level implies all the preceding ones, thus manage grants all access including administra- tive access. The write access is actually the combination of add and delete, which respectively restrict the write privilege to add or delete the specified <what>. -- "administrative access" is nowhere explained. So what does "manage" allow that "write" does not?
Regards, Ulrich