Rashid Mahmood created DIRSERVER-2306: -----------------------------------------
Summary: Removing pwdAccountLockedTime Attribute with Technical User Key: DIRSERVER-2306 URL: https://issues.apache.org/jira/browse/DIRSERVER-2306 Project: Directory ApacheDS Issue Type: Task Affects Versions: 2.0.0-M24 Reporter: Rashid Mahmood We are connecting to ApacheDS ldap with a technical user created with ACL mentioned below. We are able to cover all of requirements except the possibility for user to unlock his account, when he tried to unlock the account, behind the scene techincal user is unable to removeĀ pwdAccountLockedTime attribute and we receive Access Rights error. We tried to switch Admin user but then it is contradicting with another requirement of pwdHistory and user was able to reuse existing password during password changeĀ https://issues.apache.org/jira/browse/DIRSERVER-2084 Is it possible to handle both requirements with one technical user? our preference was to handle it with our own user instead of default admin {code:java} dn: cn=fdLdapAuthorizationRequirementsACISubentry,dc=abc,dc=xyz changetype: add objectclass: top objectclass: subentry objectclass: accessControlSubentry cn: fdLdapAuthorizationRequirementsACISubentry subtreeSpecification: {} prescriptiveACI: { identificationTag "directoryManagerFullAccessACI", precedence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { name { "uid=fdactmgr,ou=users,ou=system" } }, userPermissions { { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDenials { grantAdd, grantDiscloseOnError, grantRead, grantRemove, grantBrowse, grantExport, grantImport, grantModify, grantRename, grantReturnDN, grantCompare, grantFilterMatch, grantInvoke } } } } } {code} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org