[ https://issues.apache.org/jira/browse/DIRSERVER-2306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lécharny updated DIRSERVER-2306: ----------------------------------------- Component/s: ppolicy > Removing pwdAccountLockedTime Attribute with Technical User > ----------------------------------------------------------- > > Key: DIRSERVER-2306 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2306 > Project: Directory ApacheDS > Issue Type: Task > Components: ppolicy > Affects Versions: 2.0.0-M24 > Reporter: Rashid Mahmood > Priority: Major > > We are connecting to ApacheDS ldap with a technical user created with ACL > mentioned below. We are able to cover all of requirements except the > possibility for user to unlock his account, when he tried to unlock the > account, behind the scene techincal user is unable to remove > pwdAccountLockedTime attribute and we receive Access Rights error. > We tried to switch Admin user but then it is contradicting with another > requirement of pwdHistory and user was able to reuse existing password during > password change https://issues.apache.org/jira/browse/DIRSERVER-2084 > Is it possible to handle both requirements with one technical user? our > preference was to handle it with our own user instead of default admin > {code:java} > dn: cn=fdLdapAuthorizationRequirementsACISubentry,dc=abc,dc=xyz > changetype: add > objectclass: top > objectclass: subentry > objectclass: accessControlSubentry > cn: fdLdapAuthorizationRequirementsACISubentry > subtreeSpecification: {} > prescriptiveACI: { > identificationTag "directoryManagerFullAccessACI", > precedence 11, > authenticationLevel simple, > itemOrUserFirst userFirst: > { > userClasses > { > name { "uid=fdactmgr,ou=users,ou=system" } > }, > userPermissions > { > { > protectedItems > { > entry, allUserAttributeTypesAndValues > }, > grantsAndDenials > { > grantAdd, grantDiscloseOnError, grantRead, > grantRemove, grantBrowse, grantExport, grantImport, > grantModify, grantRename, grantReturnDN, > grantCompare, grantFilterMatch, grantInvoke > } > } > } > } > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org