[jira] [Updated] (DIRSERVER-2306) Removing pwdAccountLockedTime Attribute with Technical User

Tue, 15 Aug 2023 23:04:04 -0700 


     [ 
https://issues.apache.org/jira/browse/DIRSERVER-2306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lécharny updated DIRSERVER-2306:
-----------------------------------------
    Component/s: ppolicy

> Removing pwdAccountLockedTime Attribute with Technical User
> -----------------------------------------------------------
>
>                 Key: DIRSERVER-2306
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2306
>             Project: Directory ApacheDS
>          Issue Type: Task
>          Components: ppolicy
>    Affects Versions: 2.0.0-M24
>            Reporter: Rashid Mahmood
>            Priority: Major
>
> We are connecting to ApacheDS ldap with a technical user created with ACL 
> mentioned below. We are able to cover all of requirements except the 
> possibility for user to unlock his account, when he tried to unlock the 
> account, behind the scene techincal user is unable to remove 
> pwdAccountLockedTime attribute and we receive Access Rights error.
> We tried to switch Admin user but then it is contradicting with another 
> requirement of pwdHistory and user was able to reuse existing password during 
> password change https://issues.apache.org/jira/browse/DIRSERVER-2084
> Is it possible to handle both requirements with one technical user? our 
> preference was to handle it with our own user instead of default admin
> {code:java}
> dn: cn=fdLdapAuthorizationRequirementsACISubentry,dc=abc,dc=xyz
> changetype: add
> objectclass: top
> objectclass: subentry
> objectclass: accessControlSubentry
> cn: fdLdapAuthorizationRequirementsACISubentry
> subtreeSpecification: {}
> prescriptiveACI: {
>     identificationTag "directoryManagerFullAccessACI",
>     precedence 11,
>     authenticationLevel simple,
>     itemOrUserFirst userFirst:
>     {
>       userClasses
>       {
>        name { "uid=fdactmgr,ou=users,ou=system" }
>       },
>       userPermissions
>       { 
>         {
>           protectedItems
>           {
>             entry, allUserAttributeTypesAndValues
>           },
>           grantsAndDenials
>           {
>             grantAdd, grantDiscloseOnError, grantRead,
>             grantRemove, grantBrowse, grantExport, grantImport,
>             grantModify, grantRename, grantReturnDN,
>             grantCompare, grantFilterMatch, grantInvoke
>           } 
>         }
>       }
>     } 
>  }
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

Reply via email to