[Freeipa-devel] Strange ldap aci bug when adding groups
Rob Crittenden
rcritten at redhat.com
Tue Sep 11 01:27:11 UTC 2007
Kevin McCarthy wrote:
> I ran into an issue where the web gui can't add groups. Pete and I have
> poked around for an hour and it seems to be a bug in the directory
> server. I'm able to add a group via command line when I bind as
> uid=test, but when I bind as webservice and enable proxying via command
> line, I get permission denied. Strangely, bind as webservice and proxy
> _works_ for adding users on the command line.
>
> I'm going to try and simplify the setup and get a bug report to the FDS
> team tomorrow. Just wanted to check if anyone else has hit this issue
> yet.
>
> -Kevin
>
This is the same thing I reported last week. Set debug to 128 and you'll
see an ACI deny.
To set the debug level do something like:
% ldapmodify -x -D "cn=directory manager" -w freeipa
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 128
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070910/647cfa19/attachment.bin>
More information about the Freeipa-devel
mailing list