[Fedora-directory-users] WinSync reports "Insufficient Access"
Bryan Fransman
bryan.fransman at gmail.com
Fri Dec 9 16:48:58 UTC 2005
I'm seeking a little guidance in regard to the Windows Sync configuration. I
have the Windows Sync service speaking to the Fedora Directory Server (SSL
enabled), but passwords are not updated on the FDS side.
Environment is Windows 2000 server, Fedora Core 3 w/ FDS 1.0 w/ the latest
PassSync.msi
I have configured WinSync to use cn=replication manager,cn=config as the
bind user. This user exists in FDS.
I enabled logging for the password sync service, and found the following
entry in the passsync.log log:
12/09/05 11:17:06: Attempting to sync password for username
12/09/05 11:17:06: Searching for (ntuserdomainid=username)
12/09/05 11:17:06: Ldap error in ModifyPassword
50: Insufficient access
12/09/05 11:17:06: Modify password failed for remote entry:
uid=username,ou=People, dc=domain, dc=com
12/09/05 11:17:06: Deferring password change for username
12/09/05 11:17:06: Backing off for 32000ms
So, there it is.. the third line of log entry "Insufficient access".
I assume that its an ACI problem with the cn=replication manager,cn=config
user. I attempted to create an ACI to resolve the issue, but no luck.
(targetattr = "*") (target = "ldap:///uid=*,ou=People,dc=domain,dc=com")
(version 3.0;acl "WinSync";allow (all,proxy)(userdn = "ldap:///cn=replication
manager,cn=config") <ldap:///cn=replicationmanager,cn=config")>;)
Some help would be greatly appreciated.
Thanks,
Bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20051209/b22670e6/attachment.htm>
More information about the Fedora-directory-users
mailing list