Hi,

I have two weird issues with trustee assignments:

attribute 'password management': I used to assign [s] to this 'pseudo'
attribute to allow a driver to set passwords (nspmdistributionpassword).
with our current eDir Version, this doesnt work anymore. I have to
assign full [s] on all attributes to make this work

can someone confirm?

The other one: I am working with the dynamic group memberquery
[pseudo].member. I only get results if I assign [s] Object (!) rights
for the driver (to the subtree where the dynamicGroups are). Even [s] on
'all attributes' returns 'insufficent rights'

Same: confirm?

eDir: 20702.02 eDirectory for Linux x86_64 v8.8 SP7 [DS]
IDM: DirXML-Version is 4.0.2.0 AE.

Trace (first one with [s] on 'all attributes')

<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="dynamicGroup"
dest-dn="\RBMHIMS-INT\data\reference\communities\2ROLE0001"
dest-entry-id="234884" scope="entry">
<read-attr attr-name="[pseudo].Member"/>
</query>
</input>
</nds>
[09/17/13 12:58:36.357]:AutoProfiles ST: Pumping XDS to
eDirectory.
[09/17/13 12:58:36.357]:AutoProfiles ST: Performing operation
query for \RBMHIMS-INT\data\reference\communities\2ROLE0001.
[09/17/13 12:58:36.358]:AutoProfiles ST: --JCLNT--
\RBMHIMS-INT\system\driverset1\RBMHIMS-AutoProfiles : Duplicating :
context = 1566113864, tempContext = 1566113967
[09/17/13 12:58:39.327]:AutoProfiles ST: Driver object has
insufficient rights to read
\RBMHIMS-INT\data\reference\communities\2ROLE0001#[pseudo].Member.
[09/17/13 12:58:39.328]:AutoProfiles ST: --JCLNT--
\RBMHIMS-INT\system\driverset1\RBMHIMS-AutoProfiles : Calling free on
tempContext = 1566113967
[09/17/13 12:58:39.328]:AutoProfiles ST: Query from policy result


and one with [s] Object rights (nothing else changed)
[09/17/13 12:58:39.328]:AutoProfiles ST: Query from policy result


<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="dynamicGroup"
dest-dn="\RBMHIMS-INT\data\reference\communities\2ROLE0001"
dest-entry-id="234884" scope="entry">
<read-attr attr-name="[pseudo].Member"/>
</query>
</input>
</nds>
[09/17/13 12:59:28.930]:AutoProfiles ST: Pumping XDS to
eDirectory.
[09/17/13 12:59:28.930]:AutoProfiles ST: Performing operation
query for \RBMHIMS-INT\data\reference\communities\2ROLE0001.
[09/17/13 12:59:28.930]:AutoProfiles ST: --JCLNT--
\RBMHIMS-INT\system\driverset1\RBMHIMS-AutoProfiles : Duplicating :
context = 1566113864, tempContext = 1566113956
[09/17/13 12:59:32.037]:AutoProfiles ST: --JCLNT--
\RBMHIMS-INT\system\driverset1\RBMHIMS-AutoProfiles : Calling free on
tempContext = 1566113956
[09/17/13 12:59:32.038]:AutoProfiles ST: Query from policy result
[09/17/13 12:59:32.038]:AutoProfiles ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="dynamicGroup"
qualified-src-dn="O=data\OU=reference\OU=communities\CN=2ROLE000 1"
src-dn="\RBMHIMS-INT\data\reference\communities\2ROLE0001"
src-entry-id="234884">
<attr attr-name="[pseudo].Member">
<value timestamp="0#0"
type="dn">\RBMHIMS-INT\data\users\internal\00THNI0001</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>