(Moved to this new thread from: http://tinyurl.com/agb8fa5

We are using the Password Management ACL, and have had it working in our
production environment for many months - a driver reads the password
attribute on a user. The same driver exists in our development
environment, but it's not succeeding in reading user passwords. (I
turned on tracing for the related rules. When I run a user with a
confirmed password value through the driver in development, the password
value is returned as "".)

I checked the ACLs on the parent container (for users) in both
development and production. Both have compare/read/write privileges on
the passwordManagement pseudo-attribute.

ACL: 7#subtree#cn=PWQAdmin,ou=IDM,o=services#passwordMa nagement

Can anyone suggest other ways I can troubleshoot the problem? Thanks for
your help!


One response received in previous sub-thread:

1/28/13, 18:08 #8 ab

Knowledge Partner
Join Date:Aug 2012
Posts:228Re: Minimum Rights to Change User Password
To me this sounds like a new issue.... not asking what rights are
but asking instead what to do from here. I'd recommend starting a new
thread to handle that issue. In the meantime, are both environments
EXACTLY the same version of eDirectory? Both using the exact same
Universal Password (UP) policy (not just the name, but the policy
definition of course) applied to the user(s) in question? There was a
last year where the ability to do things with passwords thanks to
'Password Management' was broken; I believe all current versions of
are fixed (8.8 SP7 Patch 2 is, from my memory, current).

Good luck.

mmmonfor's Profile: https://forums.netiq.com/member.php?userid=2460
View this thread: https://forums.netiq.com/showthread.php?t=46656