#16 LDAP ACLs not repected ?

[Anonymous]

I have setup my LDAP so that users can update there own info.
With the same connection parameters i can update my fields with Jxplorer but not with Jabook:

LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: no write access to old entry
LDAPException: Matched DN:

Any reason why the permission are not respected in Jabook but are in Jxplorer ?

Other info :
Login using: uid=me,ou=Development,ou=People,dc=test,dc=com
Password is stored in userPassword as an SHA hash (made with Jxplorer)

[jeremy_wickersheimer]

Logged In: YES
user_id=1631201
Originator: NO

After some debugging with wireshark i found out what is different.

When Jxplorer performs a "modifyRequest" to the DN which works or not according to the ACL i defined in slapd configuration.

When JAbook wants to update an entry it performs a "modDNRequest" on the user DN entry, with "newrdn: cn=John Doe" (the value is in fact the same) and "deleteoldrdn: True"

Two things :
- Not related to the problem at hands, but it happens that the rdn is "uid=.." type, not "cn=..." type (changing it for this DN beforehand doesn't fix) so this is another problem : why is JAbook trying to change the DN ?
- Why is it not using "modifyRequest" ?

How to solve it ? I first tried to change my ACL giving full write access for a user to its DN, but now i have another error message :
Insufficient Access Rights : no write access to old parent's children
Which makes sense if i consider that JAbook is trying to delete the DN first.

[jeremy_wickersheimer]

Logged In: YES
user_id=1631201
Originator: NO

Just patched the code, i will submit it in the Patches section.

I understand that changing the RDN is necessary when using CN but somehow you should probably add UID in the creation dialog.
The patch just add a uid attribute (and accessors) to Entry, parse the uid from the dn in the constructor and changes getUpdatedDn() so that it doesn't nuke the uid.