I am trying to assign some restriction to MMC for regular users to allow edit their names by switching hide/read/read-write some parameters in "Edit ACL of user" -> "User and group".
I want to user can only see their account page in edit mode and set the next:
Allow only in "Edit ACL of user"
Edit a user
Change user password
Get user photo
and
User login
User name
User groups
User firstname
User home directory
Login shell
User title
Mail address
set to read, not "hide" or "read-write".
After login as regular user I see user's page in edit mode, and get this exception.
PHP XMLRPC call: base.getUserPrimaryGroup ('',)
Python Server traceback:
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/twisted/web/http.py", line 601, in requestReceived
self.process()
File "/usr/lib/python2.4/site-packages/twisted/web/server.py", line 160, in process
self.render(resrc)
File "/usr/lib/python2.4/site-packages/twisted/web/server.py", line 167, in render
body = resrc.render(self)
File "/usr/lib/python2.4/site-packages/mmc/agent.py", line 140, in render
defer.maybeDeferred(function, *args).addErrback(
--- ---
File "/usr/lib/python2.4/site-packages/twisted/internet/defer.py", line 107, in maybeDeferred
result = f(*args, **kw)
File "plugins/base/__init__.py", line 281, in getUserPrimaryGroup
File "plugins/base/__init__.py", line 1024, in getUserPrimaryGroup
File "plugins/base/__init__.py", line 1249, in getDetailedUser
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 481, in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 475, in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2
res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3
rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_DN_SYNTAX: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'}
If I switch ACL in "User and group" to read-write, I see only empty fields (editable and just read-only fields) and this behavior is wrong, because I can't set any parameters before I fill all required fields.
PS. Then I set "Edit ACL of user" to
User list
Edit a user
Change user password
Get user photo
(just switched on User list) then behavior to view/edit fields are correct (I see all users, no exceptions, editable fields are filled, read-only field are filled too), but this regular user can view/edit this parameters for ALL users!
