The group update is performed with the credentials of the binding user. The DSA triggers the memberOf update and therefore bypasses access controls and also schema checking.
If a separate DSA services the user subtree, the DSA handling the group update requires the 'trust-dsa-triggered-operations' trust flag.
|
Copyright © 2013 CA.
All rights reserved.
|
|