The group update is performed with the credentials of the binding user. The DSA triggers the memberOf update and therefore bypasses access controls and also schema checking.
If a separate DSA services the user subtree, the DSA handling the group update requires the 'trust-dsa-triggered-operations' trust flag.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |