I'm using Solaris 10 TX 8/07 with Directory Server 5.2 p6, SRSS 4.0 update 2,
and several thick clients. The DS, SRSS, and NFS server reside on different
hardware. The patches are current on all systems as of 8 Jan 08. I have
encountered a problem with roles when users are in TJDS. I've created a role
in LDAP with no rights or privileges other than what is in the default
policy.conf. This role will allow select users to run Win4Solaris. I do not
want these users to have access to admin_low or admin_high so they are not part
of the role. This arrangement works in TCDE without a problem. However, when
a user tries to assume the role in TJDS they receive the following error
message. " The system administrator has temporarily disabled access to the
system for <role name>. See your system administrator." This problem exists on
thick and thin clients. If I edit the role to add admin_low and admin_high the
problem goes away if I remove admin_low and admin_high the problem returns. Is
anyone aware of this problem?
This message posted from opensolaris.org