1. Create a simple dc=example,dc=com directory with say 5 default users (user.0, ... user.5)
2. Create the following aci
3. Try to rename user.2 to user.20
The issue seems to be due to this ACI
Even if the targattrfilters are changed to anything else,
the access is denied. It seems that this aci is applied
for modrdn especially compared to normal operations. (
Normal individual ldap operation like create new users
works and also those with the deny targattrfilters works
Ref: http://opendj.forgerock.org/doc/admin-guide/index/chap-privileges-acis.html is check but this behaviour does not sound right.
OPENDJ-895 but this looks a bit different from that too).