Environment
Self Service Password Reset 3.3
Situation
After enabling the People Search module and logging in to the SSPR interface to conduct a search, the only result returned is the user who logged in.
If the "Use Proxy Account" is checked and the LDAP Proxy User has administrator credentials, the search returns results as expected.
If the "Use Proxy Account" is checked and the LDAP Proxy User has administrator credentials, the search returns results as expected.
Resolution
Configure rights in the LDAP Directory so that the logged in user will have browse rights to the identities that are being searched.
If the LDAP directory is eDirectory, this can be accomplished with iManager.
From iManager, access the Rights role and Modify Trustees task
Select "Modify Trustees" and select the OU that contains the users who will be searched by People Search.
Select "Add Trustees" and select the OU that contains the user who will use People Search.
Select "Assigned Rights" and make the following modifications.
Add the Property [All Attribute Rights]
The default Assigned Rights COMPARE READ INHERIT are sufficient.
Add the Property [Entry Rights]
The default Assigned Rights BROWSE INHERIT are sufficient.
Verify that rights are assigned correctly.
From iManager access the Rights role and View Effective Rights task.
Browse and select a user in the container that holds the users doing the searching.
Specify the name of the object to which the trustee has effective rights
Select a different user from container holding the users who will be searched.
[All Attribute Rights] should have effective rights Compare, Read
[Entry Rights] should have effective rights Browse
If the LDAP directory is eDirectory, this can be accomplished with iManager.
From iManager, access the Rights role and Modify Trustees task
Select "Modify Trustees" and select the OU that contains the users who will be searched by People Search.
Select "Add Trustees" and select the OU that contains the user who will use People Search.
Select "Assigned Rights" and make the following modifications.
Add the Property [All Attribute Rights]
The default Assigned Rights COMPARE READ INHERIT are sufficient.
Add the Property [Entry Rights]
The default Assigned Rights BROWSE INHERIT are sufficient.
Verify that rights are assigned correctly.
From iManager access the Rights role and View Effective Rights task.
Browse and select a user in the container that holds the users doing the searching.
Specify the name of the object to which the trustee has effective rights
Select a different user from container holding the users who will be searched.
[All Attribute Rights] should have effective rights Compare, Read
[Entry Rights] should have effective rights Browse
Cause
The logged-in user does not have enough rights in the Identity Store to see information about other users