This bug is created as a clone of upstream ticket:
using RFC 4370 proxy auth LDAP control when bound as cn=Directory Manager does not allow ACIs to be evaluated as the proxied identity. We need this to make sure we can consider LDAP ACIs in IPA KDC driver.
RHEL 7.3 x86_64 Server
[pkundal@localhost tickets]$ rpm -qa | grep 389
[pkundal@localhost tickets]$ sudo py.test -v ticket48366_test.py
======================== test session starts ===============================
platform linux2 -- Python 2.7.5, pytest-2.9.2, py-1.4.31, pluggy-0.3.1 -- /usr/bin/python
rootdir: /home/pkundal/ds/dirsrvtests/tests/tickets, inifile:
collected 4 items
================= 4 passed in 19.32 seconds =====================================
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.