PWM doesn't update profile field

What steps will reproduce the problem?
1. admin allows profile updates
2. admin configures profile update fields in config console
3. admin follows instructions under "Update Write Attributes" in Update Profile 
module (using the default "description=PWM")
4. user logs in to PWM
5. user clicks Update Profile
6. user enters new field data, click Update
7. user reviews changes, click Confirm

What is the expected output? What do you see instead?
Expected: User should get a confirmation message, profile fields should be 
updated, and description field should be updated to the value "PWM".

Actual: User receives error message but profile fields are updated.  
Unfortunately, the description field is unchanged.

Could it be that the user profile data is written by the logged-in user, but 
the description field by the PWM proxy user?

What version of PWM are you using?
latest

What ldap directory and version are you using?
AD 2008 R2

Please paste any error log messages below:
2013-07-11 21:16:13, DEBUG, servlet.UpdateProfileServlet, {9g} user confirmed 
profile data [172.16.200.230]
2013-07-11 21:16:13, INFO , servlet.UpdateProfileServlet, updating profile for 
CN=ADMIN-Ryan Hammond,OU=Users,OU=myOU,dc=company,dc=lab
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#17 
getDirectoryVendor()
2013-07-11 21:16:13, DEBUG, provider.WatchdogWrapper, reopening ldap connection 
for CN=ADMIN-Ryan Hammond,OU=Users,OU=myOU,dc=company,dc=lab
2013-07-11 21:16:13, TRACE, provider.JNDIProviderImpl, bind successful as 
CN=ADMIN-Ryan Hammond,OU=Users,OU=myOU,dc=company,dc=lab (223ms)
2013-07-11 21:16:13, TRACE, provider.ChaiProviderFactory, adding 
WatchdogWrapper to provider instance
2013-07-11 21:16:13, TRACE, provider.WatchdogWrapper, checking for user 
password expiration to adjust watchdog timeout
2013-07-11 21:16:13, TRACE, provider.ChaiProviderFactory, adding 
WireTraceWrapper to provider instance
2013-07-11 21:16:13, TRACE, provider.ChaiProviderFactory, adding 
StatisticsWrapper to provider instance
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#1 
getDirectoryVendor()
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#1 result: 
MICROSOFT_ACTIVE_DIRECTORY (0ms)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#17 result: 
MICROSOFT_ACTIVE_DIRECTORY (229ms)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#18 
readStringAttributes(CN=ADMIN-Ryan 
Hammond,OU=Users,OU=myOU,dc=company,dc=lab,[mail, title, telephoneNumber])
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#2 
readStringAttributes(CN=ADMIN-Ryan 
Hammond,OU=Users,OU=myOU,dc=company,dc=lab,[mail, title, telephoneNumber])
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#2 result: 
{mail=rhammond@company.com, title=pwm noob, telephoneNumber=123-456-7890x1} 
(2ms)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#18 result: 
{mail=rhammond@company.com, title=pwm noob, telephoneNumber=123-456-7890x1} 
(2ms)
2013-07-11 21:16:13, DEBUG, util.Helper, {9g} skipping attribute modify for 
attribute 'mail', no change in value [172.16.200.230]
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#19 
writeStringAttribute(CN=ADMIN-Ryan 
Hammond,OU=Users,OU=myOU,dc=company,dc=lab,title,[Sr Cloud Architect],true)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#3 
writeStringAttribute(CN=ADMIN-Ryan 
Hammond,OU=Users,OU=myOU,dc=company,dc=lab,title,[Sr Cloud Architect],true)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#3 result: null 
(31ms)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#19 result: 
null (31ms)
2013-07-11 21:16:13, INFO , util.Helper, {9g} set attribute on user 
CN=ADMIN-Ryan Hammond,OU=Users,OU=myOU,dc=company,dc=lab (title=Sr Cloud 
Architect) [172.16.200.230]
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#20 
writeStringAttribute(CN=ADMIN-Ryan 
Hammond,OU=Users,OU=myOU,dc=company,dc=lab,telephoneNumber,[123-456-7890],true)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#4 
writeStringAttribute(CN=ADMIN-Ryan 
Hammond,OU=Users,OU=myOU,dc=company,dc=lab,telephoneNumber,[123-456-7890],true)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#4 result: null 
(24ms)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#20 result: 
null (24ms)
2013-07-11 21:16:13, INFO , util.Helper, {9g} set attribute on user 
CN=ADMIN-Ryan Hammond,OU=Users,OU=myOU,dc=company,dc=lab 
(telephoneNumber=123-456-7890) [172.16.200.230]
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#14 
getDirectoryVendor()
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#14 result: 
MICROSOFT_ACTIVE_DIRECTORY (0ms)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#15 
readStringAttributes(CN=ADMIN-Ryan 
Hammond,OU=Users,OU=myOU,dc=company,dc=lab,[description, title])
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, finish op#15 result: 
{description=blah, title=pwm noob} (2ms)
2013-07-11 21:16:13, TRACE, provider.WireTraceWrapper, begin op#16 
writeStringAttribute(CN=ADMIN-Ryan 
Hammond,OU=Users,OU=myOU,dc=company,dc=lab,description,[PWM],true)
2013-07-11 21:16:13, ERROR, servlet.UpdateProfileServlet, {9g} 5015 
ERROR_UNKNOWN (error setting 'description' attribute on user CN=ADMIN-Ryan 
Hammond,OU=Users,OU=myOU,dc=company,dc=lab, error: [LDAP: error code 50 - 
00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 
[172.16.200.230]
^@])
Original issue reported on code.google.com by ryan.e.h...@gmail.com on 11 Jul 2013 at 9:34
gandres / pwm

PWM doesn't update profile field #424
