Add user to acs 3.2 with csutil -i file

Similar Messages

• Add user in ACS with limited access

  Dear
  I have low experiance with cisco ACS
  So kindly i need help to add user to The ACS which has limited access to my network Switches ( As Show only not to change configuration )
  Also how to take backup for the ACS Database
  Thanks,

  Hi,
  Search about command authorization in the AAA section, you'll get ample information about it, i.e., on how to configure network devices so that you can allow certain users on ACS to have limited and certain user to have full access.
  About taking a backup, that is pretty simple.
  System Configuration > ACS Backup > Backup Now.
  And you have a latest backup from ACS.
  Regards,
  Prem

• Failed to authenticate user to ACS 5.1 with LDAP as external identity storage

  Hi ,  I have an ACS and Open-LDAP server running on my company network.
  Now, I 'm setting up a new linksys WAP-54G and choose WPA2-Enterprise option with ACS as the radius server.
  first thing first, I created new internal user on ACS, and trying to join the wireless network from my computer. I made it....
  then, I'm moving on external entity (LDAP Server). I've set up the LDAP configuration and identity sequence, also select it on access service.  but when I tried to authenticate from my computer, an error was occurred. I received : 
  the following error 22056 Subject not found in the applicable identity store (s)
  Wonder 'bout this thing, I set up a cisco 1841 router to become AAA client. and surprisingly... it works !!!
  so, is there any problem to authenticate from windows platform to ACS (pointing to LDAP) ?  
  any suggestion ?
  thanks

    This is the log when using windows 7 as authentication client (Failed) :
  Steps
  11001  Received RADIUS  Access-Request
  11017  RADIUS created a new session
  Evaluating Service Selection Policy
  15004  Matched rule
  15012  Selected Access Service - Default Network  Access
  11507  Extracted  EAP-Response/Identity
  12500  Prepared EAP-Request proposing EAP-TLS with  challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an existing  session
  12301  Extracted EAP-Response/NAK requesting to use  PEAP instead
  12300  Prepared EAP-Request proposing PEAP with  challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an existing  session
  12302  Extracted EAP-Response containing PEAP  challenge-response and accepting PEAP as negotiated
  12318  Successfully negotiated PEAP version  0
  12800  Extracted first TLS record; TLS handshake  started.
  12805  Extracted TLS ClientHello  message.
  12806  Prepared TLS ServerHello  message.
  12807  Prepared TLS Certificate  message.
  12810  Prepared TLS ServerDone  message.
  12305  Prepared EAP-Request with another PEAP  challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an existing  session
  12304  Extracted EAP-Response containing PEAP  challenge-response
  12318  Successfully negotiated PEAP version  0
  12812  Extracted TLS ClientKeyExchange  message.
  12804  Extracted TLS Finished  message.
  12801  Prepared TLS ChangeCipherSpec  message.
  12802  Prepared TLS Finished  message.
  12816  TLS handshake succeeded.
  12310  PEAP full handshake finished  successfully
  12305  Prepared EAP-Request with another PEAP  challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an existing  session
  12304  Extracted EAP-Response containing PEAP  challenge-response
  12313  PEAP inner method started
  11521  Prepared EAP-Request/Identity for inner EAP  method
  12305  Prepared EAP-Request with another PEAP  challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an existing  session
  12304  Extracted EAP-Response containing PEAP  challenge-response
  11522  Extracted EAP-Response/Identity for inner  EAP method
  11806  Prepared EAP-Request for inner method  proposing EAP-MSCHAP with challenge
  12305  Prepared EAP-Request with another PEAP  challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an existing  session
  12304  Extracted EAP-Response containing PEAP  challenge-response
  11808  Extracted EAP-Response containing EAP-MSCHAP  challenge-response for inner method and accepting EAP-MSCHAP as  negotiated
  Evaluating Identity Policy
  15006  Matched Default Rule
  15013  Selected Identity Store -
  22043  Current Identity Store does not support the  authentication method; Skipping it.
  24210  Looking up User in Internal Users IDStore -  xxxxx
  24216  The user is not found in the internal users  identity store.
  22016  Identity sequence completed iterating the  IDStores
  22056  Subject not found in the applicable identity  store(s).
  22058  The advanced option that is configured for  an unknown user is used.
  22061  The 'Reject' advanced option is configured  in case of a failed authentication request.
  11815  Inner EAP-MSCHAP authentication  failed
  11520  Prepared EAP-Failure for inner EAP  method
  22028  Authentication failed and the advanced  options are ignored.
  12305  Prepared EAP-Request with another PEAP  challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an existing  session
  12304  Extracted EAP-Response containing PEAP  challenge-response
  12307  PEAP authentication failed
  11504  Prepared EAP-Failure
  11003  Returned RADIUS Access-Reject
  This is the log when using 1841 router as authentication client (succeded)  :
  Steps
  11001  Received RADIUS  Access-Request
  11017  RADIUS created a new session
  11049  Settings of RADIUS default network will be  used
  Evaluating Service Selection Policy
  15004  Matched rule
  15012  Selected Access Service - Default Network  Access
  Evaluating Identity Policy
  15006  Matched Default Rule
  15013  Selected Identity Store -  LDAPyyyy
  24031  Sending request to primary LDAP  server
  24015  Authenticating user against LDAP  Server
  24022  User authentication  succeeded
  22037  Authentication Passed
  22023  Proceed to attribute  retrieval
  22038  Skipping the next IDStore for attribute  retrieval because it is the one we authenticated against
  24210  Looking up User in Internal Users IDStore -   xxxxx
  24216  The user is not found in the internal users  identity store.
  22016  Identity sequence completed iterating the  IDStores
  Evaluating Group Mapping Policy
  Evaluating Exception Authorization  Policy
  15042  No rule was matched
  Evaluating Authorization Policy
  15006  Matched Default Rule
  15016  Selected Authorization Profile - Permit  Access
  11002  Returned RADIUS Access-Accept
  I realized that Windows is using PEAP-MSCHAPv2 while Router is using PAP-ASCII as it's protocol.
  so now, why PEAP-MSCHAPv2 can't authenticate to LDAP ?
  is there anything I can do to make it work ?

• Configuring Cisco ACS 5.1 with Juniper Netscreen Firewall wit Radius & Tacacs+

  Hello,
  Can anybody tell me the step-by-step configuration of Cisco ACS 5.1, to configured it with Juniper Netscreen Firewall for radius & tacacs+ authentication and authorization?
  I am able to configure this with Cisco ACS 4.2 with customise VSA file but can't understand how to configure it on ACS 5.1.
  Thanks in Advance.

  Hi Eduardo,
  Can you tell me how to map ACS 4.2?
  service=junos-exec
  local-user-name=Engineering
  Into the new "shell profiles" on ACS 5.2? How do I verify these attributes are passed onto ACS 5.2? I don't have access to a sniffer or tap nor do I have writes on this box. I have to instruct our systems folks to investigate. It has been a back and forth battle.
  Also, I'd like to see where I'd map this on ACS 5.2.  Keep in mind in both cases I have a JUNOS config mapping to a login user Engineer and operations respectively.
  local-user-name=opertions
  allow-commands=((^ping *)|(^mtrace *)|(^traceroute *)|(^monitor *))
  deny-commands= ((^start *)|(^file delete *)|(^file rename *)|(^request *)|(^set cli restart-on-upgrade *)|(^set cli prompt *)|(^set chassis *)|(^set date *)|(^test *)|(^clear *)|(^op *))

• Add users to group with file

  So I am following power-shell script that I see online.
  I am trying to add 2 users (as a test for now) from a csv file into an AD group.
  The AD group name is "IMAllow"
  I created a file called AddUsersToGroup.ps1 that I am running on windows power-shell.
  The file contents are below
  # Add User to a Group - PowerShell Script
  Import-module ActiveDirectory
  Import-CSV "C:\Scripts\Users.csv" | % {
  Add-ADGroupMember -Identity IMAllow -Member $_.UserName
  And my file with users is called "Users.csv"
  wahidta
  indenga
  I get the following error
  Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument
  that is not null or empty and then try the command again.
  At C:\Users\zzwahidta\Scripts\AddUsersToGroup.ps1:7 char:44
  + Add-ADGroupMember -Identity IMAllow -Member <<<<  $_.UserName
      + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
      + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGrou
     pMember

  Get-Help Add-ADGroupMember or http://technet.microsoft.com/en-us/library/ee617210.aspx
  $creds = Get-Credential
  Add-ADGroupMember -Identity IMAllow -Member $_.UserName -Credential $creds
  I hope this post has helped!

• Integrating UCCX with Presence - Unable to Add Users to Contacts List

  Hi,
  I'm trying to integrate UCCX with Presence via the Desktop Administrator. I have created an enduser (LDAP Sync) and assigned the user a Service Profile which includes the Directory UC Service for LDAP, have tried both LDAP and GC configuration.
  I can make the connection the Presence Cluster, validation works. However I'm hitting the "CDAUI2067 Search did not complete successfully, and only partial results are displayed. Contact technical support." When trying to add users to the Contact List. Seems like the BUG ID CSCtg94342? However there is no reference to this bug id for UCCX 10.0 only 7.1
  Has anyone successfully integrated UCCX 10 with IMP10? If so, please advise the UC Service/Profile configuration for the End User.
  Thanks
  Ben

  Hi Ben,
  when configured Client type CAD, I didn't uncheck Version Check Required.
  Now I can complete configuration in Cisco Desktop Administration, but when I try to login with CAD client I cannot login to the Presence server - the following message appears:
  "An error has occurred communicating with the Cisco Unified Presence Service.
  The application will automatically continue attempting to connect."
  In log file I found the following "2014-12-05 09:24:23:450 ERROR STD2001 Client <SawConnectionManager> failed to connect to any service." instead of eg. "INFO STD2004 Client <SawConnectionManager> connected to service at <cup1.dcloud.cisco.com>."
  Does anybody have any idea what could be the problem?
  Thanks,
  Milan

• Implementing max user sessions settings for TACACS with ACS 5.3

  I'm a little confused about the configuration of max user sessions for device administration with TACACS.
  When I've changed the configutration of unlimited sessions for a value in Access Policies > Max User Session Policy > Max Session User Settings
  I think this value could limit the maximum number of sessions for each user, but instead this value limit in a global meaning all of my sessions.
  For example: I need to limit the session for my users in 2.
  user1 = Max 2 sessions
  user2 = Max 2 sessions
  user3 = Max 2 sessions
  Whe i Put the value of 2 in Max Session User Settings
  user1 + user2 + user3 = Max 2 sessions
  This is a limitation of ACS 5.3 or my configuration needs something aditional.

  Luis,
  Are you saying that when you authenticate with user1 and user 2 that user3 isnt able to get access?
  Do you have tacacs accounting enabled on the network access device?
  Also what do you have configured for the group settings? If there is a maximum group setting and all the users are a member of the same group then the lesser of the two will be enforced. So if the group max sessions is set to 1 then the all users in that group will have a max session of 1.
  Here is some reference material.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1162177
  Thanks,
  Tarik Admani

• ACS 5.x with either AD or RSA Authentication depending on user

  I am trying to implement RSA two-factor authentication for our company for access to secure resources.
  Our current setup before we had RSA, due to PCI restrictions, was based on AD group membership but was still extremely restrictive on even our admin users to ensure that no secure resources could be accessed without two-factor authentication.
  I do not want to have to enable RSA tokens for our entire company - but I would like to be able to allow admins the ability to connect from the outside with two-factor authentication and have access to secure resources in an emergency.
  We have less than ten people that require elevated access privileges so my hope is to enable RSA only for those ten users, and leave the rest of the accounts authenticating normally against AD.
  I cannot figure out how to configure this.  With ACS 4.x such a policy would be simple - just create the user on ACS and point to the Identity Store that I want to authenticate against.  Not as easy with 5.x
  I tried creating an rules based selection for Identity policy, making RSA the first one, configuring it to drop if no users is found, and configuring the RSA to treat user rejects as user not found.  This broke VPN completely.
  From what I can tell it seems like ACS really wants me to choose an Identity store based on the NDG - but in this case it will always be our same ASA VPN device.
  Anyone know how to accomplish this?
  I am running 5.4 with the latest patches.

  Hope you're well!
  I am facing some access issue after completed the ACS (5.1) and AD (Windows 2003) integration, details underneath.
  Enable password for (Router, Switches) is working fine if identify source is "Internal Users", unfortunately after completed the integration between ACS to MS AD, and change the Identity source to "AD1" I got the following result
  1. able to access network device (cisco switch) using MS AD username and password via SSH/Telnet.
  2. Enable password is not working (using the same user password configured in MS AD.
  3. When I revert back and change the ACS identity source from "AD1" to "Internal Users" enable password is working fine.
  Switch Tacacs Configuration
  aaa new-model
  aaa authentication login default none
  aaa authentication login ACS group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec ACS group tacacs+ local 
  aaa authorization commands 15 ACS group tacacs+ local 
  aaa accounting exec ACS start-stop group tacacs+
  aaa accounting commands 15 ACS start-stop group tacacs+
  aaa authorization console
  aaa session-id common
  tacacs-server host 10.X.Y.11
  tacacs-server timeout 20
  tacacs-server directed-request
  tacacs-server key gacakey
  line vty 0 4
   session-timeout 5 
   access-class 5 in
   exec-timeout 5 0
   login authentication ACS
   authorization commands 15 ACS
   authorization exec ACS
   accounting commands 15 ACS
   accounting exec ACS
   logging synchronous
  This is my first ACS - AD integration experience, hoping to fix this issue with your support, thanks in advance.
  Regards,

• User move with CSutil

  How can I move a user account from one group to another using CSutil utility?
  Does syntax like that will do that:
  UPDATE:user1:CSDB:user1_password:PROFILE:2
  Does it changes only a group and will do no changes in user account (used time; time quota; etc.)?
  Juris

  One caveat with csutil is that the password will be reset - you can not change the group without affecting the password. If you know the passwords of each account to be moved, you won't have a problem. But on existing accounts where users havce changed their original password, you will have a problem.
  I would suggest you look into using the CSDBSync capability which is similar to CSUtil, but has many more capabilities and is just as easy to use, once it has been set up.
  Set up processes are in the user guide and work very well.

• Active Directory and 10.8 Server: Can't add users

  I would be most appreciative of any help you folks can give a Mac user at a predominantly Windows/MS/Exchange Tier I university.
  I bought a MacMini to act as the departmental File server to allow a granular level of permissions on folders for faculty, administration, residents and students. The students and residents rotate in yearly or for 2 years at a time.
  The problem has become when I try and add users from the IT ActiveDirectory domain. The IT folks set-up the DNS, gave it a static IP address etc. all correctly.
  The MacMini was also bound to AD in Sys Prefs > Users & Groups > Login Options > Network Account Server to the domain.
  There are over 200,000 users in the university system. When I try and search for a user in the Users sidebar it pulls up a completely random list of users and lists "500+ users" next to the buttons. When I try and search for a user, invariably it fails. Furthermore, there is the term "Not Allowed" next to the names of all the random AD users.
  What am I doing wrong?
  The Sys Admin guy I spoke with said the only way he could figure it out was to go to Groups sidebar, create a new group and add the user that way.
  The whole premise for this is to allow the users the same login ID and PWD they do for every other service on campus. That's it. I then want to be able to control folder permissions directly on the MacMini. Is this possible or do I need to use Open Directory in conjunction with AD?
  Any help for this formerly Apple Power User would be greatly appreciated.
  Thanks folks.

  Hi
  This is a Jabber-ism I think.
  You get this if you are using UDS and the users you are trying to add aren't CUPS-enabled.
  You probably also get it if the users are from LDAP and aren't CUPS enabled.
  CUPC by comparison allows manual contact creation as well as adding of non CUPS people.
  Regards
  Aaron

• Duplicate user account in multiple domain with samaccountname

  I have list of users in CSV file and I have 4 domain in my single forest.
  I wanted to all users mentioned in CSV are also exist in other child domain or not..
  if exist same account name then I need output..
  I am trying below command but its not giving me required information from all domain:
  Import-csv user.csv | foreach {get-aduser $_.samAccountName -properties SamAccountName | select name,SamAccountName}
  Please help me or guide me to get duplicates account with same samaccountname

  If I understand correctly, you're taking the users listed in user.csv and using Get-ADUser to see if the user exists.
  If they do exist you would expect an ADUser object, and if they don't you would expect an ADIdentityNotFoundException.
  That said, you're not capturing the output of Get-ADUser. I would add found users to an array and then once I've checked all the users in the CSV I would create all the accounts that are not in the array. Alternatively inside the foreach I would add users
  that don't exist and then deal with the duplicates afterwards. Careful when running the script again, you'll find all the users will have duplicates!
  Jason Warren
  @jaspnwarren
  jasonwarren.ca
  habaneroconsulting.com/Insights

• How to add a new field in MM01, with say contaminent  as a field?

  How to add a new field in MM01, with say contaminent  as a field? I process that i know is i has to go the user exit and check out the three user exits that are available for MM01 after that what i have to do please can any one help me out with the procedure to proceed?

  Hai      venkateshwar reddy ,
  try with these user exits
  MGA00001 Material Master (Industry): Checks and Enhancements
  MGA00002 Material Master (Industry): Number Assignment
  MGA00003 Material Master (Industry and Retail): Number Display
  Refer these steps also
  http://sap.ittoolbox.com/groups/technical-functional/sap-r3-dev/screen-exit-on-mm01-mm02-mm03-322717#

• HELP: I can no longer add users to my external hard drives

  Sorry for the duplicate, someone hacked my other account.
  So here's the skinny, I was following some instructions on here to remove the "unknown user" from the list of users that was attached to my Hard Drives.
  Path: System Preferences/Users and Groups/Login Options/Join/Open Directory Utility/Directory Editor.
  Under Users from the pulldown I deleted "Unkown User" Now I am unable to add users to any of my external hard drives via Sharing under System preferences. When I click the + it will let me select a user, but when I click the select button it will not add that user to the list. It remains blank.
  I've tried reformatting one of the hard drives, and a re-boot. Still am unalbe to add users.
  Please help!

  here is a copy of the disc utility log....laila is the name of the extrenal hd i was able to use successfully last.
  2012-07-04 08:10:34 -0400: Disk Utility started.
  2012-07-04 08:17:58 -0400: Preparing to erase : “LAILA”
  2012-07-04 08:17:58 -0400:           Partition Scheme: Master Boot Record
  2012-07-04 08:17:58 -0400:           1 volume will be created
  2012-07-04 08:17:58 -0400:                     Name                    : “LAILA”
  2012-07-04 08:17:58 -0400:                     Size                    : 160.04 GB
  2012-07-04 08:17:58 -0400:                     File system          : MS-DOS (FAT)
  2012-07-04 08:17:59 -0400: Unmounting disk
  2012-07-04 08:18:02 -0400: Creating the partition map
  2012-07-04 08:18:03 -0400: Waiting for the disks to reappear
  2012-07-04 08:18:03 -0400: Formatting disk3s1 as MS-DOS (FAT) with name LAILA
  2012-07-04 08:18:04 -0400: 512 bytes per physical sector
  /dev/rdisk3s1: 312505472 sectors in 4882898 FAT32 clusters (32768 bytes/cluster)
  bps=512 spc=64 res=32 nft=2 mid=0xf8 spt=32 hds=255 hid=2 drv=0x80 bsec=312581806 bspf=38148 rdcl=2 infs=1 bkbs=6
  2012-07-04 08:18:04 -0400: Mounting disk
  2012-07-04 08:18:06 -0400: Erase complete.
  2012-07-04 08:18:06 -0400:
  2012-07-11 15:48:08 -0400: Disk Utility started.
  2012-07-11 15:48:42 -0400: Eject of “Unattached Disk Image” succeeded
  2012-07-11 15:48:42 -0400: Eject of “Flash Player” failed
  2012-07-11 15:59:10 -0400: Disk Utility started.
  2012-07-11 16:00:51 -0400: Disk Utility started.
  2012-07-11 16:02:19 -0400: Disk Utility started.
  2012-07-12 23:22:04 -0400: Disk Utility started.
  2012-07-13 09:13:52 -0400: Disk Utility started.
  2012-07-13 09:20:22 -0400: Disk Utility started.
  2012-07-13 09:45:11 -0400: Disk Utility started.
  ===== Friday, July 13, 2012 9:47:15 AM Eastern Daylight Time =====

• Add User to Group Behavior

  Hi all
  I found
  this post that explains the same issue I'm having, but the marked answer isn't relevant to my environment. I've built a user creation runbook, using 2012 R2 and this
  Active Directory Integration Pack. Everything works properly, except I'm getting strange security log events when using the Add User to Group activity.
  In one of the tests, I added a single user that was being created to about 100 different groups. Let's say one group has 50 members. When the user gets added to that group, the security audit shows that 50 users were removed from the group, and then those
  50 users were added back plus my new user. It shows this activity for every group that the user was added to. I get the following two actions for every member of the group:
  Member '-' was removed from 'Domain\Group' by 'Domain\User' on...
  Member 'DN of Member' was added to 'Domain\Group'...
  This is a problem because it makes our audit reports and notifications worthless since we'd have to read through all the noise to see an actual anomaly. I'm also concerned that if users are actually being removed and re-added to those groups, that there
  could be some consequences of that that we aren't seeing yet (i.e. application access interruptions, or what if the connection to AD is lost after removing the users but before adding them back in). Although I should say I'm not convinced that the users are
  actually being removed because as you can see above, no member information is recorded on the removal, and all the removals and additions have the same exact time stamp meaning they occurred within 1 second, which seems pretty fast given that some of our groups
  are large.
  Is this the intended behavior of the Add User to Group activity? If so, is there a workaround I can use to avoid this behavior? The next thing I'll try is using PowerShell to add the user to the group, but this option isn't ideal since the runbook will be
  managed by users who are not that familiar with scripting, so I'd like the solution to contain as little as possible.
  Thanks

  Hi,
  the issue of the AD IP 7.0 is reported here 
  http://social.technet.microsoft.com/Forums/de-DE/eef9cdda-774f-4b95-bd89-aa3f86feee9b/ad-integration-pack-add-user-to-group-activity-problem?forum=scoscip
  Try the up-to-date Version 7.2
  http://www.sc-orchestrator.eu/index.php/scoblog/115-updated-system-center-2012-r2-orchestrator-integration-packs-available
  Regards,
  Stefan
  www.sc-orchestrator.eu ,
  Blog sc-orchestrator.eu

• Calendar Server - Unable to add users

  When I try to add users to a node I get an error message like:
  Working please wait...
  unidsattach failed, see /users/unison/log/unidsattach.log, Error Code =
  0x13205
  Add user [uid=ttesting,o=Airius.com] to node: failed
  Add user(s) to node completed.
  <P>
  This means that the Calendar Server is unable to communicate
  properly with the Directory Server. There are some Calendar-specific
  entries and an ACI that are added to the Directory Server when a node is
  created. These are critical to the proper functioning of the Calendar
  Server. This error may mean that they are missing.
  <P>
  You can also check the access log file of the Directory server to see what
  the problem may be. If you see entries like:
  [27/Jan/1999:07:39:47 -0500] conn=1 op=2 SRCH base="o=Airius.com" scope=2 filter="(nsc
  alxitemid=15000:00001)"
  [27/Jan/1999:07:39:47 -0500] conn=1 op=2 RESULT err=0 tag=101 nentries=0
  This indicates that 0 entries were returned for the search on the SYSOP
  Calendar user.
  <P>
  If you have recently imported data into your Directory Server, it is likely
  that these entries no longer exist. An import to a Directory Server does
  not append data; it replaces the current directory with the data in the
  LDIF file being loaded. You will need to recreate this Calendar information.
  Export your directory to an LDIF file and review the output to see if these
  entries exist.
  <P>
  Here is a boilerplate that may be useful if you don't have a backup copy
  of the original LDIF. Try replacing the baseDN (o=Airius.com) and the node
  id (15000) to match your Calendar configuration. The password is "password".
  The following is for illustration purposes and may not fix all problems:
  aci: (target ="ldap:///o=Airius.com")(targetattr = "*")(version 3.0
  ; acl "Untitled"; allow (write, add , delete ) groupdn = "ldap:///cn=Cal-A
  dministrators-15000, o=Airius.com" ;)
  dn: cn=Cal-Administrators-15000, o=Airius.com
  cn: Cal-Administrators-15000
  objectclass: top
  objectclass: groupofuniquenames
  uniquemember: nsCalXItemId=15000:00001, o=Airius.com
  uniquemember: nsCalXItemId=15000:00002, o=Airius.com
  uniquemember: nsCalXItemId=15000:00003, o=Airius.com
  uniquemember: nsCalXItemId=15000:00004, o=Airius.com
  uniquemember: nsCalXItemId=15000:00005, o=Airius.com
  uniquemember: nsCalXItemId=15000:00006, o=Airius.com
  creatorsname: uid=admin,o=Airius.com
  modifiersname: uid=admin,o=Airius.com
  createtimestamp: 19980501140113Z
  modifytimestamp: 19980501140113Z
  dn: nsCalXItemId=15000:00001, o=Airius.com
  objectclass: top
  objectclass: nsCalAdmin
  nscalxitemid: 15000:00001
  sn: SYSOP
  userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
  creatorsname: uid=admin,o=Airius.com
  modifiersname: uid=admin,o=Airius.com
  createtimestamp: 19980501140114Z
  modifytimestamp: 19980501140114Z
  dn: nsCalXItemId=15000:00002, o=Airius.com
  objectclass: top
  objectclass: nsCalAdmin
  nscalxitemid: 15000:00002
  sn: CWSOP
  userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
  creatorsname: uid=admin,o=Airius.com
  modifiersname: uid=admin,o=Airius.com
  createtimestamp: 19980501140114Z
  modifytimestamp: 19980501140114Z
  dn: nsCalXItemId=15000:00003, o=Airius.com
  objectclass: top
  objectclass: nsCalAdmin
  nscalxitemid: 15000:00003
  sn: STREAMOP
  userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
  creatorsname: uid=admin,o=Airius.com
  modifiersname: uid=admin,o=Airius.com
  createtimestamp: 19980501140114Z
  modifytimestamp: 19980501140114Z
  dn: nsCalXItemId=15000:00004, o=Airius.com
  objectclass: top
  objectclass: nsCalAdmin
  nscalxitemid: 15000:00004
  sn: FOREIGN
  userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
  creatorsname: uid=admin,o=Airius.com
  modifiersname: uid=admin,o=Airius.com
  createtimestamp: 19980501140114Z
  modifytimestamp: 19980501140114Z
  dn: nsCalXItemId=15000:00005, o=Airius.com
  objectclass: top
  objectclass: nsCalAdmin
  nscalxitemid: 15000:00005
  sn: SYNCH
  userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
  creatorsname: uid=admin,o=Airius.com
  modifiersname: uid=admin,o=Airius.com
  createtimestamp: 19980501140114Z
  modifytimestamp: 19980501140114Z
  dn: nsCalXItemId=15000:00006, o=Airius.com
  objectclass: top
  objectclass: nsCalAdmin
  nscalxitemid: 15000:00006
  sn: HOLIDAYOP
  userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
  creatorsname: uid=admin,o=Airius.com
  modifiersname: uid=admin,o=Airius.com
  createtimestamp: 19980501140114Z
  modifytimestamp: 19980501140114Z

  Probably in the next couple of weeks, we are releasing beta-2.
  Kumar
  Jim Clark wrote:
  >
  thanks, how often is there a beta refresh?
  Jim
  "Kumar Allamraju" <[email protected]> wrote in message
  news:[email protected]..
  Jim,
  I do not see this problem in the latest source line.
  Probably I'm running a WLS server that is slightly newer than the beta,
  so maybe
  some things might have been fixed.
  Kumar
  Jim Clark wrote:
  I was able to add users and groups through the "console" app, but I was
  unable to add users to the groups. After I added a user "jim" and a
  group
  "clark", I tried adding "jim" to the "clark". It just said "Addeduser...",
  and this, "Members: (none)".
  Jim