Cannot add users to a mapped third party group

Similar Messages

• Cannot add users to mapped third party group

  when i try to add a user to a group i get the following message
  "cannot add users to mapped third party group"

  If a group was mapped in via AD/LDAP/SAP then the users must be added in the 3rd party (AD/LDAP/SAP) you cannot create members inthe CMC. This is by product design. If you want to add members to groups in the CMC they must be enterprise groups only (groups created in the CMC not mapped in from 3rd parties).
  Regards,
  Tim

• Cannot Add user to CMC Group when they are a member of LDAP group

  On PreProduction Server CMC
  Softerra LDAP browser used to verify user is a member of LDAP group
  User does not show as a member of that group in the CMC
  Cannot add user to LDAP group showing in CMC, the same group shows the member in LDAP browser
  On Production Server CMC
  For kicks I logged into the CMC on Production and I found the user is correctly showing as a member of the Group
  Why doesn't the groups in CMC show what is actually showing in the LDAP browser?

  Hi,
  Check if you have also mapped in both servers the same groups. It might be that there are some groups missing in the Pre-prod.
  Also, try restarting the CMS. I have seen similar issues that are solved after forcing the recreation of the graph.
  If after the restart you still can't see the groups, check the mapping on the LDAP server. It might be that both servers do not use the same attribute mappings.
  Regards,
  Julian

• Cannot add user to group eventhough i have full access

  i cannot add users to groups in subsite even i am in the owners group of the subsite

  Check the settings of the group itself.  By default the only person who can add users to a group is the person who created the group.  I normally change the group settings so the group is owned by the Site collection root site owners group.  That
  way any of those users can modify the membership of the group.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Cannot add users to Calendar Server

  Cannot add users to Calendar Server
  <P>
  You may get the following error when you try to add users to a new
  installation of Calendar Server 3.0:
  <P>
  Could not bind as [nsCalXItemId=10000:00001, o=Ace Industry,c=US].<br>
  Create ObjectClass for user [cn=John Doe, o=Ace Industry, c=US]... failed.
  <P>
  This is an inconsistent problem that we are trying to duplicate on a
  regular basis. There are a few solutions:
  <P>
  1) Create another node. This seems to work every time.<br>
  2) Deinstall the Calendar Server completely and reinstall. Be VERY
  careful of the Directory Server URL definition.

  What printer model is it? I ask, because often manufacturers provide USB-only drivers for USB-only printers - for Macs, that is. In other words, if you know about CUPS from using Macs and linux, the manufacturers actually provide drivers with the comm protocol built-in, rather than make use of the USB "backend" available from CUPS. These are called "monolithic" drivers - they don't follow the unix/linux/CUPS concept of making use of already-provided modules.

• Error: "LDAP Synch status is enabled. Cannot add users through BAT."

  In 10.x it looks like Cisco has disallowed user imports (via BAT) into LDAP-integrated systems.  Has anyone else run into this?  Below is the error I'm receiving in the Job Status log file.  The error implies that "it's a feature, not a bug".  How are large companies supposed to import new phones/users when they open new branches or do a phone refresh?  Breaking LDAP to do the import isn't a option because you have to blow away your LDAP directory config to do so - not to mention people wouldn't be able to log into Jabber or their user pages while it was broken.  I'm hoping someone has a workaround or has already spoken with TAC about this.   
  Failure Details :
  Device Name/User ID Error Code Error Description
  LDAP Synch status is enabled. Cannot add users through BAT.
  Result Summary :
  INSERT for 0 PHONES passed.
  INSERT for 5 PHONES failed.
  INSERT for 0 USERS passed.
  INSERT for 5 USERS failed.

  So if a company has a large CUCM deployment and adds another branch (let's say 100 phones/users), I would have to go user by user and do the phone associations, profile associations, primary extensions, etc 100 times? 
  Is there a better way that I'm missing?  That just doesn't seem logical.  In previous versions (I'm not sure about 6.x in the link.  I started with 7.x) I could have sworn that I could import from BAT even if LDAP was integrated.  I would get an error and only the non-LDAP fields would get changed, but the changes, associations, etc. would still go through.

• Cannot add user

  Just upgraded from Snow Leopard Server to Mountain Lion Server.  Running into a few issues that I can't resolve.
  1.  Updated wiped out my Users.  Cannot add a User becuase the "+" is grayed out, same for groups.  All I see are my local users which I can edit.
  2.  Cannot connect remotely to the server using the Server.app, seems to be rejecting the password even though the same credentials gets me logged in to the Server.app running on the server.

  Please restart first and afterwards tell me about your setup.

• Cannot add Users to Groups

  Hi there,
  I cannot add any users to any groups in the last week. This occurs only with the Server app.  In Workgroup Manager I can, but the group membership do not appear when I open the Server app.  I have tried to do this through the individual user page or through the group page.  Each time I get the following message "Operation is not supported by the directory node."
  Suggestions?
  Thanks
  Mitch

  Small correction.  Also cannot add group in Workgroup Manager.  The error is "This action failed because an Open Directory plugin has not implemented that functionality yet."
  Mitch

• Cannot add users to the Calendar Node error 0x13209

  I cannot add new users to the Calendar node. I am receiving error 0x13209. Any advice??

  You cannot add a user to a SAP group, create an enterprise user group and add both SAP group and AD user to that.

• Cannot create data source using custom third-party driver

  Hi,
  I've just installed Weblogic Server 10.3.6 and I'm getting problems creating a generic data source using my own third party jdbc driver which I had no problems doing in Weblogic Server 10.0; this is what I did in 10.0;
  before starting server i put my driver jar file (and any jar files it needed) in the lib folder of the domain user project which weblogic appends to the classpath during server startup
  inside weblogic console -
  1. first page - provided a data source name and jndi name and selected 'other' for database type
  2. second page - selected 'other' for jdbc driver
  3. third page - deselected the global transactions
  4. fourth page - provided database name, username, host name, port, and password.
  5. fifth page - provided driver class, url, database user name and password (didn't bother with the test)
  6. Selected target server
  I then saved and activated changed and was done.
  This what I did for 10.3.6
  did the same thing I did for 10.0 before server start up
  inside weblogic console -
  1. first page - provided data source name and jndi name and selected 'other' for database type
  2. second page - selected 'other' for jdbc driver
  3. third page - deselected the support global transactions
  4. fourth page - here's where things are different - page only asked for database username and password, which I give.
  One this page I get a criptic error saying 'errors must be corrected before proceeding' - no other message as to what these errors might be either in the console or the cmd window of the server. I tried making changes to the provider authenticiation of the security realm but no luck. I tried following password creation requirements, I even tried proceeding to the next page without entering anything on this page, all no luck. I have no idea what's going on.
  Hope someone can help.
  Sam.

  I've fixed the class issue but am struggling a bit with SQL Server authentication. I'm running in mixed mode (originally set to Windows authentication but I've modified the security setting), I've enabled TCP/IP and Named Pipes, I've created a user (who I can log in to SQL Server Mgmt Studio successfully with), but still get a connection refused error.
  Any insight? Thanks.

• Cannot add user to workspace

  Dear,
  I cannot add the below user
  Email First Name Last Name uid Status
  [email protected] Devanath Desikan ddesikan Verified
  to the workspace: https://beehiveonline.oracle.com/teamcollab/overview/PMI_Benelux_Day_Workspace
  The above user is the only one who's UID is not equal to the email address.
  Your help will be appreciated.
  Kind regards
  Francis

  Phil,
  thanks for this, but the user was not able to log on.
  Created a new user ID using another email from him.
  this time it worked.
  It seems that modifying the login_id to his email address does not work. I had similar problems with my private logon id in the past. I also had to create a new Oracle ID using another email address.
  But this can be closed since we used a workaround.
  Kind regards
  Francis

• Cannot add users to new domains anymore

  I got messaging server and delegated admin to work just fine recently until I tried getting LDAP authentication to work so LDAP users could log into Sunrays.
  I used idsconfig and saw that it added a bunch of stuff to the directory so I deleted that stuff after I realized I couldn't add users to a new domain anymore. It just says "cannot create user - unknown error". I can still add users to old domains just fine.
  And I tried both DA and commadmin, neither work. Heres my Messaging server and DA version:
  Sun Java(tm) System Messaging Server 6.2-3.04 (built Jul 15 2005)
  libimta.so 6.2-3.04 (built 01:43:03, Jul 15 2005)
  SunOS testy.i-n-control.com 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Fire-V440
  Delegated Administrator 6.3-0.09
  I turned on debugging for DA and heres the output:
  TRACE [Wed Aug 02 10:10:47 MDT 2006] Default people container = ou=People,o=domain,dc=mail,dc=example,dc=com
  TRACE [Wed Aug 02 10:10:47 MDT 2006] ServerPushThread: setting stop flag
  TRACE [Wed Aug 02 10:10:47 MDT 2006] commTaskManager: progress thread stopped
  TRACE [Wed Aug 02 10:10:47 MDT 2006] com.iplanet.am.sdk.AMException: Unable to create entry.
       at com.iplanet.am.sdk.ldap.DirectoryManager.processInternalException(DirectoryManager.java:433)
       at com.iplanet.am.sdk.ldap.DirectoryManager.createUser(DirectoryManager.java:1046)
       at com.iplanet.am.sdk.ldap.DirectoryManager.createEntry(DirectoryManager.java:1525)
       at com.iplanet.am.sdk.AMDirectoryManager.createEntry(AMDirectoryManager.java:651)
       at com.iplanet.am.sdk.AMCacheManager.createEntry(AMCacheManager.java:337)
       at com.iplanet.am.sdk.AMObjectImpl.create(AMObjectImpl.java:1009)
       at com.iplanet.am.sdk.AMPeopleContainerImpl.createUser(AMPeopleContainerImpl.java:285)
       at sun.comm.cli.server.servlet.CreateUser.create(CreateUser.java:677)
       at sun.comm.cli.server.servlet.CreateUser.doTask(CreateUser.java:91)
       at sun.comm.cli.server.servlet.commTaskManager.execute(commTaskManager.java:196)
       at sun.comm.cli.server.servlet.commServlet.doPost(commServlet.java:90)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
  TRACE [Wed Aug 02 10:10:47 MDT 2006] After AM Exception , msg being sent is Unable to create entry.^324^NONE
  TRACE [Wed Aug 02 10:10:47 MDT 2006] in CLIPageData constructor:status = 1
  TRACE [Wed Aug 02 10:10:47 MDT 2006] commTaskManager - execute => generateOutput
  TRACE [Wed Aug 02 10:10:47 MDT 2006] In CLIPageGenerator ....
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : cliData.status = 1
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : CLIPageData.OK = 0
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : CLIPageData.FAIL = 1
  TRACE [Wed Aug 02 10:10:47 MDT 2006] Failed: Unable to create entry.^324^NONE
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - Printing successfull results
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - status => FAIL
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - message => Unable to create entry.^324^NONE
  TRACE [Wed Aug 02 10:10:48 MDT 2006] ServerPushThread: done
  TRACE [Wed Aug 02 10:10:48 MDT 2006] ServerPushThread: done
  TRACE [Wed Aug 02 10:10:49 MDT 2006] ServerPushThread: done
  TRACE [Wed Aug 02 10:10:58 MDT 2006] sun.comm.cli.server.servlet.commLDAPAuth: shutting down. Total access count = 1
  Message was edited by:
  nate.wheeler

  Frankly, I'm new to LDAP so I don't know really what
  changed.No time like the present to start learning.
  Its weird, I can do some things, but not
  others. Like I can assign service packages, but not
  change the login id or password of a user. So it
  doesn't look like amadmin can't change things.LDAP provides "ACI", or Access Control settings that can be changed, and create exactly the kinds of things you're looking at.
  The Directory Console can view ACI
  >
  The password encryption seemed to have changed from
  {SSHA} to {CRYPT}. Although I have no idea how to
  switch it back or where to look to see if it did.Unlikely to have made any difference. That should be transparent to the application using DS.
  Most of our applications don't compare the password entry, but attempt a BIND for that very reason.
  Again, I'd be looking at your LDAP access logs for a clue to what's happening.
  >
  Message was edited by:
  nate.wheeler

• Cannot add user throws a error in apex 4.2 of sample demo application admin

  In sample demo of apex 4 which is migrated to apex 4.2 in sample application module in admin section..
  If i add a user
  And at default i dont give a password it throws a error ..
  First go to following link
  [http://apex.oracle.com/pls/apex/f?p=18534:LOGIN:25053108911952]
  and enter user name as admin and pasword as test
  Once when you login click on Tab manage admin user which is on right hand side..
  Now to add a user click on add user button.. add the record and click save..
  It throws a error saying
  1 Error has occured column must have a value..
  How can i remove this error message ? .. Can some one help..
  select
  "USER_ID",
  "USER_NAME",
  "CREATED_ON",
  decode(password, null, 'Set Password', 'Reset Password') rp,
  expires_on,
  admin_user,
  utype
  from "#OWNER#"."DEMO_USERS"
  where user_name != 'ADMIN'
  The above query is used.. and inside it i RP column is culprit since the user has no password..
  Since user has no password it doont save the record.. I checked the table and this column has no not null constraint..
  http://apex.oracle.com/pls/apex/f?p=18534:LOGIN:25053108911952
  Edited by: pauljohny on Nov 27, 2012 12:22 AM
  Edited by: pauljohny on Nov 27, 2012 12:24 AM

  closing the thread its seems working now..Removed some validation issue
  Thanks

• Cannot add users to roles

  I have configured OpenLDAP data store with Access Manager. I can see the users added in LDAP in the Subjects tab of Access Manager, but when I create a role ad try to add users in the role I get the exception
  Plug-in com.sun.identity.idm.plugins.files.FilesRepo: Unable to find entry: C:\Documents and Settings\161101\amserver\idRepo\user\frank
  Can anybody suggest what is problem

  Hi there,
  The reason why you have file repo is because you installed the AM using file repo instead of LDAP.
  Deleting the File Repo configuration for that realm will not affect the configuration part of the AM ( I would still do a backup ... just in case) because the datastore configuration has nothing to do with that. The configuration part of the AM is at the platform level and you have that configured on the configurations tab of the platform. What I'm sugesting is on that specific Realm ( I usually use a different Realm other than the Root realm ... this way I'm sure not to mess it up ) go to the datastores (which is the place where user data is stored and not the configurations (though they might be the same) ) and delete the file datastore configuration (or point it to a different location ... but do not delete the files on the filesystem, because they are still in use by other Realms and the configuration ) .
  Configuration data and User repositories can be configured in different places .... which is what you are now trying to do .... have the conf on the file system and have the users on an LDAP.
  Defenetly do a backup of your stuff ... and if at all possible use a different realm other than the root realm.
  Hope this helps .... and makes any sense !
  Rp

• How to add user from domain A to a group in domain B

  How would you acheive adding a user from domain A to a group that is in domain B via powershell without the Quest cmdlets? I've been trying to figure this out for about a week now. Please let me know if the scripting guy has seen this issue before.
  LittleTech

  Hello jrv,
  Here's what i was trying to do. The two domains im working with have a trust between them.
  1. Create a user in External.Domain.Com
  2. Add the user in External.Domain.Com to GroupOne in ExternalDomain2.Domain.com
  3. The only knowledge that ExternalDomain2.Domain.Com would have about the account in External.Domain.Com is whatever is in the Global Catalog. Here is what im trying, but it isn't working.
  #Connecting to domain PSDrive
  New-PSDrive
  -Name
  ExternalDomain
  -PSProvider
  ActiveDirectory
  -Root
  -Server
  DC01.Domain.com
  cd
  ExternalDomain:
  #Create user
  #Add to ExternalDomain Groups
  $UserDN=Get-ADUser-LDAPFilter"(sAMAccountName=$UserID)"
  #Connecting to domain2 PSDrive 
  cd
  AD:
  $GroupDN="CN=Wireless
  Device Users,OU=Wireless,OU=Systems and Technology,DC=External,DC=Domain2,DC=Com"
  Add-ADGroupMember-Identity$GroupDN-Members(Get-ADObject-Identity$UserDN.DistinguishedName
  -Server"DC01.Domain.com:3268")
  Connecting via port 3268 allows me to talk to the global catalog instead of LDAP.
  I receive the following message: A Referral was returned from the server
  I know that if i connect using [ADSI] i am able to specify that the connection follows referrals, the AD cmdlets seem to not have that function. The Quest AD cmdlets do... I just dont want to have to use third party cmdlets to do what the AD cmdlets should
  be able to do in the first place.
  THanks,
  LittleTech