Cannot add users to new domains anymore

I got messaging server and delegated admin to work just fine recently until I tried getting LDAP authentication to work so LDAP users could log into Sunrays.
I used idsconfig and saw that it added a bunch of stuff to the directory so I deleted that stuff after I realized I couldn't add users to a new domain anymore. It just says "cannot create user - unknown error". I can still add users to old domains just fine.
And I tried both DA and commadmin, neither work. Heres my Messaging server and DA version:
Sun Java(tm) System Messaging Server 6.2-3.04 (built Jul 15 2005)
libimta.so 6.2-3.04 (built 01:43:03, Jul 15 2005)
SunOS testy.i-n-control.com 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Fire-V440
Delegated Administrator 6.3-0.09
I turned on debugging for DA and heres the output:
TRACE [Wed Aug 02 10:10:47 MDT 2006] Default people container = ou=People,o=domain,dc=mail,dc=example,dc=com
TRACE [Wed Aug 02 10:10:47 MDT 2006] ServerPushThread: setting stop flag
TRACE [Wed Aug 02 10:10:47 MDT 2006] commTaskManager: progress thread stopped
TRACE [Wed Aug 02 10:10:47 MDT 2006] com.iplanet.am.sdk.AMException: Unable to create entry.
     at com.iplanet.am.sdk.ldap.DirectoryManager.processInternalException(DirectoryManager.java:433)
     at com.iplanet.am.sdk.ldap.DirectoryManager.createUser(DirectoryManager.java:1046)
     at com.iplanet.am.sdk.ldap.DirectoryManager.createEntry(DirectoryManager.java:1525)
     at com.iplanet.am.sdk.AMDirectoryManager.createEntry(AMDirectoryManager.java:651)
     at com.iplanet.am.sdk.AMCacheManager.createEntry(AMCacheManager.java:337)
     at com.iplanet.am.sdk.AMObjectImpl.create(AMObjectImpl.java:1009)
     at com.iplanet.am.sdk.AMPeopleContainerImpl.createUser(AMPeopleContainerImpl.java:285)
     at sun.comm.cli.server.servlet.CreateUser.create(CreateUser.java:677)
     at sun.comm.cli.server.servlet.CreateUser.doTask(CreateUser.java:91)
     at sun.comm.cli.server.servlet.commTaskManager.execute(commTaskManager.java:196)
     at sun.comm.cli.server.servlet.commServlet.doPost(commServlet.java:90)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
     at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
     at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
     at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
TRACE [Wed Aug 02 10:10:47 MDT 2006] After AM Exception , msg being sent is Unable to create entry.^324^NONE
TRACE [Wed Aug 02 10:10:47 MDT 2006] in CLIPageData constructor:status = 1
TRACE [Wed Aug 02 10:10:47 MDT 2006] commTaskManager - execute => generateOutput
TRACE [Wed Aug 02 10:10:47 MDT 2006] In CLIPageGenerator ....
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : cliData.status = 1
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : CLIPageData.OK = 0
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : CLIPageData.FAIL = 1
TRACE [Wed Aug 02 10:10:47 MDT 2006] Failed: Unable to create entry.^324^NONE
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - Printing successfull results
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - status => FAIL
TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - message => Unable to create entry.^324^NONE
TRACE [Wed Aug 02 10:10:48 MDT 2006] ServerPushThread: done
TRACE [Wed Aug 02 10:10:48 MDT 2006] ServerPushThread: done
TRACE [Wed Aug 02 10:10:49 MDT 2006] ServerPushThread: done
TRACE [Wed Aug 02 10:10:58 MDT 2006] sun.comm.cli.server.servlet.commLDAPAuth: shutting down. Total access count = 1
Message was edited by:
nate.wheeler

Frankly, I'm new to LDAP so I don't know really what
changed.No time like the present to start learning.
Its weird, I can do some things, but not
others. Like I can assign service packages, but not
change the login id or password of a user. So it
doesn't look like amadmin can't change things.LDAP provides "ACI", or Access Control settings that can be changed, and create exactly the kinds of things you're looking at.
The Directory Console can view ACI
>
The password encryption seemed to have changed from
{SSHA} to {CRYPT}. Although I have no idea how to
switch it back or where to look to see if it did.Unlikely to have made any difference. That should be transparent to the application using DS.
Most of our applications don't compare the password entry, but attempt a BIND for that very reason.
Again, I'd be looking at your LDAP access logs for a clue to what's happening.
>
Message was edited by:
nate.wheeler

Similar Messages

  • Cannot add users to Calendar Server

    Cannot add users to Calendar Server
    <P>
    You may get the following error when you try to add users to a new
    installation of Calendar Server 3.0:
    <P>
    Could not bind as [nsCalXItemId=10000:00001, o=Ace Industry,c=US].<br>
    Create ObjectClass for user [cn=John Doe, o=Ace Industry, c=US]... failed.
    <P>
    This is an inconsistent problem that we are trying to duplicate on a
    regular basis. There are a few solutions:
    <P>
    1) Create another node. This seems to work every time.<br>
    2) Deinstall the Calendar Server completely and reinstall. Be VERY
    careful of the Directory Server URL definition.

    What printer model is it? I ask, because often manufacturers provide USB-only drivers for USB-only printers - for Macs, that is. In other words, if you know about CUPS from using Macs and linux, the manufacturers actually provide drivers with the comm protocol built-in, rather than make use of the USB "backend" available from CUPS. These are called "monolithic" drivers - they don't follow the unix/linux/CUPS concept of making use of already-provided modules.

  • Error: "LDAP Synch status is enabled. Cannot add users through BAT."

    In 10.x it looks like Cisco has disallowed user imports (via BAT) into LDAP-integrated systems.  Has anyone else run into this?  Below is the error I'm receiving in the Job Status log file.  The error implies that "it's a feature, not a bug".  How are large companies supposed to import new phones/users when they open new branches or do a phone refresh?  Breaking LDAP to do the import isn't a option because you have to blow away your LDAP directory config to do so - not to mention people wouldn't be able to log into Jabber or their user pages while it was broken.  I'm hoping someone has a workaround or has already spoken with TAC about this.   
    Failure Details :
    Device Name/User ID Error Code Error Description
    LDAP Synch status is enabled. Cannot add users through BAT.
    Result Summary :
    INSERT for 0 PHONES passed.
    INSERT for 5 PHONES failed.
    INSERT for 0 USERS passed.
    INSERT for 5 USERS failed.

    So if a company has a large CUCM deployment and adds another branch (let's say 100 phones/users), I would have to go user by user and do the phone associations, profile associations, primary extensions, etc 100 times? 
    Is there a better way that I'm missing?  That just doesn't seem logical.  In previous versions (I'm not sure about 6.x in the link.  I started with 7.x) I could have sworn that I could import from BAT even if LDAP was integrated.  I would get an error and only the non-LDAP fields would get changed, but the changes, associations, etc. would still go through.

  • Cannot Add user to CMC Group when they are a member of LDAP group

    On PreProduction Server CMC
    Softerra LDAP browser used to verify user is a member of LDAP group
    User does not show as a member of that group in the CMC
    Cannot add user to LDAP group showing in CMC, the same group shows the member in LDAP browser
    On Production Server CMC
    For kicks I logged into the CMC on Production and I found the user is correctly showing as a member of the Group
    Why doesn't the groups in CMC show what is actually showing in the LDAP browser?

    Hi,
    Check if you have also mapped in both servers the same groups. It might be that there are some groups missing in the Pre-prod.
    Also, try restarting the CMS. I have seen similar issues that are solved after forcing the recreation of the graph.
    If after the restart you still can't see the groups, check the mapping on the LDAP server. It might be that both servers do not use the same attribute mappings.
    Regards,
    Julian

  • Cannot add users to a mapped third party group

    Hi Experts,
    When i try to add my sap groups(SB1~100@xxxx) to my ad users iam getting error as "cannot add users to a mapped thirdparty group.Pls advice how can i add these groups

    You cannot add a user to a SAP group, create an enterprise user group and add both SAP group and AD user to that.

  • Cannot add users to mapped third party group

    when i try to add a user to a group i get the following message
    "cannot add users to mapped third party group"

    If a group was mapped in via AD/LDAP/SAP then the users must be added in the 3rd party (AD/LDAP/SAP) you cannot create members inthe CMC. This is by product design. If you want to add members to groups in the CMC they must be enterprise groups only (groups created in the CMC not mapped in from 3rd parties).
    Regards,
    Tim

  • Cannot add user to group eventhough i have full access

    i cannot add users to groups in subsite even i am in the owners group of the subsite

    Check the settings of the group itself.  By default the only person who can add users to a group is the person who created the group.  I normally change the group settings so the group is owned by the Site collection root site owners group.  That
    way any of those users can modify the membership of the group.
    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

  • Cannot add groups to new users

    1, I add users in WebLogic 11g. However, in the Parent Groups page, I cannot move any groups to the right dropdown list.
    2, I am going to add new users for Oracle SOA Suite worklist. Does anyone know how to do it?

    you need to update and add user in jazn-data.xml file and restart bpel server then you will be able to look up the users using jazn tool
    To assign the credentials navigate to $Oracle_Home\integration\ orabpel\system\appserver\oc4j\j2ee and use the command
    java -jar jazn.jar -adduser jazn.com soauser1 admin123
    RealmLoginModule username: admin
    RealmLoginModule password:
    This will create a user 'soauser1' with password 'admin123'
    update the jazn-data.xml :
    <user>
    <name>soauser1</name>
    <credentials>!admin123</credentials>
    </user>
    This is one way also you can create users using EM console
    Regards,
    Deepa

  • Cannot add users to the Calendar Node error 0x13209

    I cannot add new users to the Calendar node. I am receiving error 0x13209. Any advice??

    You cannot add a user to a SAP group, create an enterprise user group and add both SAP group and AD user to that.

  • RDS 2012 R2 cannot add 3rd party (parent domain) licensing server

    Hi,
    I have a RDS 2012 R2 farm and i cannot add a 3rd party licensing server that is in a parent domain (forest root domain - hosted by our corp HQ). I will edit deployment properties for the deployment in the first CB server to add a licensing server in per
    user mode. Seemes to work, however no licenses are given to SH servers. Have made GPO aswell to explicitly specify licensing server and mode, however i think this should not be neccessary.
    Any ideas?
    This posting is provided "AS IS" with no warranties or guarantees and confers no rights

    Hi,
    Thank you for posting in Windows Server Forum.
    1. In Server Manager -- RDS -- Overview -- Tasks -- Edit Deployment Properties -- RD Licensing tab, please make sure that the Licensing mode is set to match the type of licenses you purchased, and that the FQDN of your RD Licensing server is listed.
    2. In Server Manager -- RDS -- Collections -- <your collection> -- Host Servers, please make sure that your RDSH server is listed.  If you have more than one server with the RDSH Role Service in your deployment make sure that all of them are
    listed.  If they are not you may click Tasks -- Add RD Session Host Servers (make sure the servers are part of the Server Manager server pool prior to this).
    3. On Server 1, please open an Administrator PowerShell prompt and enter the following command:
    Add-WindowsFeature RDS-Licensing-UI
    4. After the above powershell command completes you should be able to open RD Licensing Manager (licmgr.exe) on Server 1 if you need to.  Please note that it is more important to have the licensing configured properly in deployment properties and your
    RDSH servers part of a collection than it is to be able to open RD Licensing Manager on both of your servers. 
    (Above one quoted from beneath thread)
    Source:
    RDS 2012 Can't add a licensing server
    In addition, check below article.
    RD Licensing Configuration on Windows Server 2012
    Hope it helps!
    Thanks.
    Dharmesh Solanki

  • Cannot add user to workspace

    Dear,
    I cannot add the below user
    Email First Name Last Name uid Status
    [email protected] Devanath Desikan ddesikan Verified
    to the workspace: https://beehiveonline.oracle.com/teamcollab/overview/PMI_Benelux_Day_Workspace
    The above user is the only one who's UID is not equal to the email address.
    Your help will be appreciated.
    Kind regards
    Francis

    Phil,
    thanks for this, but the user was not able to log on.
    Created a new user ID using another email from him.
    this time it worked.
    It seems that modifying the login_id to his email address does not work. I had similar problems with my private logon id in the past. I also had to create a new Oracle ID using another email address.
    But this can be closed since we used a workaround.
    Kind regards
    Francis

  • Cannot add Computers to DSfW domain

    We have been running DSfW for a couple of years.
    Recently we found we couldn't add computers to the domain any longer. Also using the MMC all the existing computers are of type mSDSComputer which the team suggest what is normally there.
    Both DSfW servers are running SLES10 sp3 and eDir 8.8sp3
    The logs show the following error:
    Aug 11 19:00:33 dsfw1 xadsd: [NETLOGON] PC02335$ opened secure channel
    Aug 11 19:00:33 dsfw1 xadsd: [NETLOGON] Setting account password for object <cn=PC1234,cn=Computers,dc=company,dc=com>
    Aug 11 19:00:33 dsfw1 xadsd: [NETLOGON] Setting account password failed: Access Denied.
    Googling didn't reveal much useful info.
    Thanks
    Simon

    Hi,
    Thanks for responding.
    Originally Posted by psahukar
    Hi,
    Can you please try creating a computer in MMC as the same user (used for adding the computer into the domain). If the computer creation works then I think the admin rights of that user is fine.
    So I would next doubt on the password policy settings. Have the NMAS password policy settings changed that you know of ?
    Also try creating a user and see how it goes.
    Thanks,
    Praveen Kumar
    Tried adding via MMC - we get an error "Windows cannot create the object because: The requested operation did not satisfy one or more constraints associated with the class of the object"
    I have followed TID 7010319 as we had an issue with ldap groups thinking this may also be the problem. But it doesn't appear to be. Also as mentioned in my OP the item type in MMC is mSDSComputer which appears as an unknown object for all the currently registered computer objects.
    TIA

  • Cannot add user

    Just upgraded from Snow Leopard Server to Mountain Lion Server.  Running into a few issues that I can't resolve.
    1.  Updated wiped out my Users.  Cannot add a User becuase the "+" is grayed out, same for groups.  All I see are my local users which I can edit.
    2.  Cannot connect remotely to the server using the Server.app, seems to be rejecting the password even though the same credentials gets me logged in to the Server.app running on the server.

    Please restart first and afterwards tell me about your setup.

  • Cannot add Users to Groups

    Hi there,
    I cannot add any users to any groups in the last week. This occurs only with the Server app.  In Workgroup Manager I can, but the group membership do not appear when I open the Server app.  I have tried to do this through the individual user page or through the group page.  Each time I get the following message "Operation is not supported by the directory node."
    Suggestions?
    Thanks
    Mitch

    Small correction.  Also cannot add group in Workgroup Manager.  The error is "This action failed because an Open Directory plugin has not implemented that functionality yet."
    Mitch

  • Cant Select Users on New Domain

    I recently added a new domain to the network . I wanted to map the users from the new Domain to have them access my SharePoint 2013 Server .  I mapped the new domain successfully using the user profile service . Profiles seems to have been imported
    without any errors however when I go to my SharePoint 2013 site i'm unable to select any users from the new domain . Only users from the old domain are coming up. I went as far as to delete the old user profile service and create a brand new one pointed to
    the new domain . Still so luck. I restated and reset IIS . I waited a day to see if there was some sort of time delay with the update but still no luck .   My SharePoint Server is on the old domain . What am I doing wrong ?
    My Setup : SharePoint 2013 Enterprise 
    Domain Controller : Windows 2012 Server . 
    IT Consultant

    What form of Domain Trust is between the two domains? SharePoint must also have port access to the new Domain Controller(s) host the new domain.
    SharePoint picks people from the Domain Controller directly. The UPA is only used to append information after the user has been found in Active Directory.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Maybe you are looking for

  • Ipod is not recgnized on computer or itunes

    i have had my ipod for over a year and had no problems and i went to sync my ipod when i plugged it into the usb a message popped up saying 1 of the usb devices attached to this computer has malfunctioned and windows doesnt recgonize it. and its not

  • Timestamp in portal

    Production - DB 10.2.0.4 Midtier Portal Version 10.1.4.2 oas - 10.1.2.3 While in the Navigator to determine when an object has been executed. I am able to click on the provider named APP_RESIDENT_LIFE Then I select the action "Manage" assigned to the

  • Problems creating Materialized View

    Hello, i have Problems with the creation of a materialized view with the following sql-statement:      SELECT Tag_ID, ROWNUM AS RowNr      FROM L_tag      ORDER BY tag_id ASC in the table L_tag is only one column (tag_id) that contains all dates (189

  • Problem with NW 2004s installation with MS SQL Server 2005

    Hello SDNers, We are getting following error when installing NW 2004s ERROR 2007-07-06 19:26:02 FCO-00011  The step enableUsageTypes with step key |NW_Onehost|ind|ind|ind|ind|0|0|SAP_Software_Features_Enablement|ind|ind|ind|ind|4|0|enableUsageTypes w

  • Add link to xml

    I want to add a link in the XML document. <![CDATA[Akita Prefecture Skating Arena – Northern Japan. This skating rink received a re-roof over a metal roof. 167,380 sq. ft. (15,550 m2) of light gray, 45-mil (1.14 mm) Stevens EP™ was installed by <LINK