Change password through LDAP fails

I have the standalone calendar server (9.0.4) installed using an openldap server for the account data. Operations generally seem to be working OK with logon activity and ldap lookups. However when trying to change the password using the windows client the application reports "Unable to access the directory server. Application will terminate." after which it closes.
Simutaneously, watching openldap debug logs during the event I see this:
Oct 20 14:10:45 cs slapd[2986]: => acl_mask: access to entry "cn=Test User One,ou=People,dc=department,dc=someuniversity,dc=edu", attr "userPassword" requested
Oct 20 14:10:45 cs slapd[2986]: => acl_mask: to all values by "", (=n)
Oct 20 14:10:45 cs slapd[2986]: <= check a_dn_pat: ou=oraclecalendaradministrator,dc=department,dc=someuniversity,dc=edu
Oct 20 14:10:45 cs slapd[2986]: <= check a_dn_pat: self
Oct 20 14:10:45 cs slapd[2986]: <= check a_dn_pat: users
Oct 20 14:10:45 cs slapd[2986]: <= check a_dn_pat: anonymous
Oct 20 14:10:45 cs slapd[2986]: <= acl_mask: [4] applying read(=rscx) (stop)
Oct 20 14:10:45 cs slapd[2986]: <= acl_mask: [4] mask: read(=rscx)
Oct 20 14:10:45 cs slapd[2986]: => access_allowed: auth access granted by read(=rscx)
Oct 20 14:10:45 cs slapd[2986]: ====> cache_return_entry_r( 8 ): returned (0)
Oct 20 14:10:45 cs slapd[2986]: conn=65 op=4 BIND dn="cn=Test User One,ou=People,dc=department,dc=someuniversity,dc=edu" mech=SIMPLE ssf=0
Oct 20 14:10:45 cs slapd[2986]: do_bind: v3 bind: "cn=Test User One,ou=People,dc=department,dc=someuniversity,dc=edu" to "cn=Test User One,ou=People,dc=department,dc=someuniversity,dc=edu"
Oct 20 14:10:45 cs slapd[2986]: send_ldap_result: conn=65 op=4 p=3
Oct 20 14:10:45 cs slapd[2986]: send_ldap_result: err=0 matched="" text=""
Oct 20 14:10:45 cs slapd[2986]: send_ldap_response: msgid=5 tag=97 err=0
Oct 20 14:10:45 cs slapd[2986]: conn=65 op=4 RESULT tag=97 err=0 text=
Oct 20 14:10:45 cs slapd[2986]: daemon: select: listen=6 active_threads=0 tvp=NULL
Oct 20 14:10:45 cs slapd[2986]: daemon: activity on 1 descriptors
Oct 20 14:10:45 cs slapd[2986]: daemon: activity on:
Oct 20 14:10:45 cs slapd[2986]: 28r
Oct 20 14:10:45 cs slapd[2986]:
Oct 20 14:10:45 cs slapd[2986]: daemon: read activity on 28
Oct 20 14:10:45 cs slapd[2986]: connection_get(28)
Oct 20 14:10:45 cs slapd[2986]: connection_get(28): got connid=65
Oct 20 14:10:45 cs slapd[2986]: connection_read(28): checking for input on id=65
Oct 20 14:10:45 cs slapd[2986]: ber_get_next on fd 28 failed errno=11 (Resource temporarily unavailable)
Oct 20 14:10:45 cs slapd[2986]: do_bind
Oct 20 14:10:45 cs slapd[2986]: conn=65 op=5 BIND anonymous mech=implicit ssf=0
Oct 20 14:10:45 cs slapd[2986]: >>> dnPrettyNormal: <ð^est User One,ou=People,dc=department,dc=someuniversity,dc=edu>
Oct 20 14:10:45 cs slapd[2986]: bind: invalid dn (ð^est User One,ou=People,dc=department,dc=someuniversity,dc=edu)
Oct 20 14:10:45 cs slapd[2986]: send_ldap_result: conn=65 op=5 p=3
Oct 20 14:10:45 cs slapd[2986]: send_ldap_result: err=34 matched="" text="invalid DN"
Oct 20 14:10:45 cs slapd[2986]: send_ldap_response: msgid=6 tag=97 err=34
Oct 20 14:10:45 cs slapd[2986]: conn=65 op=5 RESULT tag=97 err=34 text=invalid DN
Oct 20 14:10:45 cs slapd[2986]: daemon: select: listen=6 active_threads=0 tvp=NULL
So, it's submitting an initially correct lookup for the test account but when it later submits the password updated it appears to substitute garbage for the first few characters. Getting the DAS debug log isn't much help, it does report this error:
DATE = Wed Oct 20 14:14:40 2004
PID = 5457; TID = 3059759840
ERROR CODE -> 0x18001
FUNCTION NAME -> ctldap_LDAPErrorMap
LDAP ERROR -> 34
LDAP ERROR MESSAGE -> Invalid DN syntax
MATCHED DN ->
SERVER ADDITIONAL INFO. -> invalid DN
DATE = Wed Oct 20 14:14:40 2004
PID = 5457; TID = 3059759840
LOG TYPE -> TRACE
EXITING -> ctldap_LDAPErrorMap
returns 0x18001
Is there anything I should look to about the weird LDAP substitutions? This looks pretty bizarre, I haven't seen such problems with any of the other operations.

Do you have a :
[LDAP]
writedn = " "
writednpassword = " "
(note, you need to encrypt this using uniencrypt utility)
[UTL]
adm_moduserpassword = TRUE
Try it then.
Because a user has now write privileges to the LDAP it needs a mediator. That mediator is the writedn and writednpassword.
Yours,
Eli Benschop

Similar Messages

  • How to change password of LDAP admin :cn=Directory Manager ?

    How to change password of LDAP admin :cn=Directory Manager ?
    Thanks!

    Try this, on the console log in as "cn=Directory Manager", open the Directory Server console and select the "Configuration" tab. You should see a "Settings" tab inside "Configuration" There you can find the fields for Directory Manager's new password.
    Regards.

  • Users changing passwords within LDAP authentication

    Hello all,
    I've noticed that if a user uses the 'Membership' authentication to access the portal, they are allowed to change their passwords within the 'user channel' edit section.
    If a user logs in throught the LDAP authentication, this password utility disapears.
    1 - Is there a way to use this password utility when using LADP authentication? Is it just a setting somewhere??
    2 - What are you using to change password if you are using LDAp authentication? i.e. did you create your own password tool??
    Thanks in advance,
    Jason

    Here's how I did it on 6.0:
    I created a bookmark with these properties:
    Bookmark Name: Change Personal Settings
    URL: /amconsole
    When the user clicks on the bookmark, they have to scroll all the way down to the bottom of the window to find the change password option. After changing the password, the user should close the amconsole window WITHOUT clicking on the logout button. Just kill the window.
    If they click "logout" it will log them out of the Portal Server while leaving the desktop window open. It will look like they are still logged in but they are not. They will have to re-login.

  • UME change password in LDAP when this has expired

    Hello,
    I've configured SAP EP 2004 SP18, ume datasource is LDAP Active Directory, with SSL, and as administrator I can reset the password.
    The problem appears when password is expired and the flag "user must change password" is marked in Active Directory and in the portal dosen't appear the form to the user to change the password.
    If you read in ADS attribute "pwdLastSet" when is "0" means that the user must change password, I'm trying to map this attribute to ume attribute "passwordchangerequired", but it's not working, also are different formats.
    The result is that in the portal login is not appearing the form to change the password when it's necesary, any ideas to map this active directory password or workaround...
    Very thanks in advance.
    Xavi.

    same problem here ........ Iv'e set the UME expire date, and this works (kind of). The problem is that if both the Active Directory AND the UME are set to expire at 30 days, when the user logs on to the network on the 30th day, he is prompted to change his network password. Then as soon as he tries to log on to the portal he is prompted again (since the portal/ume doesnt know that the password has been changed in the active directory data source).
    The user is prompted 2 times to change his password, and this is obviously confusing. And now his network password is different that what he just changed it to (since the portal / ume pw change changes the Act Dir password).
    Any suggestions?
    Thanks.

  • Error Code 112 when trying to change password through OID

    Hi
    When I try to change the passwrod of any user by going into OID( I am logged in as orcladmin user) it says Modify failed, error code 112 and details unknown.
    Somewhere I founf out that this could be beacuse of Password Policy entries and so when I tried to change the policy entries, it again displayed the same error. So basically I am not able to modify any entry in OID
    Immediate help in this regard will be very helpful
    Regards
    Prateek

    I also got this, and was able to work around it by opening the Oracle Directory Manager, logging in as orcladmin, going to the relevant entry and then:
    1. Creating another copy of it (using the create copy button), renaming it and its cn slightly
    2. Deleting the original
    3. Creating yet another copy of the copy, this time naming it what the original was
    3. Deleting the first copy.
    I think it might have had something to do with the fact that I imported in my entries using bulkload and then was trying to edit them as orcladmin.... making the new versions as above changes the modifier etc to be orcladmin.... but I'm new at this stuff so who knows :)
    Good luck,
    Heather

  • Changing Oracle Passwords through HTML DB anonymous blocks

    I am attempting to use DAD as my authentication method. The site will only be accessible through an SSL connection, so I'm not too worried about security. Plus it is a small target audience. I don't want to mess with LDAP because of the unnecessary complexity of adding it just for a single application. One of the requirements is changing passwords through the application. I always get an ORA-01935 (missing user or role name). Any ideas?

    Just a note, I get this from an after submit process that executes the following pl/sql anonymous block:
    begin
    execute immediate 'alter user :P9_USERNAME identified by :P9_PASSWORD1';
    exception
    when others then
    raise_application_error(-20911, 'Could not change password for user: ' || :P9_USERNAME || ' ' || SQLERRM);
    end;

  • How to restrict changing password for user ?

    Hi All experts ,
    We have created users . Users should not change their password without permission of Administrator . How to restrict them by setting Permissions / Authorizations ? 
    Thanks.
    KISHORE SATPUTE

    Hi,
    In "USER MAINTENANCE- SU01" --> in the "logon tab" there are 5 different "user type"
    1. dialog
    2. system
    3. communication
    4. service
    5. reference
    Kindly mention the function and role of all the above mentioned user types specifically and hows is one user type different from another.
    These are as follows:-
    1. Dialogue:-
    For this kind of users:-
    GUI login is possible.
    Initial password and expiration of passowrd are checked.
    Multi GUI logins are checked.
    Usage:- These are used for GUI logins.
    2. System
    For this kind of users:-
    GUI login is not possible.
    Initial password and expiration of passowrd are not checked.
    Usage:- These are used for internal use in system like background jobs.
    3. Communication
    For this kind of users:-
    GUI login is not possible.
    Users are allowed to change password through some software in middle tier.
    Usage:- These are used for login to system through external systems like web application
    4. Service
    For this kind of users:-
    GUI login is possible.
    Initial password and expiration of passowrd are not checked.
    Multiple logins are allowed.
    Users are not allowed to change the password. Only admin can change the password
    Usage:- These are used for anonymous users. This type of users should be given minimum authorization.
    5. Reference
    For this kind of users:-
    GUI login is not ible.
    Initial password and expiration of passowrd are not checked.
    Usage:- These are special kind of users which are used to give authorization to other users.
    Rewads point if helpful
    Thanks
    Pankaj Kumar

  • How to Change Password throgh ABAP

    Hi All,
    Could you please tell me How to change password Through SU01 without having role.
    When i am going to click change password button it giving error message you are not authorize to change password.
    How to change through Debug mode.
    Regards,
    Arif

    Hi,
    Firstly ,you are not supposed to do something that you are not authorised to do.
    But still you need access by bypassing the Authorization then here is the way.
    Create a Breakpoint in FM RS_TRANSACTION_TEST at line no - 34 .
    1.Go to tcode SE93.
    2,Enter Tcode as 'SU01'
    3.start the debugger by putting '/h' in the command line and then execute.
    4.You debugger will stop at line no 34 of FM RS_TRANSACTION_TEST.
    5.the value of sy-subrc will be '4' at that point...CHnage the value of su-subrc to '0'. and then execute.
    OR use FM - BAPI_USER_CHANGE
    Regards,
    Vikas

  • Trying to Change AD Password from GW2014 failing

    Hello,
    I've got the Caledonia books by Danita and I am preparing to upgrade / move our GW2012 edirectory system to 2014, then migrating that to AD. In preparation, I have set up a test GW2014 server and set it to authenticate LDAP against AD. I was easily able to get a user to sync and login to both the 2014 client and webaccess. However, when I try to change the password for this user through either client, the attempt fails with the following error in the POA:
    17:10:43 4233 Error: LDAP failure detected [D06B] User:gw2014test (gw2014test)
    The closest TID I have seen on this is for GW 2012 where it says that LDAP passwords in GroupWise were designed to work with eDirectory so the function does not work in other LDAP servers?!
    Any help would be much appreciated!
    Thanks

    I don't believe there is a way to check for expired pwd. I'll check with developers though.
    --Morris
    >>> davearre<[email protected]> 8/1/2014 4:36 AM >>>
    Hi, Morris,
    Awesome, thank you that worked!! After I posted my question I tried to
    do the SSL but got LDAP error 81 on the POA because I exported the DC's
    certificate and not the CA's. Once I followed your steps and exported
    the CA certificate I was able to login and change the password without
    error in both the client and webaccess.
    One more question, I tried to do a "user must change their password on
    next login", which is what we do now with eDirectory with new teachers
    especially in the summertime, they can change passwords from home before
    they arrive. With edir and an expired password, Webaccess puts up a page
    for them to change their password. It also does this at password
    expiration time. When I set the user must change password in AD, I could
    no longer log into webaccess at all, it acted like the password was
    incorrect. Is there a trick to get the change password page prompt in
    Webaccess or is this something not available with AD as the
    authentication source?
    Thanks for your quick help!
    mblackham;2327566 Wrote:
    > You can change your AD password via the GW 2014 client, however, due to
    > requirements of AD, the LDAP session must be SSL'ized to do so. So
    > you'll have to export the CA cert that your AD LDAP process is using and
    > import it in to the AD directory configuration in GW Admin Console.
    > Here are the high level steps to getting the AD cert:
    >
    >
    >
    >
    > •Run MMC on the Domain Controller
    >
    > •Add the “Certificates” Snap-In for the Computer account. (File |
    > Add/Remove Snap-Ins)
    >
    > •Find the certificate issued to the domain controller in the
    > “Personal/Certificates” folder.
    >
    > •View the certification path for the certificate, locate the CA and
    > view it’s properties.
    > Export the CA certificate as a DER or PEM file
    >
    >
    > --Morris
    >
    >
    >
    > >>> davearre<[email protected]> 7/31/2014 3:36 PM >>>
    >
    >
    >
    >
    > Hello,
    >
    > I've got the Caledonia books by Danita and I am preparing to upgrade /
    > move our GW2012 edirectory system to 2014, then migrating that to AD.
    > In
    > preparation, I have set up a test GW2014 server and set it to
    > authenticate LDAP against AD. I was easily able to get a user to sync
    > and login to both the 2014 client and webaccess. However, when I try to
    > change the password for this user through either client, the attempt
    > fails with the following error in the POA:
    >
    > 17:10:43 4233 Error: LDAP failure detected [D06B] User:gw2014test
    > (gw2014test)
    >
    > The closest TID I have seen on this is for GW 2012 where it says that
    > LDAP passwords in GroupWise were designed to work with eDirectory so
    > the
    > function does not work in other LDAP servers?!
    >
    > Any help would be much appreciated!
    >
    > Thanks
    >
    >
    > --
    > davearre
    > ------------------------------------------------------------------------
    > davearre's Profile: https://forums.novell.com/member.php?userid=14696
    > View this thread: https://forums.novell.com/showthread.php?t=478544
    davearre
    davearre's Profile: https://forums.novell.com/member.php?userid=14696
    View this thread: https://forums.novell.com/showthread.php?t=478544

  • HT5622 I have changed my appleID and password through my laptop.  I have then changed it on my iPod Touch in settings. When I try to update my apps on the ipod touch it keeps throwing up the old appleID.  How can I get the iPod Touch to use the new ID?

    I have changed my appleID and password through my laptop. I have then changed them in my iPod touch settings in "iTunes & App stores" When I try to update my apps it fails because it wishes to continue to use the previous ID.  What do I have to do to make it accept the new ID?

    Also
    If you have apps that need updating purchased from more than one account you have to update them one at a time until the remaining apps were purchased from one account.

  • In Portal Anonymous mode - Change password option not coming- login fails

    Hi Experts,
         We are having some application which requires login in anonymous mode. When we click the application and give the user id password, it loggs in properly, there is no problem in that.
        But if the password is reset by administrator, then when entering the reset password given by admin it should ask to change the password. This is happening in normal scenario(/irj/portal), but when try the same in anonymous mode(irj/portal/anonymous) where the prompt is from the login required application, then it says login failed instead of giving the change password and confirm password screen.
    Appreciate your help in solving this issue. I hope many would have faced similar situation.
    Thanks
    Yusuf

    Hi Yusuf.
    Do you use a standard or custom login module for your application?
    More likely the used login module does not have a logic that handles such scenario as a change of user's password.
    In this case you need to implement a custom module with a required functionality.
    Best regards,
    Aliaksandr Zhukau

  • [solved]script fails when changing profile through powerdevil.

    i use ondemand governor and i want to change up_threshold value.
    Whenever i change profile through powerdevil up_threshold gets its default vaule of 80.
    what i did was to create a script named threshold containing the lines:
    #!/bin/bash
    sudo sh -c 'echo 50 > /sys/devices/system/cpu/cpu0/cpufreq/ondemand/up_threshold'
    i have also set through /etc/sudoers that this script is passwordless for my user.
    if i run the script, it successfully changes the value. It also runs successfully if i put it in startup.
    My problem is that it fails to run when i choose it to run when a profile loads through powerdevil. I am refering to the feature shown below :
    at first i thought that this function has a problem. so i chose to run kate, and when i changed profile, kate started immediately. So i guess that there is a problem with my script.
    Any ideas?
    Last edited by mechmg93 (2009-10-20 20:14:30)

    I hope someone reads this thread also its already marked as solved...
    Anyway, i would like to use CPU frequency scaling, but in the powermanagement settings,
    i cant shoose anything for frequency scaling.
    What do i have to do to be able to set "ondemand" or "always lowest frequency"?
    Wich daemons and/or modules do i have to activate to change the frequency policy?
    Would be very nice if someone could help me.

  • I am getting a Changing Password Failed error when I try to join an active directory

    I had a working AD configuration under Snow Leopard. When I upgraded to Mountain Lion, my account was no longer in sync with the domain. I got the red dot on the login screen and my domain password was out of sync. I unhooked from the domain at that point. This was several months ago.
    However, over the last few weeks, I keep finding myself locked out of the domain. I suspect it's something on my Mac that is trying to use my old credentials. I was hoping to rejoin the domain and see if I could get my account back in sync. When I get a domain admin to enter his password on the Directory Utility join screen, it first notes that the computer account already exists in the domain. I tell it to continue, but I can't get past this point:
    2013-06-24 14:21:20.729935 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - Computer account either already exists or DC is already Read/Write
    2013-06-24 14:21:20.732774 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - existing record found 'CN=MYMACHINE,OU=Default,OU=Workstations,OU=MyCity,OU=North America,DC=GLOBAL,DC=OURCORP,DC=NET'
    2013-06-24 14:21:20.732822 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - switching to cache 'MEMORY:0x7faef36ed770'
    2013-06-24 14:21:20.733141 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - Trying to find service kdc for realm GLOBAL.OURCORP.NET flags 2
    2013-06-24 14:21:20.734196 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - connecting to 12
    2013-06-24 14:21:20.734221 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - connecting to host: tcp 10.22.94.212:kerberos (1.2.3.4)
    2013-06-24 14:21:20.741380 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - host completed: tcp 10.22.94.212:kerberos (1.2.3.4)
    2013-06-24 14:21:20.741416 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - krb5_sendto_context done: 0
    2013-06-24 14:21:20.741619 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - trying to set password
    2013-06-24 14:21:20.741637 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - trying to set password using: MS set password in realm GLOBAL.OURCORP.NET
    2013-06-24 14:21:20.741648 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - using TCP since the ticket is large: 1560
    2013-06-24 14:21:20.741665 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - Trying to find service change_password for realm GLOBAL.OURCORP.NET flags 2
    2013-06-24 14:21:20.742867 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - connecting to 12
    2013-06-24 14:21:20.742908 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - connecting to host: tcp 10.22.94.212:kpasswd (1.2.3.4)
    2013-06-24 14:21:20.745231 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - host completed: tcp 10.22.94.212:kpasswd (1.2.3.4)
    2013-06-24 14:21:20.745250 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - krb5_sendto_context done: 0
    2013-06-24 14:21:20.745398 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - set password using MS set password returned: 0 result_code 3
    2013-06-24 14:21:20.745417 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - Changing password failed for '[email protected]' with error '' (3)
    2013-06-24 14:21:20.745426 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - setting Computer Password FAILED for existing record - 5103
    2013-06-24 14:21:20.745818 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - ODNodeCustomCall failed with error 'Credential operation failed' (5103)

    Reggierror,
    Had the same issue and discovered that I made my AD object name too long (16 instead of 15 character which is the limit) You might want to try making the computer object name shorter if you can.

  • How to change password for a user in WLS 7.0 embedded ldap in code?

    I asked the similar question before but don't have an answer yet.
    I need to change password for a user in my Java code. Any help will be
    appreciated.
    Here is my stack trace:
    c:\Test>java -classpath . testEmbeddedLdap
    attribute: uid
    attribute: description
    attribute: objectclass
    attribute: wlsMemberOf
    attribute: sn
    attribute: cn
    javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient
    Access Rights]; remaining name
    'uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2872)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2810)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2616)
    at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1374)
    at
    com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDir
    Context.java:255)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
    CompositeDirContext.java:172)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
    CompositeDirContext.java:161)
    at
    javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.
    java:146)
    at testEmbeddedLdap.main(testEmbeddedLdap.java:30)
    Here is my testing code:
    <PRE>
    import java.util.*;
    import javax.naming.*;
    import javax.naming.directory.*;
    public class testEmbeddedLdap {
    public static void main(String[] argv) {
    Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://localhost:7001");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "uid=myAdministrator, ou=people,
    ou=myrealm, dc=mydomain");
    env.put(Context.SECURITY_CREDENTIALS, "myAdministrator");
    try {
    DirContext ctx = new InitialDirContext(env);
    String
    sUser="uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain";
    String sOldPassword="myRegularUser";
    String sNewPassword="newpassword";
    for (NamingEnumeration ae = ctx.getAttributes(sUser).getAll();
    ae.hasMore(); ) {
    Attribute attr = (Attribute)ae.next();
    System.out.println("attribute: " + attr.getID());
    ModificationItem[] mods = new ModificationItem[2];
    Attribute mod0 = new BasicAttribute("userpassword",
    sOldPassword);
    mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
    mod0);
    Attribute mod1 = new BasicAttribute("userpassword",
    sNewPassword);
    mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1);
    ctx.modifyAttributes(sUser, mods);
    ctx.close();
    } catch (NamingException e) {
    e.printStackTrace();
    </PRE>
    "Neil Smithline" <[email protected]> wrote in message
    news:[email protected]...
    Two things. First, I'm not exactly sure what password you are trying to
    change. The LDAP server's password or a user's password in the LDAP
    server. Second, could you please post a stack trace.
    Thanks - Neil
    K Wong wrote:
    I am using (javax.naming.directory.DirContext.modifyAttributes) to
    change
    password to our development Weblogic 7.0 embedded LDAP.
    I login as the system administrator (a user in the administratorsgroup),
    but always gets the javax.naming.NoPermissionException - InsufficientAccess
    Rights.
    What user should I use? Any help will be appreciated.

    Hai,
    This condition based execution requires - javascript coding.
    In miscelleaneous tools bar, you have an option of SCRIPT_ITEM writer tool, drag the tool into your WAD layout, and select the properties , choose the editor option and paste your coding. that's it.
    Alternate option :
    in your web application design layout , you will fine XHTML coding editor , there you need to write coding and execute the same.
    Hope this will help to you.
    Assign Points if its really useful.
    Cheers !!!
    Bye
    Regards,
    Giri

  • ISE 1.1 'Change password on next logon' fails on iPhone / iPad

    Hello -
    We're in the process of implementing an ISE 1.1 server for Guest Wireless Access / BYOD at our company and ran into an issue with authenticating from iPhones / iPads when the account is set with 'change password on next logon' (it's a local account created on the ISE server - not AD). It fails and displays 'unable to join network' on the iPhone. The ISE log shows a '5411: No response received in 120 seconds'. We're able to authenticate from Windows devices and are prompted to change the password during the authentication process. Has anyone else encountered this? If we uncheck the 'change password' box we can authenticate from iPhones & iPads without any issue but we need to have a way for users to set their own password.
    Thanks!
    Bill

    Hi,
    I am encountering the exact same issue in our lab environment, but with AD accounts (We would like customers to be able and connect to the dot1x network with their AD credentials, and based on machine authentication they will or will not get restricted access).
    Just to be clear: the change password functionality works perfect on laptops, but on ipad/android we just cannot connect to the dot1x (PEAP) network when the "change password on next login" checkbox is on.
    Anyone else who can shed some light on this?
    Thanks
    Tom

Maybe you are looking for

  • Managing Server Encryption Keys in IDM 8.1

    I am trying to import the server encryption key from my local machine to the development environment. However, I get the error "java.lang.IllegalStateException: Error attempting to decrypt: Given final block not properly padded". I am attempting to i

  • ITunes will not open from desktop icon or from start menu.

    I have windows xp 32 bit.  I can browse with safari and open qt with no issues.  ITunes no longer opens. I have the 10.5 version and have not had any problems prior to today. Any help would be greatly apreciated. 

  • Error occured while reading identity data: failed to decrypt safe contents

    Hello, We are trying to access Tibco JMS server through SSL using JNDI lookup. Getting the following error, while executing a sample java file. Java Version - java version "1.4.2_05" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_05-b0

  • TCP-Gateway tool

    Hi , I want to check with tcp gateway tool for a SOAP Adapter . Can anyone suggest the best suited scenario in PI and also a web service that is publicly available to check this scenario. I am new to PI and want to implement this Scenario.

  • HT4993 I need help with an Activation Error Message on my Iphone 5

    Hi I am having Trouble with my IPhone 5 It shows an Activation Error message