Changing LDAP for MTA !

Similar Messages

• Pam.conf does not use ldap for password length check when changing passwd

  I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
  I have dsee 6.0 installed on a solaris 10 server (client).
  I have a solaris 9 server (server) set up to use ldap authentication.
  bash-2.05# cat /var/ldap/ldap_client_file
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_SERVERS= X, Y
  NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
  NS_LDAP_AUTH= tls:simple
  NS_LDAP_SEARCH_REF= FALSE
  NS_LDAP_SEARCH_SCOPE= one
  NS_LDAP_SEARCH_TIME= 30
  NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
  NS_LDAP_CACHETTL= 43200
  NS_LDAP_PROFILE= tls_profile
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_BIND_TIME= 10
  bash-2.05# cat /var/ldap/ldap_client_cred
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
  NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
  bash-2.05# cat /etc/nsswitch.conf
  # /etc/nsswitch.ldap:
  # An example file that could be copied over to /etc/nsswitch.conf; it
  # uses LDAP in conjunction with files.
  # "hosts:" and "services:" in this file are used only if the
  # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
  # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
  passwd: files ldap
  group: files ldap
  # consult /etc "files" only if ldap is down.
  hosts: files dns
  ipnodes: files
  # Uncomment the following line and comment out the above to resolve
  # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
  # IPv4 addresses are searched in all of the ipnodes databases before
  # searching the hosts databases. Before turning this option on, consult
  # the Network Administration Guide for more details on using IPv6.
  #ipnodes: ldap [NOTFOUND=return] files
  networks: files
  protocols: files
  rpc: files
  ethers: files
  netmasks: files
  bootparams: files
  publickey: files
  netgroup: ldap
  automount: files ldap
  aliases: files ldap
  # for efficient getservbyname() avoid ldap
  services: files ldap
  sendmailvars: files
  printers: user files ldap
  auth_attr: files ldap
  prof_attr: files ldap
  project: files ldap
  bash-2.05# cat /etc/pam.conf
  #ident "@(#)pam.conf 1.20 02/01/23 SMI"
  # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # PAM configuration
  # Unless explicitly defined, all services use the modules
  # defined in the "other" section.
  # Modules are defined with relative pathnames, i.e., they are
  # relative to /usr/lib/security/$ISA. Absolute path names, as
  # present in this file in previous releases are still acceptable.
  # Authentication management
  # login service (explicit because of pam_dial_auth)
  login auth requisite pam_authtok_get.so.1 debug
  login auth required pam_dhkeys.so.1 debug
  login auth required pam_dial_auth.so.1 debug
  login auth binding pam_unix_auth.so.1 server_policy debug
  login auth required pam_ldap.so.1 use_first_pass debug
  # rlogin service (explicit because of pam_rhost_auth)
  rlogin auth sufficient pam_rhosts_auth.so.1
  rlogin auth requisite pam_authtok_get.so.1
  rlogin auth required pam_dhkeys.so.1
  rlogin auth binding pam_unix_auth.so.1 server_policy
  rlogin auth required pam_ldap.so.1 use_first_pass
  # rsh service (explicit because of pam_rhost_auth,
  # and pam_unix_auth for meaningful pam_setcred)
  rsh auth sufficient pam_rhosts_auth.so.1
  rsh auth required pam_unix_auth.so.1
  # PPP service (explicit because of pam_dial_auth)
  ppp auth requisite pam_authtok_get.so.1
  ppp auth required pam_dhkeys.so.1
  ppp auth required pam_dial_auth.so.1
  ppp auth binding pam_unix_auth.so.1 server_policy
  ppp auth required pam_ldap.so.1 use_first_pass
  # Default definitions for Authentication management
  # Used when service name is not explicitly mentioned for authenctication
  other auth requisite pam_authtok_get.so.1 debug
  other auth required pam_dhkeys.so.1 debug
  other auth binding pam_unix_auth.so.1 server_policy debug
  other auth required pam_ldap.so.1 use_first_pass debug
  # passwd command (explicit because of a different authentication module)
  passwd auth binding pam_passwd_auth.so.1 server_policy debug
  passwd auth required pam_ldap.so.1 use_first_pass debug
  # cron service (explicit because of non-usage of pam_roles.so.1)
  cron account required pam_projects.so.1
  cron account required pam_unix_account.so.1
  # Default definition for Account management
  # Used when service name is not explicitly mentioned for account management
  other account requisite pam_roles.so.1 debug
  other account required pam_projects.so.1 debug
  other account binding pam_unix_account.so.1 server_policy debug
  other account required pam_ldap.so.1 no_pass debug
  # Default definition for Session management
  # Used when service name is not explicitly mentioned for session management
  other session required pam_unix_session.so.1
  # Default definition for Password management
  # Used when service name is not explicitly mentioned for password management
  other password required pam_dhkeys.so.1 debug
  other password requisite pam_authtok_get.so.1 debug
  other password requisite pam_authtok_check.so.1 debug
  other password required pam_authtok_store.so.1 server_policy debug
  # Support for Kerberos V5 authentication (uncomment to use Kerberos)
  #rlogin auth optional pam_krb5.so.1 try_first_pass
  #login auth optional pam_krb5.so.1 try_first_pass
  #other auth optional pam_krb5.so.1 try_first_pass
  #cron account optional pam_krb5.so.1
  #other account optional pam_krb5.so.1
  #other session optional pam_krb5.so.1
  #other password optional pam_krb5.so.1 try_first_pass
  I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
  May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
  May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
  May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
  May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
  May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
  May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
  May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
  May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
  May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
  May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
  May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
  May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
  If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
  bash-2.05$ passwd
  passwd: Changing password for VV
  Enter existing login password:
  New Password:
  passwd: Password too short - must be at least 8 characters.
  Please try again
  May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
  May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
  May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
  May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
  May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
  May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
  May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
  I am using the default policy on the directory server which states a minimum password length of 6 characters.
  server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
  pwd-accept-hashed-pwd-enabled : N/A
  pwd-check-enabled : off
  pwd-compat-mode : DS6-mode
  pwd-expire-no-warning-enabled : on
  pwd-expire-warning-delay : 1d
  pwd-failure-count-interval : 10m
  pwd-grace-login-limit : disabled
  pwd-keep-last-auth-time-enabled : off
  pwd-lockout-duration : disabled
  pwd-lockout-enabled : off
  pwd-lockout-repl-priority-enabled : on
  pwd-max-age : disabled
  pwd-max-failure-count : 3
  pwd-max-history-count : disabled
  pwd-min-age : disabled
  pwd-min-length : 6
  pwd-mod-gen-length : 6
  pwd-must-change-enabled : off
  pwd-root-dn-bypass-enabled : off
  pwd-safe-modify-enabled : off
  pwd-storage-scheme : CRYPT
  pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
  pwd-strong-check-enabled : off
  pwd-strong-check-require-charset : lower
  pwd-strong-check-require-charset : upper
  pwd-strong-check-require-charset : digit
  pwd-strong-check-require-charset : special
  pwd-supported-storage-scheme : CRYPT
  pwd-supported-storage-scheme : SHA
  pwd-supported-storage-scheme : SSHA
  pwd-supported-storage-scheme : NS-MTA-MD5
  pwd-supported-storage-scheme : CLEAR
  pwd-user-change-enabled : off
  Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
  . It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
  I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
  Edited by: ericduggan on Sep 8, 2008 5:30 AM

  you can try passwd -r ldap for changing the ldap passwds...

• How to change password for a user in WLS 7.0 embedded ldap in code?

  I asked the similar question before but don't have an answer yet.
  I need to change password for a user in my Java code. Any help will be
  appreciated.
  Here is my stack trace:
  c:\Test>java -classpath . testEmbeddedLdap
  attribute: uid
  attribute: description
  attribute: objectclass
  attribute: wlsMemberOf
  attribute: sn
  attribute: cn
  javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient
  Access Rights]; remaining name
  'uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2872)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2810)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2616)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1374)
  at
  com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDir
  Context.java:255)
  at
  com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
  CompositeDirContext.java:172)
  at
  com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
  CompositeDirContext.java:161)
  at
  javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.
  java:146)
  at testEmbeddedLdap.main(testEmbeddedLdap.java:30)
  Here is my testing code:
  <PRE>
  import java.util.*;
  import javax.naming.*;
  import javax.naming.directory.*;
  public class testEmbeddedLdap {
  public static void main(String[] argv) {
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL, "ldap://localhost:7001");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, "uid=myAdministrator, ou=people,
  ou=myrealm, dc=mydomain");
  env.put(Context.SECURITY_CREDENTIALS, "myAdministrator");
  try {
  DirContext ctx = new InitialDirContext(env);
  String
  sUser="uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain";
  String sOldPassword="myRegularUser";
  String sNewPassword="newpassword";
  for (NamingEnumeration ae = ctx.getAttributes(sUser).getAll();
  ae.hasMore(); ) {
  Attribute attr = (Attribute)ae.next();
  System.out.println("attribute: " + attr.getID());
  ModificationItem[] mods = new ModificationItem[2];
  Attribute mod0 = new BasicAttribute("userpassword",
  sOldPassword);
  mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
  mod0);
  Attribute mod1 = new BasicAttribute("userpassword",
  sNewPassword);
  mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1);
  ctx.modifyAttributes(sUser, mods);
  ctx.close();
  } catch (NamingException e) {
  e.printStackTrace();
  </PRE>
  "Neil Smithline" <[email protected]> wrote in message
  news:[email protected]...
  Two things. First, I'm not exactly sure what password you are trying to
  change. The LDAP server's password or a user's password in the LDAP
  server. Second, could you please post a stack trace.
  Thanks - Neil
  K Wong wrote:
  I am using (javax.naming.directory.DirContext.modifyAttributes) to
  change
  password to our development Weblogic 7.0 embedded LDAP.
  I login as the system administrator (a user in the administratorsgroup),
  but always gets the javax.naming.NoPermissionException - InsufficientAccess
  Rights.
  What user should I use? Any help will be appreciated.

  Hai,
  This condition based execution requires - javascript coding.
  In miscelleaneous tools bar, you have an option of SCRIPT_ITEM writer tool, drag the tool into your WAD layout, and select the properties , choose the editor option and paste your coding. that's it.
  Alternate option :
  in your web application design layout , you will fine XHTML coding editor , there you need to write coding and execute the same.
  Hope this will help to you.
  Assign Points if its really useful.
  Cheers !!!
  Bye
  Regards,
  Giri

• Set password for MTA/POA/GWIA sslKeyFile

  How can I set the password for MTA/POA/GWIA sslKeyFile via REST API?
  I can change the sslCertificateFile and sslKeyFile, but the doc does not mentions the password.
  <sslCertificateFile>/mail/cert/xxx.crt</sslCertificateFile>
  <sslKeyFile>/mail/cert/xxx.keypwd</sslKeyFile>
  And my next question is, how can I set the httpUser password ? :)
  Thanks,
  Gellert

  On the agent attributes, the key password is set using <sslKeyPassword> with a PUT method
  it's a set only option. You can verify if the pwd has been set by getting the <hasSslKeyPassword> attribute, will be either true/false.
  Same method is used for the http password; using <httpPassword> and <hasHttpPassword>
  --Morris
  >>> gehorvath<[email protected]> 11/11/2014 3:16 AM >>>
  How can I set the password for MTA/POA/GWIA sslKeyFile via REST API?
  I can change the sslCertificateFile and sslKeyFile, but the doc does not
  mentions the password.
  <sslCertificateFile>/mail/cert/xxx.crt</sslCertificateFile>
  <sslKeyFile>/mail/cert/xxx.keypwd</sslKeyFile>
  And my next question is, how can I set the httpUser password ? :)
  Thanks,
  Gellert
  gehorvath
  gehorvath's Profile: https://forums.novell.com/member.php?userid=329
  View this thread: https://forums.novell.com/showthread.php?t=480421

• WLC connect LDAP for Authentication, but could not connect to server

  Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
  Service Port - Not connected
  Distrubution port include:
       Management Interface - in AP Management VLAN - 30
       Student AP interface - in Student VLAN - 20
       Staff AP interface - in Staff VLAN - 10
  AD is in Staff VLAN - 10
  WLC LDAP Server setting
  Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  User Attribute: sAMAccountName
  User Object Type: Person
  Debug aaa all enable message
  *LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
  WLC GUI Log:
  *LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  LDP Message of LDAP BaseDN:
  Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
  Result <0>: (null)
  Matched DNs:
  Getting 1 entries:
  >> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  4> objectClass: top; person; organizationalPerson; user;
  1> cn: Frankie F. Yeung;
  1> sn: Yeung;
  1> givenName: Frankie;
  1> initials: F;
  1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  1> instanceType: 0x4 = ( IT_WRITE );
  1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
  1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
  1> displayName: Frankie F. Yeung;
  1> uSNCreated: 3850555;
  1> uSNChanged: 3850571;
  1> name: Frankie F. Yeung;
  1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
  1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
  1> badPwdCount: 0;
  1> codePage: 0;
  1> countryCode: 0;
  1> badPasswordTime: 0;
  1> lastLogoff: 0;
  1> lastLogon: 0;
  1> pwdLastSet: <ldp error <0x0>: cannot format time field;
  1> primaryGroupID: 513;
  1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
  1> accountExpires: <ldp error <0x0>: cannot format time field;
  1> logonCount: 0;
  1> sAMAccountName: fckyeung;
  1> sAMAccountType: 805306368;
  1> userPrincipalName: [email protected];
  1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  Hope I can resolve this problem ASAP, thanks!

  Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
  The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
  But you can do LDAP for web authentication, that has no eap methods.
  Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD.

• Secure LDAP for GWIA Address book

  I've setup the GWIA 7.0.3 May 2009 code set and configured for Secure LDAP.
  I'm using the same *.b64 and *.key files we use for all our POA and MTAs.
  I cannot get the Novell LDAP address book to connect to 636.
  Is there a document I can use to help me figure this out.
  I can revert to 389 but that port is not open through the firewall.
  Mike

  POP and IMAP both work on secure port
  >>>
  From: jgrubbs<[email protected]>
  To:novell.support.groupwise.7x.gwia
  Date: 9/9/2009 6:36 PM
  Subject: Re: Secure LDAP for GWIA Address book
  Does POP3 work on the secure port?-- Jeff Grubbs
  Novell Technical Support Engineer II
  [email protected]-------------------------jgrubbs's Profile: http://forums.novell.com/member.php?userid=41638View this thread: http://forums.novell.com/showthread.php?t=385674

• Change LDAP Autentication under another LDAP Autentication

  Hi:
  I have a BO Enterprise XI 3.1 Installation using LDAP Autetication, with users, objects created by users, permissions in universes, connections, ...
  I have to change LDAP Autentication into another LDAP Autentication with same users but with different usernames (user NAME1 in actual installation will be user NAMENEW1 en new LDAP structure).
  How can I make this changes without loosing objects, permissions, ... of NAME1 user?? (i should change NAME1 on NAMENEW1!!!)
  I need some help (sorry if my english is not good. I'm spanish!!)
  Thanks

  I'f I'm understanding correctly there is no automated process to do this. #1 look for LDAP script to create enterprise aliases (KB already exists). Then you need to remove the LDAP groups, then rename all enterprise users to thei new name, then update the LDAP plugin to new server, then remap LDAP groups (containing new user names) which can be set to auto append to the existing renamed enterprise aliases. Finally any security on the old LDAP groups will need to be recreated on the new ones.
  I would recommend a BO consultant on this or you can try support. Backup your system FRS and CMS DB prior in case something goes wrong.
  Regards,
  Tim

• Error in change LDAP password

  Hi,
  Can anybody help me out in this .
  I want to change LDAP password using follows command:
  modifyldapbindpasswd.exe -genpasswdfile test_file.xml
  But there is a error appear: No installation directory specified.
  Please reply me with possible solution .
  Regards,
  keikey.

  Thanks for Mahendra's help!
  When I use the follow command,another error appears:
  C:\oracle\oam\idserver\identity\oblix\tools\modbinpasswd>modifyldapbindpasswd.exe -i c:\oracle\oam\idserver\identity -c is -t all -x ***** -y *****
  Error = The specified procedure could not be found.
  Symbol=oblxkInitcap
  Error = The specified procedure could not be found.
  Symbol=obslxcfcb
  Error = The specified procedure could not be found.
  Symbol=obslxcfob
  Error = The specified procedure could not be found.
  Symbol=obslxcfrb
  Error = The specified procedure could not be found.
  Symbol=oblfvinit
  Error = The specified procedure could not be found.
  Symbol=oblxldini
  Error = The specified procedure could not be found.
  Symbol=oblxlgsz
  Error =The specified procedure could not be found.
  Symbol=obslsta2e
  Error = The specified procedure could not be found.
  Symbol=obslste2a
  Error = The specified procedure could not be found.
  Symbol=oblxlfrd
  Error = The specified procedure could not be found.
  Symbol=oblxpendian
  Language initialization failed. Please check that the installation directory is correct.
  Please reply me with possible solution .
  Regards,
  keikey.
  Edited by: keikey on 2009-10-28 下午6:31

• Change documents for the user in Ep7.0

  Hi,
  Is there a way can we track change documents for a user in user admin in AS java stack.We have LDAP sun 5.2 version as the datasource.in ABAP stack we have some thing like in suim the change docs.Thanks.

  Hi Ambarish,
  Please check the Security Logging (.../usr/sap/<SID>/j2ee/cluster/serverX/log/security.log) might helps.
  Security audit log - 1278155
  Refer to http://help.sap.com/saphelp_nw70/helpdata/EN/03/37dc4c25e4344db2935f0d502af295/frameset.htm
  Regards
  Arun Jaiswal

• When Change LDAP Port , Have to Rebuild?

  I need to change LDAP port(389-> 1389)
  - Admin port : 390 -> 1390
  - 3 Master Replication
  - Sun Java System Directory Server Enterprise Edition 5.2 SP6
  sure, I need to remove exsting Replication Agreements and create Replication Agreements.
  then, I have to rebuild all LDAP Database? (3 Master)
  Thanks
  Edited by: 861866 on May 27, 2011 1:33 AM

  DISCLAIMER: this procedure is neither somewhere documented, nor officially supported, that's why you must consider all I'll write afterwards just as pure speculation.
  SUPPOSE that you can afford to cleanly shut down all the servers in the topology at the same time, after backing up each of the dse.ldif configuration files, you could change the port references in the dse.ldif files for:
  1. nsslapd-port
  2. nsslapd-referral(s)
  3. for each replication agreement:
  3.1 DN
  3.2 CN
  3.3 nsDS5ReplicaPort
  3.4 nsds50ruv(s)
  f you intend to change also the admin/config DS instance, before restarting the admin server/console, remember to update the attribute nsslapd-pluginarg0 under dn: cn=Pass Through Authentication,cn=plugins,cn=config in the dse.ldif files of the instances and also refer to the docs:
  http://download.oracle.com/docs/cd/E19850-01/816-6704-10/admin_config.html
  before restarting the instances.
  HTH,
  marco

• Configure LDAP for UNIX user

  Hi All
  I am doing user provisioning of SUN IDM to SUN LDAP. But In LDAP i am storing unix user. When you create any user in LDAP for UNIX then you have to specify UID, GID ,Home directory.
  Same thing i m try to create user in LDAP for unix through SUN IDM.
  But I am not able to enable checked box for unix user in posix user information.
  By default this check box is disable. we have to enable manually this check box if u want to create a user for unix in LDAP.
  I want to change this check box disable to enable by default.
  it is very urgent.
  I am not getting any doc related doc or other thing.
  thanks
  SAini

  We have so few customers using ADAM now that LDAP to AD is supported I forgot this. However to note: this means managing an entire new directory separate from your multiple AD forests.
  http://technet.microsoft.com/en-us/magazine/2009.04.schema.aspx?pr=blog
  Regards,
  Tim

• Change LDAP, mantaining ACLs

  Hi All,
  we have SAP EP6 SP19. UME is against LDAP.
  For business reasons, we need to change the LDAP name, mantaining the same schema, with the same ou, users and groups.
  Is there a way to update unique ID in the UME, updating only LDAP name and without having impacts on KM ACL, roles assignements and PCD permissions?
  Thanks in advance
  Antonio

  hi,
  The reason for such occurrence was that, the UME (User Management Engine) assigns unique IDs to the LDAP users. By Default the unique ID contains the distinguished name of the user.
  If the user is moved to a different location in the LDAP Directory, its distinguished name changes.
  For example the unique ID of a user is
  USER.CORP_LDAP.cn=testuser, ou=people, o=mycompany
  If this user is changed to a different location for which ou=admins then the unique ID of the user is changed to
  USER.CORP_LDAP.cn=testuser, ou=admins, o=mycompany
  In this case the UME can no longer find any data associated with the user under the old unique ID and the data (role assignment or user mappings) stored in database for such users gets lost. So in this regard we have changed the configuration of the UME so that it no longer uses the distinguished name in the unique ID, instead we use a unique attribute that is never changed in the LDAP directory.
  please follow the SAP note: 777640
  This will resolve ur issue.
  Thanks and regards,
  Kris

• Change Logs for TCODE -- FILE

  Hi Friends,
      Please help me in finding the change logs  for the TCODE  FILE,
      i.e  The changes made to the Logical paths
     I had tried  Utilities---->change logs , but unfortunately i cannot find any changes logs
     But there are changes made to the logical paths in my system but i cannot see them in change logs
  thanks
  chandrasekhar j

  rec/client is a profile parameter, you can view the settings in transaction RZ10.  However I find program RSPARAM more useful, the report lists all system parameters with their default and altered value.  Also if you double-click on a parameter you can get to the full help text for its meaning.
  The parameter essentially switches on table change logging for configuration tables (based on the technical settings of the table) and has to be set before the changes are made.
  Hope this helps.
  Nick

• Change pointer for HR master data is not getting generated in table BDCP

  Hi,
  I have done all the required configuration for change pointer for HR master Distribution and it was working fine few days back. Now suddnly it has stopped working.
  Can anyone assist me on how should i debug it.
  Thanks
  Sunil Singh

  Hi Shital,
  Thanks for your Reply.
  I am not able to find that path in SPRO
  Basic Functions-> application Area
  And Also My change pointer configuration was working properly and it suddenly stopped working.
  I mean to say all the required settings was done previously.
  Anyways kindly let me know how should i proceed.
  Thanks
  Sunil Singh

• I've already changed email for my apple id more than 6 months. But 2-3 months ago until now I've recieved and email to ask apple id confirmation from me. I never confirm anything because I don't know,the link's attached, it's legal or illegal.

  Dear Apple support team,
  I've already changed email for my apple id more than 6 months. But 2-3 months ago until now I've recieved and email to ask my apple id confirmation from me about 6-8 emails. I never confirm anything because I don't know,the link's attached, it's legal or illegal.
  The latest link (just be sent to my email 1 hr. ago) : http://www.smartpixeladv.com/proma/Login/index.html 
  Text is:
  Dear Customer,
  We recently noticed an unusual activity in your iTunes account. Please complete the process to confirm your
  informations.
  Confirm Now>
  This link will expire three days after this email was sent.
  If you don’t make this request, your account will be blocked for security reasons.
  Apple Support​
  In my opinion, i think      "http://"   should be   "https://"  right?  Or Apple should show the link on your website  that we can find, re- check and click by ourselve. Or  Apple should do "How to confirm apple id" on your main page. ( in fact  i'm not sure you already done "How to" on your website yes or not, because I cannot find it)
  The apple id is sensitive security, it's concerned personal security and any credit card payment so please understand me that's why i must to interrupt your team to help me to solve this problem. I'm scared my account will be blocked. Please advice me.
  Wassa. (BKK)

  It is a phishing attempt to get your Apple ID and Password.
  You should forward it to Apple : [email protected]