Changing login shell (user in LDAP)

Similar Messages

• Changing login shell?

  Sorry for the stupid question, but I've been unable to figure this out. How do I change my login shell from bash to csh? Under linux I'd just edit /etc/passwd, but I don't think that's quite right under OS X (I don't even see my username listed in passwd).
  What's the "correct" way to change the login shell?
  Thanks,
  Dave

  /Applications/Utilities/NetInfo Manager- Open the NetInfo Manager application. Select users in the middle column. Select your user name in the right column. Click the lock at the bottom of the window and enter your admin password. Under Property click on shell property then click were it list /bin/bash. Change the value to /bin/csh or /bin/tcsh (csh is tcsh in OS X). Click the lock to save the changes. Log out then log back in and your shell will change.

• How to modify default value of Login Shell attribute via script

  Hi all,
  I'm configuring the "UNIX Attributes" tab here in Active Directory Users and Computers. I've noticed that on the Login Shell option it has a default value: /bin/sh. So I had manually changed it to: /bin/bash.  I just change this value one
  bu one manually.  Now, I want to change this value for all users via script. Could you please help me to receive this goal?
  Thank you in advance.

  Use Get-AdUser / Set-AdObject
  Get-AdUser -Filter * | Set-AdObject -Replace @{unixhomedirectory='/bin/sh','bin/bash'} -WhatIf
  ¯\_(ツ)_/¯

• Xlsh - eXtended Login Shell

  Hello!
  I'm new to Arch bbs, though I've been using Arch for quite some time now. So well... hi everyone!
  Recently I wrote a small program for myself and I feel that more people could benefit from it - so I'm sharing.
  xlsh is a simple login shell with readline functionality and PAM integration.
  When run stand-alone on a virtual console it can replace the standard "login" program.
  When run in cooperation with X daemon component (xlshd) it can replace XDM/GDM/KDM.
  Features:
  Small and simple, written entirely in C.
  Easily hackable because of compact codebase (~1000 source lines).
  Uses PAM for authorization and session management.
  Ability to select non-default shell/window manager during logon.
  Entirely keyboard driven display manager replacement (when used with xlshd) without the need for any fat libraries or GUI toolkits.
  Defaults configured before compilation, some of them can be changed by setting few environment variables.
  Single shell script file (/etc/xlsh/xlshrc) for customizing how xlshd launches xlsh.
  Introduces a concept of "pre-login shell" known from GNU/HURD.
  Only three important commands: 'login', 'reboot' and 'shutdown'.
  New commands can be easily added (if you need any) by editing xlsh.c
  Username autocompletion on TAB.
  Zenburn color scheme by default (when run under X).
  So that's it. I grew tired of xdm/gdm/kdm so I rolled out my own solution. I currently run it on all my ttys and as X login manager. Shell-like keyboard only interaction is very comfortable and simple Zenburn colorscheme fits very well into my Awesome WM look & feel (which is also Zenburn).
  AUR package (xlsh-git): http://aur.archlinux.org/packages.php?ID=53520
  Source code: https://github.com/Nadrin/xlsh
  Project wiki: https://github.com/Nadrin/xlsh/wiki
  Screenshot: https://github.com/Nadrin/xlsh/wiki/Screenshots
  Let me know if you find it useful. Bug reports, suggestions and any other form of constructive criticism is very much welcome!

  env (xlsh)
  LCLIMPORTDIR=/usr/share/splint/imports
  XDG_DATA_HOME=/home/irtigor/.local/share
  TERM=rxvt-unicode-256color
  SHELL=/bin/zsh
  XDG_SESSION_COOKIE=8c19aa75e1df23394088ae2f00001baa-1320498024.774424-1546763611
  GTK2_RC_FILES=/home/irtigor/.gtkrc-2.0
  LC_NUMERIC=
  ANT_HOME=/usr/share/java/apache-ant
  USER=irtigor
  LARCH_PATH=/usr/share/splint/lib
  MOZ_PLUGIN_PATH=/usr/lib/mozilla/plugins
  XDG_CONFIG_DIRS=/etc/xdg:/etc/xdg
  PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/share/java/apache-ant/bin:/usr/bin/vendor_perl:/usr/bin/core_perl:/home/irtigor/.rvm/bin
  LC_MESSAGES=
  HG=/usr/bin/hg
  _=/usr/bin/env
  LC_COLLATE=
  PWD=/home/irtigor
  JAVA_HOME=/usr/lib/jvm/java-6-openjdk
  LANG=en_US.UTF-8
  SHLVL=3
  HOME=/home/irtigor
  XDG_CONFIG_HOME=/home/irtigor/.config
  XDG_CACHE_HOME=/home/irtigor/.cache
  LOGNAME=irtigor
  DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-JT1g91p7nx,guid=9befacf8c90efc2782fc6ccf0000001c
  XDG_DATA_DIRS=/usr/share/:/usr/local/share/:/usr/share/:/usr/local/share/
  J2SDKDIR=/usr/lib/jvm/java-6-openjdk
  LC_CTYPE=en_US.UTF-8
  DISPLAY=:0
  J2REDIR=/usr/lib/jvm/java-6-openjdk/jre
  LC_TIME=
  G_BROKEN_FILENAMES=1
  WINDOWID=10485770
  COLORFGBG=default;default;0
  TERMINFO=/usr/share/terminfo
  COLORTERM=yes
  OLDPWD=/home/irtigor
  AUTOJUMP_DATA_DIR=/home/irtigor/.local/share/autojump
  EDITOR=vim
  PAGER=less
  MAIL=/var/mail/irtigor
  LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:
  LESS_TERMCAP_mb=[01;31m
  LESS_TERMCAP_md=[01;31m
  LESS_TERMCAP_me=[0m
  LESS_TERMCAP_se=[0m
  LESS_TERMCAP_so=[01;44;33m
  LESS_TERMCAP_ue=[0m
  LESS_TERMCAP_us=[01;32m
  BROWSER=firefox
  DISABLE_AUTO_UPDATE=true
  GREP_OPTIONS=--color=auto
  GREP_COLOR=1;32
  LSCOLORS=Gxfxcxdxbxegedabagacad
  ck-list-sessions (xlsh)
  Session1:
  unix-user = '1000'
  realname = '(null)'
  seat = 'Seat2'
  session-type = ''
  active = FALSE
  x11-display = ':0'
  x11-display-device = '/dev/tty3'
  display-device = ''
  remote-host-name = ''
  is-local = FALSE
  on-since = '2011-11-05T12:39:44.074206Z'
  login-session-id = '4294967295'
  env (slim)
  LCLIMPORTDIR=/usr/share/splint/imports
  XDG_DATA_HOME=/home/irtigor/.local/share
  SHELL=/bin/zsh
  TERM=rxvt-unicode-256color
  XDG_SESSION_COOKIE=8c19aa75e1df23394088ae2f00001baa-1320498147.998816-1602302550
  GTK2_RC_FILES=/home/irtigor/.gtkrc-2.0
  LC_NUMERIC=
  ANT_HOME=/usr/share/java/apache-ant
  USER=irtigor
  LARCH_PATH=/usr/share/splint/lib
  MOZ_PLUGIN_PATH=/usr/lib/mozilla/plugins
  XDG_CONFIG_DIRS=/etc/xdg:/etc/xdg
  MAIL=/var/mail/irtigor
  PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/share/java/apache-ant/bin:/usr/bin/vendor_perl:/usr/bin/core_perl:/home/irtigor/.rvm/bin
  LC_MESSAGES=
  HG=/usr/bin/hg
  _=/usr/bin/env
  LC_COLLATE=
  PWD=/home/irtigor
  JAVA_HOME=/usr/lib/jvm/java-6-openjdk
  EDITOR=vim
  LANG=en_US.UTF-8
  SHLVL=2
  HOME=/home/irtigor
  XDG_CONFIG_HOME=/home/irtigor/.config
  XDG_CACHE_HOME=/home/irtigor/.cache
  LOGNAME=irtigor
  DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Ya5luICcfh,guid=74c155d555aa8c9aa358c87100000014
  XDG_DATA_DIRS=/usr/share/:/usr/local/share/:/usr/share/:/usr/local/share/
  J2SDKDIR=/usr/lib/jvm/java-6-openjdk
  LC_CTYPE=en_US.UTF-8
  DISPLAY=:0.0
  J2REDIR=/usr/lib/jvm/java-6-openjdk/jre
  LC_TIME=
  G_BROKEN_FILENAMES=1
  XAUTHORITY=/home/irtigor/.Xauthority
  WINDOWID=12582922
  COLORFGBG=default;default;0
  TERMINFO=/usr/share/terminfo
  COLORTERM=yes
  OLDPWD=/home/irtigor
  AUTOJUMP_DATA_DIR=/home/irtigor/.local/share/autojump
  PAGER=less
  LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:
  LESS_TERMCAP_mb=[01;31m
  LESS_TERMCAP_md=[01;31m
  LESS_TERMCAP_me=[0m
  LESS_TERMCAP_se=[0m
  LESS_TERMCAP_so=[01;44;33m
  LESS_TERMCAP_ue=[0m
  LESS_TERMCAP_us=[01;32m
  BROWSER=firefox
  DISABLE_AUTO_UPDATE=true
  GREP_OPTIONS=--color=auto
  GREP_COLOR=1;32
  LSCOLORS=Gxfxcxdxbxegedabagacad
  ck-list-sessions (slim)
  Session2:
  unix-user = '1000'
  realname = '(null)'
  seat = 'Seat1'
  session-type = ''
  active = TRUE
  x11-display = ':0.0'
  x11-display-device = '/dev/tty3'
  display-device = ''
  remote-host-name = ''
  is-local = TRUE
  on-since = '2011-11-05T12:46:37.963456Z'
  login-session-id = '1'
  Session1:
  unix-user = '1000'
  realname = '(null)'
  seat = 'Seat2'
  session-type = ''
  active = FALSE
  x11-display = ':0.0'
  x11-display-device = ''
  display-device = ''
  remote-host-name = ''
  is-local = TRUE
  on-since = '2011-11-05T12:46:33.690874Z'
  login-session-id = '1'

• Single amserver.war force to store users in LDAP

  Hello everyone!
  I've installed Sun Directory Server EE, and now am trying to install Access Manager 7.1u1 as a single war (Solaris 10 x86). I am following steps as described here http://developers.sun.com/identity/reference/techart/install.html . But even if I provide correct ldap connection info on /amserver/configurator.jsp , AM still stores users not in LDAP. After configuration AM login page says that "This server uses Data Store Authentication". There are no user records in ldap.
  So, how can I force AM to use LDAP as primary users datastore?
  This is needed by PS7.2 installer that searches specific users in ldap (amldapuser maybe), does not find them and exits.

  Hi,
  That's quite easy. you change the type of data store from the Sun Access Manager console.
  Follow these steps:
  1. Login in to Sun Access Manager Console-> under your subrealm.
  2. delete the default data store.
  3. configure your datastore i.e., your ldap.
  4. Create a new authentication module of type LDAP from Authentication tab under your subrealmand specify your datastore in it.
  5. Modify authentication chain from Authentication tab to point to newly created authentication module.
  6. save the changes & Restart the Sun Access Manager.
  I am sure after this configuration AM login page will says that "This server uses LDAP Authentication".
  Let me know if you need more help.
  Cheerio
  Sunny

• Authenticate user by LDAP server

  Environment: WLS6.0 Netscape Directory Server 4.1
  I have successful protect a servlet and authenticate user by "File Realm". But I can't authenticate user by "Security Realm(LDAP). Pls tell me any configure I miss.
  ======weblogic.xml entites========
  <security-rike-assignment>
  <role-name>manager</role-name>
  <principal-name>joan</principal-name>
  <principal-name>awang</principal-name>
  </security-role-assignment>
  (the user joan has defined in "File Realm", and there is a user in LDAP: uid=awang, ou=IT, dc=CMD)
  And why the user "awang" can't access the servlet (the username field enter "awang"; the password filed enter "awang123")
  =====config.xml entities=====
  <LDAPRealm AuthProtocol="simple" Crdential="awang123" GroupDN="dc=CMD" GroupIsContext="false" LDAPURL="ldap://127.0.0.1:389" Name="defaultLDAPRealmForNetscapeDirectoryServer" Principal="uid=awang, ou=IT, dc=CMD" UserAuthentication="local" UserDN="dc=CMD" UserNameAttribute="uid"

  You can use jsp's and servlets.
  Have a .jsp (i.e. login.jsp) that has 2 fields username / password and a submit button i.e.
  <form method="post" action="/servlet/LoginServlet">
  <input type="text" size="15" name="username" value="">
  <input type="password" size="15" name="password" value="">
  <input type="submit" name="Submit" value="Authenticate">
  </form>In your servlet (i.e. LoginServlet) is where you retrieve the username / password by doing something like:
  public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String username = request.getParameter("username");
    String password = request.getParameter("password"); 
  }You would now do your LDAP authentication. see http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html
  Depending on whether the authentication was successful or not you would redirect the user to an error page or to the next .jsp (i.e changePassword.jsp) where they can change their password.

• What is a login shell

  I was following the Archwiki guide on colouring the bash prompt and found that if I open gnome-terminal and use 'su root' I get a colourised prompt but if I used 'su - root' which I found out to be the same as 'su -l root' then I didn't.
  Some further research told me that -l makes the shell a login shell but I still don't really understand what that is or how it is any different. Can anyone enlighten me? Thankyou.

  I may be mistaken, but I believe the major difference is that when you su using a login shell, all of the login scripts for that shell run when it is instantiated.  On my system, that includes changing to the new user's $HOME. 
  Without the -l, the system changes to the new user, but things like the CWD and PATH remain unchanged
  For the purposes of system administration where you are switching to root, I don't think it matters which you use -- unless you do or don't what to change the environment.
  [edit: added a missing verb.  Note to self: Don't post when you are tired]
  Last edited by ewaller (2010-05-29 14:41:48)

• [SOLVED]Why does .bash_profile seem tobe read in non-login shells too?

  ~/.bash_profile:
  . $HOME/.bashrc
  ~/.bashrc:
  export PATH=$PATH:$HOME/code/shell
  (irrelevant lines left out)
  (I have no ~/.profile, ~/.bash_login or * ~/.bash_logout. I have also never edited /etc/profile or /etc/bash.bashrc.)
  I've read that in a login shell (e.g. TTY1) only the former is read, which in my case sources the latter. Running "export -p" in TTY1 gives a result consistent with this:
  declare -x PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/bin/core_perl:/home/lazar/code/shell" (/home/lazar/code/shell is only listed once)
  I've also read that in a non-login shell (e.g. xterm) only the latter is read. However, when I run "export -p" in xterm or urxvt I get an unexpected result:
  declare -x PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/bin/core_perl:/home/lazar/code/shell:/home/lazar/code/shell" (/home/lazar/code/shell is listed twice!)
  This implies that ~.bashrc is read twice, perhaps because .bash_profile is read in non-login shells too, even though it shouldn't be, should it? It doesn't seem to matter really, but I can't help but wonder why...
  [EDIT]
  I've found the answer. Exports from .bash_profile are done at boot time and *remain* active while X is active. Opening a non-login shell will cause .bashrc to export as well. Hence the duplication. My solution:
  ~/.bash_profile:
  export PATH=$PATH:$HOME/code/shell
  . $HOME/.bashrc
  ~/.bashrc:
  (lines other than export commands)
  Last edited by Lazar (2011-02-14 07:57:56)

  As I wondered, I think it's a problem with passwd. I don't have a dbus entry and must have missed it when I was copying things around between my version and the .pacnew. Downloading an install disc now since I can't seem to change it from the recovery console due to mounting root read-only.
  I'd love to know of a way to boot that avoids starting dbus and other things that might break while still having read/write access to root. Will mark solved once I update /etc/passwd and reboot.

• Cisco ACS 5.4 + Anyconnect 3.1 NAM with 802.1x, problem with changing ACS Radius user password

  Dear all,
  Presently, we are testing 802.1x using Cisco ACS 5.4 and Cisco Anyconnect v3.1 as 802.1x supplicant. We have created predefined NAM profiles (with Cisco Profile Editor) and applied as default in on our test machine. We are using PEAP (MsCHAPv2) and ACS local user credentials for authenticating process. We have noticed that, when we try to authenticate the network with predefined profile (network profile has Administrator Network privileges) and Windows user on test machine has no Admin privileges we are not able to change ACS user password (checked "Change password on next login" in the ACS user profile). In the Monitoring and Report View we get Failure Reason "24203 User need to change password"  but no popup window apears in Anyconnect. When we change Windows local user privileges to Admin or create Anyconnect network profile localy (privileges User Network) then, we are able to finish the process.
  Have you ever been facing the problem described above. Is it Anyconnect bug? How can we fix it?
  Best regards,
  Piotr

  If this happens with all machines then if a microsoft guy can look the app logs/privileges. It seems the app is requesting privilege that it is not authorized to and that's why the propmt window fails to appear. If we know what that privilege is we can probably fix it. If that privilege is not even required for smooth work Cisco need probably to fix this behavior.
  I am sorry if I am not able to help but I am not using the anyconnect for production.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• No user is able to login to User Management Engine in SAP Web AS Java

  Hi,
  We are facing an error"User Authentication failed" in SAP Web AS Java(Stand-alone).
  No user is able to login through User Management Engine but we were able to login as administrator into Visual admin.Tried SAP* (Emergency User Activation in config tool) also.SAP* is also able to login to Visual Admin But not into UME.Login in Visual Admin was successful when we tried with SAP* or administrator.
  Feels like some UME configuration might have changed.Can anyone help me in this.
  Thank You.
  Regards,
  Sudheer.

  Hi
  Has the SAP* emergency user been activated? While this user is active, all the other users are inactive. Check the following documentation for information on this:
  http://help.sap.com/saphelp_nw70/helpdata/en/3a/4a0640d7b28f5ce10000000a155106/frameset.htm
  Regards,
  Désiré

• No user is able to login through User Management Engine in SAP Web AS Java

  Hi,
  We are facing an error"User Authentication failed" in SAP Web AS Java(Stand-alone).
  No user is able to login through User Management Engine but we were able to login as administrator into Visual admin.Tried SAP* (Emergency User Activation in config tool) also.SAP* is also able to login to Visual Admin But not into UME.Login in Visual Admin was successful when we tried with SAP* or administrator.
  Feels like some UME configuration might have changed.Can anyone help me in this.
  Thank You.
  Regards,
  Sudheer.

  Hi Sudheer Koppireddy
  login VA with SAP*
  go to services -- key config login ticket and see in right hand side entry deleate all entry
  and save it
  then go to sm 59 and check HMI connection (http connection to R/3)
  deleate it and recreate it
  Thanks
  Amit Shivhare
  PS:Reward Point

• How to make BASH as a default login shell

  Hi !
  How to create BASH as a default login shell for root user?
  Regards

  Modify root's shell entry in /etc/passwd:
  root:x:0:0:Super-User:/:*/usr/bin/bash*

• 2004s - Users in LDAP,

  I have modified the UME xml file, and am now pulling my users from our (readonly) ldap server(s). The users apppear to be successfully imported - I can login with a UME DB user, and search for users that exist only in LDAP. I can also login with an LDAP user, but they don't have any roles assigned to them.
  When I try to assign a role to an LDAP user, I get an error:
  "You need to enter a valid value to proceed with the requested action"
  And it has marked in the details of the user the "Logon ID" as a required field. It isn't possible for me to edit this field (I assume because it is stored in the readonly LDAP database). Note that the logonalias field is correctly populated with the LDAP username
  Does anyone know how I can assign roles to LDAP users? The roles should be held in the portal DB, as the LDAP database is readonly.
  Have I missed a setting that tells the roles to be stored in the database, or is there something else that I'm missing?
  Thanks in advance for any assistance.
  Regards
  Richard

  I come from a Windows background.  The "proper" way is for users into local groups, local into global groups, global gets the rights.
  It is the same with any LDAP system.  It's that way for good house keeping and it keeps users in a uniform way.  Yes, you can assign a user directly to a role.  But, in a production environment where users are coming and going and transferring in and out, it can get messy.
  If your setup is to have your users in LDAP, make groups in you LDAP that correspond to your roles in the portal. Assign the roles to the groups in the UME then the users will have the rights.
  Until I made myself do things that way... well I got burned a few times.

• Problem to move user in LDAP with the function DBMS_LDAP.rename_s

  Hello,
  I want to move a user in Active Directory, but this function i can only change his "cn". And when I use an invalid DN I have no error.
  My syntax is:
  retval := DBMS_LDAP.rename_s ( emp_session, my_dn,'cn=nom prenom', 'OU=test,DC=XXX,DC=org', 1, NULL, NULL );
  The value of my_dn is :'CN=nom prenom,OU=COMMUNICATIONS,OU=DIRECTION GENERALE,OU=test,DC=XXX,DC=org'
  And 'OU=test,DC=XXX,DC=org' is the new DN, but the user don't move...
  What is the problem????
  How can I move a user in LDAP with DBMS_LDAP?????
  Thanks you very much,
  Matthieu.

  If I use only the -N option without -R option
  ex:ldapmoddn -p 389 -h 190.57.160.24 -D "CN=administrateur,CN=USERS,DC=xxx,DC=org" -w xxx -b "CN=a,OU=test,dc=xxx,dc=org" -N "dc=xxx,dc=org"
  I have this error:
  "ldap_rename_s: Protocol error
  ldap_rename_s: additional info: 00000057: LdapErr: DSID-0C09080A, comment: Error in attribute conversion operation, data 0, v893"
  Can you help me please?????
  Matthieu

• I changed my Adobe user ID when we changed from Windows PC to Mac and now I am unable to read previously downloaded ebooks on my Sony Reader device due to Digital Rights Management.  Can I resolve this?

  I changed my Adobe user ID when we changed from Windows PC to Mac and now I am unable to read previously downloaded ebooks on my Sony Reader device due to Digital Rights Management.  Any ideas how I can get access to these now?

  Hi Blotontheland,
  Thanks for the prompt reply. The interesting thing is that my Macbook Pro was upgraded today to Yosemite and I still have the spinning wheel on the start up screen before the login page comes up.