How to validate users with Novell Directory Server
Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
Directory Sever?
Thanks
Hi
I believe iAS is designed to work with iDS which is bundled along
with the SP3 download. Also the directory server which is working with
iAS must be Nortel LDAP Schema compatible and I'm not sure if NDS(Novell
Directory Server) is compatible. What I'm trying to understand is if you
have already registered iAS with NDS and you are having trouble in
accessing the users or if you are having trouble in the installation.
Raj
Josep Maria Camps Riba wrote:
Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
Directory Sever?
Thanks
Similar Messages
-
User provisioning with Sun Directory Server
I'm migrating from the internal user data store to external with Sun Directory Server as the LDAP backend and I'm unable to provision new users. I use unidssearch to list the unprovisioned accounts and it lists the user I'd like to provision. I then execute 'uniuser -user -add "DID=uid=testy,ou=People,dc=domain,dc=com" -n 10' which returns an Insufficient access right error. When I look at das.log I see the following entry...
DATE = Thu May 10 10:25:09 2007
PID = 440; TID = 1095888896
LOG TYPE -> DEBUG
FUNCTION NAME -> ctldap_CalUserUpdateByDirectoryId
dn: uid=testy,ou=People,dc=domain,dc=com
changetype: add
ctCalXItemId: 00010:00500
o: Domain Corporation
objectClass: ctCalUser
This entry tells me that uniuser is try to do an LDAP_ADD on an existing object in the directory when it should do a LDAP_MODIFY.
Does anyone know why this is?the unidsacisetup(8) command can be used to add the ACI for Sun Directory server. The ACI it sets is a little to loose for my liking so I modified it slightly.
Original:
(target="ldap:///dc=domain,dc=com") (targetattr = "*") (version 3.0; acl "Calendar Administrators Group"; allow(all) groupdn = "ldap:///cn=OracleCalendarAdminGroup,ou=OracleCalendar,dc=domain,dc=com";)
Modified:
(target="ldap:///dc=domain,dc=com") (targetattr = "*") (version 3.0; acl "Calendar Administrators Group"; allow(read,write,compare) groupdn = "ldap:///cn=OracleCalendarAdminGroup,ou=OracleCalendar,dc=domain,dc=com";) -
How to validate user name and password in webdynpro.
Dear All,
Actually i have created login name and password in view, webdynpro and want to validate the user name and password but i am not finding proper code to how to validate user name and password.
Pl do the needful help.
Regards.
Tazeer.
Moderator Message: There is a seperate forum for WebDynpro. Please ask your question there.
Edited by: kishan P on Oct 5, 2010 1:08 PMHello, I don´t get you question. User authentication is ready out of the box in webdypro...
Regards Otto -
How to create CATALOG with MS SQL Server?
Connection class has getCatalog(strCatalog) method. In order to use it, we must create CATALOG in Database?
How to create CATALOG with MS SQL Server?
Help me, please!!!You do not create these for any database, this is part of the Connection metadata.
The Catalog is the third level of table-like database object qualification as in "Catalog.Schema.Table". For SQLServer the qualification scheme is "Database.Owner.Table" and I would be surprised if they reported anything for the current connections getCatalog() method call.
What many people do is avoid table qualification altogether by setting the connection's context in a database proprietary manner and then keeping the SQL as clean as possible. For many ODBC and JDBC drivers this can be set in the configuration. For MS SQLServer you can also execute a "USE dbname" statement on the connection to avoid table qualification. -
Failed to create a user with Mac Mini Server, the message "Failed to process the command writesettings" in the module "servermgr_sharing"
I have a Mac Mini with OS X Server 10.8.5 and Server 2.2.1 and have a problem to share the public folder.
When I enter the Server application to indicate that I want to share the public folder on the network and assign user I get the following message appears
And I can not share the folder.
If I go from my i-mac get mac mini server view and access the public folder, but I can not open any of the files there.
That I can do to fix this?
thank you very much -
How to create users with i18n characters in SunONE directory server?
Was trying to create users and groups with i18n characters in SunONE directory server
1. Started LDAP console using -l option
2. Chaged the Locale to Japanese
3. Entered few japanese character as username (meaning internationalization user name)
4. However, I could not able to type the password using the "soft keyboard" that comes with Japanese Locale
5. to overcome with #4, for now, I typed english chars as the password
6. Click OK to save the above username/pwd
7. It says "netscape.ldap.LDAPException: error result (19); value of attribute "uid" contains extended (8-bit) characters"
Has anyone ever created i18n user names in SunONE Directory Provider? Please help...Hi LostLad,
Soryy for my ignorance...Could you please be elaborate on how to remove "uid attribute from 7-bit ASCII plugin?
Thanks in advance.. -
How to create email users with open directory?
I'm trying to used a mac mini as a mail server for my domains. It works well for SMTP server/gateway for multiple locally networked systems running Lion, Mountain Lion and Maverick. The server is running Mavericks 10.9.2 server 3.1.1.
I need to add email users to it, so I tried Open Directory. I added a user with an email address with a domain listed in the mail server's domains. Then used the server app to give the user permission to use the mail service and selected to have the mail be saved on the server.
However, even though I set the mail server to accept any authentication method, I couldn't log in to get mail (via IMAP) from any email client on my computer. I tried Mail and Sparrow.
The IMAP log on the server says 'Disconnected (auth process communication failure)'. I tried everything that I could from the server app and the workgroup manager app. When using 'Mail.app', the IMAP log shows an empty user name. Trying with Sparrow shows the user name in the log, but still fails.
I restricted authentication to Open Directory, but that didn't help either. Tried with Secure Connection and without.
Am I missing something? Is there anything that I need to do to make the server accept IMAP connections? The mail service is running and handling SMTP.
The domain has an MX record pointing the server's domain name.
All the services are secured with a self signed certificate.
Doing a CLI check with 'sudo serveradmin fullstatus mail' results in the following:
[snip]
mail:protocolsArray:_array_index:0:status = "ON"
mail:protocolsArray:_array_index:0:kind = "INCOMING"
mail:protocolsArray:_array_index:0:protocol = "IMAP"
mail:protocolsArray:_array_index:0:state = "RUNNING"
mail:protocolsArray:_array_index:0:service = "MailAccess"
mail:protocolsArray:_array_index:0:error = ""
[snip]Didn't find a way to edit my post above.
UPDATE:
Trying to log in with Thunderbird showed differently in the IMAP log. It's user disabled instead.
imap-login: Info: Disconnected (user disabled): user=<username>, method=CRAM-MD5, rip=192.168.8.101, lip=192.168.8.99, TLS
How do I 'enable' this user? -
How can I populate the users in the Directory Server?
Hi all,
I'm a new of Sun ONE Directory Server 5.2, I've just install a copy of it on Win2000 server and I have a small question to ask.
How can I populate the users (This user can be use to login in to Sun ONE install messenger) in the Directory Server using the Directory server's admin console?
Thanks in advance,
Tuan Anh,Thanks Ramnath,
I've read your suggest, but actually, I really wanted to know how to populate user and password. I've read some thing below in Sun ONE Directory 5.2 Getting Started Guide.pdf
� o=userRoot
During installation, a user database is created by default. The default name of
the user database is o=userRoot. You can choose to populate this database at
installation, or to populate it later.
But I don�t know the related document, I have create successful user and pass by using admin console. But can not user this user to login in to Instant messenger.
I'm looking forward to receive your help
Tuan Anh -
[b]How to validate user's digital signature by ClientAuthentication?[u]HELP
Hello,
My Problem:
By client-certificate-based authentication the first step is to prove "Does user�s public key validate user�s digital signature?". How can I prove this on the ServerSide manually, resp. I want to verify it with java classes on the server side additional to web-server. Actually the Web-Server verify this through the SSL-Connection, I'm conscious of this, but how can I additionally verify this step with java classes.
Thanks a lotYou would have to code it all again from the client side: obtain the certificate and private key from the keystore, send the cert, sign it, send the signature, and have the server receive the certificate and check the signature, all as part of your application protocol.
Instead of all this duplication I have no doubt that you should just point your firm at RFC 2246 in which the Certificate and CertificateVerify messages are mandated, or at the pages of Rescoria's book that I pointed you to before. The transport already meets the requirement and there is zero value in re-implementing it. Indeed there is a negative value: (a) there is a development time and execution time cost which they should consider, especially the development cost, and (b) if you get it wrong you are going to reject legal clients. (There is no possibility that you will accept illegal clients by programming error. SSL/TLS works.)
EJP -
Managed users with Active Directory?
Hi guys
I was wondering if any of you can help me out. I'm looking to get a OS X Server 10.4 to act as a managed user server, with all the pros of Open Directory (ie Finder restrictions etc) and user home directories on the Xserve's HD, but to authenticate through a Windows 2003 Active Directory Server.
I have been reading a number of sites and there seams to be two ways to do it.
1) Bind the Xserve and the client Macs to the Active Directory and then on the PC server specify the home folders as a share point on the Xserve. Ie \\Xserve\Users\Tom
This way the Xserve is basically a file server.
2) And I'm cutting this story short because I've only briefly read this one. But you can set the Xserve as an Open Directory master, some how import the users and then remove the directory master roll.
I really need to be able to have the usernames and passwords live from the Windows Server due to passwords being changed every 30 days blah blah blah so I guess point 2 is out of the question.
To be honest a yay or nay to the above would be a good start, could obviously save a lot of wasted time, but if anyone can recommend me a website or a pdf that will walk me through it.
I've managed to get my laptop to authenticate to AD but cant get the home directories to work. Every time I log in with a user account it creates it locally on my HD. I do not have "Force local home directory" checked. I guess I need to configure LDAP to the AD server as well? I gave it a go an managed to get Address Book pulling users and emails from the AD sever. I then preformed a lookupd lookup on a user bob and found that the home directory was set to /Users/bob even though on my AD server I've set it to \\Xserve\Users\bob is this something I'm doing wrong with LDAP? If thats all it is I'll be able to get point 1 above working and it will all be good.
I hope I've made this clear enough for someone to be able to help me.
Thanks in advance for any help you might be able to give me.
Tom
1.25GHz PowerBook G4 Mac OS X (10.4.4)With an OD master you could manage your clients at the group and computer list level.
So when you setup the user's profile in AD, you mapped a network drive and provided the UNC path \\Xserver\Users\bob. You did bind the OD Master with the name Xserve? Also, by default it will use smb to connect, which you can change to afp instead in the AD plugin. smb will not create the home folder for you. You could try to create the home folder yourself in advance. (sudo createhomedir -a may do the trick)
For troubleshooting purposes, you could create a share on the AD server and adjust the user's profile to point to it instead of the OD Master. Try and login and see what you get. -
I am developing support for the DIGEST-MD5 sasl mechnism on a c-ldap client. I am using the evaluation version of the iPlanet Directory Server 5.0 which lists DIGEST-MD5 as a supported SASL mechanism. The server is running on NT 4.0 After installing the Directory Server with the test database, a changed the passwordStorageScheme from the default of SSHA to clear text. I then added my test user. When I run my test I always get back a resultCode of 49 (invalidCredentials). The digest-challenge I receive from the server and my digest-response are shown below. I have satisfied myself that the calculation of the response directive in the digest response is correct. Does anyone see any problems in the digest response or have any other suggestions? Is there a known problem with the iPlanet Directory Server 5.0?
digest-challenge:
realm="BGB2.ndp.provo.novell.com",nonce="Ed8UPLXsWaC6CN",qop="auth",algorithm=md5-sess,charset=utf-8
digest-response:
username="uid=bgbrown,ou=people,dc=siroe,dc=com",realm="BGB2.ndp.provo.novell.com",cnonce="A9IuPJKr30RiwL",nc=00000001,qop=auth,digest-uri="ldap/BGB2.ndp.provo.novell.com",response=97061205298e5ebaf206c8ac3598fdce,charset=utf-8,nonce="Ed8UPLXsWaC6CN"Found the answer. When the username is an LDAP DN it needs to be proceeded by "dn:".
example: username="dn:uid=bgbrown,ou=people,dc=siroe,dc=com"
The server also accepts a simple uid value.
example: username="bgbrown" -
Installation/Config Problem with Sun Directory Server Control Center (6.0)
Hi All,
I have recently attempted an installation of Sun Directory Server EE 6.0 on a x86 Solaris 10 machine.
I have selected to install Core Directory Server and Sun Directory Server Control Center with my installation.
After installation, if I check the status of the SUNDSCC, I receive the following message:
bash-3.00# ./dsccsetup status
DSCC Application is not installed
DSCC Agent is registered in Cacao
DSCC Registry has been created
Path of DSCC registry is /var/opt/SUNWdsee/dscc6/dcc/ads
Port of DSCC registry is 3998
I have also tried to re-start the Sun Java Web Console using the /usr/sbin/smcwebserver start command but that does not do anything.
If i try to initialize the SUNDSCC usin the ./dsccsetup initialize command, the registry got created, but it still displays as "application not installed".
I do not understand. I have already installed this application using the JES installer.
please help!
Regards,
Saahil GoelI had a similar issue. Here is how I fixed it.
Run dsccsetup status with the -v option. it will show you where it is trying to find the DSCC Application. Then do a find on your system to see where it is actually installed. Then simply copy it over to where dsccsetup is looking for it. Then do dsccsetup initialize. Below is what it looked like on my system when I did it:
# ./dsccsetup status -v
## /usr/sbin/smreg is present
## /usr/sbin/smcwebserver is present
## /opt/server/sun/dscc6/dccapp is MISSING
DSCC Application is not installed
## /opt/sun/cacao/bin/cacaoadm is present
## /opt/server/sun/dscc6/lib/jar/nquickmodule.jar is present
## Running /opt/sun/cacao/bin/cacaoadm list-modules -r
DSCC Agent is registered in Cacao
## Running /opt/sun/cacao/bin/cacaoadm status
## Running /opt/sun/cacao/bin/cacaoadm list-modules
## Running /opt/sun/cacao/bin/cacaoadm get-param network-bind-address
## Running /opt/sun/cacao/bin/cacaoadm get-param jmxmp-connector-port
## /opt/server/sun/ds6/bin/dsadm is present
DSCC Registry has been created
Path of DSCC registry is /var/opt/sun/dscc6/dcc/ads
Port of DSCC registry is 3998
# find / -name dccapp
/opt/server/dscc6/dccapp
# cp -R /opt/server/dscc6 /opt/server/sun
# ./dsccsetup dismantle
DSCC Application is not registered in Sun Java(TM) Web Console
Unregistering DSCC Agent from Cacao...
Deleting DSCC Registry...
All server registrations will be definitively erased.
Existing server instances will not be modified.
Do you really want to delete the DSCC Registry ? [y/n]y
Server stopped
DSCC Registry has been deleted successfully
# ./dsccsetup initialize
Registering DSCC Application in Sun Java(TM) Web Console
This operation is going to stop Sun Java(TM) Web Console.
Do you want to continue ? [y,n] y
Stopping Sun Java(TM) Web Console...
Registration is on-going. Please wait...
DSCC is registered in Sun Java(TM) Web Console
Restarting Sun Java(TM) Web Console
Please wait : this may take several seconds...
Sun Java(TM) Web Console restarted successfully
Registering DSCC Agent in Cacao...
Checking Cacao status...
Deploying DSCC agent in Cacao...
DSCC agent has been successfully registered in Cacao.
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
DSCC Registry has been created successfully
Hope this helps. -
Problem with iPlanet Directory server v5.1
Hi all,
We have upgraded (parallel) from Netscape Directory server v4.2 to iPlanet Directory Server v5.1
Here are few issues that I�m experiencing.
1. In the directory view, all accounts are displayed by the user ID rather then the Common Name like it used to be with the Netscape Directory Server.
I can not find any options to change the view.
2. When searching for the user, once user is found, i can not do the right click to be able to delete the user. (was able to in the older version).
Any feedback will be greatly appreciated,
ThanksI have a suggestion - try another means for administering your directory - use the console only for maintenance and tuning purposes. There are several products out there that are much better for day to day operations ...
Otherwise - I think with 5.1 the view is based on the rdn of the entries - and I am not sure it is customizable. Additionally I know 5.2 solved your second issue - maybe the latest SP of 5.1 has solved it as well - though I don't really know ...
-Chris Larivee -
How to create first instance of directory server (Solaris 9).
With solaris 9 installation also installs iplanet directory server in "/usr/iplanet/ds5". But there is no instance of the directory server available.
How can I add the first instcance of the directory server.
I can not use the admin server as it requires the userid to connect which is not known to me.Bharat,
I have used a script like the following to add a DS instance, though not on Solaris 9. I believe it should work
#!/bin/sh
cd /usr/iplanet/ds51/servers/bin/slapd/admin/bin
./ds_create -f /setup_scripts/installDataDSD02.inf
The .inf file is a silent install file which is well documented in the directory server installation documentation.
Hope this helps
-Pawan -
How to unlock user account in Windows Server 2003
Hi,
I want to unlock a user account in Windows Server 2003.
I have read a great post at http://forums.sun.com/thread.jspa?threadID=716240&start=0&tstart=0
But I can not get it to work. According to the post the only thing you need to do is:
"+to unlock an account, just set the value of the attribute lockoutTime to zero+".
When I set lockoutTime to zero nothing happens. The user can still not logon.
When I read the lockoutTime attribute for an account that is locked it is empty or zero if I have tried to unlock it earlier.
So it doesn´t seem to change when the account is locked.
Thanks!Hi,
Windows Server 2012 has come with the concept of Group Managed Service Account (gMSA).
Following are the benefits of gMSA,
- A single gMSA can be used on multiple hosts.
- A gMSA can be used for scheduled tasks.
- A gMSA can be used for IIS Application Pools, SQL 2012 etc.
Checkout the below link regarding complete information on gMSA (creation and usage),
http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
Checkout the below thread on similar discussion,
http://social.technet.microsoft.com/Forums/en-US/5bc96d1b-0cec-4d0c-a99d-7f34509c0714/how-to-use-correctly-managed-service-account-in-windows-server-2012-?forum=winserverDS
Regards
Gopi
JiJi Technologies
Maybe you are looking for
-
Adobe Bridge now has its own forum: http://www.adobeforums.com/cgi-bin/webx?14@@.3bb8a3bf Please post future Bridge posts there.
-
All the printing sent to 8500A is seen as a fax therefore no printing
Hi, My 8500 will not print because it sees all printing as a fax, it will not print any thing. I have renamed printer and reset its default status but it still won't print. Cotuitim
-
i bought this i phone from my cousin and it was with telus. they unlocked it. i came home and did a restore on the phone. i put a virgin mobile sim card in it and now can only recieve phone calls and call out. no messaging or data or anything else. I
-
Accidentally changed format of preference files
Hi all, I was trying to resolve a problem in a programme I was having so I dragged and dropped its preference file along with another onto the desktop. I accidentally dropped one onto the other and now all preference files (mac apps not plists) have
-
Excel Export - Numbers are displayed as text
Hello, When the report is exported to excel from SAP LIst Viewer screen - List -> Export -> Spreadsheet ->All Available format --> In Office 2003 XML format. The report opens up in excel, the numbers (numerical values) are displayed as text. How can