Howto create ldap account?

Similar Messages

• Creating admin account in ldap

  Hi,
  I have a mac client, which authenticats to the ldap running on a mac os x server for user login. How can I configure a user in the ldap on the server, so hat when this user logs in to the mac client, he will be a local administrator for that mac client.
  Thanks.

  You don't create those accounts on the Server.
  On a Workstation, the initial account you create when you install Mac OS X, or any new account you add to that Workstation using:
  System Preferences > Accounts
  ... will be a strictly local \[this Mac ONLY] account. Of course, you must be an Admin to create new accounts there.
  By contrast, Network-visible accounts are created with Workgroup Manager, provided you point WorkGroup Manager at the correct network-visible LDAPv3 directory when you create those new accounts.
  I find it very convenient to have a "Standard" Administrator ID on every Workstation, so that I can always log on and do maintenance and updates, even without a connection to the Server. I use a name that starts with X so that it alphabetizes near the end of the list and does not get in the way. This really is a multitude of accounts -- one per workstation -- that have the same name, but do NOT share a Home Directory on the Server.
  The down side of this is if the kids ever discover the password for one of those accounts, they know the password for every similar account on every Workstation.
  If that does not make sense, or I have not answered your intended question, please ask again!
  Message was edited by: Grant Bennet-Alder

• Disabling Keyboard Shortcuts for LDAP Accounts -Workgroup Manager...

  I work in a school and all our students are on LDAP accounts. Recently some of the kids realized that hitting Ctrl-Opt-CMD-8 inverts the screen display. You wouldn't believe the amount of havoc this has created at school, especially when they do it to a kid’s account that doesn't know how to fix it.
  Keyboard and Mouse are NOT one of the items under preferences for either groups or accounts in Workgroup Manager. Does anyone know if there is a way around this, or an alternate way of getting rid of the keyboard shortcuts for Universal Access, for either groups or accounts?
  Thanks
    Mac OS X (10.4.6)  

  Within the Workgroup Manager pane for Preferences, there is an option to manage Universal access. Within that section, there is a tab for 'Options'. You will want to change that management to 'Always' and leave the box for 'Allow Universal Access Shortcuts' UNchecked. This will, in effect, disable the usage of the shortcuts for a User or a selected Group account.
  Hope this helps out!!
  www.Admin660.com

• How to batch create SSO accounts from Windows or a PL/SQL script

  We have just converted our 6i Forms and Reports to 10g (10.1.2.0.2), and run them against a 9i database. In order to be able to securely run reports we set up and configured SSO for a few accounts via the Oracle Identity Management Provisioning Console. We do not have PORTAL – nor do we want it. However, now we need to create about 500 SSO accounts at once. We would prefer to be able to create these accounts in a batch method – eg run something from Windows command line or run a PL/SQL script. We have the DBMS_LDAP package successfully installed in that 9i database. Currently our list of 500 users is simply in a table in the 9i db.
  Spent several hours looking through both this site and Metalink, but so far no luck – especially because we don’t have or want PORTAL. If anyone can help, would appreciate it very much.
  Thanks

  User dbms_ldap package in the database to use PL SQL to create your database
  account and then an OID account with a RAD to match the database login. If you
  You may have to load the DBMS_Ldap package from the database ADMIN directory first to be available in the database.
  LDAP SQL Ex.
  user_username := LOWER(new_user) || '@domain.com'; -
  retval := dbms_ldap.search_s(my_session, ldap_base,
  dbms_ldap.scope_subtree, 'uid=' || user_username, my_attrs, 0,
  my_message);
  retval := dbms_ldap.count_entries(my_session, my_message);
  my_entry := dbms_ldap.first_entry(my_session,my_message);
  my_dn := dbms_ldap.get_dn(my_session,my_entry);
  dbpassword := 'PASSWD01';
  isvalidrad := forms_rad.newraddefinition(radname,new_user,dbpassword,
  dbtnsnames,errormessage);
  sessionestablished := forms_rad.createoidsession(ldap_user, ldap_passwd,
  ldap_host, ldap_port, ldap_base);
  radcreated := forms_rad.createradforcn(my_dn, 'false', errormessage);
  -- Create new user's database account same as RAD account.
  v_sql := 'CREATE USER "' || new_user || '" IDENTIFIED BY ' || dbpassword ||
  ' DEFAULT TABLESPACE JLIM TEMPORARY TABLESPACE TEMP';
  EXECUTE IMMEDIATE v_sql;
  v_sql := 'GRANT CONNECT TO ' || new_user;
  EXECUTE IMMEDIATE v_sql;

• Unknown user name or bad password issue while creating AD accounts

  Hi All,
  While creating accounts on AD through IdM, I am getting below error. Sometimes I don't see this error while sometimes I do. What could be the actual reason ?
  com.waveset.util.WavesetException: Error opening object 'LDAP://cn=ut9778ug,ou=Employee USA,ou=Users,ou=CorpHQ,dc=corpz,dc=utcz,dc=com': ADsOpenObject(): 0X8007052E: , , Logon failure: unknown user name or bad password.
  Please help me out.
  Thanks,

  Hi,
  I just faced the same problem while provisionning account on AD through Sun Identity Manager Gateway. (I'm in Oracle Waveset 8 patch 6)
  When I test configuration on the configuration page of my AD resource, everything was ok, but when i tried to create / update account on AD, i had the same error. (when i forced a bad password for example, the test configuration was in error, so i know that was ok)
  I resolved the problem using IP address in "LDAP Server Name" instead of url or host name. I don't understand because 'ping' on url and test configuration on resource were ok.
  I hope it will be usefull for you
  Nicolas

• Able to su from root to ldap accounts but account passwords come back as incorrect otherwise?

  Hi,
  I've installed DSEE 11.1.1.7.2 and I set up a few test ldap clients, Solaris 10, Solaris 11, and Oracle Linux. From root on any of these boxes I can su to the ldap accounts but if I try to ssh or su - from one test account to another I get a incorrect password.
  I also have a test Sun 7.0 Directory Server running and using the same Solaris 10 client I can do a ldapinit to it and authenticate fine with the test accounts. I'm using the same scripts to create accounts and passwords on both versions. I looked through the default password policies between the two and don't see any differences and I'm not getting anything showing up in the logs. Has anyone seen this type of issue before?
  Thanks

  Hello,
  This post http://serverfault.com/questions/576265/solaris-pam-ldap-authentication-using-sshd-kbdint-and-failing might be useful.
  -Sylvain
  Please mark the response as helpful or correct when appropriate to make it easier for others to find it

• Adding object classes when creating ldap user in workflow

  I'm creating ldap users in a workflow and when I assign the object classes in the workflow I get an object class violation. It seems that when I call check in view and when my break point stops in Update User the default object classes on the resource have been removed from the user.accounts[LDAP].objectClass attribute which I just set. Not sure what's going on here. Is there another way to assign more than just the default object classes to a new ldap user through the workflow? Thanks in advance.

  Multiple things I can think of
  1) put all the object classes you may be expecting with the user account in the resource configuration panel. LDAP is smart enough to assign the related object classes to the object based on the attributes assigned to the user.
  2) Check if you have the object class in the schema of LDAP.

• 10.4.11 - Can't create mobile account

  I reimaged one of our powerbook G4 laptops and ran S/W update getting it to version 10.4.11. After rebooting I could not create an Active Directory mobile user account. Tried all the normal things - repair permissions, rebind to AD and reboot, even trashed the edu.mit.kerberos file and all plists in /Library/Preferences/DirectoryService and rebind from scratch. I probably trashed the mcx settings in NetInfo Mgr, but I don't recall for sure. Also the 'ol reset-nvram and reset-all in OpenFirmware. Nothing helped - kept getting the "can't login, users home folder is on an AFP or SMB share". When I logged in as my local admin user, I could connect to the homefolder path using the mobile-user's credentials (with Kerberos).
  My solution was to reimage the laptop again (ver 10.4.10), bind to AD & reboot, create the mobile account and then run S/W update to 10.4.11.
  I'm not really looking for a solution here, just a warning to people that you may not want to create images at 10.4.11 if you use mobile accounts. I plan on using my 10.4.10 images for the time being.
  Ta ta,
  JHL
  P.S. I haven't tried this yet on our iBooks, eMacs or iMacs.

  Similar issue...
  Updated an iBook G4 today to 10.4.11. After reboot it logged in with a Network Account (not mobile account this time - AD set to not create mobile account and to not create local home). I unbound from AD, rebooted and created a NetRestore image. Rebound to AD, set the Authentication order and rebooted. Now the network account wouldn't login - gives the Can't login now, homefolder on an AFP or SMB server error. (homefolders, sharepoints and permissions just fine.)
  Now for the strange part... I got sidetracked for about a half hour, then I went back to the iBook and the Network account was able to login again. After several unbinding/reboot/rebinding/reboot processes, I narrowed it down to it takes about 11 or 12 minutes after binding to AD for the network account to login properly.
  I had another tech install the 10.4.11 update on an eMac and the logins worked ok. But when I had him unbind/reboot/rebind/reboot, he had the same 11 to 12 minutes before a network account can login (same error.)
  Now for another strange part... he tried unbind/rebind again, but left AD 3rd in the Authentication order (after NetInfo and LDAP for OpenDir). The network account could login right away - these are AD useraccts.
  In my experience since 10.3, I've always had to put AD before LDAP/OD in the authentication order for the user-acct to authenticate name/password to Active Directory properly. I plan on trying this with the iBook tomorrow.
  My homefolders for these accounts are on x-server running 10.4.10 (haven't been brave enough to update the servers yet.)
  Has anyone else experienced these 10.4.11 anomolies with network or moble accounts? Either with 10.4.10 or 10.4.11 servers?

• OS oracle account as an LDAP account

  SA wish to create the OS oracle account as an LDAP account. Looking through the documentation, it specifies that it must be a local account. As an LDAP account wouldn't we have performance problems.
  We are installing oracle 11.2.0.3 client as well as 11gR2 installation with CRS & ASM

  user13584310 wrote:
  SA wish to create the OS oracle account as an LDAP account. I would advise against using LDAP account.
  Looking through the documentation, it specifies that it must be a local account.
  As an LDAP account wouldn't we have performance problems.
  does LDAP become Single Point of Failure?
  We are installing oracle 11.2.0.3 client install client where & why?
  All client utilities are included with Oracle RDBMS software installation.

• Creating windows account

  Being New to Java & LDAP Programming I wanted to know if there is some API for this in Java ..
  I want to create a web application to allow helpdesk to automatically create windows accounts and fileshare for people.. The names for windows accounts will be looked up from Active directory..
  So essentially I want to lookup LDAP and get account info, create account, folder for people..

  No. JCIFS cannot currently do anything that requires RPCs. In theory I think you can do this using pure LDAP but I would likely not be a trivial exercise and may not be fully compatible with the Windows method of mananging users. You would really need to try it and experiment a little.

• When I attempt to send a text from the new iPad, a dialog box appears with the option to either sign in with Apple ID Password or Create New Account. I try signing in using my Apple ID password but IMessage informs me that email address cannot be verified

  When I attempt to send a text from the new iPad, a dialog box appears with the option to either sign in with Apple ID Password or Create New Account. I try signing in using my Apple ID password but IMessage informs me that email address cannot be verified because it is already in use ??? What am I doing wrong?

  settings -> iTunes & App Store
  click on apple ID listed there
  select Sign Out
  sign in with the proper account
  from then on, when the store ask for your password it should be with the correct ID

• When creating iTunes account, my mom provided her credit card information and the system does not accept pre populated province and gives the error message ("please enter at most 3 letters or numbers for province") how does she get past this?

  Why is my mom getting the error message for province when trying to create iTunes account when providing her credit card information?

  Hi Nahal,
  I'm just wondering, is it possible that your Mom (originally) got her credit card in a different province?
  I don't know much, but of this I am certain:  Apple would absolutely, positively, love to help you create an iTunes account!
  Otherwise, you can start here > http://support.apple.com/kb/HE57
  Best Regards,
  mm~

• Can't create new account at EFAX after purchase of HP 6520 e-all in one series printer

  Hello, I just purchased my printer yesterday.So far everthing seems to be working except for creating an account with efax. It takes me to this link: https://www.efax.com/promohp?v=1&tp=HPSW&locale=en-CA&eID=A60F380B434B42506C0D7E7F4095D79C6E823E7D But the 'Create an account' button is greyed out and cannot be clicked on. I am wondering what I am doing wrong?  Thank you,Tracy  

  Hello tt927! I work for eFax and I can help you to subscribe to your free eFax/HP account. I'm sending you a private message indicating the additional information I require to fulfill your request.    

• I am new to IPAD and I want o use facetime, how can I use it to communicate with my mac at home, do I need to create another account with a different email account

  I am new to IPAD and I want o use facetime, how can I use it to communicate with my mac at home, do I need to create another account with a different email account

  do I need to create another account with a different email account
  Yes, the email addresses need to be unique to each device. You may use the same Apple ID on each device, but the email address used by each device needs to be different.

• Cannot login with external LDAP accounts.

  Hi,
  I installed ApacheDS and configured Weblogic. Weblogic can import the LDAP users and groups. And I can use LDAP account to sign in Weblogic Console and EM. But BIEE always prompt "An invalid User Name or Password was entered", even though I added the LDAP account to BIAdministrator role.

  Cheney Shue wrote:
  Hi,
  I installed ApacheDS and configured Weblogic. Weblogic can import the LDAP users and groups. And I can use LDAP account to sign in Weblogic Console and EM. But BIEE always prompt "An invalid User Name or Password was entered", even though I added the LDAP account to BIAdministrator role.Did you check the log files to see if you could get more details on the error?
  Refer to this blogpost to make sure you have followed all the steps correctly: http://www.addidici.com/blog/?p=8
  You need to add the account from LDAP to BISystem Application role.