Inactive user in directory server
Hi,
According to the deployment guide, to inactivate a user in DS 5.0, the nsAccountLock attribute should be made "true".
However, i couldn't find any attribute setting to inactivate a user in NDS 4.12. Any idea?
Thanks!
Hi Vrijesh,
I'd suggest you to mark this thread as answered since the initial question is answered and open a new one with your concern above. There could be many ways to do that. Moreover, when you say that many users do not have Project Pro, this means that some one
them have. Thus it could be confusing to have 2 ways. I'd rather suggest to put in place a process saying that you give access to an assistant to Project Pro and he'll be in charge to inactivate appropriate tasks. Doing this, no additional custom fields, no
formula.
That being said, you can create a new flag "inactive task". Then you have to know how you want to calculate the new %complete. Then create a new task field for the actual work with the formula below, setting the calculation for summary rows to
sum:
IIf([flag1]=Yes;0;8*[Actual Work]/[Minutes Per Day])
This new actual work field will equals to the actual work just if the task is not flagged. Then just create another field to calculated the new %complete.
WARNING: the out of the box fields (remaining, EV) will still be based on the out of the box fields such it might cause confusion. Moreover, it won't prevent resources to update tasks from the timesheet. Thus
I strongly advice to choose a more oriented process solution, as I mentionned above.
Hope this helps,
Guillaume Rouyre, MBA, MVP, P-Seller |
Similar Messages
-
Migrating users from Directory Server 4.16 to 5.2
Hi, I'm trying to migrate users from an old Directory Server 4.16 and importing them to a new 5.2. I tried using the db2ldif script and it succeded in exporting everything into a single file. After I import that data into the new server I can't see those users with Delegated Administrator even though I can see them in the Directory Server. What am I doing wrong?? I also tried exporting single leaves from the server using the db2ldif but I haven't succeded, do you know of a way of doing it??
You shouldn't need to create a mailbox manually. iMS will do that when it has something to put in it.
I fully agree about locating the users, iDA is a little limited for how it finds the users in the user tree. It expects to find a DC tree for domains, and a tree for users. If all isn't exactly where it looks, it won't find anything.
Messaging Server itself may be less restrictive. . .
Much also depends on where the users came from, and your Messaging setup. iMS is capable of "using" directory entries that are correct for Messaging 4.x, but iDA is not. If you migrated from NMS 4.xx, and didn 't update the schema, then iDA won't find the users. . . -
Configure Sun Directory Server 6.3 with SSL in OIM 9.1.0.2
Hi,
I am using OIM 9.1.0.2. i want to Provision User to Directory Server 6.3 with SSL confiuration
Can anyone tell me the steps for configuring the Certificate import, etc..
followed SJSDS_904120 doc but there is no info for DSEE 6.3 in it.
Regards,
Praveen
Edited by: Praveen on Feb 16, 2012 9:08 PMWell not sure about the exact clicks you need to do but the basic steps are that you export certificates from DS and then import it into the jdk which has OIM running. Look at the doc for SJDS6.3 about setting and exporting certs.
-Bikash -
Directory Server SMF tripping over itself (crosspost)
I've posted this question in the SMF related forum too, so if replies could go there, that would be handy: [http://forums.sun.com/thread.jspa?messageID=10940406]
We have a working instance of DSEE6.3.1 under Solaris 10 managed via SMF (using the manifest generated by dsadm/dscfg -- I forget which).
# svcs -a | grep ldap-user
online 10:47:08 svc:/application/sun/ds:ds--data-ldap-user-instanceAfter a forced shutdown, DSEE starts up and does a self-recovery (as it should). When that's complete, the slapd process is running and the startup script exits with status 221 (ie. Not 0) -- however slapd is running.
SMF notices that it's !0 and tries to restart DSEE... by issuing another start. This second start then exits almost immediately saying "slapd already running" but this time exits with 0 -- are we ok? No... cos SMF then notices that all the processes it just started have gone away so it calls "stop" followed by another "start".
This is where it gets a bit hazy as it looks like DSEE never shut down cleanly again so the whole process repeats itself ad infinitum (although I suspect that's a separate issue). :-(
I guess what I'm asking is -- is there a way to stop SMF from doing that: perhaps treat exit=221 as non-fatal and perform a service check?
Log file below:
[ Feb 26 21:40:42 Enabled. ]
[ Feb 26 21:40:50 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Failed to start Directory Server instance '/data/ldap/user/instance'
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Directory Server instance '/data/ldap/user/instance' has detected a disorderly shutdown or a change in cache
size
Recovery phase is starting, this may take a while...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
ns-slapd wrote the following lines in the error log (/data/ldap/user/instance/logs/errors):
##[26/Feb/2010:22:00:07 +0000] - Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.0156 (64-bit) starting up
##[26/Feb/2010:22:00:09 +0000] - WARNING<20488> - Backend Database - conn=-1 op=-1 msgId=-1 - Detected Diso
rderly Shutdown last time Directory Server was running, recovering database.
##[26/Feb/2010:22:01:38 +0000] - Database recovery is 0% complete.
##[26/Feb/2010:22:01:51 +0000] - Database recovery is 100% complete.
##[26/Feb/2010:22:01:59 +0000] - WARNING<20805> - Backend Database - conn=-1 op=0 msgId=-1 - search is not
indexed base='cn=changelog' filter='(replicationcsn>=4b87f656000000000000)' scope='sub'
[ Feb 26 22:02:17 Method "start" exited with status 221 ]
[ Feb 26 22:02:17 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Directory Server instance '/data/ldap/user/instance' is already running (pid: 352)
[ Feb 26 22:02:18 Method "start" exited with status 0 ]
[ Feb 26 22:02:18 Stopping because all processes in service exited. ]
[ Feb 26 22:02:18 Executing stop method ("/opt/SUNWdsee/ds6/bin/dsadm stop --exec /data/ldap/user/instance")
Directory Server instance '/data/ldap/user/instance' stopped
[ Feb 26 22:02:20 Method "stop" exited with status 0 ]
[ Feb 26 22:02:20 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Failed to start Directory Server instance '/data/ldap/user/instance'
.......................... repeat ........................Well, one way around it is to write your own start script and manage the exit codes yourself.
I have some doubts about the autorestart configuration of DS, especially in a case like this where the server seems to be crashing. Realistically, you can end up worse off if your server has crashed by automatically restarting it. Your data may be corrupt, and the process may eventually stay up (especially if you work around the current issue), but the DS is not really healthy and it does need an administrator to investigate what's wrong with it. It may also return inconsistent or simply bad data to clients. All in all, I would prefer an instance in such a state to stay down and trigger alarms, assuming it has failover peers that can take on its workload. -
Directory Server SMF tripping over itself
We have a working instance of DSEE6.3.1 under Solaris 10 managed via SMF (using the manifest generated by dsadm/dscfg -- I forget which).
# svcs -a | grep ldap-user
online 10:47:08 svc:/application/sun/ds:ds--data-ldap-user-instanceAfter a forced shutdown, DSEE starts up and does a self-recovery (as it should). When that's complete, the slapd process is running and the startup script exits with status 221 (ie. Not 0) -- however slapd is running.
SMF notices that it's !0 and tries to restart DSEE... by issuing another start. This second start then exits almost immediately saying "slapd already running" but this time exits with 0 -- are we ok? No... cos SMF then notices that all the processes it just started have gone away so it calls "stop" followed by another "start".
This is where it gets a bit hazy as it looks like DSEE never shut down cleanly again so the whole process repeats itself ad infinitum (although I suspect that's a separate issue). :-(
I guess what I'm asking is -- is there a way to stop SMF from doing that: perhaps treat exit=221 as non-fatal and perform a service check?
Log file below:
[ Feb 26 21:40:42 Enabled. ]
[ Feb 26 21:40:50 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Failed to start Directory Server instance '/data/ldap/user/instance'
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Directory Server instance '/data/ldap/user/instance' has detected a disorderly shutdown or a change in cache
size
Recovery phase is starting, this may take a while...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
Waiting for Directory Server instance '/data/ldap/user/instance' to start...
ns-slapd wrote the following lines in the error log (/data/ldap/user/instance/logs/errors):
##[26/Feb/2010:22:00:07 +0000] - Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.0156 (64-bit) starting up
##[26/Feb/2010:22:00:09 +0000] - WARNING<20488> - Backend Database - conn=-1 op=-1 msgId=-1 - Detected Diso
rderly Shutdown last time Directory Server was running, recovering database.
##[26/Feb/2010:22:01:38 +0000] - Database recovery is 0% complete.
##[26/Feb/2010:22:01:51 +0000] - Database recovery is 100% complete.
##[26/Feb/2010:22:01:59 +0000] - WARNING<20805> - Backend Database - conn=-1 op=0 msgId=-1 - search is not
indexed base='cn=changelog' filter='(replicationcsn>=4b87f656000000000000)' scope='sub'
[ Feb 26 22:02:17 Method "start" exited with status 221 ]
[ Feb 26 22:02:17 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Directory Server instance '/data/ldap/user/instance' is already running (pid: 352)
[ Feb 26 22:02:18 Method "start" exited with status 0 ]
[ Feb 26 22:02:18 Stopping because all processes in service exited. ]
[ Feb 26 22:02:18 Executing stop method ("/opt/SUNWdsee/ds6/bin/dsadm stop --exec /data/ldap/user/instance")
Directory Server instance '/data/ldap/user/instance' stopped
[ Feb 26 22:02:20 Method "stop" exited with status 0 ]
[ Feb 26 22:02:20 Executing start method ("/opt/SUNWdsee/ds6/bin/dsadm start --exec /data/ldap/user/instance
Failed to start Directory Server instance '/data/ldap/user/instance'
.......................... repeat ........................Well, one way around it is to write your own start script and manage the exit codes yourself.
I have some doubts about the autorestart configuration of DS, especially in a case like this where the server seems to be crashing. Realistically, you can end up worse off if your server has crashed by automatically restarting it. Your data may be corrupt, and the process may eventually stay up (especially if you work around the current issue), but the DS is not really healthy and it does need an administrator to investigate what's wrong with it. It may also return inconsistent or simply bad data to clients. All in all, I would prefer an instance in such a state to stay down and trigger alarms, assuming it has failover peers that can take on its workload. -
Changing the Name of an Open Directory Server while preserving users, etc.
Hi Everyone,
Not an emergency - but I have been wrestling with this dilemma for almost a year now.
The good news is nothing has to be done right away. But I will ultimately need a solution.
We have inherited a server system at a traditional elementary school from a previous IT person who was immature to say the least.
When he set up the server system, he named the open directory server something that, while innocuous is inappropriate for a school setting. I am sure he thought it was clever and cheeky at the time. But a few years later it is simply unprofessional. And we are being expected to ultimately be able to change it so something like "XXXdirectory.domainname.edu" The more it hangs around - the longer it looks like we did this and it makes us look unprofessional.
So here is my dilemma.
This is an OD Master with iCal and network homes attached to it. It also runs DNS.
I would like to set up a new server and name it "xxxdirectory.schooldomainname.edu"
Setting up the new server is easy and getting all the client machines to bind to it - no problem.
The problem is how to migrate all the users to the new server. It seems a restore wont work because if the new server is named differently, the restore will fail. I also can't do a server migration because the stupid name migrates to the new server.
My old server is 10.5.8 Server. The new one is 10.7.1 Server . But could be 10.6.8 Server if need be.
The main problem is how do I get all the accounts onto a new server with a new OD master name?
I don't mind command line stuff. So throw whatever you got at me.
Thanks in advance for your help everyone. Don't worry - I won't be a pain in the butt or argue. I just need some good solid guidance, even if it is a "Not possible" answer - at least I have something to tell the administration when they want to know why we can't change the OD Master name from mcnugget.schoolname.edu.
Please let me know if you need more details. I am happy to provide.
Thanks again.
TonyIf you don't mind resetting everybodies password then you can export the users and groups and wipe the server for a clean install or turn it into a standalone server then back into od master then import the users and groups.
-
H/w requirements for DIrectory server for 200,000 users
Hi,
I would like to implement Directory services for 200,000 users. How can I know whether iPlanet Directory 5.1 will support this many users or not? If supports, Which h/w I have to use?
If any one can let me know the formula to calculate users and h/w
ThanksThe directory server can handle many more users than 200K. The hardware requirements calculations are amply explained in the book "Solaris and LDAP Naming Services" by Bialaski. If you have iPlanet support contract they can provide you tuning information which includes this info.
You should remember the possibility of growth and load in terms of number of clients and peak requests per second. With your needs, my gut feeling is that even a Netra can host it. However, if it's an enterprise service you may want to go with at least 220 machines in a replicated configuration for load balancing and availability.
DISCLAIMER: Use these opinions at your own risk. You must do your own analysis and calculations to design a suitable physical/logical architecture. -
Mountain Lion Server: Network users Home directory mount problems
I am having several problems with my server after a latest name change of the server via Server.app. (A first name change made problems, after that I have been trying to repair, changing the name a few times more. With latest name change, I also changed the server name itself from Foo to Bar while changing domain name from domain.com to bar.domain.com after which I repaired DNS so it covers the whole domain.com domain).
The users in the Network directory think their home directory is on afp://domain.com/Users, but the server is now called bar.domain.com. /Network/Servers/bar.domain.com does not exist on the server. Client machines (with mobile home directories) are now able to sync, because I added an A record for domain.com to DNS (not nice, but does the job, or more specifically that job). Also on the clients, I can go to a SHARED folder in Finder with the name Bar and go to Users and see al the home directories there. But:
bash-3.2# ls -l /Network/Servers/
total 4
dr-xr-xr-x 2 root wheel 1 Apr 14 11:14 domain.com
dr-xr-xr-x 2 root wheel 1 Apr 14 11:14 foo.domain.com
bash-3.2# ls -l /Network/Servers/*
/Network/Servers/domain.com:
total 2
dr-xr-xr-x 2 root wheel 1 Apr 14 11:14 Users
/Network/Servers/foo.domain.com:
total 2
dr-xr-xr-x 2 root wheel 1 Apr 14 11:14 Users
bash-3.2# ls -l /Network/Servers/*/Users
/Network/Servers/domain.com/Users:
ls: Users: Input/output error
/Network/Servers/foo.domain.com/Users:
ls: Users: Input/output error
So, on the server looking for folder ~user does not work. It wants to go to afp://domain.com/Users/user but that is unreachable.
Any tips on what I can do except do a clean rebuild of the server (again)?
(One of the obvious problems is that the Realm of OD is still called foo.domain.com, the origin of my problems has been that the first name change from foo.domain.com to domain.com (ill-advised, I know) failed — partly).
What I'd like to know is:
- where is it determined which servers end up in /Network/Servers?Som additional info:
Other machines can mount afp://foo.domain.com/, afp://domain.com/ and afp://bar.domain.com/, but the server itself cannot mount them via Finder. -
Provisioning Sun directory Server to a User in OIM
I am learning a OIM tool since 2 months, I could not able to do provisioning sun directory server to a user in OIM, the error is I am not getting the value for Organization DN. I am using ODSEE 11.1.1.5.0 and OIM 11.1.1.5.0. I have followed below steps
1. Copy Connector and External Code Files.
2. Configure Oracle Identity Manager Server.
3. Import an Oracle Identity Manager Connector.
4. Define an IT Resource.
5. Create a User.
6. Assign the Connector to a User.
Please anyone suggest me solution for this problem.Hi,
You need to run organization lookup reconciliation first then select value in the process form.
If you are getting particular error, paste error messages from console?
Regards,
Raghav. -
Install Sun ONE Directory Server 5,2 & how to use it for authenticate user
Good afternoon, Excuse, are newbie in the scope I am learning and putting desire to him, this in my situation I am trying to install Sun ONE Directory Server 5,2 since I understand that this it is application LDAP for Solaris, ok I want to install it to authenticate user against the system, that is to say, to be able to acces the server entering with a created user from the data base of LDAP and make think user that his created in the system. But the documentation that I finds indicates the installation of Sun ONE Directory Server 5,2 but it not clearly about how to use it for authentication. Some one have any manual step by step of Sun ONE Directory Server 5,2 installation and how to make it for authentication systems users.
I read the forum seeking for anwser and i get confuse
Thanks for the help and sorry for any inconvenient
Message was edited by:
Aku_28
Message was edited by:
Aku_28I think that I found the Sun endorsed book locations for using LDAP accounts that don't use authentication besides "crypt". I now can use an account with a "ssha" password. It can be more than 8 characters long.
Chapter 14 System Administration Guide: Naming and Directory Services
Read page 201 which is the pam.conf file pam_ldap setups. I edited my "/etc/pam.conf" file to reflect this
Chapter 7 Directory Server 5.2 2005Q4 - Administration Guide
Read page 316-318 which has a graphical technique to specify password syntax. I set it up and then tried the password by running "su - brahms". It now requires a longer password than 8 characters and it is set up to use "ssha" for that UID entry "brahms". -
Retrieving user data from Directory Server using java code
Can anyone send java code to bind to directory server and retrieve the user information from server instance.
To CRabel,
My company have restriction on using the open sources product/code, but i will take a look on netscape ldap sdk as a reference~
To raghu1978 ,
i find a product call Directory Editor 1 2005Q1, I hope it is useful.
thz all~ -
Migration Users with MD5 Passwords to Directory Server 6.1 on Solaris 10
Hi,
We are currently in a requirement of migrating some users to a application database to inside LDAP. Currently Application maintained the passwords in the MD5 hash form. Typical 32 digit Hex value - 41da76f0fc3ec62a6939e634bfb6a342
Is there a way we can migrate these Users password to directory Server as-is so that they don't end up facing the prospect of resetting post migration.
I have done some of the initial ground work but seems to be missing other critical info if at all it's possible.
I believe it's possible to have CRYPT password policy (which directory server uses from underlying OS) as one of the plug-ins to configure in a way that underlying CRYPT utility starts to process/provide/support MD5 hashes. I got it to work, my using the below command on DSEE instance:
dsconf set-plugin-prop -p 389 CRYPT argument:'$md5$'
But for some reasons the MD5 hash (Sun MD5 library) provides does not match with the original hash value. It's 22 char long (as I have not specified any salt length) so I am assuming it's Base64 encoded. I have a perl script which converts the original 32-digit hex values to a base64 encoded representation (which I have also verified with other open source tools)
Is there a way I can tweak CRYPT utility or something so that it understands typical standard MD5 hashes. (Confused between Sun MD5 and BSD (Linux) MD5 - none of them seems to match standard MD5 generated value).
Any leads on this would be really helpful ?Just to reclarify or throw more information:
a password - cleartext value - testuser1 has 32-digit HEX value as - 41da76f0fc3ec62a6939e634bfb6a342
Same password when converted to Base64 pattern becomes - Qdp28Pw+xippOeY0v7ajQg==
But when I use pwdhash utility in DSE after configuring CRYPT to use MD5 hashes it becomes -
{crypt}$md5$$LiB/H70zXr3xfQPoXVuUQ1
I used below command :
pwdhash -D /opt/SUNWdsee/dsee6/ds6/slapd-oha-dev -s CRYPT testuser1
Actual hash value of pwdhash is -LiB/H70zXr3xfQPoXVuUQ1 with rest of the prefix is to meet RFC standard and salt and algo name separator.
I am wondering if Sun MD5 default uses any salt even when I haven't used or DS does it. Or if any other MD5 option is there which can be used.
Thanks,
Gaurav -
How to validate users with Novell Directory Server
Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
Directory Sever?
ThanksHi
I believe iAS is designed to work with iDS which is bundled along
with the SP3 download. Also the directory server which is working with
iAS must be Nortel LDAP Schema compatible and I'm not sure if NDS(Novell
Directory Server) is compatible. What I'm trying to understand is if you
have already registered iAS with NDS and you are having trouble in
accessing the users or if you are having trouble in the installation.
Raj
Josep Maria Camps Riba wrote:
Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
Directory Sever?
Thanks -
IPlanet directory server can't start in a user account - A bug?
I installed iplanet directory server 5.1 in Solaris 9. I am using typical install mode. I set UserA/GroupA to represent the directoy server that means the directory server instance running in this user account. After I input the user name and group name, it gives a very strange message, say "suffix must have a valid dn. Press any key to continue" After I press any key, it continue to do other setup. Once instllation done, if I try to login as that user account and start-slapd, it just give an error message, " iplanet/servers/bin/slapd/server do not have permission". I checked this directory, UserA do not have even read access to the directory.
So is this a bug in this verion of directory server/
Thanks,
IrisIt's very likely that you gave an Invalid DN for the Suffix of your directory instance...
The setup should have asked again the DN... It looks like a problem with the setup command.
Ludovic -
User base Synchronization between SAP and MS Active Directory Server
Dear all!
I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
i successfully implemented the synchronization of user data between SAP and the ADS.
My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
Currently I don't have a clue how to do this.
Regards,
ChristophHave you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
Regards,
Marc g
Maybe you are looking for
-
How Do I Stop iTunes syncing my iPhone automatically?
I have owned an iPhone 5 for a little shy of two years now. I love it but it has one irritating feature that I can't seem to get rid of. When I had an iPod years ago one of the things I liked about it was the simple drag and drop method of loading
-
Text in header and text in footer in sap scipt ?
how to print header in ist page and footer in last page in sap script?
-
Import Multiple Files In One Pdf Size
Acrobat 8, Windows XP I have multiple files with several paper sizes and want to import them all A4 size, in pdf. When I import them, each page is a different size, how can make all pdf pages A4?
-
New Hard drive not working - please help!!!
This is an original thread that I'd started: http://discussions.apple.com/thread.jspa?threadID=2066043&tstart=0 Since that, I tried the following this morning. I took out the old 100GB drive and fitted the new 500GB (blank) drive. My plan was to fres
-
Having loaded a gift voucher,how do I keep track of credit .
Having loaded a gift voucher can I view credit available after making purchases