LDAP Mobile Users & Password (not) Syncing

Hi folks, we are starting to enable LDAP for our notebook users and have one issue that hopefully someone has some advice on.
We're using a Linux based LDAP server, 389 Directory Server.
Our users can authenticate, login, we make them admins, and enable the mobile user account.
It works well until they change their password on LDAP via our web interface.
Their new password works for Lion so long as they are on our network.  Once they take their notebook away and can't reach our ldap anymore, the mobile user account will only accept their original ldap password.
It seems as if the passwords are not being synced/cached locally.  I just discovered this before coming home for the weekend and hope to have a few hints to get going on Monday if anyone has a suggestion.
One last thought is that we turn off Home Directory Sync because we're not using network based home directories yet (set it to manual in Mobile Accounts). Would that also disable password syncing except when a manual sync happens?
Thanks folks!

Hi Steve.
We have mobile accounts turned on, but we do not have home directory synching. Faculty/Staff, must at least once, login with their mac while on our campus network. This authenticates the faculty/staff against our LDAP server (Solaris) and "caches" their credentials using the Mobile user feature of Lion. Once they login in once the can then go off campus and use that password to log into their machine, do updates, whatever.
The issue we have is when someone changes their LDAP password from our "web account tools" page it is spotty on the LDAP Snyc with the machine.
Hope that helps
-DK

Similar Messages

  • SLD connection user/password not working.

    Hello friends,
    I am new bee in SAP Netweaver.
    I installed SAP Netweaver for java.
    Now I want to connect it with BAPI from SAP.
    so, some where i am sucked with SLD. I opened Visula Administrator and nothing there to connect.
    I also tried http://localhost:50000/sld but my user/password not working.
    1. What to do to see/get username/password for SLD?
    2. How to connect netweaver to access SAP ZBAPI?
    Regards,
    RH

    Hello friends,
    I am new bee in SAP Netweaver.
    I installed SAP Netweaver for java.
    Now I want to connect it with BAPI from SAP.
    so, some where i am sucked with SLD. I opened Visula Administrator and nothing there to connect.
    I also tried http://localhost:50000/sld but my user/password not working.
    1. What to do to see/get username/password for SLD?
    2. How to connect netweaver to access SAP ZBAPI?
    Regards,
    RH
    Hi Ronny.
    Where is your UME running? On the java engine, on an ABAP system or at a LDAP?
    What i want to say is that your user has to gain the rights to connect to the SLD. Easiest way is to give you admin rights - to do that you have to know where your userstore is running....
    I am not sure if this is correct http://localhost:50000/sld
    Normally it should look like http://my.sap.com/56600/sld where my.sap.com is a fqdn and 56600 is the port of the java engine. 66 ist the system number of the as java.
    ZBAPI? I do not really know but i think you have to use a jco to connect...
    regards,
    Martin

  • Mobile Me will not sync iCal on my laptop

    Mobile Me will not sync iCal on my laptop

    Hi
    Did you get a fix for this ? I cannot get a sync of my calendars between my laptop, imac and iphone with mobile me - its really annoying !!
    Any help out there. Even with itunes it wont snc some data
    thanks

  • Changing a mobile users password has no effect

    Hi!
    Changing a mobile account users password on the server doesn't work. On a 10.7.4 server I changed a network user's password, who has a mobile account and was connected to the local network, but he could not log in with either the old or the new password?!?!? I could understand if the change didn't work if the user was off site, but shouldn't this "just work"? I tried both in Server.app and WGM, but still not working. When setting the old password on the server again, it worked!
    Anyone else had this problem? Any solutions. It has happened to 2 users, same story. Clients are 10.6.8 clients.

    Ok, I found out what's wrong.
    To "pan" an image you have to change bounds origin of PARENT view.
    - (void)applicationDidFinishLaunching:(UIApplication *)application {
    CGRect viewRect = CGRectMake(50, 50, 100, 100);
    UIView* myView = [self createView:viewRect withColor:[UIColor redColor]];
    UIView* childView = [self createView:CGRectMake(0, 0, 50, 50) withColor:[UIColor blueColor]];
    [myView addSubview:childView];
    [window addSubview:myView];
    myView.clipsToBounds=TRUE;
    myView.bounds=CGRectMake(45, 45, 100, 100);
    [myView release];
    [childView release];
    [window makeKeyAndVisible];
    -(UIView*) createView:(CGRect)viewRect withColor:(UIColor*)color
    UIView* myView = [[UIView alloc] initWithFrame:viewRect];
    myView.backgroundColor=color;
    return myView;
    }

  • Mobile users are not in login list, and OD settings don't apply until after login

    Good morning all,
    One of my organization's users has an iMac running Lion, and it's bound to both Active Directory and Open Directory. I have his workstation's OD account in a group that is configured to create a mobile user when logging into a network account, and to display the login screen as a username and password instead of a list of users. He uses an AD user account to log in.
    The first hangup is that even though OD is set to display a username and password box for the login screen, when I turn on or reboot the machine, it displays a list of users instead. If I log into one of the users, and then immediately log out, it works perfectly - I get the username and password boxes, but only after I log into the machine once. If I reboot, I end up right back at the list of users.
    The second hangup is that when I get this list of users, no mobile accounts appear. This means that the mobile account associated with my client's AD account does not appear at the login screen on first boot. Moreover, the "Other..." button does not appear, either, even after a substantial time delay.
    The sum result of these problems is that the only way that my client can log into his machine immediately after boot is to log in to a temporary local account I created for him, then log out and use the username and password boxes to log in to his AD account. Any suggestions?
    Please note that this is cross-posted from the OS X Lion Server forum, as I don't know if it's a client or server-related issue.

    Good morning all,
    One of my organization's users has an iMac running Lion, and it's bound to both Active Directory and Open Directory. I have his workstation's OD account in a group that is configured to create a mobile user when logging into a network account, and to display the login screen as a username and password instead of a list of users. He uses an AD user account to log in.
    The first hangup is that even though OD is set to display a username and password box for the login screen, when I turn on or reboot the machine, it displays a list of users instead. If I log into one of the users, and then immediately log out, it works perfectly - I get the username and password boxes, but only after I log into the machine once. If I reboot, I end up right back at the list of users.
    The second hangup is that when I get this list of users, no mobile accounts appear. This means that the mobile account associated with my client's AD account does not appear at the login screen on first boot. Moreover, the "Other..." button does not appear, either, even after a substantial time delay.
    The sum result of these problems is that the only way that my client can log into his machine immediately after boot is to log in to a temporary local account I created for him, then log out and use the username and password boxes to log in to his AD account. Any suggestions?
    Please note that this is cross-posted from the OS X Lion Server forum, as I don't know if it's a client or server-related issue.

  • User Password Not Replicated during ACS Replication

    I am provisioning user accounts in ACS through a provisioning system. The provisioned ACS is set to replicate user and group database to another ACS. Replication interval time is set to 15 mins.
    Problem is that even though the replication cycle runs every 15 mins, if no user is added or deleted, the pre-checks determine that outbound replication is not required and cycle is completed. Hence, if user's password change, they are not replicated to other ACS and in case the authentication request goes to the other ACS then it fails. Manual replication is fine.
    How to make sure replication is run even in case of user password change and not just when a user is added or removed.

    Hi,
    What is the acs ver ? Are the user accounts you are referring to stored? i.e. are the local to the ACS server itself, or are they defined in an external user database (e.g. Active Directory, LDAP, etc.)?
    Users defined via Active Directory are dynamically mapped to a user account in ACS and this account information is typically not replicated since the users created are dynamic and can change properties based on
    configuration/changes in Active Directory itself.
    Regards,
    Jagdeep

  • Change User password not working in SAP ME 6.0

    Hi,
    In SAP ME 6.0 SP01 6.0.1.0 Counter 40, the activity "Change User Password" does not work for me or any other user.
    The activity window (Netweaver) shows, but in the top it says "An error occurred - contact system administrator".
    This is the output from the default trace file. Seems my user is not authorized, but where do I set this authorization?
    Br,
    Johan
    #2.0 #2011 09 06 11:15:11:064#+0200#Error#com.sap.security.core.wd.jmxmodel.JmxModelComp#
    #BC-JAS-SEC-UME#sap.com/tcsecumewduimodel#C0000AD3034800820000000100000450#9934850000000004#sap.com/tcsecumewdkit#com.sap.security.core.wd.jmxmodel.JmxModelComp#JONORD#16##380199ECD86811E088C3000000979802#ae0e9d52d86811e08e7a000000979802#ae0e9d52d86811e08e7a000000979802#0#Thread[HTTP Worker [@312363456],5,Dedicated_Application_Thread]#Plain##
    public void supplyCompany(IPrivateJmxModelCompInterface.ICompanyNode node, IPrivateJmxModelCompInterface.IContextElement parentElement)
    [EXCEPTION]
    com.sap.engine.services.jmx.exception.JmxSecurityException: Caller JONORD not authorized, required permission missing (javax.management.MBeanPermission -\#getCompanyConceptEnabled[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
         at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)
         at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)
         at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)
         at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:288)
         at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)
         at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)
         at com.sap.security.core.jmx._gen.IJmxServer$Impl.getCompanyConceptEnabled(IJmxServer.java:1415)
         at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.supplyCompany(JmxModelCompInterface.java:1498)
         at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.supplyCompany(InternalJmxModelCompInterface.java:710)
         at com.sap.security.core.wd.jmxmodel.wdp.IPublicJmxModelCompInterface$ICompanyNode.doSupplyElements(IPublicJmxModelCompInterface.java:4301)
         at com.sap.tc.webdynpro.progmodel.context.DataNode.supplyElements(DataNode.java:110)
         at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
         at com.sap.tc.webdynpro.progmodel.context.MappedNode.createMappedElementList(MappedNode.java:78)
         at com.sap.tc.webdynpro.progmodel.context.MappedNode.supplyElements(MappedNode.java:71)
         at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
         at com.sap.tc.webdynpro.progmodel.context.MappedNode.createMappedElementList(MappedNode.java:78)
         at com.sap.tc.webdynpro.progmodel.context.MappedNode.supplyElements(MappedNode.java:71)
         at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
         at com.sap.tc.webdynpro.progmodel.context.Node.getElements(Node.java:270)

    Hi,
    Change User Password screen is in fact user self services screen of NW UME and to access it, user must have Manage_My_Password action. Installation and Security Guide ask to assign this action to all roles.

  • User password not taken in consideration after a company copy

    Hi All,
    After a company copy, user passwords are not replicated; we´re only able to connect with manager and then reset all passwords.
    Is there anything to do to avoid this?
    Thanks!

    Hi.
    When you use the Copy Express function, it copies data from one database to another.
    I also do believe that when using Copy Express, all passwords for users are reset and needs to be added manually before entering the new company for the first time.
    Kind Regards,
    Runar Wigestrand.

  • Mobile Account will not sync

    I am having no end of problems syncing a mobile account.
    Have set up a mobile account on Server (10.5.7) and specified in WGM to sync a ~/Documents/Company folder where we'll create all our company documents. I went to client that was bound to server OD and tried to log onto the mobile account, but couldn't until I logged in with this mobile account on the server .. and then could only log onto the server after I created a home directory. But after mobile user account logged into server, I could then log into client and it shows as a "mobile" account.
    I put a few documents in the ~/Documents/Company folder and I expect on log off it would check the network home directory folder (there is ~/Documents/Company folder there too) and copy files to it. So I'd have a backup of these files.
    Nothing seems to sync.. that is the server folder never gets updated as I expect. I have AFP service on and I restarted it, but no luck..
    I have no idea where to begin troubleshooting this. I've read the Apple Server Management as well as any other docs I could find.
    Dave Crabbe
    Nova Scotia Community College

    Officially no. http://support.apple.com/kb/HT4929
    Though some alledge success https://discussions.apple.com/thread/3103493?start=30&tstart=0
    Good luck & let me know how you go.

  • User password not accepted after migration

    Source: iMac Lion OSX.7.4  Destination iMac OSX6.8
    Problem: user password is not accepted after migration
    What I did: Tried to migrate over the LAN, but in the migration assistant the other Mac was mutually never recognized. (Did migrations several times successfully in our LAN before). Last time the LIon Mac was the destination, who is now the source.
    I backupped then the  user with Time machine on the Lion and installed it with the migration assistant on the Snow Leopard system. As as the password was not accepted, I repeated the backup/migration process once. No help
    I reset in System Prefs/User accounts the password of that user. But cannot login either
    First time, that a migration process fails for me.
    Any help is appreciated
    Thanks
    Urs

    The target computer itself has admin accounts thats not the problem, I can access it. The issue is that the migrated additional user account is not accessible with its password.
    I have found here an istruction how to reset a password in single user mode.
    http://www.macyourself.com/2009/08/03/how-to-reset-your-mac-os-x-password-withou t-an-installer-disc/
    But that does not help either.The answer after the dscl -passwd command is that I do not have access (or similar, I don't remember)
    My guess is that backward migration (Lion to Snow) causes the problem. May be I need to create the user freshly and to copy his documents manually

  • Mobile me data not syncing to iPhone?

    Calendar and contact entries made on my Mac are showing in Mobile me but not on my iPhone? I've reset both the computer ans the phone but still nothing...any thoughts/ Thanks.

    Try removing the mobile me account from iPhone... then reset the sync data... either replace what's on the cloud with what's on the MAC or vise versa...
    Then add the mobile me account back again... that should resolve...
    I just had to do this and it worked for me... prior to this no contacts or anything showed up on iPhone even though the mobile me account was installed and I could send and receive email... calendar and contacts were absent until I performed these steps...

  • DirSync + PwdSync - Passwords not syncing, error 611 Unable to open connection to domain

    Hello Everyone.
    I've installed and configured DirSync with Password Sync (PwdSync) in a forest with 4 domains.
    I'm using the most recent DirSync installation at the date of this post, 6475.0007.
    The domain structure is
    Parent Domain
    - Child Domain 1
    -- 'Grand' Child Domain 1
    - Child Domain 2
    I am successfully syncing users from Child Domain 1 only. I'm using container filtering to sync only 1 selected OU at this stage while I'm testing before deployment.
    User's in the selected OU are syncing and AD details are correct. To filter out the domains I didn't want to sync, I had to create an empty OU in each domain and select to sync it. Also in each domain I had to create an account with the
    same username and password as the Enterprise account I set up for DirSync.
    I enabled Password Sync while using the Windows Azure Active Directory Configuration tool.
    After a full sync I receive a 611 error in the Application Log, source Directory Synchronization.
    Password synchronization failed for domain: child1.domain.com . Details:
    Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain:
    child1.domain.com .
    Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. --->
    Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsSecurityException:
    RPC Error 5 : Access is denied. Error creating DRS context handle.
    It appears that it's not enough to tick the box to enable Password Sync.
    I got a successful sync only after I did the following:
    On the DirSync server, opened C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1
    Run the command Enable-MSOnlinePasswordSync
    Log in with the Enterprise Admin credentials for the forest
    Run the command Start-OnlineCoExistenceSync to begin a sync
    I verified the password sync worked successfully with my synced users.
    Maybe I missed something in the instructions but I only tried this after reading a blog post by Jethro Seghers. Thanks Jethro!

    Your 4 steps are essentially already included during the normal setup wizard process, with the exception of #3.  Because DirSync runs as a service, you logging in to windows as an enterprise admin is not required.  It is possible however that
    there were replication or other delays in your multi-domain environment. 
    Mike Crowley | MVP
    My Blog --
    Planet Technologies

  • WIFI password not synced with iOS device

    For short: I'm excluded off my own WIFI net because Apple's iCloud Keychain didn't sync the WIFI password from my MacBook to my iPad.
    For my holidays I bought a nice portable WIFI hard disk. This device can not only take the memory cards of my camera and store the images without any computer, but also establishes a WIFI network, by which I can access the content of the mobile harddisk wirelessly.
    At home, I configured this neat device with my MacBookPro and accessed it via WIFI by choosing the WIFI hard disk's network and entering the password, which Apple suggested during the configuration process of the WIFI hard disk. At this moment (entering the WIFI password to connect with the hard disk's network), I had to recurr onto the OSX keychain helper: look for the formerly entered password and paste it into the WIFI accounting form - and check the box "store in the icloud keychain". Ok.
    Ok? Nothing's ok on my iOS devices (iPad and iPhone). Why?
    By checking the box, I was sure that the password would indeed be synced with and stored within the iCloud keychain.
    But I went wrong!
    Now on holidays, with my camera, my iPad, my WIFI hard disk and – without my MacBookPro (because it's a holidays killer) – I tried to connect my iPad with the WIFI of the mobile hard disk. Seeing it's WIFI network, I tapped on it and got the accounting dialog: Enter password.
    Which password?!?
    I had instructed the Apple iCloud to store this password – and deliver it to any authorized device if needed.
    But Apple, seemingly, did NOT do this and failed to deliver the password to my iPad (which is naturally registered to the same Apple ID as my MacBook).
    What shall I do now? I have NO access neither to my MacBookPro (which is at home) nor to my iCloud keychain (which Apple thinks the best to protect against me).
    To be honest, I feel patronized in a very ugly way by Apple - once again.
    My question is: Why isn't there a way to access or manage the iCloud keychain from an iOS device? Should it be that Apple thinks these devices are LESS SECURE?
    Any help is very welcome! Thanks in advance.

    Thanks, FromSouth -
    I called Apple Support and they also said that she has to have access to my iCloud account. We did figure out that some of the notes from 2011 and 2012 are from a shared business account which also allows notes, but that is a Verizon account and should not impact, in any way, shape, or form, the iCloud account.
    I do not believe my daughter actually did this; I am guessing that her iCloud account was also accessed by her husband (who is not a good guy), and he, without her knowledge, synced her iCloud to his iPhone to track all her stuff. I then believe he got hold of mine and did the same a couple of days ago, as we are all together for a large family vacation (in the same house).
    I guess I have a couple more questions about this, though:
    Normally, when you sync a new device with your account, you get a message on all your old devices - but I did not get anything of the kind. How would this be possible? I guess maybe if he synced it while standing there with my iPad, then my iPad would get an alert, and he would just turn it off?? (I know all this sounds excessive, but believe me, he'd go to this length.)
    I find it difficult to believe that he could have cracked my iCloud password - it's not something that anyone would ever put together easily. How would he be able to access the account without a password? Is there any kind of app or software that he could have installed on my iPad that would allow that? (Again, believe me, he'd do it.)
    Is there any way to see in iCloud what devices are linked to the account? That alone would show me what device has this.
    Finally, I have my iPad password-protected, so I cannot imagine he would have gotten into my iPad in the first place...how would he have gained access to this otherwise? I really thought I was being very smart on how I set this all up, and two days in the same location as him and now this....
    I really thank you for any help you can give me on this one...
    Thanks!

  • User password not recognised

    I have recently downloaded flash player and it asked me for my password, which did not work. It then asked for my appple ID and downloaded the app.
    Since this I have not been able to log on as a main user and I am now only able to use guest as my password is not being accepted.

    First, make sure caps lock is not on.
    You must back up all data before continuing, unless you've already done so. If you need to back up but can't log in, ask for instructions.
    If the user account is associated with an Apple ID, and you know the Apple ID password, then maybe the Apple ID can be used to reset your user account password.
    Otherwise*, boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
    When the OS X Utilities screen appears, select
    Utilities ▹ Terminal
    from the menu bar.
    In the Terminal window, type this:
    res
    Press the tab key. The partial command you typed will automatically be completed to this:
    resetpassword
    Press return. A Reset Password window opens.
    Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
    Select your username from the menu labeled Select the user account if not already selected.
    Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
    Select
     ▹ Restart
    from the menu bar.
    You should now be able to log in with the new password, but your Keychain will be reset (empty.) If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it.
    *Note: If you've activated FileVault, this procedure doesn't apply. Follow instead the instructions on this page:
    If you forget the password and FileVault is on

  • Stored passwords not syncing between computers.

    I'm trying to use Firefox to Syncronize data between computers. It was working, but somewhere along the way it has stopped. I now have three computers, of which I'm trying to have two of them synced together. I thought that the issue was account related, so I deleted my original account & had to create a new one (with a different e-mail address - I'd like to change that back if possible). Anyhow, now it seems as if bookmarks are synced OK, but my saved passwords are not. Given that I can't tell what the status is of a sync, it is hard for me to tell where the process is.
    So, I have one computer (a Macbook) with passwords on it that I am syncing and I have another (a new Dell Laptop), that I would like to have updated.
    What do I need to do to get my passwords synchronized?
    Thank you,
    Paul

    Make sure that you are forcing syncing by pressing Sync Now in your computers and allow some time (several minutes) to have all the information sent to the server and down from the server. If this still doesn't work, follow the steps in this blogpost to create a bug:
    https://philikon.wordpress.com/2011/06/13/how-to-file-a-good-sync-bug/
    This would be really helpful. I've seen other people having issues with passwords but I'm unable to replicate it.

Maybe you are looking for