Password character limit using LDAP with HPUX 10.20?

Similar Messages

• Login password character limit?

  Is there a limit to the number of characters you can use for a login password in OS X 10.4x? The Mac login screen can display 14 characters, but it seems that you can keep typing after 14 (you just can’t see the additional characters).
  Thanks,
  Kevin
  G4   Mac OS X (10.4.7)  

  W.J.,
  Thanks for the welcome and the help. I created a test account with a 32-character password (all numbers). I could not log in with the first 31 characters, nor could I log in if I added characters beyond the original 32; only the 32-character password worked.
  Next I changed that password to a 50-character password. Again, 49 characters would not work, nor would 51; just the 50-character password would get me logged in.
  So, it seems the password character limit is at least 50, but quite possibly more ... I just didn't take the time to enter more numbers to verify it. I'm wondering if the real login password character limit is 256, which from what I've been told is the login character limit on a PC.
  I also noticed that I could enter more than 31 characters in the password assistant, even though the slider indicates a limit of 31. And the password I entered (again, a series of numbers) improved in quality as I increased the character count past 31 (think in this case the field itself had room for 39 characters).
  In short, I haven't really found the limit to a Mac login password character count.
  Kevin
  G4   Mac OS X (10.4.7)  

• How do I use LDAP with iMQ 2.0?

  I am looking for an example to see how to use LDAP with iMQ 2.0.
  I was able to set up the config settings to access a local LDAP,
  but iMQ authentication still rejects valid logins.
  Let me know if I can find more info someplace.

  You can also find an example I put togther in the Sun One knowledge base.
  If you go here:
  http://knowledgebase.iplanet.com/NASApp/ikb/index.jsp
  Search for article 7772
  Alternatively here is the direct link
  http://knowledgebase.iplanet.com/ikb/kb/articles/7772.html

• Password character limit?

  Does anyone know what the password character limit is for Airport Extreme? I'm seeing only 26 characters in Keychain of a longer Airport password I entered. I think it's maybe 30, so don't understand why only 26 have shown up. The router shows all the characters.

  Just discovered that all the characters I had entered were present in Keychain. Only 26 were visible until I hit the right arrow key which then displayed the rest.

• Airport/Keychain password character limit?

  I've posted this in the Airport Extreme Forum, but things look kind of slow over there, and since its rather a simple question that I would think doesn't require expert knowledge of Airport or Keychain, I'm hoping I can get an answer here. I've googled all over the place for this, but have come up empty handed.
  Does anyone know what the password character limit is for Airport Extreme (or would it be Keychain imposing the limit?) I'm seeing only 26 characters in Keychain of a longer Airport password I entered. I think the limit is maybe 30, so don't understand why only 26 have shown up. The router itself shows all the characters.
  I realize 26 random characters should be more than sufficient, just curious to know what the limit is.

  Just discovered that all the characters I had entered were present in Keychain. Only 26 were visible until I hit the right arrow key which then displayed the rest.

• How to use LDAP with Oracle forms 10g on Oracle application server

  Hi,
  I need some help on this. I have developed oracle forms 10g on application server 9iAS. The client want to use the existing LDAP authentication to the software we wrote. I do not know how I could configure to use the existing LDAP authentication . If anyone know how would I use the existing LDAP on different server to use when they logon to our menu in 10g to validate the user. Do I need to add any varibales in formweb.cfg or any other method. Please help.
  Thanks
  Luksh

  I am not quite sure if this works out of the box. According to an Oracle FAQ:
  4.2 Can I use LDAP to authenticate Forms Services?
  Not directly. However, Oracle Login Server is able to authenticate against a LDAP directory and thus a Forms application can take advantage of this in a SSO environment. But you cannot use access control information stored in a LDAP directory with Forms.

• Can anyone guide me of using LDAP with JSP?

  I am a beginner in java. Plz post your answers in a simple and easy manner and explain it clearly. I am doing a project for which I require to use LDAP in JSP.

  I assume he wants to use LDAP to authenticate user logon in a JSP application.
  There are a few ways, JNDI being one. But a simpler method might be to see if this library works for you:
  http://www.mozilla.org/directory/javasdk.html
  HTH.

• Using LDAP with query on groups

  Hi,
  I configured our SAP Portal with LDAP authentification(+UME) successfully - so far so good. I used the standard configuration file (dataSourceConfiguration_ads_readonly_db.xml).
  Now I would like to filter the LDAP users and grant access only to users within a LDAP group.
  Is there a way to build a query for this case (datasource configuration file, etc...)?
  Thanks for your help...
  Bernd Hülsebusch

  Hi Shantanu,
  thanks for your fast reply!
  The problem is, that we have about 5.000 users in our LDAP system (Exchange), this includes several system users and also special users for e.g. domain administration, etc. Only about 2000 users are really respective portal users and only these users should have access to the portal generally. The intention is to filter the redundant users, so we won't have problems with SAP licenses for users who never should be able use the portal.
  I didn't mean how to provide access to some content within the portal. I know that this is this is realized with roles and groups in the portal.
  Best regards, Bernd Hülsebusch

• EPM 11.1.2: Using LDAP with BugTracker

  Hi,
  I'm using EPM 11.1.2 as production env with NativeDirectory and I'd like to use Redmine as bugtracker for my support of EPM.
  I need for integration it's LDAP and my bugtracker (Redmine).
  I found this: http://www.redmine.org/projects/redmine/wiki/RedmineLDAP
  --Can you tell me BaseDN string to connect for LDAP? dc=users or dc=css,dc=hyperion,dc=com--
  What is port number for connect to LDAP? 389 doesn't works.
  Ohh... http://john-goodwin.blogspot.com/2010/05/epm-1112-life-after-openldap.html :(
  Does it possible to using SSO?
  Edited by: Antony NoFog on 12.01.2012 18:47

  You can't connect Redmine to the EPM native directory because it does not emulate an LDAP interface. Native user management is based on a relational database.
  But EPM can be (and usually is) integrated to one or more external LDAP directories (Microsoft Active Directory, Novell, or anything else the supports the LDAP v3 standard). In most environments there are only a handful of native administrator users on an EPM system and all the regular users are external users (although they are often grouped into native groups). Could you not integrate Redmine with the same external directory as EPM? Then your users should be able to log into both Redmine and EPM using their external directory credentials.

• How can password be reset using AE with SAP HR

  Hi,
  I am using access enforcer to create, change user accounts. we are not using SAP HR so from what I have read it seems password self service cannot be used. Does anybody know any other way to reset the password and send to the user through AE?

  You'll need to connect the iPod to your iTunes library and restore it to factory settings.
  B-rock

• Mod_ntlm/AD/LDAP How is the users password recovered and used.

  I have an application that currently uses LDAP authenticationand authorisation based on a username and password derived from the page 101 login screen. I am trying to convert it to a SSO solution using mod_ntlm to retrieve authenticate the users windows login against Active Directory. I authenticate fine with a standard mod_ntlm page sentry letting me access the application and I can use the owa_util.get_cgi_env('remote_user') to get the username. What I haven't established is how to retrieve the users password to pass as a parameter into the existing LDAP authorisation functions.
  I've based a lot of the ground work on the following article
  http://withasmiletomeltathousandhearts.wordpress.com/2009/01/29/apex-windows-integrated-authentication/
  However, this relies on a prestored LDAP_user and LDAP_Passwrd to retrieve data from AD. Rather than doing that I am trying to use the currently logged on user, whose login name I can retrieve but I have not found a way to retrieve and use their password?
  What am I missing?
  Thanks in advance
  FunkyMonky

  My question is regarding how to use LDAP to retrieve the users AD group information. mod_ntlm has successfully authenticated the windows user to get into the application without having to login. I now want to implement the applications functionality based on that user's Active Directory groups. Prior to the ntlm solution this was done with using LDAP with the authorisation and the credentials were available from the user manually logging on.
  The LDAP group determining method I referred to in my original post relies on a stored user to access the LDAP information rather than the actual logged in user as we had originally done it. Is this the only way we can implement our group based authorisation requirement?
  Cheers
  FunkyMonkey

• Using LDAP as Naming and Directory Services of Weblogic

  Hi All,
  I wan to use LDAP(using Netscape Directory Server 4.2 as LDAP server) with weblogic5.1. I want that beans should be bound this LDAP server when they are deployed. For this what I have to change in configuration?
  Anyother suggestions related to using LDAP with weblogic are welcome. In this regard, I want to ask whether weblogic application server has LDAP server built into it or not.
  Thanks and Regards,
  sudarson

  As I understand from your reply, you are suggesting me to bind the beans to LDAP server within the bean class's setentitycontext ? Is it so ? Can we not configure even this feature in weblogic6.0 also ? One thing more, if do this kind of thing then jndiname will be hardcoded into the bean class and can't be changed by simply editing the deployment descriptor. Pls suggest.
  Regards,
  sudarson
  "Michael Girdley" <----> wrote:
  >
  >
  This is not possible through configuration at the current time. One thing
  you could do is have your EJBs make a connection to your LDAP server and
  register themselves when they are deployed.
  Michael Girdley
  BEA Systems
  Learning WebLogic? http://learnweblogic.com
  "sudarson" <[email protected]> wrote in message
  news:3a755fd5$[email protected]..
  Hi All,
  I wan to use LDAP(using Netscape Directory Server 4.2 as LDAP server)with weblogic5.1. I want that beans should be bound this LDAP server when
  they are deployed. For this what I have to change in configuration?
  Anyother suggestions related to using LDAP with weblogic are welcome. Inthis regard, I want to ask whether weblogic application server has LDAP
  server built into it or not.
  Thanks and Regards,
  sudarson

• Pam.conf does not use ldap for password length check when changing passwd

  I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
  I have dsee 6.0 installed on a solaris 10 server (client).
  I have a solaris 9 server (server) set up to use ldap authentication.
  bash-2.05# cat /var/ldap/ldap_client_file
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_SERVERS= X, Y
  NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
  NS_LDAP_AUTH= tls:simple
  NS_LDAP_SEARCH_REF= FALSE
  NS_LDAP_SEARCH_SCOPE= one
  NS_LDAP_SEARCH_TIME= 30
  NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
  NS_LDAP_CACHETTL= 43200
  NS_LDAP_PROFILE= tls_profile
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_BIND_TIME= 10
  bash-2.05# cat /var/ldap/ldap_client_cred
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
  NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
  bash-2.05# cat /etc/nsswitch.conf
  # /etc/nsswitch.ldap:
  # An example file that could be copied over to /etc/nsswitch.conf; it
  # uses LDAP in conjunction with files.
  # "hosts:" and "services:" in this file are used only if the
  # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
  # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
  passwd: files ldap
  group: files ldap
  # consult /etc "files" only if ldap is down.
  hosts: files dns
  ipnodes: files
  # Uncomment the following line and comment out the above to resolve
  # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
  # IPv4 addresses are searched in all of the ipnodes databases before
  # searching the hosts databases. Before turning this option on, consult
  # the Network Administration Guide for more details on using IPv6.
  #ipnodes: ldap [NOTFOUND=return] files
  networks: files
  protocols: files
  rpc: files
  ethers: files
  netmasks: files
  bootparams: files
  publickey: files
  netgroup: ldap
  automount: files ldap
  aliases: files ldap
  # for efficient getservbyname() avoid ldap
  services: files ldap
  sendmailvars: files
  printers: user files ldap
  auth_attr: files ldap
  prof_attr: files ldap
  project: files ldap
  bash-2.05# cat /etc/pam.conf
  #ident "@(#)pam.conf 1.20 02/01/23 SMI"
  # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # PAM configuration
  # Unless explicitly defined, all services use the modules
  # defined in the "other" section.
  # Modules are defined with relative pathnames, i.e., they are
  # relative to /usr/lib/security/$ISA. Absolute path names, as
  # present in this file in previous releases are still acceptable.
  # Authentication management
  # login service (explicit because of pam_dial_auth)
  login auth requisite pam_authtok_get.so.1 debug
  login auth required pam_dhkeys.so.1 debug
  login auth required pam_dial_auth.so.1 debug
  login auth binding pam_unix_auth.so.1 server_policy debug
  login auth required pam_ldap.so.1 use_first_pass debug
  # rlogin service (explicit because of pam_rhost_auth)
  rlogin auth sufficient pam_rhosts_auth.so.1
  rlogin auth requisite pam_authtok_get.so.1
  rlogin auth required pam_dhkeys.so.1
  rlogin auth binding pam_unix_auth.so.1 server_policy
  rlogin auth required pam_ldap.so.1 use_first_pass
  # rsh service (explicit because of pam_rhost_auth,
  # and pam_unix_auth for meaningful pam_setcred)
  rsh auth sufficient pam_rhosts_auth.so.1
  rsh auth required pam_unix_auth.so.1
  # PPP service (explicit because of pam_dial_auth)
  ppp auth requisite pam_authtok_get.so.1
  ppp auth required pam_dhkeys.so.1
  ppp auth required pam_dial_auth.so.1
  ppp auth binding pam_unix_auth.so.1 server_policy
  ppp auth required pam_ldap.so.1 use_first_pass
  # Default definitions for Authentication management
  # Used when service name is not explicitly mentioned for authenctication
  other auth requisite pam_authtok_get.so.1 debug
  other auth required pam_dhkeys.so.1 debug
  other auth binding pam_unix_auth.so.1 server_policy debug
  other auth required pam_ldap.so.1 use_first_pass debug
  # passwd command (explicit because of a different authentication module)
  passwd auth binding pam_passwd_auth.so.1 server_policy debug
  passwd auth required pam_ldap.so.1 use_first_pass debug
  # cron service (explicit because of non-usage of pam_roles.so.1)
  cron account required pam_projects.so.1
  cron account required pam_unix_account.so.1
  # Default definition for Account management
  # Used when service name is not explicitly mentioned for account management
  other account requisite pam_roles.so.1 debug
  other account required pam_projects.so.1 debug
  other account binding pam_unix_account.so.1 server_policy debug
  other account required pam_ldap.so.1 no_pass debug
  # Default definition for Session management
  # Used when service name is not explicitly mentioned for session management
  other session required pam_unix_session.so.1
  # Default definition for Password management
  # Used when service name is not explicitly mentioned for password management
  other password required pam_dhkeys.so.1 debug
  other password requisite pam_authtok_get.so.1 debug
  other password requisite pam_authtok_check.so.1 debug
  other password required pam_authtok_store.so.1 server_policy debug
  # Support for Kerberos V5 authentication (uncomment to use Kerberos)
  #rlogin auth optional pam_krb5.so.1 try_first_pass
  #login auth optional pam_krb5.so.1 try_first_pass
  #other auth optional pam_krb5.so.1 try_first_pass
  #cron account optional pam_krb5.so.1
  #other account optional pam_krb5.so.1
  #other session optional pam_krb5.so.1
  #other password optional pam_krb5.so.1 try_first_pass
  I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
  May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
  May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
  May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
  May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
  May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
  May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
  May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
  May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
  May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
  May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
  May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
  May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
  If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
  bash-2.05$ passwd
  passwd: Changing password for VV
  Enter existing login password:
  New Password:
  passwd: Password too short - must be at least 8 characters.
  Please try again
  May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
  May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
  May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
  May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
  May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
  May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
  May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
  I am using the default policy on the directory server which states a minimum password length of 6 characters.
  server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
  pwd-accept-hashed-pwd-enabled : N/A
  pwd-check-enabled : off
  pwd-compat-mode : DS6-mode
  pwd-expire-no-warning-enabled : on
  pwd-expire-warning-delay : 1d
  pwd-failure-count-interval : 10m
  pwd-grace-login-limit : disabled
  pwd-keep-last-auth-time-enabled : off
  pwd-lockout-duration : disabled
  pwd-lockout-enabled : off
  pwd-lockout-repl-priority-enabled : on
  pwd-max-age : disabled
  pwd-max-failure-count : 3
  pwd-max-history-count : disabled
  pwd-min-age : disabled
  pwd-min-length : 6
  pwd-mod-gen-length : 6
  pwd-must-change-enabled : off
  pwd-root-dn-bypass-enabled : off
  pwd-safe-modify-enabled : off
  pwd-storage-scheme : CRYPT
  pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
  pwd-strong-check-enabled : off
  pwd-strong-check-require-charset : lower
  pwd-strong-check-require-charset : upper
  pwd-strong-check-require-charset : digit
  pwd-strong-check-require-charset : special
  pwd-supported-storage-scheme : CRYPT
  pwd-supported-storage-scheme : SHA
  pwd-supported-storage-scheme : SSHA
  pwd-supported-storage-scheme : NS-MTA-MD5
  pwd-supported-storage-scheme : CLEAR
  pwd-user-change-enabled : off
  Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
  . It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
  I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
  Edited by: ericduggan on Sep 8, 2008 5:30 AM

  you can try passwd -r ldap for changing the ldap passwds...

• Any issues with using LDAP on LINUX for GRC 5.2 UME?

  Our company is converting our LDAP servers from AIX to LINUX.  The DNS name used in our UME connection should not change.  Are there any issues with using LDAP on LINUX?  We are currently on GRC 5.2 SP9 (in the middle of upgrading to SP12).
  Also, I have been trying to connect our test UME system to a test LDAP box that has already been converted to LINUX but keep getting a 'connection failed' error when I try to test it. 
  Do you have to reboot the server to test changing the LDAP connections?  I've been trying it by going into UME, pulling up the LDAP tab, hitting the Modify button, entering the new userid and password for test LDAP, and hitting the Test Connection button.  I've verified that this userid and password is correct for test LDAP.
  Is there a way to get more information about why the connection failed?
  Thanks.

  I've been told by our LDAP Support group that none of the other configuration settings should have to be changed.  I should only have to change the id and password to connect to a test version of LDAP instead of our regular connection to the production LDAP.
  Can you test a connection for a different userid/password without having to reboot/restart the server?  Do I need to change these two settings, save then, reboot/restart, and then do the Test Connection button?
  Thanks.

• After updating with ios7, I cannot proceed because I cannot enter my password since it uses Greek letters but the keyboard available is Latin. How can I change the keyboard to Greek?

  After updating with ios7, I cannot proceed because I cannot enter my password since it uses Greek letters but the keyboard available is Latin. How can I change the keyboard to Greek?

  try tapping holding on the key that would be most similar to the letter you want to enter, that will bring up a menu of other characters similar to that character and maybe the greek letter will be included in that menu