Password default to AD user on MVRule

Similar Messages

• Setting default password to all the users in OIM

  Hi ,
  I want to set the default password for all the users provisioning in OIM via trusted recon.
  Please let me know how to achieve this.
  Thanks

  in MDS(eventhandler.xml) provide operation=CREATE else in code you can check the same if(operation.equals("CREATE"))
  find below complete code this is tested and working fine
  public EventResult execute(long processId, long eventId, Orchestration orchestration) {
  UserManager um =null;
  isLoggerInfoEnabled = logger.isInfoEnabled();
  if(isLoggerInfoEnabled)logger.info("execute: processId = " + processId + "; eventId = " + eventId + "; orchestration = " + orchestration);
  HashMap<String, Serializable> parameters = orchestration.getParameters();
  logger.info("parameters = " + parameters );
  RandomPasswordGeneratorImpl randomPasswordGenerator = new RandomPasswordGeneratorImpl();
  char new_pwd[] = randomPasswordGenerator.generatePassword(new User(null));
  String password = new String(new_pwd);
  try{
  um = Platform.getService(UserManager.class);
  String userLogin= getParamaterValue(parameters, "User Login");
  um.changePassword( userLogin, password.toCharArray(), true);
  }catch (Exception e) {
  if(logger.isErrorEnabled()) logger.error(e.getMessage());
  if(logger.isErrorEnabled()) logger.error(" ", e);
  return new EventResult();
  public BulkEventResult execute(long processId, long eventId,BulkOrchestration bulkOrchestration) {
  tcUserOperationsIntf userOperationsService=null;
  UserManager um =null;
  isLoggerInfoEnabled = logger.isInfoEnabled();
  if(isLoggerInfoEnabled)logger.info("Bulk processId = " + processId + "; eventId = " + eventId + "; bulkOrchestration = " + bulkOrchestration);
  um = Platform.getService(UserManager.class);
  HashMap<String, Serializable>[] parametersArray = bulkOrchestration.getBulkParameters();
  for(int i=0;i<parametersArray.length;i++)
  HashMap<String, Serializable> parameters = parametersArray;
  logger.info("parameters = " + parameters );
  RandomPasswordGeneratorImpl randomPasswordGenerator = new RandomPasswordGeneratorImpl();
  char new_pwd[] = randomPasswordGenerator.generatePassword(new User(null));
  String password = new String(new_pwd);
  try{
  String userLogin = (String)parameters.get("User Login");
  um.changePassword( userLogin, password.toCharArray(), true);
  }catch (Exception e) {
  if(logger.isErrorEnabled()) logger.error(e.getMessage());
  if(logger.isErrorEnabled()) logger.error(" ", e);
  return new BulkEventResult();
  private String getParamaterValue(HashMap<String, Serializable> parameters, String key) {
  String value = (parameters.get(key) instanceof ContextAware)
  ? (String) ((ContextAware) parameters.get(key)).getObjectValue()
  : (String) parameters.get(key);
  return value;
  }

• What is the default password after creating a user with wwsec_api.add_portal_user ?

  Hi,
  I created 850 Portal users with the WWSEC_API calls in PORTAL30 and PORTAL30_SSO. I can logon with an account if manually reset the password for a specific user. But what is the default password of a user after creating it with the API calls ? I tried "password" and the username, but that didn't work.

  The WWSEC_API should not be used to create the user account in the SSO schema. As you noted the WWSEC_API calls do not set the password - these are intended to be used only for setting up Portal profile information. For creating the user that can log in, use the Login Server APIs - in sso/ssoumgt.pks:
  WWSSO_APP_USER_ADMIN.CREATE_USER.

• NAC Guest Server, How to change the password for a single user?

  We have a NAC Guest Server which creates a complex password for all new users created.
  We would like to have normal/simple password for a single user. How can I get this done on a NAC Guest Server.
  Thanks in advance.

  Hi,
  You can setup 3 different flavours of passwords:
  http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_guestpol.html#wp1063249.
  a. Username Policy 1 - Email address as username
  Use the guest's email address as the username. If an overlapping account with the same email address exists, a random number is added to the end of the email address to make the username unique. Overlapping accounts are accounts that have the same email address and are valid for an overlapping period of time.
  b. Username Policy 2 - Create username based on first and last names
  Create a username based on combining the first name and last name of the guest. You can set a Minimum username length for this username from 1 to 20 characters (default is 10). User names shorter than the minimum length are padded up to the minimum specified length with a random number.
  c. Username Policy 3 - Create random username
  Create a username based upon a random mixture of Alphabetic, Numeric or Other characters. Type the characters to include to generate the random characters and the number to use from each set of characters.
  Note: The total length of the username is determined by the total number of characters included.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• Username and password default for BAM database

  Hi everyone,
  I have installed in my machine a virtual machine wich have the Oracle BAM 10 installed. We are trying to connect to the BAM database but the problem is I dont know the user default to do it. I also have in my machine(real machine) the BAM tp4 wich I m able to access the tables with username:oraclebam and psw the same. So somebody knows how can I do the same with the version 10 of BAM?

  <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by [email protected]:
  I have Oracle8 (8.1.6)personal edition for win98 install on my machine.I want open SQL*Plus but I don't know password and username default .I tried key username is 'system' and password is 'manager' ,application not open. What is username and password default for it?
  Thank you<HR></BLOCKQUOTE>
  null

• Aironet 1300 + WLC + password default

  Good Morning,
  I need to know how can i change the username and password default of a AP joined to a WLC automatically when the AP is joined to the WLC.
  config ap username user-id password pass {AP-name | all}
  Can i do it automatically or every time that a new AP is joined to the WLC i need to execute this command???
  Thank you for the help.

  You need to do when new AP is joined to the WLC
  Command :
  config ap username user-id password pass {AP-name | all}
  If you enter a AP-name argument, the username and password is configured only for the specified access point. If you enter the all keyword, the username and password are sent to all access points that are registered to the controller

• Reset SAP GUI passwords for number of users one time

  Dear,
  i need your help in how to Reset SAP GUI passwords for number of users one time, as we have non-SAP users, only ESS users that they are currently using Portal ESS, but we need to reset thier GUI passwords so that they will not be accessing the GUI.
  we need to do it one shot, one time for more than 600 users.
  is there any way?
  thank you

  You can also create an ABAP program which can be used to do a mass user password change.
  Here are the functions that will do what you need
  SUSR_GENERATE_PASSWORD - Generates a Password. Use this function only if you want to do random passwords. Otherwise you can upload your own password.
  BAPI_USER_CHANGE - You can use this BAPI to change just the password of a user
  Here is an example of some abap code. There may be some syntax errors and possible other issues. I just typed this out and didnt check it. You upload a comma delimited file which is the username,password. If the password field is blank the program will generate its own. Hope this helps
  constants: con_comma TYPE c VALUE ','.
  data: it_tab TYPE filetable,
  gd_subrc TYPE i,
  v_filename_string TYPE string,
  p_npass like XU400-NEWCODE.
  DATA: BEGIN OF itab OCCURS 0,
  dLine(40) type c,
  END OF itab.
  DATA: begin of it_Users occurs 0,
  UserID like BAPIBNAME-BAPIBNAME,
  Password Like XUBCODE,
  end of it_Users.
  parameters: p_file like rlgrap-filename default 'c:\users.txt' LOWER CASE.
  AT SELECTION-SCREEN ON VALUE-REQUEST FOR p_file.
  *& FILE_OPEN_DIALOG METHOD *
  CALL METHOD cl_gui_frontend_services=>file_open_dialog
  EXPORTING
  window_title = 'Select File'
  default_filename = '*.txt'
  multiselection = ' '
  CHANGING
  file_table = it_tab
  rc = gd_subrc.
  LOOP AT it_tab INTO p_file.
  ENDLOOP.
  v_filename_string = p_file.
  START-OF-SELECTION.
  *& GUI_UPLOAD function *
  Upload file to internal table
  CALL FUNCTION 'GUI_UPLOAD'
  EXPORTING
  FILENAME = v_filename_string
  FILETYPE = 'ASC'
  HAS_FIELD_SEPARATOR = 'X'
  TABLES
  DATA_TAB = ITAB
  EXCEPTIONS
  FILE_OPEN_ERROR = 1
  FILE_READ_ERROR = 2
  NO_BATCH = 3
  GUI_REFUSE_FILETRANSFER = 4
  INVALID_TYPE = 5
  NO_AUTHORITY = 6
  UNKNOWN_ERROR = 7
  BAD_DATA_FORMAT = 8
  HEADER_NOT_ALLOWED = 9
  SEPARATOR_NOT_ALLOWED = 10
  HEADER_TOO_LONG = 11
  UNKNOWN_DP_ERROR = 12
  ACCESS_DENIED = 13
  DP_OUT_OF_MEMORY = 14
  DISK_FULL = 15
  DP_TIMEOUT = 16
  OTHERS = 17.
  IF SY-SUBRC <> 0.
  MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
  ENDIF.
  Loop through internal table and split the comma delimited file
  LOOP AT ITAB.
  SPLIT ITAB-dLINE AT con_comma INTO it_Users-UserID
  it_Users-Password.
  APPEND it_Users.
  ENDLOOP.
  LOOP AT it_Users.
  if it_users-Password is initial.
  CALL FUNCTION 'SUSR_GENERATE_PASSWORD'
  IMPORTING
  PASSWORD = p_npass
  else.
  p_npass = it_users-Password.
  endif.
  CALL FUNCTION 'BAPI_USER_CHANGE'
  EXPORTING
  USERNAME = it_users-userid
  PASSWORD = p_npass
  PASSWORDX = 'X'
  TABLES
  RETURN = it_ret2.
  Loop at it_ret2.
  if it_ret2-number = 039.
  write: / 'password changed'.
  else.
  write: / it_ret2-message.
  endif.
  endloop.
  Write: / ''.
  refresh it_ret2.
  ENDLOOP.

• ViewCam Lite By Frank Xu - Admin password default required

  Hi,
  I have installed ViewCam Lite in my ipad to view my cctv camera and logged in using ADMIN account no password default under the settings tab i went and created new users and then also there was some default password for that admin account in the tool and it got set for that and now i am not able to use the admin account. Could you anyone please let me know the default password which is being set in ViewCam Lite tool under the settings tab.
  My email id : ****************
  Thanks in Advance.
  <Edited by Host>

  You would need to contact the developer.

• Forgot password for client 000 user DDIC

  We forgot password for client 000 user DDIC & SAP*
  please suggest any one how to recover the password
  Thanks in advance

  Hi,
  Pls refer below link explaining step by step details of activating SAP* user login.
  [http://forums.sdn.sap.com/thread.jspa?threadID=1497131]
  [http://www.sap-img.com/basis/changing-the-default-password-for-sap-user.htm]
  Regards,

• "No Items" listed under defaults tab of Users & Groups

  After Mountain Lion upgrade from Snow Leopard, "No Items" listed under default images from Users & Groups as well as Contacts (which) I'm sure share the same library. Have repaired permissions, redownloaded and re-installed Mountain Lion as recommended by the Apple Geniuses, but to no avail. Anyone got any ideas? See image.

  Hi Leroy -  Sy Kim, another user in the community posted a solution that worked, see below.
  SY Kim
  Sep 10, 2012 6:42 AM 
  After upgrade(from snow leopard), user picture list have no items. (Users & Groups)
  Finally, I got the solution.
  The key is to delete every '.DS_Store' files in the directory '/Library/User Pictures/'.
  Open Terminal application and follow these.
  1. Chagne directory by command below :
  cd '/Library/User Pictures'
  2. Listing all files including hiddens in the directory by command below :
  ls -al
  3. If there is a .DS_Store file. Remove the file by command below :
  sudo rm .DS_Store
  (It need user password for execute)
  Then, it'll show every pictures in 'Users & Groups' control panel.

• Deactivating the password for the given user

  Hi All,
  I have used the FM SUSR_ZBV_USER_SEND for deactivating the user passwords . passed bapi method PWDINIT
  the report which has been developed will deactivate the password for a given user in particluar sub system.
  suppose if i am executing the report in ABC system and deactivated the password of a given user for XYZ system its working fine. However if i am trying the deactivate the password of a user in ABC system . its not getting deactivated.
  please let me know what has to be done in order to deactivate the password if i am using the same systems.
  Thanks & Regards.
  Preeth.

  Jeremy,
  The default password for the Portal user in the same password as ias_admin. This would be defined at install time through the Oracle Universal Installer. However, if you're asking about identifying the Portal schema password in the database, you can login to the Directory Manager(assuming you're using Windows)and login as
  cn=orcladmin
  password: (ias_admin password)
  Click on (entry management)=>(cn=OracleContext)=>(cn=Products)=>(cn=IAS)=>cn=Infrastructure Databases => ReferenceName=sid:host=>ResourceName=Portal. Click on the entry and look at the orclpasswordattribute.
  Incidentally, you can also find the orasso password by checking the ResourceName=orasso.
  Note:198800.1 on metalink would be a good resource to follow.
  Thanks,
  Sudi Narasimhan
  Oracle9iAS Portal Partner Management
  What is the default password for the Portal User in 9i AS Release 2? I'm assuming this is the equivalent user to the Portal30 user in 3.0.9?
  Thanks.

• What is the password for the Portal User in 9i Release 2?

  What is the default password for the Portal User in 9i AS Release 2? I'm assuming this is the equivalent user to the Portal30 user in 3.0.9?
  Thanks.

  Jeremy,
  The default password for the Portal user in the same password as ias_admin. This would be defined at install time through the Oracle Universal Installer. However, if you're asking about identifying the Portal schema password in the database, you can login to the Directory Manager(assuming you're using Windows)and login as
  cn=orcladmin
  password: (ias_admin password)
  Click on (entry management)=>(cn=OracleContext)=>(cn=Products)=>(cn=IAS)=>cn=Infrastructure Databases => ReferenceName=sid:host=>ResourceName=Portal. Click on the entry and look at the orclpasswordattribute.
  Incidentally, you can also find the orasso password by checking the ResourceName=orasso.
  Note:198800.1 on metalink would be a good resource to follow.
  Thanks,
  Sudi Narasimhan
  Oracle9iAS Portal Partner Management
  What is the default password for the Portal User in 9i AS Release 2? I'm assuming this is the equivalent user to the Portal30 user in 3.0.9?
  Thanks.

• Default J2EE engine user / port

  Dear forumpeople, I cant remember what i entered there during installation but im pretty sure i kept it default. So what are the default J2EE Engine (Visual Manager) Login / port /pass ? Or is there a way to find em?

  M8, just as I figured it out, you came with the rescue. But thank you very much, points are added.
  For the people looking for an answer:
  1.      Choose New.
         2.      Enter a display name and choose Direct Connection to a dispatcher Node.
         3.      Choose Next.
         4.      Enter at least the following:
  ¡        User Name: Administrator
  ¡        Host: 04. For example, if your J2EE instance number is 15, the P4port is 51504.
         5.      Choose Save and connect with your new login account by choosing Connect.
         6.      Enter the password for the J2EE_ADMIN user and choose Connect. (Default: abcd1234)

• HT201240 This process does not appear to work for me.  I'm running 10.8.3.  I created a new user for a guest staying with me.  They have gone now and I am attempting to either change the password or delete the user.  It won't allow me to choose the user I

  This process does not appear to work for me.  I'm running 10.8.3.  I created a new user for a guest staying with me.  They have gone now and I am attempting to either change the password or delete the user.  It won't allow me to choose the user I created.  I am logged in as myself and it states that I am an "Admin".  The user I'm attempting to change is listed as a "standard" user and there is a white checkmark inside an orange circular background on the user pic in the list of users. 
  Can someone help me?  I am having a hard time believing that OSx will allow me to create users and allow them use of my computer and it's drives, yet it will not allow me to change the password so I can monitor what they might have been doing while logged on?  What if this were my child?  This guest left under sketchy circumstances, and I'd really like to be able to ensure they were not using my computer to do illegal things or to have illegal communications.
  Any help would be appreciated.  (It's odd that it was so simple to "create" a user and set a password for them.......but it's complicated or a little known process to reverse.
  Thanks.

  Here are two screen shots to show you what I am seeing.  The first screen shot shows it allowing me to select (highlighted in blue) my admin user (which is what I am locced in as).  The second screen shot shows it allowing me to select the "Guest" user (highlighted in blue).  However when I click on the user "Orion" nothing happens.  It will not change to highlight that user.

• How to change a password for an OpenLDAP user, which fails when using Lion's System Preferences?

  The Problem
  Users are unable to change their password using System Preferences -> Users & Groups on a Mac that is connected to an LDAP server (specifically, OpenLDAP).
  This error appears to be a result of OS X 10.7.4 now sending the username of the user rather than their full DN (e.g. it's sending bobsmith, notuid=bobsmith,ou=Users,dc=companyname,dc=com).
  (a bug report for this issue has been filed with Apple and can be seen on OpenRader @http://openradar.appspot.com/11768796)
  Steps to Reproduce:
  Try to change the password using the System Preferences -> Users & Groups prefpane on Lion. It fails with the following error message:
  The password for the account “bobsmith” was not changed. Your system administrator may not allow you to change your password or there was some other problem with your password. Contact your system administrator for help.
  Expected Results:
  The password should be changed.
  Actual Results:
  The error appears, and on the LDAP server, an error like the following is logged:
  Jun 28 08:42:21 ldap3 slapd[7810]: conn=10518785 op=2 RESULT oid= err=21 text=Invalid DN
  This error appears to be a result of OS X 10.7.4 now sending the username of the user rather than their full DN (e.g. it's sending bobsmith, notuid=bobsmith,ou=Users,dc=companyname,dc=com)
  Notes: This was encountered by someone else over at the AFP548.com forums who ended up patching their LDAP server to resolve the issue. This shouldn't require patching LDAP to resolve, however. Lion needs to (at least have an option to) send the full DN of a user requesting to change their password, not the short username:
  Text from above forum link (in case it is taken down):
  So, I’ve got this OpenLDAP server with network home directories at home that all of my Mac machines authenticate to. Everybody can bounce around to whatever Mac is available. It works great.
  Anyway, with Snow Leopard, I was able to change user passwords via System Preferences. However, that got broken when I upgraded to Lion (amongst other things). Both Snow Leopard and Lion send exop’s to the ldap server, but for whatever reason, the id is screwed up in Lion (or at least, it’s screwed up on the two machines at home I tested this with). Instead of sending the user’s DN, e.g. “uid=user,cn=users,ou=something,dc=somewhere,dc=com”, the ldap server is only sent the uid, e.g. “user”. The ldap server is expecting a DN here, so naturally, it fails with the error “Invalid DN”.
  Bummer.
  So, to work around that, I had to patch OpenLDAP (version 2.4.26 in this case). Now, when my server can’t resolve the id it’s given during a password change, it will look at the bind DN, and if the id string is contained within the bind DN string, it will just use the bind DN as the entry to change. I figured this would still allow me to manually specify password changes via an admin account while still giving users the ability to change their own passwords without having to point them at a webpage (lame).
  I should point out that all my accounts have the uid as part of the DN… I guess if you were doing some kind of crazy SASL mappings, this might not work for you…
  Anyway, here’s the patch in case anyone else is interested… If it works for you, great. If not, oh well.
  -- passwd.c 2011-06-30 11:13:36.000000000 -0400 +++ passwd.lion_compatability.c 2012-02-13 22:48:54.213214617 -0500 @@ -18,4 +18,5 @@  #include +#include  #include @@ -59,4 +60,5 @@ int freenewpw = 0; struct berval dn = BER_BVNULL, ndn = BER_BVNULL; +   ber_int_t err;  assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) == 0 ); @@ -102,11 +104,8 @@  if ( !BER_BVISEMPTY( &id ) ) { -       rs->sr_err = dnPrettyNormal( NULL, &id, &dn, &ndn, op->o_tmpmemctx ); -       id.bv_val[id.bv_len] = idNul; -       if ( rs->sr_err != LDAP_SUCCESS ) { -           rs->sr_text = "Invalid DN"; -           rc = rs->sr_err; -           goto error_return; -       } +       err = dnPrettyNormal( NULL, &id, &dn, &ndn, op->o_tmpmemctx ); +   } + +   if ( !BER_BVISEMPTY( &id ) && (err == LDAP_SUCCESS) ) { op->o_req_dn = dn; op->o_req_ndn = ndn; @@ -116,4 +115,16 @@ ber_dupbv_x( &dn, &op->o_dn, op->o_tmpmemctx ); ber_dupbv_x( &ndn, &op->o_ndn, op->o_tmpmemctx ); +       if ( !BER_BVISEMPTY( &id ) ) { +           /* See if the id matches the bind dn */ +           if ( strstr( dn.bv_val, id.bv_val ) == NULL ) +           { +               rs->sr_err = err; /* From dnPrettyNormal */ +               rs->sr_text = "Invalid DN"; +               rc = rs->sr_err; +               goto error_return; +           } +           Statslog( LDAP_DEBUG_STATS, "%s Invalid id (%s) specified; using bind DN (%s)\n", +                   op->o_log_prefix, id.bv_val, dn.bv_val, 0, 0 ); +       } op->o_req_dn = dn; op->o_req_ndn = ndn; @@ -123,4 +134,8 @@ }  +   if ( !BER_BVISEMPTY( &id ) ) { +       id.bv_val[id.bv_len] = idNul; +   } + if( op->o_bd == NULL ) { if ( qpw->rs_old.bv_val != NULL ) { "
  UPDATE (still not working, though)
  I tried to change my password with dscl too, like so:
  $ dscl -u bobsmith -p /LDAPv3/ldap -passwd /Users/bobsmith
  ...and this generated the following after I input my current password and a new one:
  Password: New Password: passwd: DS error: eNotYetImplemented DS Error: -14988 (eNotYetImplemented)
  On my OpenLDAP server, it generated:
  Jul  3 11:47:51 ldap slapd[7810]: conn=12282745 fd=1633 ACCEPT from IP=10.0.1.3:64485 (IP=0.0.0.0:636) Jul  3 11:47:51 ldap slapd[7810]: conn=12282745 fd=1633 closed (TLS negotiation failure) Jul  3 11:47:51 ldap slapd[7810]: conn=12282746 fd=1633 ACCEPT from IP=10.0.1.3:64486 (IP=0.0.0.0:636) Jul  3 11:47:51 ldap slapd[7810]: conn=12282746 fd=1633 TLS established tls_ssf=256 ssf=256 Jul  3 11:47:51 ldap slapd[7810]: conn=12282746 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Jul  3 11:47:51 ldap slapd[7810]: conn=12282746 op=0 SRCH attr=supportedSASLMechanisms defaultNamingContext namingContexts schemaNamingContext Jul  3 11:47:51 ldap slapd[7810]: conn=12282746 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 11:47:51 ldap slapd[7810]: conn=12282746 op=1 BIND dn="uid=bobsmith,ou=Users,dc=mycompany,dc=com" method=128 Jul  3 11:47:51 ldap slapd[7810]: conn=12282746 op=1 BIND dn="uid=bobsmith,ou=Users,dc=mycompany,dc=com" mech=SIMPLE ssf=0 Jul  3 11:47:51 ldap slapd[7810]: conn=12282746 op=1 RESULT tag=97 err=0 text= Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=2 SRCH base="ou=Users,dc=mycompany,dc=com" scope=2 deref=0 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=bobsmith)(cn=bobsmith)))" Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=3 SRCH base="ou=Users,dc=mycompany,dc=com" scope=2 deref=0 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=bobsmith)(cn=bobsmith)))" Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=4 SRCH base="ou=Users,dc=mycompany,dc=com" scope=2 deref=0 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=bobsmith)(cn=bobsmith)))" Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=4 SRCH attr=objectClass apple-generateduid uid uidNumber userPassword cn Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=5 EXT oid=1.3.6.1.4.1.4203.1.11.1 Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=5 PASSMOD old Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=5 RESULT oid= err=53 text=old password value is empty Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 op=6 UNBIND Jul  3 11:47:56 ldap slapd[7810]: conn=12282746 fd=1633 closed
  If I run the same dscl command from a Snow Leopard machine, it works without an error:
  $ dscl -u bobsmith -p /LDAPv3/myldapserver.com -passwd /Users/bobsmith Password: New Password:
  It generates these logs on the server
  Jul  3 12:03:29 ldap slapd[7810]: conn=12293658 fd=1283 ACCEPT from IP=10.0.1.2:51013 (IP=0.0.0.0:636) Jul  3 12:03:29 ldap slapd[7810]: conn=12293658 fd=1283 TLS established tls_ssf=256 ssf=256 Jul  3 12:03:29 ldap slapd[7810]: conn=12293658 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Jul  3 12:03:29 ldap slapd[7810]: conn=12293658 op=0 SRCH attr=supportedSASLMechanisms namingContexts dnsHostName krbName Jul  3 12:03:29 ldap slapd[7810]: conn=12293658 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 12:03:29 ldap slapd[7810]: conn=12293658 op=1 UNBIND Jul  3 12:03:29 ldap slapd[7810]: conn=12293658 fd=1283 closed Jul  3 12:03:29 ldap slapd[7810]: conn=12293659 fd=1283 ACCEPT from IP=10.0.1.2:51014 (IP=0.0.0.0:636) Jul  3 12:03:29 ldap slapd[7810]: conn=12293659 fd=1283 TLS established tls_ssf=256 ssf=256 Jul  3 12:03:29 ldap slapd[7810]: conn=12293659 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Jul  3 12:03:29 ldap slapd[7810]: conn=12293659 op=0 SRCH attr=supportedSASLMechanisms namingContexts dnsHostName krbName Jul  3 12:03:29 ldap slapd[7810]: conn=12293659 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 12:03:29 ldap slapd[7810]: conn=12293659 op=1 BIND dn="uid=bobsmith,ou=Users,dc=mycompany,dc=com" method=128 Jul  3 12:03:29 ldap slapd[7810]: conn=12293659 op=1 BIND dn="uid=bobsmith,ou=Users,dc=mycompany,dc=com" mech=SIMPLE ssf=0 Jul  3 12:03:29 ldap slapd[7810]: conn=12293659 op=1 RESULT tag=97 err=0 text= Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=2 SRCH base="ou=Users,dc=mycompany,dc=com" scope=2 deref=0 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=bobsmith)(cn=bobsmith)))" Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=2 SRCH attr=uid cn Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=3 SRCH base="ou=Users,dc=mycompany,dc=com" scope=2 deref=0 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=bobsmith)(cn=bobsmith)))" Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=3 SRCH attr=uid cn Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=4 SRCH base="ou=Users,dc=mycompany,dc=com" scope=2 deref=0 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=bobsmith)(cn=bobsmith)))" Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=5 EXT oid=1.3.6.1.4.1.4203.1.11.1 Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=5 PASSMOD id="uid=bobsmith,ou=Users,dc=mycompany,dc=com" new Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=5 RESULT oid= err=0 text= Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=6 SRCH base="ou=Users,dc=mycompany,dc=com" scope=2 deref=0 filter="(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))(|(uid=bobsmith)(cn=bobsmith)))" Jul  3 12:03:31 ldap slapd[7810]: conn=12293659 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul  3 12:03:32 ldap slapd[7810]: conn=12293659 op=7 UNBIND Jul  3 12:03:32 ldap slapd[7810]: conn=12293659 fd=1283 closed

  Hi Koen,
  I tried to test this, but for me its working sorry(!). Here are the details of what I did in case that helps you diagnose....
  # add the 2 test users
  ldapadd -h $my_ldaphost -p $my_ldapport -D $my_adminuid -w $my_adminpwd <<EOF
  dn: cn=TEST_A, cn=Users, dc=myco,dc=com
  sn: TEST_A
  mail: [email protected]
  objectclass: inetorgperson
  objectclass: orcluser
  objectclass: orcluserv2
  objectclass: organizationalperson
  objectclass: person
  objectclass: top
  uid: TEST_A
  cn: TEST_A
  dn: cn=TEST_B, cn=Users, dc=myco,dc=com
  sn: TEST_B
  mail: [email protected]
  objectclass: inetorgperson
  objectclass: orcluser
  objectclass: orcluserv2
  objectclass: organizationalperson
  objectclass: person
  objectclass: top
  cn: TEST_B
  uid: TEST_B
  EOF
  # reset the passwords
  sqlplus /nolog <<EOF
  conn orasso/${orclpasswordattribute}@${my_sid}
  set serveroutput on
  exec wwsso_oid_integration.reset_passwd(p_user => 'TEST_A', p_subscriber_nickname => null, p_newpwd => 'password1');
  exec wwsso_oid_integration.reset_passwd(p_user => 'TEST_B', p_subscriber_nickname => null, p_newpwd => 'password1');
  exit
  EOF
  [oracle@myhost bin]$ ldapbind -D cn=TEST_A,cn=Users,dc=myco,dc=com -w password1
  bind successful
  [oracle@myhost bin]$ ldapbind -D cn=TEST_B,cn=Users,dc=myco,dc=com -w password1
  bind successful