Portal LDAP permission problems: Login causing "Insufficient access"

Similar Messages

• Permission Problems After Clean Intall Accessing External Drives

  Okay, the ubiquitous permissions problem. Perhaps apple should release a system update that strips this BS out, as single users and home users, do we really need this? I'm just driving my Ferrari to the grocery store! It is just complications that nobody needs.
  So, with a fat chance of that happening, is there a DEFINITIVE paper/instruction on permissions? Please point me to it. I've tried here and there is nothing that seems to work for me. I'd like to NOT have to learn anything and continue without messing around with this crap, but it did it to me, so now I'm forced to screw around to fix it.
  (I used to be a system admin years ago so I can take a fairly technical approach, but I'd rather not. (Puh-leeze! No terminal instructions.)
  Here's my problem:
  Having had a problem with corrupt login items and being unable to uninstall them, (the machine crashed and rebooted) I was left to perform a clean install of my system.
  I have numerous hard drives attached.
  Well, upon a successful install and migration of settings from Safari and Firefox and such, I was gently told that a couple of my drives are not accessible by me, the user. (I can see'em, but some apps like transmission won't write to them. Or backup software cannot backup to them.) I'm currently setup up with my daily account/user as the admin, with the super-admin account dormant and not used, as I've been instructed. (My previous system had me using my super-admin account all the time.)
  How do I go about setting permissions to reaccess these drives without checking the "ignore permissions" box?
  Is the simplist thing to do, to just copy/backup the drives, erase them under my present account, and re-install the data to fix this permission BS?
  I've done the "fix permissions" thing and it does not help.
  Do drives that you create with a former system user, retain the user profile that created them even after you install a new system, thus causing this problem?
  Thanks
  Herkimer

  What users do you have defined on your system?
  Herkime wrote:
  Thanks for the help, guys. I downloaded the app and will take a look at that to fix my problems.
  What user do you want to use to look at the data?
  Decide what user you are going to logon as.
  Use BatChmod to make this the owner of the data. The group should be whatever is the group assigned to your logon user.
  Do drives that you create with a former system user, retain the user profile that created them even after you install a new system, thus causing this problem?
  Files you created with root still have root permissions.
  The other 5 diskes, internal, externals FW, and removeables FW toasters, were all created under the old system, using the super-admin user. That designation is gone. (Actually, I recreated the same name/login on the newly installed system, along with my everyday admin user log in.
  I get the feeling I'm stuck in a little permission limbo, as the disks are looking for the old super-user and that's gone. Correct?
  I assume by super-user you mean root. You can enable the root account again if you wish. There is not need.
  I'm not sure what user, or group I should be setting everything too, now. Me, as the admin/user or
  Who is Herk the super-admin? How did you define Herk.
  By definition super-user is root. You are not allowed to rename root. So the super user isn't Herk.
  A user can be given admin rights. This doesn't give the user super user/root rights. Root can read & write any file on the system. This root is the super user.
  By Herk do you mine you gave Herk admin rights?
  Bottom line:
  [] Decide what user you will be using on your system.
  [] Change all permission you your external drives to match user & group of that id.
  Some people define two user on their system. This way maybe more secure, but with more hassles.
  standard user
  admin user
  I run with one user:
  admin user. This lets me install programs without have to change to another user. It doesn't let me look at system data. I cannot look at other userids data. ( I want to look at data I do not have permissions to, I can use the terminal to gain access. )
  Robert
  Message was edited by: rccharles

• LDAP vs local login for remote access

  Hi Team,
  I am evaluating the best means for single factor authentication for remote access (client to site or SSL VPN). The options I see are creating local usernames and password or integration with Active Directory via LDAP. What are the pros and cons of these solutions.
  I feel local logins are more secure comparitavely because the user first login using local login and password and then has to use the domain credentials for accessing corporate resources. Of course, this comes at an admistrator overload and local management of user names and passwords. Do you have any opinion on this? Any acknowledgement will be highly appreciated.

  Hello Manoj,
  IMO, I would never consider the LOCAL DB as an option for a corporate deployment. It does not scale and it is not easy to manage.
  Local DB is used in case you need to manage a number of 15 users for instance, so in this case it is managable, but when it comes to a higher number it is not an option.
  Active Directory is a better solution since it is meant to handle hundred of users and allows password-management for instance. Also you can have many ASA devices, performing DB bindings and queries to check the users credentials to the AD servers, so you don't need to deal with tons of user accounts on each ASA, for instance.
  If you are looking for a more secure way to authenticate your users you can consider two-factor authentication using certificates for instance:
  AnyConnect Certificate Based Authentication.
  Why to use AD:
  Pros
  Scalable.
  Easy to manage.
  Allows password-management.
  Cons:
  Expensive (not open AD solution).
  HTH.
  Please rate helpful posts.

• Account rights and Permission problems!

  I have since few day´s MacKeeper installed, but even when I restart my Mac. I can´t use Internetsecurity because of permission problems I have no access to helperlaunch. My Account has Admin rights but helperlaunch get´s the information that I have not the rights to access. When I get a new Account with the same rights it will work. How can I change this at my Original Account?

  Open disk utility and repair permissions on your boot volume.
  Then, follow this to reset your user permissions:
  Turn on the Mac whilst holding down cmd + R. You can let go once you see a spinning dial. You will then see the ”Mac OS X Utilities” screen.
  On the top menu, click Utilities, then click Terminal.
  Type resetpassword and press Enter.
  Click on your main hard drive.
  In the dropdown box under “Select the user account” make sure to select your username.
  Underneath where it says “Reset Home Directory Permissions and ACLs”, click the Reset button.
  Press cmd + Q to quit the Reset Password application.
  Press cmd + Q again to quit the Terminal.
  Press cmd + Q one more time and click Restart.

• LDAPException: error result (50); Insufficient access

  Hi all,
  I am getting the "netscape.ldap.LDAPException: error result (50); Insufficient access" during the .compare() method.Althogh the given user is authenticated properlly.
  here is the code which I am using
  doAuthenticate(){
       try {
            ld.connect( host, 389);
            ld.authenticate("uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot", "admin123");
            this.userdn = "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot";
            LDAPAttribute attr = new LDAPAttribute("uniqueMember", userdn);               
            // Test for group membership
            System.out.println("log -5 ==> creating attribute");
            boolean attrMatch = ld.compare(groupdn, attr);
            // Display the test results                    
            if (attrMatch) {
                 System.out.println("\nIS A GROUP MEMBER!\n");
            } else {
                 System.out.println("\nIS NOT A GROUP MEMBER!\n");
            } catch (LDAPReferralException e) {
                 // Ignore referrals...
            } catch (LDAPException e) {
                 System.out.println(e.toString());
            }finally{
                 if ((ld != null) && ld.isConnected()) {
                      try {
                           ld.disconnect();
                           System.out.println("Conection closed");
                      } catch (LDAPException e) {
                           System.out.println("Error: " + e.toString());
  }Thanks

  The fact that a user can authenticate does not mean they have access to anything. You need to check your ACIs. Does your user have access to do the compare?
  Eric

• LDAP: error code 50 - Insufficient Access Rgiths

  Hi,
  I am newbie at Oracle Internet Directory. I hope you help me to resolve the following problem:
  When I signed in the Oracle Director Manager with user "cn=orcladmin,cn=Users,dc=localhost,dc=com" and blank password
  to create an entry (or attribute). I got error: [LDAP: error code 50 - Insufficient Access Rgiths]
  How do I resolve this problem?
  Thanks,
  QuanND

  Connecting as orcladmin requires using a password. The password has been established during installation of OID. By default from (9.0.4) on it is set to be the same password as the ias_admin password you provided during installation of the Oracle Infrastructure installation.
  Notice that there are two (2) orcladmin entries in OID.
  One cn=orcladmin is the OID superuser (same as root on UNIX) the other one is cn=orcladmin, cn=users,dc=your.default.domain
  When you login to OID using ODM and specify only orcladmin ODM assumes by default this will be cn=orcladmin (aka root)
  regards,
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• How do I configure the portal to allow both anonymous and LDAP or Membership Logins?

  I want my portal's content to be publically accessable, to allow anonymous users to browse the content without the ability to modify layouts, content, etc. <br><br> But I can't figure out how to make the portal completely skip the login menu page. If I enable any modules besides the Anonymous module, I get the login menu. If I disable all modules but anonymous, I get a login module denied error message when I post to the login servlet from one of my pages.
  What do I need to do? My frustration with the lack of decent documentation of most of the features of this product is growing by the second.

  When opening up the administrative console
  (http://localhost:8080/console?func=frameset) and looking at the source
  it shows the following:
  <HTML>
  <HEAD>
  <TITLE>iPlanet Portal Server 3.0 Administration Console</TITLE>
  </HEAD>
  <FRAMESET FRAMEBORDER="no" COLS="*" ROWS="110,*" BORDER=0>
  <FRAME BORDER=0 SCROLLING="no" MARGINHEIGHT=10 SRC="/admin/top.html">
       <FRAMESET COLS="250,*" BORDER=0>
       <FRAME SRC="/console?func=directNav" NAME="navigatorFrame">
       <FRAME SRC="/console?func=frameAdmin" NAME="adminFrame">
       </FRAMESET>
  </FRAMESET>
  </HTML>
  Where are the html files located that the console servlet is including?
  The problem that I am encountering is this:
  I need to set the "Primary Document Directory" in the iPlanet webserver
  to something other than - <ipsbase>/public_html which seems to be the
  default configuration. When I switched the doc root to /foo/bar/ I
  noticed no problems with the portal server until I tried to enter the
  admin console. My browser reported back file not found errors for each
  of the frame pages that are included in the HTML snippet above. I
  understand that by changing the document root that the servlet no longer
  has a context of /admin/top.html but does anyone have thoughts as to
  what is going on and how to resolve this?
  thanks
  -matt

• Facing permission problem for accessing database

  {color:#0000ff}Hello All,
  I have just started in this forum. I am very new to j2me and facing problem and I need your help.
  I had successfully signed the application and it was working properly on device. Next I added login module in my application where I am accessing a PHP from server which is having MySQL DB connection for usercheck. When I try with unsigned jar it works properly and when I try using signed jar it is showing me wrong username/password. I think it is midlet permission problem.
  It would be very nice if someone can tell me what might be the possibilities that it is going wrong.
  Thank you.
  Regards,
  -Anuradha{color}.

  Signing MIDlet has nothing to do with how data is send over the network. So please be sure that your signed MIDlet is not corrupting your data.
  If you are receiving correct username / password at server side, then its server's responsibility to validate it Your MIDlet has posted the parameters right way.
  I would suggest you to check following things
  1) Check if server is validating the username / password.
  2) What response does server sends you back after validating username / password. Check on both ends.
  3) Check how your midlet processing the response from the server.
  4) Do you get any exceptions?
  but I am doing database connection through php which is on server, I hope it is not wrong way of doing it.Doesn't matter what technology is used at server side to connect to the database.

• Portal Server Admin Console login problem....

  When I installed Sun Java Studio Enterprise 7 (trial edition) I also installed the server package (The second zip file). During the install I was only prompted to enter ID and password my Application server. But I do not know or have an ID and password for the portal server. When I launch the Portal Server Admin Console which is really the Access Manager's Admin console, it prompts me to enter my ID and password. The ID and password I have setup for the Application server does not work. Now my problem is, I cannot access the portal server on my machine. Does any one know how I can find out what my ID and password is? or how I can access the portal server?

  hi,
  I'm a newbie , who has just installed the java enterprise server. i installed it on windows platform and installation was successful. I don't know how to login to the portal server.
  please provide the address of the portal webpage if the one given below is incorrect:
  http://localhost:8080/portal/dt
  which username and password can i use for loggin in ? .....
  what is the default username and password ?
  is the username amadmin ?? if so what is the password ? ...
  kindly help me .....thanks in advance.... :)

• Error while configuring SSL in OID 11g - LDAP 50 Insufficient Access rights

  HI,
  I am trying to configure SSL in OID 11g.As per the doc http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10029/ssl.htm#CBHGBGAF ,i tried creating a Self-Signed Wallte using Fusion Middleware control,But i am getting an error LDAP 50: Insufficient access rights".I logged into Fusion Middle Ware control as Weblogic user.Is anybody faced this issue?.Thanks in advance.

  I am not sure how you tried, but I would recommend to do the following...
  1. Add the 'user1' to "OU=Franchisees,ou=People,dc=company,dc=com"
  2. Delete the 'user1' from 'OU=Internal,ou=People,dc=company,dc=com'

• How do i fix this: error message- index.html - error occurred - An FTP error occurred - cannot put index.html. Access denied. The file may not exist, or there could be a permission problem. Make sure you have proper authorization on the server and the ser

  that is...
  index.html - error occurred - An FTP error occurred - cannot put index.html. Access denied. The file may not exist, or there could be a permission problem. Make sure you have proper authorization on the server and the server is properly configured.
  File activity incomplete. 1 file(s) or folder(s) were not completed.
  Files with errors: 1
  index.html
  thanks!

  It's under More Options triangle in the Manage Sites panel.  See screenshot:
  Nancy O.

• HT1631 updated to the new os x mavericks, now i'm having problems with my keychain access...everytime i asked to log in but when i do, it says can't find login items even if i reset it. what should i do?

  updated to the new os x mavericks, now i'm having problems with my keychain access...everytime i asked to log in but when i do, it says can't find login items even if i reset it. what should i do?

  Did you install the latest driver set for the device?  there is a new release on motu.com for mavericks.
  rachel

• Contribute 6.5 "Access denied. The file may not exist, or there could be a permission problem."

  Help.
  After being forced to upgrade to 6.5 since my version would not work after upgrading to Mavericks OS I get the "Access denied. The file may not exist, or there could be a permission problem." error on one of the sites I manage when trying to publish an edit to a page.
  I have looked at prior fixes but none seen to apply to version 6.5
  I have uninstalled, reinstalled and now have a fresh install on a new computer and still the issue persists.
  I'll appreciate any help to resolve this issue.
  Thanks,
  Kort

  I encountered the same error message, then remembered I had changed the name of my hard drive.  I changed the HD name back and was able to access.  Now trying to figure out how I can change the path to my local files so that I can re-change my HD name.

• Problem to make new project in visual studio 2012 Ultimate RTM This is often caused by registry permission problems

  hi
  i Install Visual studio Ultimate 2012 RTM and ..
  when i want to create a new project (windows application form C#) give me this error :"Visual Studio does not have permissions to read the template information from the system registry. This is often caused by registry permission problems"
  what can i do for this problem ?
  how can i solve this ?
  Visual studio Ultimate 2012 RTM

  This issue is quite wide-spread and it affected older Visual Studio versions. I am disapointed by the amount of junk advice and the lack of proper stance from Microsoft.
  The only correct solution I could find was provided by HallCrash on July 01, 2010 in this similar thread:
  social.msdn.microsoft.com/Forums/en-US/vbexpress2008prerelease/thread/c273b0e1-7f46-4065-afaf-4edf285d2531
  Ironically, that thread is locked and I was not able to give recognition to HallCrash there ...
  You'd have to scroll almost to the bottom to find HallCrash's solution. That solution is based on a Microsoft supported tool (SubInACL) which can be downloaded here: microsoft.com/en-us/download/details.aspx?id=23510. It limits the registry changes strictly
  to Visual Studio. Nevertheless, start by creating a System Restore Point.
  I do not trust and would not recommend using unknown software (such as the Softpedia suggestion) for this.
  Cheers

• PAB_CMD_GET_PABS returns ldap error: Insufficient access

  hi when i run the messenger express web interface, whenever I do anything that tries to acess the address book I get:- PAB_CMD_GET_PABS returns ldap error: Insufficient access
  can anyone help me ?

  Thanks for your reply, the cn was set to msg-admin-4 so I granted that user access to the o=pab area in ldap and it is now working ok, except for the fact that this system is used witha proprietory system called campus pipeline as well which stores its personal addresses elsewhere in the ldap, and when I do a directory lookup, it returns all the matching email addresses in everybodys personal address lists!
  Is there any support for compiling groups from the global ldap search ? or is this a personal address book only [eice of software?