Trying to add a user to a Group thru JNDI. Insuffficient Access Rights

I am trying to add a user to a group using JNDI with,
DirContext.modifyAttributes()
I have set up the tree structure outside the default cn=Users setup and defined the Group as auxiliary class.
I haven't set up any Access Controls. But it fails with "Ldap Error code 50. Insufficient Access Rights".
If I try to add the same user using the uniquemember attribute to the group I am interested in, it works fine in Directory Manager and Generic Ldap browser. I even tried setting up the JNDI user credentials to "orcladmin" still doesn't work. Any idea??

Maybe the example code from OID developers guide gives an idea
http://download-west.oracle.com/docs/cd/A97329_03/manage.902/a95193/smplcode.htm#637267
--Olaf                                                                                                                                                                                                                                                                                                                                       

Similar Messages

  • Wlst add a user to a group

    Hi,
    I have problems with wlst to add a user to a group
    The method "addMemberToGroup" of the security MBean DefaultAuthenticator doesn't seem to be accessible from wlst.
    Here's the part of the code (note that the group and user already exist, i am sure of it)
    myusername="BIGREZADMIN"
    group="BigRezAdministrators"
    cd("/")
    cd("weblogic.security.providers.authentication.DefaultAuthenticator/Security:Name=myrealmDefaultAuthenticator")
    try:
    cmo.addMemberToGroup(group,myusername)
    except Exception:
    dumpStack()
    And what I get:
    AttributeError: addMemberToGroup
    Also tried like this:
    cd("weblogic.security.providers.authentication.DefaultAuthenticator/Security:Name=myrealmDefaultAuthenticator")
    objs =jarray.array([group,myusername],java.lang.Object)
    strs =jarray.array(["java.lang.String","java.lang.String"],java.lang.String)
    try:
    invoke('addMemberToGroup',objs,strs)
    except WLSTException:
    dumpStack()
    and here's what I get:
    [java] weblogic.management.ManagementRuntimeException: javax.management.OperationsException: no such operation: addMemberToGroup
    I have also tried inverting attributes of the addMemberToGroup without success. The createUser("user","password","desc") and createGroup("group","desc") work fine but I don't manage
    to add a user to a group with WLST.
    Am I doing it the wrong way?
    Thanks,
    Luc

    Hello Luc,
    I am able to easily add a user to a group w/o a problem. I did this,
    connect("weblogic","weblogic")
    cd("SecurityConfiguration/mydomain")
    cd("weblogic.security.providers.authentication.DefaultAuthenticator/Security:Name=myrealmDefaultAuthenticator")
    cmo.createUser("foo","weblogic","foo-1")
    cmo.createGroup("mygroup","hello")
    cmo.addMemberToGroup("mygroup","foo")
    Thats it, did not get any exception. Try printing the cmo to see if the
    cmo is currectly populated.
    Thanks,
    -satya
    Luc Dewavrin wrote:
    Hi,
    I have problems with wlst to add a user to a group
    The method "addMemberToGroup" of the security MBean DefaultAuthenticator doesn't seem to be accessible from wlst.
    Here's the part of the code (note that the group and user already exist, i am sure of it)
    myusername="BIGREZADMIN"
    group="BigRezAdministrators"
    cd("/")
    cd("weblogic.security.providers.authentication.DefaultAuthenticator/Security:Name=myrealmDefaultAuthenticator")
    try:
    cmo.addMemberToGroup(group,myusername)
    except Exception:
    dumpStack()
    And what I get:
    AttributeError: addMemberToGroup
    Also tried like this:
    cd("weblogic.security.providers.authentication.DefaultAuthenticator/Security:Name=myrealmDefaultAuthenticator")
    objs =jarray.array([group,myusername],java.lang.Object)
    strs =jarray.array(["java.lang.String","java.lang.String"],java.lang.String)
    try:
    invoke('addMemberToGroup',objs,strs)
    except WLSTException:
    dumpStack()
    and here's what I get:
    [java] weblogic.management.ManagementRuntimeException: javax.management.OperationsException: no such operation: addMemberToGroup
    I have also tried inverting attributes of the addMemberToGroup without success. The createUser("user","password","desc") and createGroup("group","desc") work fine but I don't manage
    to add a user to a group with WLST.
    Am I doing it the wrong way?
    Thanks,
    Luc

  • Add multiple users to AD Group using AddRange

    All,
    I am trying to add multiple users to an AD security group using AddRange method but no luck.
    Reason why I am using AddRange method is, the memberlist is pretty big (30K users) and Quest or MSFT AD Cmdlets taking plenty of time to add them.
    I am following the instruction per http://msdn.microsoft.com/en-in/library/ms180904(v=vs.80).aspx but no luck.
    Code snippet:
    $groupmembers = Get-Content C:\Temp\MemberDN.txt
    $getgroup = [ADSI]"LDAP://CN=MYADGROUP,OU=GROUPS,DC=CONTOSO,DC=COM"
    $getgroup.properties.member.AddRange($groupmembers)
    #$getgroup.properties["member"].AddRange($groupmembers)
    $getgroup.CommitChanges()
    #$getgroup.SetInfo()
    I tried using ADSPATH as well but no luck.
    Any help or pointers are appreciated.
    Thanks.

    Hi PSPR,
    I agree with David .
    Also I tested that on my server2012r2 , please refer to :
    $user="cn=test1,cn=users,dc=test,dc=com","cn=test2,cn=users,dc=test,dc=com"
    $obj=[adsi]"LDAP://cn=test,cn=users,dc=test,dc=com"
    $obj.member.addrange($user)
    $obj.commitchanges()
    Hope it helps
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Regarding : How to add a user to portal group with the help of webdynpro .

    Hii ,
    I am working on an application in which with the help of an action( Button)  we r adding a user in Ztable in R/3 , as well as  group in portal.
    The user r successfully creating in Ztable but from portal side No user is assigned to Portal group.
    I need coding solution for " How to add a user to portal group with help of webdynpro"
    Any usefull link will also do.
    Pls anyone have any solution ??
    Thnks in advance.
    Rewards r waiting for u .

    Hi,
    Use UME api to add user to portal group.
    Using UME API:
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
    Regards,
    Naga

  • Add grid user to dba group

    Hello,
    After RAC installation, We are facing some cluster issues. After investigation, Oracle support suggested to add the grid user to the dba group. We missed to add the grid user to the dba user in most of the nodes. This is Linux Redhat 5.
    How can I add grid user to dba group and keep the grid user belonging to the other linux groups? what 's the correct command?
    Thanks,
    Diego

    Hi,
    As root:
    #### check before
    id  grid
    #### Change It
    usermod -a -G dba grid
    #### Check after
    id gridLevi Pereira

  • Remotely add Domain User to local group

    I've been playing with this for some time, and I seem to be missing something.  I am trying to develop a script that reads and XML file containing a list of computers, local groups, and names of domain users (and computers) to be added to the local
    groups.  I would like to be able to run this from a management workstation. 
    I've been working from these two posts.
    http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/19/use-powershell-to-add-domain-users-to-a-local-group.aspx
    http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx
    It appears that the command $objGroup = [ADSI]("WinNT://atl-fs-001/Administrators") only works locally.  I have not been able to figure out any format that allows me to get the information remotely.  So I figured I would use Invoke-Command
    to execute the two lines of code remotely. 
    Invoke-Command -ComputerName RemoteServer {
    $de = [ADSI]"WinNT://RemoteServer/Administrators,Group"
    $de.psbase.invoke("Add",([ADSI]"WinNT://Domain/User").path)
    (I am trying it first with fixed, valid values - change to variables when I get things figured out.)  That gave me the error:
    Exception calling "Invoke" with "2" argument(s): "Number of parameters specified does not match the expected number."
    +CategoryInfo :NotSpecified: (:) [], MethodInvocationException
    +FullyQualifiedErrorID :DotNetMethodTargetInvocation
    +PSComputerName :RemoteServer
    I need help on what to try next.
    Thanks.
    . : | : . : | : . tim

    I've been playing with this for some time, and I seem to be missing something.  I am trying to develop a script that reads and XML file containing a list of computers, local groups, and names of domain users (and computers) to be added to the local
    groups.  I would like to be able to run this from a management workstation. 
    I've been working from these two posts.
    http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/19/use-powershell-to-add-domain-users-to-a-local-group.aspx
    http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx
    It appears that the command $objGroup = [ADSI]("WinNT://atl-fs-001/Administrators") only works locally.  I have not been able to figure out any format that allows me to get the information remotely.  So I figured I would use Invoke-Command
    to execute the two lines of code remotely. 
    Invoke-Command -ComputerName RemoteServer {
    $de = [ADSI]"WinNT://RemoteServer/Administrators,Group"
    $de.psbase.invoke("Add",([ADSI]"WinNT://Domain/User").path)
    (I am trying it first with fixed, valid values - change to variables when I get things figured out.)  That gave me the error:
    Exception calling "Invoke" with "2" argument(s): "Number of parameters specified does not match the expected number."
    +CategoryInfo :NotSpecified: (:) [], MethodInvocationException
    +FullyQualifiedErrorID :DotNetMethodTargetInvocation
    +PSComputerName :RemoteServer
    I need help on what to try next.
    Thanks.
    . : | : . : | : . tim
    The ADSI commands work remotely as long as you are an administrator on the domain.
    Invoke-Command only works on systems set up for WinRM remoting and if you are an Administrator on the domain.
    Normally we would use AD and GP to add users to local groups.
    Your script is also incorrect.  Thisis the correct template.
    $remotepc='somepc'
    $de=[ADSI]"WinNT://$remotepc/Administrators,Group"
    $de.Add("WinNT://Domain/User")
    You should never the user to the admin group.  It is a formula for disaster.
    ¯\_(ツ)_/¯

  • Can't login to server while trying to add a new member to group.

    While trying to login to add another user to the enterprise group, "unexpected error" comes up hence can't login to create a new user, although sending the new user an invitation.
    Can someone please solve this asap?

    I figured it out. For any of you having problems with the new Sync (there are lots of posts out there from unhappy people) I have the fix.
    If you revert back to FF 28 everything works great. FF staff will tell you about the gloom and doom of using older versions. They don't seem too concerned that those of us who have relied on Sync for years and probably only use FF because of Sync are unhappy with the new less secure version and in my case can't even register a new account.
    I think you can get away with going up to higher versions and maintaining the old Sync. If anyone knows what the highest working version is please post it. I will probably upgrade one version at a time to see where it stops working and will post here.

  • API to add a user to a group

    By calling Engine.NewUser we can create a new user:
    Set user = Eninge.NewUser(userProfile)
    But the new user is not added as a member of any user groups. What are the APIs to add a user to a user group?
    Thanks for the help!
    Message Edited by Support on 03-07-2007 12:29 PM

    Thanks, Jon! I tried it out, and it worked. I have further questions about Teststand user management:
    1) I create a new user in sequence editor, say op. User op has no privileges when created. But if I log on as op, I still can acess Configur menu which I think I shouldn't. Is this a bug?
    2) Then I log on as administrator and add user op to two groups: Administrator and Technician, and then log on as op. Now op looks like administrator. What's the rule of user privileges overriding if a user is in a group or in more than one group?
    Message Edited by Support on 03-07-2007 02:50 PM

  • Error  message when trying to add new user

    Hello,
    Customer is working on 2005B (2005B 7.40.252 SP00 PL39).
    They are working on this database since 2009.
    No upgrade was recently done.
    when trying to add a new user they get athe following error:
    "A user was added outsite the application. Delet it, or preform'Restore Numbering' [Message 3512-7]"
    Could you please advice.
    Regards,
    Maya

    Hi Maya......
    Go to Administration--> Utility and select the restore no. series.
    Update this and try to add User.
    But do it first in your test DB.....
    Regards,
    Rahul

  • Wss3 -- get XML "gibberish" when trying to add new user to site

    Site Actions > Site Settings > People and groups > New
    Select "book" icon  under Users\Groups, add domain user (works fine). This is displayed in the "Users\Groups" box in Add Users. The text displayed in  "Users/Groups"  looks like this:
    <span tabindex="-1" title="Domain\User" class="ms-entity-resolved" id="spanDomain\User" contenteditable="false"><div id="divEntityData" style="display: none;
    Pressing "OK" returns "No exact match was found". Help!
    TIA,
    edm2

    hi edm2,
    i think you may need to open a new thread at IE forum also, perhaps there will be more detailed clue.
    http://social.technet.microsoft.com/Forums/ie/en-US/home
    meanwhile please work through these steps.
    1. From Internet Options> General > Browsing History> Delete (next screen) uncheck Preserve Favorites website data then check and delete Temporary Internet Files.
    2. Go to Internet Options> Security> Internet Zone, set it to Default.
    3. Check any third-party security programs to see if one of them is blocking scripts, scripting, active content. A number of security programs can be configured to block scripts.
    4. Try these two commands from Start> Run> cmd [enter]
    regsvr32 vbscript.dll    [enter]
    regsvr32 jscript.dll       [enter]
    5. See if a browser add-on is causing the problem.
    Start Internet Explorer without add-ons by right-clicking the IE icon on the desktop. Choose Start without add-ons.
    or
    from Start> Programs> Accessories> System tools> Internet Explorer (no add-ons)
    If the problem goes away, an add-on is causing it. 
    http://blogs.msdn.com/b/ie/archive/2006/07/25/678113.aspx
    Regards,
    Aries
    Microsoft Online Community Support
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Urgent Help needed! ADSI can't add local user to local group when there are variables

    Hi friends
    it about 8 hours i am working on following simple code but no result. i feel i am loosing my eyes
    i need to use a code within my PS script to add a Local user to the built-in "Users" Local Group in windows 7 , 8, 2012....
    the following code which the username is not related with any variable works fine.
    $computer = [ADSI]"WinNT://."
    $user = $computer.Create("User","MyLocaluser")
    $user.setinfo()
    $user.SetPassword("P@ssw0rd")
    $Group = [ADSI]"WinNT://./Users,Group"
    $Group.Add("WinNT://MyLocaluser,user")
    but in the 2 following scenarios (which Variables enter into codes), doesn't work: (for simplicity & be easier to read, i have bolded the only differences in my 3 scenarios for you
    Scenario1:
    $computer = [ADSI]"WinNT://."
    $user = $computer.Create("User","MyLocaluser")
    $user.setinfo()
    $user.SetPassword("P@ssw0rd")
    $Group = [ADSI]"WinNT://./Users,Group"
    $Group.Add("WinNT://$user,user")
    i checked, user is created but is doesn't become member of local "Users" group
    Scenario2 (which is my Real Scenario):
    $myVMnumber = read-host "enter your VMnumber"
    $computer = [ADSI]"WinNT://."
    $user = $computer.Create("User","MyLocalUser$MyVMnumber") ----># for example on VM2, will be created as "MyLocalUser2"
    $user.setinfo()
    $user.SetPassword("$MyVMnumber") # ---> so that the password of MyLocaluser be the digit 2
    $Group = [ADSI]"WinNT://./Users,Group"
    $Group.Add("WinNT://$user,user")
    what change should make to the code?
    Many thanks in advanced

    Is there some reason why you are posting the same question in multiple forums?
    I gave you the exact answer and a copy of tested code.
    Someone needs to merge these two threads:
    https://social.technet.microsoft.com/Forums/en-US/98ab1abd-ef62-4b95-b70c-a6f0120a155e/unable-to-add-local-usr-to-local-group-via-adsi?forum=winserverpowershell
    ¯\_(ツ)_/¯
    no it's the same powershell forum not multiple forums
    i had posed my question in previous threat
    https://social.technet.microsoft.com/Forums/en-US/98ab1abd-ef62-4b95-b70c-a6f0120a155e/unable-to-add-local-usr-to-local-group-via-adsi?forum=winserverpowershell
    but at the middle of the scenario, no one continue to investigate on my problem, so i started new threat to investigate on the rest of the problem, but finally you answered it & now this threat can be closed up
    many thanks for your helps. 

  • How to add the User in customized Group.

    Hi All,
         If we create any User in SAP Portal then that user is assigned to
    everyone group by default.Now i have one custom group,say 'ABC'.what i
    want is, which ever user is being created through SAP Portal should be
    added to this group.
    one way i think, is to create a webDynpro application which will add
    all the portal users to the customized group but the problem is how to
    run this appl.Continuously.
    regards,
    Mithileshwar

    Hi!
    I do the test here, try this:
    In group ABC, add Everyone role in Assigned Roles.
    In my case I’m using a role XXX in group Everyone and I configured all iViews for this role.
    Regards,
    Edson Thomaz

  • Fail to add domain user into local group - RPC server unavailable

    Hi all,
    I have a server-1 which is join to domain A. I need to add a domain user from domain B to my server-1 local group. I keep getting "The RPC server is unavailable" error message.
    But i try to use another server-2 which also belong to domain A and same network segment as server-1, i do not encounter this error while adding domain B user onto it.
    The problematic server-1 is a Windows 2008 R2 SP1 server. It is install with IIS and MS SQL database 2008.
    Just one thing i am guessing whether is it the cause of the problem. Before server-1 join to domain A, i did not disable windows firewall. I disable it only recently. Could this has cause the problem on my server-1?

    Let's recap to make sure I understand exactly what  you have going on:
    - Server 1 and Server 2 are both on Domain A and in the same site, behind the same firewalls
    - Adding a user from Domain B works on Server 1 but not Server 2.
    - You get an RPC error while adding Domain B's user on Server 2.
    Is Domain B on the other end of some firewall?
    - Can you do a portqry to a DC in Domain B from Server 2 (http://www.microsoft.com/en-us/download/details.aspx?id=17148)
    - Run this command: portqry -n <DomainBFQDN> -p both -o 53,135,389,3268
       - We are testing DNS, RPC, LDAP and GC.  Do you see anything come back as filtered or not listening?
    - Do the same thing from Server 1 and compare the results.
    This sounds like a connectivity problem.
    Chris Ream

  • How to add external user to the group programmatically in SharePoint?

    Hi all,
    I want add an external user to a sharepoint group:
    When I run the below code in ConsoleApplication the user will be added to the DemoGroup,
    but when I add my code to User Control and run the code on SharePoint it doesnt work and I get an error:
    The user does not exist or is not unique.<nativehr>0x81020054</nativehr><nativestack></nativestack>
    Now I change the code:
    SPUser user = spWeb.EnsureUser(userName);
    I get again an error:
    The Specified user i:0#.f|IT2S|Doe, John was not found.
    string extName = "Doe, John";
    string domainName = System.Environment.UserDomainName;
    // in sp this is way how we get the domain:
    //string domainName = System.Environment.GetEnvironmentVariables()["USERDOMAIN"].ToString();
    web.AllowUnsafeUpdates = true;
    string userName = string.Format("i:0#.f|{0}|{1}", domainName, extName);
    web.SiteUsers.Add(userName,"[email protected]", extName, "0222");
    SPUser user = web.SiteUsers[userName];
    if (user != null)
    web.Groups["DemoGroup"].AddUser(user);
    web.Update();
    web.AllowUnsafeUpdates = false;
    can anyone please help me and say why that not work? Or if someone have an idea?
    thank you in advance
    Ahmad
    SP 2013 & SPD 2013 & VS 2013 & MSSQL 2012

    Hi Linda Li,
    yes I solve the issue with FBA:
    http://chrisbarba.com/2013/07/16/sharepoint-2013-forms-based-authentication-fba/
    and
    http://sharepointsolutions.blogspot.de/2012/08/configuring-forms-based-authentication.html
    with above links I solved the task.
    Best Regards
    Ahmad
    SP 2013 & SPD 2013 & VS 2013 & MSSQL 2012

  • Error When trying to add new user field to OCHH table

    Hi
    can you please check the following code ? I am geting an error "Ref count for this object is higher than 0"
    Dim RetVal, ErrCode As Integer
            Dim ErrMsg As String
            Dim oUserFieldsMD As SAPbobsCOM.UserFieldsMD
            oUserFieldsMD = oCompany.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oUserFields)
            ' Adding "BPCode" field
            '// Setting the Field's properties
            oUserFieldsMD.TableName = "OCHH"
            oUserFieldsMD.Name = "OBJ"
            oUserFieldsMD.Description = "OB Code"
            oUserFieldsMD.Type = SAPbobsCOM.BoFieldTypes.db_Alpha
            oUserFieldsMD.EditSize = 2
            '// Adding the Field to the Table
            RetVal = oUserFieldsMD.Add
            '// Check for errors
            If RetVal <> 0 Then
                oCompany.GetLastError(RetVal, ErrMsg)
                MsgBox(ErrMsg)
            Else
                'chkUDOAfter.SetItemChecked(1, True)
                MsgBox("Field: '" & oUserFieldsMD.Name & "' was added successfuly to " & oUserFieldsMD.TableName & " Table")
            End If
    Thanks
    George

    Hi Denilo
    Your suggestion did not solve the problem . I want to add that the code works fine with user-tables but not when I try with OCHH
    Thanks
    George
    After alot of search
    GC.select
    Did the job
    Thanks again
    Regards
    George
    Edited by: George Pachakis on Sep 7, 2009 6:51 PM
    Edited by: George Pachakis on Sep 7, 2009 6:54 PM

Maybe you are looking for