OpenLDAP

问题 I am trying to find out whether a user is disabled in ldap using ldapsearch utility but I have been unsuccessful so far. This is what i have got so far ldapsearch -h hostname -D 'Service Account' -b 'basedn' sAMAccountName='disabled user' -w 'password' # extended LDIF # # LDAPv3 # base <basedn> with scope subtree # filter: sAMAccountName=disabled user # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 I have even tried with -LLL nsaccountlock it give me nothing.

问题 I am trying to find out whether a user is disabled in ldap using ldapsearch utility but I have been unsuccessful so far. This is what i have got so far ldapsearch -h hostname -D 'Service Account' -b 'basedn' sAMAccountName='disabled user' -w 'password' # extended LDIF # # LDAPv3 # base <basedn> with scope subtree # filter: sAMAccountName=disabled user # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 I have even tried with -LLL nsaccountlock it give me nothing.

问题 I have created password policy by following procedure mentioned for OpenLDAP But I don't observed its effect when I change password of user through extended operation. I get the response control but it has only warning instead of error. So question is what is missing from my side ? How to enforce password policy to use extended operation for resetting password ? Once I define password policy would it be applicable for all existing users in OpenLDAP server? Or it will be applicable for new

问题 We could see attributes which are part of systemMayContain attributes list are user modifiable. If we consider the computer object class. Below is the definition of object class ( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY (cn $ networkAddress $ localPolicyFlags $ defaultLocalPolicyObject $ machineRole $ location $ netbootInitialization $ netbootGUID $ netbootMachineFilePath $ siteGUID $ operatingSystem $ operatingSystemVersion $ operatingSystemServicePack $

问题 Here is my LDAP ORG Structure: I created user with first, last name with password. But it is not working when am trying to connect using jdbc. Error says invalid credentials. Then I tried ldapsearch as follows: I followed this process for users and group creation: root@ip:/home# ldapwhoami SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database root@ip:/#

问题 I know this is more like a serverfault question than a stackoverflow question, but since serverfault isn't up yet, here I go: I'm supposed to move an application from one redhat server to another, and without very good knowledge of the internal workings of the application, how would I move the OpenLDAP database from the one machine to the other, with schemas and all. What files would I need to copy over? I believe the setup is pretty standard. 回答1: The problem with SourceRebels answer is that

问题 I am trying to create a new user using ldap by doing this: require 'net/ldap' ldap = Net::LDAP.new ldap.host = 'ldap' ldap.auth('uid=myuser,ou=users,dc=my,dc=domain,dc=com', 'mypass') ldap.bind # this executes successfully, up to this point, all is well dn = 'uid=newuser,ou=users,dc=my,dc=domain,dc=com' attributes = { cn: 'newuser', sn: 'surname', objectclass: ['top', 'agent'] } ldap.add(dn: dn, attributes: attributes) ldap.get_operation_result #=> #<OpenStruct code=21, message="unknown

问题 I'm trying to set the jpegPhoto attribute value to a person inside Openldap. I'm using the Novell Directory libraries, as I couldn't open a connection with the standard Microsoft library. I'm geting the picture as a byte array, and then I convert it to a base 64 string. Then, this value is used in the jpegPhoto attribute. However, it doesn't show properly later in JExplorer byte[] myPhoto = GetPicture(); string base64PhotoString = Convert.ToBase64String(myPhoto); attributeSet.Add(new

问题 I am working on a website to manage active directory. I want to check that whether user has permission to change password or not. So I have to find "ntSecurityDescriptor" property value after that I have to cast it into IADsSecurityDescriptor. Now if I use DirectorySearcher class then property value is of type System._ComObject and easily casted to IADsSecurityDescriptor . But when I use LdapConnection and SearchResponse I get property value of type. byte[] array which is unale to cast to

问题 I'm getting the below on trying to submit a login form. Does anyone know what causes this? Thanks. 2012-10-13 13:11:46.300:INFO:oejpjs.LdapLoginModule:Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: ou=people,dc=my-domain,dc=com 2012-10-13 13:11:46.307:INFO:oejpjs.LdapLoginModule:Found user?: true 2012-10-13 13:11:46.311:WARN:oejpj.JAASLoginService: javax.security.auth.login.LoginException: Login Failure: all modules ignored at javax.security.auth.login