While unlocking an account I am getting error message as :
LDAP: error code 19 - pwdFailureTime: no user modification allowed
Tried giving different values for the attribute 'pwdAccountlockedtime' on LDAP managed system from apache Directory Studio, but getting same error message.
Error Code 19 : constraintViolation
"Indicates that the client supplied an attribute value that does not conform to the constraints placed upon it by the data model." See OpenLdap Doc
You are not allowed to change pwdFailureTime. It is defined in the passwordpolicy.
Unlock User:
Modify userPassword with admin Privileges. Depending on your policy settings (passwordMustChange, etc.) user should change his initial password to a final (not initial Password). Then will be nsAccountLock "automatically" cleared.
Related
I was facing issue while login to Carbon Management Console
Version; WSO2 IS 5.10. 0 as Key Manager
Changes:
I have made Mysql database changes for WSO2AM_DB, WSO2Shared_DB,WSO2User_db in deployment.toml file.
When i tried login Management Console with default admin/admin credentials, I am getting error in UI:
Login failed! Please recheck the username and password and try again.
ERROR {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - System error while Authenticating/Authorizing User : com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
Also user store changes in deployment.toml cause error
Changes:
[user_store]
type = "database"
[user_store.properties]
TenantManager="org.wso2.carbon.user.core.tenant.JDBCTenantManager"
ReadOnly=false
ReadGroups=true
WriteGroups=true
scim_enabled = true
[realm_manager]
data_source = "WSO2USER_DB"
com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure normally means the configured database is not accessible.
Did you define the database.user configuration in the deployment.toml according to WSO2 jdbc user configuration guidelines? If this is already configured, check the configured connection url and network connectivity from WSO2-IS to userstore database.
The Peoplesoft Database, Application Server, and Web Server are up and running.
Unable to login to PIA as VP1 because of Authorization Error -- Contact your Security Administrator.
Below are the Application Server Logs:
PSAPPSRV.10180 (26) [2020-02-04T01:49:30.513 GetCertificate] z9skwzRuICAUWA 3282132548821545985 - (3) Returning context. ID=VP1, Lang=ENG, UStreamId=014930507_10180.26, Token=PSFT_EP/2020-02-03-17.49.30.000001/VP1/ENG/nE8KiNyFebhVeORMN7uI+lf5Xwo=
PSMONITORSRV.15420 [2020-02-04T02:21:55.691] - - - (2) (PerfMon Agent) Registered successfully
PSAPPSRV.10180 (29) [2020-02-04T02:58:16.275 GetCertificate] wLjLvrMO3yG3uQ 2085807486657797121 - (3) Returning context. ID=VP1, Lang=ENG, UStreamId=025816275_10180.29, Token=PSFT_EP/2020-02-03-18.58.16.000000/VP1/ENG/uXTGd2i5x206untuoiqPMRHPfgQ=
You usually get that error message when the users does not have any roles. Ensure that VP1 has roles assigned to it.
if you have database access, the following SQL may help:
-- Check if they have roles
select * from PSROLEUSER where ROLEUSER = 'VP1'
-- Check to see what permission lists the roles assigned to the user grant them.
select * from PSOPRCLS where OPRID = 'VP1'
I have setup Apache Drill version 1.15 in distributed mode on 3 nodes with ZK on the same 3 nodes.
Now, I am trying to configure Plain Authentication in Drill using PAM.
I already have 2 existing users in the 3 nodes with same password and they are present in /etc/passwd and /etc/shadow.
I have followed the steps mentioned here, to configure authentication setup on the Drill cluster.
But, on entering correct username and password, it throws Invalid Username/Password error.
My drill-override.conf looks like:
drill.exec: {
cluster-id: "[cluster_name]",
zk.connect: "[host1]:2181,[host2]:2181,[host3]:2181"
security.user.auth: {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam",
pam_profiles: [ "sudo", "[profile1]", "[profile2]" ]
}
}
I have set, user1 as an admin and user2 as normal user.
Is it that Drill, doesnt work with existing Users in the linux system and wants users to be created explicitly (which i really doubt), or anything else that I am missing?
pam_profiles is array of PAM profiles, not users.
Example of pam_profiles configs: pam_profiles: [ "sudo", "login" ]. See details in doc.
You can add other PAM profiles from your /etc/pam.d.
We perform migration from enterprise version Alfresco 4.2 to the 5.1.
There are two Active Directory domains (primary and child) in company, for this reason we configure two LDAP(AD) subsystems in Alfresco 5.1.
Structure of properties:
/opt/tomcat7/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap2
/opt/tomcat7/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1
Problem is that authentication and synchronistaion work only for one ldap-ad subsystem (ldap1 or ldap2), which have first place in the list of authentication chain (ldap1 and ldap2 don't work together).
Authentication chain screenshot
For a example, if ldap1 have first place in the list, that user's login from ldap2 fails (and conversely!).
In this case I look error in alfresco.log:
Caused by: net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext
My properties:
/opt/tomcat7/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/ldap-ad-authentication.properties
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s#fake.local
ldap.authentication.java.naming.provider.url=ldap://fake.local:***
ldap.authentication.defaultAdministratorUserNames=fake_user
ldap.authentication.java.naming.referral=follow
ldap.synchronization.java.naming.security.principal=fake_user#fake.local
ldap.synchronization.java.naming.security.credentials=somepassword
ldap.synchronization.groupSearchBase=ou=Archiv,ou=FileServerGroups,ou=Groups,dc=fake,dc=local
ldap.synchronization.userSearchBase=dc=fake,dc=local
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.userOrganizationalIdAttributeNameCustom=distinguishedName
ldap.synchronization.com.sun.jndi.ldap.connect.pool=true
/opt/tomcat7/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap2/ldap-ad-authentication.properties
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s#gss.fake.local
ldap.authentication.java.naming.provider.url=ldap://gss.fake.local:***
ldap.authentication.defaultAdministratorUserNames=fake_user
ldap.authentication.java.naming.referral=follow
ldap.synchronization.java.naming.security.principal=fake_user#fake.local
ldap.synchronization.java.naming.security.credentials=somepassword%
ldap.synchronization.groupSearchBase=ou=Archiv,ou=FileServerGroups,ou=Groups,dc=gss,dc=fake,dc=local
ldap.synchronization.userSearchBase=dc=gss,dc=fake,dc=local
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.userOrganizationalIdAttributeNameCustom=distinguishedName
ldap.synchronization.com.sun.jndi.ldap.connect.pool=true
alfresco-global.properties
### Authentication ###
#authentication.chain=ldap1:ldap-ad,ldap2:ldap-ad,alfrescoNtlm1:alfrescoNtlm
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad,ldap2:ldap-ad
Thanks in advance!
Finally, I resolved issue related to authentication users.
I put empty string of parametr:
ldap.authentication.userNameFormat=
for each LDAP subsystems in files ldap-ad-authentication.properties.
After, users from two ldaps could login successfully.
ldap.authentication.userNameFormat
Specifies how to map the user identifier entered by the user to that
passed through to LDAP. If set to an empty string (the default for the
ldap subsystem), an LDAP query involving
ldap.synchronization.personQuery and
ldap.synchronization.userIdAttributeName will be performed to resolve
the DN from the user ID dynamically. This allows directories to be
structured and does not require the user ID to appear in the DN.
If set to a non-empty value, the substring %s in this value will be
replaced with the entered user ID to produce the ID passed to LDAP.
This restricts LDAP user names to a fixed format. The recommended
format of this value depends on your LDAP server.
I am using FedEx (Plugin) in nopCommerce.And fill all the Necessary Details.and got error message (meter number in invalid) but when i change the url from https://wsbeta.fedex.com:443/web-services to https://gateway.fedex.com:443/web-services and now new error occur Authentication Failed. I check all the details
Twice.
And when i check admin-> system ->log
and found the the follow Details. Now I Face the problem with Authentication Failed. If u solve this please tell me how.
Log 1:
Log Level : Warning
Short message : Shipping (FedEx). Authentication Failed
Full message:
IP address: 127.0.0.1
Customer:
Page URL:
Referrer URL: /onepagecheckout
Created on: 9/15/2014 12:40:30 PM
Log 2 :
Log Level : Warning
Short message : Resource string (messages.order.product(s).shippingaddress) is not found. Language ID = 1
Full message:
IP address: 127.0.0.1
Customer:
Page URL:
Referrer URL: /onepagecheckout
Created on: 9/15/2014 1:02:52 PM
Thanks
First, make sure that your using your FedEx production credentials (key, password, account, and meter) as your test credentials will not work in their production environment.
Second, try using 'https://ws.fedex.com:443/web-services' instead of 'https://gateway.fedex.com:443/web-services'. From my understanding the 'gateway' endpoint is older.
Third, if your using the FedEx provided WSDL, you'll have to open and modify the endpoint binding located at the bottom on the WSDL file.