When I change pwdChangedTime in Openldap, it gives an error like the following. How can I change the pwdChangetime value as admin without changing the user's password?
ldap_modify: Constraint violation (19)
additional info: pwdChangedTime: no user modification allowed
How can I change user's pwdChangedTime attribute in openldap 2.4.41?
As you already experienced pwdChangedTime is a special attribute set by the server, a so-called operational attribute. Normally this cannot be altered by a user application.
But OpenLDAP supports the so-called Relax Rules control which can be used if the bound client is authorized for manage operations.
When using OpenLDAP CLI tools you can simply use:
ldapmodify -e relax [..more options..]
I am configuring a CDR test env.I have enabled supplemental logging on the source table.Still the replicat process in complaining about before images not present.Any idea?
Database should be in archive mode and force logging mode.
I changed the privileges for the WMSvc account by following the advice in this question but after reading the documentation at MSDN it seems like this is not a recommended practice and it's better to add the "Replace a process level token" privilege for my account, which I've done and it's working.
What do I need to do to revert the privilege changes to WMSvc back to the defaults?
I think it has no extra privileges by default so you could try this command:
sc privs wmsvc /
You want to run "sc qprivs wmsvc" to list what it has on it before you remove them.
I am getting this error while connecting to IBM MQ. I know that this is because of privileges, but is there any way just to check the connection with IBM MQ?
Please suggest.
The 2035 suggests that your connection is getting to the QMgr. If you had the wrong channel name, host or port you would get back a 2059. The 2035 means that the connection made it to the listener, found a channel of the name that was requested and attempted a connection.
If you want to test past this point it will be necessary to either authorize the ID that you are using to connect or to put an authorized ID in the MCAUSER attribute of the channel.
For a detailed explanation of how the WMQ security works on client channels, see the WMQ Base Hardening presentation at http://t-rob.net/links.
If you enable authorization messages then the 2035 will show up in the event queue. Then you can look at the message and see what ID was used to connect and what options were used too. The 2035 might be because you asked for set authority on the queue manager or something else you aren't supposed to have. The authorization messages wil show you that.
You can also resolve this By setting mcauser('mqm') .. i was able to overcome 2035 error.
Define channel (channel1) chltype (svrconn) trptype (tcp) mcauser(‘mqm’)
Esp thanx to my SENIOR Bilal Ahmad (PSE)
You have to check the privileges with an MQ administrator.
You can use dspmqaut to check the grant.
Below is the sample to give user poc access to Queue Manager QM1 and Queue LQ1
# check the access right of user POC to QM1
dspmqaut -m QM1 -n LQ1 -t q -p poc
# if you want to give access, you should use
setmqaut -m QM1 -n LQ1 -t q -p poc <access Types>
# eg (put everything - in the real live scenario, choose only what you want to grant) :
setmqaut -m QM1 -n LQ1 -t q -p poc +put +get +browse +inq +set +crt +dlt +chg +dsp +passid +setid +setall +clr
Then dont forget to restart QM1 with
endmqm -i QM1
strmqm QM1
Finally, you should be able to proceed without error 2035.
I have been struggling with this for ages too. Eventually I found this solution. (If you can call turning off authentication a solution.)
I am using version
- IBM Websphere 9.1.0.201807091223
From IBM's website they advise turning connection authentication off!!!
Resolving the problem Disable channel authentication
You will need to disable connection authentication, at least
temporarily. There are known issues in FTM for Check with regard to
using MQ connection authorization. These problems are actively being
addressed and fixes will appear in a future fix pack. The target is
fixpack 3.0.0.8.
Steps to disable connection authentication: Open MQ command console
and type runmqsc ALTER
AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS)
CHCKCLNT(NONE) CHCKLOCL(NONE) Restart the queue manager for this
change to take effect.
Source http://www-01.ibm.com/support/docview.wss?uid=swg21962081
On this topic if you are using MQSeries 9.1 in a test or development environment you can disable channel authentication with the following approach :
. Launch MQ command line utility with the following :
runmqsc (for example runmqsc QM1)
. Disable authentication for all channels with the following command
ALTER QMGR CHLAUTH (DISABLED)
For a Q/Q-manager running on Windows, you may have to create the user on the Q/Q-manager machine [i.e. create a user on the Q-machine to match the user on the Q-client machine], and then add that user to the 'mqm' group on that machine.
Steps:
Ensure that the domain user that is being used to create the Q CLIENT [i.e. the user that the Q-client app is running under] also exists on the box with the Q/Q-manager. You may be able to just create a local user on the Q/Q-manager box [, or you may have to do some more complicated creation of an Active Directory user - I can't help you there].
On the Q/Q-manager box, add the user you have just created [or the existing one, if it already exists] to the mqm group. [On a Windows server box you will need to use the Microsoft Management Console (1. 'mmc' from the command line, 2. File > Add/Remove SnapOn > Local Users & Groups, 3. add user to group)]. The 'mqm' group should already exist on the Q/Q-manager machine.
Error MQRC 2035 basically means that your application has been able to connect to the queue manager, however due to certain absence of permissions/authorizations, it was unable to put/get/publish/subscribe messages.
To resolve this, at first, try these steps in order to disable the authorizations from queue manager and channel. Use this only if it isn't a production queue manager.
Always check the queue manager logs. It tells you exactly where you need to look into, and resolve the issue.
In this case, generally, you can issue the following commands after doing a runmqsc on the queue manager :
ALTER QMGR CHLAUTH(DISABLED)
Then set the chckclnt object(under authinfo) to optional
DISPLAY QMGR CONNAUTH
DISPLAY AUTHINFO(name-from-above) ALL //name from the first commands
ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)
REFRESH SECURITY TYPE(CONNAUTH)
SET CHLAUTH('*') TYPE(BLOCKUSER) ACTION(REMOVEALL)
This helps remove any blocks that the channel is creating against any user.
SET CHLAUTH(your channel name) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL)
This should resolve your issue, since we have disabled every authorization that an application has to pass in order to do anything on a queue manager.
Now, in case you are using a production queue manager, NEVER remove authorizations.
Go, and right click on any QM that you have configured in your MQ explorer. Go to the QM authority, and authority records. Click on create new user, and give the same name as the username your application is using. Select all the checkboxes, then copy from the space below all the commands that are given. Namely, setmqaut. Edit with your queue manager name, and issue them!
----Never give up, the answer is where you have not looked yet--------
Can anybody please tell me the registry setting(s) that are affected in Windows Mobile 6.1 when a user selects Start -> Settings -> Connections -> Wi-Fi and then changes the value of the "My network card connects to" drop down list on the "Network Adapters" tab?
I have a device that seems to default this to "The Internet" when in fact the Wi-Fi connects to the corporate network and I would like to be able to change this programatically rather than expecting 250+ users to have to do it manually every time they reboot their devices.
Thanks.
I'm not certain that it is a registry change, but if it is, it's easy to determine.
Use the remote registry editor and attach to the device
Save the entire registry to a file
Change the network settings
Save the registry again
Use your favorite diff program to compare the two files
I think you should be able to change this setting using provisioning xml, either via DMProcessConfigXML api, or by making a setup cpf with the xml in it and running it on the device. This post details how to build the xml into a cpf.
The CSP you would be interested in is the Wifi CSP
The 'Work Network' and 'The Internet' are metanetworks that are specified in the xml by guid, usually in the DestId parm. My answer to this question details the xml you can use to pass to DMProcessConfigXML to read the settings on the device to see what they are. Then you can build some xml to just set the right setting. I suspect that you would just need to set the DestId parm of the appropriate wifi entry to the 'Work Network' guid.
According to my registry comparison on WM5 (HTC Touch HD), corroborated by values in http://msdn.microsoft.com/en-us/library/bb737539%28v=MSDN.10%29.aspx, this setting is specified in the registry key:
HKEY_LOCAL_MACHINE\ControlPanel\WiFi\Ethernet\DestID.
"{436EF144-B4FB-4863-A041-8F905A62C572}" (default) The Internet
"{A1182988-0D73-439e-87AD-2A5B369F808B}" Work
I also tried a CE2003 device (Motorola MC50), but couldn’t detect any registry changes. The key above does not exist in the registry on this device.