Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-04-25

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:16 sayakb joined #openam
06:06 pfreixes joined #openam
06:11 aldaris joined #openam
06:26 rghose joined #openam
06:49 aldaris joined #openam
06:55 rghose Getting this when trying to change user password via ldaps (AD) on win2k8 r2 : Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception.  50
06:56 rghose Insufficient Access Rights: 00000005: SecErr: DSID-031A1190, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
07:05 aldaris right, that's an ACI problem normally
07:05 aldaris with AD that may be called "policy" or I don't know
07:05 aldaris check with your AD admin
07:05 rghose ok
07:14 asyd morning
09:45 rghose joined #openam
10:44 rghose joined #openam
11:00 aldaris joined #openam
11:11 rghose hey getting: -in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception.  53
11:11 rghose Unwilling to Perform: 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
11:11 rghose when I try changing password now!!
11:12 rghose other writes work fine, this is via ssl on AD 2k8 r2
11:12 aldaris what are you using to change the password?
11:20 rghose after login
11:21 rghose user logs in and then then tries to change the password
11:21 aldaris from the /idm/EndUser page?
11:21 rghose yeah
11:21 aldaris and you configured your data store to use SSL as well?
11:21 rghose yeah
11:22 rghose I can write however
11:22 aldaris if you do a netstat do you still see connections going out to :389?
11:23 rghose sam issue when I do  from /openam/idm/EntityEdit
11:23 rghose same*
11:23 rghose I am connecting to 636
11:24 aldaris and for connecting to AD what user are you using?
11:25 rghose yeah netstat has ESTABLISHED
11:25 rghose a user with administrative rights
11:25 aldaris are you _sure_
11:26 rghose I can change other attributes.
11:26 rghose Like e-mail
11:26 rghose It should block otherwise shouldnt it?
11:26 aldaris depends on how you've set it up really
11:26 aldaris go to Services tab, add Administration Console service
11:27 aldaris tick the box for prompting for old password
11:27 aldaris as a user can you reset the password then?
11:29 rghose Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception 19: 0000052D: AtrErr: DSID-03190F80, #1: 0: 0000052D: DSID-03190F80, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
11:29 rghose this is what I get now ^
11:29 aldaris constraint violation
11:30 aldaris guess you can't follow your password policies
11:31 rghose The password I used is a valid password for another user of the same AD!
11:31 rghose let me try again
11:35 aldaris interestingly enough my blog post actually details this error message
11:35 rghose yeah, found it
11:35 rghose however, when I set the same password from the AD
11:35 rghose it worls
11:50 rghose well, I removed all password restrictions and still getting the same error
11:50 rghose I set the password as 'q'
11:50 rghose Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception 19: 0000052D: AtrErr: DSID-03190F80, #1: 0: 0000052D: DSID-03190F80, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
11:53 rghose aah blog blog!
11:53 rghose one must read the blod
11:53 rghose blog*
11:55 rghose I ran the command
11:55 rghose net accounts /MINPWAGE:0
11:55 rghose but does not work now also :(
11:55 aldaris from an Admin CLI
11:58 rghose @aldaris: yep
11:58 aldaris great
11:59 rghose both from Administrative and Gpedit.ms
11:59 rghose msc*
11:59 rghose but still same error
11:59 rghose :(
12:00 aldaris I believe this is where your open source support ends :) Think about getting a subscription, looks like you could use it
12:01 rghose sure thing (y)
12:36 aldaris joined #openam
12:58 rghose joined #openam
13:19 rghose joined #openam
13:48 aldaris rghose: when will you learn: read my blog :)
14:08 rghose aah, dumb google
14:12 rghose well, just tried HOTP using those settings in your blog, not working
14:13 rghose I used demo@example.com, do I need to use proper user id and mail?
14:23 aldaris jjpp/kala/pdurbin/roysjosh: keep your eyes open next Monday for announcements
14:31 rghose tried TOTP too, but this does not seem to match
14:32 rghose :'(
15:07 * pdurbin can't wait for next Monday
15:08 aldaris :)
15:46 sayakb joined #openam
17:49 aldaris joined #openam
20:29 jfroot_ joined #openam
20:30 jfroot joined #openam
20:52 m0sf3t joined #openam
22:31 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary