directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: [ApacheDS] - Account permanently locked
Date Thu, 07 Mar 2013 10:11:25 GMT
On Thu, Mar 7, 2013 at 2:45 PM, <Didier.TRESSE@solystic.com> wrote:

> Hi,
>
> I've installed an ApacheDS V2.0.0 M10 and use Apache Directory Studio
> V2.0.0 M3 to browse the LDAP Directory.
>
> I wanted to change the password of the system/admin user. As soon as I've
> validated the new password in Apache DStudio, the connection has been
> closed (right behavior ?) and now when I try to re-open the connection
>
no the connection will not be closed automatically
and I guess you have attempted to login with wrong credentials several
times hence the issue

> with the new password I got the following exception :
>
>  - [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
> permanently locked]
>   java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind
> failed: account was permanently locked]
>         at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1279)
>         at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
>         at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:450)
>         at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1174)
>         at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:459)
>         at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:307)
>         at
>
> org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:81)
>         at
>
> org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:123)
>         at
>
> org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
>
>   [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
> permanently locked]
>
>
> Is there a way to unlock this account ?
>
yes, please follow the below steps
1. stop the server if it is already running

2. open the config.ldif file present under conf directory of the server
installation

3. go to the LDIF entry with the DN
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config

4. change the value of ads-pwdLockout to FALSE

5. start the server

6. connect to server using new password (the account will be unlocked)

Now, if you want to re-enable the account lock feature

1. stop the server

2. go to the LDIF entry with the DN
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config

3. change the value of ads-pwdLockout to TRUE

4. start the server

> Is there a way to rebuild the default partition with original data and
> password ?
>
you don't need to do this if you follow the above steps

> Am I in huge trouble... and should I reinstall Apache DS from blank page
> (if yes, this does not give me confidence in the stability of ApacheDS)
>
> and am sure you are not in trouble :) hopefully the above solution might
give you a positive opinion

P.S:- having said that there should be an easy way to unlock in this kind
of situations, I will work on that

> Thanks in advance for any help.
>
> Did
>
> Ce message et toutes les pièces jointes (ci-après le "Message") sont
> confidentiels et établis à l'intention exclusive de leurs destinataires. Si
> vous avez reçu le Message par erreur, merci de l'indiquer à son expéditeur
> par retour et de procéder à sa destruction dans vos systèmes.Toute
> utilisation ou diffusion de son contenu non autorisée est strictement
> interdite. Tout message électronique est susceptible d'altération. SOLYSTIC
> décline toute responsabilité au titre du Message s'il a été altéré, déformé
> ou falsifié. SOLYSTIC ne saurait être tenue pour responsable, ni de la
> transmission erronée ou incomplète des informations contenues dans ce
> message, ni des délais de réception ou des dommages causés à votre système.
> SOLYSTIC ne garantit, ni que l'intégrité de la communication ait été
> maintenue, ni que cette transmission est exempte de virus, d'interceptions
> ou d'interférences.
>
> This message and any attachments (the "Message") are confidential and
> intended solely for the addressee(s). Any unauthorised use or dissemination
> of the Message is strictly prohibited. E-mails are susceptible to
> alteration. SOLYSTIC shall not be liable for the Message if altered,
> changed or falsified. SOLYSTIC shall not be liable for the improper or
> incomplete transmission of the information contained in the Message nor for
> any delay in its receipt or damage to your system. SOLYSTIC does neither
> guarantee that the integrity of the Message has been maintained, nor that
> this communication is free of viruses, interceptions or interferences.
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message