directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Didier.TRE...@solystic.com
Subject Re: [ApacheDS] - Account permanently locked
Date Thu, 07 Mar 2013 14:01:11 GMT
Hi,

I've followed the procedure and (of course :-)) it works.

Any ideas why the connection closed when changing the pwd ?

To prevent this, I'll create a second account with same privileges.

You're doing a very good job on these tools !

Did




De :    Kiran Ayyagari <kayyagari@apache.org>
A :     users@directory.apache.org
Date :  07/03/2013 11:11
Objet : Re: [ApacheDS] - Account permanently locked
Envoyé par :    ayyagarikiran@gmail.com



On Thu, Mar 7, 2013 at 2:45 PM, <Didier.TRESSE@solystic.com> wrote:

> Hi,
>
> I've installed an ApacheDS V2.0.0 M10 and use Apache Directory Studio
> V2.0.0 M3 to browse the LDAP Directory.
>
> I wanted to change the password of the system/admin user. As soon as 
I've
> validated the new password in Apache DStudio, the connection has been
> closed (right behavior ?) and now when I try to re-open the connection
>
no the connection will not be closed automatically
and I guess you have attempted to login with wrong credentials several
times hence the issue

> with the new password I got the following exception :
>
>  - [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
> permanently locked]
>   java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind
> failed: account was permanently locked]
>         at
>
> 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1279)
>         at
>
> 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
>         at
>
> 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:450)
>         at
>
> 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1174)
>         at
>
> 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:459)
>         at
>
> 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:307)
>         at
>
> 
org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:81)
>         at
>
> 
org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:123)
>         at
>
> 
org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
>
>   [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
> permanently locked]
>
>
> Is there a way to unlock this account ?
>
yes, please follow the below steps
1. stop the server if it is already running

2. open the config.ldif file present under conf directory of the server
installation

3. go to the LDIF entry with the DN
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config

4. change the value of ads-pwdLockout to FALSE

5. start the server

6. connect to server using new password (the account will be unlocked)

Now, if you want to re-enable the account lock feature

1. stop the server

2. go to the LDIF entry with the DN
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config

3. change the value of ads-pwdLockout to TRUE

4. start the server

> Is there a way to rebuild the default partition with original data and
> password ?
>
you don't need to do this if you follow the above steps

> Am I in huge trouble... and should I reinstall Apache DS from blank page
> (if yes, this does not give me confidence in the stability of ApacheDS)
>
> and am sure you are not in trouble :) hopefully the above solution might
give you a positive opinion

P.S:- having said that there should be an easy way to unlock in this kind
of situations, I will work on that

> Thanks in advance for any help.
>
> Did
>
> Ce message et toutes les pièces jointes (ci-après le "Message") sont
> confidentiels et établis à l'intention exclusive de leurs destinataires. 
Si
> vous avez reçu le Message par erreur, merci de l'indiquer à son 
expéditeur
> par retour et de procéder à sa destruction dans vos systèmes.Toute
> utilisation ou diffusion de son contenu non autorisée est strictement
> interdite. Tout message électronique est susceptible d'altération. 
SOLYSTIC
> décline toute responsabilité au titre du Message s'il a été altéré, 
déformé
> ou falsifié. SOLYSTIC ne saurait être tenue pour responsable, ni de la
> transmission erronée ou incomplète des informations contenues dans ce
> message, ni des délais de réception ou des dommages causés à votre 
système.
> SOLYSTIC ne garantit, ni que l'intégrité de la communication ait été
> maintenue, ni que cette transmission est exempte de virus, 
d'interceptions
> ou d'interférences.
>
> This message and any attachments (the "Message") are confidential and
> intended solely for the addressee(s). Any unauthorised use or 
dissemination
> of the Message is strictly prohibited. E-mails are susceptible to
> alteration. SOLYSTIC shall not be liable for the Message if altered,
> changed or falsified. SOLYSTIC shall not be liable for the improper or
> incomplete transmission of the information contained in the Message nor 
for
> any delay in its receipt or damage to your system. SOLYSTIC does neither
> guarantee that the integrity of the Message has been maintained, nor 
that
> this communication is free of viruses, interceptions or interferences.
>



-- 
Kiran Ayyagari
http://keydap.com



Ce message et toutes les pièces jointes (ci-après le "Message") sont confidentiels et établis
à l'intention exclusive de leurs destinataires. Si vous avez reçu le Message par erreur,
merci de l'indiquer à son expéditeur par retour et de procéder à sa destruction dans vos
systèmes.Toute utilisation ou diffusion de son contenu non autorisée est strictement interdite.
Tout message électronique est susceptible d'altération. SOLYSTIC décline toute responsabilité
au titre du Message s'il a été altéré, déformé ou falsifié. SOLYSTIC ne saurait être
tenue pour responsable, ni de la transmission erronée ou incomplète des informations contenues
dans ce message, ni des délais de réception ou des dommages causés à votre système. SOLYSTIC
ne garantit, ni que l'intégrité de la communication ait été maintenue, ni que cette transmission
est exempte de virus, d'interceptions ou d'interférences.

This message and any attachments (the "Message") are confidential and intended solely for
the addressee(s). Any unauthorised use or dissemination of the Message is strictly prohibited.
E-mails are susceptible to alteration. SOLYSTIC shall not be liable for the Message if altered,
changed or falsified. SOLYSTIC shall not be liable for the improper or incomplete transmission
of the information contained in the Message nor for any delay in its receipt or damage to
your system. SOLYSTIC does neither guarantee that the integrity of the Message has been maintained,
nor that this communication is free of viruses, interceptions or interferences.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message