You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Di...@solystic.com on 2013/03/07 10:15:56 UTC
[ApacheDS] - Account permanently locked
Hi,
I've installed an ApacheDS V2.0.0 M10 and use Apache Directory Studio
V2.0.0 M3 to browse the LDAP Directory.
I wanted to change the password of the system/admin user. As soon as I've
validated the new password in Apache DStudio, the connection has been
closed (right behavior ?) and now when I try to re-open the connection
with the new password I got the following exception :
- [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
permanently locked]
java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind
failed: account was permanently locked]
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1279)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:450)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1174)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:459)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:307)
at
org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:81)
at
org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:123)
at
org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
[LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
permanently locked]
Is there a way to unlock this account ?
Is there a way to rebuild the default partition with original data and
password ?
Am I in huge trouble... and should I reinstall Apache DS from blank page
(if yes, this does not give me confidence in the stability of ApacheDS)
Thanks in advance for any help.
Did
Ce message et toutes les pi�ces jointes (ci-apr�s le "Message") sont confidentiels et �tablis � l'intention exclusive de leurs destinataires. Si vous avez re�u le Message par erreur, merci de l'indiquer � son exp�diteur par retour et de proc�der � sa destruction dans vos syst�mes.Toute utilisation ou diffusion de son contenu non autoris�e est strictement interdite. Tout message �lectronique est susceptible d'alt�ration. SOLYSTIC d�cline toute responsabilit� au titre du Message s'il a �t� alt�r�, d�form� ou falsifi�. SOLYSTIC ne saurait �tre tenue pour responsable, ni de la transmission erron�e ou incompl�te des informations contenues dans ce message, ni des d�lais de r�ception ou des dommages caus�s � votre syst�me. SOLYSTIC ne garantit, ni que l'int�grit� de la communication ait �t� maintenue, ni que cette transmission est exempte de virus, d'interceptions ou d'interf�rences.
This message and any attachments (the "Message") are confidential and intended solely for the addressee(s). Any unauthorised use or dissemination of the Message is strictly prohibited. E-mails are susceptible to alteration. SOLYSTIC shall not be liable for the Message if altered, changed or falsified. SOLYSTIC shall not be liable for the improper or incomplete transmission of the information contained in the Message nor for any delay in its receipt or damage to your system. SOLYSTIC does neither guarantee that the integrity of the Message has been maintained, nor that this communication is free of viruses, interceptions or interferences.
Re: [ApacheDS] - Account permanently locked
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 3/7/13 11:11 AM, Kiran Ayyagari a écrit :
> On Thu, Mar 7, 2013 at 2:45 PM, <Di...@solystic.com> wrote:
>
>> Hi,
>>
>> I've installed an ApacheDS V2.0.0 M10
ApacheDS 2.0.0-M11 has just been released, and I strongly suggest you
switch to this version...
Otherwise, Kiran has provided a workaround, but we most certainly will
implement a better solution in M12.
Thanks a lot for the feedback !
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: [ApacheDS] - Account permanently locked
Posted by Di...@solystic.com.
Hi,
I've followed the procedure and (of course :-)) it works.
Any ideas why the connection closed when changing the pwd ?
To prevent this, I'll create a second account with same privileges.
You're doing a very good job on these tools !
Did
De : Kiran Ayyagari <ka...@apache.org>
A : users@directory.apache.org
Date : 07/03/2013 11:11
Objet : Re: [ApacheDS] - Account permanently locked
Envoyé par : ayyagarikiran@gmail.com
On Thu, Mar 7, 2013 at 2:45 PM, <Di...@solystic.com> wrote:
> Hi,
>
> I've installed an ApacheDS V2.0.0 M10 and use Apache Directory Studio
> V2.0.0 M3 to browse the LDAP Directory.
>
> I wanted to change the password of the system/admin user. As soon as
I've
> validated the new password in Apache DStudio, the connection has been
> closed (right behavior ?) and now when I try to re-open the connection
>
no the connection will not be closed automatically
and I guess you have attempted to login with wrong credentials several
times hence the issue
> with the new password I got the following exception :
>
> - [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
> permanently locked]
> java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind
> failed: account was permanently locked]
> at
>
>
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1279)
> at
>
>
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
> at
>
>
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:450)
> at
>
>
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1174)
> at
>
>
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:459)
> at
>
>
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:307)
> at
>
>
org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:81)
> at
>
>
org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:123)
> at
>
>
org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
>
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
> permanently locked]
>
>
> Is there a way to unlock this account ?
>
yes, please follow the below steps
1. stop the server if it is already running
2. open the config.ldif file present under conf directory of the server
installation
3. go to the LDIF entry with the DN
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
4. change the value of ads-pwdLockout to FALSE
5. start the server
6. connect to server using new password (the account will be unlocked)
Now, if you want to re-enable the account lock feature
1. stop the server
2. go to the LDIF entry with the DN
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
3. change the value of ads-pwdLockout to TRUE
4. start the server
> Is there a way to rebuild the default partition with original data and
> password ?
>
you don't need to do this if you follow the above steps
> Am I in huge trouble... and should I reinstall Apache DS from blank page
> (if yes, this does not give me confidence in the stability of ApacheDS)
>
> and am sure you are not in trouble :) hopefully the above solution might
give you a positive opinion
P.S:- having said that there should be an easy way to unlock in this kind
of situations, I will work on that
> Thanks in advance for any help.
>
> Did
>
> Ce message et toutes les pièces jointes (ci-après le "Message") sont
> confidentiels et établis à l'intention exclusive de leurs destinataires.
Si
> vous avez reçu le Message par erreur, merci de l'indiquer à son
expéditeur
> par retour et de procéder à sa destruction dans vos systèmes.Toute
> utilisation ou diffusion de son contenu non autorisée est strictement
> interdite. Tout message électronique est susceptible d'altération.
SOLYSTIC
> décline toute responsabilité au titre du Message s'il a été altéré,
déformé
> ou falsifié. SOLYSTIC ne saurait être tenue pour responsable, ni de la
> transmission erronée ou incomplète des informations contenues dans ce
> message, ni des délais de réception ou des dommages causés à votre
système.
> SOLYSTIC ne garantit, ni que l'intégrité de la communication ait été
> maintenue, ni que cette transmission est exempte de virus,
d'interceptions
> ou d'interférences.
>
> This message and any attachments (the "Message") are confidential and
> intended solely for the addressee(s). Any unauthorised use or
dissemination
> of the Message is strictly prohibited. E-mails are susceptible to
> alteration. SOLYSTIC shall not be liable for the Message if altered,
> changed or falsified. SOLYSTIC shall not be liable for the improper or
> incomplete transmission of the information contained in the Message nor
for
> any delay in its receipt or damage to your system. SOLYSTIC does neither
> guarantee that the integrity of the Message has been maintained, nor
that
> this communication is free of viruses, interceptions or interferences.
>
--
Kiran Ayyagari
http://keydap.com
Ce message et toutes les pièces jointes (ci-après le "Message") sont confidentiels et établis à l'intention exclusive de leurs destinataires. Si vous avez reçu le Message par erreur, merci de l'indiquer à son expéditeur par retour et de procéder à sa destruction dans vos systèmes.Toute utilisation ou diffusion de son contenu non autorisée est strictement interdite. Tout message électronique est susceptible d'altération. SOLYSTIC décline toute responsabilité au titre du Message s'il a été altéré, déformé ou falsifié. SOLYSTIC ne saurait être tenue pour responsable, ni de la transmission erronée ou incomplète des informations contenues dans ce message, ni des délais de réception ou des dommages causés à votre système. SOLYSTIC ne garantit, ni que l'intégrité de la communication ait été maintenue, ni que cette transmission est exempte de virus, d'interceptions ou d'interférences.
This message and any attachments (the "Message") are confidential and intended solely for the addressee(s). Any unauthorised use or dissemination of the Message is strictly prohibited. E-mails are susceptible to alteration. SOLYSTIC shall not be liable for the Message if altered, changed or falsified. SOLYSTIC shall not be liable for the improper or incomplete transmission of the information contained in the Message nor for any delay in its receipt or damage to your system. SOLYSTIC does neither guarantee that the integrity of the Message has been maintained, nor that this communication is free of viruses, interceptions or interferences.
Re: [ApacheDS] - Account permanently locked
Posted by Kiran Ayyagari <ka...@apache.org>.
On Thu, Mar 7, 2013 at 2:45 PM, <Di...@solystic.com> wrote:
> Hi,
>
> I've installed an ApacheDS V2.0.0 M10 and use Apache Directory Studio
> V2.0.0 M3 to browse the LDAP Directory.
>
> I wanted to change the password of the system/admin user. As soon as I've
> validated the new password in Apache DStudio, the connection has been
> closed (right behavior ?) and now when I try to re-open the connection
>
no the connection will not be closed automatically
and I guess you have attempted to login with wrong credentials several
times hence the issue
> with the new password I got the following exception :
>
> - [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
> permanently locked]
> java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind
> failed: account was permanently locked]
> at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1279)
> at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
> at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:450)
> at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1174)
> at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:459)
> at
>
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:307)
> at
>
> org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:81)
> at
>
> org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:123)
> at
>
> org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
>
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
> permanently locked]
>
>
> Is there a way to unlock this account ?
>
yes, please follow the below steps
1. stop the server if it is already running
2. open the config.ldif file present under conf directory of the server
installation
3. go to the LDIF entry with the DN
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
4. change the value of ads-pwdLockout to FALSE
5. start the server
6. connect to server using new password (the account will be unlocked)
Now, if you want to re-enable the account lock feature
1. stop the server
2. go to the LDIF entry with the DN
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
3. change the value of ads-pwdLockout to TRUE
4. start the server
> Is there a way to rebuild the default partition with original data and
> password ?
>
you don't need to do this if you follow the above steps
> Am I in huge trouble... and should I reinstall Apache DS from blank page
> (if yes, this does not give me confidence in the stability of ApacheDS)
>
> and am sure you are not in trouble :) hopefully the above solution might
give you a positive opinion
P.S:- having said that there should be an easy way to unlock in this kind
of situations, I will work on that
> Thanks in advance for any help.
>
> Did
>
> Ce message et toutes les pièces jointes (ci-après le "Message") sont
> confidentiels et établis à l'intention exclusive de leurs destinataires. Si
> vous avez reçu le Message par erreur, merci de l'indiquer à son expéditeur
> par retour et de procéder à sa destruction dans vos systèmes.Toute
> utilisation ou diffusion de son contenu non autorisée est strictement
> interdite. Tout message électronique est susceptible d'altération. SOLYSTIC
> décline toute responsabilité au titre du Message s'il a été altéré, déformé
> ou falsifié. SOLYSTIC ne saurait être tenue pour responsable, ni de la
> transmission erronée ou incomplète des informations contenues dans ce
> message, ni des délais de réception ou des dommages causés à votre système.
> SOLYSTIC ne garantit, ni que l'intégrité de la communication ait été
> maintenue, ni que cette transmission est exempte de virus, d'interceptions
> ou d'interférences.
>
> This message and any attachments (the "Message") are confidential and
> intended solely for the addressee(s). Any unauthorised use or dissemination
> of the Message is strictly prohibited. E-mails are susceptible to
> alteration. SOLYSTIC shall not be liable for the Message if altered,
> changed or falsified. SOLYSTIC shall not be liable for the improper or
> incomplete transmission of the information contained in the Message nor for
> any delay in its receipt or damage to your system. SOLYSTIC does neither
> guarantee that the integrity of the Message has been maintained, nor that
> this communication is free of viruses, interceptions or interferences.
>
--
Kiran Ayyagari
http://keydap.com