Hi
nearly.
inetOrgPerson is subClassof user in the W2K3 LDF but user in that
LDF is not a bindable object in ADAM. You need to update your user
classSchema in ADAM e.g.
dn: CN=User,CN=Schema,CN=Configuration,DC=X
changetype: Modify
add: auxiliaryClass
auxiliaryClass: msDS-BindableObject
-
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
imported using (ignore line wraps below)
ldifde -i -f <file as above> -s <ADAMserver>:<ADAMport> -c
"CN=Schema,CN=Configuration,DC=X" #schemaNamingContext
Lee Flight
"Greg Bartholomew" <> wrote in message
news:...
>I just noticed that I didn't explicitly specify "objectClass: user" in my
>ldif but, even so, user is showing up in ADSI Edit on the objectClass
>attribute of my "root" account. It looks like inetOrgPerson is derrived
>from the user class so I am guessing that I shouldn't need to explicity
>list it during import to get the BindableObject auxillary class. Am I
>right?
>
> gb
>
> "Greg Bartholomew" <> wrote in message
> news:...
>> Tracing through things in AD Schema Analyzer and the LDF files, It looks
>> like I am supposed to be getting the msDS-UserAccountDisabled property
>> from the msDS-BindableObject auxillery class which in turn comes with the
>> securityPrincipal class which, according to the MS-AdamSchemaW2K3.LDF
>> appears to be tied to the User class (whew - with such levels of
>> complexity, I'm now supprised that any of it works at all). Anyway,
>> below is what I imported to create my inetOrgPerson account. Why do I
>> not seem to have the property in question?
>>
>> dn: cn=root,CN=Accounts,DC=X
>> changetype: add
>> cn: root
>> sn: root
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetOrgPerson
>> objectClass: sambaSAMAccount
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> gidNumber: 0
>> uid: root
>> uidNumber: 0
>> homeDirectory: /root
>> unixHomeDirectory: /root
>> displayName: root
>> sambaPwdLastSet: 0
>> sambaLogonTime: 0
>> sambaLogoffTime: 2147483647
>> sambaKickoffTime: 2147483647
>> sambaPwdCanChange: 0
>> sambaPwdMustChange: 2147483647
>> sambaHomePath: \\NIS\root
>> sambaHomeDrive: Z:
>> sambaProfilePath: \\NIS\profiles\root
>> sambaPrimaryGroupSID: S-1-5-21-3959745451-2085038887-806689059-512
>> sambaLMPassword: XXX
>> sambaNTPassword: XXX
>> sambaAcctFlags: [UX ]
>> sambaSID: S-1-5-21-3959745451-2085038887-806689059-500
>> loginShell: /bin/bash
>> gecos: Netbios Domain Administrator
>>
>> Thanks,
>> gb
>>
>> "Greg Bartholomew" <> wrote in message
>> news:...
>>> The "msDS-UserAccountDisabled" property that you speek of does not
>>> appear on my inetOrgPerson account in ADSI Edit. I got the
>>> inetOrgPerson schema from the MS-AdamSchemaW2K3.LDF that came with the
>>> Windows Server R2's ADAM installation. Do I need to import the
>>> MS-InetOrgPerson.LDF as well for this to work? Are the two LDFs
>>> compatable?
>>>
>>> Thanks,
>>> Greg
>>>
>>> "Lee Flight" <-nospam> wrote in message
>>> news:...
>>>> Hi
>>>>
>>>> is this inetOrgPerson from MS-InetOrgPerson.LDF that comes with or from
>>>> an LDIF that you have supplied? One thing to check immediately is that
>>>> the
>>>> msDS-UserAccountDisabled
>>>> of the account is not TRUE, as if an account is created, initially
>>>> without a valid password the account will be disabled.
>>>>
>>>> Lee Flight
>>>>
>>>> "Greg Bartholomew" <> wrote in message
>>>> news:...
>>>>> Hi,
>>>>>
>>>>> I've created an inetOrgPerson account in ADAM and used ADSI Edit to
>>>>> set the account's password but I cannot bind to the server using
>>>>> simple bind and the account. LDP just reports, "error 49 - invalid
>>>>> credentials". I'm connected to the server via ssl. Is there a trick
>>>>> that I am missing here?
>>>>>
>>>>> Thanks,
>>>>> Greg Bartholomew
>>>>> CS System Support
>>>>> SIUE
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Similar Threads
Linear Mode
