1.在tam里面修改一个用户密码一直报错
pdadmin sec_master> user modify 123 password wwwwww
Could not perform the administration request
Error: HPDMG0769E There were insufficient LDAP access privileges to allow Tivoli Access Manager to create and delete entries in the registry. (status 0x14c01301)
2.查看people下权限
[root@tam bin]# ./ldapsearch -D cn=root -w wwwwww -p 389 -s base -b ou=People,dc=ibm,dc=com objectClass=* aclentry
ou=People,dc=ibm,dc=com
aclentry=group:CN=ANYBODY:normal:rsc:system:rsc:restricted:rsc
3.查看secauthority=default权限
[root@tam bin]# ./ldapsearch -D cn=root -w wwwwww -p 389 -s base -b secauthority=default objectClass=* aclentry
secAuthority=Default
aclentry=group:CN=REMOTE-ACL-USERS,CN=SECURITYGROUPS,SECAUTHORITY=DEFAULT:normal:rsc:system:rsc:at.secAcctValid:rwsc:at.secPwdFailCountTime:rwsc:at.secPwdFailures:rwsc:at.secPwdLastChanged:rwsc:at.secPwdLastFailed:rwsc:at.secPwdLastUsed:rwsc:at.secPwdUnlockTime:rwsc:at.secPwdValid:rwsc
aclentry=group:CN=IVACLD-SERVERS,CN=SECURITYGROUPS,SECAUTHORITY=DEFAULT:normal:rsc:system:rsc:at.userPassword:wc:at.secAcctValid:rwsc:at.secPwdFailCountTime:rwsc:at.secPwdFailures:rwsc:at.secPwdLastChanged:rwsc:at.secPwdLastFailed:rwsc:at.secPwdLastUsed:rwsc:at.secPwdUnlockTime:rwsc:at.secPwdValid:rwsc
aclentry=group:CN=SECURITYGROUP,SECAUTHORITY=DEFAULT:object:ad:normal:rwsc:sensitive:rwsc:critical:rwsc:system:rsc
4.修改权限ou=People,dc=ibm,dc=com权限
[root@tam bin]# ./ldapmodify -D cn=root -w wwwwww -p 389
dn: ou=People,dc=ibm,dc=com
changetype: modify
add: aclEntry
aclentry:group:cn=remote-acl-users,cn=SecurityGroups,secAuthority=Default:normal:rsc:system:rsc
aclentry:group:cn=ivacld-servers,cn=SecurityGroups,secAuthority=Default:normal:rsc:system:rsc
aclentry:group:cn=SecurityGroup,secAuthority=Default:object:ad:normal:rwsc:sensitive:rwsc:critical:rwsc:system:rsc
aclentry:group:cn=anybody:normal:rsc:system:rsc:restricted:rsc
5.再次执行命令
pdadmin sec_master> user modify 123 password wwwwww
6.登录webseal
输入用户和密码,登陆成功。
7.操作过程中注意查看tds日志,日志路径为下:
/home/idsldap/idsslapd-idsldap/logs/ibmslapd.log
阅读(2011) | 评论(0) | 转发(0) |