Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1065737
  • 博文数量: 239
  • 博客积分: 10
  • 博客等级: 民兵
  • 技术积分: 3618
  • 用 户 组: 普通用户
  • 注册时间: 2012-11-12 13:17
文章分类

全部博文(239)

文章存档

2021年(1)

2016年(1)

2015年(30)

2014年(91)

2013年(116)

分类: LINUX

2014-05-24 11:13:57

1.在tam里面修改一个用户密码一直报错
pdadmin sec_master> user modify 123 password wwwwww
Could not perform the administration request
Error: HPDMG0769E   There were insufficient LDAP access privileges to allow Tivoli Access Manager to create and delete entries in the registry. (status 0x14c01301)

2.查看people下权限
[root@tam bin]# ./ldapsearch -D cn=root -w wwwwww -p 389 -s base -b ou=People,dc=ibm,dc=com objectClass=* aclentry
ou=People,dc=ibm,dc=com
aclentry=group:CN=ANYBODY:normal:rsc:system:rsc:restricted:rsc

3.查看secauthority=default权限
[root@tam bin]# ./ldapsearch -D cn=root -w wwwwww -p 389 -s base -b secauthority=default objectClass=* aclentry
secAuthority=Default
aclentry=group:CN=REMOTE-ACL-USERS,CN=SECURITYGROUPS,SECAUTHORITY=DEFAULT:normal:rsc:system:rsc:at.secAcctValid:rwsc:at.secPwdFailCountTime:rwsc:at.secPwdFailures:rwsc:at.secPwdLastChanged:rwsc:at.secPwdLastFailed:rwsc:at.secPwdLastUsed:rwsc:at.secPwdUnlockTime:rwsc:at.secPwdValid:rwsc
aclentry=group:CN=IVACLD-SERVERS,CN=SECURITYGROUPS,SECAUTHORITY=DEFAULT:normal:rsc:system:rsc:at.userPassword:wc:at.secAcctValid:rwsc:at.secPwdFailCountTime:rwsc:at.secPwdFailures:rwsc:at.secPwdLastChanged:rwsc:at.secPwdLastFailed:rwsc:at.secPwdLastUsed:rwsc:at.secPwdUnlockTime:rwsc:at.secPwdValid:rwsc
aclentry=group:CN=SECURITYGROUP,SECAUTHORITY=DEFAULT:object:ad:normal:rwsc:sensitive:rwsc:critical:rwsc:system:rsc

4.修改权限ou=People,dc=ibm,dc=com权限
[root@tam bin]# ./ldapmodify -D cn=root -w wwwwww -p 389
dn: ou=People,dc=ibm,dc=com
changetype: modify
add: aclEntry
aclentry:group:cn=remote-acl-users,cn=SecurityGroups,secAuthority=Default:normal:rsc:system:rsc
aclentry:group:cn=ivacld-servers,cn=SecurityGroups,secAuthority=Default:normal:rsc:system:rsc
aclentry:group:cn=SecurityGroup,secAuthority=Default:object:ad:normal:rwsc:sensitive:rwsc:critical:rwsc:system:rsc
aclentry:group:cn=anybody:normal:rsc:system:rsc:restricted:rsc

5.再次执行命令
pdadmin sec_master> user modify 123 password wwwwww

6.登录webseal

输入用户和密码,登陆成功。

7.操作过程中注意查看tds日志,日志路径为下:
/home/idsldap/idsslapd-idsldap/logs/ibmslapd.log

阅读(2011) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~