• Ludo replied to the topic Force reset password in the forum OpenDJ 3 days, 22 hours ago

    If you must change the password with the old password and you don’t know the old password, then the user cannot change the password.
    The only option is for the Administrator to RESET the password (i.e. force a change without the old one).

  • Ludo replied to the topic Disable user in the forum OpenDJ 1 week, 5 days ago

    JNDI Tutorial :

    Operational Attributes

    Some directories have the notion of “operational attributes” which are attributes associated with a directory object for administrative purposes. An example of operational attributes is the access control list for an object.

    In the getAttributes() and search() methods, you can specify that all attributes…[Read more]

  • Ludo replied to the topic Disable user in the forum OpenDJ 1 week, 5 days ago

    There is no such thing as a "get-account-is-disabled" attribute.
    The "ds-pwp-account-disabled" attribute is an operational attribute. It must be requested specifically in the search request, and then the attrs.get() method will return it.
    Please check the Directory Server’s schema for the complete definition of these attributes.

  • Ludo replied to the topic Disable user in the forum OpenDJ 1 week, 5 days ago

    What does it mean, it doesn’t seem to be working ?
    Do you get an error when trying to add the attribute ?
    How do you check if the account is disabled ?

  • Ludo replied to the topic ds-pwp-warned-time in the forum OpenDJ 2 weeks, 2 days ago

    The ds-pwp-expiration-time is a virtual attribute that is computed based on the password policy and the password changed time.

    The “warned time” is a timestamp to track sent warning, and therefore will only be set in the entry when a warning is sent to the user.

  • Yes you can use other ports… ./setup --help for the usage and details !

  • Yes you can use other ports… ./setup –help for the usage and details !

  • There is actually no Null Pointer Exception but an Initialization Exception because the port 4444 is already in use (and this access is mandatory for administering the server).
    You can choose a different port when running setup. Just check the usage: ./setup –help.

  • Ludo replied to the topic lastlogintime in the forum OpenDJ 3 weeks, 2 days ago

    “Entry uid=usersearch,dc=identity,dc=sieltecloud,dc=it violates the Directory Server schema configuration because it includes attribute lastlogintime which is not allowed by any of the objectclasses defined in that entry”

    The error message is explicit, isn’t it ?
    It is not enough to create an attribute in the schema, you must allow it in…[Read more]

  • Active Directory has a different attribute to manage user’s passwords and will not accept hashed passwords.
    The only option to have identical passwords in OpenDJ and AD is to synchronise them through an external tool such as OpenIDM.

  • I think you’re query is ill-defined.

    Uniquemember is an attribute of a group. When filtering, you are retrieving Group entries.

    isMemberOf is a virtual attribute that is part of users (or possibly nested groups). You should use one or the other but not both in the same query.

    Finally, the whole query is an OR which means it has to evaluate all…[Read more]

  • Ludo replied to the topic replication without schema in the forum OpenDJ 3 weeks, 2 days ago

    Most likely, replication of schema is not working because of a missconfiguration or inappropriate administration command.
    Although OpenDJ 3.0 has a defect with its schema that is impacting online schema changes. A restart of the server usually restores a proper schema. This was fixed in the master.

  • I’m sorry but I don’t know this version.
    There is an identified issue in OpenDJ 3.0 when opening the Changelog and the file has a very specific size. You may have hit this issue. It’s been fixed in the master.

  • Ludo replied to the topic monitoring replication for HA in the forum OpenDJ 3 weeks, 2 days ago


    Yes it is possible to monitor replication. The information is available through the dsreplication status command or through regular monitoring information which can be accessed using LDAP (under cn=monitor), JMX and now REST (admin/monitor endpoint).
    Note that the missing change value may be very volatile… Because it’s a computation between…[Read more]

  • @andrew-schoewemsci-com If you are a customer, you should find the information about the repository with the appropriate dependencies in the Knowledge Base on BackStage.
    I’ve started documenting how to build a custom password scheme (as a side project), there is no ETA yet, but it’s very similar to writing a plugin, except that it extends the…[Read more]

  • There are no alternate way to have a back-link between groups and users. But the isMemberOf attribute has been designed to be able to answer membership queries efficiently.

    What kind of query are you doing ?
    What kind of performance hit are you seeing ?
    How many groups and what is the average and maximum size of the groups in your directory ?

  • Ludo replied to the topic replication without schema in the forum OpenDJ 3 weeks, 3 days ago

    No, this just indicates that you have (or have had) many different replicas in the life time of your replicated directory service.

  • Which version of OpenDJ are you using ?

  • Ludo replied to the topic replication without schema in the forum OpenDJ 3 weeks, 4 days ago

    It is not possible to enable replication without schema replication. The reason is that to be able to work properly, both servers must have identical schemas to perform identical schema validation, matching of attributes and ensure consistency of the data.

  • Ludo replied to the topic OpenDJ Restricted password list file in the forum OpenDJ 1 month ago


    Yes, OpenDJ has password validators that can be configured and enabled in password policies. One of them checks against a file (wordlist.txt). It’s name is dn: cn=Dictionary,cn=Password Validators,cn=config, and it’s disabled by default. You can change the file it checks against.

    I’ve been doing some research on lists of bad passwords and…[Read more]

  • Load More

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?