Chaos Eternal wrote:
> i think, the may be some problem if you set sAMAccountName inconsistent
> with userPrincipalName.
AFAIK sAMAccountName and userPrincipalName are independent can be set
according to completely different naming conventions. You should try out
what is possible using the MMC Use
Michael Ströder wrote:
> Geert Jansen wrote:
>
>> On a related note, you may be interested in my current project
>> Python-AD: http://www.boskant.nl/trac/python-ad/
>>
>
> How are you using Kerberos? Do you expect the user to run MIT's kinit
> before sending a SASL/GSSAPI bind request? Does
i think, the may be some problem if you set sAMAccountName inconsistent with
userPrincipalName.
BTW, If one Directory Server tells you that it UNWILLING TO PERFORM some
operations then you can not complete the same operations using ANY ldap
client!
On Dec 6, 2007 12:36 AM, Roland Hedberg <[EMAIL
Geert Jansen wrote:
>
> On a related note, you may be interested in my current project
> Python-AD: http://www.boskant.nl/trac/python-ad/
How are you using Kerberos? Do you expect the user to run MIT's kinit
before sending a SASL/GSSAPI bind request? Does it also work with
heimdal? Do you make us
Roland Hedberg wrote:
> On the topic python-ldap <-> AD:
>
> My problem is that I can add an entry using the User object class and
> attributes contained in that class without any problems.
>
> But when I try to add the samAccountName attribute and thereby the
> object class SecurityPrincipal the
Michael Ströder wrote:
> Also a reason why one should not bother with retrieving a recent AD
> schema at all. I vaguely remember even more mess with e.g. inetOrgPerson
> class when installing Exchange before W2K3R2 schema etc.
>
> Conclusion: Make your AD-specific scripts simply work even if it lo
Roland,
Michael Ströder wrote:
> Roland Hedberg wrote:
>> The error message I get is 'Server is unwilling to perform' which
>> doesn't really tell me a lot :-)
>
> Most times it also returns a numeric error code with that message. You
> could try to search for that. Also the guys in the AD newsgr
Roland,
Roland Hedberg wrote:
>
> I'm now convinced that this all comes down to LDAP schema problems.
Somewhat...I recommend not to care too much.
> The schema file I have describing the AD schema has samAccountName as an
> attribute in the 'securityPrincipal' aux class.
>
> But, it turns out
Michael Ströder wrote:
>
> Roland Hedberg wrote:
>> But when I try to add the samAccountName attribute and thereby the
>> object class SecurityPrincipal the server complains.
>
> Could you please post a small test script?
>
> Are you sure the value of the samAccountName does not collide with any
Roland,
Roland Hedberg wrote:
>
> But when I try to add the samAccountName attribute and thereby the
> object class SecurityPrincipal the server complains.
Could you please post a small test script?
Are you sure the value of the samAccountName does not collide with any
other user entry?
> The
10 matches
Mail list logo
