Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

NDS error: no access (-672):Insufficient Rights .I'am supervisor user?

170 views

Skip to first unread message

nicus...@hotmail.com

unread,

Jul 22, 2004, 6:54:07 AM7/22/04

Hello,
I receive this error when I try to import a LDIF file with users adn
groups from another LDAP.
The LDAP servers are in the same tree with the same context just installed
on another Win2K maschine.
LDAP 1 on Win2k Server 1 (o=CORPORATELDAP,ou=Groups,ou=Users)
Export LDIF file OK !
LDAP 2 on Wind2k Server 2(o=CORPORATELDAP,ou=Groups,ou=Users)
Import ->error message :
NDS error: no access (-672):Insufficient Rights
How to check i I'am supervisor to be able to Import/Export
The passsword is exported as well with the LDIF file?
How can I syncronize 2 LDAP severs to do this task automatical?
(USers,Groups.Passwords to be autmaticaly replicated to LDAP2)
I tryit to create Replica with iManager BUT does not work!!
I find a very nice tool on https://ldap2ldap.dev.java.net/
but not 100% finished .Why Novell does not support LDAP
syncronization/mirroring ??

Geoffrey Carman

unread,

Jul 28, 2004, 11:25:22 AM7/28/04

nicus...@hotmail.com wrote:

> Hello,
> I receive this error when I try to import a LDIF file with users adn
> groups from another LDAP.
> The LDAP servers are in the same tree with the same context just installed
> on another Win2K maschine.
> LDAP 1 on Win2k Server 1 (o=CORPORATELDAP,ou=Groups,ou=Users)
> Export LDIF file OK !
> LDAP 2 on Wind2k Server 2(o=CORPORATELDAP,ou=Groups,ou=Users)
> Import ->error message :
> NDS error: no access (-672):Insufficient Rights
> How to check i I'am supervisor to be able to Import/Export

Any eDir tool (NWadmin32, Console1, iManager) will allow you to see if
you have S rights to that container.

> The passsword is exported as well with the LDIF file?

Never, see below.

> How can I syncronize 2 LDAP severs to do this task automatical?

DirXML see below

> (USers,Groups.Passwords to be autmaticaly replicated to LDAP2)
> I tryit to create Replica with iManager BUT does not work!!

One tree or two trees?

> I find a very nice tool on https://ldap2ldap.dev.java.net/
> but not 100% finished .Why Novell does not support LDAP
> syncronization/mirroring ??

672 DS error is a catch phrase for any host of problems.

No access refers to the server not being able to get there from here,
as opposed to your account not having privelages.

Confirm that DS is in sync and healthy. (Search the KB on DS health
check). Then confirm that your replica rings are appropriate...

Re-reading your note, it is not clear, are your Win2K servers in one
tree or two seperate eDir trees? If one tree, then sync is a background
process that eDir takes care of.

If 2 trees, then you need a tool to sync them, like DirXML (free in the
Starter pack) or NSure Identity manager (Aka DirXML 2.0). There is an
NDS-NDS sync driver.

Passwords are stored as RSA key pairs, not as a reversible text string,
so there you will NEVER extract the passwords, just via LDAP.

If you use eDir 8.7.3 and enable Universal Password, there may be other
ways to extract the password, but not from the RSA hash. (UP uses 3DES
to encrypt the password in eDir).

0 new messages