booktrunk1 Absent Member.
Absent Member.
1413 views

Test user failed.

Hi setting up my first SSPR Server.

Treat me gently eDir is something i use but don't know as much as I should about.

I've created my proxy user, given them what i thought was appropriate access extended the schema ok.... Everything seemed to be going fine. Then I hit this error for the test user.... It's in the containter that i gave the sspr server access to. We have multiple containers just using this one and it says add extra once it's all installed so that's fine. So it all seems ok but i've done something wrong I guess with permissions when setting up my proxy user.

This is the screenshot of the error. OK it will only let me do that from a url he's a copy and paste of the screen.

LDAP Test User (Optional)
SSPR can periodically check the connection to your LDAP directory. To perform these checks, SSPR needs a test user account configured. This user account should be created amongst typical user accounts in the LDAP directory.
SSPR will modify the password of the test user account and perform other operations to verify the configuration and the directory's health. Many configuration settings can also be validated during this process.
This setting is optional but recommended. If you do not wish to configure a test user at this time, you can leave this setting blank for now and configure it later.
Example: cn=SSPR-Testuser,o=example

LDAP Test User DN
cn=sspr-test,ou=***,o=*** Browse

LDAP WARN Setting LDAP ⇨ LDAP Settings ⇨ NetIQ eDirectory ⇨ eDirectory Settings ⇨ Read User Passwords is enabled, however unable to read test user LDAP ⇨ LDAP Directories ⇨ default ⇨ Connection ⇨ LDAP Test User password due to error error reading nmas password: error -1659; check eDirectory proxy user LDAP permissions and eDirectory password policy configurations
LDAP Test User (Optional)


0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: Test user failed.

What rights did you give your Proxy user, exactly? I presume you have
Universal Password (UP) implemented in your system and that is applies to
your test user; you can test this in iManager by going to Passwords: Set
Universal Password: and then trying to set the user's password.
Alternatively under Passwords you can 'View Policy Assignments' and then
choose the user to verify a policy is assigned.

https://www.netiq.com/documentation/edirectory-9/edir_admin/data/b1j5v27h.html#b1j5vblm

For whichever policy is assigned, go into its settings and specify your
proxy user as a password admin able to retrieve passwords. It is visible
on that same page above but under "Universal Password Configuration
Options". Specify your proxy user and then see if SSPR is happier.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
JNCService Absent Member.
Absent Member.

Re: Test user failed.

This has to do with the proxy user having the right to read passwords via the Password Policy that is configured for that OU or users. In iManager check which password policy is assigned to that OU and configure it so that the SSPR-Test account can read the passwords.

Jeff
0 Likes
booktrunk1 Absent Member.
Absent Member.

Re: Test user failed.

Thanks Guys.

You were both right. I had given my proxy user access to one of our three password policies, but not the one that included my test user!! D'oh. So now I can go through and save it.
Now i'm setting up my password reminders for one of my admin users then i hope to be able to get to the screen to do some management with it. Beyond that just adding all our other OU's I guess it's nearly there.

I was going around in circles yesterday afternoon thanks 🙂
0 Likes
booktrunk1 Absent Member.
Absent Member.

Re: Test user failed.

Slowly getting there. More errors now similar thing now the users don't have permissions to write to their own ldap entries.

https://www.netiq.com/support/kb/doc.php?id=7013461
0 Likes
booktrunk1 Absent Member.
Absent Member.

Re: Test user failed.

Followed the guide..

It worked!! it's weird having [this] visible in iManager but it works 🙂

So is that it just tweak the config a bit and add all the other bits of my tree, and go through and do that same fix as above to each part of the tree that i want to make the changes for and it's done.
0 Likes
booktrunk1 Absent Member.
Absent Member.

Re: Test user failed.

booktrunk;2479041 wrote:
Slowly getting there. More errors now similar thing now the users don't have permissions to write to their own ldap entries.

https://www.netiq.com/support/kb/doc.php?id=7013461


Sorry this was the link that was needed to fix this issue. https://www.netiq.com/documentation/sspr3/adminguide/data/b14gnfe6.html#b15bfa44
0 Likes
Knowledge Partner
Knowledge Partner

Re: Test user failed.

Thanks for sharing your results; this is not uncommon, as doing rights
properly takes a bit more time than we may like, but it is always best
when done properly, so thanks for helping others who may follow your path.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.