|Applies To||RSA ClearTrust 5.5.2|
Novell eDirectory ConsoleOne
|Issue||How to configure Novell eDirectory ConsoleOne-created users to be fully compatible with RSA ClearTrust|
Passwords for users created via Novell eDirectory ConsoleOne cannot be modified by RSA ClearTrust Entitlements Manager (Admin GUI)
A user is added to eDirectory using ConsoleOne. An RSA ClearTrust administrator attempts to modify the password for the user via RSA ClearTrust Entitlements Manager (Admin GUI). Upon attempting to save the modified user, the Admin GUI responds that an error has occurred with the following: "NDS error: illegal attribute (-608) [Object class violation]".
|Cause||A user in ConsoleOne is based on the inetorgperson object class, but does not include the ctscUserAuxClass|
|Resolution||Modify the definition of a user within ConsoleOne, by navigating to Tools --> Schema Manager, and directly add the attributes that are elements of ctscUserAuxClass, specifically, ctscAccountEndDate, ctscAccountStartDate, ctscFailedLoginCount, ctscLastResetDate, ctscLockoutExpirationDate, ctscPasswordCreationDate, ctscPasswordExpirationDate, ctscPasswordHistory, and ctscUserKeywords. Now, when a user is created via ConsoleOne, its able to be modified via the Admin GUI for password modifications.|
NOTE: It may also be possible (TBD) to add a reference the ctscUserAuxClass as a whole.
|Legacy Article ID||a22981|