000021441 - How to configure Novell eDirectory ConsoleOne-created users to be fully compatible with RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021441
Applies ToRSA ClearTrust 5.5.2
Novell eDirectory ConsoleOne
IssueHow to configure Novell eDirectory ConsoleOne-created users to be fully compatible with RSA ClearTrust
Passwords for users created via Novell eDirectory ConsoleOne cannot be modified by RSA ClearTrust Entitlements Manager (Admin GUI)
A user is added to eDirectory using ConsoleOne. An RSA ClearTrust administrator attempts to modify the password for the user via RSA ClearTrust Entitlements Manager (Admin GUI). Upon attempting to save the modified user, the Admin GUI responds that an error has occurred with the following: "NDS error: illegal attribute (-608) [Object class violation]".
CauseA user in ConsoleOne is based on the inetorgperson object class, but does not include the ctscUserAuxClass
ResolutionModify the definition of a user within ConsoleOne, by navigating to Tools --> Schema Manager, and directly add the attributes that are elements of ctscUserAuxClass, specifically, ctscAccountEndDate, ctscAccountStartDate, ctscFailedLoginCount, ctscLastResetDate, ctscLockoutExpirationDate, ctscPasswordCreationDate, ctscPasswordExpirationDate, ctscPasswordHistory, and ctscUserKeywords. Now, when a user is created via ConsoleOne, its able to be modified via the Admin GUI for password modifications.

NOTE: It may also be possible (TBD) to add a reference the ctscUserAuxClass as a whole.
Legacy Article IDa22981