I am using Keycloak with LDAP integration. I was synchronizing users successfully from ActiveDirectory. Then at some point when synchronizing all users, I started getting the error: Synchronization ignored as it's already in progress (in fact it is part of the success message) and users are not synchronised. Just before starting to get this error, I played a bit with LDAP provider Edit mode (not sure it's related to the problem).I set it to WRITEABLE, then to UNSYNCED. I deleted one of the users that were previously imported from LDAP, then I switched back to READ_ONLY and tried to get back the deleted user but instead got the synchronization issue. Any idea why I am receiving this error?
Turns out that this was a simple configuration issue. User federation provider property "Import Users" must be On. If users are synced, and then this property is turned Off, further attempts to synchronize users will get the message "Success! Sync of users finished successfully. Synchronization ignored as it's already in progress". The solution is to turn "Import Users" back to On. Thanks to the smart QA engineer who discovered this:)
did you checked the realm settings? I saw the same error and looking in the keycloak logs, showed me that a email in LDAP was not unique. So I disabled "login via email" in realm settings and "allowed duplicate emails" and it's working again
Related
I setup a peer-to-peer replication topology on 2 IBM LDAP servers (Version 6.4). It works, both ways, with simple attribute modifications like changing description or displayName attributes. But it blocks when I add a new entry on either server. I checked the logs and see an error 50 (insufficient access) for the change. The audit logs show an "extra" operational attribute, ibm-entryuuid, are added to the other server, which maybe causes the error.
It also blocks when I try to login on an account with an invalid password. I get an error 65 (object class violation). This is maybe because the password policy mechanism modifies/adds/deletes certain operational attributes(e.g. PWDFAILURETIME)
The schema files are the same for both servers. And both servers are cryptographically synched.
I use JXplorer to test. I use admin credentials.
What should I do to allow these operations to replicate? Thanks in advance for any help.
Update:
I have checked the supplier credentials and when I tried to change the ibm-slapdmasterdn and ibm-slapdmasterpw, I get an Already Exists error. What do I do?
I found the problem. I didn't quite understand what the credentials attributes meant until I re-read the IBM tutorial. I was trying to modify the replica DN to the admin DN, that's why I got the error.
It replicates smoothly now.
Recently, some colleagues have started working in my team, so I showed them the basics of drone, but when they wanted to access our drone server they get that message:
Login Failed. User limit reached
We login via Github and they have access to the repositories. In fact, one of them did commit something which run the job without any problems, he just could not see it as he could not login. Any ideas on why does he get that message? I have checked our configuration and it doesn’t seem to have any limit to the number of users on drone.
Looks like I reached the limits of the trial license.
I checked the limits of my current license at the /varz URL (eg. https://cloud.drone.io/varz)
Also, about the users seats and repos: https://docs.drone.io/enterprise/usage/
I have an RBAC access to Azure portal. Previously I was able to access storage account and blobs successfully. But suddenly I am unable to access container or blob. I am able to view the storage account listed for me, but cannot access it.
I get error as "Something went wrong while getting your resources. Please try again later." I tried refreshing, clearing cache and signing again. Still facing same issue.
In portal I get notification as "Refresh the browser to try again.
Microsoft_Azure_Storage extension failed to load"
There is no network issue, as I can access all other resources from portal at same point.
Also there is no Unauthorized access issue notification.
Unable to figure out what is the issue.
Any help highly appreciated.
I'd recommend checking the activity logs for recent RBAC changes in case if they happened and someone changed access to containers/blobs, here's how: https://learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report
I'd also recommend checking the list of roles/access you currently have by following these steps: https://learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report
If you are still experiencing the issue, in case if you have a co-admin, check if they are facing the same issues. if they are, please send me your subscription ID, link to this thread, and include attn Adam in the subject to AzCommunity[at]microsoft.com ?
I'll enable a free support ticket to quickly escalate it.
I hade the same issue while I was using VPN from Bangladesh. When I disconnected from the VPN, it works fine.
I have written my own windows service which interacts with a SQL database and updates it. The service was running fine and seems to be functioning correctly, however of late it seems to go down at random times and cannot restart due to the error designated in the question. I have tried various searches to fix this, but unfortunately I have come up with nothing. The aim is to eventually having this service running on my companies server, but I can't adjust any server settings, I am but a user on the server, so I have restrictions to some settings.
Any quick fixes, would be helpful!
Open the Services Manager. ( Win + R, then type services.msc )
Then right click on the SQL Server process and click Properties
Then go to Log On, and select This account:
Then click Browse, and add your username in the box. (Notice it should contain the domain, in my case is AD\myusername), then Check Names and accept.
Finally type your password in the other two fields, and that's it, you should have permission to start your process now.
Cheers!!
One issue for us was the format of the account user name, we initially used
domain\username
and got the 1069-logon error, then ultimately I tried validating the user name in the properties | logon tab of the Service (in Control Panel / Service Manager), using the "Browse" and "Search" for the user name and it turned it suggested and validated ok with the reverse format
username#domain
This also worked and resolved the 1069 error, and let us script the startup using sc.exe.
Error 1069 is vague and can have different causes. I am sharing my experience here.
I encountered this error when trying to get a service to run under my account (I am trying to get my services to see the same LocalDB as interactive processes running on my account for development purposes). I use an MSA (Microsoft Account) with Windows’s PIN login normally, so I rarely enter my Windows password. To resolve the issue, I locked my screen, selected Password input instead of PIN input, and then entered my password. I assume this somehow reminded Windows what my password was and made my local account more legit.
Before doing this, you need to configure the user account in question to have the Logon as Service privilege. To do this, open the Group Policy Editor. Expand Computer / Windows Configuration / Security Configuration / Local Policies / User Permissions Assignment and then open Login as Service. From there, you can add your user in question.
also check for "Deny Logon service" policy.
user should not be added over there
We had this issue as well because the account was set so that the password expired. After we updated the account to not expire and set the password this error stopped.
The account could also be locked out. To unlock it, you only need to change that user's password (new and old password can be the same).
What also worked for me was re-entering the password in the services->LogOn window. Even when you think the account and password is correct, re-entering it will re-grant the account permission to log on as a service.
When creating a new MVC app and clicking "change authentication".
After choosing "multiple organisations" clicking finish and logging in with my Microsoft account (the one used for Azure) I receive the following error:
User credential verification failed.
Error: Value cannot be null.
Parameter name: entity
Any ideas?
The error is very generic so has proved tricky to find a hint of what to try next.
EDIT:
I have remembered that I have Update 2 RC installed, so it's possible it's just a bug in the pre release.
Ok, I believe I have the answer to the issue.. Seems like this login dialog lets you log in using the Azure AD accounts, but also using Microsoft's accounts. And if you log in using the Microsoft account, it will give this error (even if this MS account has full access to your Azure account).
The solution is to go to the Active Directory in Azure and create a brand new account, mark it as a Global Administrator, then use that to log in when prompted in Visual Studio.
Microsoft has a write-up on the issue, describing the steps to go around it here:
http://www.cloudidentity.com/blog/2013/12/11/setting-up-an-asp-net-project-with-organizational-authentication-requires-an-organizational-account/
Restart VS. So that you wont get the same error again and clears the logged in user. You would need a user with Global Admin Rights in your Azure AD to login again.