IdM 6.0 SPE SP1 querying LDAP for changenumbers
We are using IdM 6.0 SPE SP1 to manage creates and updates to a Sun One Directory Server 5.2. In looking at the access logs, we are seeing lots of LDAP queries for cn=changenumbers. What is changenumber being used for? We are not using ActiveSync or any other sync.
Any insight would be greatly appreciated.
Here is a snippet of the access log:
[07/Feb/2007:17:06:20 -0800] conn=154495 op=10 msgId=11 - RESULT err=0 tag=101 nentries=1 etime=0
[07/Feb/2007:17:06:23 -0800] conn=154495 op=11 msgId=12 - SRCH base="cn=changenumbers,ou=system,ou=spe,o=spe.xxx.com" scope=0 filter="(objectClass=*)" attrs=ALL
[07/Feb/2007:17:06:23 -0800] conn=154495 op=11 msgId=12 - RESULT err=0 tag=101 nentries=1 etime=0
[07/Feb/2007:17:06:27 -0800] conn=154495 op=12 msgId=13 - SRCH base="cn=changenumbers,ou=system,ou=spe,o=spe.xxx.com" scope=1 filter="(objectClass=*)" attrs=ALL
Answer courtesy of IDM Engineering:
"Changenumbers" is used for storing the lastMod counters when using Service Provider Edition. Obviously, this entry is read frequently to verify that the cache is up-to-date (i.e. by comparing the lastMod counters in the cache and the entry).
You shouldn't worry about the performance hit. This is a base object search (i.e. it can only return at most 1 entry)
Similar Messages
-
External LDAP for authentication
Hi All,
I want to use external ldap for authentication purpose with Access Manager.
I tried adding this external ldap as a secondary ldap but couldn�t succeed.
If I add this ldap in the primary ldap along with the AM�s own ldap, this also fails to authenticate users from the external ldap.
How can I achieve this?
I read many topics in this forum regarding this but none of them explain how it can be achieved.
Please suggest.
Thanks in advance.This is what the amconsole log says:
ERROR: ConsoleServletBase.onUncaughtException
java.lang.NullPointerException
at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.constructFilter(LDAPv3Repo.java:3126)
at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.search(LDAPv3Repo.java:1996)
at com.iplanet.am.sdk.AMDirectoryManager.search(AMDirectoryManager.java:1938)
at com.sun.identity.idm.AMIdentityRepository.searchIdentities(AMIdentityRepository.java:221)
at com.sun.identity.console.idm.model.EntitiesModelImpl.getEntityNames(EntitiesModelImpl.java:139)
at com.sun.identity.console.idm.EntitiesViewBean.getEntityNames(EntitiesViewBean.java:222)
at com.sun.identity.console.idm.EntitiesViewBean.beginDisplay(EntitiesViewBean.java:177)
at com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
at jsps.console._idm._Entities_jsp._jspService(_Entities_jsp.java:86)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:133)
at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:149)
at com.sun.identity.console.idm.HomeViewBean.forwardTo(HomeViewBean.java:109)
at com.sun.identity.console.realm.RealmPropertiesBase.nodeClicked(RealmPropertiesBase.java:90)
at com.sun.web.ui.view.tabs.CCTabs.handleTabHrefRequest(CCTabs.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580) -
Using Dynamic Groups in Ldap for Accounts and Roles
Does anyone currently use dynamic groups in LDAP for accounts and roles? I have set up a dynamic group in ldap (we are using OID Oracle internet Directory 10.1.2.0) , ldapsearch returns the correct list of unique names, but the account does not appear on my profile page when I log in to UCM (10.1.3). I cannot find any documentation so I'm asking myself if it is supported .....
Thanks tim ... will check, but Oracle are saying :
Oracle Universal Content Management - Version: 7.5.1
Information in this document applies to any platform.
Product: Content Server
Version: 6.0
Goal
Can the Content Server's LDAP provider support, or can it be configured to support, dynamic LDAP groups?
Solution
The Content Server by itself is unable to process dynamic LDAP groups since the filter that is used cannot read dynamic groups. However, dynamic groups can still work in the Content Server if the permissions for the queried user are generated on the LDAP server side. For example: Novell and Active Directory both have this functionality.
to which I have replied you suport 3rd party ldaps, but not your own? Shurely shome mishtake ..... if ldap search works in a seamless way, surely provider should too ....
Billy, you may well be right, just got a cashflow problem over here ! -
Querying LDAP based on a timestamp
How do I query ldap server for entries that are modified after a particular interval. The >= <= usage in filter expression is giving a syntax error. Should I use extensible matching rules ?
Thanks,
RaviYes but you modifytimestamp must be indexed and it is not the case by default in oracle.........
You must run a unix shell script to recreate index.
Fred -
Invalid resource 'LDAP' for user
Hi all,
I want to integarate IDM with LDAP.Test connection is working when i intergarate with LDAP.I got the status as "succeeded" on full reconcilation and I was able to create users through IDM.I could see the users created in LDAP too...In IDM when i click assignments tab i get "Inalid resource 'LDAP' for user '12121'.Here,'12121'is my account id. I don't know wat mistake i have made.Please anyone of u help me out in this problem.hehehe... no problem.
There's a flag somewhere that gives you the option of omitting the domain. If you do, it defaults to the domain that the content server is on. I think you can get there from the "active directory" config link at the top of the "filter debug" administration page. Its kind of buried... -
Mavericks Server, separate OU in LDAP for Teachers, Students
We are a school using Mavericks Server 10.9.4: 1 Master, 4 Replicas, 7 facilities, 1700 Users. OD manages our LDAP user database. We need to put teachers/staff into a separate OU in LDAP from the students. Reason is we use WebHelpDesk and CASPER, which also reference LDAP for their User Data and we can't have Student Accounts in those applications. I don't have the first idea where to start. Any help is MUCH appreciated.
Hi,
the form alone will only help you with IDM just like you experienced. The reason is that in LDAP and AD what you are trying to do is not an update but a rename in IDMs terminology.
So what you have to do is:
Find out that the user has to move and move him in IDM in the form. Put a field in your form like issueRename and set it to true.
Clone your updateUser workflow and add a new activity issueRename. In the provisioning activity insert a new transition to issueRename if user.issueRename equals true.
The new activity checks out a rename view modifies it and checks it back in to then continue where the provisioning activity would have gone if you had not inserted the rename step.
To figure out how to manipulate the view to reach your goal use the bpe on a user with AD and LDAP and check out his rename view. Modify it, save it and check if it worked. When you got it working do the same what you did in bpe interactivly with a script action between renameView checkout and checkin.
Regards,
Patrick -
IBM RACF as LDAP for Portal EHP1
hi,
we want to use our RACF LDAP for the user authentication for our SAP portal 7.0.
But the UME in the portal should be used for all roles etc.
Is this possible and how do we implement this?
Thank you very muchEven if you connect your portal to an LDAP server, you store the portal roles in the portal database itself.
You may choose to assign the portal roles to a portal group, an LDAP group or an LDAP user.
I don't see IBM RACF in the certified directory servers list from SAP.
If it is one of the SAP certified directory servers, you can use the delivered data source configuration files to establish the connectivity.
In your case, select the closest one possible from the delivered datasource configuration files and customize according to your needs.
Please refer to SAP Note 673824 (section for Certified Directory Servers) for information on the certified directory servers.
Please see the following links on how to connect your portal to LDAP server.
http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=13710
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
Do you have SAP IDM in place ?
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/20a1f8ad-e742-2c10-0e9b-e4e2a21ba96f?QuickLink=index&overridelayout=true
Thanks,
Shanti -
Hi All
I am doing user provisioning of SUN IDM to SUN LDAP. But In LDAP i am storing unix user. When you create any user in LDAP for UNIX then you have to specify UID, GID ,Home directory.
Same thing i m try to create user in LDAP for unix through SUN IDM.
But I am not able to enable checked box for unix user in posix user information.
By default this check box is disable. we have to enable manually this check box if u want to create a user for unix in LDAP.
I want to change this check box disable to enable by default.
it is very urgent.
I am not getting any doc related doc or other thing.
thanks
SAiniWe have so few customers using ADAM now that LDAP to AD is supported I forgot this. However to note: this means managing an entire new directory separate from your multiple AD forests.
http://technet.microsoft.com/en-us/magazine/2009.04.schema.aspx?pr=blog
Regards,
Tim -
Error while running a query-Input for variable 'Posting Period is invalid
Hi All,
NOTE: This error is only cropping up when I input 12 in the posting period variable selection. If I put in any other value from 1-11 I am not getting any errors. Any ideas why this might be happening?
I am getting the following error when I try and run a query - "Input for variable 'Posting Period (Single entry, mandatory)' is invalid" - On further clicking on this error the message displayed is as follows -
Diagnosis
Variable Posting Period (Single Value Entry, Mandatory) is used as a lower limit (X) and an upper limit () in an interval selection. This limit has the value #.
System Response
Procedure
Enter a different value for variable Posting Period (Single Value Entry, Mandatory). If the value of the other limit is determined by another variable, you can change its value also.
Procedure for System AdministrationOK.
Well, if the variable is not used in any interval selection, then I would say "something happened to it".
I would make a copy of the query and run it to check if I get the same problem with period 12.
-> If not, something is wrong in the original query (you can proceed as below, if changes to original are permitted).
If so, then try removing the variable completely from the query and hardcode restriction to 12.
-> If problem still persists, I would have to do some thinking.
If problem is gone, then add the variable again. Check.
-> If problem is back, then the variable "is sick". Only quick thing to do, is to build an identical variable and use that one.
If problem also happens with the new variable, then it's time to share this experience with someone else and consider raising an OSS.
Good luck!
Jacob
P.S: what fisc year variant are you using?
Edited by: Jacob Jansen on Jan 25, 2010 8:36 PM -
SAP QUERY report for vendor line items
Hi
I have created a SAP QUERY report for vendor line items with fields vendor no.,vendor name,amount,company code and period.But there is one line item i donot know from wher system is getting it picked with is not in that vedor account,when i compare with fbl1n.I checked the document number too...the same doc number is twice in my query report.One with correct amount and another with wrong one.How do i chk.Where did i go wrong in creating query.I used logical database KDF.
Please advise.i chked...how do we get the amount displayed in query...it just displays amount no debit credit symbol... i have selected BSEG-DMBTR field but no -/+ sign,how is it done in query,please suggest.
-
Is it too much to ask MS for a simple ad-hoc query tool for end users?
Hello
This is a general MS BI topic and not specific to Power Query, but I couldn't find a more suitable general forum for it.
This posting is the result of the frustration I have with MS BI stack, whereby a simple ad-hoc drag and drop query tool to get the data in a table format (preferably from a relational
data source) is missing, something that other big vendors have, such as SAP Business Objects Universe and the associated tools. The deprecated SSRS Report model and SMDL was the closest MS ever got to this functionality (although that had some limitations
too), which unfortunately is dead now in favour of all sort of "Power" tools that basically can’t deliver the same functionality.
The requirement is pretty simple: provide users with a tool that they can drag and drop fields from different entities in a data model without having to worry about entity relationships and
apply necessary filters and get the data out in Excel or CSV, no fancy (or even simple) aggregation or formatting is required, and users should only see the rows they are authorized to see, i.e. row level security (RLS) of data.
Let’s see what we have at our disposal from MS BI:
From the modeling perspective, we have relational models in the database that support RLS with views, but obviously cannot maintain PK-FK relationships in the database model between views. Other
models are .Net Entity Data model Framework model exposed as OData, and SSAS tabular, SSAS PowerPivot, SSAS multidimensional, which you can find a good comparison of their features here:
http://www.sqlchick.com/entries/2012/3/4/decisions-powerpivot-ssas-tabular -or-ssas-multidimensional-m.html
From the tools perspective we have:
Power Query on top of a relational database (SQL Server): Can connect to relational databases easily, generated queries are optimal, detects relationships with entities, but only when entities
are tables and have PK-FK relationships enforced in the database. So can’t detect relationships with views and hence can’t enforce RLS, so this is not an option unless users keep joining entities, which is not a desirable option either.
Power Query on top of an OData: Works well except that queries generated for multiple entity expansion are terrible (look here for more details:
http://social.technet.microsoft.com/Forums/en-US/7a8b8e52-d3a9-42af-bc52-9d5459c00529/odata-multilevel-expand-query-issue?forum=powerquery). In addition all filtering and projections are done at client side, so even if you want 1 row out of 1 million, all
rows are brought over to Excel before filtered. Overall this results in unacceptable performance even for small sized data.
Power Query on top of a tabular model: Doesn’t support that type of data source yet (http://social.technet.microsoft.com/Forums/en-US/ebcccb5e-7058-4046-917d-3d7fcf60cbdc/tabular-model-as-data-source-for-power-query?forum=powerquery).
Even if it did, tabular models don’t support Many-to-Many relationships out of the box and not sure if there are plans to support tabular models in Direct Query mode in Power Query to take care of RLS.
Excel on top of tabular models or multidimensional models: The tabular model should not be in Direct Query mode and you only get to use PivotTable to query the model. PivotTables are not famous
for generating optimal MDX queries, so performance is not going to be acceptable if you are dealing with large dimensions, especially large junk and degenerate dimensions. You can use drilltrough to get details of a measure, but you have to specify the columns
for a drilltrough action upfront, no flexibility for users to select what they want to see.
PowerPivot on top of relational databases: The query designer cannot detect relationships between views, so users have to perform manual joins, not an option.
PowerPivot on top of a multidimensional or tabular model: The query designer doesn’t generate optimal MDX queries by drag and drop. Especially there doesn’t seem to be a way to add related
attributes of a dimension attribute to the query without cross joins which results in poor performance on large dimensions. Other issues found here
http://sqlblog.com/blogs/marco_russo/archive/2010/08/24/using-ssas-2005-2008-as-powerpivot-data-source-query-designer.aspx. In addition the result set has ugly column names and issues with data types, such as interpreting numeric data types as Text, and
there’s no straight forward way of getting the data from PowerPivot directly to Excel. The user either has to do a copy/paste (which doesn’t work on large datasets) or create a pivot table, bring the measure, and drillthrough the measure to get the details
in table format.
PowerPivot with OData: Treats every entity as a separate table to import, not suitable for our use case.
Report Builder and SSRS on top of relational, multidimensional or tabular model: Given the query designer is the same as PowerPivot, it has similar issues. In addition, there are 4 more steps
from designing a query to generating an Excel or CSV output, not an option.
PowerView: Works against tabular and multidimensional models, but there’s no way of exporting data to Excel sheet. Besides the add-in is not available for Excel 2010.
Good old MS-Access: Link to tables and views through ODBC, create relationships between entities and give each user a copy of that Access database to create their queries, and deal with the
nightmares of updates to the model and distribution of new models to the users! Did I mention Access as an option?
So there you go, 10 options, none of which can deal with a seemingly simple use case sufficiently. At the moment, the best among them appears to be option 6 against a heavily optimized OLAP
cube, and perhaps #3 when/if Power Query support for tabular models in direct query mode arrives. Perhaps I am missing something very obvious, and would like someone to enlighten me here.
Thanks
MRHi, as far as I can infer, that term means it's not loading any resources until needed, opposite of this...
-bind_at_load
Sets a bit in the mach header of the resulting binary which tells dyld to bind all symbols when the binary is loaded, rather than lazily.
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man1/ld.1.html
Load resources lazily.
You should never load a resource file until it is actually needed. Prefetching resource files may seem like a way to save time, but this practice actually slows down your app right away. In addition, if you end up not using the resource, loading it wastes memory for no good purpose.
http://developer.apple.com/library/ios/#documentation/iphone/conceptual/iphoneos programmingguide/PerformanceTuning/PerformanceTuning.html
And, higher OS versionsare even worse with Bonjour/mDNSResponder, but might see this...
http://support.apple.com/kb/ht3789 -
How to use Add Query Criteria for the MySQL data Base in Netbeans ?
How to use Add Query Criteria for the MySQL data Base in Netbeans Visual web pack.
When the Query Criteria is add like
SELECT ALL counselors.counselors_id, counselors.first_name, counselors.telephone,counselors.email
FROM counselors WHERE counselors.counselors_id = ?
when i run this Query in the Query Window
i get a error message Box saying
Query Processing Error Parameter metadata not available for the given statement
if i run the Query with out Query Criteria its working fine.*I am glad I am not the only one who have this problem. Part of issue has been described as above, there are something more in my case.
Whenever I try to call ****_tabRowSet.setObject(1, userDropList.getSeleted()); I got error message as shown below:*
The Java codes are:
public void dropDown1_processValueChange(ValueChangeEvent event) {
Object s = this.dropDown1.getSelected();
try {
this.User_tabDataProvider1.setCursorRow(this.User_tabDataProvider1.findFirst("User_Tab.User_ID", s));
this.getSessionBean1().getTrip_tabRowSet1().setObject(1, s);
this.Trip_tabDataProvider1.refresh();
} catch (Exception e) {
this.log("Error: ", e);
this.error("Error: Cannot select user"+e.getMessage());
SQL statement for Trip_tabRowSet:
SELECT ALL Trip_Tab.Trip_Date,
Trip_Tab.User_ID,
Trip_Tab.Destination
FROM Trip_Tab
WHERE Trip_Tab.User_ID = ?
Error messages are shown below:
phase(RENDER_RESPONSE 6,com.sun.faces.context.FacesContextImpl@5abf3f) threw exception: com.sun.rave.web.ui.appbase.ApplicationException: java.sql.SQLException: No value specified for parameter 1 java.sql.SQLException: No value specified for parameter 1
com.sun.rave.web.ui.appbase.faces.ViewHandlerImpl.cleanup(ViewHandlerImpl.java:559)
com.sun.rave.web.ui.appbase.faces.ViewHandlerImpl.afterPhase(ViewHandlerImpl.java:435)
com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:274)
com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:140)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:397)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:184)
com.sun.webui.jsf.util.UploadFilter.doFilter(UploadFilter.java:240)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:216)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:184)
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:368)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:216)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:184)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:276)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:240)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:179)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:239)
com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
tandardWrapperValve[Faces Servlet]: Servlet.service() for servlet Faces Servlet threw exception
java.sql.SQLException: No value specified for parameter 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:910)
at com.mysql.jdbc.PreparedStatement.fillSendPacket(PreparedStatement.java:1674)
at com.mysql.jdbc.PreparedStatement.fillSendPacket(PreparedStatement.java:1622)
at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:1332)
at com.sun.sql.rowset.internal.CachedRowSetXReader.readData(CachedRowSetXReader.java:193)
at com.sun.sql.rowset.CachedRowSetXImpl.execute(CachedRowSetXImpl.java:979)
at com.sun.sql.rowset.CachedRowSetXImpl.execute(CachedRowSetXImpl.java:1439)
at com.sun.data.provider.impl.CachedRowSetDataProvider.checkExecute(CachedRowSetDataProvider.java:1274)
at com.sun.data.provider.impl.CachedRowSetDataProvider.setCursorRow(CachedRowSetDataProvider.java:335)
at com.sun.data.provider.impl.CachedRowSetDataProvider.setCursorIndex(CachedRowSetDataProvider.java:306)
at com.sun.data.provider.impl.CachedRowSetDataProvider.getRowCount(CachedRowSetDataProvider.java:639)
at com.sun.webui.jsf.component.TableRowGroup.getRowKeys(TableRowGroup.java:1236)
at com.sun.webui.jsf.component.TableRowGroup.getFilteredRowKeys(TableRowGroup.java:820)
at com.sun.webui.jsf.component.TableRowGroup.getRowCount(TableRowGroup.java:1179)
at com.sun.webui.jsf.component.Table.getRowCount(Table.java:831)
at com.sun.webui.jsf.renderkit.html.TableRenderer.renderTitle(TableRenderer.java:420)
at com.sun.webui.jsf.renderkit.html.TableRenderer.encodeBegin(TableRenderer.java:143)
at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:810)
at com.sun.webui.jsf.component.Table.encodeBegin(Table.java:1280)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:881)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:889)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:889)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:889)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:889)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:889)
at com.sun.faces.application.ViewHandlerImpl.doRenderView(ViewHandlerImpl.java:271)
at com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:182)
at com.sun.rave.web.ui.appbase.faces.ViewHandlerImpl.renderView(ViewHandlerImpl.java:285)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:133)
at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:244)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:140)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:397)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:184)
at com.sun.webui.jsf.util.UploadFilter.doFilter(UploadFilter.java:240)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:216)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:184)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:368)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:216)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:184)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:276)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:240)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:179)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:239)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
Also when I tried to update my MYSQL connector / J driver to version 5.1.5 from 5.0.5 (NB 5.5.1) and 5.0.7 (NB 6.1), I could not get it work (looooong time to search some JDBC classes and with no response in the end) on both of my Netbean 5.5.1(on PC) and Netbean 6.1(on laptop) IDEs.
Could anybody look into this issue.
Many thanks
Edited by: linqing on Nov 22, 2007 4:48 AM -
Pam.conf does not use ldap for password length check when changing passwd
I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
I have dsee 6.0 installed on a solaris 10 server (client).
I have a solaris 9 server (server) set up to use ldap authentication.
bash-2.05# cat /var/ldap/ldap_client_file
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= X, Y
NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= tls_profile
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
NS_LDAP_BIND_TIME= 10
bash-2.05# cat /var/ldap/ldap_client_cred
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
bash-2.05# cat /etc/nsswitch.conf
# /etc/nsswitch.ldap:
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
# consult /etc "files" only if ldap is down.
hosts: files dns
ipnodes: files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: ldap [NOTFOUND=return] files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: ldap
automount: files ldap
aliases: files ldap
# for efficient getservbyname() avoid ldap
services: files ldap
sendmailvars: files
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
bash-2.05# cat /etc/pam.conf
#ident "@(#)pam.conf 1.20 02/01/23 SMI"
# Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# PAM configuration
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
# Authentication management
# login service (explicit because of pam_dial_auth)
login auth requisite pam_authtok_get.so.1 debug
login auth required pam_dhkeys.so.1 debug
login auth required pam_dial_auth.so.1 debug
login auth binding pam_unix_auth.so.1 server_policy debug
login auth required pam_ldap.so.1 use_first_pass debug
# rlogin service (explicit because of pam_rhost_auth)
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1 use_first_pass
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
# PPP service (explicit because of pam_dial_auth)
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1 use_first_pass
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
other auth requisite pam_authtok_get.so.1 debug
other auth required pam_dhkeys.so.1 debug
other auth binding pam_unix_auth.so.1 server_policy debug
other auth required pam_ldap.so.1 use_first_pass debug
# passwd command (explicit because of a different authentication module)
passwd auth binding pam_passwd_auth.so.1 server_policy debug
passwd auth required pam_ldap.so.1 use_first_pass debug
# cron service (explicit because of non-usage of pam_roles.so.1)
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
other account requisite pam_roles.so.1 debug
other account required pam_projects.so.1 debug
other account binding pam_unix_account.so.1 server_policy debug
other account required pam_ldap.so.1 no_pass debug
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
other session required pam_unix_session.so.1
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
other password required pam_dhkeys.so.1 debug
other password requisite pam_authtok_get.so.1 debug
other password requisite pam_authtok_check.so.1 debug
other password required pam_authtok_store.so.1 server_policy debug
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
bash-2.05$ passwd
passwd: Changing password for VV
Enter existing login password:
New Password:
passwd: Password too short - must be at least 8 characters.
Please try again
May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
I am using the default policy on the directory server which states a minimum password length of 6 characters.
server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
pwd-accept-hashed-pwd-enabled : N/A
pwd-check-enabled : off
pwd-compat-mode : DS6-mode
pwd-expire-no-warning-enabled : on
pwd-expire-warning-delay : 1d
pwd-failure-count-interval : 10m
pwd-grace-login-limit : disabled
pwd-keep-last-auth-time-enabled : off
pwd-lockout-duration : disabled
pwd-lockout-enabled : off
pwd-lockout-repl-priority-enabled : on
pwd-max-age : disabled
pwd-max-failure-count : 3
pwd-max-history-count : disabled
pwd-min-age : disabled
pwd-min-length : 6
pwd-mod-gen-length : 6
pwd-must-change-enabled : off
pwd-root-dn-bypass-enabled : off
pwd-safe-modify-enabled : off
pwd-storage-scheme : CRYPT
pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
pwd-strong-check-enabled : off
pwd-strong-check-require-charset : lower
pwd-strong-check-require-charset : upper
pwd-strong-check-require-charset : digit
pwd-strong-check-require-charset : special
pwd-supported-storage-scheme : CRYPT
pwd-supported-storage-scheme : SHA
pwd-supported-storage-scheme : SSHA
pwd-supported-storage-scheme : NS-MTA-MD5
pwd-supported-storage-scheme : CLEAR
pwd-user-change-enabled : off
Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
. It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
Edited by: ericduggan on Sep 8, 2008 5:30 AMyou can try passwd -r ldap for changing the ldap passwds...
-
No data to retrieve in Query 1 for particular User
Error: No data to retrieve in Query 1 for particular User
Hello,
We have webi report in 3.1 version which is running fine in Infoview for particular user.
But when same report is send into Inbox of other user and if user try to run it in infoview it is giving below error.
"No data to retrieve in Query 1"
All the security and group member level settings for both the user are exactly same. What could be the reason for this behaviour.
ThanksCan you please check user is part of which group in enterprise receipts group.
Also please check dynamic receipts tab of publication where data can be filtered
Thanks,
Swapnil -
Editing the Query name for all reports in PRD.
Dear All,
I have created 25 reports using Query Designer.We have moved all the reports to BI Production. And Clients are using these reports using the Tool Bex Analyser.
Every time they are navigating through open Query -> Info Areas -> Data targets and Query.
Instead of going this way, is there any other way to Open a query easily.
And they wants to modify the Report name and the Technical name for all the reports. Can we able to edit the Query name for all reports, or do i need to go for SAVE AS for all querys.
Pls Suggest.
Thanks,
RamHi Ram,
1. For the first question; if it user specific query then ask the users to save them at the FAVORITES so that there is no need to go to the dataprovider specific.
Or they can create the reports as favorites user menu screen of that particular user.
2. In order to change the technical name and description of the queries goto RSZC t-code> give the source and target infoprovider as same> select queries>click on the reports>click on transfer selections-->
Then you get a screen to change the description and technical name.
But this is pertained to Infoprovider level.
You can see all the reports on the infoprovider (cube/ods).
Hope you understood.
Regards,
Ravi Kanth
Maybe you are looking for
-
Bit of a problem need some help please
import java.io.*; class IO public static void main(String args[]) String sOutString = ""; int iRecordLength = 0; int iWork=0; int[] array = new int[21]; try // creat input file, buffer. FileInputStream fis = new FileInputStream("myInFile.txt"); Buffe
-
Avoid Depreciation for particular asset
Sir , Is there any possibility to avoid to run depreciation for particular or specified assets. Tamil Selvan.
-
SQL query error - Literal does not match format string
Hi All, When I am removing these code form query then it is running fine else it is giving error of "Literal does not match format string." AND trunc((SYSDATE)) > DECODE(fifs.id_flex_structure_name, 'XXX Service Agreement', trunc(TO_DATE (pac.segment
-
Period end closing for production orders
Dear all, what is period end closing??? Pl. enlist all period end activities for product costing by order scenario. what inventory adjustments are necessory. what FI entries required to post??
-
Hyperian Interactive Web Client install error - Is it supported for Windows 7 ?
Hi I have not been able to install 'Hyperian Interactive Web Client'. Please find attached the screenshots when I trigger the report from a web app. Would appreciate a quick reply