LDAP and WLC

Hi!
I'm kind of new in this type of implementation and I would like to know how would I configure that network users can authenticate with their own username and password from LDAP but through a TACACS+ or RADIUS, so the client would not supplicate directly to the LDAP but to the RADIUS or TACACS which would be the one that directly "asks" the user database. Also when this is configured how would I associate this type of authentication to the WLAN.
Thank you                  

Antonio:
What you ask is a radius server specification. You need to look into a radius server that supports your LDAP server and that piece of configuration is done on the radius server, not on the WLC.
On the WLC what you do is configure normal radius server ip address and shared secret and the WLC will communicate with the radius server. Now, when the radius server receives the request it should be configured to do a request to the LDAP server and check the credentials on an external LDAP DB, not in local users.
HTH
Amjad

Similar Messages

  • JNDI, LDAP, and Weblogic 6.0

    Hi-
    We are encountering an issue with JNDI and spurious "socket closed"
    exceptions. The players in our environment are Weblogic 6.0, Netscape
    Directory Server 4.1, (both running on Solaris 2.8) and JNDI as of JDK 1.3.
    We do JNDI lookups to connect to LDAP and most of the time everything works
    fine. Occasionally we get the following exception.
    java.lang.NullPointerException
    at com.sun.jndi.ldap.Connection.run(Connection.java:568)
    at java.lang.Thread.run(Thread.java:484)
    Exception encountered: Socket closed
    javax.naming.CommunicationException: Socket closed. Root exception is
    java.net.SocketException: Socket closed
    at java.net.SocketOutputStream.socketWrite(Native Method)
    at java.net.SocketOutputStream.write(SocketOutputStream.java:83)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:72)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:130)
    at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:210)
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:497)
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1720)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1584)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1509)
    at
    com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.ja
    va:371)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeD
    irContext.java:331)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeD
    irContext.java:316)
    at
    javax.naming.directory.InitialDirContext.search(InitialDirContext.java:241)
    at adpsis.posse.ldap.LDAPReader.find(LDAPReader.java:37)
    at adpsis.posse.prfpos.PreferencesEJB.getUserName(PreferencesEJB.java:589)
    at
    adpsis.posse.prfpos.PreferencesEJB.getColorAttributes(PreferencesEJB.java:39
    1)
    at
    adpsis.posse.prfpos.PreferencesEJB.getColorPreferences(PreferencesEJB.java:3
    02)
    at
    adpsis.posse.prfpos.PreferencesEJBImpl.getColorPreferences(PreferencesEJBImp
    l.java:250)
    at
    adpsis.posse.prfpos.PreferencesEJBEOImpl.getColorPreferences(PreferencesEJBE
    OImpl.java:287)
    at
    adpsis.posse.prfpos.PreferencesEJBEOImpl_WLSkel.invoke(PreferencesEJBEOImpl_
    WLSkel.java:116)
    at
    weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
    at
    weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java
    :128)
    at
    weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
    at
    weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.
    java:118)
    at
    weblogic.rmi.internal.BasicRequestDispatcher.dispatch(BasicRequestDispatcher
    .java:115)
    at weblogic.rmi.internal.ServerRequest.sendOneWayRaw(ServerRequest.java:88)
    at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:108)
    at
    weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
    :247)
    at
    weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
    :225)
    at
    adpsis.posse.prfpos.PreferencesEJBEOImpl_WLStub.getColorPreferences(Preferen
    cesEJBEOImpl_WLStub.java:221)
    at adpsis.posse.transformer.CSSServlet.doPost(CSSServlet.java:86)
    at adpsis.posse.transformer.CSSServlet.doGet(CSSServlet.java:214)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:748)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at
    weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
    :213)
    at
    weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
    ntext.java:1265)
    at
    weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
    :1631)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    The only way to recover is to restart the Weblogic server. The LDAP server
    appears to be running normally and continues to service other instances of
    Weblogic. No errors are logged in the LDAP server, the JNDI lookup that
    establishes the DirContext works fine on restart and is used multiple times
    with no issues until..poof..socket closed. I'm not certain which part is at
    issue, Weblogic, LDAP, or JNDI.
    Any ideas?
    Regards,
    Brett Schmoll
    ADP/SIS

    WLS 6.0 will be supported in the next release of WLCS, which is due in the
    spring.
    - Ginny
    "aamerG" <[email protected]> wrote in message
    news:3a5cb774$[email protected]..
    Hi everyone,
    we are starting a new development project and would like to use Weblogic
    6.0. How soon do you think there we be a version of WLCS which works with
    6.0.
    TIA

  • Ask the Expert: Cisco BYOD Wireless Solution: ISE and WLC Integration

    With Jacob Ideji, Richard Hamby  and Raphael Ohaemenyi   
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about  the new Identity Solutions Engine (ISE) and Wireless LAN Controller (WLC) hardware/software, integration, features, specifications, client details, or just questions about  Cisco's Bring-your-own device (BYOD) solution with cisco Experts Richard Hamby, Jacob Ideji, and Raphael Ohaemenyi. The interest in BYOD (Bring You Own Device) solutions in the enterprise has grown exponentially as guests and company users increasingly desire to use personal devices to access .  Cisco BYOD enhances user experience and productivity while providing security, ease-of-administration, and performance. The heart of the Cisco wireless BYOD solution is Identity Solutions Engine (ISE) utilizing the Cisco Unified Wireless portfolio.  Starting with ISE v1.1.1MR and WLC (Wireless LAN Controller) code v7.2.110.0 and higher, end-to-end wireless BYOD integration is reality. 
    Jacob Ideji is the technical team lead in the Cisco authentication, authorization and accounting (AAA) security team in Richardson, Texas. During his four years of experience at Cisco he has worked with Cisco VPN products, Cisco Network Admission Control (NAC) Appliance, Cisco Secure Access Control Server, and Dot1x technology as well as the current Cisco Identity Services Engine. He has a total of more than 12 years experience in the networking industry. Ideji holds CCNA, CCNP, CCSP, CCDA, CCDP, and CISM certifications from Cisco plus other industry certifications.
    Richard Hamby  works on the Cisco BYOD Plan, Design, Implement (PDI) Help Desk for Borderless Networks, where he is the subject matter expert on wireless, supporting partners in the deployment of Cisco Unified Wireless and Identity Services Engine solutions. Prior to his current position, Hamby was a customer support engineer with the Cisco Technical Assistance Center for 3 years on the authentication, authorization, accounting (AAA) and wireless technology teams. 
    Raphael Ohaemenyi  Raphael Ohaemenyi is a customer support engineer with the authentication, authorization and accounting (AAA) team in the Technical Assistance Center in Richardson, Texas, where he supports Cisco customers in identity management technologies. His areas of expertise include Cisco Access Control Server, Cisco Network Admission Control (NAC) Appliance, Cisco Identity Services Engine, and IEEE 802.1X technologies. He has been at Cisco for more than 2 years and has worked in the networking industry for 8 years. He holds CCNP, CCDP, and CCSP certification.
    Remember to use the rating system to let Jacob, Richard and Raphael know if you have received an adequate response.  
    Jacob, Richard and Raphael might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the wireless mobility sub community forum shortly after the event. This event lasts through Oct 5th, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

    OOPS !!
    I will repost the whole messaqge with the correct external URL's:
    In  general, the Trustsec design and deployment guides address the specific  support for the various features of the 'whole' Cisco TS (and other  security) solution frameworks.  And then a drill-down (usually the  proper links are embedded) to the specifc feature, and then that feature  on a given device.  TS 2.1 defines the use of ISE or ACS5 as the policy  server, and confiugration examples for the platforms will include and  refer to them.
    TrustSec Home Page
    http://www.cisco.com/en/US/netsol/ns1051/index.html
    http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html
    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/at_a_glance_c45-654884.pdf
    I find this page very helpful as a top-level start to what features and capabilities exist per device:
    http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
    The TS 2.1 Design Guides
    http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html
    DesignZone has some updated docs as well
    http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html#~bng
    As  the SGT functionality (at this point) is really more of a  router/LAN/client solution, the most detailed information will be in the  IOS TS guides like :
    http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x.html
    http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/asr1000/sec-usr-cts-xe-3s-asr1000-book.html
    http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html

  • Web Redirection Problem on Cisco ISE 1.2 and WLC 7.5

    Hello,
    We are at initial phase of deploying ISE 1.2 in our environment for Wireless Guest Users.
    I have configured ISE and WLC to talk to each other which is working fine. An SSID with MAC-Filtering is also configured on WLC and ACL only allowing ISE and DNS traffice.
    I have configured proper authentication and authorization policies on ISE. Now, when I try to connect my device (laptop and android mobile), I see my device gets associated with the SSID (Demo) and gets the right IP Address from DHCP and right VLAN from WLC. The log process on ISE is as follows.
    11001
    Received RADIUS Access-Request
    11017
    RADIUS created a new session
    11027
    Detected Host Lookup UseCase (Service-Type = Call Check (10))
    15049
    Evaluating Policy Group
    15008
    Evaluating Service Selection Policy
    15048
    Queried PIP
    15048
    Queried PIP
    15004
    Matched rule
    15041
    Evaluating Identity Policy
    15006
    Matched Default Rule
    15013
    Selected Identity Source - Internal Endpoints
    24210
    Looking up User in Internal Users IDStore - B8:B4:2E:A6:7D:75
    24216
    The user is not found in the internal users identity store
    24209
    Looking up Endpoint in Internal Endpoints IDStore - B8:B4:2E:A6:7D:75
    24211
    Found Endpoint in Internal Endpoints IDStore
    22037
    Authentication Passed
    15036
    Evaluating Authorization Policy
    15048
    Queried PIP
    15048
    Queried PIP
    15048
    Queried PIP
    15004
    Matched rule - Guest Redirection
    15016
    Selected Authorization Profile - Test_Profile
    11002
    Returned RADIUS Access-Accept
    I also see a redirect url in the detailed authentication logs. But the problem is that when I open my browser on my device, it doesn't get redirected to the guest portal url. Now since I can't get there, I can't continue with the rest of the process of authentication, COA and final ACL for internet access.
    Can some one please either guide me the correct steps that I need to follow, if I have mis configured something or advise if this is a bug.
    Thanks in advance.
    Jay

    The ACL is definitely used to define what traffic is re-directed to ISE and what traffic is not redirected. Having the permit-all statement at the end will break redirection. If you are using flex-connect then you will need to use flex-connect ACLs and apply those to the flex-connect APs. The links below should give you an idea of what needs to be done:
    http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html
    http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html
    Thank you for rating helpful posts! 

  • OD, LDAP and DNS

    I am new to LDAP and I believe I have everything setup correctly on the server (everything under Open Directory in SA says "Running", logs don't show any errors). However, I can not access the LDAP server from a client machine using Directory Access. I suspect that client machines still can not "see" my LDAP server.
    I believe the issue may be with DNS and I am trying to understand the interaction between DNS and OD, etc. First off, I do not have DNS turned on for my Mac OS X Server since my ISP has always hosted our DNS. Is this a problem? Do I need DNS activated on the same server that I am running this LDAP server? I have tried entering the IP and DNS name on the client server using Directory Access and neither worked.

    The requirement is that references using your server's Fully Qualified Domain Name look up to its IP Address and its IP Address looks up to its Fully Qualified Domain Name. If your ISP does that for you, and does it correctly, Merry Christmas!
    All others must set up their own tiny DNS service to do the lookups. If you are behind an NAT firewall, you can Make Up whatever names you like and look them up locally, because they are invisible from the Internet.
    Remember that each workstation must have the address of the DNS available to it. It needs to be configured in the TCP/IP setup or dispensed via DHCP. If you use your own DNS (highly recommended) you must also dispense or configure the next upstream DNS (your ISP's DNS Address).
    "An Open Directory master requires properly configured DNS so it can provide single sign-on Kerberos authentication.
    Make sure DNS service is configured to resolve fully qualified DNS names and provide corresponding reverse lookups.
    DNS must resolve the fully qualified DNS name and provide reverse lookups for the Open Directory master server, all replica servers, and other servers that are members of the Kerberos realm.
    You can use the Lookup pane of Network Utility (in /Applications/Utilities/) to do a DNS lookup of a server's DNS name and a reverse lookup of the server's IP address.
    For instructions on setting up DNS service, browse Network Services Overview."
    -- from Server Admin 10.4 Help: Kerberos is Stopped on an Open Directory Master or Replica
    Message was edited by: Grant Bennet-Alder

  • 10.6.6 Server Combo Update Crashes LDAP and Kerberos Services

    Just updated apple server from 10.6.4 to 10.6.6 with combo server overnight.
    Everything was working fine under 10.6.4
    All users can no longer authenticate to server via mail or ldap logins
    LDAP and Kerberos Services stopped.
    Will downgrade from an open directory master to standalone then back to master again and post status...

    I think there is something with LDAP on 10.6.6
    I was forced to make clean install in combo from 10.6.0 to 10.6.6 and today LDAP crashed.
    It seems to be an issue on ldap ACL.
    Message was edited by: Xalio

  • Rogue AP - Not in sync with WCS and WLC

    WCS - 7.0.164.0 and WLC - 7.0.98.0.
    For some reason, I am seeing rogue ap alert on WLC and am not seeing on WCS.   How do I clean up database and sync with WCS and WLC.
    I am seeing same thing with coverage holes.
    - Allen -

    Allen,
         On the WLC go to Management > SNMP > Trap Controls, make sure that you have the traps checked.
    HTH,
    Steve
    *Please remember to rate helpful posts*

  • WCS and WLC AP values not fully in sync.

    I have recently added several new aps on my network,after they connect to the controller, I set a hostname, and change the ip address to a static. However, WCS still sees the aps by the old ip and host name despite going into each one, hitting audit, and then save, any way to fix this? Thanks.

    You may want to also consider the following:
    1) Both the WCS and the WLC need to be at the same major revs (i.e.: The if the WCS is at v4.2, then the WLC should also be at 4.2). Failure to do so results in some significantly bizarre behavior such as errors after an audit - at least that was my experience.
    2) You may have better success if you make the change from the WCS which pushes the change to the WLC and that way the WCS is already aware of the change. (Normally, this should work - I know of one instance where it does not: changing Master Controller Mode from the WCS).
    3) If you feel strongly about making the change in the WLC (and are running a newer version of code in the WCS/WLC - i.e.: 4.x), there is a setting that forces the WLC to send configuration changes to the WCS once APPLY and "Save Configuration" are clicked:
    From the *WCS*, click on Configure->Controllers and click on the controller you wish to change, and check the "Refresh on Save Config Trap" check box and click OK.
    This will cause the controller to push any configuration changes up to the WCS after an APPLY and "Save Configuration" are clicked.
    4) In terms of getting the WCS to actually synch up with the controller (assuming the WCS and WLC are at the same rev. levels), you may need to do what I did (this was subsequent to upgrading to v4.2 in both the WLC and WCS and having chronic "mismatch" status between the WCS and WLC):
    From the WCS:
    Configure->Controllers, check the controllers you wish to synch up. From the dropdown, select "refresh config from controller"
    Next, select the DELETE option (instead of the RETAIN option). I believe that there are bugs in the software that upgrades earlier revisions to 4.2. I know that it might seem undesirable to DELETE information in the WCS, however, if you choose "DELETE", it seems to get rid of the residual information from the previous revisions that did not upgrade properly and the WCS will now be in synch with the controllers. DELETING the other settings makes the audit errors go away.
    Subsequent audits may go better for you after performing the step shown above. However, you may need to repeat this process in item 4 above once or twice more until the database gets cleaned up, but after that my own experience has been that the WCS and WLC will eventually stay in synch.
    It is unfortunate that we are forced to come up with workarounds like these when the software should clearly be able to handle this on its own, but we do what we must to get the job done.
    Hope this helps,
    - John
    (Please rate helpful posts)

  • WCS and WLC WLAN Config not fully in sync

    Hi,
    We're facing the issue WCS and WLC WLAN Config is not fully in sync. WLC  showing server 1 is IP:10.160.22.151, Port:1812 but WCS server showing none even  after click on “Audit” button. Any idea how to resolve this issue? Is this causing any wireless problem? Attached is screen captured. Thanks for your help.

    You mentioned "audit". Have you done a WCS audit so the WLC and WCS are in SYNC?
    If you make a change on the WLC you will not see it in WCS UNLESS they are SYNC. You will see the term "mismatch".
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • MAC OS and LDAP and Samba Server

    How can I make my Mac OS authenticate against LDAP and automatically map shared by a Samba server folders? (samba domain)? The idea is that any person who is registered in the database of LDAP can log into any Mac machine and automatically access the folders stored on the Samba server.

    Are you using TopLink 11g or TopLink Essentials?
    You seem to be wanting to use TopLink 11g, but you have the provider set to Essentials in your persistence.xml.
    <provider>oracle.toplink.essentials.PersistenceProvider</provider>
    Change this to,
    <provider>oracle.toplink.PersistenceProvider</provider>
    The sessions-xml properties are only supported with TopLink 11g.
    Note that currently in 11g when using a sessions-xml it must contain a project xml that completely defines the mappings. It will not merge with annotations nor defaults.

  • LDAP and OID

    FYI: I am new to Oracle (<1 month), and new to APEX (<3 weeks) so forgive me if I am asking the obvious.
    I would like to have APEX authenticate against LDAP (active directory), and went about trying to set that up. Got all AD settings from our sys admin, and then tried them in the LDAP test tool. I kept getting " Authentication failed!" no matter what I did. Due to the detailed nature of that error message, I started trying to track down every possible avenue so I talked to one of our DBA's about DBMS_LDAP.SIMPLE_BIND_S. The answer I got back was that we don't have access to it because it is part of OIN which we would have to pay outrageous amounts of money for if we wanted to use it. Not likely to happen, so I was hoping that there was another way to authenticate APEX via LDAP.
    Any suggestions would be most helpful.

    John - DBMS_LDAP is not part of OID so you can use it as part of your existing database product installation. Search this forum for LDAP and AD and you'll find lots of discussions about what you are trying to do.
    Also, just to clarify, you're not trying to authenticate Application Express using AD, you'll be authenticating users to your application (essentially a PL/SQL application in the database) using account information stored in AD. The authentication code that gets executed will belong to your application.
    Scott

  • ISE and WLC

    Dear friends,
    We are using ISE and WLC integrity in our network, we have Corporate and Guest SSID, we configured it but client cant connect to this ssid and cant be authenticated, please see attached files and tell me if i done something wrong in configuration of WLC
    10.10.17.201 is ISE
    Thank you for attention

    Hi,
    After viewing the Trap logs it seems you have checked on validate machine.
    On the client side, make sure you don't check validate machine and then try.

  • ISE and WLC SRE module compatibilty matrix

    Hi all,
    We are running SRE module on router with code of 6.x release .Is there any compatibilty matrix available for ISE and WLC code to support CWA . because as of now , the wireless clients are not redirecting to the ISE login page.
    Kindly suggest.
    Thanks,
    Regards,
    Vijay

    The doc is for wireless guest using CWA. For wired guest, I don't know since you can do wired guest from a WLC that supports it or from a switch.
    Sent from Cisco Technical Support iPhone App

  • Wireless controller ha between wlc5508 and wlc 4402

    We have 2 wlc:  a wlc 5508 ( license 100 AP ) and  wlc 4402 ( license 12AP).
    We try to setup when 5508 down, 12 identify AP (important AP -Group A) will join 4402 and all other AP (not improtan AP -Group B)
    wont joint  wlc 4402.
    First, all AP join wlc 5508, 2 WLC have same mobility group.
    After that, we  config 12 APs belongto group A have primary and secondary wlc, group B only has primary wlc.
    When wlc 5508 down, some of APs of GroupA and   some of APs of GroupB join wlc 4402. We test many times and we have differnet result each times.
    is theare any way to resolve our problem?
    Thanks.

    Just to add, make sure that the WLC is running the same code, if not, then make sure the ap is supported on the code that is running on the 5508. The issue with mixed code is the ap will upgrade and downgrade very time they switch to a different WLC.
    http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
    Sent from Cisco Technical Support iPhone App

  • LDAP and SAP integration

    Hi,
    As a part of a project requirement, we are trying to integrate Solution manager with LDAP (Lightweight Directory Access Protocol).
    Using the directory service, we are trying to synchronize the CUA (Central user administration within Solution manager) with Active directory of LDAP so that we can maintain the User data centrally from a single point in LDAP.
    Problem description:
    Currently, Client has implemented the LDAP and CUA integration and when a new user is added in LDAP, it is automatically getting copied in all SAP systems and at real time, when the useru2019s u201CLASTNAMEu201D field is updated in LDAP, it is automatically getting synchronized in all SAP systems.
    But, If any attribute other than u201CLASTNAMEu201D is changed (i.e. The expiry /validity date of the User in LDAP, GLTGB in SAP), then the field value is not getting synchronized in the SAP Central User Adm.
    Our Findings:
    We have checked the configurations and imported mappings in SAP Solution Manager and everything looks fine. We have debugged the standard program RSLDAPSYNC_USER extensively and found out that an RFC call to function module LDAPRFC_SEARCH is not returning the expected values.
    Thanks
    Deb

    Hi Deb,
    It would be really nice if you can elaborate on the configurations that need to be done as part of this integration. I hope, you have been successfull by now.
    Actually, I too need to perform the same as part of a project.
    Thanks in advance.

Maybe you are looking for