LDAP/Authentication infinite loop
My authentication provider uses an LDAP call to retrieve a data source via JNDI.
The LDAP call apparently triggers a security check/login which then calls my
getLoginModuleConfiguration() which again attempts to retrieve the data source.
Infinite loop.
How do I stop this from happening?
If the code that is executing is part of the security framework and is in an obviously
thread with access, why is this login occurring and how can we stop it?
Thank you.
Frederick N. Brier
I found this article in spanish ( fortunately I speak and write it), where saids how I can solve this problem.
[http://oracleradio.blogspot.com/2011/09/solucionando-el-ciclo-infinito-en.html]
The problem was the :
<app-role>
<name>anonymous-role</name>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class> // this Class was the problem<display-name>anonymous-role</display-name>
</app-role>You need reemplace that Class for : *"oracle.security.jps.service.policystore.ApplicationRole"*
like this :
<app-role>
<name>anonymous-role</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class><display-name>anonymous-role</display-name>
</app-role>And the Anonymous and all the Roles will work Fine !!
Similar Messages
-
Infinite loop authentication in JDeveloper 11.1.1.5
Hi to everyone, I have a problem in the security of my adf application.
When I apply the security to the whole application, and want to show to all users the loggin page, the page does not charge, appears a infinite loop authentication.
my page is :
index.jspx => granted to : anonymous-role, test-all // To see all the users.I m working with page templates and data controlls for show the user's information in the index.jspx page.
Working in : JDeveloper 11.1.1.5
Thanks.I found this article in spanish ( fortunately I speak and write it), where saids how I can solve this problem.
[http://oracleradio.blogspot.com/2011/09/solucionando-el-ciclo-infinito-en.html]
The problem was the :
<app-role>
<name>anonymous-role</name>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class> // this Class was the problem<display-name>anonymous-role</display-name>
</app-role>You need reemplace that Class for : *"oracle.security.jps.service.policystore.ApplicationRole"*
like this :
<app-role>
<name>anonymous-role</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class><display-name>anonymous-role</display-name>
</app-role>And the Anonymous and all the Roles will work Fine !! -
LDAP Authentication for Application APEX 3.2
Dear All,
I have created an application in APEX 3.2 for that i am using the below code for authentication all my domain users
create or replace
FUNCTION "ADS_LDAP_AUTHENTICATE"
(p_username IN VARCHAR2, p_password IN VARCHAR2) RETURN BOOLEAN AS
c_Directory VARCHAR2(50) ;
c_Port NUMBER(4);
c_BaseDN VARCHAR2(200);
c_InitUser VARCHAR2(200);
c_InitPass VARCHAR2(32);
l_session DBMS_LDAP.SESSION;
l_success PLS_INTEGER;
l_attributes DBMS_LDAP.STRING_COLLECTION;
l_result DBMS_LDAP.MESSAGE;
l_userdn VARCHAR2(2000);
CURSOR get_authentication_dtls
IS
SELECT domain_name,server_port,server_base_dn,server_principal,server_credentials
FROM PS_TB_SYSTEM_ADS_CONFIG_DICT;
BEGIN
OPEN get_authentication_dtls;
LOOP
FETCH get_authentication_dtls INTO c_Directory,c_port,c_baseDN,c_InitUser,c_InitPass;
EXIT WHEN get_authentication_dtls%NOTFOUND;
--Open initial lookup session.
l_session := DBMS_LDAP.INIT(c_Directory,c_Port);
l_success := DBMS_LDAP.SIMPLE_BIND_S(l_session, c_InitUser,c_InitPass);
IF l_success = DBMS_LDAP.SUCCESS THEN
l_attributes(1) := NULL;
l_success := NULL;
l_success := DBMS_LDAP.SEARCH_S(ld => l_session,
base => c_BaseDN,
scope => dbms_ldap.scope_subtree,
filter => '(|(sAMAccountName=' ||p_Username || ')(mailNickname=' || p_Username || '))',
attrs => l_attributes,
attronly => 0,
res => l_result);
IF l_success = DBMS_LDAP.SUCCESS THEN
l_userdn := dbms_ldap.get_dn(l_session,dbms_ldap.first_entry(l_session,l_result));
IF l_userdn IS NOT NULL THEN
l_success := dbms_ldap.unbind_s(l_session);
l_session := dbms_ldap.init(c_Directory,c_Port);
l_success := dbms_ldap.simple_bind_s(l_session, l_userdn,NVL(p_password, 'QWERTASDFZXC'));
END IF;
END IF;
else
return FALSE;
END IF;
IF l_success = DBMS_LDAP.SUCCESS THEN
CLOSE get_authentication_dtls; /* Close cursor before returning */
RETURN TRUE;
END IF;
END LOOP;
CLOSE get_authentication_dtls;
RETURN FALSE; /* if the success has not happened till all servers processed, then return FALSE */
EXCEPTION
WHEN OTHERS THEN
RETURN FALSE;
END;
Now i dont want to allow all the domain user to access my application. So we planned to create a user group in active directory.
Can anyone suggest me how to allow only a set of users to access my application using LDAP.
Thanks in Advance.
Cheers,
San.Use the below link for Ldap Authentication
LDAP (MS AD) Group Authentication -
LDAP AUTHENTICATION- PLEASE HELP
My client wants me use LDAP for authentication. I new to this: I have written a Authentication bean. As follows.
//Used to authenticate user from LDAP directry.
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
import java.lang.*;
public class AuthBean {
private boolean attempted;
private String userName;
private String password;
public AuthBean() {
attempted = false;
userName = "";
password = "";
//Getter methods.
public String getUserName() {
return this.userName;
public String getPassword() {
return this.password;
//Setter methods.
public void setUserName (String userName) {
this.userName = userName;
if (!this.userName.equals("") && !this.password.equals(""))
attempted = true;
else
attempted = false;
public void setPassword(String password) {
this.password = password;
if (!this.userName.equals("") && !this.password.equals(""))
attempted = true;
else
attempted = false;
//Checks to see if attempted.
public boolean isAttempted() {
return this.attempted;
* Given a username and password, authenticates to the directory
* Takes a String for username, String for password.
* Calls getDn for the method.
public boolean ldapAuthenticate (String username, String pass) {
if ( username == null || pass == null ) {
System.out.println(" im here in the method");
System.out.println(" user" + username);
System.out.println(" pass" + pass);
return false;
String dn = getDN(username);
System.out.println(" dn" + dn);
if ( dn == null)
return false;
dn = dn + ",o=hcfhe";
//dn = dn + ",o=mu";
System.out.println(dn);
String ldap_url = "ldap://10.1.1.199:389/ou=it,o=hcfhe";
//set variables for context
Hashtable env = new Hashtable();
env.put("com.sun.naming.ldap.trace.ber", System.err);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldap_url);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, pass);
DirContext ctx;
//make connection, catch errors thrown
try {
ctx = new InitialDirContext(env);
} catch (AuthenticationException e) {
System.out.println("Authentication Exception");
return false;
} catch (NamingException e) {
e.printStackTrace();
return false;
//close connection
try {
ctx.close();
} catch (NamingException ne) {
System.out.println(ne);
return true;
* This methods cheks for the username from the LDAP directory.
* Takes a String.
public String getDN(String username) {
String dn = "";
String ldap_url = "ldap://10.1.1.199:389/ou=it,o=hcfhe";
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldap_url);
DirContext ctx;
try {
ctx = new InitialDirContext(env);
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(uid=" + username + ")"; // Search for objects with these matching attributes
NamingEnumeration results = ctx.search("",filter,ctls);
if ( results != null && results.hasMoreElements()) {
SearchResult sr = (SearchResult)results.nextElement();
dn = sr.getName();
} else dn = null;
ctx.close();
} catch (AuthenticationException e) {
System.out.println("Authentication Exception");
return null;
} catch (NamingException e) {
e.printStackTrace();
return null;
return dn;
I also done a validate. jsp as follows.
<%@page import="register.AuthBean"%>
<jsp:useBean id ="AuthBean" class="register.AuthBean" scope="session"/>
<%
//boolean valid = false;
String username = request.getParameter("user");
//System.out.println("The username" + username);
String password = request.getParameter("password");
//System.out.println("The username" +password);
%>
<jsp:setProperty name="AuthBean" property="userName" param="user" />
<jsp:setProperty name="AuthBean" property="password" param= "password" />
<%
//boolean validate = false;
String nn = AuthBean.getUserName();
System.out.println(nn);
String dn = AuthBean.getDN(username);
System.out.println(dn);
boolean validate = AuthBean.ldapAuthenticate(username, password);
if(validate) {
response.sendRedirect("../admin/Adminindex.jsp");
} else {
response.sendRedirect("Login.html");
%>
At current I keep getting 'false' for validate. But there are no errors. I m using tomcat and apache, do I need to configure any of these to LDAP. If so can you show me some examples.
Many thanks.Hi Irene,
I am posting my LDAP Authentication code for you to look at. If you have any more questions, please respond to this posting. I have just three days ago implemented this for my client. It works on Web Sphere against Microsoft Active Directory.
=====================================================================
import javax.naming.directory.*;
import javax.naming.ldap.*;
import javax.naming.*;
import java.util.*;
import java.io.*;
import java.lang.*;
import java.math.*;
* Insert the type's description here.
* Creation date:
* @author: Sajjad Alam
public final class LDAPConn {
public static java.lang.Object Conn;
* LDAPConn constructor comment.
public LDAPConn() {
super();
* Insert the method's description here.
* @return java.lang.Object
public static DirContext getConn() throws Exception {
//Declarations of variables
Hashtable env = new Hashtable(11);
InitialLdapContext ctx = null;
//==============LDAP Authentication of a given user stored in Active Directory=============
System.out.println("Entered constructor for Ldap Context");
//Initialize the Context Factory.
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://XXX.XXX.XX.XXX:389/dc=domainURL1,dc=domainURL2,dc=com");
try {
The following syntax is a standard way of authenticating users stores in LDAP
when JNDI api is used.
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "password");
System.out.println("Issuing request to authenticate the user and create an LDAP context");
ctx = new InitialLdapContext(env, null);
System.out.println("Got handle on Ldap Context");
//==============Completed Authentication of user=============
//==============Retrieving attribute data about a user stored in Active Directory==========
//Here we will retrieve attributes of one of the users in LDAP ("cn=");
//Declarations of variables
String userInfo = "cn=someUserName ,ou=Users,ou=something,ou=something";
Attributes userAttr = ctx.getAttributes(userInfo);
Attribute orgUnitAttr = null;
//Looping through the enumeration to obtain attribute data
for (NamingEnumeration ae = userAttr.getAll(); ae.hasMore();) {
Attribute attr = (Attribute) ae.next();
if (attr.getID().equals("distinguishedName"))
orgUnitAttr = attr;
System.out.print(" Attribute: " + attr.getID());
//Print each value
for (NamingEnumeration e = attr.getAll(); e.hasMore();) {
System.out.println(" Value: " + e.next());
//============== Done retrieving attribute data about user==========
//==============To find which organizational unit a user belongs provided we pass the user==========
//This section of code uses the value from the "distinguishedName" attribute
System.out.println("");
Object parseOutOrgUnit = (Object) orgUnitAttr;
System.out.println("We can obtain the organizational unit (Role) from the " + parseOutOrgUnit.toString());
//======================================Done=============================
// Close the context when we're done or you can close the connection where you are using this object.
String grInfo = "CN=Sales-Administrator,OU=Java Application Accounts,OU=something,OU=something";
Attributes grAttr = ctx.getAttributes(grInfo);
//Looping through the enumeration to obtain attribute data
for (NamingEnumeration ae = grAttr.getAll(); ae.hasMore();) {
Attribute attr = (Attribute) ae.next();
System.out.print(" Attribute: " + attr.getID());
//Print each value
for (NamingEnumeration e = attr.getAll(); e.hasMore();) {
System.out.println(" Value: " + e.next());
//============== Done retrieving attribute data about user==========
//==============To find which organizational unit a user belongs provided we pass the user==========
//This section of code uses the value from the "distinguishedName" attribute
System.out.println("");
//======================================Done=============================
ctx.close();
catch (Exception e) {
System.out.println(e.getLocalizedMessage());
return ctx; -
Infinite Loop Error - How to Remove?
Only my "home page" will display in WampServer's Localhost, which I am using for my "testing site" in Dreamweaver CS5. All other pages in my website cannot be loaded by IE8 or IE9. Firefox and Chrome report that all webpages (except my "home page" ) have a "Redirect Loop" which prevents them from being loaded, and this is due to links which continuously loop between the same pages.
QUESTION: How can I fix this (without starting all over to build my website)?
I am using dynamic webpages with a template, all of which have the "php" extension. I started with HTML webpages and template, and then converted them to "php". They worked well until some time after I added a Login Form on my home page, with Dreamweaver's "User Authentication" in Server Behaviors. The "login" and "password protected" webpages worked for a while. But now it seems like the "Redirect Loop" error may be related to my "go to page if login fails".
It may or may not be related, but around the same time my Infinite Loop problem started, the "Editable Region" of my home page stopped displaying the formating and background colour in "Design" view in Dreamweaver. However, they do display properly in Dreamweaver's "Live View" and in WampServer's "Localhost".
Any all help will be appreciated.Thank you for your reply, Nick. I could not find the code segments which you suggested.
I have included a link to show the text in my page, "about_us.php", which is one of the several pages I am having trouble with.
http://www.sunisandsfl.com/text_file_from_about_us_php.html
This is one of my "Non password-protected" pages. When I load "about_us.php" in Dreamweaver's "Design" view, there is an Error Message above the webpage which says, "An unknown error occurred while discovering dynamically-related files." The only files shown in the "Related files" bar are "Source Code", "conndbss.php" (my database connection file), and "main_sunisands.css".
I have not yet uploaded any of my dynamic webpages to my live site (www.sunisandsfl.com). -
LDAP authentication in BO XI3.1
Hi All,
We are using Bo XI R3.1 with FP 1.6. We are using LDAP authentication and have successfully implemented this in our Production environment. We are in the middle of testing a new LDAP "tree" that will be used in a different environment, and we are finding that the group search is not working correctly.
It seems that even though we specify the Base LDAP Distinguished Name, BO seems to be ignoring that setting and starting at the LDAP ROOT to search for the group. This is causing an issue because when searching from the root, BO is finding some virtual directories which we don't want it to find.
We were expecting BO to start searching from the base DN, but it is not. Is that something that should be working?
For example we have set the Base LDAP Distinguished Name to "ou=mkt,dc=test123,dc=com". But, BO is starting from the top root level instead of searching only in the "mkt" tree
Thanks in advance for your help.When we try to add a new group and run the update, we get this error: "The LDAP server could not complete this action because it requires more than the allowable number of referral hops. Please increase the maximum number of referral hops and click Update. Then, try again"
I realize there is a setting that controls how many referral hops are used, but even if we set that to a very high number (in the thousands and hundreds of thousands), we still get the same error.
So, it seems almost like it hits a loop due to the virtual directories.
I talked with my LDAP team, as they did some tracing when we tried to add a group in. I asked them if what they saw was that BO was "looping". Here is what they are saying:
"Yes, the BO query is looping. VDS presents a virtual view of the directory that merges in the Top Secret information. The problem is because BO is starting its search at the root of the tree, it is seeing both the original copy of the directory and the virtual copy that VDS presents."
Thanks,
V -
Neep help with infinite loop! Please Help
I currently have a program that allows a user to enter a password protected site and it will return all the images on that page.
I�m trying to allow the user to type in the root URL, i.e. http://stage.diabetescontrolforlife.com/ and have the program pull all the images in all of the child directories. i.e. http://stage.diabetescontrolforlife.com/tool.aspx
I got an inner class similar to the one pulling the <IMG> tag, that pulls the <A> tag. The class adds all the links to a linkList Arraylist. In my main method I call image.getInfo(image.getLinkList()); hoping that I can just pass all the links back through the program and find all the <IMG> tags.
The problem is that, I get the desired output but it displays in an infinite loop, and the program never ends as it searches linkList over and over for <IMG> tags.
So, I tried to adding two different Do, While loops.
Main Method:
do
image.getInfo(image.getLinkList());
test=1;
}while(test != 1);This one does not change the output. Infinite loop continues.
Inner Class:
HTMLEditorKit.ParserCallback callback;
callback = new HTMLEditorKit.ParserCallback ()
public void handleStartTag(HTML.Tag tag, MutableAttributeSet attributes, int position)
do
if (tag == HTML.Tag.A)
link = (String)attributes.getAttribute (HTML.Attribute.HREF);
if(link != null && !link.startsWith("javascript") && !link.startsWith("#") && link.startsWith("/"))
link = root + link;
linkList.add(link);
test=1;
}while(test!=1);
public void handleSimpleTag (HTML.Tag tag,MutableAttributeSet aset,int pos)
{if (tag == HTML.Tag.IMG )This one never allows the first URL to be checked, and the program just sits there.
Do you see anything I�m doing wrong, or anyway I can stop the infinite loop?
I think the problem is that both of the searching tag classes are inner classes but I don�t know how to make them their own classes without messing up the whole password checking.
Any advice would be helpful!HTMLEditorKit.ParserCallback callback;
callback = new HTMLEditorKit.ParserCallback ()
public void handleSimpleTag (HTML.Tag tag,MutableAttributeSet aset,int pos)
if (tag == HTML.Tag.IMG )
src = (String)
aset.getAttribute (HTML.Attribute.SRC);
alt = (String)
aset.getAttribute (HTML.Attribute.ALT);
height = (String)
aset.getAttribute (HTML.Attribute.HEIGHT);
width = (String)
aset.getAttribute (HTML.Attribute.WIDTH);
//System.out.println("SRC = " + src);
//System.out.println("ALT = " + alt);
System.out.println("ROOT2"+root);
System.out.println("SRC1"+src);
if(src.startsWith("http"))
else
if(src.startsWith("../"))
src = src.replace("../", "");
src = root +"/"+ src;
else
if(src.startsWith("/"))
src = root + src;
else
src = root +"/"+ src;
System.out.println("SRC2"+src);
altList.add(alt);
srcList.add(src);
heightList.add(height);
widthList.add(width);
currentUrl.add(passUrl);
if(alt == null)
altPresent.add("No");
else
altPresent.add("Yes");
URI uri = null;
try
if (!uriBase.toString ().endsWith ("/") &&
!src.startsWith ("/"))
src = "/" + src;
uri = new URI (src);
uri = uriBase.resolve (uri);
System.out.println("URL"+passUrl);
System.out.println ("uri being " +
"processed ... " + uri);
System.out.println("ROOT3"+root);
catch (URISyntaxException e)
System.err.println ("Bad URI");
return;
// Convert the URI to a URL so that its input
// stream can be obtained.
URL url = null;
try
url = uri.toURL ();
catch (MalformedURLException e)
System.err.println ("Bad URL");
return;
//InputStream is;
//String filename = url.getFile ();
//int i = filename.lastIndexOf ('/');
//if (i != -1)
// filename = filename.substring (i+1);
@Override
public void handleStartTag(HTML.Tag tag, MutableAttributeSet attributes, int position)
//while(test!=1)
System.out.println("TEST"+test);
if (tag == HTML.Tag.A)
link = (String)
attributes.getAttribute (HTML.Attribute.HREF);
if(link != null && !link.startsWith("javascript") && !link.startsWith("#") && link.startsWith("/"))
/*if(link.startsWith("/"))
link = root + link;
else
if(!link.startsWith("http"))
link = root +"/"+ link;
//if(link.contains(root))
link = root + link;
test=1;
linkList.add(link);
try
HttpURLConnection urlConn = null;
//URL url = new URL(server);
// Build the string to be used for Basic Authentication <username>:<password>
String userPassword = "testmlr" + ":" + "stage1-7000";
// Base64 encode the authentication string
String encoding = new sun.misc.BASE64Encoder().encode (userPassword.getBytes());
//URLConnection
urlConn = (HttpURLConnection) url.openConnection();
// Enable writing to server ( to write request )
urlConn.setDoOutput(true);
// Enable reading from server ( to read response )
urlConn.setDoInput(true);
// Disable cache
urlConn.setUseCaches(false);
urlConn.setDefaultUseCaches(false);
// Set Basic Authentication parameters
urlConn.setRequestProperty ("Authorization", "Basic " + encoding);
// test(server);
BufferedReader in = new BufferedReader(new InputStreamReader(urlConn.getInputStream()));
new ParserDelegator().parse(in, callback, false);
System.out.println(in + "test123412341234");
catch (ChangedCharSetException e)
String csspec = e.getCharSetSpec ();
Pattern p = Pattern.compile ("charset=\"?(.+)\"?\\s*;?",
Pattern.CASE_INSENSITIVE);
Matcher m = p.matcher (csspec);
String charset = m.find () ? m.group (1) : "ISO-8859-1";
// Read and parse HTML document using appropriate character set.
public ArrayList getLinkList()
return linkList;
} -
SQL stored procedure Staging.GroomDwStagingData stuck in infinite loop, consuming excessive CPU
Hello
I'm hoping that someone here might be able to help or point me in the right direction. Apologies for the long post.
Just to set the scene, I am a SQL Server DBA and have very limited experience with System Centre so please go easy on me.
At the company I am currently working they are complaining about very poor performance when running reports (any).
Quick look at the database server and CPU utilisation being a constant 90-95%, meant that you dont have to be Sherlock Holmes to realise there is a problem. The instance consuming the majority of the CPU is the instance hosting the datawarehouse and in particular
a stored procedure in the DWStagingAndConfig database called Staging.GroomDwStagingData.
This stored procedure executes continually for 2 hours performing 500,000,000 reads per execution before "timing out". It is then executed again for another 2 hours etc etc.
After a bit of diagnosis it seems that the issue is either a bug or that there is something wrong with our data in that a stored procedure is stuck in an infinite loop
System Center 2012 SP1 CU2 (5.0.7804.1300)
Diagnosis details
SQL connection details
program name = SC DAL--GroomingWriteModule
set quoted_identifier on
set arithabort off
set numeric_roundabort off
set ansi_warnings on
set ansi_padding on
set ansi_nulls on
set concat_null_yields_null on
set cursor_close_on_commit off
set implicit_transactions off
set language us_english
set dateformat mdy
set datefirst 7
set transaction isolation level read committed
Store procedures executed
1. dbo.p_GetDwStagingGroomingConfig (executes immediately)
2. Staging.GroomDwStagingData (this is the procedure that executes in 2 hours before being cancelled)
The 1st stored procedure seems to return a table with the "xml" / required parameters to execute Staging.GroomDwStagingData
Sample xml below (cut right down)
<Config>
<Target>
<ModuleName>TransformActivityDim</ModuleName>
<WarehouseEntityName>ActivityDim</WarehouseEntityName>
<RequiredWarehouseEntityName>MTV_System$WorkItem$Activity</RequiredWarehouseEntityName>
<Watermark>2015-01-30T08:59:14.397</Watermark>
</Target>
<Target>
<ModuleName>TransformActivityDim</ModuleName>
<WarehouseEntityName>ActivityDim</WarehouseEntityName>
<RequiredWarehouseEntityName>MTV_System$WorkItem$Activity</RequiredWarehouseEntityName>
<ManagedTypeViewName>MTV_Microsoft$SystemCenter$Orchestrator$RunbookAutomationActivity</ManagedTypeViewName>
<Watermark>2015-01-30T08:59:14.397</Watermark>
</Target>
</Config>
If you look carefully you will see that the 1st <target> is missing the ManagedTypeViewName, which when "shredded" by the Staging.GroomDwStagingData returns the following result set
Example
DECLARE @Config xml
DECLARE @GroomingCriteria NVARCHAR(MAX)
SET @GroomingCriteria = '<Config><Target><ModuleName>TransformActivityDim</ModuleName><WarehouseEntityName>ActivityDim</WarehouseEntityName><RequiredWarehouseEntityName>MTV_System$WorkItem$Activity</RequiredWarehouseEntityName><Watermark>2015-01-30T08:59:14.397</Watermark></Target><Target><ModuleName>TransformActivityDim</ModuleName><WarehouseEntityName>ActivityDim</WarehouseEntityName><RequiredWarehouseEntityName>MTV_System$WorkItem$Activity</RequiredWarehouseEntityName><ManagedTypeViewName>MTV_Microsoft$SystemCenter$Orchestrator$RunbookAutomationActivity</ManagedTypeViewName><Watermark>2015-01-30T08:59:14.397</Watermark></Target></Config>'
SET @Config = CONVERT(xml, @GroomingCriteria)
SELECT
ModuleName = p.value(N'child::ModuleName[1]', N'nvarchar(255)')
,WarehouseEntityName = p.value(N'child::WarehouseEntityName[1]', N'nvarchar(255)')
,RequiredWarehouseEntityName =p.value(N'child::RequiredWarehouseEntityName[1]', N'nvarchar(255)')
,ManagedTypeViewName = p.value(N'child::ManagedTypeViewName[1]', N'nvarchar(255)')
,Watermark = p.value(N'child::Watermark[1]', N'datetime')
FROM @Config.nodes(N'/Config/*') Elem(p)
/* RESULTS - NOTE THE NULL VALUE FOR ManagedTypeViewName
ModuleName WarehouseEntityName RequiredWarehouseEntityName ManagedTypeViewName Watermark
TransformActivityDim ActivityDim MTV_System$WorkItem$Activity NULL 2015-01-30 08:59:14.397
TransformActivityDim ActivityDim MTV_System$WorkItem$Activity MTV_Microsoft$SystemCenter$Orchestrator$RunbookAutomationActivity 2015-01-30 08:59:14.397
When the procedure enters the loop to build its dynamic SQL to delete relevant rows from the inbound schema tables it concatenates various options / variables into an executable string. However when adding a NULL value to a string the entire string becomes
NULL which then gets executed.
Whilst executing "EXEC(NULL)" would cause SQL to throw an error and be caught, executing the following doesnt
DECLARE @null_string VARCHAR(100)
SET @null_string = 'hello world ' + NULL
EXEC(@null_string)
SELECT @null_string
So as it hasnt caused an error the next part of the procedure is to move to the next record and this is why its caught in an infinite loop
DELETE @items WHERE ManagedTypeViewName = @View
The value for the variable @View is the ManagedTypeViewName which is NULL, as ANSI_NULLS are set to ON in the connection and not overridded in the procedure then the above statement wont delete anything as it needs to handle NULL values differently (IS NULL),
so we are now stuck in an infinite loop executing NULL for 2 hours until cancelled.
I amended the stored procedure and added the following line before the loop statement which had the desired effect and "fixed" the performance issue for the time being
DELETE @items WHERE ManagedTypeViewName IS NULL
I also noticed that the following line in dbo.p_GetDwStagingGroomingConfig is commented out (no idea why as no notes in the procedure)
--AND COALESCE(i.ManagedTypeViewName, j.RelationshipTypeViewName) IS NOT NULL
There are obviously other ways to mitigate the dynamic SQL string being NULL, there's more than one way to skin a cat and thats not why I am asking this question, but what I am concerned about is that is there a reason that the xml / @GroomingCriteria is incomplete
and / or that the procedures dont handle potential NULL values.
I cant find any documentation, KBs, forum posts of anyone else having this issue which somewhat surprises me.
Would be grateful of any help / advice that anyone can provide or if someone can look at their 2 stored procedures on a later version to see if it has already been fixed. Or is it simply that we have orphaned data, this is the bit that concerns most as I dont
really want to be deleting / updating data when I have no idea what the knock on effect might be
Many many thanks
AndyFirst thing I would do is upgrade to 2012 R2 UR5. If you are running non-US dates you need the UR5 hotfix also.
Rob Ford scsmnz.net
Cireson www.cireson.com
For a free SCSM 2012 Notify Analyst app click
here -
Hello Experts,
For loading ODS2 we are making a lookup on ODS1 for 0material based on
purchaing document number, item line item.
Is there any mistake in the start routine or update routine.
Because the load goes in infinite loop. I think update routine should be changed.
Any suggestions are appreciated
Start routine:
data: begin of itab occurs 0,
pur_doc like /BIC/AZODS100-OI_EBELN,
item like /BIC/AZODS100-OI_EBELP,
material like /BIC/AZODS100-material,
end of itab.
clear itab.
select OI_EBELN OI_EBELP MAT_PLANT from /BIC/AZODS100
into table itab.
Update routine for 0material
loop at itab where pur_doc = COMM_STRUCTURE-OI_EBELN
and item = COMM_STRUCTURE-OI_EBELP.
RESULT = itab-matplant.
endloop.Hi,
this takes a long time, because with each record of your data packaged it is doing the loop and scanning each row of the internal table. Use the following instead.
Start routine:
types: begin of t_itab,
pur_doc like /BIC/AZODS100-OI_EBELN,
item like /BIC/AZODS100-OI_EBELP,
material like /BIC/AZODS100-material,
end of t_itab.
data: itab type hashed table of t_itab with unique key pur_doc item.
select OI_EBELN OI_EBELP MAT_PLANT from /BIC/AZODS100
into table itab order by oi_ebeln oi_ebelp mat_plant.
I hope these fields are the key of the ods object.
Update routine for 0material
data: wa_itab type t_itab.
read table itab into wa_itab with table key pur_doc = COMM_STRUCTURE-OI_EBELN
item = COMM_STRUCTURE-OI_EBELP.
if sy-subrc = 0.
RESULT = wa_itab-matplant.
else.
clear result.
endif.
Hope this helps
regards
Siggi -
SharePoint 2010 with LDAP authentication, using NOVELL eDirectory
One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
In the Membership provider name text box I entered "LdapMember"
In the Role provider name text box I entered "LdapRole"
In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
<membership>
<providers>
<add name="LdapMember"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
<providers>
<add name="LdapRole"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
groupContainer="OU=people,O=validobject"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="((ObjectClass=group)"
userFilter="((ObjectClass=person)"
scope="Subtree" />
</providers>
</roleManager>
I modified the SecurityTokenServiceApplication web.config with these details
<system.web>
<membership>
<providers>
<add name="LdapMemebr"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<add name="LdapRole"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
groupContainer="OU=people,O=validobject"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree" />
</providers>
</roleManager>
</system.web>
I modified the web.config of the test application I created with these details
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
groupContainer="OU=people,O=validobject"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="cn"
dnAttribute="dn"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree" />
</providers>
</roleManager>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
useDNAttribute="true"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
The server could not sign you in. Make sure your user name and password are correct, and then try again.
I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
8306 - SharePoint Foundation - The security token username and password could not be validated.
in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
then this:
Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
The LDAP server tells the SharePoint server it is ready to communicate
the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
The SharePoint server acknowledges the connection is closing
... and then nothing happens, except the error on SharePoint
What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
specified in the web.config). That part does not seem to be happening.
I am at a standstill on this and any help would be greatly appreciated.OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
for enabling Forms Based Authentication:
"ASP.NET Membership provider name"
"ASP.NET Role manager name"
We entered a name for Membership provider, and left Role manager blank.
In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
<membership>
<providers>
<add name="LdapMember"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword="validpassword"
useDNAttribute="false"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager>
<providers>
</providers>
</roleManager>
useDNAttribute="false" turned out to be important as well.
So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
leave anything related to the role provider blank
configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
a non-existent role manager. -
How to get user attributes from LDAP authenticator
I am using an LDAP authenticator and identity asserter to get user / group information.
I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
Any help would be appreciatedHi Julián,
in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
Beginner
Medium
Advanced
Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
Hope it helps
Detlev -
Infinite loop creating new page due to column header overflow.
i am getting an error and some pages "Infinite loop creating new page due to column header overflow. " --
using report builder 9, i have a fairly simple report - that contains 4 subreports.
for some pages i get the error - it seems if there is more data than would fit on 1 page.
smaller pages work fine.
the subreports are all simple queries and dumps....
containing page header, column header, detail sections.
page header has just a text bar of the name of the section.
column header has the field names
detail section has the data - 1 row for each row in the recordset.
nothing i do seems to change getting "Infinite loop creating new page due to column header overflow. " on a page with more than 15-20 records returned.
any ideas would be appreciated.Try these links if you are still having the issue:
http://community.jaspersoft.com/questions/543302/receive-infinite-loop-creating-new-page-d ue-column-header-overflow-exception
http://community.jaspersoft.com/questions/500177/infinite-loop-due-page-header-overflow -
How to use two different LDAP authentication for my Apex application login
Hi,
I have 2 user groups defined in the LDAP directory and I provided the DN string for apex authentication something like the below
cn=%LDAP_USER%,ou=usergrp1,dc=oracle,dc=com
cn=%LDAP_USER%,ou=usergrp2,dc=oracle,dc=com
The problem is I couln't pointout both the groups in DN string, I am trying to allow both usergroups to access the application.
Does anyone know how to define both the group in LDAP DN String ?.
Thanx in advance
Vijay.Vijay,
I don't think you'll be able to use the built-in LDAP authentication scheme. Just create a new authentication scheme that has its own authentication function. In that function code your calls to dbms_ldap however you need. Search the forum for dbms_ldap.simple_bind_s to find examples.
Scott -
LDAP Authentication - Multiple Domains
I want to be able to use the built in LDAP Authentication scheme to allow authentication against multiple AD Domains... each with it's own separate Host IP/Server, and LDAP DN String. The User ID is formated the same among all Domains, so that is not a concern. I am currently authenticating against one Domain and it scans the tree successfully.
Host: xx.xx.xx.xx
DN String: %LDAP_USER%@amer.globalco.net
(amer.globalco.net is the domain)
How can this be accomplished? Is it possible all you guru's out there?
I saw one forum thread discussing how to add a drop down list to the login page, then use the value of the page item in the DN String to specify Domain... That makes sense - HOWEVER - I also have to use a different Host Server / IP address for each domain as well.... Now that is 2 fields that need updating based on one select list.
I can build the select list using "IP/Domain" - but how do I separate the two data bits in the ITEM Value into their own field values?
Can I use the ldap_dnprep function to do text editing to create two field values from one ITEM value that I can use in the standard LDAP authentication form fields?
As you can tell - I am not a SQL/PLSQL person... and I want to avoid creating my own LDAP scheme.
Please include example/suggested SQL -
Thanks in advance...
Rich
Apex v3.2.1
Oracle 10G ExpressBased on prior post I had similar question and the result was to write custom auth scheme to read the values from the login page, perform auth against appropriate ldap, then return a valid session to proceed with login in apex app. In our case, the issue was having users is different branch nodes on the same ldap server but not being able to search from a common higher-level branch for some reason...
Another option you could try, not recommended as it would mean multiple pages to maintain, would be a separate login page per ldap/domain, maybe would even have to multiple apps with just a login page and then redirect to the main app... been a really long time since i've tried anything like it, just giving some options to try. -
LDAP Authentication Scheme - Multiple LDAP Servers?
How to set up ldap authentication so that multiple ldap servers are available? Scenario: ldap service is replicated through several servers, but does not sit behind a common dns/reverse proxy connection, so applications would list each ldap server and attempt to contact each in order if one or more ldap servers is unreachable.
How to set up ldap authentication so that multiple ldap servers are available? Scenario: ldap service is replicated through several servers, but does not sit behind a common dns/reverse proxy connection, so applications would list each ldap server and attempt to contact each in order if one or more ldap servers is unreachable.
Maybe you are looking for
-
We members save Apple several thousands of dollars each day in terms of man hours by resolving hundreds of issues that would otherwise be handled by Apple Tech Support. The very least that Apple could do is to provide a more stable web site for us to
-
Works with an mp3 tape cassette adapter?
Well i have two questions. Will the Iphone work with an mp3 cassette adapter? The one you put in a cars tape deck for those who do not know what I am talking about. I read that the a new 3G iphone will be released sometime 2008. Some sites have said
-
I re-installed CS5 after a reformat, and the 'background save' feature is not working. I was under the impression that it's a default setting. Is it something that I can reset? It was working fine with my first install.
-
Please Help. I don't find the DIMDate (dbo) in the Adventure WorksDW _ Data Thanks in advance Wilfredo de Jesus-Rivera [email protected]
-
I want to change the operation of the location bar
I just upgraded to Firefox 4 and lost all the location bar settings that I implemented when Firefox 3 came out. I personally consider the 'awesome' bar to awesomely stupid. A search system is supposed to narrow your results, not throw everything in t