LDAP - UME Domain filter
Hi,
Thanks for helping!
Does anyone know how to set up a negative user filter for users in a given domain? I am using novell as LDAP server.
Ex. for a organization unit it is done like this:
<ume.ldap.negative_user_filter>ou=[unit]</ume.ldap.negative_user_filter>
What I would like to know is; what is the physical attribute name of Domain?
I have been looking for this for hours now... Any help would be very nice!
The best regards
Kris
I don't think the negative user filter can be used in my case. I am going to use multible LDAP domains in UME using the same LDAP server but with different user and group paths.
This sould do the trick.
Thanks for your help!
Best regards
Kris
Similar Messages
-
Vibe ldap group exlusion filter?
This is the default Group Sync filter which brings all the eDirectory groups into Vibe.
(|(objectClass=group)(objectClass=groupOfNames)(ob jectClass=groupOfUniqueNames))
Can someone help me with an example of what the ldap group sync filter in Vibe would look like if I wanted to exclude eDirectory groups such as www and novlxtier from the sync?
Thanks, Dave.On 07/08/2014 17:56, dkerbaugh wrote:
> This is the default Group Sync filter which brings all the eDirectory
> groups into Vibe.
>
> (|(objectClass=group)(objectClass=groupOfNames)(ob jectClass=groupOfUniqueNames))
>
> Can someone help me with an example of what the ldap group sync filter
> in Vibe would look like if I wanted to exclude eDirectory groups such as
> www and novlxtier from the sync?
I use something like the following with Filr to achieve what you're asking:
(&(|(objectClass=group)(objectClass=groupOfNames)( objectClass=groupOfUniqueNames))(!(|(cn=www)(cn=no vlxtier))))
HTH.
Simon
Novell Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks. -
Multi-Domain LDAP UME configuration
Hello
We have EP 7.0 installed and want to connect the UME to our Corporate
LDAP (MSADS) as data source.
Our ADS is as follows:
domain.pt u2013 This is our top level domain. Here we have our main users.
Gs.domain.pt u2013 This is a child domain of ren.pt. Here are some special
users that cannot be moved to domain.pt level (because of this we have to
use multi-domain configuration)
According to some documents Step 2 of Note 762419 - Multi-Domain Logon
Using Microsoft Active Directory this configuration as to be done
according to a Multiple-Domain UME LDAP Configuration.
Following is is my configuration of LDAP access:
I have set the u201CUME LDAP Datau201D in Config Tool to point to
the u201CdataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xmlu201D configuration file that has been previously change by me following previous documents. The xml is is the end of the message
Also in the u201CUME LDAP Datau201D (Directory Server) I have defined the following settings:
Server Name: dc01.domain.pt (This is the DC of domain.pt)
Server port: 389
User: j2ee-pp3 @domain.pt
Pass: ******* (ok on all configuration tests and authentication)
SSL: NO.
User Path: DC=domain,DC=pt
Group Path: DC=domain,DC=pt
Checked the u201CFlat User Group Hierarchyu201D.
Checked the u201CUse UME Unique id with unique LDAP Attributeu201D.
At u201CAdditional LDAP Propertiesu201D I have set the properties of
ume.ldap.unique_user_attribute(global) and
ume.ldap.unique_uacc_attribute(global) to userprincipalname. This was
done according to the Multi-Domain configuration.
Also ume.ldap.access.multidomain.enabled=true was set the property
sheet of the UME service. After this all checks are ok including in
User Administration in Portal.
Conclusion: We have no problem with SSO and search capabilities
at u201Cdomain.ptu201D level. All users of this domain are able to access the
portal with SSO.
Nevertheless no user from u201Cgs.domain.ptu201D is able to logon. Additionally,
using User Admninistration in Portal with option u201CAll Data Sourcesu201D
returns no results when searching for users from this child domain. It
seems the the configuration file does not recognize gs.domain.pt.
Is it possible that our xml file is incorrectly adapted? Is there any
missing or wrong configuration for multi-domain LDAP access? Please
advice.
Thanks in advance
dataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->
<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection>
</privateSection>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="j_user"/>
<attribute name="j_password"/>
<attribute name="userid"/>
<attribute name="logonalias"/>
</attributes>
</nameSpace>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="email" populateInitially="true"/>
<attribute name="email"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
<attribute name="krb5principalname"/>
<attribute name="kpnprefix"/>
<attribute name="dn"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname" populateInitially="true"/>
<attribute name="description" populateInitially="true"/>
<attribute name="uniquename"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</responsibleFor>
<attributeMapping>
<principals>
<principal type="account">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="domain_j_user">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="j_user">
<physicalAttribute name="userprincipalname"/>
<attribute name="logonalias">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="facsimiletelephonenumber"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="null"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephonenumber"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetaddress">
<physicalAttribute name="postaladdress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
<attribute name="krb5principalname">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="kpnprefix">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="dn">
<physicalAttribute name="distinguishedname"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="uniquename" populateInitially="true">
<physicalAttribute name="ou"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</principals>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.objectclass.grup>organizationalUnit</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>ou</ume.ldap.access.naming_attribute.grup>
<ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
<ume.ldap.access.set_pwd>true</ume.ldap.access.set_pwd>
<ume.ldap.access.multidomain.enabled>true</ume.ldap.access.multidomain.enabled>
<ume.ldap.access.extended_search_size>200</ume.ldap.access.extended_search_size>
<ume.ldap.access.domain_mapping>
[DOMAIN_PT;DC=domain,DC=pt]
[GS_DOMAIN_PT;DC=gs,DC=domain,DC=pt]
[gs;DC=DC=gs,DC=domain,DC=pt]
[domain;DC=pt]
</ume.ldap.access.domain_mapping>
</privateSection>
</dataSource>
</dataSources>
Edited by: Joaquim Pereira on Feb 7, 2009 1:34 PMHi Gaetano
I tried to set back the "uniqueid" in the XML to samaccountname.
Also, i changed the spnego to go only to domain.pt (gs.domain.pt is a child domain).
In the 1st tests this worked perfectly, but we still to do some testings with this config.
When i get confirmation, ill reply here.
Thank you.
PS:. we thought on defining the abap user for each user, but there are a lot of users...
we'll try this config, and if it doesn't work, probably, thats what we'll do.
Edited by: Joaquim Pereira on Feb 12, 2009 5:45 PM
Everything seams to be working now. setting back the uniqueid to samaccountname and configuring spnego to go to only 1 domain solved the issue.
I just need to test which change did the trick.
Edited by: Joaquim Pereira on Feb 13, 2009 1:02 PM -
Windows LDAP attributes match for the Synology LDAP client profile filter.
I am having Windows server 2012 domain controller with LDAP enabled. I wish to enable LDAP client on Synology Diskstation to search for users and enable them access of shared folders of Synology. Hence, I have enabled the client which shows connected to the Windows LDAP service, but not populating any users.
Anybody figured out this? It requires profile settings. I'm finding difficult to identify the LDAP attributes match for the Synology profile filter attributes.
Refer following image.
This topic first appeared in the Spiceworks CommunitySpecify a Dynamic Access Profile with:
Criteria: User has ALL of the following AAA attribute values...
ldap.memberOf != GroupName
cisco.tunnelgroup = TunnelGruopName
Should work
/K -
Using get-aduser to search for enabled users in entire domain filter ..
Hi,
my first post here.
I have the following problem. I am trying to figure out to create a powershell command (with get-aduser) that searches for only enabled
users (in the entire domain), whose user account login names starts with "b" or "B" (because their user account login names are composed of Bnnnnn, n=numbers). I suppose that a string of "B*" in the command should be sufficient. The query result
must show the user account login name (Bnnnnn), first name
and last name and the enabled (yes) status of those enabled users. I would like to write the entire query result to a file (csv format), saving it to c: for example
Please help. Thanks in advanceI use -LDAPFilter mostly because I am used to the LDAP syntax. It can be used in PowerShell, VBScript, dsquery, VB, and many command line utilities (like Joe Richards' free adfind utility). Active Directory is an LDAP compliant database.
The PowerShell -Filter syntax can do the same things, but the properties it exposes are really aliases. I'm used to the AD attribute names, like sAMAccountName and userAccountControl. PowerShell uses things like "enabled" and "surname", which are aliases
you need to know or look up. For example, the Get-ADUser default and extended properties, with the actual AD attributes they are based on, are documented here:
http://social.technet.microsoft.com/wiki/contents/articles/12037.active-directory-get-aduser-default-and-extended-properties.aspx
Finally, note that the "Name" property refers to the Relative Distinguished Name (RDN) of the object, which for user objects is the value of the cn attribute (the Common Name of the user). This may not uniquely identify the user, as it only needs to be unique
in the parent OU/container. The user login name (pre-Windows 2000 logon name) is the value of the sAMAccountName attribute, which must be unique in the domain. In the Wiki article I linked, we see that the PowerShell alias for this attribute is "SamAccountName"
(in this case the name of the property matches the name of the AD attribute). All of this can be confusing.
Richard Mueller - MVP Directory Services -
Hi,
Is there a possibility to enable UME on Java WAS to use database & LDAP directory even if the WAS is Developer Workplace or Java Sneak Preview ?
When I try to change UME configuration in UME configtool and save change, error ocurs. When I do that on regular Java Central instance installation, everything goes ok.
Can anyone answer my question ?
Thanks,
Best regards
Miroslav KoskarHi Miroslav ,
i didn'get u properly.
Config tool is for Offline Administration of SAP WAS.
just follow these links for UME LDAP Configuration.
http://help.sap.com/saphelp_nw04/helpdata/en/eb/00954081efb90ee10000000a155106/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/6f/258b2ef17d45a4afa45a00309a6a33/content.htm
Regards
Kishor Gopinathan -
MS AD LDAP+UME configuration guide
Hello
I have to implement User Management in LDAP(Deep hierachy)+UME Database mode. I am looking for Step by Step guides for the same with the requisite tools to manage MS Active Directory as a LDAP data source.
Thanks
ASRThanks for the reply.
1 more question
Which tool is used to administer LDAP users (e.g. Add a new LDAP user) from the Windows 2003 server.
Thanks
Ananda -
LDAP UME for ABAP + JAVA SYSTEM
Hi,
I am using NW 7 SP 15 with both ABAP + JAVA stack. The UME is set to ABAP by default during installation.
Can we change that to LDAP datasource?
Under System Configuration -> UME Configuration -> Data Sources (TAB) -> in Data Source dropdown box -> there is only ONE option available "ABAP SYSTEM" and no other option is present.
Any suggestion?
Regards
DebUps! Obviously a later change from ABAP to some other UME indeed is not supported by SAP. But this means not, that you cannot use LDAP or JAVA from the very beginning.
Did you not have the option to choose another UME data source for the Java Add-In during the installation process? (this may make sense, because the installation sequence for double stacks is always 1. ABAP stack 2. Java stack).
If not, then indeed LDAP as the primary UME data source is not supported for double stack installations.
If yes, you only have the chance to re-install your system.
In every case you can install 2 separate instances and connect them later. 1 ABAP instance with UME of course ABAP and 1 Java instance with UME LDAP or Java DB.
But before doing that and if I were you I would open a CSN at SMP and ask the software vendor ...
Regards,
Volker -
Use wildcard in LDAP search with filter and filter args fails
Hi,
I'm writing a function that receives the search filter and the filter arguments and returns the attributes of the found entries but I'm having problems when I pass the wildcard '*' as argument. For example I'm looking for cn=* but instead it looks for cn=\2a (searches for cn containing *).
I'm using the InitialLdapContext function:
public NamingEnumeration<SearchResult> search(String name,
String filterExpr,
Object[] filterArgs,
SearchControls cons)
throws NamingException
The problem occurs in the class com.sun.jndi.toolkit.dir.SearchFilter format method where it replaces the filter place holders with the filter arguments. There it calls getEncodedStringRep to the arguments and that function returns the wildcard '*' escaped.
Is it supposed to behave like that? I don't have problems using the search function search(String name, String filterExpr,Object[] filterArgs, SearchControls cons) but I'd like to be able to separate the filter and the filter arguments.That's a forum artefact, as the boldface should make obvious.
My point is that you should specify the wildcard in the filter string, not as an argument. See http://download.oracle.com/javase/6/docs/api/javax/naming/directory/DirContext.html#search(javax.naming.Name,%20java.lang.String, java.lang.Object[],%20javax.naming.directory.SearchControls). (The forum will break that link too.) The argument asterisk is being escaped in accordance with what it says there. Or maybe you can escape it yourself as an argument as \0x2a. -
LDAP Multi Domain (organization) auth
Hello everybody,
Actually, I have the following working configuration:
LDAP server (SUN DS) with the following schema for user:
ou=People,o=aOrgName,ou=People,dc=...
I have multiple organization sharing the same servers, it's working fine, but each users need to been unique "cross organization wide".
I mean, I can't have a user name userA in ou=People,o=orgA,... and an other user named userA in ou=People,o=orgB...
No problem with uid (I mean uidNumber LDAP and unix user id), I can make them unique accross organization.
But for the user name, it's a bit tricky, because I can't make it unique. (until now I can, but soon it will be hard, and user don't want to have userA2 as a username).
So, I thought of the following solutions:
- Configuring solaris LDAP client in such way, he will append the orgName to the username. (like userA-orgA) Would be the cleanest solution, but I really don't think it's possible without rewrite on ldap client layer of solaris.
- Having ldap server automaticaly create a fqun (fully qualified user name) of the form: userA-orgA and having solaris use this in place of uid. But I don't know if we can create entries based on other entries, like we can on SQL db.
- Manualy add an fqun field.
For the last two, I really don't know how to configure solaris 10 ldap client to user fqun in place of uid. I'm sure it is possible somehow using SSD, but after reading the documentation, I'm not sure how.
Finaly, no I can't change the uid to user-orgname because the uid is used by many other services, like email, web application... And in those application you add a @orgName after your username to do the trick.
Any idea, experience are really appreciated.
Regards
KuonMicrosoft releases new license terms for Windows 10: Biggest surprise? No gotchasEd Bott has Just published an article on ZDNet which reviews in detail the just-released Windows 10 license agreementFirst published on ZDNet By Ed Bott for The Ed Bott Report | July 15, 2015 -- 18:30 GMT (19:30 BST) | Topic: Windows 10 "Two weeks ahead of the global launch of Windows 10, Microsoft has finalized the terms of its license agreements for the new operating system. I've had several days to study the documents in detail, and I can report that there are no surprises, no gotchas, and no hidden subscription traps waiting to be sprung in two or three or four years.""In fact, the new license agreement is simpler and written more clearly than any similar document I've reviewed in 20 years of examining Windows license agreements. There are a few...
-
Data domain filter in endeca studio
earlier in Endeca 2.3, we could use data source filter and restrict the data ...link shows more details Adding filters to a data source
But I am not able to get this to work in Endeca 3.1 studio under Endeca server definition ..it is able to validate the definition ....here is my definition
"dataDomainName": "Test_DS",
"name": "Test_DS",
"port": "7002",
"server": "Test_Server",
"sslConfig": {
"caFile": "endecaServerTrustStore.ks",
"caPassword": "*****",
"certFile": "endecaServerClientCert.ks",
"certPassword": "****"
"baseFunctions": [
"class":"com.endeca.portal.data.functions.DataSourceFilter",
"filterString":"Region='NAPA'"
"class":"com.endeca.portal.data.functions.RefinementFilter",
"attributeValue":"2014",
"attributeKey":"YEAR"Base Functions were removed in EID 3.1 and replaced with a Base Filter for each Data Set. See http://docs.oracle.com/cd/E40518_01/studio.310/studio_migration/toc.htm#Removed%20State%20Manager,%20baseFunctions,%20parent/child%20relationships for details.
-
Multiple LDAP search domain configuration
how do you set up multiple base dn settings for LDAP calls in LiveCycle es2
Hi Conor,
The below links could be helpful to you :-
Forum thread:
Re: Delegated User Search returns first 200 entries only...?
How-to guide:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f0747ac2-ffd9-2910-de9a-8a3dc44da8b4
SAP Library:
http://help.sap.com/saphelp_nw04s/helpdata/en/b1/6a55422f4d3830e10000000a155106/frameset.htm
Regards,
Anagha -
Problem creating account in LDAP directory domain
Hi all,
I am trying to create a new account in the LDAP directory on a machine running OS X Server 10.3. I can do this by selecting Other from the directory dropdown, then choosing LDAPv3/127.0.0.1 and authenticating. However, after I create the account, I choose Advanced to change the password type to Open Directory. However, when I do so, a popup informs me that I must first run Password Admin, and that I can do so from Server Admin. I cannot find this anywhere in Server Admin, nor can I find any documentation on it. Am I missing something here?Never mind, I found the solution myself - I had to reinitialize the LDAP administrator.
-
Might anyone have a solution to this issue:
Linkwall is not detecting some of our entries in the LWB blacklists.
Our students can browse to playboy.com even though I have confirmed that playboy.com is in domains file.
The same rule is blocking the Hustler, Penthouse and Ultrapasswords.com websites.
Here is the critical server info:
NW65sp6
BorderManager 3.9sp1
LinkWall 3.11.0
IManager 2.6
BorderManager 3.9sp1
LinkWall 3.11.0
IManager 2.6
Sys:system\linkwall.ncf file:
load sys:\etc\linkwall\linkwall /category=on /log=2 /logroll=1 /logfile=logs:linkwall
sys:etc\linkwall\linkwall.lst file:
# linkwall.lst - Connectotel
#Connectotel LinkWall Test Page
$exclude sys:\blacklists\nsd\whitelist\domains nsd
$exclude sys:\blacklists\nsd\whitelist\urls nsd
$include sys:\blacklists\nsd\blacklist\domains nsd
$include sys:\blacklists\nsd\blacklist\proxy nsd
$include sys:\blacklists\nsd\blacklist\urls nsd
$include sys:\Blacklists\lwb\blacklists\ads\domains ads
$include sys:\Blacklists\lwb\blacklists\ads\urls ads
$include sys:\Blacklists\lwb\blacklists\adult\domains adult
$include sys:\Blacklists\lwb\blacklists\adult\urls adult
$include sys:\Blacklists\lwb\blacklists\aggressive\domains aggressive
$include sys:\Blacklists\lwb\blacklists\aggressive\urls aggressive
$include sys:\Blacklists\lwb\blacklists\antispyware\domains antispyware
$include sys:\Blacklists\lwb\blacklists\antispyware\urls antispyware
$include sys:\Blacklists\lwb\blacklists\artnudes\domains artnudes
$include sys:\Blacklists\lwb\blacklists\artnudes\urls artnudes
$include sys:\Blacklists\lwb\blacklists\audio-video\domains audio-video
$include sys:\Blacklists\lwb\blacklists\audio-video\urls audio-video
$include sys:\Blacklists\lwb\blacklists\beerliquorinfo\doma ins beerliquorinfo
$include sys:\Blacklists\lwb\blacklists\beerliquorsale\doma ins beerliquorinfo
$include sys:\Blacklists\lwb\blacklists\blog\domains blog
$include sys:\Blacklists\lwb\blacklists\blog\urls blog
$include sys:\Blacklists\lwb\blacklists\cellphones\domains cellphones
$include sys:\Blacklists\lwb\blacklists\chat\domains chat
$include sys:\Blacklists\lwb\blacklists\chat\urls chat
$include sys:\Blacklists\lwb\blacklists\dating\urls dating
$include sys:\Blacklists\lwb\blacklists\desktopsillies\doma ins desktopsillies
$include sys:\Blacklists\lwb\blacklists\desktopsillies\urls desktopsillies
$include sys:\Blacklists\lwb\blacklists\dialers\domains dialers
$include sys:\Blacklists\lwb\blacklists\dialers\urls dialers
$include sys:\Blacklists\lwb\blacklists\drugs\domains drugs
$include sys:\Blacklists\lwb\blacklists\drugs\urls drugs
$include sys:\Blacklists\lwb\blacklists\ecommerce\domains ecommerce
$include sys:\Blacklists\lwb\blacklists\ecommerce\urls ecommerce
$include sys:\Blacklists\lwb\blacklists\entertainment\domai ns entertainment
$include sys:\Blacklists\lwb\blacklists\entertainment\urls entertainment
$include sys:\Blacklists\lwb\blacklists\filehosting\domains filehosting
$include sys:\Blacklists\lwb\blacklists\gambling\domains gambling
$include sys:\Blacklists\lwb\blacklists\gambling\urls gambling
$include sys:\Blacklists\lwb\blacklists\games\domains games
$include sys:\Blacklists\lwb\blacklists\games\urls games
$include sys:\Blacklists\lwb\blacklists\guns\domains weapons
$include sys:\Blacklists\lwb\blacklists\guns\urls weapons
$include sys:\Blacklists\lwb\blacklists\hacking\domains hacking
$include sys:\Blacklists\lwb\blacklists\hacking\urls hacking
$include sys:\Blacklists\lwb\blacklists\instantmessaging\do mains instantmessaging
$include sys:\Blacklists\lwb\blacklists\instantmessaging\ur ls instantmessaging
$include sys:\Blacklists\lwb\blacklists\kidstimewasting\dom ains kidstimewasting
$include sys:\Blacklists\lwb\blacklists\kidstimewasting\url s kidstimewasting
$include sys:\Blacklists\lwb\blacklists\mail\domains mail
$include sys:\Blacklists\lwb\blacklists\mail\urls mail
$include sys:\Blacklists\lwb\blacklists\marketingware\domai ns spyware
$include sys:\Blacklists\lwb\blacklists\mixed_adult\domains adult
$include sys:\Blacklists\lwb\blacklists\onlineauctions\doma ins onlineauctions
$include sys:\Blacklists\lwb\blacklists\onlineauctions\urls onlineauctions
$include sys:\Blacklists\lwb\blacklists\onlinegames\domains games
$include sys:\Blacklists\lwb\blacklists\onlinegames\urls games
$include sys:\Blacklists\lwb\blacklists\onlinepayment\domai ns personalfinance
$include sys:\Blacklists\lwb\blacklists\personalfinance\dom ains personalfinance
$include sys:\Blacklists\lwb\blacklists\personalfinance\url s personalfinance
$include sys:\Blacklists\lwb\blacklists\phishing\domains phishing
$include sys:\Blacklists\lwb\blacklists\phishing\urls phishing
$include sys:\Blacklists\lwb\blacklists\porn\domains porn
$include sys:\Blacklists\lwb\blacklists\porn\urls porn
$include sys:\Blacklists\lwb\blacklists\proxy\domains proxy
$include sys:\Blacklists\lwb\blacklists\proxy\urls proxy
$include sys:\Blacklists\lwb\blacklists\radio\domains radio
$include sys:\Blacklists\lwb\blacklists\radio\urls radio
$include sys:\Blacklists\lwb\blacklists\reaffected\domains reaffected
$include sys:\Blacklists\lwb\blacklists\ringtones\domains ringtones
$include sys:\Blacklists\lwb\blacklists\sect\domains sect
$include sys:\Blacklists\lwb\blacklists\sexuality\domains sexuality
$include sys:\Blacklists\lwb\blacklists\sexuality\urls sexuality
$include sys:\Blacklists\lwb\blacklists\shopping\domains shopping
$include sys:\Blacklists\lwb\blacklists\socialnetworking\do mains socialnetworking
$include sys:\Blacklists\lwb\blacklists\socialnetworking\ur ls socialnetworking
$include sys:\Blacklists\lwb\blacklists\spyware\domains spyware
$include sys:\Blacklists\lwb\blacklists\updatesites\domains updatesites
$include sys:\Blacklists\lwb\blacklists\updatesites\urls updatesites
$include sys:\Blacklists\lwb\blacklists\violence\domains violence
$include sys:\Blacklists\lwb\blacklists\violence\urls violence
$include sys:\Blacklists\lwb\blacklists\virusinfected\domai ns virusinfected
$include sys:\Blacklists\lwb\blacklists\virusinfected\urls virusinfected
$include sys:\Blacklists\lwb\blacklists\warez\domains warez
$include sys:\Blacklists\lwb\blacklists\warez\urls warez
$include sys:\Blacklists\lwb\blacklists\weapons\domains weapons
$include sys:\Blacklists\lwb\blacklists\weapons\urls weapons
$include sys:\Blacklists\lwb\blacklists\webmail\domains mail
$include sys:\Blacklists\lwb\blacklists\webmail\urls mail
$include sys:\blacklists\mesd\blacklists\ads\domains ads
$include sys:\blacklists\mesd\blacklists\ads\urls ads
$include sys:\blacklists\mesd\blacklists\aggressive\domains aggressive
$include sys:\blacklists\mesd\blacklists\aggressive\urls aggressive
$include sys:\blacklists\mesd\blacklists\audio-video\domains audio-video
$include sys:\blacklists\mesd\blacklists\audio-video\urls audio-video
$include sys:\blacklists\mesd\blacklists\drugs\domains drugs
$include sys:\blacklists\mesd\blacklists\drugs\urls drugs
$include sys:\blacklists\mesd\blacklists\gambling\domains gambling
$include sys:\blacklists\mesd\blacklists\gambling\urls gambling
$include sys:\blacklists\mesd\blacklists\hacking\domains hacking
$include sys:\blacklists\mesd\blacklists\hacking\urls hacking
$include sys:\blacklists\mesd\blacklists\mail\domains mail
$include sys:\blacklists\mesd\blacklists\porn\domains porn
$include sys:\blacklists\mesd\blacklists\porn\urls porn
$include sys:\blacklists\mesd\blacklists\proxy\domains proxy
$include sys:\blacklists\mesd\blacklists\proxy\urls proxy
$include sys:\blacklists\mesd\blacklists\redirector\domains redirector
$include sys:\blacklists\mesd\blacklists\redirector\urls redirector
$include sys:\blacklists\mesd\blacklists\spyware\domains spyware
$include sys:\blacklists\mesd\blacklists\spyware\urls spyware
$include sys:\blacklists\mesd\blacklists\suspect\domains suspect
$include sys:\blacklists\mesd\blacklists\suspect\urls suspect
$include sys:\blacklists\mesd\blacklists\violence\domains violence
$include sys:\blacklists\mesd\blacklists\violence\urls violence
$include sys:\blacklists\mesd\blacklists\warez\domains warez
$include sys:\blacklists\mesd\blacklists\warez\urls warez
LinkWall server console screen after loading linkwall.ncf:
LinkWall by Connectotel - Version 3.11.0
Copyright (c) 2003-2007 Connectotel
LinkWall: The documentation is at sys:etc\linkwall\linkwall.pdf
LinkWall: The site list is at sys:etc\linkwall\linkwall.lst
LinkWall: Licensed to Northwest High School (School)
LinkWall: Registered with BorderManager (64)
LinkWall: Currently checking 1456639 entries
LinkWall: Currently excluding 61 entries
LinkWall: Log level 2 of 2 (1 = file, 2 = file and screen)
LinkWall: Log location logs:linkwall\lw080402.log
LinkWall: Loaded in category mode
LinkWall: Using 62 categories
LinkWall: Running in DENY mode
10.16.17.121 - hsstu.Students.HS.NSD [02/Apr/2008:10:04:42 +0000] "GET http://ww
w.hustler.com/ HTTP/1.0" 403 0
10.16.17.121 - hsstu.Students.HS.NSD [02/Apr/2008:10:05:03 +0000] "GET http://ww
w.penthouse.com/ HTTP/1.0" 403 0
10.16.17.121 - hsstu.Students.HS.NSD [02/Apr/2008:10:05:10 +0000] "GET http://a2
10.16.17.121 - hsstu.Students.HS.NSD [02/Apr/2008:10:05:19 +0000] "GET http://ww
w.ultrapasswords.com/ HTTP/1.0" 403 0I'm having the EXACT SAME ISSUE! I can get to "playboy.com" even though it is supposed to be blocked. Our students are getting to www.sneakanon.com even though it is listed in the sys:/blacklists/proxy/domains file. If I add www.sneakanon.com manually to the linkwall.lst file, it DOES block it. However, if I add it to a generic rule I have set up, it does NOT block it!
I'm guessing this is an issue with SP1 for BM39 since it was not happening before I installed sp1.??
Matt
>>> On 4/2/2008 at 9:46 AM, in message <[email protected]>, mtucker nsd<[email protected]> wrote:
Might anyone have a solution to this issue:
Linkwall is not detecting some of our entries in the LWB blacklists.
Our students can browse to playboy.com even though I have confirmedthat playboy.com is in domains file.
The same rule is blocking the Hustler, Penthouse and Ultrapasswords.comwebsites.
Here is the critical server info:
NW65sp6
BorderManager 3.9sp1
LinkWall 3.11.0
IManager 2.6
BorderManager 3.9sp1
LinkWall 3.11.0
IManager 2.6
Sys:system\linkwall.ncf file:
load sys:\etc\linkwall\linkwall /category=on /log=2 /logroll=1/logfile=logs:linkwall
sys:etc\linkwall\linkwall.lst file:
# linkwall.lst - Connectotel
#'Connectotel LinkWall Test Page'(http://www.connectotel.com/linktest)
$exclude sys:\blacklists\nsd\whitelist\domains nsd
$exclude sys:\blacklists\nsd\whitelist\urls nsd
$include sys:\blacklists\nsd\blacklist\domains nsd
$include sys:\blacklists\nsd\blacklist\proxy nsd
$include sys:\blacklists\nsd\blacklist\urls nsd
$include sys:\Blacklists\lwb\blacklists\ads\domains ads
$include sys:\Blacklists\lwb\blacklists\ads\urls ads
$include sys:\Blacklists\lwb\blacklists\adult\domains adult
$include sys:\Blacklists\lwb\blacklists\adult\urls adult
$include sys:\Blacklists\lwb\blacklists\aggressive\domains aggressive
$include sys:\Blacklists\lwb\blacklists\aggressive\urls aggressive
$include sys:\Blacklists\lwb\blacklists\antispyware\domains antispyware
$include sys:\Blacklists\lwb\blacklists\antispyware\urls antispyware
$include sys:\Blacklists\lwb\blacklists\artnudes\domains artnudes
$include sys:\Blacklists\lwb\blacklists\artnudes\urls artnudes
$include sys:\Blacklists\lwb\blacklists\audio-video\domainsaudio-video
$include sys:\Blacklists\lwb\blacklists\audio-video\urls audio-video
$include sys:\Blacklists\lwb\blacklists\beerliquorinfo\doma insbeerliquorinfo
$include sys:\Blacklists\lwb\blacklists\beerliquorsale\doma insbeerliquorinfo
$include sys:\Blacklists\lwb\blacklists\blog\domains blog
$include sys:\Blacklists\lwb\blacklists\blog\urls blog
$include sys:\Blacklists\lwb\blacklists\cellphones\domains cellphones
$include sys:\Blacklists\lwb\blacklists\chat\domains chat
$include sys:\Blacklists\lwb\blacklists\chat\urls chat
$include sys:\Blacklists\lwb\blacklists\dating\urls dating
$include sys:\Blacklists\lwb\blacklists\desktopsillies\doma insdesktopsillies
$include sys:\Blacklists\lwb\blacklists\desktopsillies\urls desktopsillies
$include sys:\Blacklists\lwb\blacklists\dialers\domains dialers
$include sys:\Blacklists\lwb\blacklists\dialers\urls dialers
$include sys:\Blacklists\lwb\blacklists\drugs\domains drugs
$include sys:\Blacklists\lwb\blacklists\drugs\urls drugs
$include sys:\Blacklists\lwb\blacklists\ecommerce\domains ecommerce
$include sys:\Blacklists\lwb\blacklists\ecommerce\urls ecommerce
$include sys:\Blacklists\lwb\blacklists\entertainment\domai nsentertainment
$include sys:\Blacklists\lwb\blacklists\entertainment\urlse ntertainment
$include sys:\Blacklists\lwb\blacklists\filehosting\domains filehosting
$include sys:\Blacklists\lwb\blacklists\gambling\domains gambling
$include sys:\Blacklists\lwb\blacklists\gambling\urls gambling
$include sys:\Blacklists\lwb\blacklists\games\domains games
$include sys:\Blacklists\lwb\blacklists\games\urls games
$include sys:\Blacklists\lwb\blacklists\guns\domains weapons
$include sys:\Blacklists\lwb\blacklists\guns\urls weapons
$include sys:\Blacklists\lwb\blacklists\hacking\domains hacking
$include sys:\Blacklists\lwb\blacklists\hacking\urls hacking
$include sys:\Blacklists\lwb\blacklists\instantmessaging\do mainsinstantmessaging
$include sys:\Blacklists\lwb\blacklists\instantmessaging\ur lsinstantmessaging
$include sys:\Blacklists\lwb\blacklists\kidstimewasting\dom ainskidstimewasting
$include sys:\Blacklists\lwb\blacklists\kidstimewasting\url skidstimewasting
$include sys:\Blacklists\lwb\blacklists\mail\domains mail
$include sys:\Blacklists\lwb\blacklists\mail\urls mail
$include sys:\Blacklists\lwb\blacklists\marketingware\domai ns spyware
$include sys:\Blacklists\lwb\blacklists\mixed_adult\domains adult
$include sys:\Blacklists\lwb\blacklists\onlineauctions\doma insonlineauctions
$include sys:\Blacklists\lwb\blacklists\onlineauctions\urls onlineauctions
$include sys:\Blacklists\lwb\blacklists\onlinegames\domains games
$include sys:\Blacklists\lwb\blacklists\onlinegames\urls games
$include sys:\Blacklists\lwb\blacklists\onlinepayment\domai nspersonalfinance
$include sys:\Blacklists\lwb\blacklists\personalfinance\dom ainspersonalfinance
$include sys:\Blacklists\lwb\blacklists\personalfinance\url spersonalfinance
$include sys:\Blacklists\lwb\blacklists\phishing\domains phishing
$include sys:\Blacklists\lwb\blacklists\phishing\urls phishing
$include sys:\Blacklists\lwb\blacklists\porn\domains porn
$include sys:\Blacklists\lwb\blacklists\porn\urls porn
$include sys:\Blacklists\lwb\blacklists\proxy\domains proxy
$include sys:\Blacklists\lwb\blacklists\proxy\urls proxy
$include sys:\Blacklists\lwb\blacklists\radio\domains radio
$include sys:\Blacklists\lwb\blacklists\radio\urls radio
$include sys:\Blacklists\lwb\blacklists\reaffected\domains reaffected
$include sys:\Blacklists\lwb\blacklists\ringtones\domains ringtones
$include sys:\Blacklists\lwb\blacklists\sect\domains sect
$include sys:\Blacklists\lwb\blacklists\sexuality\domains sexuality
$include sys:\Blacklists\lwb\blacklists\sexuality\urls sexuality
$include sys:\Blacklists\lwb\blacklists\shopping\domains shopping
$include sys:\Blacklists\lwb\blacklists\socialnetworking\do mainssocialnetworking
$include sys:\Blacklists\lwb\blacklists\socialnetworking\ur lssocialnetworking
$include sys:\Blacklists\lwb\blacklists\spyware\domains spyware
$include sys:\Blacklists\lwb\blacklists\updatesites\domains updatesites
$include sys:\Blacklists\lwb\blacklists\updatesites\urls updatesites
$include sys:\Blacklists\lwb\blacklists\violence\domains violence
$include sys:\Blacklists\lwb\blacklists\violence\urls violence
$include sys:\Blacklists\lwb\blacklists\virusinfected\domai nsvirusinfected
$include sys:\Blacklists\lwb\blacklists\virusinfected\urlsv irusinfected
$include sys:\Blacklists\lwb\blacklists\warez\domains warez
$include sys:\Blacklists\lwb\blacklists\warez\urls warez
$include sys:\Blacklists\lwb\blacklists\weapons\domains weapons
$include sys:\Blacklists\lwb\blacklists\weapons\urls weapons
$include sys:\Blacklists\lwb\blacklists\webmail\domains mail
$include sys:\Blacklists\lwb\blacklists\webmail\urls mail
$include sys:\blacklists\mesd\blacklists\ads\domains ads
$include sys:\blacklists\mesd\blacklists\ads\urls ads
$include sys:\blacklists\mesd\blacklists\aggressive\domains aggressive
$include sys:\blacklists\mesd\blacklists\aggressive\urls aggressive
$include sys:\blacklists\mesd\blacklists\audio-video\domainsaudio-video
$include sys:\blacklists\mesd\blacklists\audio-video\urls audio-video
$include sys:\blacklists\mesd\blacklists\drugs\domains drugs
$include sys:\blacklists\mesd\blacklists\drugs\urls drugs
$include sys:\blacklists\mesd\blacklists\gambling\domains gambling
$include sys:\blacklists\mesd\blacklists\gambling\urls gambling
$include sys:\blacklists\mesd\blacklists\hacking\domains hacking
$include sys:\blacklists\mesd\blacklists\hacking\urls hacking
$include sys:\blacklists\mesd\blacklists\mail\domains mail
$include sys:\blacklists\mesd\blacklists\porn\domains porn
$include sys:\blacklists\mesd\blacklists\porn\urls porn
$include sys:\blacklists\mesd\blacklists\proxy\domains proxy
$include sys:\blacklists\mesd\blacklists\proxy\urls proxy
$include sys:\blacklists\mesd\blacklists\redirector\domains redirector
$include sys:\blacklists\mesd\blacklists\redirector\urls redirector
$include sys:\blacklists\mesd\blacklists\spyware\domains spyware
$include sys:\blacklists\mesd\blacklists\spyware\urls spyware
$include sys:\blacklists\mesd\blacklists\suspect\domains suspect
$include sys:\blacklists\mesd\blacklists\suspect\urls suspect
$include sys:\blacklists\mesd\blacklists\violence\domains violence
$include sys:\blacklists\mesd\blacklists\violence\urls violence
$include sys:\blacklists\mesd\blacklists\warez\domains warez
$include sys:\blacklists\mesd\blacklists\warez\urls warez
LinkWall server console screen after loading linkwall.ncf:
LinkWall by Connectotel - Version 3.11.0
Copyright (c) 2003-2007 Connectotel
LinkWall: The documentation is at sys:etc\linkwall\linkwall.pdf
LinkWall: The site list is at sys:etc\linkwall\linkwall.lst
LinkWall: Licensed to Northwest High School (School)
LinkWall: Registered with BorderManager (64)
LinkWall: Currently checking 1456639 entries
LinkWall: Currently excluding 61 entries
LinkWall: Log level 2 of 2 (1 = file, 2 = file and screen)
LinkWall: Log location logs:linkwall\lw080402.log
LinkWall: Loaded in category mode
LinkWall: Using 62 categories
LinkWall: Running in DENY mode
10.16.17.121 - hsstu.Students.HS.NSD [02/Apr/2008:10:04:42 +0000] "GEThttp://ww
w.hustler.com/ HTTP/1.0" 403 0
10.16.17.121 - hsstu.Students.HS.NSD [02/Apr/2008:10:05:03 +0000] "GEThttp://ww
w.penthouse.com/ HTTP/1.0" 403 0
10.16.17.121 - hsstu.Students.HS.NSD [02/Apr/2008:10:05:10 +0000] "GEThttp://a2
10.16.17.121 - hsstu.Students.HS.NSD [02/Apr/2008:10:05:19 +0000] "GEThttp://ww
w.ultrapasswords.com/ HTTP/1.0" 403 0-- mtucker_nsd------------------------------------------------------------------------mtucker_nsd's Profile: http://forums.novell.com/member.php?userid=11431View this thread: http://forums.novell.com/showthread.php?t=322445 -
The platform we are using is Iplanet 5.1 running on Solaris 8 with Sun 280R dual processor 900Mhz with 4GB ram
Are you using replication? If so, this may be due to the fact that the database is now full of tombstone entries. So, how do you get rid of the tombstone entries? That depends on your update rate and the number of servers you replicate to, plus how painful it is to reinitialize all of the consumers.
If your tombstone purging is too aggressive, you risk losing state information you need during update resolution.
If you don't care about any of this, the easiest thing to do is to export your database then reimport. After this, you will have to reinitialize the other servers as well.
Maybe you are looking for
-
HELP!! can't open raw files in photoshop ver 12.1- new 5D mark iii camera
I have photoshop creative suite version 12.1 - just bought a new mark iii camera and my raw files won't open in my photoshop version....what can i do??
-
Facetime and iMessage not working after upgrade to Mountain Lion
Was running Messages (beta) and Facetime on my Macbook Pro with Lion. I used both Facetime and sent iMessages through the Messages client, and they were both working 100%. Today I upgraded from Lion (latest version) to Mountain Lion. All is working
-
Auto buttons not working as expected
The auto keyframe and motion buttons did not add keyframes and 0 and 3secs, as promised by the instructor, making following along and reproducing his results nearly impossible without a lot of trial, error, and frustration. What might be causing this
-
Pdf files wil not open under Windows Live Mail
PDF Files will not open in WIndows Live Mail. I deinstalled Adobe Reader and reinstalled a more recent version but to no avail. It will open very well using WIndows explorer or when opening the reader. Any clues someone?
-
Hi, my problem is that appeared an error creating the body package: Compilation errors for PACKAGE BODY PNENGS.IVR_1A Error: PLS-00323: subprogram or cursor 'BUSQUEDA_IVR' is declared in a package specification and must be defined in the package body