Oracle Linux and Windows Active Directory

I am looking for a good article on joining an Oracle Linux server to a Windows Active directory domain.
We are primarily a Windows shop but need to bring up a couple of Oracle Linux servers (VM Server and VM Manager). I would like to use the existing Windows domain controller for user authentication.

I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
Perhaps the following links are useful:
http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
http://www.linuxmail.info/active-directory-integration-samba-centos-5/
http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

Similar Messages

  • Oracle database and Windows Active directory authentication

    Hello,
    Our developers have created a couple of web apps which look at our oracle database. Presently they use the APPS user and the user/password is hard coded into the config files.
    Is it possible to authenticate these using Windows Active Directory instead? Is it possible to use AD authentication for all developer access to the database?
    I'm trying to research this on the web but getting very confused. Would a lot of work be involved to get this up and running?
    Is anyone able to offer and advise?
    Thank you very much
    Sarah

    I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
    Perhaps the following links are useful:
    http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
    http://www.linuxmail.info/active-directory-integration-samba-centos-5/
    http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

  • Oracle account and microsoft active directory password synchronisation

    Hi
    We are migrating our application to use windows active directory authentication. We have separate oracle account for
    each logged in user in the application, and these oracle credentials have to be the same as the windows active directory
    credentials.
    Also, a password change on windows Active directory should change the oracle account password.
    Is there a tool available to manage and synchronize the microsoft active directory and oracle account.
    We use oracle 10g and application is hosted on Windows 2008 server.
    Thanks
    Karthik

    There's an OOTB connector for Password Synch between AD -> OIM. Please use that.
    http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
    For password synch, OIM- AD/Oracle, you can use triggers.
    Enabling update for provisioned user in OIM11g

  • Crystal Reports and Windows Active Directory

    Hi,
    I am trying to authenticate using the Windows Active Directory. I have created a test group in the Active directory and added myself as a member to that group. On the Crystal reports server side, I have enabled the Windows Active Directory. I can see the group that I created on the Active Directory. But I do not see any users. I have a Java infoview and I changed the web.xml file. I changed the authentication parameter to secWinAD. But does anyone know how to restart the web application server? I restarted the service Intelligent Agent. But when I login using my user id and password it still gives me the same error:
    Account Information Not Recognized: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
    Any help will be appreciated.
    Thanks.

    Infoview doesn't even need to be restarted.
    You said "I have a Java infoview and I changed the web.xml file" in your original post
    If you have .net IIS then it would be a web.config file that needs to be changed. IIS will pick up the changes as soon as you save the file and open an infoview logon page. you may also opt to set authentication.visible to true so users will have the ability to select AD when logging in.
    Regards,
    Tim

  • Oracle context and MS Active Directory

    Hello,
    I have one pc with Windows Server 2003 and Oracle 10g r2
    When I add a user from my Active Directory in the External OS Users of the Oracle Managed Object (via mmc), I get this error:
    ORA-30041: Cannot grant quota on the tablespace
    And when I try to connect with this user (Active Directory user) to isqlplus, I get another error:
    ORA-28030: Server encountered problems accessing LDAP directory servic
    Someone know how to resolve these errors ?
    Server's Configs
    Active directory name: cyclops.home.com
    Host name: server.cyclops.home.com
    My database name in the Oracle context object of my Active directory: oracle_db
    My Oracle context: “CN=OracleContext,DC=home,DC=com"
    #Ldap.ora
    DEFAULT_ADMIN_CONTEXT = "DC=cyclops,DC=home,DC=com"
    DIRECTORY_SERVER_TYPE = AD
    #Listener.ora
    SID_LIST_LISTENER =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = PLSExtProc)
    (ORACLE_HOME = C:\oracle\product\10.2.0\db_1)
    (PROGRAM = extproc)
    LISTENER =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
    #Sqlnet.ora
    SQLNET.AUTHENTICATION_SERVICES= (NTS)
    NAMES.DIRECTORY_PATH= (LDAP)
    #Tnsnames.ora
    PROJET =
         (DESCRIPTION =
              (ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
              (CONNECT_DATA =
                   (SERVER = DEDICATED)
                   (SERVICE_NAME = oracle_db)
    EXTPROC_CONNECTION_DATA =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
    (CONNECT_DATA =
    (SID = PLSExtProc)
    (PRESENTATION = RO)

    When I use this cmd ldapbind -h cyclops.home.com that works.
    If I log to isqlplus with the system user and do select username from all_users; I can see my Active Directory user.
    I also changed the LDAP_DIRECTORY_ACCESS parameter to PASSWORD (default was SSL) but that changed nothing.
    Maybe the problem is from the Oracle wallet, I did one when I have created the database but I don't know well about it and the use. I think I should have something in my sqlnet.ora file related to the wallet but I don't know how to set.
    I search on internet, some homepages said I should use Oracle Net Manager to set the wallet location but I found nothing in Oracle Net manager for it.

  • SSO on WAS 6.20 (unix) using kerberos and Windows Active Directory (AD)

    Hi Gurus!!
    We are looking for the way to implement the Single Sign On in our R/3 Systems installed on unix of the Active Directory (obviously windows) users using Microsoft Kerberos.
    I'm not able to find a documentation about this arquitecture.
    Can somebody help me?
    Is any documentation related with this topic?
    Did Somwbody configure this kind of SSO?
    Thank you very much in advanced,
    Edorta Ramos

    Ramos,
    I should have made it clearer. When I referred to AS, I was referring to the SAP ABAP AS (e.g. application server). Of course the KDC (e.g. Microsoft Active Directory) has an AS service as well...
    yes, you can Kerberos enable (Kerberize) the SAP ABAP AS and SAP GUI using Kerberos libraries for Windows and AIX. As I mentioned already, since AIX is involved you should consider evaluating and buying SAP certified SNC libraries available from a SAP partner. Your first place to look is in SAP EcoHub (click link at top of this SDN forum to enter EcoHub) and search for SNC or Kerberos.
    You asked about gssapi library - as I have said a few times, there is no gssapi (e.g. SNC library) provided by SAP for UNIX or Linux, so if you are using AIX you need to look elsewhere (e.g. SAP partner) and the SAP partner will also provide the compatible/supported library for the Windows workstations as well so you get a complete solution from the vendor.
    Thanks,
    Tim

  • Weblogic 10.3.3 and Windows Active Directory connection error

    Hi,
    A i am trying to set up Windows AD LDAP realm.
    But the connection is not working. I have already double checked the passwords, user names and host. Everything is correct - but the only thing that i got in the log file is this (with enabled debug):
    <Debug> <JMXCore> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <Invoking method listUsers with (java.lang.String,java.lang.Integer,)>
    <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <list users, user:*,max:1001>
    <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <new LDAP connection to host 192.168.10.253 port 389 use local connection is false>
    <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <created new LDAP connection LDAPConnection { ldapVersion:2 bindDN:""}>
    <Debug> <DiagnosticContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <new localDiagnosticContext for thread [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
    <Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.management.JMXContext, | SOAP)>
    <Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.diagnostics.DiagnosticContext, | MIME_HEADER)>
    <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098144> <BEA-000000> <connection failed netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772 >
    <Error> <Console> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098160> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
         at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3479)
         at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3466)
         at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2251)
         at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
         at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:227)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
         at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
         at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
         at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
         at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
         at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
         at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
         at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
         at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
         at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
         at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
         at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
         at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
         at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
         at $Proxy149.listUsers(Unknown Source)
         at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
         at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
         at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
         at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2121)
         at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
         at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
         at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:159)
         at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:257)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:416)
         at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
         at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
         at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
         at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
         at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:429)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
         at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
         at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
         at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:389)
         at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
         at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:212)
         at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
         at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:253)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
         at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
         at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:131)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: java.lang.reflect.InvocationTargetException
         at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4153)
         at weblogic.security.utils.Pool.newInstance(Pool.java:37)
         at weblogic.security.utils.Pool.getInstance(Pool.java:33)
         at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3474)
         ... 117 more
    Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
         at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
         at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
         at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
         at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
         at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
         at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4130)
         ... 120 more
    >
    could any one know where is the problem or do i need some patch to apply? I am running out of ideas what could be the cause to it.
    Thanks in advance!

    Hi ,
    From the error stack trace I could find the below error.
    Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
    This error occurs if there is a LDAP authentication issue for the user used to bind to Active Directory, the value
    Data 525, refers to user not found error that is used to bind to the Active Directory.
    Make sure you have the correct credentials to connect to the Active Directory.
    You can simplify the test using the LDAP Broswer, which helps you to connect to the LDAP servers.
    A sample usage of LDAP Broswer is given below.
    http://weblogic-wonders.com/weblogic/2010/05/20/connecting-to-weblogic-server-embedded-ldap-using-ldap-browser/
    Note: The LDAP Browsers help us to traverse the LDAP Tree, there are many LDAP Broswers available in the market.
    You can download a sample version of softerra.
    http://www.ldapbrowser.com/download.htm
    You can also refer the below link for details about WebLogic and Active Directory configuration.
    http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
    For more details about different LDAP Issues.
    http://weblogic-wonders.com/weblogic/2010/11/08/common-ldap-server-issues/
    Regards,
    Anandraj
    http://weblogic-wonders.com

  • Portal integration and Windows Active Directory

    Hello experts,
    We have a SAP Netweaver Portal SP14 and the UME is configure in one Active Directory of Windows 2003. The UME is working correctly but the SSL connection between the two system doesn't work.
    We have applied the help in the link:
    "http://help.sap.com/saphelp_nw70/helpdata/en/7d/77fa735e5f47a2a50b5336fd1b5a61/content.htm"
    but we got the error
    "Peer certificate is not trusted or expired".
    The Active Directory server has its own certificate.
    We think that the problem is with the trusted certificate but we have not correct it.
    In active directory server when we access to  https:
    myserverAD:636, we got the error that the page could not be show.
    Thanks in advanced.
    Paco Hernandis.

    >  https:
    myserverAD:636, we got the error that the page could not be show.
    The SAP Help is outdated: MS IE doesn't show those certs any more, as you have found.
    I'm sure there's a better way, but here's how I get that when I need it: install an OLD version of Firefox (I keep the install EXE for Firefox 1.5.0.8 around just for this) because v.2 responds with an error the same as IE. I use Firefox for this (rather than an old version of IE) so that it doesn't clobber my IE config. Since it's an old release there are many security problems: so don't use it for anything else, and uninstall it immediately afterwards.
    http://download.mozilla.org/?product=firefox-1.5.0.8&os=win&lang=en-US

  • CUCM IM & Presence 9.1 and Window Active Directory 2012 R2

    Currently envinronment is
    1.CUCM 9.1
    2.IM & Presence 9.1
    3 AD 2012 R2
    i have configured for Jabber for iPhone 9.6.1 and Window 9.7 and use UDS as service profile.
    Everything working properly unless i can't use AD user for authentication it appear screen as can't locate server. 
    Local user in CUCM can login normally and confirm that all AD configuration in CUCM are configured (LDAP directory, authentication and even in service profile)and i can use AD user to login via CUCM and IMAP user option page which mean LDAP integration should be working fine. but i can't log in via Jabber for iPhone or Window.
    When i look through CUCM IMAP 9.1 document in LDAP integration support list. it not show AD version 2012 so i am not sure it won't work because it not include in support list or not
    This is Problem report from Jabber for iPhone with login user "test". It look like there is network connectivity problem but this client can ping and browse into IMAP correctly
    -- 2014-08-06 16:45:55.343 WARNING [3c12018c] - [JabberWerx][log] [LoginMgr]: ha, invalid HA soap server index:1
    -- 2014-08-06 16:45:55.354 INFO [3c12018c] - [JabberWerx][log] [LoginMgr]: #1, OnStateChanged CLoginStop::OnStateChanged
    -- 2014-08-06 16:45:55.357 INFO [3c12018c] - [JabberWerx][log] [XmppSDK]: CXmppClient::FinalCleanData
    -- 2014-08-06 16:45:55.378 INFO [3c12018c] - [JabberWerx][log] [LoginMgr]: #1, OnStateChanged conn, canceled due to no needs. supposed:0, signning-on:0, signed-on:0
    -- 2014-08-06 16:45:55.379 ERROR [3c12018c] - [JabberWerx][log] [LoginMgr]: #1, Fire_OnError login, OnError, 9
    -- 2014-08-06 16:45:55.380 ERROR [3c12018c] - [JabberWerx][log] [JabberWerxCPP]: JWLoginSink::OnError, lerr:9
    -- 2014-08-06 16:45:55.381 DEBUG [3c12018c] - [imp.service][OnLoginError] Entry
    -- 2014-08-06 16:45:55.382 INFO [3c12018c] - [imp.service][OnLoginError] ****************************************************************
    -- 2014-08-06 16:45:55.384 INFO [3c12018c] - [imp.service][OnLoginError] OnLoginError: (data=0) LERR_CUP_UNREACHABLE <9>:
    -- 2014-08-06 16:45:55.385 INFO [3c12018c] - [imp.service][OnLoginError] ****************************************************************
    -- 2014-08-06 16:45:55.385 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][GetCredentialsImplForService] ScopedLock to protect access to credentialsMap
    -- 2014-08-06 16:45:55.387 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][CreateBlankCredentials] ScopedLock to protect access to credentialsMap
    -- 2014-08-06 16:45:55.387 INFO [3c12018c] - [csf-unified.services.system.CredentialsManager][CreateBlankCredentials] Unable to find credential object associated with the Authentication ID: WebEx - it was not found in the cache. Initialising a blank credentials object
    -- 2014-08-06 16:45:55.388 DEBUG [3c12018c] - [CredentialsImpl][CredentialsImpl] Credentials constructed[authenticatorId=1201;synced=false;username=;password=empty;oAuthToken=empty;rememberMe=false;ssoMode=0;verified=false;userVerified=false]
    -- 2014-08-06 16:45:55.388 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][GetSsoMode] Authenticator [1201] has sso mode set to off
    -- 2014-08-06 16:45:55.392 DEBUG [3c12018c] - [ConfigStoreManager][getValue] key : [WebEx_UseCredentialsFrom] skipLocal : [0]  value: [] success: [false] configStoreName: []
    -- 2014-08-06 16:45:55.393 DEBUG [3c12018c] - [ConfigStoreManager][getValue] key : [1201_UseCredentialsFrom] skipLocal : [0]  value: [] success: [false] configStoreName: []
    -- 2014-08-06 16:45:55.394 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][CheckDeprecatedSyncSettings] No Standard Config Based Sync Key found for WebEx so check for deprecated sync key
    -- 2014-08-06 16:45:55.394 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][CheckDeprecatedSyncSettings] No deprecated config sync key found for WebEx so check for defaults
    -- 2014-08-06 16:45:55.394 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][SetupSyncSettings] Checking defaults for WebEx
    -- 2014-08-06 16:45:55.401 INFO [3c12018c] - [startup-handler][loadConfig] Entering loadConfig
    -- 2014-08-06 16:45:55.401 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][SetupSyncSettings] No default sync found for WebEx
    -- 2014-08-06 16:45:55.401 INFO [3c12018c] - [csf-unified.services.system.CredentialsManager][SetupSyncSettings] No sync settings for WebEx credentials configured
    -- 2014-08-06 16:45:55.403 DEBUG [3c12018c] - [imp.service][LoginErrortoErrorCode] LoginErrortoErrorCode: 9 mapped to: UnableToConnectToTheServer
    -- 2014-08-06 16:45:55.404 DEBUG [3c12018c] - [imp.service][OnLoginError] errCode: UnableToConnectToTheServer
    -- 2014-08-06 16:45:55.406 INFO [3c12018c] - [imp.service][OnSignOn] Entry
    -- 2014-08-06 16:45:55.406 INFO [3c12018c] - [imp.service][OnSignOn] OnSignOn: false
    -- 2014-08-06 16:45:55.407 ERROR [3c12018c] - [imp.service][OnSignOn] OnSignOn failed while in starting state...
    -- 2014-08-06 16:45:55.409 INFO [3c12018c] - [imp.service][OnSignOn] Exit
    -- 2014-08-06 16:45:55.409 DEBUG [7d81000] - [imp.service][waitForSignedOn] Exit
    -- 2014-08-06 16:45:55.409 DEBUG [3c12018c] - [imp.service][OnLoginError] Exit
    -- 2014-08-06 16:45:55.410 DEBUG [7d81000] - [imp.service][performSignOn] Exit
    -- 2014-08-06 16:45:55.410 DEBUG [7d81000] - [imp.service][performActions] performed call to signedOn: success: false
    -- 2014-08-06 16:45:55.411 ERROR [7d81000] - [imp.service][performActions] Unable to login. SignOn Command Failed...
    i also have RTMT for ClientProfileAgent, XCP Connection manager, XCP router, tomcatsecuritylog. If anyone want these please let me know

    This issue has been solved!
    The root cause was compatibility problem between CUCM 9.1 and AD 2012. We need to upgrade CUCM and IM and Presence to version 10.5 to solve this issue.
    Many thanks TAC engineer name Tapan Dutt for solved this issue
    Have a nice day!!

  • ACS 3.2 for Windows and Windows Active Directory.

    I'm using a member W2K server to run ACS 3.2.
    I'm using ACS and Windows group mapping but my users always go into default group.
    Why?
    Thanks.
    Andrea.

    I'm assuming your ACS \DEFAULT domain has NT Groups mapped to . Use a new Domain Configuration to add your AD and group mappings.
    The group name in ACS must match exactly the same group in AD. ie. If your AD group name is "Engineering" , create a ACS group with exactly the same spelling. Also,avoid certain characters such as @#%&*() in the naming of groups, both in AD and ACS.
    Hope this helps. let us know.
    P

  • Wlc and window active directory

    On the client side "user Credentials", I set "Use Windows logon" to autenticate. Here is my problem, upon boot no drives are mapped so I am assuming windwows is booting before authenication takes place. How can I resolve this? Thanks

    The problem is that unless you are authenticating the machine to AD as well, then when you log onto the laptop, you are using
    cached domain credentials and then the user is authenticating to the wireless.  In order for login scripts, group policy changes, etc to work, the machine must authenticate to the wireless so it is on the domain.  Then when you log onto the laptop, you are logging into the domain, just like with a wired PC.  So what you need to use is a wireless suplicant like WZC or CSSC that integrates into the msgina of the OS that allows authentication before login.  With the WZC, you will see an option to "authenticate as computer when computer information is available" on the Authentication tab of your wireless profile. Check out step 9 of the Client configuration section of this document  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml#t31.
    Your RADIUS server would also need to allow computers to authenticate.
    Thanks,
    Lee

  • OAM and MS Active Directory Integration on Non-Windows Server envrionment

    I will start by saying that I am dealing with a heterogeneous environment here where multiple systems are run by different levels of management. Our Oracle systems chose to go all *nix (Oracle Solaris and Red Hat Linux) and hence we do not have a single Windows Server in our Oracle services area and would really like to keep it that way as we prefer to keep a uniform platform across our Oracle servers.  However, the desktop side of our department has chosen to use Microsoft Active Directory and now we wish to integrate and perform authentication against it for our OAM protected sites.  We are in the initial setup phase but we have no desire to implement a critical server such as OAM on the Windows platform and would rather tie OAM running on a Red Hat Linux server to Active Directory.  We will also be using OID as we run Portal but do not want to use it as our authentication authority for Oracle Products (local policy is that Active Directory is the only valid credential authority on site as we are moving to true Single Sign On across our desktops and web applications).  I have a few questions.
    1. Can it be done natively or would we have to run the Windows version of OAM?
    2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth?
    3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?

    Hi David,
    Answers in-line
    1. Can it be done natively or would we have to run the Windows version of OAM?
    You can run all of the OAM Servers on *nix, and simply point to AD as an OAM data source on the machine:port that AD is running on. There is no need for the OAM components to be on Windows.
    2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth
    As above, this is not necessary.
    3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?
    Yes, this is entirely possible. Even though it is not necessary in your situation, it often provides more flexibility to front-end the user store with OVD, for example when adding/renaming Windows domains, or specifying specific branches for users and so on.
    Regards,
    Colin

  • Oracle DB sessions on Linux and Windows

    Actually I am confused the way session memory is allocated on 32 bit windows and linux OS.
    Windows is a thread based architecture where all user sessions are treated as threads of oracle.exe process. The addressable space is 4GB and oracle.exe can use up to 3GB in case you use /3GB switch in boot.ini file. It means that combined size of SGA ,PGA and other memory structures can not be more than 3GB. When a session gets connected with a database a PGA is allocated. It means that memory required by database sessions also comes from the 3GB limit. If your memory usage goes beyond 3GB you wont be able to connect new sessions with database or you would require to reduce the size of one of your SGA components.
    Linux is a process based architecture where each user session is treated as a separate process and has its own addressable space. Even on 32bit linux the addressable space is 4GB i.e. 2GB for process and 2GB for kernel. It means we need to accommodate our SGA and PGA in the 2GB limit (there are ways to increase the size of SGA but let assume we are doing nothing to raise the 2GB limit).
    As PGA is allocated for every session when it connects with database.
    My question is how PGA memory is allocated against a database session on linux.
    To further clarify my question I am stating the results of an experiment that I did on linux and windows.
    On windows I set the total size of SGA to 1730M and PGA aggregate target to 1024M. I was able to able to startup the database instance without any issue. Then I started connecting sessions with the database and even ran a query doing a heavy sort in one of the sessions but after connecting 10 sessions with DB I started getting ORA-12500 TNS Listener failed to start a dedicated server process error on windows.
    Then I did the same experiment on Red Hat Linux. SGA size was 1633MB and where as PGA aggregate target was only 10MB. I was unable to start instance when I set the SGA size more than 1633MB.
    With that setting I was able to connect more than 200 sessions with database inspite of running query doing heavy sort in 4 sessions without getting ORA-12500 error. I was even able to connect more than 400 sessions with database after setting PGA aggregate target to 1GB on Linux.
    Now my confusion is why linux was able to handle more DB sessions. I know it’s a process base model and each session is a separate process and has its own addressable space but as PGA is allocated against every session and PGA memory comes from 2GB limit then why PGA memory did not exhaust on linux. Is PGA allocated differently on linux as compared to windows?

    Perhaps the problem is easier to understand if you leave PGA_AGGREGATE_TARGET out of this issue completely.
    The out of memory problem you had, has nothing to do with PGA_AGGREGATE_TARGET setting directly. The difference in number of processes comes from architectural differences in how Oracle uses memory in windows vs unix.
    On windows the SGA + ALL PGAs must fit into one 4GB address space (in practice even smaller as youve noticed). This is because there's only one process, oracle.exe. One process = one address space.
    On Unix, you have many processes and every process can use portion of their own address space for PGA.
    So, on windows (32bit) you run out of address space for the single oracle.exe process. On unix you dont hit this limit just because the number of processes grows (but if some process wants to use a lot of PGA memory, then they eventually run out of address space (talking about 32bit again))
    On unix you probably ran into another limit - amount of total usable virtual memory (RAM+swap) available in your system
    Tanel Poder
    http://blog.tanelpoder.com

  • Oracle Enterprise User, OVD and MS Active Directory (AD)

    Hi,
    I need to authenticate Oracle Users from MS Active Directory.
    If I create an Oracle Enterprise User, can I just use OVD or do I need also OID ?
    If the answer is YES, I just need OVD do I need just to install OVD or do I need any other installation from OIM in order for it to work?
    Thanks in advance for answering this post : )
    CMT

    Hi,
    I am not sure that you are correct.
    In the meantime, some one mentioned a white paper to read: "Directory Services Integration with Database Enterprise User Secuirty. In page 10 it mentions a scenario: EUS deployment using Active Directory and OVD
    (without OID).
    The cons mentioned are: Need to extend AD schema to include EUS meta-data (which I am not sure how its done).

  • Windows Active Directory 2008 And Java

    Hi,
    I need to do the following.
    1. Integrate my application's authentication module with Microsoft Windows Active Directory (Server 2008 Edition).
    2. Need to use Kerberos authentication.
    Can you please let me know what api can I use? Is there a good tutorial for this ?
    Regards,
    Pradeep.
    Edited by: user10502962 on Oct 9, 2011 12:51 AM

    Finally managed to resolve the problem.
    I tried to do a lot of things reading forums. But this is what worked.
    1. create a key store using $ keytool -genkey -keystore /home/rohan/mystore -keysize 1024 -keyalg RSA --- created "mystore" key store. From the cert file I got the information on RSA and encryption of 1024 bits.
    2. import the certificate the keystore - $ keytool -import -keystore /home/rohan/mystore -alias primarydc -file DC2K8.cer
    3. In the code just added these lines
    env.put(Context.PROVIDER_URL, "ldap://myldapserver:389"); // Port 389 on Windows Domain Controller
    String keystore = "/home/rohan/mystore";
    System.setProperty("javax.net.ssl.trustStore",keystore);
    System.setProperty("javax.net.ssl.keyStorePassword","password");
    4. Change of Password (code provided by stevead )
    StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
                   tls.negotiate();
                   ModificationItem[] mods = new ModificationItem[2];
    String newQuotedPassword = "\""+password+"\"";
                   byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
                   mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
                   mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD)));
                   ctx.modifyAttributes(userName, mods);
    Useful links
    http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
    http://blog.smartkey.co.uk/2010/09/working-around-a-sslhandshakeexception/
    http://www.thinkplexx.com/learn/howto/security/tools/understanding-java-keytool-working-with-crt-files-fixing-certificate-problems
    Thanks to stevead and handat for helping.
    Rohan

Maybe you are looking for