XI 3.1 Client Tools and LDAP Authentication

I have Business Objects XI 3.1 SP2 installed.  For the web clients (InfoView) single sign on and LDAP authentication are working correctly.  However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
[repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?

Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
Take a look at note 1272536 (http://service.sap.com/notes)
Regards,
Stratos

Similar Messages

  • Solaris 10 and LDAP Authentication

    Were trying to use LDAP authentication with Solaris 10 accounts and Sun One Java Systems Directory Server 5.2, where there won't be no /etc/passwd or /etc/group user entries, ( only entries for system accounts). The Sun One Java Systems Directory Server 5.2 is on a separate machine from the accounts. Both machines are using Solaris 10.
    I first ran the "idsconfig" utility to setup the VLV indexes, but I received an error on the "automountKey" when it was doing the index processing. It showed that the index processing had failed. All the other indexes were configured successfully. What would cause this?
    My next step is initializing the LDAP Client . Then configure the pam.conf file to use pam_ldap. Finally import all the users into LDAP with the required ObjectClasses and attributes for the authentication process, (posixAccount, shadowAccounts etc.). This also includes adding the automount entries into LDAP, which I'm really not sure how to do that. All of our users paths will be under /export/home/username.
    I'am missing any steps?
    Doese anyone have a step by step guide to use LDAP authentication for Solaris 10 accounts, where LDAP will manage the groups, passwords, automounts for each user?
    Message was edited by:
    automount
    Message was edited by:
    automount

    You may follow:
    http://web.singnet.com.sg/~garyttt/
    http://projects.alkaloid.net/content/view/15/26/
    http://blogs.sun.com/roller/resources/raja/ldap-psd.html
    http://jnester.lunarpages.com/howtos/solaris/howToSolarisLDAPAuth.html
    http://www.thebergerbits.com/unix.shtml
    http://blogs.sun.com/roller/page/baban?entry=steps_to_setup_ssl_using (SSL/TLS steps)
    http://blogs.sun.com/roller/page/rohanpinto?entry=nis_to_ldap_migration_guide (NIS to LDAP migration)
    http://blogs.sun.com/roller/page/anupcs?entry=ldap_related_documentation_at_sun
    (LDAP related docs)
    Gary

  • SSL and LDAP authentication

    I have installed Iplanet dirserver (5.1 sp1) on Solaris 8. I have Solaris 8 clients which should authenticate every user ssh connections with this ldap server.
    I have done everything as described in LDAP setup and Configuration Guide (found that in sun.com website) and everything works fine if i don't use SSL.
    What should i do to make SSL work?
    I have installed ssl ceritficates etc. and when i make dir server to use ssl it works fine with iplanet console (in access log it says SSL connection) But i can't get it work from my clients.
    My default port is 5001 and i have set ssl port to 5002 but everytime that i change client profile (and configuring client with ldapclient command) to use port 5002, authentication don't work anymore. Actually that ldapclient command doesn't work either. I can see in access log that client tries to take SSL connection, but server doesn't respond to it.
    Can anyone help me on this?
    Jani

    I recently setup an iDS5.1 LDAP server as a naming service to a couple Solaris 9 clients. You must use the default SSL port (636), see http://docs.sun.com/db/doc/806-4077/6jd6blbdd?a=view .
    In my case, I used a self-signed cert on the Server. I then copied the cert7.db, key3.db and secmod.db files from the server to the /var/dlap directory on the clients. The files you want from the server are in the SERVER_ROOT/alias directory. Specifically, the slapd-id-cert7.db and slapd-id-key3.db are the ones you want. Where id is the slapd server instance name, typically the host name of the computer.
    HTH,
    Roger S.

  • Change SAP BI Password from BO Client Tools / Infoview, SAP Authentication

    Hi,
    We are using SAP BI BO Integration Kit (BO XI 3.1, SAP BI 7.0) & able to use SAP BI Queries with WebI, Xcelsius etc.
    For a user group, we would be providing only Infoview access (using SAP Authentication). This means we would not want to install any BO Client Tools, SAP GUI or SAP Integration Kit Client, on user desktop.
    We are faced with a issue - How does the user change password from Infoview (this is an SAP BI User ID used to login from Infoview).
    Initial Password of SAP BI User cannot be changed from Infoview, since it doesnot prompt for changing the Initial Password.
    Any ideas how to handle this situation.
    regards,
    Rajesh K Sarin

    Hi Erwin,
    no. Also within BI4 you are not able to change your SAP password.
    The Workaroung of Ingo is very suitable using SAP GUI for HTML.
    You can vote this idea on idea place:
    https://ideaplace.brightidea.com/ct/ct_a_view_idea.bix?c=BB5523E4-062F-4420-B35F-0B1F0D4769A9&idea_id=CBAD2E43-C21E-4809-A0B0-CFD3B9551A41#
    Regards
    -Seb.

  • Weblogic Server 10.3.0 and LDAP authentication Issue

    Hi - I have configured my WebLogic Server 10.3.0 for LDAP authentication (OID = 10.1.4.3.0) and so far the authentication works fine but I am having issue in terms of authorization.
    I am not able to access the default web logic administrator console app using any of the LDAP user, getting Forbiden message.
    It appears to me that the Weblogic Server is not pulling out the proper groups from the LDAP where user belongs too.
    Can anyone please point me towards the right direction to get this resolved.
    Thanks,
    STEPS
    Here are my steps I have followed:
    - Created a group called Administrators in OID.
    - Created a test user call uid=myadmin in the OID and assigned the above group to this user.
    - Added a new Authentication Provider to the Weblogic and configured it what is required to communicate with OID (the config.xml file snipet is below)
    <sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
    <sec:name>OIDAuthentication</sec:name>
    <sec:control-flag>SUFFICIENT</sec:control-flag>
    <wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
    <wls:host>pmpdeva-idm.ncr.pwgsc.gc.ca</wls:host>
    <wls:port>1389</wls:port>
    <wls:principal>cn=orcladmin</wls:principal>
    <wls:user-base-dn>ou=AppAdmins, o=gc, c=ca</wls:user-base-dn>
    <wls:credential-encrypted>removed from here</wls:credential-encrypted>
    <wls:group-base-dn>ou=IDM, ou=ServiceAccounts, o=gc, c=ca</wls:group-base-dn>
    </sec:authentication-provider>
    - Marked the default authentication provider as sufficient as well.
    - Re-ordered the authentication provide such that the OIDauthentication is first in the list and default one is the last.
    - Looking at the log file I see there are no groups returned for this user and that is the problem in my opinion.
    <LDAP Atn Login username: myadmin>
    <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
    <authenticate user:myadmin>
    <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
    <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
    <authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
    <authentication succeeded>
    <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
    <LDAP Atn Authenticated User myadmin>
    <List groups that member: myadmin belongs to>
    <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
    <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
    <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
    *<search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>*
    *<Result has more elements: false>*
    <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
    <login succeeded for username myadmin>
    - I see the XACML RoleMapper getRoles() only returning the Anonymous role as oppose to Admin (because the OID user is a part of Administrators group in OID then it should be returning Admin as fars I can tell. Here is the log entry that shows that:
    <XACML RoleMapper getRoles(): returning roles Anonymous>
    - I did a ldap search and I found no issues in getting the results back:
    C:\>ldapsearch -h localhost -p 1389 -b"ou=IDM, ou=ServiceAccounts, o=gc, c=ca" -D cn=orcladmin -w "removed from here" (uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupOfUniqueNames)
    cn=Administrators,ou=IDM,ou=ServiceAccounts,o=gc,c=ca
    objectclass=groupOfUniqueNames
    objectclass=orclGroup
    objectclass=top
    END
    Here are the log entries:
    <1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
    <1291668685624> <BEA-000000> <LDAP Atn Login>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will use NameCallback to retrieve name>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle got username from callbacks[0], UserName=myadmin>
    <1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
    <1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection { ldapVersion:2 bindDN:""}>
    <1291668685624> <BEA-000000> <authenticate user:myadmin>
    <1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
    <1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
    <1291668685624> <BEA-000000> <returnConnection conn:LDAPConnection { ldapVersion:2 bindDN:""}>
    <1291668685624> <BEA-000000> <[Security:090302]Authentication Failed: User myadmin denied>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize LoginModuleClassName=weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize ClassLoader=java.net.URLClassLoader@facf0b>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize created delegate login module>
    <1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
    <1291668685624> <BEA-000000> <LDAP Atn Login>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
    <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle did not get username from a callback>
    <1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
    <1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
    <1291668685624> <BEA-000000> <authenticate user:myadmin>
    <1291668685624> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
    <1291668685671> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
    <1291668685671> <BEA-000000> <authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
    <1291668685671> <BEA-000000> <authentication succeeded>
    <1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
    <1291668685686> <BEA-000000> <LDAP Atn Authenticated User myadmin>
    <1291668685686> <BEA-000000> <List groups that member: myadmin belongs to>
    <1291668685686> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
    <1291668685686> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
    <1291668685686> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
    <1291668685686> <BEA-000000> <search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>
    <1291668685686> <BEA-000000> <Result has more elements: false>
    <1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
    <1291668685686> <BEA-000000> <login succeeded for username myadmin>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login delegated, returning true>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
    <1291668685686> <BEA-000000> <LDAP Atn Commit>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning false>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
    <1291668685686> <BEA-000000> <LDAP Atn Commit>
    <1291668685686> <BEA-000000> <LDAP Atn Principals Added>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning true>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login logged in>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login subject=Subject:
         Principal: myadmin
    >
    <1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSIdentityServiceImpl.getIdentityFromSubject Subject: 1
         Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
    >
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principals)>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) Principal=myadmin>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator handles this PrincipalClass>
    <1291668685686> <BEA-000000> <Signed WLS principal myadmin>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator signed the principal>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) All required PrincipalValidators signed this PrincipalClass, returning true>
    <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login identity=Subject: 1
         Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
    >
    <1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate authenticate succeeded for user myadmin, Identity=Subject: 1
         Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
    >
    <1291668685686> <BEA-000000> <weblogic.security.service.internal.UserLockoutServiceImpl$ServiceImpl.isLocked(myadmin)>
    <1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate login succeeded and myadmin was not previously locked out>
    <1291668685702> <BEA-000000> <Using Common RoleMappingService>
    <1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity>
    <1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity will use common security service>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals)>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) Principal=myadmin>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator handles this PrincipalClass>
    <1291668685702> <BEA-000000> <Validate WLS principal myadmin returns true>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator said the principal is valid>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) One or more PrincipalValidators handled this PrincipalClass, returning true>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals) validated all principals>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Identity=Subject: 1
         Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
    >
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
    <1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): input arguments:>
    <1291668685702> <BEA-000000> <     Subject: 1
         Principal = weblogic.security.principal.WLSUserImpl("myadmin")
    >
    <1291668685702> <BEA-000000> <     Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*, httpMethod=GET>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*, httpMethod=GET>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp, httpMethod=GET>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/, httpMethod=GET>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console>
    <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp>
    <1291668685702> <BEA-000000> <     Parent: type=<app>, application=consoleapp>
    <1291668685702> <BEA-000000> <     Parent: type=<url>>
    <1291668685702> <BEA-000000> <     Parent: null>
    <1291668685702> <BEA-000000> <     Context Handler: >
    <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
    <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AdminChannelUsers,[everyone,users]) -> false>
    <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
    <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AdminChannelUser:, 1.0 evaluates to Deny>
    <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AdminChannelUser: DENIED>
    <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
    <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AppTesters,[everyone,users]) -> false>
    <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
    <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AppTester:, 1.0 evaluates to Deny>
    <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AppTester: DENIED>
    <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
    <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(everyone,[everyone,users]) -> true>
    <1291668685702> <BEA-000000> <primary-rule evaluates to Permit>
    <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Anonymous:, 1.0 evaluates to Permit>
    <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Anonymous: GRANTED>
    <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
    <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Monitors,[everyone,users]) -> false>
    <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
    <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Monitor:, 1.0 evaluates to Deny>
    <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Monitor: DENIED>
    <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
    <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Operators,[everyone,users]) -> false>
    <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
    <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Operator:, 1.0 evaluates to Deny>
    <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Operator: DENIED>
    <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
    <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(CrossDomainConnectors,[everyone,users]) -> false>
    <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
    <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:CrossDomainConnector:, 1.0 evaluates to Deny>
    <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role CrossDomainConnector: DENIED>
    <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
    <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Deployers,[everyone,users]) -> false>
    <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
    <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Deployer:, 1.0 evaluates to Deny>
    <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Deployer: DENIED>
    <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, SC=null, Value=[everyone,users]>
    <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Administrators,[everyone,users]) -> false>
    <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
    <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Admin:, 1.0 evaluates to Deny>
    <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Admin: DENIED>
    <1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): returning roles Anonymous>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles returning [ "Anonymous" ]>
    <1291668685702> <BEA-000000> <AuthorizationManager will use common security for ATZ>
    <1291668685702> <BEA-000000> <weblogic.security.service.WLSAuthorizationServiceWrapper.isAccessAllowed>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Identity=Subject: 1
         Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
    >
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Roles=[ "Anonymous" ]>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Direction=ONCE>
    <1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
    <1291668685702> <BEA-000000> <     Subject: 1
         Principal = weblogic.security.principal.WLSUserImpl("myadmin")
    >
    <1291668685702> <BEA-000000> <     Roles:Anonymous>
    <1291668685702> <BEA-000000> <     Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
    <1291668685702> <BEA-000000> <     Direction: ONCE>
    <1291668685702> <BEA-000000> <     Context Handler: >
    <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:role, SC=null, Value=Anonymous>
    <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of([Admin,Operator,Deployer,Monitor],Anonymous) -> false>
    <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
    <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U, 1.0 evaluates to Deny>
    <1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): returning DENY>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed AccessDecision returned DENY>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Results=[ DENY ]>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
    <1291668685702> <BEA-000000> <DefaultAdjudicatorImpl.adjudicate results: DENY >
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Adjudictor returned false, returning that value>
    <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed returning adjudicated: false>

    Okay Finally the issue is resolved. Here is the findings to help others in case they ran into the same issue.
    The OID version that we are using is not returning the groups the way Weblogic is building the ldapsearch command. We captured the ldap traffic to go deeper and noticed the filters and attributes list that wls was asking. For example, the filter was like:
    "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" cn
    its was the "cn" attribute that was causing the result set to be empty.
    from a command line we tried
    "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" uniquemember
    and got the results back.
    Then we start looking into OID configuration and one of my coworker pointed me towards the orclinmemfiltprocess attributes in cn=dsaconfig entry and told me that they had lot of issues in the past in relation to this attribute.
    So as a test we removed the groupofuniquenames objectclass from the orclinmemfiltprocess attribute list and bingo it worked!
    Since we needed the groupofuniquenames in this list for performance/other reasons and decided to use a different objectclass for our groups instead i.e. orclGroup.
    Thanks everyone for showing interest on the problem and providing suggestions.

  • Database Table and LDAP Authentication in the same repository?

    I'm wondering if it's possible to authenticate through database tables for some users and LDAP for other users. I can configure each one separately but I'm curious if anyone has ever successfully done both in the same repository.
    Thanks,
    -Matt

    Another thing to try is this. I don't have an LDAP server here but it worked for me without LDAP. I think it should also work with LDAP as it is the same idea. I don't think there is a way to have a conditional Init Blocks. Also you can't have two init blocks setting the same variable (USER in our case). But what you can do is to have two Init Blocks, one for LDAP authentication and the other one for table authentication. So you could have this scenario:
    1) LDAP "authentication" init block sets custom variable LDAP_USER
    2) Table "authentication" init block sets custom variable TABLE_USER
    3) Final authentication init block (the real one) sets USER variable using something like this:
    SELECT CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
    ELSE ':TABLE_USER'
    END
    FROM DUAL
    WHERE CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
    ELSE ':TABLE_USER'
    END = ':USER'
    Note how I use the CASE statement both to return the user value I want the USER variable to be set and also in the WHERE clause to make sure no rows are returned in case authentication fails (which should return no rows to denote a failed authentication). Obviously you need to set the init block dependancies correctly. I did a quick test with users coming from two separate Oracle tables in 2 init biocks and it worked fine for me. Give it a try and let me know how it goes.

  • DBConsole (DBControl) and LDAP authentication

    Does anyone know if it is possible to use LDAP authentication to login to the DBConsole? I have a user "identified globally as 'cn=username,dn=...'" who can login to the database locally and remotely through SQL*Plus but gets a ORA-01017 when trying to login to the DBConsole.
    Any help greatly appreciated.
    Rgds,
    Barry Winterbottom

    2009-02-25 17:09:22,824 [HTTPThreadGroup-2] ERROR eml.OMSHandshake processFailure.806 - OMSHandshake failed.(AGENT URL = https://nssdrdb01:1830/emd/main)(ERROR = INTERNAL_ERROR)(CAUSE =java.sql.SQLException: Io exception: The Network Adapter could not establish the connection)
    2009-02-25 17:09:22,853 [HTTPThreadGroup-2] WARN jdbc.ConnectionCache _getConnection.352 - Io exception: The Network Adapter could not establish the connection
    2009-02-25 17:09:22,854 [HTTPThreadGroup-2] WARN jdbc.ConnectionCache _getConnection.353 - Got a fatal exeption when getting a connection; Error code = 17002; Cleaning up cache and retrying
    2009-02-25 17:09:22,858 [HTTPThreadGroup-2] ERROR conn.ConnectionService verifyRepositoryEx.887 - Invalid Connection Pool. ERROR = Io exception: The Network Adapter could not establish the connection
    2009-02-25 17:09:22,861 [HTTPThreadGroup-2] WARN jdbc.ConnectionCache _getConnection.352 - Io exception: The Network Adapter could not establish the connection
    2009-02-25 17:09:22,863 [HTTPThreadGroup-2] WARN jdbc.ConnectionCache _getConnection.353 - Got a fatal exeption when getting a connection; Error code = 17002; Cleaning up cache and retrying
    2009-02-25 17:09:22,867 [HTTPThreadGroup-2] ERROR eml.OMSHandshake processFailure.806 - OMSHandshake failed.(AGENT URL = https://nssdrdb01:1830/emd/main)(ERROR = INTERNAL_ERROR)(CAUSE =java.sql.SQLException: Io exception: The Network Adapter could not establish the connection)
    2009-02-25 17:09:26,386 [HTTPThreadGroup-2] WARN jdbc.ConnectionCache _getConnection.352 - Io exception: The Network Adapter could not establish the connection
    2009-02-25 17:09:26,388 [HTTPThreadGroup-2] WARN jdbc.ConnectionCache _getConnection.353 - Got a fatal exeption when getting a connection; Error code = 17002; Cleaning up cache and retrying
    2009-02-25 17:09:26,392 [HTTPThreadGroup-2] ERROR conn.ConnectionService verifyRepositoryEx.887 - Invalid Connection Pool. ERROR = Io exception: The Network Adapter could not establish the connection
    2009-02-25 17:09:26,396 [EMUI_17_09_26_/console/aboutApplication] ERROR svlt.PageHandler handleRequest.639 - java.lang.IllegalStateException: Response has already been committed
    2009-02-25 17:09:26,398 [EMUI_17_09_26_/console/aboutApplication] ERROR em.console doGet.360 - java.lang.IllegalStateException: Response has already been committed, be sure not to write to the OutputStream or to trigger a commit due to any other action before calling this method.
    2009-02-26 00:00:02,633 [JobWorker 381202:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-02-27 00:00:08,800 [JobWorker 383122:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-02-28 00:00:13,778 [JobWorker 385056:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-01 00:00:05,527 [JobWorker 386985:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-02 00:00:04,569 [JobWorker 388914:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-03 00:00:04,854 [JobWorker 390843:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-04 00:00:06,475 [JobWorker 392772:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-05 00:00:16,925 [JobWorker 394701:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-06 00:00:03,966 [JobWorker 396630:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-07 00:00:05,230 [JobWorker 398559:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-08 00:00:07,261 [JobWorker 400488:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-09 00:00:13,081 [JobWorker 402417:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-10 00:00:10,175 [JobWorker 404346:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-11 00:00:04,567 [JobWorker 406275:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-12 00:00:05,993 [JobWorker 408204:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-13 00:00:03,332 [JobWorker 410133:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-14 00:00:10,129 [JobWorker 412062:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-15 00:00:01,753 [JobWorker 413991:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-16 00:00:03,187 [JobWorker 415920:Thread-29] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-16 16:29:02,904 [shutdownThread] WARN jdbc.ConnectionCache _getConnection.352 - Closed Connection: OraclePooledConnection.getConnection() - SQLException Ocurred:Invalid or Stale Connection found in the Connection Cache
    2009-03-16 16:29:02,906 [shutdownThread] WARN jdbc.ConnectionCache _getConnection.353 - Got a fatal exeption when getting a connection; Error code = 17008; Cleaning up cache and retrying
    2009-03-16 16:30:42,529 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIIntg
    2009-03-16 16:30:42,535 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIDownloadIntg
    2009-03-16 16:30:44,381 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.eml.target.slb.common.SLBIntegration
    2009-03-16 16:30:50,683 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.asprov.ui.intg.ASProvisioningIntegration
    2009-03-16 16:30:50,686 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.paf.sample.ui.intg.PAFDemoIntegration
    2009-03-16 16:30:50,823 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.sidb.ui.intg.SIDBProvisioningIntegration
    2009-03-16 16:30:51,219 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.racprov.ui.intg.RACProvIntegration
    2009-03-16 16:30:51,222 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.ec.ui.intg.ExtendClusterIntegration
    2009-03-16 16:30:51,225 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.dn.ui.intg.DltNodeIntegration
    2009-03-16 16:30:51,227 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.common.ui.intg.ProvCommonIntegration
    2009-03-16 16:30:51,230 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.bpelprov.ui.intg.BPELProvisioningIntegration
    2009-03-17 00:00:06,334 [JobWorker 417849:Thread-25] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-18 00:00:10,641 [JobWorker 419778:Thread-25] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-18 11:56:58,339 [EMUI_11_56_58_/console/database/monitoring/archiveFull$target=ADM111.nss.scot.nhs.uk$type=oracle*_database] ERROR perf.space logStackTrace.359 - java.sql.SQLException: Numeric Overflow
    2009-03-19 00:00:02,843 [JobWorker 421707:Thread-25] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-20 00:00:03,388 [JobWorker 423631:Thread-25] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-21 00:00:03,407 [JobWorker 425565:Thread-25] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-22 00:00:06,065 [JobWorker 427494:Thread-25] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-23 00:00:02,580 [JobWorker 429423:Thread-25] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-23 15:37:15,441 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIIntg
    2009-03-23 15:37:15,447 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIDownloadIntg
    2009-03-23 15:37:17,177 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.eml.target.slb.common.SLBIntegration
    2009-03-23 15:37:23,172 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.asprov.ui.intg.ASProvisioningIntegration
    2009-03-23 15:37:23,176 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.paf.sample.ui.intg.PAFDemoIntegration
    2009-03-23 15:37:23,311 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.sidb.ui.intg.SIDBProvisioningIntegration
    2009-03-23 15:37:23,684 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.racprov.ui.intg.RACProvIntegration
    2009-03-23 15:37:23,702 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.ec.ui.intg.ExtendClusterIntegration
    2009-03-23 15:37:23,706 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.dn.ui.intg.DltNodeIntegration
    2009-03-23 15:37:23,708 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.common.ui.intg.ProvCommonIntegration
    2009-03-23 15:37:23,711 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.bpelprov.ui.intg.BPELProvisioningIntegration
    2009-03-23 15:41:18,591 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIIntg
    2009-03-23 15:41:18,596 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIDownloadIntg
    2009-03-23 15:41:19,872 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.eml.target.slb.common.SLBIntegration
    2009-03-23 15:41:24,915 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.asprov.ui.intg.ASProvisioningIntegration
    2009-03-23 15:41:24,918 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.paf.sample.ui.intg.PAFDemoIntegration
    2009-03-23 15:41:24,997 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.sidb.ui.intg.SIDBProvisioningIntegration
    2009-03-23 15:41:25,296 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.racprov.ui.intg.RACProvIntegration
    2009-03-23 15:41:25,299 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.ec.ui.intg.ExtendClusterIntegration
    2009-03-23 15:41:25,301 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.dn.ui.intg.DltNodeIntegration
    2009-03-23 15:41:25,303 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.common.ui.intg.ProvCommonIntegration
    2009-03-23 15:41:25,305 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.bpelprov.ui.intg.BPELProvisioningIntegration
    2009-03-23 15:52:29,116 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIIntg
    2009-03-23 15:52:29,122 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIDownloadIntg
    2009-03-23 15:52:30,750 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.eml.target.slb.common.SLBIntegration
    2009-03-23 15:52:36,541 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.asprov.ui.intg.ASProvisioningIntegration
    2009-03-23 15:52:36,544 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.paf.sample.ui.intg.PAFDemoIntegration
    2009-03-23 15:52:36,629 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.sidb.ui.intg.SIDBProvisioningIntegration
    2009-03-23 15:52:36,973 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.racprov.ui.intg.RACProvIntegration
    2009-03-23 15:52:36,976 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.ec.ui.intg.ExtendClusterIntegration
    2009-03-23 15:52:36,978 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.dn.ui.intg.DltNodeIntegration
    2009-03-23 15:52:36,980 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.common.ui.intg.ProvCommonIntegration
    2009-03-23 15:52:36,982 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.bpelprov.ui.intg.BPELProvisioningIntegration
    2009-03-24 00:00:06,712 [JobWorker 431352:Thread-25] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-24 16:51:58,193 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIIntg
    2009-03-24 16:51:58,202 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.emCLI.CLIDownloadIntg
    2009-03-24 16:51:59,946 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.eml.target.slb.common.SLBIntegration
    2009-03-24 16:52:06,485 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.asprov.ui.intg.ASProvisioningIntegration
    2009-03-24 16:52:06,487 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.paf.sample.ui.intg.PAFDemoIntegration
    2009-03-24 16:52:06,605 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.sidb.ui.intg.SIDBProvisioningIntegration
    2009-03-24 16:52:06,973 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.racprov.ui.intg.RACProvIntegration
    2009-03-24 16:52:06,983 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.ec.ui.intg.ExtendClusterIntegration
    2009-03-24 16:52:06,986 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.dn.ui.intg.DltNodeIntegration
    2009-03-24 16:52:06,989 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.common.ui.intg.ProvCommonIntegration
    2009-03-24 16:52:06,991 [OC4J Launcher] ERROR app.ContextInitializer contextInitialized.422 - Integration Class not found: oracle.sysman.pp.bpelprov.ui.intg.BPELProvisioningIntegration
    2009-03-25 00:00:05,652 [JobWorker 433276:Thread-26] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-26 00:00:02,804 [JobWorker 435194:Thread-26] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.
    2009-03-27 00:00:07,235 [JobWorker 437123:Thread-26] ERROR em.jobs executeCommand.266 - OpatchUpdateLatest: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup to set required parameters.

  • Enabling CLIENT-CERT and FORM authentication in same web-app

    Hi!
    I try to enable same behaviour in WLS 8.1 SP4 as is available in WLS 9.2 (one can define in web.xml to have many <auth-method>s, for example <auth-method>CLIENT-CERT,FORM<auth-method>, which states that first one tries authentication with token (Single Sign On case, for example) and if it is not successful then go to log-in page.
    My steps are as follows in my custom Servlet. We are using IE 6.0 as our web-client. We have configured our auth-method to be FORM, and in the <form-login-page> we have direction to that custom Servlet, which does the handling described below.
    1. If client does not send tokens in request, then set response header:
    response.setHeader("WWW-Authenticate", "Negotiate");
    response.sendError(response.SC_UNAUTHORIZED);
    This works fine and client starts to send his tokens
    2. Now check token, if it is valid, let user in, if not forward him to custom log-in page, for example:
    RequestDispatcher dispatcher = request.getRequestDispatcher("/login/login.html");
    dispatcher.forward(request, response);
    3. Client is forwarded to a log-in page as requested and he gives his credentials. Pushes OK
    log-in page is as defined in edocs:
    <form method="POST" action="j_security_check">
         <table border=1>
              <tr>
                   <td>Username:</td>
                   <td><input type="text" name="j_username"></td>
              </tr>
              <tr>
                   <td>Password:</td>
                   <td><input type="password" name="j_password"></td>
              </tr>
              <tr>
                   <td colspan=2 align=right><input type=submit value="Submit"></td>
              </tr>
         </table>
    </form>
    Now the interesting thing happens (I have investigated TCP traffic at server machine): client (in this case IE) seems to override somehow the credentials (j_password and j_username for HTTP headers, does not send them at all) but keeps on sending this 'Authorize'-field with invalid token instead.
    I have tried a Servlet that does not request WWW-Authenticate at all (in which case client does not start to send 'Authorize'-field). In this case those values are put to HTTP header OK and authentication is able to take place.
    Anyone has any ideas how can I force my clients to send those values from the HTML FORM described above? SHould I set something at response while I do the forward to the custom log-in page. I have tried virtually everything I can imagine (which seems to be not too much :-))...

    Solution found:
    The trick is to return "401" in response if ticket is not valid (do nothing else). This will end the negotiate between client and server
    In your web.xml, forward your 401 code to login page:
    <error-page>
    <error-code>401</error-code>
    <location>/form_login_page.html</location>
    </error-page>
    There might be a more straightforward way to do this (have all the page management within servlet), but I did not have time to investigate it further. This one at least works

  • AIR-WLC2106-K9 and ldap authentication

          Is it possible to authenticate wireless clients using a external openldap server running on CentOS?

    You can do that either with local EAP where LDAP as a backend server OR a web-authentication where LDAP is the backend auth server.

  • Interface creation and LDAP authentication ...

    Hi...All SAP friends,
    i have to work on an interface creation with the following specifications:
    1. SAP Enterprise Portal gives us an URL which contains UserID
    2. You have to create an interface to read the URL,
    3. Connect to LDAP server...from there come to know whether it is external or internal user, meaning if it exist in LDAP it is internal otherwise it is external user
    4. If the user id is internal, interface has to create a file and place it at a particular location & create a webservice for this and expose to EP
    5. if not it should give an alert saying it is an external user id
    Please help me out how to start and what to do..!
    Thank you.

    Hi,
    These are the main steps,
    ***Assume that you know basic of authentication methods and how to define those in Apex
    01. Create a function to authenticate the user
    a. Check on the database whether user is exists
    b. If exists then authenticate that user with LDAP
    c. If user doesnot exists or authenticate failed then return false
    d. If user exists and authentication success then return trueSignature of the function
    FUNCTION <fucntion name> (p_username VARCHAR2, p_password VARCHAR2)
    RETURN BOOLEAN;
    * Makesure that you do both inside the one procedure
    02. Create another function to check the page level authorization(if you need pagelevel verification. But if all users has same permissions on the aplication this is not necessary)
    03. Create a new authentication
    a.Go to Application Builder
    b.Shared Component
    c. Authentication Schemes(under Security)
    d. Click "Create"
    e. Select "From Scratch"
    f. Proceed with the wizard and define "*Page Sentry Function*" (Only when you ahve page level authorization- BAove 2) and "*Authentication Function*"04. Set new authentication schema to current
    a. Goto "*Change Current*" Tab
    b. Sleect the new schema from the list
    c. Click Next and proceed with wizard.
    Thanks,

  • Softwareupdate Tool and Proxy Authentication

    Is there a method for negotiating proxy authentication when using the softwareupdate tool. I may want to to connect to Apple's servers on the internet from time to time.
    Our proxy is a BlueCoat SG800 with software v4.2. It prompts for authentication for port 80 requests.
    Thanks.

    Monday I used softwareupdate tool to get the update list for my eMac.
    This is cool. It asked for permission to use my internet keychain! In a few minutes I got the list and updated my QuickTime.
    This only works in Tiger. Panther will not prompt for authentication.
    So I answered my own question.

  • Continuous Wireless Client Associations and De-authentications

    I have a remote site whose wlan consist of a 2112-WLC and twelve 1142N's.  The issue I am seeing is that several clients will associate continuously   throughout the day.  This does not occur for any specific client or ap.  These multiple associations appear to take place every 5-10 minutes most of the time.  I have 4 other sites using the same wireless network equipment and I do not see this problem.  I have verified the ap signal strengths and verified that the noise and interference levels are ok.  Any assistance provided will be very appreciated.

    Is enable session time out enabled
    WLANS-->ADVANCED-->Look at enable session time out ... what does it say ?

  • Client tools not  authenticating via Windows AD after upgrade to SP4

    We recently upgraded our test environment to SP4 to correct a problem we were having with Windows AD authentication from InfoView.  The upgrade to SP4 and JDK 1.5 solved our InfoView problem, but our client tools (Designer, Desk, Crystal Reports) can no longer login to our test environment using Windows AD authentication.
    The error message we get when trying to connect to the SP4 instance using Designer or Deski  is as follows:
    [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Internal error.(hr=#0x80042a01)
    Enterprise authentication continues to work as normal.  My first thought was that my client tools are at the SP2 level and they are trying to connect to an SP4 instance.  Therefore, I need to upgrade the client tools to the SP4 level as well in order to get Windows AD authentication to work.  Is this correct, and if so what is the proper way to upgrade the client tools to SP4? 
    On the SAP download site you can download the SP4 Full install, but when you run it says to uninstall the existing version first which I haven't tried yet.  Does the SP4 full install give the option to do a client install versus a server install like previous SP2 install?

    While we always recommend matching versions I have rarely seen a problem with client tools and AD using different versions. I think you may have a different issue.
    If your clients were installed from a deski/designer ONLY install then you can use a client version of SP4 that is much smaller. There should also be a server version that can be installed on top of deski/designer+ client tools (this should not require an uninstall). Finally there is an integrated build which includes the full XIR2 product with SP4 built in(it sounds like you downloaded this).
    If SP4 does not resolve I'd suggest opening a message with support and packet scanning the client with netmon or wireshark.
    What's the error you get with crystal using AD? There was a known issue on SP3 client patch that made all clients fail with AD/LDAP.
    Regards,
    Tim

  • Designer takes several minutes for login using LDAP authentication

    We have a issue, when we tried to login to the designer using LDAP authentication it takes several minutes and using enterprise account we are able to login to the designer with in seconds.
    CMC and infoview all are working fine using LDAP authentication.
    We are using BOXIR2,
    FP 1.6.
    Thank You in Advance.
    Thanks & Regards,
    Collin.

    There have been several changes in LDAP since FP 1.6 but if infoview is ok then hopefully you aren't running into any of them. When logging into client tools the LDAP requests are sent to the LDAP server directly from the client. An issue like this would suggest there is a problem reaching the LDAP server from the client.
    Is LDAP SSL being used? If yes try disabling it, if no then you can packet scan the logon attempt on the client and filter the LDAP traffic to see how long it's taking for that communication.
    Regards,
    Tim

  • SAP BI Client tools are not communicating with BO server

    Hi Experts,
    We've recently installed BI 4.1 . We're having few issues:
    1. When client is installed on different machine then it is not communicating with server. We've already tried few things like untick auto assign from Request server and manually assign static port but it didn't work .
    2. Our BO Server is running on AWS Cloud.
    3. Client is communicating when installed on server machine.
    4. Could you please help our how to resolve this error.
    5. CMC and BI launch pad are installed on server side as they're web browser tool and we need to install these on client machine as well. Qns is Do we need to install them or provide just URL link? If just URL like where to get these URL links.
    6. We can't see SAP Lumira and SAP Dashboard on Service market place to install. Where we can find these software on Service maket place?
    7. Could someone please send screenshot to install Dashboard, Lumira, Analysis office and Crystal report enterprise and crystal report 2013.
    8. Do we need to install all these on client machine?
    9. Could you please give me software list which should be installed on client machine?
    10. As i know there is life cycle management tool but it is not even available from server side not even on client side. Could you please recommend how it can be installed??
    Thanks in advance.

    1. When client is installed on different machine then it is not communicating with server. We've already tried few things like untick auto assign from Request server and manually assign static port but it didn't work .
    Could you confirm that you are able to ping the BO server from Client machine. Also use telnet command from commandline of  CMD in client machine. It will help to confirm that port communication is successful. Use ipaddress:cmsport for the system while logging into the client software. Update the hosts file entries at client machine with BO server name and ip address. Create an exception for BO installation location at client machine and check the results
    2. Our BO Server is running on AWS Cloud.
    3. Client is communicating when installed on server machine.
    4. Could you please help our how to resolve this error.
    5. CMC and BI launch pad are installed on server side as they're web browser tool and we need to install these on client machine as well. Qns is Do we need to install them or provide just URL link? If just URL like where to get these URL links.
    Check on the server side first where your web server is installed (I am assuming tomcat in your scenario). Use http://serverame:8080/BOE/BI and http://servername:8080/BOE/CMC (8080 is default port. If it has been changed use the correct port).
    If its working well. Perform the same activity using ipaddress:8080 at server. Next chek whether using the same URL you are able to get BILaunchPad and CMC pages and able to login from the same.
    6. We can't see SAP Lumira and SAP Dashboard on Service market place to install. Where we can find these software on Service maket place (https://service.sap.com)?
    Software and downloads-->Installations and Upgrades
    - D" SBOP DASHBOARDS (XCELSIUS)
    7. Could someone please send screenshot to install Dashboard, Lumira, Analysis office and Crystal report enterprise and crystal report 2013.
    Look into the admin guide for installation pre-requisites. These are available at Analytics Knowledge Center
    We have a drop down for all products. Look for the guide and proceed with the installation.
    8. Do we need to install all these on client machine?
    Dashboard,Lumira,analysis office, CRE and CR2013 are client tools and hence need to be installed on client machine.
    We also have CRS 2013 which is a server software and has to be downloaded from service market place. The li
    9. Could you please give me software list which should be installed on client machine?
    These vary according to user requirements. Check with developers for their softwares needed
    10. As i know there is life cycle management tool but it is not even available from server side not even on client side. Could you please recommend how it can be installed??
    In BI4.1 LCM comes by default. It is a server application. You can find it in CMC named as Promotion management and version management.
    Use the admin guide and installation guide for all of the above. It will help you.

Maybe you are looking for

  • Help with the HOST and START, forms 6i

    Hi i like open to image with de Host and Start in Forms 6i. For example Host('start '||:path||'', NO_SCREEN ); -> is correct if the path is c:\ ... but if the path is more longer with space in white for example C:\Documents and settings ... i put the

  • S10 x86 ZFS on VMWare - Increase root pool?

    I'm running Solaris 10 x86 on VMWare. I need more space in the zfs root pool. I doubled the provisioned space in Hard disk 1, but it is not visible to the VM (format). I tried creating a 2nd HD, but root pool can't have multiple VDEVs. How can I add

  • Problem in date converting into dbFormat()

    Respected Experts, I am get the current date into String vaiable and from this string variable i want to convert into dateformat. For converting to date format i write the .java file. It converts date correctly into format "dd/mm/yyyy" but i want dat

  • How do i get rid of whitesmoke and conduit

    have managed to get rid of conduit but cant get whitesmoke off firefox and causes me not to be able to view movies on direct tv. there is no place to set search provider on whitesmoke actually no tools at all. Have deleted all versions and uninstalle

  • If JSP is an extension to Servlets then in what case is one better than ...

    If JSP is an extension to Servlets then in what case is one better than the other... can someone give me an example?