3rd party LDAP security provider problem

I'm having an issue that when I've deployed my j2ee application to Oracle AS 10g rel3 app server, the security-constraint I've configured in my web.xml file isn't being obeyed, or at least it doesn't appear to be.
As part of the deployment process I've configured a 3rd party LDAP server as the security provider. As for mapping groups to roles, I've set it such that all users and groups should be mapped to the role AuthorisedUser - my intention is that for any protected url's defined in the web.xml, the user should be redirected to a login page as defined in the web.xml file as well (I'm using FORM based authentication in the login-config) - but after they are logged in they will be assigned the role of AuthorisedUser.
The following is being written to the orion-application.xml file
<security-role-mapping name="AuthorisedUser" impliesAll="true" />
What I'm observing is that users aren't being challenged when they hit a secured url-pattern. Is this as a result of the impliesAll="true" attribute ?

I found that the <security-role-mapping> element is not functioning correctly for 10.1.3.4 OC4J LDAP authentication. I saw in the log.xml that I was getting authenticated but it wasn't finding the role-group map.
I changed the role-name in the web.xml to be the exact same thing as the group in LDAP and that fixed that problem.
I know the original poster has gone past this problem, but for people in the future, I hope this helps.
Now my problem is the j_security_check... once I'm authenticated, the browser ends up at http://hostname:port/OrderManagement/j_security_check instead of the application page. Any ideas?
Thanks,
David

Similar Messages

  • Error using 10.1.3 Security Provider:3rd party LDAP or Custom Login Module

    Hello all,
    After deploying my JSF/ADF application using Jdeveloper 10.1.3 to Oracle Application Server 10.1.3, I used the Application Server control to change the 'Security Provider' configuration:
    1. Using 3rd Party LDAP Provider (Novell eDirectory)
    I get the following error when restarting the application with the new config.
    06/06/21 16:42:32 Error while configuring security provider MBean for application AccessList
    06/06/21 16:42:32 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/CustomLDAPSecurityProvider
    2. Using Custom Login Module (again programmatically talks to eDirectory and it works in UIX/10.1.2 application)
    I get the following error when restarting the application with the new config.
    06/06/21 14:31:19 Error while configuring security provider MBean for application AccessList
    06/06/21 14:31:19 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/LoginModuleSecurityProviderAlso, I get this error with both the settings..
    06/06/21 14:31:19 WARNING: Application.setConfig Application: AccessList is in failed state as initialization failedjava.lang.
    InstantiationException
    Jun 21, 2006 2:31:19 PM com.evermind.server.Application setConfig
    WARNING: Application: AccessList is in failed state as initialization failedjava.lang.InstantiationException
    06/06/21 14:31:19 java.lang.InstantiationException
    06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
    06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
    java.lang.ClassNotFoundException error leads me to believe, I am just missing to include some libraries..
    I have included "bc4j.security" in my web project and I am not sure if that is what is needed!
    Will appreciate your help..
    Thanks,
    Karthik

    The problem i had with my Custom login module was that JDeveloper includes the datasources listed in the connection tab.
    When JDeveloper does that it writes the username and password in the jazn-data.xml. But with the Custom Login module the reference in de data-source declaration cannot find the password. that's why i got the InstantiationException at the initDataSources point.
    In tools>preferences>deployment you can uncheck the option:
    Bundle Default data-sources.xml During Deployment.
    The problem with this is when i specify a datasource in the data-sources.xml i included myself, jdeveloper will also put de datasources under the Connections tab in the data-sources.xml.
    Does anyone knows how to stop jdeveloper putting the datasources automatic in the file, or how to prevent jdeveloper storing the password in jazn-data.xml?

  • Map security roles to group within LDAP using external 3rd Party LDAP

    I'm haveing a problem mapping my logical role defined in my web.xml to a role within Active Directory. I'm currently authenticating using Active Directory succsfully, however after the user is authenticated I get a message from the OC4J container that my role can not be found. Can you map a logical role to group within Active Directory? Below are details about my configuration.
    Any help would be greatly appreciated.
    Log.xml log entry that confirms webtA is communicating successfully with AD.
    SG_TEXT>JAAS-LDAPLoginModule: authenticating user wmgraham</MSG_TEXT>
    </PAYLOAD>
    </MESSAGE>
    <MESSAGE>
    <HEADER>
    </CORRELATION_DATA>
    <PAYLOAD>
    <MSG_TEXT>JAAS-LDAPLoginModule: DN for user wmgraham is cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi</MSG_TEXT>
    </PAYLOAD>
    </MESSAGE>
    <MESSAGE>
    <HEADER>
    Error reported in the log
    <MESSAGE>
    <HEADER>
    <TSTZ_ORIGINATING>2008-08-27T11:38:05.991-04:00</TSTZ_ORIGINATING>
    <COMPONENT_ID>j2ee</COMPONENT_ID>
    <MSG_TYPE TYPE="TRACE"></MSG_TYPE>
    <MSG_LEVEL>16</MSG_LEVEL>
    <HOST_ID>F2287032-W</HOST_ID>
    <HOST_NWADDR>30.30.16.14</HOST_NWADDR>
    <MODULE_ID>security</MODULE_ID>
    <THREAD_ID>14</THREAD_ID>
    <USER_ID>wmgraham</USER_ID>
    </HEADER>
    <CORRELATION_DATA>
    <EXEC_CONTEXT_ID><UNIQUE_ID>30.30.16.14:59560:1219851485804:6</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
    </CORRELATION_DATA>
    <PAYLOAD>
    <MSG_TEXT>for group=[JAZNGroupAdaptor: webta] there's no matching role found.</MSG_TEXT>
    </PAYLOAD>
    </MESSAGE>
    Web.xml Logical Role definition
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>allpages</web-resource-name>
    <url-pattern>/servlet/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>WEBTA_J2EE_USER</role-name>
    </auth-constraint>
    </security-constraint>
    <security-role>
    <role-name>WEBTA_J2EE_USER</role-name>
    </security-role>
    Orion-web.xml This file maps the logical role defined in webxml to a group within Active Directory.
    <security-role-mapping name="WEBTA_J2EE_USER">
    <group name="webta"/> <-- Group defined in AD -->
    </security-role-mapping>

    What is the name of the group in AD (provide the DN) that you want to map the j2ee logical role WEBTA_J2EE_USER? What are the group search base and group mapping attribute?
    When wmgraham logs into the app, the 3rd party ldap login module will attempt to query for the groups wmgraham is a member of - this is done using the group search base configuration for the provider.
    In this example, the DN is "cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and likely user search base is set to "ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi".
    Assuming group search base is (say) "ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and and group mapping attr is "cn", then the role mapping you mention should work for group DN "cn=webta,ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi"

  • LDAP security provider and web service authentication

    Background: we are currently developing web services to our existing weblogic application. Our users can configure user/password authentication in one of three ways: database, LDAP, or SSO. Setting SSO aside, we need to implement the same authentication for database and LDAP that we use in our existing logon servlet in our web services. In our servlet we detect which they are configured for and, if database, authenticate the encrypted password to a database table we have for user id/password. If LDAP we use weblogic.servlet.security.ServletAuthentication and the weak() method to authenticate.
    We've to use SOAP headers to communicate username/password from the client to the web service. We want to code a SOAP message handler to grab the username/password and do the authentication there. We've successfully put something together that handles the database authentication no problem and are now struggling with how to handle the LDAP authentication. We distribute a LDAP security provider we've coded for LDAP authentication. I guess what I am looking for is an equivalent functionality provided with weblogic.servlet.security.ServletAuthentication. Note that I realize the weblogic.servlet.security package has been deprecated starting with Weblogic 9.0 but cannot find what functionality replaces it. Any help there would be appreciated as well.
    Note that I am fairly new to web service development (about 10 months now) and definitely new to web service security and Weblogic security. I tried digging into the volumes of documentation out there regarding these two topics but am simply having a difficult time sorting it all out and figuring out how to do what I want to do.
    Thanks in advance!
    Julia

    Hi,
    Add Provider (LDAP Credentials) in Admin console Security Realm --> defaultrealm -->Providers. Configuring Ldap in Admin Console will enable Admin Server to connect to LDAP. All the LDAP preconfigured Users/Groups will be available in Users and Groups Tab of Security Realms >defaultrealm >Users and Groups. Add Roles using Security Realms >defaultrealm > Roles and Policies > Global Roles > Roles. Add Role Conditions to the role by specifying users/groups configured in LDAP. If your webservice runs with SSL Anotate the Webservice file something like this below.
    @RolesAllowed({
    @SecurityRole(role="test")
    @Policy(
    uri="policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",
    attachToWsdl=true)
    Here the role is Preconfigired role in AdminConsole. Add the following tag in the soapenv:header.
    <soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken>
    <wsse:Username>test</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header>

  • Migration of EmbeddedLDAP to 3rd Party LDAP

    Hi,
    Is it possible to migrate the complete authentication process of EmbeddedLDAP
    used by Weblogic 8.1 to any 3rd Party LDAP system ? Even the system user (default
    user : weblogic created during the domain setup) authentication should happen
    on a 3rd Party LDAP system. EmbeddedLDAP can at the most act as a bridge between
    Weblogic 8.1 and 3rd Party LDAP system. Is there any solution to this problem?
    Thanks in advance.
    Mandar

    I do not believe there are any restrictions on removing the default authenticator.
    When you boot the server make sure the user/pass is valid in the 3rd party LDAP
    and they have the proper admin/oper privileges to boot the server.
    You might want to configure the server with two authenticators first to verify
    you can successfully authenticate to the 3rd party LDAP before removing the default
    authenticator.
    -Craig
    "Mandar Jadhav" <[email protected]> wrote:
    >
    Hi,
    Is it possible to migrate the complete authentication process of EmbeddedLDAP
    used by Weblogic 8.1 to any 3rd Party LDAP system ? Even the system user
    (default
    user : weblogic created during the domain setup) authentication should
    happen
    on a 3rd Party LDAP system. EmbeddedLDAP can at the most act as a bridge
    between
    Weblogic 8.1 and 3rd Party LDAP system. Is there any solution to this
    problem?
    Thanks in advance.
    Mandar

  • 3rd party Internet Security disables CD Drive on Satellite A30

    sorry for posting help about 3rd party Internet Security software on a toshiba forum but ive been told its to do with my toshiba cd drive. Well without it installed (which i repeatdly said to Norton) it works well but with it installed auto run dosnt work and it is very hard to access the cd drive. I reckon that many people have had and solved the problem im having so please could you share with me how to do this. Yours Sincerely,
    Daniel Short

    Hi Daniel,
    so far as I know Norton disables the autorun function. The very slow access of the cd rom is based on the "auto check" function of the Norton Anti Virus.
    But please don't ask me where to disable this function.
    In my opinion, Norton was not build for notebooks , cause it disables very much functions that a needful.
    I use another program... ;)
    bye

  • 3rd party LDAP JAZN configuration

    Hey,
    I've been struggling with the jazn configuration of a 3rd party LDAP (Sun One) server. I've followed the Oracle 10AS documentation on creating the <jazn-loginconfig> element and there is an example template for sun one in the Oracle 10 AS. What about the <jazn-policy> and <jazn-realm> elements? Are these necessary or are these just required when you are using just the XML file itself and not LDAP? What other files besides jazn-data.xml need to be modified?
    Thanks

    Ok, a bit of progress...
    I turned on jazn logging and got the following exception:
    05/09/19 16:05:02 JAAS: LoginConfigProvider: JAZNConfig=[JAZNConfig file:[bpel home]
    BPELPM_2/integration/orabpel/system/appserver/oc4j/j2ee/home/config/jazn.xml]
    05/09/19 16:05:02 JAAS: LoginConfigProvider=oracle.security.jazn.spi.xml.XMLLoginModuleManager@de5cd9
    05/09/19 16:05:02 No Login Module configured for application [deployed app name].
    Using default Login Module, RealmLoginModule.05/09/19 16:05:02 javax.security.auth.login.LoginException: No LoginModules conf
    igured for oracle.security.jazn.oc4j.JAZNUserManager
    05/09/19 16:05:02 at javax.security.auth.login.LoginContext.init(LoginCont
    ext.java:189)
    05/09/19 16:05:02 at javax.security.auth.login.LoginContext.<init>(LoginCo
    ntext.java:404)
    05/09/19 16:05:02 at oracle.security.jazn.oc4j.OC4JUtil.getLoginContext(Un
    known Source)
    05/09/19 16:05:02 at oracle.security.jazn.oc4j.GenericUser$1.run(Unknown S
    ource)
    05/09/19 16:05:02 at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(U
    nknown Source)
    05/09/19 16:05:02 at oracle.security.jazn.oc4j.GenericUser.authenticate(Un
    known Source)
    05/09/19 16:05:02 at oracle.security.jazn.oc4j.FilterUser.authenticate(Unk
    nown Source)
    05/09/19 16:05:02 at com.evermind.server.http.HttpRequestHandler.processRe
    quest(HttpRequestHandler.java:614)
    05/09/19 16:05:02 at com.evermind.server.http.HttpRequestHandler.run(HttpR
    equestHandler.java:270)
    05/09/19 16:05:02 at com.evermind.server.http.HttpRequestHandler.run(HttpR
    equestHandler.java:112)
    05/09/19 16:05:02 at com.evermind.util.ReleasableResourcePooledExecutor$My
    Worker.run(ReleasableResourcePooledExecutor.java:192)
    05/09/19 16:05:02 at java.lang.Thread.run(Thread.java:534)
    05/09/19 16:05:02 Authentication: FAILED.
    05/09/19 16:05:02 JAAS-OC4J: Authentication failure for user: [username]05/09/19 16:05:02 No Login Module configured for application [app name] Using default Login Module, RealmLoginModule.
    05/09/19 16:05:02 javax.security.auth.login.LoginException: No LoginModules configured for oracle.security.jazn.oc4j.JAZNUserManager

  • HT4837 3rd Party LDAP users in local groups aren't recognized by wiki

    Having followed the KB article on setting up wiki webauth to allow 3rd party LDAP users to authenticate (http://support.apple.com/kb/HT4837) I have found that while individual users can be given permissions to access certain wikis, but LDAP users placed into local groups cannot.  Is this a bug?
    To be more specific:
    - Directory Access setup to allow authentication from LDAP server (this works fine for all other services like File Sharing)
    - Directions followed in the KB article which basically enables plain text authentication and turns off inline login window (http://support.apple.com/kb/HT4837)
    - Local groups created in Server.app -- Accounts -> Groups
    - LDAP users placed into those local groups
    - Services like file sharing recognize proper permissions based on the groups the LDAP users are in
    - Configure a wiki to allow access from a single LDAP user (Gear Icon -> Wiki Settings...) ... this works fine
    - Configure a wiki to allow access from the local groups containing LDAP users (again, Gear Icon -> Wiki Settings) ... this appears like it is going to work, but it in fact will fail to give permissions to LDAP users of the respective group upon that user's login.  A local user (Server.app -> Accounts -> Users) added to one of these local groups with LDAP people in it works fine and receives proper access to the wiki as expected.
    Any ideas before I submit this as a bug?

    Having followed the KB article on setting up wiki webauth to allow 3rd party LDAP users to authenticate (http://support.apple.com/kb/HT4837) I have found that while individual users can be given permissions to access certain wikis, but LDAP users placed into local groups cannot.  Is this a bug?
    To be more specific:
    - Directory Access setup to allow authentication from LDAP server (this works fine for all other services like File Sharing)
    - Directions followed in the KB article which basically enables plain text authentication and turns off inline login window (http://support.apple.com/kb/HT4837)
    - Local groups created in Server.app -- Accounts -> Groups
    - LDAP users placed into those local groups
    - Services like file sharing recognize proper permissions based on the groups the LDAP users are in
    - Configure a wiki to allow access from a single LDAP user (Gear Icon -> Wiki Settings...) ... this works fine
    - Configure a wiki to allow access from the local groups containing LDAP users (again, Gear Icon -> Wiki Settings) ... this appears like it is going to work, but it in fact will fail to give permissions to LDAP users of the respective group upon that user's login.  A local user (Server.app -> Accounts -> Users) added to one of these local groups with LDAP people in it works fine and receives proper access to the wiki as expected.
    Any ideas before I submit this as a bug?

  • User can't see some OID entry from 3rd party ldap browser but OAM?

    Hi All,
    after tried to applied access control to some OID entry, user then can't see that entry from 3rd party ldap browster, and this is a expected behavior, but why the same user can see that entry from user management interface of OAM?
    Regards,
    Makson

    Hi Makson,
    OAM's Identity Server binds to OID as a single user* (typically an OID admin, even orcladmin) and applies only those acl's that have been defined within OAM. So when you login to OAM as end-user X, the Identity Server (eg orcladmin) checks to see what rights within OAM have been defined for User X - but in this scenario any rights defined within OID are not applied to user X. By default, OAM end-users have no access to information in ldap (although the OAM Admins have full access by default).
    Regards,
    Colin
    *Depending on how you are accessing OAM, you may see extra binds in the OID logs when the end-users actually login to OAM.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • Open Directory, third party LDAP search path problem on Snow Leopard

    Happy new year folks,
    I ran into an interesting problem this past week in regards to a third party LDAP directory in the Search path (which used to work on previous versions). The issue brings the server to its knees eventually. I'm still digging through the logs, but here's the general breakdown...
    1. Add third-party LDAP to the OD node list. This has always worked on previous versions, and appears to still work at the most basic level. I can navigate the node with DSCL, read records, etc.
    1. Add third-party LDAP to the OD search path.
    2. Wait a few minutes....
    3. The server begins to slow down. Apache, SSH, ServerAdmin service stop responding. I'm able to run "top" briefly, which shows an increase of threads.
    4. Restart the server and quickly remove the directory from the OD search path
    5. Server goes back to being rock solid with very nice response times for Apache, SSH, ServerAdmin, etc.
    If anyone has any debugging suggestions, or has seen this before, let me know.
    Jaime
    --- Below is some console output leading up to the chaos. Before adding to search path, everything looks good --------------------
    bash-3.2# dscl
    Entering interactive mode... (type "help" for commands)
    read /LDAPv3/ldap.itd.umich.edu/Users/jaimelm cn
    dsAttrTypeNative:cn:
    Jaime Magiera
    Jaime L Magiera 1
    Jaime L Magiera
    --- Add to Search Path, which hangs ------------------------------------------------------------------------------
    bash-3.2# dscl /Search -append / CSPSearchPath /LDAPv3/ldap.itd.umich.edu
    --- DSCL in debug mode contains the following ----------------------------------------------
    2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: ipfw, PID: 1097, API: libinfo, Server Used : libinfomig DAR : Procedure = getprotobynumber (13) : Result code = 0
    2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: sso_util, PID: 1103, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779669 : Requested nodename = /Search
    2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Plug-in call "dsDoPlugInCustomCall()" failed with error = -14292.
    2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Port: 27151 Call: dsDoPlugInCustomCall() == -14292
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
    707 : Requested nodename = /LDAPv3/ldap.itd.umich.edu
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779707 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 167797072010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707
    : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAC : Dir Ref 16779707 :
    Data buffer size = 1282010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
    707 : Requested nodename = ConfigNode2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779
    707 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: Requesting dsOpenDirNode with PID = 1114, UID = 0, and EUID = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAC : Dir Ref = 16779707 : Node Name = /Configure
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAR : Dir Ref = 1677970
    7 : Node Ref = 33556926 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 16779707
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAC : Node Ref = 33556926 : Requested Attrs = dsAttrTypeStandard:OperatingSystemVersion : Attr Type Only Flag = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAR : Node Ref = 33556926 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33556924 : Requested Attrs = dsAttrTypeStandard:LSPSearchPath : Attr Type Only Flag = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAR : Node Ref = 33556924 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsDoPlugInCustomCall(), Search Used : DAC : Node Ref = 33556924 : Request Code = 444
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Checking for Search Node XML config file:
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfig.plist
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Have written the Search Node XML config file:
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfigBackup.plist
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Setting search policy to Custom search
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CSearchPlugin::SwitchSearchPolicy: switch - reachability of node </LDAPv3/127.0.0.1> retained as <true>
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: checking network node reachability on search policy 0x0000000000002201
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CCachePlugin::EmptyCacheEntryType - Request to empty all types - Flushing the cache
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/127.0.0.1
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAR : Dir Ref = 16777216 : Node Ref = 33556929 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: calling dsOpenDirNode succeeded on node </LDAPv3/127.0.0.1>
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAC : Node Ref = 33556929
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAR : Node Ref = 33556929 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x0000000103181000] - mbr_mig - dsFlushMembershipCache - force cache flush (internally initiated)
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
    2010-01-01 19:26:36 EST - T[0x0000000103181000] - Membership - dsNodeStateChangeOccurred - flagging all entries as expired
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/ldap.itd.umich.edu
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::InternalEstablishConnection - Node ldap.itd.umich.edu - Connection requested for read
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::FindSuitableReplica - Node ldap.itd.umich.edu - Attempting Replica connect to 141.211.93.133 for read
    2010-01-01 19:26:36 EST - T[0x0000000102481000] - CCachePlugin::SearchPolicyChange - search policy change notification, looking for NIS
    2010-01-01 19:26:36 EST - T[0x0000000102481000] - Internal Dispatch, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:SearchPath : Attr Type Only Flag = 0
    ------- From another screen, I do "id jaimelm", which hangs ------------------------------------------------------------------------
    : Requested Rec Names = jaimelm : Rec Name Pattern Match:8449 = eDSiExact : Requested Rec Types = dsRecTypeStandard:Users
    2010-01-01 19:36:55 EST - T[0x00000001082A2000] - Internal Dispatch, API: dsGetRecordList(), Search Used : DAC : 2 : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:RecordName;dsAttrTy peStandard:Password;dsAttrTypeStandard:UniqueID;dsAttrTypeStandard:GeneratedUID; dsAttrTypeStandard:PrimaryGroupID;dsAttrTypeStandard:NFSHomeDirectory;dsAttrType Standard:UserShell;dsAttrTypeStandard:RealName;dsAttrTypeStandard:Keywords : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = 0
    2010-01-01 19:37:03 EST - T[0x0000000108325000] - Client: httpd, PID: 157, API: mbr_syscall, Server Used : process kauth result 0x0000000102022B30
    2010-01-01 19:37:03 EST - T[0x00000001083A8000] - Client: httpd, PID: 151, API: mbr_syscall, Server Used : process kauth result 0x0000000102022C50
    2010-01-01 19:37:05 EST - T[0x000000010842B000] - Client: httpd, PID: 203, API: mbr_syscall, Server Used : process kauth result 0x0000000102022D70
    2010-01-01 19:37:15 EST - T[0x00000001084AE000] - Client: httpd, PID: 994, API: mbr_syscall, Server Used : process kauth result 0x0000000102023890
    2010-01-01 19:37:26 EST - T[0x0000000108531000] - Client: httpd, PID: 198, API: mbr_syscall, Server Used : process kauth result 0x0000000102023980
    2010-01-01 19:37:31 EST - T[0x00000001085B4000] - Client: httpd, PID: 161, API: mbr_syscall, Server Used : process kauth result 0x0000000~

    Hi
    I'm in agreement with harry here but what I'm struggling to understand is why you are seeing this as a problem? I'm also struggling to see this as being a possibility in a single server environment if I understand your post correctly?
    Promotion to OD Master with all that entails absolutely rests on a properly configured and tested internal DNS Service. The Kerberos Realm's foundation (and with that the ability of the server to perform its function as KDC and offer LDAP services) entirely depends on what is configured in the DNS Service. This will include the server name, domain name and tld. The Kerberos Realm automatically configures itself using that information. Likewise the searchbase.
    Its more than possible to change the Realm name and with it the LDAP search base (in certain circumstances) and have an OD Master, however Kerberos won't start it won't need to as the KDC will be elsewhere. You generally see this when augmenting Windows AD with MCX. In that situation Realm name and search base will reflect what is set on the Active Directory. Client computers will use what is set there for contact and authentication information before looking at the OD Master for anything else.
    Does this help? Tony

  • Are there any 3rd party tools which provide Microsoft Azure IaaS diagnostics?

    Are there any 3rd party tools currently, which can be used for giving detailed diagnostics Information about the IaaS environment (like on VM's, Virtual Network etc.) in a detailed report format periodically? Please note that I am looking for any such tools
    around IaaS environment diagnostics here, and not about Application diagnostics.

    Hi Bahree,
    Microsoft does not suggest  a specific third-party product. However, we do use them, and see lots of other customers use them.
    Paraleap: Monitoring tool - http://www.paraleap.com/AzureWatch , You may browse to these site and few others to learn more, and chat with their folks directly on how they support Windows Azure.
    I see that Microsoft has published a self-help diagnostic package for running Windows-based virtual machines (VMs) in Azure IaaS and this this diagnostic package does not require opening a Support Request with
    Microsoft
    This package helps to diagnose and resolve common issues on running Windows-based VMs in Azure IaaS
    We may download the diagnostic package from Microsoft's Support Diagnostics Self-Help Portal:
    https://home.diagnostics.support.microsoft.com/SelfHelp?knowledgebaseArticleFilter=2976864
    You might want to see
    Microsoft Azure Virtual Machine Monitoring with Azure Diagnostics Extension
    Regards,
    Shirisha Paderu

  • 3rd party sales item category problem

    Hi,
    I have configured the third party sales in the system and complited all the processess up to migo.
    Now i am trying to do customer invoice but system shows that item not relevent for billing i have set billing relevence 'F' in item category please can any one suggest me what may be reason.
    Thanking you!
    Rudra

    Third party item cat billing relevance is F
    F: Order-related billing doc. - status according to invoice quantity
    Relevant for order-related billing documents based on the invoice receipt quantity (third-party business transaction). The system transfers the order into the billing due list only after the vendor invoice has been received and processed in the purchasing department. After the receipt of each invoice, a customer invoice is created for the quantity that appears on the vendor invoice. The order has status "Billed" until the next vendor invoice is received.
    Item category TAS (Third party item) is set up with billing relevance "F" in the standard system.
    And Go to and check copying control setting by using tcode VTFA and select your combination and to go item level.
    Select your item category TAS and check these settings.
    -Copying requirement should be 012 which is order related 3rd party item.
    -Billing quantity F.
    -Pos/neg quantity can be +.
    -Pricing type can be G/D.
    -Now again try to create your billing document.
    Thanks & Regards
    JP

  • ISO 3rd party Apple service provider in the Inland Empire

    ISO 3rd party Apple vendor or savvy Machead who can take out a hard drive from an old MAC G4. Ideas anyone?

    Can you be more specific about where you are? Our area (northern Idaho/ western Washington) is called the Inland Empire but I've seen other regions use the same moniker.
    Also, G4s are newer than this forum covers and have their own fourm area full of PPC experts. I'm going to ask the Hosts to move your post to the PowerMac forums (assuming you have a PowerMac G4 tower or Cube, and not a PowerBook, iMac, eMac, iBook, or other G4 variant.)
    The forum you found gets painfully little traffic.
    Here are Apple instructions from replacing a hard drive that cover most PowerMac G4s:
    http://support.apple.com/kb/HT1815

  • Ldap security provider leads in 401 errors in WL 12.1.3

    I'm facing a migration from 10.3.2 to 12.1.3. The configuration is almost the same (I'll bet that config.xml is more or lest the same from previos version).
    In my environment, the user's authentication and authorization is made using an external (not embeded) ldap. Needles to say that everything works perfect in 10.3.2, but in the new version the behaviour is weird:
    * First time a user tryes to enter in the system the application returns a 401 error.
    * Next attempt the user can enter into the system without problem.
    * If the user continues using the system, there are no problems.
    * If the user doesn't re-connect to the system after some time 401 error is returned again.
    I find out that if I disable the ldap cache everything works fine. But in a production enviroment I believe cache is a must.
    Does anyone have faced this issue?

    Verified WebLogic Classloading using CAT '( wls-cat  app ) and found oracle.dms.console.DMSConsole was loaded from web-inf jar and ucp classes were loaded from jar from weblogic, used below entry in weblogic.xml to load everything from web-inf  to resolve the issue
      <container-descriptor>
          <prefer-web-inf-classes>true</prefer-web-inf-classes>
       </container-descriptor>
    Thanks
    Sandeep

  • Integrating standalone OC with existing 3rd party LDAP directory question

    Hello everyone,
    we have a standalone version 9 Oracle Calendar server with internal directory. We also have an existing enterprise wide LDAP directory. We would like to integrate them together, with as few changes to our existing LDAP schema as possible. Has anyone dealt with this issue before? Are there any documents out there describing how to deal with such situation? What if we upgrade to OC version 10 first?
    Thanks

    Migration might be tricky -
    We've been running Calendar since the Netscape era with external LDAP. Basically user's preferences are stored in LDAP, though these can be 'regenerated' on the fly by the client using defaults.
    You will need to modify the schema, but it's simply as loading the supplied schema file.
    Data itself is still maintained in the internal DB. The link between the DB and LDAP is done via the calendar ID number which gets stored in the user's entry in ldap.
    I don't think it would matter on upgrading OC to 10 or not, since the upgrade would not modify anything on the LDAP side (schema has not changed).
    You should set up a test environment and test it out...

Maybe you are looking for

  • I am having a problem with my 2009 Macbook Pro

    Hello Everyone, I am having a problem with my 2009 Macbook Pro .  A few weeks ago I plugged it into the charger after running it down to reserve battery power. It appeared to be charging, but then all of a sudden my clock and calender reset to year 2

  • Urgent! Please help. JVM Perm size OutOfMemory with wls9.1

    Sorry for posting this here since I could not find a general weblogic JVM trouble shooting newsgroup. Basically we have an issue in production where OutOfMemory Error occurred in the Perm space after server has been up for half an hour. We recently u

  • Location map doesn't show in iPhoto since update to Maverick

    Since I have updated to Maverick I have noticed that the location map no longer shows. The info shows and the drop pin also but no map picture. I also tried Hybrid and Satalite but it didn't change. Any ideas?

  • Error while partitioning in boot camp install windows

    HI there,,, I am trying to install windows to imac . I have a windows 7 disk and I go through the steps in boot camp, but once I get to choosing install windows 7. Nothing else. Just that. Some assistance would be greatly appreciated gents  

  • Import pictures from computer

    does anyone know how to get a jpeg or gif file into the phone from a windows computer to use as wallpaper?