ACL outbound not allowed
So the situation here is :
I have a layer 3 switch who is connected to a layer 2 ( d-link) switch via trunk line on the gi0/46 of the layer 3 switch.
I implement my ACL on this gi0/46 port inbound but I can't do this outbound on this port? it says "invalid input detected"
If I type: "ip access-group VTI ?" than it only show inbound as an option. How does this come ?
Another question I have is :
I have this access-list on the gi0/46 port inbound:
10 permit udp any any
20 permit ip any 10.1.40.192 0.0.0.63
30 permit ip any 10.1.40.0 0.0.0.127
40 deny ip any 10.1.0.0 0.0.255.255
50 permit ip any any
If I do this I can't access the layer 2 D-link anymore who has an ip address (10.1.40.145).
I can access the D-link switch if i'm in the vlan 10 which is (10.1.40.0 0.0.0.127) that's because that one is allowed in my ACL above here.
But what must I do if i want that vlan 10 can access the D-link but the computers behind the D-link aren't allowed to access vlan 10 ?
Thanks
Jonas Vanraes
Hi !
Thank you for you very clear information on the PACL. The switch is an cisco 3560x switch
But for my second question forget what I said earlier.
The situation is like this:
- They are 6 schools connected via VPN.
- In the image you can see the VLANs for one school
- Every school has his own system vlan which is always vlan 10 and always the first vlan in the subnet of the school
What do I want to succeed ?
- only vlan10 of every school must be able to access the switches who are in vlan999 , you can see that in the image
- my problem is if I implement the access-list I showed you above, only the vlan10 of the school where the switch(d-link) ispresent can access the switch but the other schools vlan 10 aren't able to access the switches. If I remove the ACL they can access the switch so the problem is definitely with the ACL
- So my question is if you still folow me: How can I allow the vlan10 of every school to access the switches but the computers behind the switches are not allowed the access the vlan 10 of every school except but their own vlan10 cause their Domain controller etc. is there.
Maybe this is more understandable
This are the vlan10 of every school
- 10.1.0.0 255.255.255.128 - school 1
- 10.1.8.0 255.255.255.128 - school 2
- 10.1.16.0 255.255.255.128 - school 3
- 10.1.24.0 255.255.255.128- school 4
- 10.1.32.0 255.255.255.128 - school 5
- 10.1.40.0 255.255.255.128 - school 6
If i do this : permit ip any 10.1.8.0 0.0.0.127 in my ACL on that gi0/46 port than the ip address range (10.1.8.0 ...) can access that d-link but the problem with this is that the computers behind the d-link also can access (10.1.8.0 ...)
If you don't understand I completely understand cause it's hard to explain
Jonas Vanraes
Similar Messages
-
SQLException: Access not allowed (problem with ACL)
Hi, I'm getting the following error when I start my Weblogic (7.0) server.
java.sql.SQLException: weblogic.common.ResourceException: Access not allowed
I followed these steps to Provide the necessary ACl permisiions:
1. Compatibility Security => ACLs
Create a new ACL:
name : weblogic.jdbc.connectionPool.yourPoolname
permission : admin
group : Administrators
2. Create a new Connection Pool:
ACL Name : weblogic.jdbc.connectionPool.yourPoolname
In 'Target' tab, choose server and click the Apply button.
I even checked fileRealm.properties, the user admin123 (the user name with which I start the server), is included in all the connectionpool ACL lists. I restarted the server to pick the new changes but it still gives the same errors.
Please help,
ThanksYou need to create the correct ACL for the DataSource following this procedure in the Administration Console:
1. Compatibility Security => ACLs
Create a new ACL:
name : weblogic.jdbc.connectionPool.yourPoolname
permission : admin
group : Administrators
2. Compatibility => click Refresh button
3. Services => JDBC => Connection Pool
Create a new Connection Pool:
ACL Name : weblogic.jdbc.connectionPool.yourPoolname
In 'Target' tab, choose server and click the Apply button.
4. Services => JDBC => Data Sources
You can create a new Data Source using this connection pool successfully
Regards,
Prasanna Yalam -
Powershell Get-Acl not allowed Exception
Hello
On some objects, i get "Requested registry access is not allowed" with get-acl. But when i try to access to this object with regedit, i can enumerate Access rights.
The perfect example is the command get-acl hklm:\security
i don't understand why i have sufficient access rights with regedit and not with Get-Acl ?Actually David is closer on that key>
If we do this you will see also why:
PS C:\scripts> `cd hklm:
PS HKLM:\> dir
Name Property
BCD00000000
HARDWARE
SAM
dir : Requested registry access is not allowed.
At line:1 char:1
+ dir
+ ~~~
+ CategoryInfo : PermissionDenied: (HKEY_LOCAL_MACHINE\SECURITY:String) [Get-ChildItem], SecurityExceptio
n
+ FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.GetChildItemCommand
SOFTWARE (default) :
SYSTEM
PS HKLM:\>
¯\_(ツ)_/¯ -
Address list error -- 5.7.1 Relaying not allowed
Hi,
We have setup the Java Messaging Server to send/recieve mails from a gateway. The inbound mail flow works perfectly but, the outbound mail flow has issues.
The outbound mails are not hitting the gateway. When checked the log for outbound mail, it displays the address list error - 5.7.1 Relaying not allowed for any domain i.e gmail.com, etc
version:
Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)
libimta.so 6.3-5.02 (built 17:15:31, Oct 12 2007; 32bit)
SunOS P1192FLPLN 5.9 Generic_118558-02 sun4u sparc SUNW,Sun-Fire
here is the log for reference...
=========================================================================
root@P1192FLPLN # /opt/SUNWmsgsr/sbin/imsimta test -rewrite -debug -source_channel=tcp_local [email protected] [email protected]
Initializing mm_.
Initializing mm_ submission.
Checking identifiers.
*** Debug output from initializing MM for submission:
17:09:37.43: Debug output enabled, system P1192FLPLN.extmail.xyz.com, process 3fbf.1, message enqueue routines version V6.3 compiled Oct 12 2007 17:15:38
17:09:37.43: mmc_winit('tcp_local','[email protected]','') called.
17:09:37.43: Address reversal invoked on [email protected], force reverse URL 1, capture 1
17:09:37.43: Rewriting: Mbox = "abhishek.sen", host = "extmail.xyz.com", domain = "$*", literal = "", tag = ""
17:09:37.43: Rewrite: "$*", position 0, hash table -
17:09:37.43: Found: "$A$E$F$U%[email protected]"
17:09:37.43: Rewrite failed, not forward.
17:09:37.43: Rewrite: "$*", position 1, hash table -
17:09:37.43: Failed.
17:09:37.43: Rewrite: "$*", position 0, rewrite database -
17:09:37.43: Failed
17:09:37.43: Rewriting: Mbox = "abhishek.sen", host = "extmail", domain = "extmail.xyz.com", literal = "", tag = ""
17:09:37.43: Rewrite: "extmail.xyz.com", position 0, hash table -
17:09:37.43: Found: "$U%[email protected]"
17:09:37.43: New mailbox: "abhishek.sen".
17:09:37.43: New host: "extmail.xyz.com".
17:09:37.43: New route: "P1192FLPLN.extmail.xyz.com".
17:09:37.43: New channel system: "P1192FLPLN.extmail.xyz.com".
17:09:37.43: Looking up host "P1192FLPLN.extmail.xyz.com".
17:09:37.43: - found on channel l
17:09:37.43: Routelocal flag set; scanning for % and !
17:09:37.43: Checking reverse URL cache for: [email protected]
17:09:37.43: Applying reverse URL pattern ldap:///$V?$N?sub?$R to: [email protected]
17:09:37.48: Resulting URL: ldap:///o%3Dextmail.xyz.com%2Co%3Dext?preferredlanguage,mailmsgmaxblocks,mail,mailalternateaddress,mailequivalentaddress?sub?(|([email protected])([email protected])([email protected]))
17:09:37.49: mmc_open_url called to open ldap:///o%3Dextmail.xyz.com%2Co%3Dext?preferredlanguage,mailmsgmaxblocks,mail,mailalternateaddress,mailequivalentaddress?sub?(|([email protected])([email protected])([email protected])), flags = 384
17:09:37.49: URL with quotes stripped: ldap:///o%3Dextmail.xyz.com%2Co%3Dext?preferredlanguage,mailmsgmaxblocks,mail,mailalternateaddress,mailequivalentaddress?sub?(|([email protected])([email protected])([email protected]))
17:09:37.49: LDAP URL identified
17:09:37.49: URL context #1 will be used
17:09:37.49: Performing URL search on: ldap:///o%3Dextmail.xyz.com%2Co%3Dext?preferredlanguage,mailmsgmaxblocks,mail,mailalternateaddress,mailequivalentaddress?sub?(|([email protected])([email protected])([email protected]))
17:09:37.53: mmc_read_url result: [uid=asen,ou=People,o=extmail.xyz.com,o=ext]
17:09:37.53: URL resolution returned: [uid=asen,ou=People,o=extmail.xyz.com,o=ext]
17:09:37.53: mmc_read_url result: [preferredlanguage] en
17:09:37.53: URL resolution returned: [preferredlanguage] en
17:09:37.53: Attribute index: 0
17:09:37.53: LDAP URL produced preferred language en
17:09:37.53: mmc_read_url result: [mailmsgmaxblocks] 700
17:09:37.53: URL resolution returned: [mailmsgmaxblocks] 700
17:09:37.53: Attribute index: 0
17:09:37.53: LDAP URL produced blocklimit 700
17:09:37.53: mmc_read_url result: [mail] [email protected]
17:09:37.53: URL resolution returned: [mail] [email protected]
17:09:37.54: Attribute index: 0
17:09:37.54: LDAP URL produced address [email protected]
17:09:37.54: No more results to return
17:09:37.54: Override postmaster: [email protected]
17:09:37.54: Preferred language en
17:09:37.54: Content return block limit now 700
17:09:37.54: Mapped return address: [email protected]
17:09:37.54: from_access mapping check: ||MAIL|tcp_local|[email protected]|
17:09:37.54: Queue area size 73232902, temp area size 2067314
17:09:37.54: 18308225 blocks of effective free queue space available; setting disk limit accordingly.
17:09:37.54: 1033657 blocks of free temporary space available; setting disk limit accordingly.
17:09:37.54: - passed.
17:09:37.54: Rewriting: Mbox = "abhishek.sen", host = "extmail.xyz.com", domain = "$*", literal = "", tag = ""
17:09:37.54: Rewrite: "$*", position 0, hash table -
17:09:37.54: Found: "$A$E$F$U%[email protected]"
17:09:37.54: Rewrite failed, not forward.
17:09:37.54: Rewrite: "$*", position 1, hash table -
17:09:37.54: Failed.
17:09:37.54: Rewrite: "$*", position 0, rewrite database -
17:09:37.54: Failed
17:09:37.54: Rewriting: Mbox = "abhishek.sen", host = "extmail", domain = "extmail.xyz.com", literal = "", tag = ""
17:09:37.54: Rewrite: "extmail.xyz.com", position 0, hash table -
17:09:37.54: Found: "$U%[email protected]"
17:09:37.54: New mailbox: "abhishek.sen".
17:09:37.54: New host: "extmail.xyz.com".
17:09:37.54: New route: "P1192FLPLN.extmail.xyz.com".
17:09:37.56: New channel system: "P1192FLPLN.extmail.xyz.com".
17:09:37.56: Looking up host "P1192FLPLN.extmail.xyz.com".
17:09:37.56: - found on channel l
17:09:37.56: Routelocal flag set; scanning for % and !
*** Debug output from rewriting a forward header address:
17:09:37.56: Rewriting: Mbox = "bhanu.prasad", host = "xyz.com", domain = "$*", literal = "", tag = ""
17:09:37.56: Rewrite: "$*", position 0, hash table -
17:09:37.56: Found: "$A$E$F$U%[email protected]"
17:09:37.57: Rewrite failed, not envelope.
17:09:37.57: Rewrite: "$*", position 1, hash table -
17:09:37.57: Failed.
17:09:37.57: Rewrite: "$*", position 0, rewrite database -
17:09:37.57: Failed
17:09:37.57: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = "xyz.com", literal = "", tag = ""
17:09:37.57: Rewrite: "xyz.com", position 0, hash table -
17:09:37.57: Failed.
17:09:37.57: Rewrite: "xyz.com", position 0, rewrite database -
17:09:37.59: Failed
17:09:37.59: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = ".com", literal = "", tag = ""
17:09:37.59: Rewrite: "*.com", position 0, hash table -
17:09:37.59: Failed
17:09:37.59: Rewrite: ".com", position 0, hash table -
17:09:37.59: Found: "$U%$H$D@TCP-DAEMON"
17:09:37.59: New mailbox: "bhanu.prasad".
17:09:37.59: New host: "xyz.com".
17:09:37.59: New route: "TCP-DAEMON".
17:09:37.59: New channel system: "TCP-DAEMON".
17:09:37.59: Looking up host "TCP-DAEMON".
17:09:37.60: - found on channel tcp_local
17:09:37.60: Rewriting: Mbox = "bhanu.prasad", host = "xyz.com", domain = "$*", literal = "", tag = ""
17:09:37.60: Rewrite: "$*", position 0, hash table -
17:09:37.60: Found: "$A$E$F$U%[email protected]"
17:09:37.60: Rewrite failed, not envelope.
17:09:37.60: Rewrite: "$*", position 1, hash table -
17:09:37.60: Failed.
17:09:37.60: Rewrite: "$*", position 0, rewrite database -
17:09:37.60: Failed
17:09:37.61: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = "xyz.com", literal = "", tag = ""
17:09:37.61: Rewrite: "xyz.com", position 0, hash table -
17:09:37.61: Failed.
17:09:37.61: Rewrite: "xyz.com", position 0, rewrite database -
17:09:37.61: Failed
17:09:37.61: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = ".com", literal = "", tag = ""
17:09:37.61: Rewrite: "*.com", position 0, hash table -
17:09:37.61: Failed
17:09:37.61: Rewrite: ".com", position 0, hash table -
17:09:37.63: Found: "$U%$H$D@TCP-DAEMON"
17:09:37.63: New mailbox: "bhanu.prasad".
17:09:37.63: New host: "xyz.com".
17:09:37.63: New route: "TCP-DAEMON".
17:09:37.63: New channel system: "TCP-DAEMON".
17:09:37.63: Looking up host "TCP-DAEMON".
17:09:37.63: - found on channel tcp_local
17:09:37.63: Rewrite rules result: [email protected]
17:09:37.63: Checking reverse URL cache for: [email protected]
17:09:37.63: Applying reverse URL pattern ldap:///$V?$N?sub?$R to: [email protected]
17:09:37.65: URL generation failed, status = 0
*** Debug output from rewriting a forward envelope address:
17:09:37.65: Rewriting: Mbox = "bhanu.prasad", host = "xyz.com", domain = "$*", literal = "", tag = ""
17:09:37.65: Rewrite: "$*", position 0, hash table -
17:09:37.65: Found: "$A$E$F$U%[email protected]"
17:09:37.65: Match, pattern = "xyz.com", current = "(*domaincheck*)"
17:09:37.65: old state = not checked.
17:09:37.65: Domain check on xyz.com.
17:09:37.66: Could not add domain result 0 to cache for xyz.com.
17:09:37.66: new state = fail pending.
17:09:37.66: Rewrite failed due to prechannel mismatch.
17:09:37.66: Rewrite: "$*", position 1, hash table -
17:09:37.66: Failed.
17:09:37.66: Rewrite: "$*", position 0, rewrite database -
17:09:37.66: Failed
17:09:37.66: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = "xyz.com", literal = "", tag = ""
17:09:37.66: Rewrite: "xyz.com", position 0, hash table -
17:09:37.66: Failed.
17:09:37.67: Rewrite: "xyz.com", position 0, rewrite database -
17:09:37.67: Failed
17:09:37.67: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = ".com", literal = "", tag = ""
17:09:37.67: Rewrite: "*.com", position 0, hash table -
17:09:37.67: Failed
17:09:37.67: Rewrite: ".com", position 0, hash table -
17:09:37.67: Found: "$U%$H$D@TCP-DAEMON"
17:09:37.67: New mailbox: "bhanu.prasad".
17:09:37.67: New host: "xyz.com".
17:09:37.67: New route: "TCP-DAEMON".
17:09:37.69: New channel system: "TCP-DAEMON".
17:09:37.69: Looking up host "TCP-DAEMON".
17:09:37.69: - found on channel tcp_local
address channel = tcp_local
forward channel = tcp_local
channel description =
channel caption =
channel user filter =
dest channel filter =
source channel filter =
channel flags #0 = BIDIRECTIONAL SINGLE_SYSTEM IMMNONURGENT NOSERVICEALL channel flags #1 = SMTP_CRLF MX IDENTNONENUMERIC DEFAULT
channel flags #2 = COPYSENDPOST COPYWARNPOST POSTHEADONLY HEADERINC NOEXPROUTE
channel flags #3 = LOGGING NORESTRICTED RETAINSECURITYMULTIPARTS
channel flags #4 = EIGHTNEGOTIATE HEADERKEEPORDER NOHEADERREAD RULES
channel flags #5 = TRUNCATESMTPLONGLINES
channel flags #6 = LOCALUSER REPORTNOTARY
channel flags #7 = SWITCHCHANNEL REMOTEHOST DATEFOUR DAYOFWEEK
channel flags #8 = NODEFRAGMENT EXQUOTA REVERSE NOCONVERT_OCTET_STREAM
channel flags #9 = NOTHURMAN INTERPRETENCODING USEINTERMEDIATE RECEIVEDFROM VALIDATELOCALNONE NOTURN
defaulthost = extmail.xyz.com extmail.xyz.com
linelength = 998
addrsperfile = 99
channel env addr type = SOURCEROUTE
channel hdr addr type = SOURCEROUTE
channel official host = tcp-daemon
channel queue 0 name = SMTP_POOL
channel queue 1 name = SMTP_POOL
channel queue 2 name = SMTP_POOL
channel queue 3 name = SMTP_POOL
channel after params =
channel daemon name = 10.8.51.126
channel user name =
urgentnotices = 1 2 4 7
normalnotices = 1 2 4 7
nonurgentnotices = 1 2 4 7
channel rightslist ids =
local behavior flags = %x0
expandchannel =
notificationchannel =
dispositionchannel =
tlsswitchchannel =
backward channel = tcp_local
unique identifier = [email protected]
header forward address = [email protected] (route (TCP-DAEMON,TCP-DAEMON)) (host xyz.com)
header reverse address = [email protected]
envelope forw address = [email protected] (route (TCP-DAEMON,TCP-DAEMON)) (host xyz.com)
envelope rev address = [email protected] (route (TCP-DAEMON,TCP-DAEMON)) (host xyz.com)
name =
mbox = bhanu.prasad
Extracted address action list:
[email protected]
Extracted 733 address action list:
[email protected]
Address list expansion:
*** Debug output from alias expansion:
17:09:37.76: Inner expand, level = 0, mailbox = [email protected]
17:09:37.76: Rewriting: Mbox = "bhanu.prasad", host = "xyz.com", domain = "$*", literal = "", tag = ""
17:09:37.76: Rewrite: "$*", position 0, hash table -
17:09:37.76: Found: "$A$E$F$U%[email protected]"
17:09:37.76: Match, pattern = "xyz.com", current = "(*domaincheck*)"
17:09:37.76: old state = not checked.
17:09:37.76: Domain check on xyz.com.
17:09:37.77: Could not add domain result 0 to cache for xyz.com.
17:09:37.77: new state = fail pending.
17:09:37.77: Rewrite failed due to prechannel mismatch.
17:09:37.77: Rewrite: "$*", position 1, hash table -
17:09:37.77: Failed.
17:09:37.77: Rewrite: "$*", position 0, rewrite database -
17:09:37.77: Failed
17:09:37.77: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = "xyz.com", literal = "", tag = ""
17:09:37.77: Rewrite: "xyz.com", position 0, hash table -
17:09:37.77: Failed.
17:09:37.79: Rewrite: "xyz.com", position 0, rewrite database -
17:09:37.79: Failed
17:09:37.79: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = ".com", literal = "", tag = ""
17:09:37.79: Rewrite: "*.com", position 0, hash table -
17:09:37.79: Failed
17:09:37.79: Rewrite: ".com", position 0, hash table -
17:09:37.79: Found: "$U%$H$D@TCP-DAEMON"
17:09:37.79: New mailbox: "bhanu.prasad".
17:09:37.79: New host: "xyz.com".
17:09:37.79: New route: "TCP-DAEMON".
17:09:37.80: New channel system: "TCP-DAEMON".
17:09:37.80: Looking up host "TCP-DAEMON".
17:09:37.80: - found on channel tcp_local
-13 expansion total.
*** Debug output from submitting an envelope address:
17:09:37.80: mmc_wadr(0x0017ae68,'[email protected]','[email protected]') called.
17:09:37.80: Copy estimate before address addition is 1
17:09:37.80: Parsing address [email protected]
17:09:37.80: Rewriting: Mbox = "bhanu.prasad", host = "xyz.com", domain = "$*", literal = "", tag = ""
17:09:37.80: Rewrite: "$*", position 0, hash table -
17:09:37.81: Found: "$A$E$F$U%[email protected]"
17:09:37.81: Match, pattern = "xyz.com", current = "(*domaincheck*)"
17:09:37.81: old state = not checked.
17:09:37.81: Domain check on xyz.com.
17:09:37.81: Could not add domain result 0 to cache for xyz.com.
17:09:37.81: new state = fail pending.
17:09:37.81: Rewrite failed due to prechannel mismatch.
17:09:37.81: Rewrite: "$*", position 1, hash table -
17:09:37.83: Failed.
17:09:37.83: Rewrite: "$*", position 0, rewrite database -
17:09:37.83: Failed
17:09:37.83: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = "
xyz.com", literal = "", tag = ""
17:09:37.83: Rewrite: "xyz.com", position 0, hash table -
17:09:37.83: Failed.
17:09:37.83: Rewrite: "xyz.com", position 0, rewrite database -
17:09:37.83: Failed
17:09:37.83: Rewriting: Mbox = "bhanu.prasad", host = "relianceada", domain = "
.com", literal = "", tag = ""
17:09:37.83: Rewrite: "*.com", position 0, hash table -
17:09:37.84: Failed
17:09:37.84: Rewrite: ".com", position 0, hash table -
17:09:37.84: Found: "$U%$H$D@TCP-DAEMON"
17:09:37.84: New mailbox: "bhanu.prasad".
17:09:37.84: New host: "xyz.com".
17:09:37.84: New route: "TCP-DAEMON".
17:09:37.84: New channel system: "TCP-DAEMON".
17:09:37.84: Looking up host "TCP-DAEMON".
17:09:37.84: - found on channel tcp_local
17:09:37.84: - adding address [email protected] to headers.
17:09:37.86: - orig_send_access mapping check: tcp_local|abhishek.sen@extm
ail.xyz.com|tcp_local|[email protected]
17:09:38.16: - failed.
17:09:38.16: Good address count 0 defer count 0
17:09:38.16: Copy estimate after address addition is 1
17:09:38.16: mmc_waend(0x0017ae68) called.
17:09:38.16: Copy estimate is 1
17:09:38.16: Queue area size 73232902, temp area size 2067288
17:09:38.16: 36616451 blocks of effective free queue space available; setting
disk limit accordingly.
17:09:38.16: 1033644 blocks of free temporary space available; setting disk li
mit accordingly.
Expanded address:
[email protected]
Submitted address list:
Address list error -- 5.7.1 Relaying not allowed: [email protected]
Submitted notifications list:
=========================================================================Do we have to make any changes on other config files except the imta.cnf and mappings file for inbound and outbound..
thanks for any help
Edited by: prasad0_0 on Jul 8, 2008 4:58 AMi have already setup the messaging server 6 months back.. followed the same procedure to route mails to a gateway..
made changes to the imta.cnf for outbound mail flow to the tcp_local and mappings file to accept inbound mail flow from the gateway. Its working perfectly on the older setup, but this now, have issues with new setup.
here is the imta.cnf file..
! IMTA configuration file
! part I : rewrite rules
! Domain Rewrite Rules.
! Uncomment this line to use domain rewrite rules
! from the configuration file instead of the domain database.
! Please refer to the iMS documentation for details.
!<IMTA_TABLE:domains.rules
! Rules to select local users
$* $A$E$F$U%[email protected]
P1192FLPLN.extmail.xyz.com $U%[email protected]
extmail.xyz.com $U%[email protected]
! ims-ms
.ims-ms-daemon $U%$H.ims-ms-daemon@ims-ms-daemon
! lmtp
!.lmtp $U%$H@lmtpcs-daemon
! lmtpn
!.lmtpn $U%$H@lmtpcn-daemon
! native
.native-daemon $U%$H.native-daemon@native-daemon
! pipe
.pipe-daemon $U%$H.pipe-daemon@pipe-daemon
! tcp_local
! Rules for top level internet domains
<IMTA_TABLE:internet.rules
! tcp_intranet
! Do mapping lookup for internal IP addresses
[] $E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon
.extmail.xyz.com $U%$H.extmail.xyz.com@tcp_intranet-daemon
* $U%$&0.extmail.xyz.com
! reprocess
reprocess $U%reprocess.P1192FLPLN.extmail.xyz.com@reprocess-daemon
reprocess.P1192FLPLN.extmail.xyz.com $U%reprocess.P1192FLPLN.extmail.xyz.com@reprocess-daemon
! process
process $U%process.P1192FLPLN.extmail.xyz.com@process-daemon
process.P1192FLPLN.extmail.xyz.com $U%process.P1192FLPLN.extmail.xyz.com@process-daemon
! defragment
defragment $U%defragment.P1192FLPLN.extmail.xyz.com@defragment-daemon
defragment.P1192FLPLN.extmail.xyz.com $U%defragment.P1192FLPLN.extmail.xyz.com@defragment-daemon
! conversion
conversion $U%conversion.P1192FLPLN.extmail.xyz.com@conversion-daemon
conversion.P1192FLPLN.extmail.xyz.com $U%conversion.P1192FLPLN.extmail.xyz.com@conversion-daemon
! bitbucket
bitbucket $U%bitbucket.P1192FLPLN.extmail.xyz.com@bitbucket-daemon
bitbucket.P1192FLPLN.extmail.xyz.com $U%bitbucket.P1192FLPLN.extmail.xyz.com@bitbucket-daemon
! deleted
deleted-daemon $U%$H@deleted-daemon
.deleted-daemon $U%$H@deleted-daemon
! inactive
inactive-daemon $U%$H@inactive-daemon
.inactive-daemon $U%$H@inactive-daemon
! hold
hold-daemon $U%$H@hold-daemon
.hold-daemon $U%$H@hold-daemon
! part II : channel blocks
defaults notices 1 2 4 7 copywarnpost copysendpost postheadonly noswitchchannel immnonurgent maxjobs 7 logging defaulthost extmail.xyz.com extmail.xyz.com
! delivery channel to local /var/mail store
l subdirs 20 viaaliasrequired maxjobs 7
P1192FLPLN.extmail.xyz.com
! ims-ms
ims-ms defragment subdirs 20 notices 1 7 14 21 28 backoff "pt5m" "pt10m" "pt30m" "pt1h" "pt2h" "pt4h" maxjobs 2 pool IMS_POOL fileinto $U+$S@$D
ims-ms-daemon
! native
native defragment subdirs 20 maxjobs 1
native-daemon
! pipe
pipe single defragment subdirs 20
pipe-daemon
! tcp_local
tcp_local smtp mx single_sys remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 loopcheck daemon 10.8.51.126
tcp-daemon
! tcp_intranet
tcp_intranet smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel saslswitchchannel tcp_auth missingrecipientpolicy 4
tcp_intranet-daemon
! tcp_submit
tcp_submit submit smtp mx single_sys mustsaslserver maytlsserver missingrecipientpolicy 4
tcp_submit-daemon
! tcp_auth
tcp_auth smtp mx single_sys mustsaslserver missingrecipientpolicy 4
tcp_auth-daemon
! tcp_tas
tcp_tas smtp mx single_sys allowswitchchannel mustsaslserver maytlsserver deliveryflags 2
tcp_tas-daemon
! tcp_lmtpss (LMTP server - store)
!tcp_lmtpss lmtp flagtransfer
!tcp_lmtpss-daemon
! tcp_lmtpcs (LMTP client - store)
!tcp_lmtpcs defragment lmtp port 225 nomx single_sys subdirs 20 maxjobs 7 pool SMTP_POOL dequeue_removeroute
!lmtpcs-daemon
! reprocess
reprocess
reprocess-daemon
! process
process
process-daemon
! defragment
defragment
defragment-daemon
! conversion
conversion
conversion-daemon
! bitbucket
bitbucket
bitbucket-daemon
! deleted
deleted
deleted-daemon
! inactive
inactive
inactive-daemon
! hold
hold
hold-daemonand mappings file..
! MTA mappings file
! for access control and other table lookups
FROM_ACCESS
! Entries to block certain submissions normally would be inserted here,
! above the ntended-to-be-final entries that while permitting submission,
! merely disable any potential "vacation" effect.
! The following entries disable Sieve "vacation" action on lists sorts
! of addresses, as recommended by the Sieve "vacation" extension draft.
*|SMTP*|*|*|MAILER-DAEMON@*|* $!$Y
*|SMTP*|*|*|LISTSERVE*@|* $!$Y
*|SMTP*|*|*|majordomo@*|* $!$Y
*|SMTP*|*|*|*-request@*|* $!$Y
*|SMTP*|*|*|*-owner@*|* $!$Y
*|SMTP*|*|*|owner-*@*|* $!$Y
PORT_ACCESS
*|*|*|*|* $C$|INTERNAL_IP;$3|$Y$E
* $YEXTERNAL
INTERNAL_IP
$(10.8.55.49/24) $Y
$(10.8.51.125) $Y
$(10.8.51.126) $Y
127.0.0.1 $Y
* $N
ORIG_SEND_ACCESS
tcp_local|*|tcp_local|* $N$D30|Relaying$ not$ allowed
tcp_*|*|native|* $N
tcp_*|*|hold|* $N
tcp_*|*|pipe|* $N
tcp_*|*|ims-ms|* $N
! Block "external" submissions of explicitly source-routed "internal" addresses
tcp_local|*|tcp_intranet|@*:*.* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|*$%*@* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|*.*!*@* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|"*@*"@* $N$D30|Explicit$ routing$ not$ allowed
SEND_ACCESS
tcp_*|*|*|*@[127.*] $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@localhost.* $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@example.com $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@example.net $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@example.org $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@*.test $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@*.example $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@*.invalid $X5.1.2|$NBad$ destination$ system
tcp_*|*|*|*@*.localhost $X5.1.2|$NBad$ destination$ system
<IMTA_TABLE:mappings.localewe are able to receive mails from the gateway, but when using uwc to send the mail, the mail doesnt hit the gateway. trying a telnet from the messaging server to the gateway, works perfectly.
thanks in advance. -
Hi,
I'm receiving an Exception while sending a message to a specific subtopic with blazeds.
"msg.setHeader(AsyncMessage.SUBTOPIC_HEADER_NAME, "mySubtopic");" gives the following exception and I have search on this exception and cannot find a solution.
So how can i handle this exception?
Exception in thread "Thread-10" flex.messaging.services.ServiceException: Attempt to subscribe or unsubscribe to the subtopic, 'mySubtopic', on destination, 'BlazeDsServicePush', that does not allow subtopics failed.
at flex.messaging.services.messaging.SubscriptionManager.addSubtopicSubscribers(Subscription Manager.java:275)
at flex.messaging.services.messaging.SubscriptionManager.getSubscriberIds(SubscriptionManage r.java:241)
at flex.messaging.services.MessageService.pushMessageToClients(MessageService.java:443)
at com.codeofdoom.BlazeDsServiceAdapter.invoke(BlazeDsServiceAdapter.java:84)
at flex.messaging.services.MessageService.serviceMessage(MessageService.java:276)
at flex.messaging.services.MessageService.serviceMessage(MessageService.java:204)
at flex.messaging.MessageBroker.routeMessageToService(MessageBroker.java:1503)
at com.codeofdoom.BlazeDsServiceAdapter$PersonGenerator.run(BlazeDsServiceAdapter.java:64)
public class PersonGenerator extends Thread {
public boolean running = true;
public void run(){
String clientId = UUIDUtils.createUUID();
MessageBroker msgBroker = MessageBroker.getMessageBroker(null);
while (running){
AsyncMessage msg = new AsyncMessage();
msg.setDestination("BlazeDsServicePush");
msg.setClientId(clientId);
List <Person>a= generatePersons();
msg.setMessageId(UUIDUtils.createUUID());
msg.setBody(a);
msg.setHeader(AsyncMessage.SUBTOPIC_HEADER_NAME, "mySubtopic");
msgBroker.routeMessageToService(msg,null);
System.out.println("after msgBroker.routeMessageToService(msg,null);");
try{
Thread.sleep(5000);
}catch(InterruptedException e){
System.out.println("Exception");
e.printStackTrace();Hi,
Did you setup your destination to accept subtopics ?
For example
<destination id="chat">
<adapter ref="chatAdapter"/>
<properties>
<network>
<session-timeout>0</session-timeout>
<throttle-inbound policy="ERROR" max-frequency="50"/>
<throttle-outbound policy="REPLACE" max-frequency="500"/>
</network>
<server>
<allow-subtopics>true</allow-subtopics>
<subtopic-separator>.</subtopic-separator>
<max-cache-size>1000</max-cache-size>
<message-time-to-live>0</message-time-to-live>
<durable>true</durable>
</server>
</properties>
<channels>
<channel ref="my-streaming-amf"/>
</channels>
</destination> -
Atg.rest.RestException: Access to the requested resource is not allowed
Hi,
While testing REST services, I have created a file in my localconfig directory at atg/rest/security named restSecurityConfiguration.xml and added the following lines to the file,replacing #username# with admin ( for testing purpose).
<programlisting>
<rest-security>
<default-acl value="Profile$login$#admin#:read,write,execute"/>
</rest-security>
</programlisting>
Still while accessing the REST service through code, I am getting "atg.rest.RestException: Access to the requested resource is not allowed".
Can anyone please throw some light if I have missed anything here?
Thanks in advance!Hi,
I am facing an InvalidPersonaException , when I try to use the following in my restSecurityConfiguration.xml, any idea of the error? Still, I am able to login through admin credentials in BCC, and it is a valid Internal user.
<resource component="/heb/store/service/RestContactUsManager">
<method name="restContactUsStatus" secure="false">
<acl value="Profile$login$admin:read,write,execute" />
</method>
</resource> -
Java.sql.SQLException: Cannot obtain connection after 3600 seconds. , Exception = Access not allowed
Using Weblogic Platform 7.0 (installed from platform700_win32.exe),
Running a BPM Doamin(WLIDomain with BPM only).
When I try to access my entity bean(CMP), the following exception is getting thrown.
I have seen a similar post in here, but the answer to that post, which says to
provide ACL. does not apply quite well my scenario.
To do this, I right clicked on the connection pool and selected define Ploicy..
It shows two options
RealmAdapterAuthorizer and DefaultAuthorizer; On DefaultAuthroizer i specified
role accessing the resource would be "everyone". - restarted the server - but
still the same error.
Please suggest a solution if any. Do i have to get some service pack for this?
TIA
Ranjith.We have never seen a case yet where this was not a permissions problem.
Do you have a fileRealm.properties file as part of your configuration?
"Ranjith" <[email protected]> wrote in message
news:3f0fdeb3$[email protected]..
>
java.sql.SQLException: Cannot obtain connection after 3600 seconds. ,Exception
= Access not allowed
java.sql.SQLException: Cannot obtain connection after 3600 seconds. ,Exception
= Access not allowed
atweblogic.jdbc.jts.Connection.wrapAndThrowSQLException(Connection.java:701)
atweblogic.jdbc.jts.Connection.getOrCreateConnection(Connection.java:623)
atweblogic.jdbc.jts.Connection.prepareStatement(Connection.java:133)
atweblogic.jdbc.rmi.internal.ConnectionImpl.prepareStatement(ConnectionImpl.ja
va:139)
atweblogic.jdbc.rmi.SerialConnection.prepareStatement(SerialConnection.java:81
atservice.samplemgt.v1_0.ejb.entity.BanksampletypeCMP_ckv0ao__WebLogic_CMP_RDB
MS.ej
bFindAll(BanksampletypeCMP_ckv0ao__WebLogic_CMP_RDBMS.java:873)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.ejb20.cmp.rdbms.RDBMSPersistenceManager.collectionFinder(RDBMSPersi
stenceManager
java:300)
atweblogic.ejb20.manager.BaseEntityManager.collectionFinder(BaseEntityManager.
java:715)
atweblogic.ejb20.manager.BaseEntityManager.collectionFinder(BaseEntityManager.
java:688)
atweblogic.ejb20.internal.EntityEJBLocalHome.finder(EntityEJBLocalHome.java:47
6)
at ... -
Use of non-migratable database link not allowed in OSB
Hi All,
I have a procedure in which tables are invoked using Database links.
Now I have created a business service which uses this procedure. However I am getting below error
The invocation resulted in an error: Invoke JCA outbound service failed with application error, exception: com.bea.wli.sb.transports.jca.JCATransportException: oracle.tip.adapter.sa.api.JCABindingException: oracle.tip.adapter.sa.impl.fw.ext.org.collaxa.thirdparty.apache.wsif.WSIFException: servicebus:/WSDL/E2xInterface_V1/WSDL/GetEWOStatus [ GetEWOStatus_ptt::GetEWOStatus(InputParameters,OutputParameters) ] - WSIF JCA Execute of operation 'GetEWOStatus' failed due to: Stored procedure invocation error.
Error while trying to prepare and execute the SP_GETEWOSTATUS API.
An error occurred while preparing and executing the SP_GETEWOSTATUS API. Cause: java.sql.SQLException: ORA-00604: error occurred at recursive SQL level 1
ORA-24777: use of non-migratable database link not allowed
can we use dblink in procedure while accessing through business service. Please let me know.
Thanks
Chandanahello gurus . i have same problem on my stored procedure what is a non xa datasource. how can i create on my weblogic server
-
Use of non-migratable database link not allowed - weblogic
Can somebody help me with this error?
The application use an entity bean for a view that use a dblink for accesing a table from another oracle database.
Thank you.
javax.ejb.EJBException: EJB Exception: ; nested exception is:
Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-24777: use of non-migratable database link not allowed
Error Code: 24777
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.unwrapRemoteException(RemoteBusinessIntfProxy.java:120)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:102)
at $Proxy190.queryVCommentMonitoring(Unknown Source)
at ro.uct.capone.viewcontroller.Utils.getStatus(Utils.java:36)
at ro.uct.capone.viewcontroller.forms.WatchListForm.validate(WatchListForm.java:114)
at org.apache.struts.action.RequestProcessor.processValidate(RequestProcessor.java:942)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:255)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-24777: use of non-migratable database link not allowedI've gotten past this by creating the dblink as SHARED.
The SQL is
CREATE SHARED DATABASE LINK "yourlink"
CONNECT TO "dbuser" IDENTIFIED BY "dbuserpassword"
AUTHENTICATED BY "dbuser" IDENTIFIED BY "dbuserpassword"
USING 'databasename';
note the quote character use.
You can also use SQL Developer to adjust this.
This does depend on shared database connections between your db's. -
Idoc in error while trying to post vendor invoice(higher items not allowed)
Hi All,
we have two SAP systems. SAP A and SAP B.
SAP A is the vendor for SAP B system we have created a sales order/delivery/out bound invoice in SAP A system.The sales order has BOM material with main item and sub items. We have the same material master data and BOM master data in system A and system B since we are following split architecture.
The outbound invoice(with main and sub item) in system A has generated an outbound idoc and the idoc has gone to SAP
system B. There are the usual segments like E1EDP01 for main item and another E1EDp01 for the sub itmes in the outbound
idoc.The message type is INVOIC and basic type INVOIC02 with no extension.
In system B, the inbound idoc (coming from system A) has failed giving the error message "higher level items not allowed". The
segment E1EDP01 for sub item is highlighted in red ! basically the inbound idoc in sap system B is posting a vendor
invoice since the inbound idoc in B is calling the FM IDOC_INPUT_INVOIC_MRM... I think this is doing vendor invoice
verification.
I have checked in system A, all is ok and the outbound idoc is ok but the issue is in sap system B, the inbound idoc has failed
with message "higher level items not allowed". The segment E1EDP01 for sub item is highlighted in red in inbound idoc in
system B. The segments are the same for inbound idoc in B and outbound idoc in A.
Can someone pls tell what is wrong in system B.(config or data issue) as we are managing both systems.
regds
Edited by: sapsd73 on Jul 9, 2010 3:26 PM
Edited by: sapsd73 on Jul 9, 2010 3:27 PMI do not see any reason why you would need to use COND_A04 if COND_A01 is working.
What if you could get COND_A04 to post and you would face the same result as in COND_A01?
If SAP does not check wrong values, then you have to do it yourself, or you report an incident at SAP (after you have searched for OSS notes that may have fixed this error already)
For example OSS Note 1169998 - IDoc: KONP-LIFNR values not checked
fixed a situation where the vendor number was not validated. -
"There are no shares available or you are not allowed access them..."
I'm admittedly a bit rusty, last time I set up a Mac OS server was 10.4. I'm having a huge problem setting up basic file sharing and it's driving me nuts!
For testing and trouble shooting I've set up a single share, a single user and added that user to a single group. I enabled all services for the user. I then set the POSIX permissions on the share to read and write for the user and the group. I also tried additional ACL permissions to full control. No matter what I do I still get "There are no shares available or you are not allowed to access them on the server". I can log on any admin account with no problems, but I can't get standard accounts to connect! I've tried stopping and starting AFP service with no change. I've re-read all the AFP and permissions sections of the admin guides and the server essentials book. From what I can tell this should all be working. What am I missing?
Thanks in advanceHi Jason
+"What am I missing?"+
SACLs perhaps? What are SACLs? Service Access Control Lists. Where are they? Server Admin > Server Name > Settings > Access. After installation 10.6 Server (by default) toggles Access for all users to the more limited setting below it.
HTH?
Tony -
"Your AutoCorrect file, MSO2057.acl, could not be saved. ..." when attaching a document
Hi,
I'm using Adobe Reader v10.
When I try to attach a document (txt, doc, or whatever), I get the message: "Your AutoCorrect file, MSO2057.acl, could not be saved. The file may be read only, or you may not have permission to modify the file."
Sometimes Acrobat freezes and sometimes I can continue to use it after I've attached the file. I've verified this error on a few pc's.
Winword.exe is *always launched and I have to kill the process via the Task Manager.
1.Why is acrobat trying to access MS proofing tools and how can I stop it from doing so?
Thanks
R.You obviously have Acrobat Pro and not Adobe Reader. You probably need to adjust you security settings in the attachments settings.
You also probably are not the person who set these or maybe the default doesn't allow those types of files. Either way there probably needs to be an adjustment made. You or the Admin who set up security in your deployment package will need to make the adjustment to the deployment package. Here is the reference they need to read:
http://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/Attachments.html?zoom_hi ghlight=attachments#Attachments -
Keychain Certificate Assistant User interaction is not allowed
Hi Guys,
I have a problem with my keychain certificate assistant and require your help with it.
hope to have someone who have the same plight as me.
I am trying to use the certificate assistant to request an certificate from CA.
However i encount this error.
USer interaction is not allowed
I tried to sent to email and failed too witht the same error.
I have also try to repair via firstaid and all are fine.
Also tried to unlock my keychain but nope still can't
Any help?Try running a permissions fix routine on your hard drive using Disk Utility, and then try resetting your home folder permissions by booting to the Lion recovery HD partition (reboot with Command-R held down) and then opening the Terminal (in the Utilities menu) and running the command "resetpassword," which will launch a small password and permissions reset tool. In this tool, select your account and then click the button to reset home folder permissions and ACLs.
After this is done, reboot normally and try creating the certificate again. -
ResourceException: Access not allowed (when trying to grab a connection from weblogic pool)
I am using WLS7 with SP1.
I just recently migrated from WLS6.0. When my code tries to grab a
connection from the pool, it throws an exception
java.sql.SQLException: Pool connect failed:
weblogic.common.ResourceException: Access not allowed
at weblogic.jdbc.pool.Driver.connect(Driver.java:202)
Does anyone know if anything changed from 6.0 to 7?
Here is a piece of the code that throws exception.
Driver driver =
(Driver)Class.forName("weblogic.jdbc.pool.Driver")
.newInstance();
conn = driver.connect("jdbc:weblogic:pool:" +
dbName, null);
Thanks in advance.Hi Jung,
"Jung Yang" <[email protected]> wrote in message
news:[email protected]...
Do you know how to change security setting on the connection pool?
Thanks.WebConsole:
1.Compatibility Security => ACLs
Create a new ACL,
name : weblogic.jdbc.connectionPool.yourPoolname
permission : reserve, reset
group : everynone
2.Services => JDBC => Connection Pool
Create a new Connection Pool
ACL Name : weblogic.jdbc.connectionPool.yourPoolname
In 'Target' tab, choose server and click the Apply button
Slava
>
"Slava Imeshev" <[email protected]> wrote in message
news:[email protected]...
Hi Jung,
Could you try providing weblogic user name and password
in the properties?
Could you also check security setting of the connection pool?
Regards,
Slava Imeshev
"Jung Yang" <[email protected]> wrote in message
news:[email protected]...
Well that is exactly what I am doing. The variable dbName is database
connection pool name that I created in weblogic console. Again, it
worked
in WLS6 but after migration, it stopped working.
Thanks.
"Mitesh Patel" <[email protected]> wrote in message
news:[email protected]...
In my code I am supplying name of the connection pool already
created
in
weblogic server. I am asking you to get connection from the pool
using
pool
driver.
In your case you are trying to create connection straight to
database
using pool
driver.
What I am asking is pass name of the connection pool instead of
database
name.
Thanks,
Mitesh
Jung Yang wrote:
What would be the difference between your code and mine? Mine
simple
appends dbName string value for connection pool name at the end of
"jdbc:weblogic:pool:"? And why same exact code would work in WLS6and
not
work in WLS7?
Thanks.
"Mitesh Patel" <[email protected]> wrote in message
news:[email protected]...
conn = driver.connect("jdbc:weblogic:pool:" +
dbName, null);Instead of doing this what if you use
Connection conn =
myDriver.connect("jdbc:weblogic:pool:myConnectionPool", null);
Will you please try this and see if that helps?
Mitesh
Jung Yang wrote:
Isn't that exactly what I posted for my code piece?
Thanks.
"Mitesh Patel" <[email protected]> wrote in message
news:[email protected]...
Try As described below:
The following example demonstrates how to use a database
connection
pool
from a servlet.
Load the pool driver and cast it to java.sql.Driver. The
full
pathname
of
the driver is weblogic.jdbc.pool.Driver. For example:
Driver myDriver = (Driver)
Class.forName("weblogic.jdbc.pool.Driver").newInstance();
Create a connection using the URL for the driver, plus
(optionally)
the
name of the registered connection pool. The URL of the pool
driver
is
jdbc:weblogic:pool.
You can identify the pool in either of two ways:
Specify the name of the connection pool in a
java.util.Properties
object
using the key connectionPoolID. For example:
Properties props = new
Properties();props.put("connectionPoolID",
"myConnectionPool");Connection conn =
myDriver.connect("jdbc:weblogic:pool", props);
Add the name of the pool to the end of the URL. In this case
you
do
not
need a Properties object unless you are setting a username
and
password
for using a connection from the pool. For example:
Connection conn =
myDriver.connect("jdbc:weblogic:pool:myConnectionPool",
null);
Note that the Driver.connect() method is used in theseexamples
instead of
the DriverManger.getConnection() method. Although you may
use
DriverManger.getConnection() to obtain a databaseconnection,
we
recommend
that you use Driver.connect() because this method is not
synchronized
and
provides better performance.
Note that the Connection returned by connect() is an
instance
of
weblogic.jdbc.pool.Connection.
Call the close() method on the Connection object when youfinish
with
your
JDBC calls, so that the connection is properly returned to
the
pool. A
good coding practice is to create the connection in a try
block
and
then
close the connection in a finally block, to make sure the
connection
is
closed in all cases.
conn.close();
Mitesh
Jung Yang wrote:
I am using WLS7 with SP1.
I just recently migrated from WLS6.0. When my code tries
to
grab a
connection from the pool, it throws an exception
java.sql.SQLException: Pool connect failed:
weblogic.common.ResourceException: Access not allowed
at
weblogic.jdbc.pool.Driver.connect(Driver.java:202)
Does anyone know if anything changed from 6.0 to 7?
Here is a piece of the code that throws exception.
Driver driver =
(Driver)Class.forName("weblogic.jdbc.pool.Driver")
.newInstance();
conn =
driver.connect("jdbc:weblogic:pool:"
+
dbName,
null);
>>>>>>>>>
Thanks in advance. -
Attribute "icsDWPHost" is not allowed
Hi,
I am seeing these in my LDAP errors log.
[26/Sep/2006:09:38:29 +0700] - ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry "uid=sunvpt3,ou=People,o=vpt.vn,dc=vpt,dc=vn", attribute "icsDWPHost" is not allowed
[26/Sep/2006:10:32:02 +0700] - ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry "uid=garry_test3,ou=People,o=vpt.vn,dc=vpt,dc=vn", attribute "icsDWPHost" is not allowed
[26/Sep/2006:10:45:01 +0700] - ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry "uid=vinhtt,ou=People,o=vpt.vn,dc=vpt,dc=vn", attribute "icsDWPHost" is not allowed
[26/Sep/2006:16:48:03 +0700] - ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry "uid=sunvpt2,ou=People,o=vpt.vn,dc=vpt,dc=vn", attribute "icsDWPHost" is not allowed
Any idea what this means?
JES Q105.Here it is:
# entry-id: 3232
dn: o=vpt.vn,dc=vpt,dc=vn
preferredLanguage: en
icsStatus: active
sunEnableGAB: false
sunRegisteredServiceName: SunPortalNetMailService
sunRegisteredServiceName: iPlanetAMAdminConsoleService
sunRegisteredServiceName: iPlanetAMAuthMembershipService
sunRegisteredServiceName: SunPortalSubscriptionsService
sunRegisteredServiceName: iPlanetAMAuthService
sunRegisteredServiceName: iPlanetAMPolicyConfigService
sunRegisteredServiceName: iPlanetAMUserService
sunRegisteredServiceName: SunPresence
sunRegisteredServiceName: SunSSOAdapterService
sunRegisteredServiceName: SunMobileAppABService
sunRegisteredServiceName: SunMobileAppMailService
sunRegisteredServiceName: SunPortalWSRPConsumerService
sunRegisteredServiceName: SunPortalWSRPProducerService
sunRegisteredServiceName: calendarService
sunRegisteredServiceName: SunMobileAppCalendarService
sunRegisteredServiceName: iPlanetAMAuthLDAPService
sunRegisteredServiceName: SunPortalDesktopService
sunRegisteredServiceName: SunIM
sunRegisteredServiceName: mailService
sunRegisteredServiceName: DomainMailService
sunRegisteredServiceName: GroupMailService
sunRegisteredServiceName: UserMailService
sunRegisteredServiceName: UserCalendarService
sunRegisteredServiceName: DomainCalendarService
aci: (target="ldap:///ou=People,o=vpt.vn,dc=vpt,dc=vn")(targetfilter=(!(|(nsro
ledn=cn=Top-level Admin Role,dc=vpt,dc=vn)(nsroledn=cn=Top-level Help Desk A
dmin Role,dc=vpt,dc=vn)(nsroledn=cn=Organization Admin Role,o=vpt.vn,dc=vpt,
dc=vn)(nsroledn=cn=Container Admin Role,o=vpt.vn,dc=vpt,dc=vn))))(targetattr
!= "iplanet-am-web-agent-access-allow-list || iplanet-am-web-agent-access-n
ot-enforced-list || iplanet-am-domain-url-access-allow || iplanet-am-web-age
nt-access-deny-list || nsroledn") (version 3.0; acl "People container admin
role"; allow (all) roledn = "ldap:///cn=ou=People_o=vpt.vn_dc=vpt_dc=vn,o=vp
t.vn,dc=vpt,dc=vn";)
aci: (target="ldap:///o=vpt.vn,dc=vpt,dc=vn")(targetfilter=(!(|(nsroledn=cn=To
p-level Admin Role,dc=vpt,dc=vn)(nsroledn=cn=Top-level Help Desk Admin Role,
dc=vpt,dc=vn))))(targetattr = "nsroledn")(targattrfilters="add=nsroledn:(nsr
oledn=*,o=vpt.vn,dc=vpt,dc=vn),del=nsroledn:(nsroledn=*,o=vpt.vn,dc=vpt,dc=v
n)")(version 3.0; acl "S1IS Organization Admin Role access allow"; allow (al
l) roledn = "ldap:///cn=Organization Admin Role,o=vpt.vn,dc=vpt,dc=vn";)
aci: (target="ldap:///o=vpt.vn,dc=vpt,dc=vn")(targetfilter=(!(|(nsroledn=cn=To
p-level Admin Role,dc=vpt,dc=vn)(nsroledn=cn=Organization Admin Role,o=vpt.v
n,dc=vpt,dc=vn))))(targetattr = "userPassword") (version 3.0; acl "S1IS Orga
nization Help Desk Admin Role access allow"; allow (write) roledn = "ldap://
/cn=Organization Help Desk Admin Role,o=vpt.vn,dc=vpt,dc=vn";)
aci: (target="ldap:///o=vpt.vn,dc=vpt,dc=vn")(targetfilter=(!(|(nsroledn=cn=To
p-level Admin Role,dc=vpt,dc=vn)(nsroledn=cn=Top-level Help Desk Admin Role,
dc=vpt,dc=vn)(nsroledn=cn=Organization Admin Role,o=vpt.vn,dc=vpt,dc=vn))))(
targetattr = "*") (version 3.0; acl "S1IS Organization Help Desk Admin Role
access allow"; allow (read,search) roledn = "ldap:///cn=Organization Help De
sk Admin Role,o=vpt.vn,dc=vpt,dc=vn";)
aci: (target="ldap:///ou=services,*o=vpt.vn,dc=vpt,dc=vn")(targetattr = "*") (
version 3.0; acl "Organization Policy Admin Role access allow"; allow (all)
roledn = "ldap:///cn=Organization Policy Admin Role,o=vpt.vn,dc=vpt,dc=vn";)
aci: (target="ldap:///o=vpt.vn,dc=vpt,dc=vn")(targetfilter=(!(|(nsroledn=cn=To
p-level Admin Role,dc=vpt,dc=vn)(nsroledn=cn=Top-level Help Desk Admin Role,
dc=vpt,dc=vn)(nsroledn=cn=Organization Admin Role,o=vpt.vn,dc=vpt,dc=vn))))(
targetattr = "*")(version 3.0; acl "Organization Policy Admin access allow";
allow (read,search) roledn = "ldap:///cn=Organization Policy Admin Role,o=v
pt.vn,dc=vpt,dc=vn";)
aci: (target="ldap:///ou=iPlanetAMAuthService,ou=services,*o=vpt.vn,dc=vpt,dc=
vn")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role acc
ess Auth Service deny"; deny (add,write,delete) roledn = "ldap:///cn=Organiz
ation Policy Admin Role,o=vpt.vn,dc=vpt,dc=vn";)
aci: (target="ldap:///o=vpt.vn,dc=vpt,dc=vn")(targetfilter="(objectclass=sunis
managedorganization)")(targetattr = "sunRegisteredServiceName") (version 3.0
; acl "Organization Policy Admin Role access allow"; allow (read,write,searc
h) roledn = "ldap:///cn=Organization Policy Admin Role,o=vpt.vn,dc=vpt,dc=vn
aci: (targetattr="icscalendar || cn || givenName || sn || uid || mail")(target
filter=(objectClass=icscalendaruser))(version 3.0; acl "Allow Calendar users
to read and search other users - product=ics,class=admin,num=3,version=1";
allow (search,read) userdn = "ldap:///uid=*,ou=People,o=vpt.vn, dc=vpt,dc=vn
createTimestamp: 20060911111002Z
creatorsName: cn=puser,ou=dsame users,dc=vpt,dc=vn
objectClass: sunISManagedOrganization
objectClass: sunNameSpace
objectClass: top
objectClass: sunManagedOrganization
objectClass: organization
objectClass: inetdomainauthinfo
objectClass: sundelegatedorganization
objectClass: maildomain
objectClass: icscalendardomain
o: vpt.vn
sunNameSpaceUniqueAttrs: uid
sunPreferredDomain: vpt.vn
inetDomainStatus: active
sunOrgType: full
preferredMailHost: HNI-MS-01.vpt.vn
mailDomainDiskQuota: -1
mailDomainStatus: active
icsSessionTimeout: 600
icsAnonymousLogin: yes
icsDWPBackEndHosts: HNI-CAL-01.vpt.vn
sunNumUsers: 45
sunAvailableServices: topaz:1000:-1
sunAvailableServices: mars:10:1
sunAvailableServices: diamond:1000:1
sunAvailableServices: platinum:1000:-1
sunAvailableServices: emerald:1000:-1
sunAvailableServices: vpt_mailhosting:500:-1
sunAvailableServices: bronze:1000:3
sunAvailableServices: defaultmail:1000:-1
sunAvailableServices: silver:10:-1
sunAvailableServices: gold:1000:-1
sunAvailableServices: vpt:1000:-1
sunAvailableServices: ruby:1000:-1
modifiersName: cn=dsameuser,ou=dsame users,dc=vpt,dc=vn
modifyTimestamp: 20060926192841Z
nsUniqueId: f7b74301-1dd111b2-8077a6c6-faa8e3bd
Maybe you are looking for
-
IPhone 4S is loosing connection "no signal" - "searching" after iOS 5.0.1 update
Before the upgrade My Iphone was well, without problem, but yesterday 11/nov/11 I decided upgrade to ios 5.0.1 and my problems began, just when finished the upgrade my phone didn´t recognize my Sim, so i turbed off an on and the problem dessapered,
-
How can I set up a rule to delete all messages older than 6 months left in Apple Mail's main inbox?
How can I set up a rule to delete all messages older than 6 months left in Apple Mail's main inbox? I have created other rules to move some of my daily messages into specific folders and I don't wish to auto-delete those. Just the general stuff that
-
Db_associate fails with : Lock table is out of available lock entries
Hi Occasionally on startup my app needs to rebuild its secondary database, so I call db_associate with DB_CREATE set. If the primary db is large the associate fails with "Lock table is out of available lock entries". Both databases are hashes, so I h
-
How do i find the history if someone else has cleared ur history
someone has cleared my history...and i want 2 see what sites they been going 2
-
Sequential Appointments for Project Management
Is there a way to create a sequence of appointments that are related to one another. I would like to be able to move one appointment and have other related appointments move by the same amount of time. Ultimately this would allow a critical path of a