Authenticate SSAS user using ADFS
Hi,
We have developed some SSAS cubes, but client is not able to access then as the client is on a different domain. We need to expose our OLAP services over HTTPS and authenticate client using ADFS claims.
Please let me know if this is possible, and how to host/ setup OLAP services over HTTPS using IIS.
Regards,
Ritesh
Hi Ritesh,
According to your description, the users and the SQL Server Analysis Service server are not on the same domain, what you want is that let user enable browse the cube data, right?
In this case, here is a blog which describe how to connecting to SQL Server Analysis Services using a Different Domain Account that the user currently log on (SSAS on Different Domain and the user logon to another Domain), please see:
http://blogs.technet.com/b/nraja/archive/2011/09/19/connecting-to-sql-server-analysis-services-using-a-different-domain-account-that-the-user-currently-log-on-ssas-on-different-domain-and-the-user-logon-to-another-domain.aspx
Regards,
Charlie Liao
TechNet Community Support
Similar Messages
-
Create .jspx page to add users using ADF security.
Hello,
I'm using JDeveloper 11.1.1.3. I've created a login page (form based) with different users and roles using ADF Security. I'm able to successfully login/logout through the users and get redirected to the home page. However, i'm asked to create a page by which i can create users and add roles to them. This page will only be accessible by the administrator. I searched this forum for anything that might help, but couldn't find anything. Can anyone help?
Thanks,
Mohamed.check this thread:
Re: change password in jazn-data.xml programmatically -
Authenticate Portal user using AD
Users are getting authenticated with OID.
Question is :
Would it be possible to authentocate with AD and if user does not exists in AD then authentocate using OID.
We have more users in OID. Not all users have AD userid /password but they do have account in OID.
Is it possible to do ?
Thanks
SanjayHi Ritesh,
According to your description, the users and the SQL Server Analysis Service server are not on the same domain, what you want is that let user enable browse the cube data, right?
In this case, here is a blog which describe how to connecting to SQL Server Analysis Services using a Different Domain Account that the user currently log on (SSAS on Different Domain and the user logon to another Domain), please see:
http://blogs.technet.com/b/nraja/archive/2011/09/19/connecting-to-sql-server-analysis-services-using-a-different-domain-account-that-the-user-currently-log-on-ssas-on-different-domain-and-the-user-logon-to-another-domain.aspx
Regards,
Charlie Liao
TechNet Community Support -
Use User-certificates to authenticate a user?
Hi,
I have hit a big road block and so decided to reach for some help and information.
I figured out later that blazeds forum can be the best place to get some channelset authentication questions answered
I am using blazeds & Spring security on the server. As of now my application using channelset.login(username,password) to authenticate the user.
A new requirement has been introduced to authenticate the user using user-certificates derived from a smart card.
I can use spring-security filters to pass the certificate to the server and the validate it. But I have open questions about channelset authentication.
1. Is it required to call the channelset.login method inorder to use AMF Channels & StreamingAMFChannels?
2. Can I pass user-certificate instead of password in a login call and still authenticate the channelset?
3. I have to use the channelsets , so is there way to bypass username , Password based authentication?
Thanks,Hi,
I have hit a big road block and so decided to reach for some help and information.
I figured out later that blazeds forum can be the best place to get some channelset authentication questions answered
I am using blazeds & Spring security on the server. As of now my application using channelset.login(username,password) to authenticate the user.
A new requirement has been introduced to authenticate the user using user-certificates derived from a smart card.
I can use spring-security filters to pass the certificate to the server and the validate it. But I have open questions about channelset authentication.
1. Is it required to call the channelset.login method inorder to use AMF Channels & StreamingAMFChannels?
2. Can I pass user-certificate instead of password in a login call and still authenticate the channelset?
3. I have to use the channelsets , so is there way to bypass username , Password based authentication?
Thanks, -
Authenticate ADF application using adf security wizard against LDAP OID
I have an adf application which i intend to authorise using LDAP. For now , i have actually hand coded in java for authenticating the users of my application. Using JNDI I directly connect to LDAP and authenticate users. However , recently it came to my notice that i can also do that using ADF sercurity wizard , but i am unable to do so. which securing the ADF application ,no where in the wizard LDAP configuration is mentioned. do i have to change some file manually ? i have no idea on how to proceed on that.
i have setup wls , making th OIDAuthentication as Sufficient. but i dont know how to configure from ADF side so that it can authenticate against LDAP. when i try the ADF sercurity wizard option , it tells me to create new Roles . Is there any way where i can import the ldap credentials to the security wizard ..?
-
How to crate new user in adf security using jspx page
how to crate new user in adf security using code in java file.plz help me this work will submited to day plz help me...
sigh
Search really would help and point you in the right direction. You'd find [url http://forums.oracle.com/forums/thread.jspa?messageID=4584464]this, for example. -
Best way Of providing user authentication using ADF security...
Hi,
I have a web application . I want to implement to ADF security to the application.. What is the best approach of doing this? I have the user information in the database tables along with the roles and other information. I want to these tables for authorization ?
What is the best approach to do this? It would be great if u could help ..
I ma using 11g release 2
Thanks in advance.
RakeshHi,
Thanks for the quick response.
I have been looking at the post but i found one of the forum post in which the person was saying the SQLAuthentication doesnt work ..
"Be wary when using ADF Security (OPSS) with a SQLAuthenticator.
This is feedback I got in SR 3-4124753004 :
"If the you want to use DB as the identity store, then the supported way is to buy OVD server license and configure DB adapter in OVD and then configure an OVD authenticator in Weblogic. SQLAuthenticator will not be used as identity store. And, we do not recommend to use LibOVD for DB identity store. OVD server is the recommended and supported way."
related bugs are :
- bug 13876651, "FMW CONTROL SHOULD NOT ALLOW MANAGING USERS GROUPS FROM SQL AUTHENTICATOR"
- enhancement request 12864498, "OPSS : ADDMEMBERSTOAPPLICATIONROLE : THE SEARCH FOR ROLE FAILED"
related forum threads are :
- "ADF Security : identity store : tables in a SQL database"
- "OPSS : addMembersToApplicationRole : The search for role failed"
regards
Jan Vervecken"
Is this true?
Rakesh -
Authenticate Users Using an LDAP Server
Hi,
I did implement 'Authenticate Users Using an LDAP Server' according the link blow below.
[http://www.oracle.com/technology/products/database/application_express/howtos/how_to_ldap_authenticate.html]
It works OK to specific DN String, example 'cn=%LDAP_USER%,OU=Menahel,OU=Cmp,DC=ho,DC=discount'.
We have a lot of domain rules, mean the users not located at the same DN.
Is it possibale to use general DN string (base root) like 'cn=%LDAP_USER%,*,*,DC=ho,DC=discount?
Thanks in advance,
ShayAugusto, one thing to check (since it caught me out) is that your LDAP entries conform to the right format, namely
"cn=Bob" etc
When I was integrating HTMLDB LDAP against a Sun One Directory Server, it had me scratching my head for ages, until I realised that the LDAP entries had been created in the format of -
"uid=bob" rather than "cn=bob"
This might not be your problem, but it's worth checking anyway ;) -
Authenticate partial SSO users using LDAP
Hi all,
Is it possible to authenticate a group of the Portal users using an LDAP server, i.e. not to authenticate all the users using the LDAP server. I want to do this because we have a large number of customers (over 100,000) which are already defined in the LDAP server and I donot want to re-create them into the Portal login server, also I have many Portal users defined normally using the Portal "Add User". And if there is no such option, then is it smooth to move from database authentication to the LDAP server authentication (reference for the steps is appreciated)? We are using iPlanet LDAP server which is LDAP v3 compliant.
Best to allOf course, Single Sign-On implies that you are using a portal, or a cunningly-configured BSP. NTLM is only an option if using a Windows-based IIS as a proxy to your Unix box. Otherwise, you need to use the SPNEGO login module, which is not on general release (it is available on a consulting basis only - see Michael Sambeth at SAP).
Until SAP use UME within the ABAP core, I don't see an elegant solution to this.
- Darren -
Using ADFS authentication to perform SSO via HTTP GET request
Hi,
Can i authenticate users (those users are clients, at home) to a web application using ADFS without SAML tokens?
The situation is that i want the clients to perform SSO to the website via a link they receive in their mailboxes.
I thought about a solution that combines JWT in a URL link that each user will get to his private mail. this link will contain the users' claim (such as ID Num, given from AD DS Server dedicated especially for them).
Thus, the user will receive an email with a link that already contains a short period of time JWT to perform SSO to the webapp.
Is it possible ? anybody heard about a similar solution ?Sandra
Thanks for your message
Here is the my requirment
The basic flow of a Where 2 Get It REST API call is:
1) create the required XML structure,
2) URI encode it,
3) make a HTTP GET request,
4) then parse the return XML document.
Currently i have some data in ABAP structure with 5 fields, i need to create XML from the those 5 fields,and needs to be URI
encode it, and then needs to make a HTTP get request to connect Where to Get It REST API, finally it will return XML document via HTTP Get request , and then needs to convert the return XML to ABAP structure for further processing .the above 4 points will be implemented in my report.
Any body could help on this -
Hi,
Our company has various system like Oracle Apps, Peoplesoft, SAP and some custom systems which uses microsoft active directory. All the system has a common User ID but diffrent password as set by the user. For now every user have to remember 4 different passwords and username(in some cases).
We wish to integrate the Authentication process using BPEL. Some thing like a SSO so the user will login into a new application(Build using ADF) like a portal, which will contain the links to all the above stated application. With this new application the user will have to remember only one user name and password and this user name and password will be sinked with all the other applications using BPEL.
Can you guys through some ideas as in how we can acchive this? Is it possible to integrate the Authentication process using BPEL?
Thanks in advance,
Deepak.Why dont you synch ypur users in OPID and keep one username password there and then use external application or portal context to authenticate to all your other applications?
-
Using ADFS with SharePoint Foundation 2013?
We have a WSS 3.0 web site used primarily for sharing documents with business partners who do not work for our company. We plan on doing the 2 step upgrade to SharePoint Foundation 2013
Our internal users also use it but normally just use internal network file shares if they aren't planning to share the documents with external users.
Each business partner's company has a sub site within our main WSS site and documents are uploaded to that section of the site if we want to share documents with employees of that company.
Since we use AD for authentication, to make this work, we create AD user accounts for each external user and add them to a security group that gives them access to only their company's subsite on the main site.
We have to maintain their passwords, reset them and delete/disable them when that person no longer needs access. Each business partner has a limit on the number of users who can get one of our AD accounts due to limits on the number of CALs available
to them. It is messy because these users often forget their passwords since they aren't using these accounts every day.
Is there a better way to do this so that we no longer have create and maintain user accounts for external users other than having to do a domain trust with all these other domains?
I have heard of ADFS, but will it allow us to still control which sites and documents the external company users can access if we are not creating and managing the accounts and adding them to the correct security groups ourselves?
We don't want every user from the partner's domains to be able to access the site. If we use ADFS, how do we keep control of which external users have access to the site?Yes, you would add permissions just the same way you do with users from your local Active Directory. And yes, if you chose the email address to be the user's identifier, you would simply ask for the email addresses that you wanted and input those to the
appropriate permissions on your SharePoint sites.
You'll want to take a look at this:
http://blogs.msdn.com/b/russmax/archive/2013/10/31/guide-to-sharepoint-2013-host-name-site-collections.aspx
Also another thing to keep in mind is that you'll need to have those 3rd parties set up ADFS themselves, and you'll create an ADFS Trust between you and the 3rd party.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Once again, an update appears to have broken Messages/Jabber's ability to authenticate AD users after the 10.9.2/Server 3.0.3 update even though it was working well before. Hoping someone here has some ideas for how to help!
I can log in just fine as a local user (e.g. [email protected]), but no luck with AD users (e.g. [email protected]). As always, it fails with no intelligible error message whatsoever:
Mar 1 09:46:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] connect
Mar 1 09:46:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] disconnect jid=unbound, packets: 0
Mar 1 09:48:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] connect
Mar 1 09:48:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] disconnect jid=unbound, packets: 0
I reset the jabber server configuration as described here to no avail: https://discussions.apple.com/thread/5354428
The DNS configuration looks good:
changeip -checkhostname
Primary address = 10.0.17.15
Current HostName = comet.ADdomain.private
DNS HostName = comet.ADdomain.private
The names match. There is nothing to change.
dirserv:success = "success"
The Jabber status from jabber:
serveradmin fullstatus jabber
jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "0"
jabber:currentConnectionsPort1 = "0"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.211"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "comet.ADdomain.private"
jabber:hosts:_array_index:0 = "comet.ADdomain.private"
jabber:setStateVersion = 1
jabber:startedTime = "2014-03-01 17:39:06 +0000"
jabber:readWriteSettingsVersion = 1
Full jabber server startup log:
Mar 1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: waiting for jabberd to finish startup...
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: loaded user table (1 users)
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: couldn't open filter file /etc/jabberd/router-filter.xml: No such file or directory
Mar 1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: jabberd service startup completed.
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/s2s[1787]: starting up (interval=60, queue=60, keepalive=0, idle=86400)
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: initialized auth module 'apple_od'
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: initialised storage driver 'sqlite'
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'sess-end' (order 0 index 0 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-sess' (order 0 index 1 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-sess' (order 1 index 2 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'in-sess' (order 2 index 3 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=5347] listening for incoming connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [comet.ADdomain.private] configured; realm=comet.ADdomain.private, registration disabled, using PEM:/etc/certificates/mail.ADdomainbio.com.E41BBC081993E348B26181D9CB334A28137A8D8D.concat.pem
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [c2s] online (bound to 127.0.0.1, port 49353)
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5222] listening for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5223] listening for SSL connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: ready for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'in-sess' (order 3 index 4 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'in-sess' (order 4 index 5 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] set as default route
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] online (bound to 127.0.0.1, port 49354)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: ready for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'in-sess' (order 5 index 6 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'in-sess' (order 6 index 7 seq 0)
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Starting up...
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Loading persistent rooms from disk...
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Finished loading rooms from disk
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Connecting to XMPP server at 'comet.ADdomain.private' as 'rooms.comet.ADdomain.private'...
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'in-sess' (order 7 index 8 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'in-sess' (order 8 index 9 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'in-sess' (order 9 index 10 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'in-sess' (order 10 index 11 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-sess' (order 11 index 12 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'in-sess' (order 12 index 13 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'in-router' (order 0 index 14 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-router' (order 1 index 1 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-router' (order 2 index 12 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-router' (order 3 index 2 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'out-router' (order 0 index 2 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-sm' (order 0 index 0 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'pkt-sm' (order 1 index 6 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-time' added to chain 'pkt-sm' (order 2 index 15 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'pkt-sm' (order 3 index 16 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-sm' (order 4 index 9 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-sm' (order 5 index 8 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'pkt-sm' (order 6 index 11 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'pkt-sm' (order 7 index 17 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'echo' added to chain 'pkt-sm' (order 8 index 18 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-sm' (order 9 index 12 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'pkt-user' (order 0 index 3 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-user' (order 1 index 12 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'pkt-user' (order 2 index 5 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-user' (order 3 index 9 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'pkt-user' (order 4 index 13 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'pkt-user' (order 5 index 4 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'pkt-user' (order 6 index 10 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-user' (order 7 index 0 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'pkt-router' (order 0 index 14 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-router' (order 1 index 8 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-load' (order 0 index 19 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'autobuddy' added to chain 'user-load' (order 1 index 20 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-load' (order 2 index 3 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster-publish' added to chain 'user-load' (order 3 index 21 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-load' (order 4 index 2 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-load' (order 5 index 4 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-create' (order 0 index 19 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'template-roster' added to chain 'user-create' (order 1 index 22 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-delete' (order 0 index 19 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'user-delete' (order 1 index 11 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'user-delete' (order 2 index 10 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-delete' (order 3 index 2 seq 4)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-delete' (order 4 index 3 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-delete' (order 5 index 4 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'user-delete' (order 6 index 0 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'user-delete' (order 7 index 7 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'user-delete' (order 8 index 5 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'disco-extend' (order 0 index 16 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'disco-extend' (order 1 index 17 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: version: jabberd sm 2.2.17-409
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: [comet.ADdomain.private] configured
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [sm] online (bound to 127.0.0.1, port 49355)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: sm ready for sessions
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [comet.ADdomain.private] online (bound to 127.0.0.1, port 49355)
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] connect
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] authenticated as proxy65.comet.ADdomain.private
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [proxy65.comet.ADdomain.private] online (bound to 127.0.0.1, port 49356)
Mar 1 09:52:23 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] connect
Mar 1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] authenticated as rooms.comet.ADdomain.private
Mar 1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [rooms.comet.ADdomain.private] online (bound to 127.0.0.1, port 49357)
Mar 1 09:52:24 comet.ADdomain.private Rooms[1792]: Successfully connected to XMPP server, ready for activity
I am not sure if it's attempting to authenticate to AD or not, and if so, why it might be failing. Any suggestions would be greatly appreciated!uscadvit wrote:
Here is the output without the name of our AD:
Advanced Options - User Experience
Create mobile account at login = Disabled
Require confirmation = Enabled
Force home to startup disk = Enabled
Mount home as sharepoint = Enabled
Use Windows UNC path for home = Enabled
Network protocol to be used = smb
Default user Shell = /bin/bash
Advanced Options - Mappings
Mapping UID to attribute = not set
Mapping user GID to attribute = not set
Mapping group GID to attribute = not set
Generate Kerberos authority = Enabled
Advanced Options - Administrative
Preferred Domain controller = not set
Allowed admin groups = not set
Authentication from any domain = Enabled
Packet signing = allow
Packet encryption = allow
Password change interval = 14
Restrict Dynamic DNS updates = not set
Namespace mode = domain
That looks correct. Lets collect a few more config items.
Copy / paste the output of this command when run against c2s.xml:
sudo grep '<id require-starttls="true" pemfile="' /Library/Server/Messages/Config/jabberd/c2s.xml
Ours looks like this:
<id require-starttls="true" pemfile="/etc/certificates/chat.example.com.1234567890.concat.pem" private-key-password="12345678-1234-1234-12345678" cachain="/etc/certificates/chat.example.com.1234567890.chain.pem" realm="example.com">example.com</id>
Copy / paste the output of this command when run against sm.xml. To give us context, it will display the 6 lines above and below the text:
sudo grep -C 6 'If not set, the SM id is used. -->' /Library/Server/Messages/Config/jabberd/sm.xml
Ours looks like this:
<!-- Local network configuration --> <local> <!-- Who we identify ourselves as. Users will have this as the domain part of their JID. If you want your server to be accessible from other Jabber servers, this IDs must be FQDN resolvable by DNSes. If not set, the SM id is used. --> <id>example.com</id> <!-- <id>vhost1.localdomain</id> <id>vhost2.localdomain</id> --> </local>
Copy / paste the output of this command:
sudo serveradmin settings jabber
Ours looks like this:
jabber:dataLocation = "/Library/Server/Messages"jabber:s2sRestrictDomains = nojabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"jabber:sslCAFile = "/etc/certificates/chat.example.com.1234567890.chain.pem"jabber:jabberdClientPortTLS = 5222jabber:sslKeyFile = "/etc/certificates/chat.example.com.1234567890.concat.pem"jabber:initialized = yesjabber:enableXMPP = nojabber:savedChatsArchiveInterval = 7jabber:authLevel = "STANDARD"jabber:hostsCommaDelimitedString = "example.com"jabber:jabberdClientPortSSL = 5223jabber:requireSecureS2S = nojabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"jabber:enableSavedChats = nojabber:enableAutoBuddy = yesjabber:s2sAllowedDomains = _empty_arrayjabber:logLevel = "ALL"jabber:hosts:_array_index:0 = "example.com"jabber:eventLogArchiveInterval = 7jabber:jabberdS2SPort = 0
Also, while you're troubleshooting, I found Adium's debug window to be invaluble for showing errors during logon (even if you plan to use Messages).
You can open it in debug mode by holding option + click Adium.app, select "start in debug mode". Then in Adium menu > Debug window. -
How to create a movable box using adf faces (without using oracle composer)
Hello All,
I am new to adf and i need to create a movable box . A box which the user can move anywhere he wants on the page and he should be able to minimize and maximize it.
(ex:igoogle).
According to my requirements i need to do it using adf components
any help pleaseHi,
as you need to persist the user change, you will need to have a look at MDS. See 31 at http://www.oracle.com/technetwork/developer-tools/adf/learnmore/index-101235.html
It has a createDepartments.jspx page that allows users to move the input text fields around. You can use code similar to the one used here to move panelBoxes
Frank -
How can I authenticate a User In Windows Active Directory?
I need to authenticate a user in Windows Active Directory, but I found use the code below will return true if the user name and password are both correct and false if one of them is wrong. But when I input a user name which is not exist in Active Driectory with a blank password, it will also return true. What shall I do? Ask every user must input a password withnot blank?
Please give me some help to solve this problem. Thanks a lot.
Code:
private Context ctx = null;
Hashtable env = new Hashtable ();
boolean isValid = false;
try {
this.setEnvironmentProperties();
String domainName = AuthenticateResources.getString("mydomain.com");
//set the name of domain with the user name
String fullName = name + "@" + domainName;
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldap://mydomain:389");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
//set user related information
env.put(Context.SECURITY_PRINCIPAL, fullName);
//set user password
env.put(Context.SECURITY_CREDENTIALS, password);
//validate user
ctx = new InitialDirContext(env);
isValid = true;
}catch (AuthenticationException ex){
isValid = false;
catch (NamingException ex) {
throw ex;
}finally{
this.freeContext();
return isValid;This is usually a problem if Anonymous Binding is enabled. I have faced this in other Directory Servers, but I am not familiar with Active Directory.
I think by default Active Directory disables Anonymous Binding, but you may want to check.
Maybe you are looking for
-
Cannot print to Epson Artisan 725
Okay, the first time I set this thing up I was able to print wirelessly no problem. After restart, though, it refused to print at all--not via USB, Ethernet or wireless. It does, however, scan and save to my computer just fine. Epson of course feels
-
Macbook air to dual monitors (DVI and dual link DVI)
Hi i have MacBook Air (13-inch, Mid 2013), which only has a mini-displayport input. i have these two monitors, one monitor has DVI, VGA, HDMI, and the other monitor has only Dual-link DVI-I. http://www.newegg.com/Product/Product.aspx?Item=N82E1682401
-
Re in stall flash player Min mC OXac 10.6
I can no longer play viedo from many web sites allways same thing Missing Plug in derect me to change addm password try that no luck. flash player the same thing player any help i sure could use Old guy \ MAC OSX 10,6,8, min mac re in stalled
-
MIGO: determination of storage location for empties
Hello SD experts, Case: plant A delivers materials to plant B (interplant delivery). This delivery is posted GR through TC MIGO (based on delivery). Now, the issue is that SAP is not able to automatically determine the storage location for the emptie
-
In site management, get upgrade, the form won't take my credit card
I don't think there is problem with my credit card, but the upgrade form keeps saying that it looks like I'm entering an invalid number. Have there been any issues with the form? Is there someone I can talk to about this? The send message link on tha