Authenticated Users & Users missing from Root

Similar Messages

• Retrieve authenticated user name from environment

  Hi All,
  I'm connecting to Oracle from C++ using OCCI API. At the same time, the database authentication is based on secure Oracle Wallet feature.
  conn = env->createConnection("","",connection_string);
  Now, after I've created connection can I retrieve user name from the environment or connection object without querying database?
  Thank you.

  Hi Patrick,
  I'm just trying your code example in Eclipse but it gives me plenty of errors so I guess I'm not importing the right libraries or so.
  My goal was to write just a simple response.write of the userID stored in the cookie...
  The first error appears in the "ticket.setCertificates(this.certificates);" line, saying that "certificates cannot be resolved"..
  Here's what I used :
  import com.sapportals.portal.prt.component.*;
  import com.sap.security.*;
  public class cookie extends AbstractPortalComponent
      public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)
            try
            com.sap.security.core.ticket.imp.Ticket ticket = new com.sap.security.core.ticket.imp.Ticket();
            ticket.setCertificates(this.certificates);
            ticket.setTicket(base64Value);
            String vali = ticket.toString();
            ticket.verify();
            if (ticket.isValid())
            info = new SAPTicketInfo(ticket.getUser(),ticket.getSystemID(),ticket.getSystemClient(),ticket.getExpirationDate(),ticket.getCodepage());
            response.write (info);
            else
            throw new TicketVerifierException("Ticket is invalid ");
            catch (Exception ex)
            throw new TicketVerifierException("Error in verifying ticket "+ex.getMessage(),ex);
  What am I missing ?

• Authenticated users sending from blacklisted IP's

  Hi Guys,
  I've read quite a few posts here about allowing 'good users' send from blacklisted IP's. Most of the solutions involve creating a rule for the ip and user.
  I'm just wondering is there a more elegant catch all solution. The scenario we are in is as follows.
  Our organisation sees a lot of our members travelling and sending mail from hotels, road side cafés, or USB 3G dongles (mobile devices). Some also live abroad and work from home.
  At any one time there could be 40-50 users off site at conferences or in transit to or from various seminars.
  As a consequence quite a few of them cannot send mails as they inevitably find themselves trying to send from blacklisted IP's.
  I have the SBRS set to block from -10 to -6. I don't think this is overly aggressive, and I'm not keen on relaxing this any further than it already is.
  It's not an option to constantly add IP's and users to and from rules as most of my day would be filled with requests just for this.
  Is it a just matter of changing Connection Behaviour from 'Reject' to 'Continue' for the Blocked Mail Flow Policy?
  I feel I'm missing something simple here :oops:
  R.

  Hi Guys
  I finally have a resolution to this problem, which was provided by IronPort support.
  The sender will be classified into the appropriate HAT sender group based on SBRS as normal and will be subject to any mail flow rate limiting that has been set up. This can not be avoided unless you want to set up a new listener and/or interface specifically for SMTP Auth traffic.
  However, if a sending host matches the Blacklist and the sender is using SMTP Auth, there is a way to still allow them to send the message. To do this you can enable the Delayed HAT rejection on the listener. This delays the normal rejection due to the Blacklist until the sender has a chance to authenticate. Then they can send their message.
  To enable this, log into the CLI and run the listenerconfig command then choose setup. You can press Enter to accept the current value for each choice until you see the setting:
  'By default connections with a HAT REJECT policy will be closed with a banner message at the start of the SMTP conversation. Would you like to do the rejection at the message recipient level instead for more detailed logging of rejected mail? [N]>'. Choose Y for this. Press Enter the rest of the way through until you return to the main command prompt. Then type commit to save the change.
  I can confirm that I have tested this and it has resolved the issue. :D
  Matt

• Weblogic on Unix, authenticating users/groups from NT domain controller

  Hi!
  Our weblogic 6.1 server will eventually run on a non-windows platform, but
  needs to authenticate users from a Windows NT 4.0 domain controller. What's
  the best solution to this?
  - What (inexpensive) LDAP-servers supports synchronization with a Windows
  domain controller?
  - Or am I missing out on other ways of doing this?
  jan henrik

  Yes. Other instrinsic jobs are failed too. Does this related to Job Dispatcher service? Thank you for your help.

• AddressListMembership and user missing from GAL

  Hello,
  Exchange 2010 sp3, RU3 windows 2008 Entrprise
  I have a user who, I am unable to see from outlook global address book. It has been more than 72 hours since the account was created.
  I compare a user I can see in GAL and the user that is not seen in GAL has the "AddressListMembership                  : {}"
  missing. 
  How do I go about to ensure he has it set correctly ? 
  AddressListMembership                  : {\All Users, \Default Global Address List}
  User that appears in GAL has the below
  get-mailbox jsnyder | fl
  AddressListMembership                  : {\All Users, \Default Global Address List}
  User NOT in GAL hasthe below
  get-mailbox bthoron | fl
  AddressListMembership                  : {}
  thanks!
  JOe

  This might be more than what you are asking, but here's the steps I use for OAB Troubleshooting:
  (Shell) Update-GlobalAddressList –Identity “Default Global Address List” –DomainController “dc.fqdn.name.goes.here”
  (EMC) Right click on the Default Offline Address List in EMC under Org>Mailbox>Offline Address Book and select Update (make note of which server is the generation server for the address book)
  (Shell) Get-OfflineAddressBook | Update-OfflineAddressBook
  Restart BITS service
  (Shell) Get-ClientAccessServer | Update-FileDistributionService
  (Services) Manually stop and restart the Microsoft Exchange File Distribution Service on Exchange Server that generates the default offline address list (refer to the note made above on which server
  is generation server)
  Browse to D:\Program Files\Microsoft\Exchange Server\ExchangeOAB and verify the modified date changes for the OAB folder (07360…)
  Wait for about 15-20 minutes, then download a full copy of the offline address book in Outlook (uncheck the option to download changes only)

• User missing from all site collections but present in User Profile (Central Admin)

  I have a user who does not show up in "People and Groups" (or if I search for this user) in any of the site collections but does show up when I look up his user profile on Central Admin. I've tried to add this user to the site collection using
  the following command, but I get an error: " The specified user domain\accountname could not be found."
  Get-SPWeb 'http://site' | New-SPUser -UserAlias 'domain\accountname'
  Idk if this is related, but on this user's profile, "Personal Site" field shows up as "SPSSITEERROR".
  Any help would be greatly appreciated.
  Thanks.

  Hi,
  I recommend to check if the user exists in Active Directory firstly.
  If yes, then the error will occur. And for the user profile of the user, it may due to the user profiles have not been synced with Active Directory yet.
  That "Personal Site" field shows up as "SPSSITEERROR" means that the MySite of that user has not been created successfully.
  I recommend to run User Profile Synchronization timer job and then check the results.
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• OD users missing from user lists on servers bound to open directory

  Hi,
  I've got an OD master set up on a 10.4 server. Two other servers (one 10.4 and one 10.5) are bound to the first for directory services. If I open Workgroup Manager on the OD master, I see a complete list of users. If I open a user/group "drawer" on either of the other servers, to add users to SACLs or share point permissions, the lists are short numerous users (4 out of 12 starting with the letter "A" alone).
  Has anyone ever seen this? I removed and rebound one of the servers, but it still had only a partial list of users. A have compared parameters for users who show up with those who don't, but can see no difference?
  Thanks,
  Sue

  This may be a stupid question but have you run sudo chown on the user's home directory after creating it?
  I had the same problem and my solution is posted here: http://discussions.apple.com/thread.jspa?threadID=1290158&tstart=0
  Let me know if that works. If not, we'll work on it together.

• Tmp file missing from root

  Hello,
  I need to create a bootable backup of my hard drive, but my cloning solftware says it can't because a required system file (tmp) does not exist at the root of the source volume. I don't remember intentionally removing it. Is there a way to reinstall it where it belongs.
  Thanks in advance,
  josearturo

  First, use Disk Utility to repair permissions. If the "real" /private/tmp/ folder is missing this will replace it. Next recreate the symbolic link in the root:
  If your /tmp file is suddenly missing, various action such as starting Classic, printing, software update, file sharing, and burnings discs will not function. To fix this, open up the Terminal and type:
  sudo ln -s /private/tmp /tmp
  Hit return, enter your admin password, and hit return again.

• Get authenticated user name (HTTP basic auth)

  Hi.
  How can I get the authenticated user name from a BPEL process when the service is protected with HTTP basic auth?
  I'm running SOA Suite 11.1.1.5.
  Thanks in advance.
  Mick

  Doh! Ok So I've added a SOAP Handler to automatically add the username and password for the HTTP Basic Auth.
  All in all does this setup sound right?

• How come the switch user option is missing from my lock screen?

  I upgrade to Lion my iMac Core 2 Duo and now when I lock the screen the switch user option is missing from the lock screen, you just have to cancel o renter as the original user, so that if another member of my family wants to switch and use the mac he or she cannot do it.
  This is what I am talking about (image taken from a lion review): http://dl.dropbox.com/u/134544/forum/Schermata%2007-2455766%20alle%2011.05.12.pn g
  The switch user option is totaly absent, I just have the cancel.
  It that a bug or what?
  Please note this happens only when I lock the screen from the screensaver, i.e. requesting the password to restart from the screensaver, if I get to the login windows all users appears correctly and people can switch back and forth.
  Thank you.
  –
cordialmente,
  tiziano solignani, da  Mac
  http://ts.solignani.it (splash)
  http://goo.gl/p6Sb0 (libri)

  I just talked to apple support.  They said Lion doesn't support this feature.  They gave me a work-around, which was to disable requiring a password in the screen saver.  Then enable user switching so it appears in the top right of the banner.  Note that since the screen saver no longer locks the screen, in order to actually lock the screen the user must click on the upper right user list and select something like "Login user...".
  This issue has left me disappointed with apple for a few reasons.  Hopefully someone at apple will take note:
  1. Apple removed a useful feature.
  2. Apple did not provide a response to this thread which would have been the best forum to inform users of this change.  It would have saved me and apple one long phone call.

• User Guide missing from downloads

  I've noticed that the User Guides are now missing from the downloads for various models.  Is there a reason for this ?  Although you can still retrieve them via Google, I was just easy finding them on the download page.
  Owner & Operator of the following:
  ● Lenovo Ideapad Z570 w/ Win 7 & Win 8.1 Dual Boot ● Lenovo Yoga 3 Pro w/ Windows 8.1 ● Toshiba A75-S206 w/ Win 7
  ● IBM Thinkpad T-23 w/ Win XP ● IBM Thinkpad T-22 w/ Win XP • As well as multiple desktops dual/triple booting XP, Vista and Win 7.
  ★ Find a post helpful? Thank that member by clicking on the ☆Star☆ to the left awarding them a Kudo.
  ★ Posting a problem and a reply is helpful and it answers your question, please mark it as an "Accepted Solution"
  ★ I'm not a Lenovo employee, just a volunteer geek who likes to help folks. Enjoy your time here, pay it forward by helping others !
  ★ Sorry, I don't answer questions via Private Messages. Posting in the appropriate forum is the best way to get assistance.

  Majestic,
  I've routed this to the eSupport team. Should hear from them soon
  Thanks!
  WW Social Media
  T61, T410, x240, Z500, Flex 14
  Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
  Follow @LenovoForums on Twitter!
  How to send a private message? --> Check out this article.
  English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество

• How can I stop authenticated users from getting other user's information?

  We recently discovered that it is possible for authenticated users, via KMu2019s details view, to view details about the other users that have access to the same resource as you.  Our portal (7.0 sp15) is used for an external facing web site.  We have secured it against anonymous users but the problem still remains for authenticated users.  Here is an example:
  The KM folder documents\Public Documents has been assigned read permissions for the group Everyone.  An authenticated user can open the URL https://<host>/irj/go/km/navigation/documents/Public%20Documents and a list of folders are shown.  The user can then select the Details from the menu for one of the folders and the Details iview is displayed.  They then select the menu item Settings > Permissions and the users/groups/roles assigned to this folder are shown.  The user can then select a user and view that users name and email address or the user could select a group and view for each member of the group the user id, name, and email address which could then be used to help attack the site.
  So I thought it would be easy enough to disable the details view for all users but content managers or administrators but I seem to running into difficulty. 
  I tried disabling the Details KM command with limited success.  Even with it disabled, if you know the URL for the details component you can still access it.  So it seems the better option is to take away access to the details component.  It seems that the users are getting access to the Details iView from the standard eu_role.  If I remove the iView from this role then all user have no access to the Details in KM.  I tried to add the iView to another role that content managers would have but when logged in with a user that had that other role I still was not able to access the Details iView. 
  This SAP Help document [http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm |http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm ]discusses the eu_role(Standard User role) and it states that
  By default, the Everyone group is assigned to the Standard User role. If you choose to use the other every user roles instead, you need to remove these assignments from the Standard User role and apply them to the Every User Core and Control Center User roles.
    But, when I look at what groups the role is assigned to or what roles are assigned to the Everyone group they donu2019t appear to be linked contrary to what the documentation says.  So, what Iu2019m thinking here is that I can create a copy of this role and remove the Details iView from the original and then assign the copy to the content managers and administrators.  Doing this causes all users to lose access, even the content managers.
  I thought Iu2019d give the Security Zones a try to see if this could help me but when I take away rights from here it still allows access.
  Iu2019m stumped.  Iu2019m sure there is some key piece that eludes me.  What can I do to allow users read only access to some KM folders and files while preventing them from viewing the permission/user details?

  The only 3d party apps are Hazel...
  And that's your problem!
  From the Hazel site's description:
  Hazel watches whatever folders you tell it to, automatically organizing your files according to the rules you create.
  Hazel, is a prefPane so you must have some rule (or it supplied the rule as a default) to put pictures (jpg's) from your Desktop (folder) into your Pictures folder.
  Open your System Preferences and Hazel in there and either turn off Hazel or change or delete the appropriate rule covering this situation.

• Text missing from user notification email

  I set up a form and embedded it on our web site. For every completed form I received an email containing all the text submitted.
  The users also received a notification email, but some of the text was missing from the responses. It appears that only the text that was visible in the box on the screen gets sent to the user.
  Is this a known bug?
  Mike

  Hi Mike,
  This is the first time we've heard about something like this. I'd like to investigate. Would it be possible for you to forward a copy of an email sent to you as well as the corresponding email sent to the user? Also, if you could include the URL to your form that would also help.
  You can email me directly at [email protected]
  Thanks,
  Shannon

• Cannot prevent authenticated users from creating a blog on "My Page"

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.
  Message was edited by: dstrollo.il

  Ran into this same issue.... Talked with a field engineer who confirmed the behavior. The question now is this a defect or "feature that does not work as as the audience desires". As I far can tell, the security setting for blogs in server admin does nothing at all. This has the potential to cause a few issues as you cannot limit who can have a blog.
  Message was edited by: jlindler

• 10.6.1 Server - cannot prevent authenticated users from creating a blog

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.

  Thanks for the suggestion, but that would prevent all users from creating personal blogs. I was hoping to be able to have a group of users that can create a personal blog outside of the blog attached to a wiki.