Authentication users without groups with LDAP Realm in WebApp

Similar Messages

• Can we list all the users or groups with there rights on the universe\s

  Can we list all the users or groups with there rights on the universe\s using query builder.
  Can we do the same by using auditor reports.
  PLZ  help

  Thanks ,
  It can be acihived by using secuirty viewer.
  Thanks again

• Weblogic security authentication; question to interact with the realm

  Hi, I have a quick question about weblogic security authentication....
  We are using weblogic 81sp3. We have user-group info in an Novell eDirectory LDAP server.
  Currently, a Novell Authenticator provider is configured under : Security > Realms > myRealm > Providers > Authentication This tells Weblogic from where to get the user and groups. Weblogic caches this information of the logged on users for certain time ( example : 60 secs ) after which it cleans the cache for all inactive users. We want to interact with the Weblogic cache. Add more user profile information to this cache and use it in our application .
  Does somebody know how to programmatically interact with Weblogic user-group cache - read , write , update and delete user-group info in cache and control time to live for the cache ?

  already checked
  TTLCache class which weblogic provides. But they seem to depracetd it
  help ?

• Using users and groups from LDAP in ADF application

  Hi there,
  I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
  I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
  Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
  But I can't find proper/up-to-date info about how to do this.
  I tried 2 major things:
  1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
  Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
  2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
  Any help or documentation that could help me?

  Since we aren't using EM I had to find an other way. And I found it.
  In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
  Thanks for the help.

• Admin Console not displaying new Users and Groups from LDAP

  We created a new Realm in WebLogic, which specifies the location of the Netscape
  LDAP server. Our Weblogic application, called TGSLC, is able to find the ldap
  server to use for authentication. My problem is this- the Admin Console is not
  displaying the new users and groups from the LDAP server. Shouldn't the WebLogic
  Admin Console display any users and groups specified in the ldap server, which
  is referenced in the customized Realm?

  Hi Andy,
  I am not sure why you are unable to see the users and groups through the
  console., you should be able to. Can you post the config.xml?
  thanks,
  -satya
  Andy Levy <[email protected]> wrote in message
  news:3b700c36$[email protected]..
  >
  We're running WLS 6.0 Sp2 on Windows 2000 Professional.
  "Satya Ghattu" <[email protected]> wrote:
  Andy,
  Could you please tell us what Version of Weblogic you are running?
  thanks,
  -satya
  Andy Levy <[email protected]> wrote in message
  news:[email protected]..
  We created a new Realm in WebLogic, which specifies the location ofthe
  Netscape
  LDAP server. Our Weblogic application, called TGSLC, is able to findthe
  ldap
  server to use for authentication. My problem is this- the Admin
  Console
  is not
  displaying the new users and groups from the LDAP server. Shouldn'tthe
  WebLogic
  Admin Console display any users and groups specified in the ldap
  server,
  which
  is referenced in the customized Realm?

• Assigning Users to Groups on LDAP thru EP

  Hi,
  I have configured EP6 SP7 with multiple LDAP(MS-ADS)servers. I can read/write the groups and users to LDAP through EP. But i cannot assign the users to groups through Enterprise Portal. Also if i assign users to a group in LDAP on LDAP server itself, these assignments does not show up in the portal. do i have to configure my dataSourceConfiguration_multiLDAP_db.xml file? if so then which parameter?
  Please advise.
  regards,
  Hassan

  Dear Hassan,
  Need a clarification. If users are assigned to a group in LDAP, Can you see the same thing reflecting in portal?
  I have configured LDAP as UME and I am able to see a group of LDAP appearing in Portal. But when I see the list of users assigned to this group, its empty.
  Any clues or suggestions.
  Regards,
  Sreeram

• ISE and authenticating against Windows AD with RADIUS realm that is different from the Windows domain

  Hello
  We are in the process of evaluating the Cisco ISE VMWare appliance with a view to replace our existing FreeRADIUS installation as authentication provider for our wireless network and VPN service. As a part of this we are hoping to migrate our user authentication to Microsoft Active Directory - we have previously authenticated against a different identity store (not MS AD).  Because of this legacy our Windows domain is not the same as our RADIUS realm name - the Windows domain is "win.mydomain" whereas we wish to allow users to authenticate using "username@mydomain" or even "[email protected]" as they are doing today. We are experiencing an issue where authentication requests with the format "[email protected]" will be forwarded to the Windows AD whereas authentication requests with the format "username@mydomain" will fail with the log message "User not found in Active Directory". We do not know if the ISE itself is validating the username and triggering this error, or if the error originates from AD. We suspect the that the ISE is not even asking AD because "win.mydomain" is the domain configured in "Active Directory" in "External Identity Sources".
  Authentication requests against the AD without a realm are successful (that is, using only "username"). With this in mind we located a post on the Cisco support forums that described a process of proxying the request back to the ISE and strip the realm information, but this was specific for the ACS platform. We have attempted to implement this solution but it is still not working as we would have hoped, and we are not entirely certain where the fault might lie. We are currently using PEAP with MSCHAPv2 for authentication in our WLAN where the main problem is. We suspect that the "proxy-to-self" with realm stripping is an issue with PEAP.
  Is there a supported method of achieving our goal, or should we abandon the ISE platform as our scenario is simply not supported?

  Seems like your issue maybe related to DNS, when ISE receives the format [email protected], the dns request is failing. However, there is a setting for alternate UPN Suffixes that can be configured to include domain.com and student.domain.com.
  Here is a windows article that should fix this for you. Once you get this updated please reboot ISE so it rejoins AD. Try your tests again.
  http://technet.microsoft.com/en-us/library/cc772007.aspx
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• CAR 3.5.4 Authentication users without checking password

  I'm using Cisco Access Registrar 3.5.4. Can I authenticate users with option:
  AllowNullPassword = TRUE
  without checking password in access-request?

  At authentication time, if the following three conditions are met, user authentication is bypassed.
  1. Allow-NULL-Password environment variable is set to TRUE.
  2. The User-Password or CHAP-Password must be NULL in the incoming request. (If it is not NULL,
  normal password checking will occur.)
  3. A user record exists for this user.
  More details about this is given in the link.
  http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/3_0/users/wireless.pdf

• Add users to group with file

  So I am following power-shell script that I see online.
  I am trying to add 2 users (as a test for now) from a csv file into an AD group.
  The AD group name is "IMAllow"
  I created a file called AddUsersToGroup.ps1 that I am running on windows power-shell.
  The file contents are below
  # Add User to a Group - PowerShell Script
  Import-module ActiveDirectory
  Import-CSV "C:\Scripts\Users.csv" | % {
  Add-ADGroupMember -Identity IMAllow -Member $_.UserName
  And my file with users is called "Users.csv"
  wahidta
  indenga
  I get the following error
  Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument
  that is not null or empty and then try the command again.
  At C:\Users\zzwahidta\Scripts\AddUsersToGroup.ps1:7 char:44
  + Add-ADGroupMember -Identity IMAllow -Member <<<<  $_.UserName
      + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
      + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGrou
     pMember

  Get-Help Add-ADGroupMember or http://technet.microsoft.com/en-us/library/ee617210.aspx
  $creds = Get-Credential
  Add-ADGroupMember -Identity IMAllow -Member $_.UserName -Credential $creds
  I hope this post has helped!

• Remove user from group with MaxL

  hello,is it possible to remove a user from all groups he belongs to without knowing these groups?I want to execute a command such as "alter user my_user remove from ALL_GROUPS;"thanks for your help/

  Not sure if it's feesible, but you could use the 'drop user' command to remove the user from the system, which would of course remove them from all groups, then use the 'create user' command to recreate the user and reassign them to the proper groups.Good luck

• Can't mount Esata as user without booting with it inserted

  When I plug in my NTFS-formatted eSATA drive it is not mounted. If I boot with it plugged in it's mounted but then I have problems during boot. My computer tries to do a filesystem check and it ends with "run fsck manually or press ctrl+D to continue. Not every time but often enough to be a problem.
  I have Udisks installed and I followed this guide from the WIKI: https://wiki.archlinux.org/index.php/Udev
  I have these rules in /etc/udev/rules.d/:
  10-esata.rules  10-my-media-automount.rules  11-media-by-label-auto-mount.rules. Copied from the UDEV wiki.
  If I use USB it's mounted instantly without problems. I am running a fully up to date install of Arch x86_64 with openbox.

  OK. Here's my 10-esata.rules
  [DEVPATH=="/devices/pci0000:00/0000:00:14.1/host4/*",
  ENV{UDISKS_SYSTEM_INTERNAL}="0"/]
  A here's the output of udevadm monitor
  [root@htpc1 jan]# udevadm monitor
  monitor will print the received events for:
  UDEV - the event which udev sends out after rule processing
  KERNEL - the kernel uevent
  Seems like nothing happens. How long do I need to wait?
  Same output with the disk plugged or not.
  Last edited by jai134 (2011-11-30 10:24:21)

• How to Configure SQLServer2008R2 to let Windows Authenticated Users Create Database with MCV4 Code First App

  Trying to Learn MVC code first with Vs2013 web express on windows 7 os computer. When code runs to create database get: An exception of type 'System.Data.SqlClient.SqlException' occurred in EntityFramework.dll but was not handled in user code
  Additional information: CREATE DATABASE permission denied in database 'master'.
  Have this problem with the 'OdeToFood' plurasight course as well with the
  'developing ASP.NET MvC 4 Web Applications Jump Start' MVA course.
  Re-installed sql2008r2 using window
  admin user and ran the project and get same message as when i run the project with the none admin user. 
  What are steps to allow database creation for admin user and none windows admin user?
  Daniel Howard

  David, thanks for the reply.
  I believe the problem may be something else because after adding the 
  user to 'sysadmin' and I still get the message
  Additional information: CREATE DATABASE permission denied in database 'master'.
  Perhaps I need to go to ASP.NET forum to ask the question.
  I will mark you answer as answer.
  Thanks again
  Daniel
  Daniel Howard

• [wlpi] HOW TO replace wlpi user management mechanism with LDAP service?

  Dear all,
  Is it possible for wlpi sp3?
  Any suggestion or ideas?
  Thanks in advance
  Eric

  Eric,
  Could you please post this on the
  weblogic.developer.interest.personalization newsgroup?
  Eric Chen wrote:
  Dear all,
  Is it possible for wlpi sp3?
  Any suggestion or ideas?
  Thanks in advance
  Eric--
  Developer Relations Engineer
  BEA Support

• User and Group Recon Error with OID

  On a new development installation of OID and OIM, I am getting the following error while trying to run either User or Group reconciliations:
  LDAP: error code 53 - Function Not Implemented, search filter attribute modifytimestamp is not indexed/cataloged
  How can I add the appropriate index to allow these tasks to run?
  Kerry

  Have you tried:
  4.3 Using Custom Attributes in Oracle Internet Directory
  You can search for an attribute in Oracle Internet Directory only if the attribute is indexed. By default, standard attributes of the user and group entries are indexed. If you use a custom attribute, you can index it by using the catalog command. For example, if you migrate automount data to be used by automount programs such as amd or autofs, index the automountKey attribute by using the catalog command, as follows:
  catalog connect="connect_str" add="TRUE" attribute="automountKey"
  (from http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/e12023/migrate.htm)
  Hope this helps
  Martin

• I have a problem with JDBC Realm in Tomcat/Oracle/Win XP

  I have a problem with JDBC Realm in Tomcat.
  I have attached my server.xml file located in the
  C:\Program Files\Apache Software Foundation\Tomcat 5.5\conf\server.xml
  The Problem is that when I login I get the user name and password prompt but it does not resolve.
  When I enter in the tomcat-users.xml password with memory realm uncommented it works fine.
  C:\Program Files\Apache Software Foundation\Tomcat 5.5\conf\tomcat-users.xml
  Is there a cache or something I need to reset for the JDBC Realm to work?
  I have attached my tables and contents as well...
  Did I miss something????
  Thanks
  Phil
  server.xml
  <Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
  <!-- Global JNDI resources -->
  <GlobalNamingResources>
  <!-- Test entry for demonstration purposes -->
  <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
  </GlobalNamingResources>
  <!-- Define the Tomcat Stand-Alone Service -->
  <Service name="Catalina">
  <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
  <Connector
  port="8080" maxHttpHeaderSize="8192"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" redirectPort="8443" acceptCount="100"
  connectionTimeout="20000" disableUploadTimeout="true" />
  <!-- Define an AJP 1.3 Connector on port 8009 -->
  <Connector port="8009"
  enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
  <!-- Define the top level container in our container hierarchy -->
  <Engine name="Catalina" defaultHost="localhost">
  <!--
  <Realm className="org.apache.catalina.realm.MemoryRealm" />
  -->
  <Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="oracle.jdbc.driver.OracleDriver"
  connectionURL="jdbc:oracle:thin:@localhost:1521:orcl"
  connectionName="testName" connectionPassword="testPass"
  userTable="users"
  userNameCol="user_name"
  userCredCol="user_pass"
  userRoleTable="user_roles"
  roleNameCol="role_name" />
  <!-- Define the default virtual host
  Note: XML Schema validation will not work with Xerces 2.2.
  -->
  <Host name="localhost" appBase="webapps"
  unpackWARs="true" autoDeploy="true"
  xmlValidation="false" xmlNamespaceAware="false">
  </Host>
  </Engine>
  </Service>
  </Server>
  Tables
  create table users
  user_name varchar(15) not null primary key,
  user_pass varchar(15) not null
  create table roles
  role_name varchar(15) not null primary key
  create table user_roles
  user_name varchar(15) not null,
  role_name varchar(15) not null,
  primary key( user_name, role_name )
  select * from users;
  ----------------------+
  | user_name | user_pass |
  ----------------------+
  | tomcat | tomcat |
  | user1 | tomcat |
  | user2 | tomcat |
  | user3 | tomcat |
  ----------------------+
  select * from roles;
  | role_name |
  | tomcat |
  | role1 |
  select * from user_roles;
  -----------------------+
  | role_name | user_name |
  -----------------------+
  | tomcat | user1 |
  | role1 | user2 |
  | tomcat | tomcat |
  | role1 | tomcat |
  -----------------------+

  Jan 2, 2008 11:49:35 AM org.apache.coyote.http11.Http11Protocol init
  INFO: Initializing Coyote HTTP/1.1 on http-8080
  Jan 2, 2008 11:49:35 AM org.apache.catalina.startup.Catalina load
  INFO: Initialization processed in 734 ms
  Jan 2, 2008 11:49:35 AM org.apache.catalina.core.StandardService start
  INFO: Starting service Catalina
  Jan 2, 2008 11:49:35 AM org.apache.catalina.core.StandardEngine start
  INFO: Starting Servlet Engine: Apache Tomcat/5.5.9
  Jan 2, 2008 11:49:35 AM org.apache.catalina.realm.JDBCRealm start
  SEVERE: Exception opening database connection
  java.sql.SQLException: oracle.jdbc.driver.OracleDriver
       at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:684)
       at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:758)
       at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1004)
       at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
       at org.apache.catalina.core.StandardService.start(StandardService.java:450)
       at org.apache.catalina.core.StandardServer.start(StandardServer.java:683)
       at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
       at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)
  Jan 2, 2008 11:49:35 AM org.apache.catalina.core.StandardHost start
  INFO: XML validation disabled
  Jan 2, 2008 11:49:36 AM org.apache.catalina.core.StandardContext resourcesStart