CE565/CE7325 with MS LDAP Auth - Problem
Once again seems I am the first one to use a new product. I have a CE565 that I am trying to get to work with MS LDAP. Anyone had any luck doing this? Cisco TAC is having difficult time tracing down problem.
ce565#sho ldap
LDAP Configuration:
LDAP Authentication is enabled
Allow mode: disabled
Base DN: DC=domain,DC=com
Filter: <none>
Retransmits: 2
Timeout: 5 seconds
UID Attribute: uid
Group Attribute: memberOf
Administrative DN: <none>
Administrative Password: <none>
LDAP version: 3
LDAP port: 389
Server Status
192.168.99.7 primary
<none> secondary
ce565#debug authe http
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2498 ***pam_ldap: Begin
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2502 *** pam_ldap: Got username ralldread
Apr 24 22:44:56 ce565 http_authmod: _pam_ldap_get_session:1977 *** pam_ldap: Begin
Apr 24 22:44:56 ce565 http_authmod: _read_config:570 ***pam_ldap: Reading configuration
Apr 24 22:44:56 ce565 http_authmod: ldap_server_validate:1928 ***pam_ldap: === Host[0] 192.168.99.7 ===
Apr 24 22:44:56 ce565 http_authmod: ldap_server_isalive:1851 ***pam_ldap: Connecting...
Apr 24 22:44:56 ce565 http_authmod: ldap_server_isalive:1867 ***pam_ldap: Socket timeout 5
Apr 24 22:44:56 ce565 http_authmod: ldap_server_isalive:1891 ***pam_ldap: Connected to 192.168.99.7
Apr 24 22:44:56 ce565 http_authmod: ldap_server_validate:1948 ***pam_ldap: ServerAlive [1] (up=1, down=0)
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2508 *** pam_ldap: Got session
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2519 *** pam_ldap: Do authentication
Apr 24 22:44:56 ce565 http_authmod: _get_user_info:1672 *** pam_ldap: Begin user ralldread
Apr 24 22:44:56 ce565 http_authmod: _connect_anonymously:1059 *** pam_ldap: Host 192.168.99.7
Apr 24 22:44:56 ce565 http_authmod: _connect_anonymously:1063 *** pam_ldap: Open session
Apr 24 22:44:56 ce565 http_authmod: _open_session:927 *** pam_ldap: Begin
Apr 24 22:44:56 ce565 http_authmod: _connect_anonymously:1074 *** pam_ldap: Binding...
Apr 24 22:44:56 ce565 http_authmod: _get_user_info:1676 *** pam_ldap: Connected anonymously
Apr 24 22:44:56 ce565 http_authmod: _get_user_info:1699 *** pam_ldap: Filter (uid=ralldread)
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2522 *** pam_ldap: Done authentication FAILURE
Any thoughts?
I got it working. I did 2 things. One, I rebuilt the the server to make sure Active Directory was working correctly. Two, I changed the DC=domain to be dc=domain. I havent had a chance to test which one actually fixed it, but here it the config that I am using.
ce565#sho run
device mode content-engine
hostname ce565
http authentication header 407
http authentication cache timeout 1
http authentication cache max-entries 32000
http proxy incoming 8888
clock timezone EST -5 0
ip domain-name demodomain
https proxy incoming 8888
interface GigabitEthernet 1/0
ip address 10.10.220.71 255.255.255.0
exit
interface GigabitEthernet 2/0
shutdown
exit
ip default-gateway 10.10.220.1
primary-interface GigabitEthernet 1/0
no auto-register enable
ip name-server 10.10.220.80
pre-load enable
pre-load depth-level-default 2
pre-load resume
pre-load traverse-other-domains
pre-load url-list-file ftp://ftpuser:[email protected]/ce-preload.txt
transaction-logs enable
transaction-logs log-windows-domain
transaction-logs archive interval every-hour every 10
transaction-logs sanitize
transaction-logs export enable
transaction-logs export interval every-hour every 10
transaction-logs export ftp-server 10.10.220.80 ftpuser ftpuser /
transaction-logs format extended-squid
username admin password 1 bVmDmMMmZAPjY
username admin privilege 15
ldap server base "dc=demodomain"
ldap server userid-attribute cn
ldap server host 10.10.220.80 primary
ldap server administrative-dn "cn=administrator,cn=users,dc=demodomain"
ldap server administrative-passwd ****
ldap server active-directory-group enable
ldap server version 3
ldap server enable
authentication login local enable primary
authentication configuration local enable primary
url-filter http smartfilter enable
cdm ip 10.10.220.70
cms enable
Similar Messages
-
Heap Problem with weblogic.security.auth.login.PasswordCredential
Hello,
I am calling EJB's from a Tomcat 6.0.20. The EJB's are contained on a Weblogic 10 mp2. For getting EJBHome, I'm using the following InitialContext-Call:
EJBHome home = null;
try
Properties initialContextProperties = new Properties();
initialContextProps.put(InitialContext.INITIAL_CONTEXT_FACTORY, initialContextFactory);
initialContextProps.put(InitialContext.SECURITY_PRINCIPAL, username);
initialContextProps.put(InitialContext.SECURITY_CREDENTIALS, password);
initialContextProps.put(InitialContext.PROVIDER_URL, url);
initialContext = new InitialContext(initialContextProps);
Object objref = this.initialContext.lookup(jndiHomeName);
home = (EJBHome) PortableRemoteObject.narrow(objref, narrowClass);
finally
if ( initialContext != null )
try
initialContext.close();
catch(Throwable t)
return home;
The Problem is, that after a bulk test on the tomcat (Xmx=256MB), 200MB are filled with 1.500.000 instances of the following class:
weblogic.security.auth.login.PasswordCredential
Has somebody an idea how to remove these classes from tomcat heap, because now the result is an OutOfMemory?
Best regards,
sebbayHi,
The authenticate method would take the user and the password details from the environment
(env) that is passed and after successful authentication would populate the subject with
the principals (i.e user, group the user belongs to ..)
It should work with any user that is defined in the WLS not just weblogic/weblogic.
Do you have any other users defined and which group do they belong to?
Vimala
Khalid Rizvi wrote:
I am playing (learning) with weblogic.security.auth.login.UsernamePasswordLoginModule
as a LoginModule using JAAS based authentication. Surprisingly, the only userid
and password combination acceptable is uid=weblogic, pw=weblogic combination.
I went through and looked at the example code under
http://e-docs.bea.com/wls/docs70/security/cli_apps.html#1042212. I found that
the UsernamePasswordLoginModule.login calls into
if (url != null) {
Environment env = new Environment();
env.setProviderUrl(url);
env.setSecurityPrincipal(username);
env.setSecurityCredentials(password);
try {
Authenticate.authenticate(env, subject);
Seems like UsernamePasswordLoginModule only is a router, as it instantiates an
instance of Environemt using the userid and password and passes this Environemtn
instance (env) to Authenticate.authenticate along with the empty Subject instance.
I read about that the Subject instance will be filled in with Principals by the
WL Server.
My question is that firstly,
1. As Authenticate.authenticate is not passed in the uid and pw, will it pick
those from the env?
2. Secondly, why does it only accept uid=weblogic & pw=weblogic.
I will appreciate if some one can put me in the right direction.
Khalid R. Rizvi
508-641-1192
[email protected] -
Native LDAP Auth in PT 5.0.3
I am attempting to use Native LDAP Authentication with version 5.0.3. In 5.0.2 it worked just fine, but with 5.03., log in fails. The LDAP settings are correct as confirmed by the provider validation. What do these errors mean and how do I fix them? Thanks.
Validate ProviderSuccessfully connected to the Authentication Source.
Here are the errors from PTSpy:
Error Auth Source Providers LDAPProviderAuth.cpp(285) *** ERROR *** CLDAPAuthSourceProvider::LDAPGetHandle: ldap_bind_s failed with error 0x31.
Warn Auth Source Providers LDAPProviderAuth.cpp(1030) LDAP error 0x31 (#49) description: Invalid credentials
Warn Plumtree.dll PTSession.cpp(378) *** COM exception caught *** Error info: IDispatch error #16898 (0x80044402): [Invalid password.] (378,PTSession.cpp)
Warn Portal UI - Infrastructure com.plumtree.uiinfrastructure.login.LoginHelper.InternalAttemptLogin() Unable to log in user Intranet/bottt: The user name, password, or authentication source entered is not recognized. Re-enter your login information below. Passwords are case sensitive._com.plumtree.openfoundation.util.XPException_ at com.plumtree.server.CIPTSession.Connect(String UserNameOrID, String Password, Object SecurityProviderInfo) at com.plumtree.portaluiinfrastructure.login.PTLoginHelper.internalLogin(String sUserName, String sPassword, String sLoginToken, Object token, Boolean bUseNumericConnect, Boolean bGuestLogin, ISessionManager subSession, IApplication application, String sRequestURL) at System.Environment.GetStackTrace(Exception e) at System.Environment.GetStackTrace(Exception e) at System.Environment.get_StackTrace() at com.plumtree.openfoundation.util.XPException.GetInstance(Exception e) at com.plumtree.portaluiinfrastructure.login.PTLoginHelper.internalLogin(String sUserName, String sPassword, String sLoginToken, Object token, Boolean bUseNumericConnect, Boolean bGuestLogin, ISessionManager subSession, IApplication application, String sRequestURL) at com.plumtree.portaluiinfrastructure.login.PTLoginHelper.AttemptLogin(String sUserName, String sPassword, Object token, Boolean bUseNumericConnect, ISessionManager subSession, IApplication application, String sRequestURL) at com.plumtree.uiinfrastructure.login.LoginHelper.InternalAttemptLogin(String strUserName, String strPassword, Object token, Boolean bUseNumericConnect, Boolean bGuestLogin, ISessionManager subSession, IApplication application, String strRequestURL, IXPRequest request, IWebData webData) at com.plumtree.uiinfrastructure.login.LoginHelper.AttemptLogin(String strUserName, String strPassword, Object token, Boolean bUseNumericConnect, ISessionManager subSession, IApplication application, String strRequestURL, IXPRequest request, IWebData webData) at com.plumtree.uiinfrastructure.login.LoginHelper.AttemptLogin(String strUserName, String strPassword, Object token, Boolean bUseNumericConnect, AActivitySpace asOwner, IXPRequest request, IWebData webData) at com.plumtree.portalpages.browsing.login.LoginModel.attemptLogin(IXPRequest request, IWebData webData) at com.plumtree.portalpages.browsing.login.LoginControl.CheckActionSecurityAndExecute(XPHashtable arguments) at com.plumtree.uiinfrastructure.activityspace.Interpreter.HandleRequest(IXPRequest request, IXPResponse response, ISessionManager session, IApplication application) at com.plumtree.uiinfrastructure.activityspace.Interpreter.DoService(IXPRequest request, IXPResponse response, ISessionManager session, IApplication application) at com.plumtree.uiinfrastructure.web.XPPage.Service(HttpRequest httpRequest, HttpResponse httpResponse, HttpSessionState httpSession, HttpApplicationState httpApplication) at com.plumtree.portaluiinfrastructure.activityspace.PlumHandler.ProcessRequest(HttpContext context) at System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) at System.Web.HttpApplication.ResumeSteps(Exception error) at System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) at System.Web.HttpRuntime.ProcessRequest(HttpWorkerRequest wr) at System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)Hey Jennifer,To clarify - there are two different security modes settings being discussed:
Portal Security Mode - set in x_config.xml in your portal home directory, looks like this:<Security> <SecurityMode value="0"/></Security>This setting allows you to put your portal into HTTP, HTTPS, or SSL Accelerator modes.LDAP Authentication Source security mode - set in the LDAP Authentication Source Editor in the administrative hierarchy. This setting defines how the portal talks to your remote LDAP Server. If it is set to mode 1, we use the LDAP protocol. If set to 2, we use the LDAPS protocol, which uses TLS/SSL to encrypt communication between your LDAP Server and portal. This is a security measure that some customedrs require, while most don't use.The later setting is no longer supported in 5.0.2 and on, we suggest that users that need SSL between their portal and LDAP server use the new LDAP AWS product that was released around the time of 5.0.3. The LDAP AWS uses Java and JNDI technology to interact with remote LDAP servers, where as our native LDAP Authentication Source uses a Netscape library for communication with the remote LDAP server. This netscape library has been found to be unstable and detrimental to Portal performance, hence it was de-supported when the LDAP AWS became available.
Based on your message, I'm guessing you thought I meant the Netscape browser could not use portalsecurity mode 2. There is no such bug, all portal security modes are supported as far as I know. Your project should work just fine, drop us a line if you have any problems.
-Akash -
This is the landscape :-
Web Application / Portal at Oracle Web Center Suite (WCS).
SAP BO 4.0
Authentication using Custom LDAP & SSO with Trusted Authentication.
Used OpenLDAP for authentication via RadiantOne VDS as the proxy.
Activities :
Authenticate the BO users with OpenLDAP via RadiantOne.
Synchronize the BO user group from OpenLDAP via RadiantOne.
Used openDocument.jsp to open WEBI reports.
Problems :
We configure the LDAP as Custom. Attributes mapping as default.
When BOE trying to connect the RadiantOne VDS & create user u201Cuser01u201D which already exists in the OpenLDAP server. It throws the exception :
"An internal error has occurred in the secLdap plugin.u201D
When trying to create user that does not exist in LDAP. It throws the exception :
u201CThe secLdap plugin failed to get the dn for the user notuser.u201D
Please advise us how to resolved this internal error if we want to SSO with custom LDAP !!
Thanks & regards,
Herries EHi,
Herrie, Roland is correct, OpenLDAP is not supported and you can run into problems if you want to escalate issues in the future. The customer must have that into account.
However, LDAP is pretty standard and usually you just need to make sure that the attribute mappings is correct.
Are users correctly created when you map an LDAP group?
Are you able to manually authenticate using LDAP? You can use the CMC page and select authentication LDAP
When you have confirmed that LDAP manual authentication is working, you can set up Trusted Authentication. Check first that the system is working just using QUERY_STRING:
https://service.sap.com/sap/support/notes/1593628
When trusted auth is confirmed to work, you can configure the parameters that Radiant users to pass the user: cookies, web session, etc.
Regards,
Julian -
LDAP Auth Error ccmuser web access
Hi,
I have a CUCM v9.1 with an issue for access to the ccmuser web page using the AD Credentials, I've configured the LDAP Auth in the CUCM with no error messages and also the web access for my users like this:
When I access the site http://cucm_ip_add/ccmuser first I get this message:
After that I try to log into to the web page but I get this error:
I have no issues importing the users, the problem is with the authentication.
I've checked the ldap port and I'm not using global catalog so the correct one is 389 (tried 3268 and I got an error message from the cucm ldap authentication config page).
Any ideas guys??
Thanks in advance.One commone one is that CUCM treats the username field as case sensitive. Does it have any upper case characters? You can see this within /ccmadmin under End User Configuration.
If that's not it, either a Wireshark of the LDAP bind or a stare/compare between your sync agreement and the auth config to see why one can get the user object but the other cannot bind as that person.
Please remember to rate helpful responses and identify helpful or correct answers. -
WL6.0 LDAP Realm problems
I'm trying out WL6.0 (eval version) LDAP realm support and having trouble
getting it to work - basic auth just keeps popping the window up 3 times and
then giving up. Only pertinent message in the log is:
####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security> <FOOBAR>
<examplesServer> <ExecuteThread: '11' for queue: 'default'> <> <> <090021>
<Locking account, user jdoe.>
No obvious LDAP info or errors in the log, despite adding the following two
to the startup script cmd line and restarting the server:
-Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose=t
rue
The HTTP basic-auth dialog box is correctly showing me that I'm trying to
authenticate to: MyLDAPRealm
Here's the config info for MyLDAPRealm
<LDAPRealm AuthProtocol="simple"
Credential="myserverpasswd"
GroupDN="o=mycompany,c=us" GroupIsContext="false" GroupNameAttribute="cn"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://tug:390"
Name="MyLDAPRealm"
Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
UserAuthentication="local"
UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
It's a Netscape 4.1 Directory server, and I've verified that the above
server account exists AND can authenticate and retrieve account
userpasswords (yes, the server account is "cn=" while the user accounts are
"uid=" - don't ask :-)....
I've tried both "bind" and "local" and get the same results both ways.
Any ideas???Did you use the most recent ldap patch? I could not get it to work fine
with the default wls6.0sp1, but with the ldap-patch it works fine.
AND probably even more important... change
<Realm FileRealm="..." Name=".....">
to
<Realm CachingRealm"MyCachingRealm" FileRealm="..." Name=".....">
Hope this helps...
Ronald
Sushil Pulikkal wrote:
Hi Tom,
I am using iPlanet Directory server with WL6.0 (which I presume is supported as
Netscape's is) and facing the same problem as Mike was i.e account locking after
three attempts(bottom of the message). I have created my own caching realm with
the basic realm being MyLDAPRealm.
The log gives no info other than the one about account locking.
My config.xml looks something like this -
<CachingRealm BasicRealm="MyLDAPRealm" CacheCaseSensitive="true" Name="MyCachingRealm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<LDAPRealm AuthProtocol="simple" Credential="enslaved"
GroupDN="ou=Aussies,dc=timerasolutions,dc=com"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://DJ-SUSHILP.timerasolutions.com:389"
Name="MyLDAPRealm"
Principal="uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot"
UserAuthentication="bind"
UserDN="ou=Aussies,dc=timerasolutions,dc=com"
UserNameAttribute="uid"/>
The browser window does pop up, but the user id doesn't get authenticated. Is
there a way to know whether WLS is actually going to the LDAP server for authentication?
Any insight into this?
Thanks in advance,
Sushil
"Tom Moreau" <[email protected]> wrote:
Mike,
I haven't had any trouble getting the LDAPRealm to work
in WLS 6.0. Could it be that while you've created the LDAPRealmMBean,
you haven't told WLS to use it?
In other words, you can create many realm configurations then
you need to activate the one you want. If you haven't, the
we just use the file realm. The file realm won't be able
to authenticate you (since you put the info in LDAP!) and
after 3 failures, will lock out the account.
The instructions for selecting the realm are at:
http://e-docs.bea.com/wls/docs60/adminguide/index.html
See:
12. Managing Security
Specifying a Security Realm
Configuring the Caching Realm
The basic idea is:
1) create your LDAP Realm (you've already done this)
2) create a CachingRealm
3) set the CachingRealm's BasicRealm to your LDAP Realm
4) set the Security Realm's CachingRealm to your Caching Realm
5) reboot
It's pretty easy to do this through the admin console.
Otherwise, you can edit config.xml by hand.
Here's how:
<Domain>
<Security
Name="mydomain"
Realm="myRealm"
/>
<Realm
Name="myRealm"
FileRealm="myFileRealm"
CachingRealm="myCachingRealm"
/>
<FileRealm
Name="myFileRealm"
/>
<CachingRealm
Name="myCachingRealm"
BasicRealm="myLDAPRealm"
/>
<LDAPRealm
Name="myLDAPRealm"
/>
-Tom
"Mike" <[email protected]> wrote:
BTW, before someone suggests it, I found Tom Moreau's
suggestion to use:
<ServerDebug Name="examplesServer" DebugSecurityRealm="true"
/>
under the <Server> element in config.xml and restarted
with this and still
no additional
info from the LDAP realm printed about why it's not working
(nothing but the
same
locking account message mentioend below).
Is the source for the LDAP realm available so I can debug
it myself or has
anybody
written their own LDAP realm that they'd be willing to
share with the group?
Thanks again,
...Mike
"Mike" <[email protected]> wrote in message
news:[email protected]...
Ok I've verified that the -Dweblogic.security.ldaprealm.verbose
probably
won't
work with 6.0 (old 5.x and previous style property),
but I can't figure
out
what
replaced it, to figure out why the LDAP realm isn't
working for me...
The property mapping guide at:
http://e-docs.bea.com/wls/docs60///////config_xml/properties.html
shows that things like weblogic.security.ldaprealm.url
changed to LDAPURL in config.xml (without telling
you that this resides as an XML attribute of
<Domain><LDAPRealm ... /></Domain> although that's
easy enough to find by looking through the example
LDAP realm.
It then says that weblogic.security.ldaprealm.verbose
has changed to "Debug" in config.xml, but doesn't
say whether that's a "Debug" XML attribute on one
of the XML elements in there, or whether it's an
XML node itself, or where in the config.xml doc
it goes... It doesn't work as an attribute of
<LDAPRealm ...> (server won't start with it there)
and it doesn't show up at all in the DTD for config.xml
so I'm assuming the mapping doc at the above url is
wrong. Anybody know what this really became in 6.0?
I've tried setting StdoutDebugEnabled="true" in config.xml
and turning the logging level all the way up to see
everything, but even
then all I
get is the account locked message, not why it's failing
to authenticate
via
LDAP...
Any other ideas?
"Mike" <[email protected]> wrote in message
news:[email protected]...
I'm trying out WL6.0 (eval version) LDAP realm support
and having
trouble
getting it to work - basic auth just keeps popping
the window up 3 times
and
then giving up. Only pertinent message in the log
is:
####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security>
<FOOBAR>
<examplesServer> <ExecuteThread: '11' for queue: 'default'>
<> <>
<090021>
<Locking account, user jdoe.>
No obvious LDAP info or errors in the log, despite
adding the following
two
to the startup script cmd line and restarting the
server:
-Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose
=t
rue
The HTTP basic-auth dialog box is correctly showing
me that I'm trying
to
authenticate to: MyLDAPRealm
Here's the config info for MyLDAPRealm
<LDAPRealm AuthProtocol="simple"
Credential="myserverpasswd"
GroupDN="o=mycompany,c=us" GroupIsContext="false"
GroupNameAttribute="cn"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://tug:390"
Name="MyLDAPRealm"
Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
UserAuthentication="local"
UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
It's a Netscape 4.1 Directory server, and I've verified
that the above
server account exists AND can authenticate and retrieve
account
userpasswords (yes, the server account is "cn=" while
the user accounts
are
"uid=" - don't ask :-)....
I've tried both "bind" and "local" and get the same
results both ways.
Any ideas??? -
LDAP Auth Rewrite Rule in Mapping file
Hi,
We are trying to set LDAP Auth Rewrite rule in mapping file to get users First Name & Last Name or Display name & Mail Address from LDAP Server instead of users individual client settings.
In Messaging 5.2 we had the follwoing setting, but it does not work any more for Messaging 6.2:
LDAP Auth Rewrite Entry in mapping file:
AUTH_REWRITE
*|*|*|*@* $]ldap:///dir1.domain.com:389/o=domain.com?cn?sub?(uid=$3)[$ <$]ldap:///dir1.domain.com:389/o=domain.com?mail?sub?(uid=$3)[>$Z
We are running:
Sun Java(tm) System Messaging Server 6.2-3.04 (built Jul 15 2005)
libimta.so 6.2-3.04 (built 01:43:03, Jul 15 2005)
SunOS mta 5.10 Generic_118833-03 sun4u sparc SUNW,Sun-Fire-V240
ll appreciate for any help or clue
ThanksThanks Jay,
Well, here is what we want to achieve.
We are looking for re-writing the FROM address of Sender against the LDAP Entry as cn <[email protected]>. This should solve problem of where users have entered wrong FROM information on their clients or trying to spoof FROM address to other users.
Currently, The system delivers e-mail with FROM headers as per client entry instead of re-writing it against AUTHENTICATED userid.
Following is the IMTA.CNF and MAPPINGS lines:
IMTA.CNF
! ims-ms
ims-ms defragment subdirs 20 notices 1 3 backoff "pt5m" "pt10m" "pt30m" "pt1h" "pt2h" "pt4h" maxjobs 2 pool IMS_POOL fileinto
$U+$S@$D
! tcp_local
tcp_local smtp mx single_sys remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver
maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 mailfromdnsverify dropblank vrfyhide
! tcp_intranet
tcp_intranet smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel sasls
witchchannel tcp_auth missingrecipientpolicy 4 mailfromdnsverify dropblank vrfyhide
! tcp_extranet
tcp_extranet smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL mustsaslserver allowswitchchannel saslswitchcha
nnel tcp_auth vrfyhide dropblank mailfromdnsverify dropblank missingrecipientpolicy 4
! tcp_submit
tcp_submit submit smtp mx single_sys mustsaslserver maytlsserver missingrecipientpolicy 4
! tcp_auth
tcp_auth smtp mx single_sys mustsaslserver missingrecipientpolicy 4 authrewrite 3
MAPPINGS file
AUTH_REWRITE
*|*|*|*@* $]ldap:///dir.domain.edu:389/o=domain.edu,dc=domain,dc=edu?cn?sub?(uid=$3)[$ <$]ldap:///dir.domain.edu:389
/o=domain.edu,dc=domain,dc=edu?mail?sub?(uid=$3)[>$Z
Thanks for your help -
LDAP auth & limit logins per host
I'm using LDAP auth. using ldapclient init to setup the ldap auth. Have a SunOne LDAP server.
I'm interested in doing auth filters - like what Linux does with PAM. I've got PAM_LDAP to work, but since Sun does not use the OpenLDAP convention of /etc/ldap.conf - I can't setup the nss_user filters in there or nss_base_passwd dc=....
does anyone know how to do this in Solaris? Can I enter something into the ldap_cred file? I tried to do a serviceSearchDescriptor and put passwd:dc=x,dc=y?one?(|(uid=x)(uid=y)) in the ldapCredFile but that gave me a search filter error
I really do not want to use NetGroups.
Thanks in advance. I have seem a few posts for this questions but no real answers.
I can't believe that there is no way to do this...I actually was able to solve my problem. What I did was the following
in my profile setup in the LDAP server I set
servieSearchDescriptor: passwd:dc=x,dc=y,dc=x?sub?|(attribute1=value)(attribute2=value)
This makes the password lookup look for the user only if a subsearch (sub) matches the attributes above.
For example - I could limit logins to only the people who have a shell=/bin/bash by saying ...sub?|(loginShell=/bin/bash)(loginShell=/usr/bin/bash)
I would also want to make a similar serviceSearchDescriptor line for shadow. So I would have two of these in my Profile on the LDAP server , one with passwd: and one with shadow: -
ITunes auth problem on Windows 7 64-bit
Hi,
I experience weird issues with the iTunes auth-process on a Windows 7 (64bit) machine.
When I try to authorize my computer it results in a message telling me something about connection issues. Anyhow, it seems the computer is kind of activated since I can deauth my computer. If I try auth'in my computer several times, it also allows to deauth it several times until it says that it is not auth'd anymore.
My tries so far to solve this
- updated to latest iTunes
- deactivated, even uninstalled firewall (used NIS2011), also disabled the Windows Firewall after that
- checked hosts file
- deleted SC Info
- even tried with creating new library
- disabled User Access Control in Windows
- disabled all startup items in "msconfig"
- tried to activate with same account a different computer in the same network, I was able to play movies using the private home sharing feature, also activation was no problem
- re-installed Apple Software (including iTunes, Quicktime and Safari)
- checked Diagnostic within iTunes with no problems
So my guess is that it could have something to do with 64 bit or any hard- or software related issue at my computers side.
Detailed procedure:
1 - Start iTunes, click Store > Authorize > Enter credentials
and now the weird thing is that the "authorize" button says "deauthorize", no matter how often I try to deauthorize before.
2 - Repeated step 1 since it says always the same error message (connectivity alert)
3 - Playback of any DRM protected media does not work (movies). It asks for authorization again but fails to do so with the same message again
4 - Deauthorizing is possible and I noticed that I can do this as many times as I tried to authorize before.
Does anyone have a suitable idea for helping me out in this issue? I never had problems on my mac before, nor on a Windows 7 32bit system.
My 64 bit machine is only used with one iTunes account.
I already contacted the iTunes Support via Mail but they could not help me since this could be a technical issue.
Any help is much appreciated.
Thanks in advance,
BenjaminAfter numerous calls with Apple support, I finally got it working
For me, the problem was the following:
1. Make sure that Internet Explorer is your standard browser for windows (if not...make it)!
2. In Internet Explorer go to "Internet Options" then "Advanced"
3. In the list scroll down to "Security" and UNCHECK "Check for server certificate revocation"
4. Make sure that (a bit further down) "Use SSL 3.0" and "Use TLS 1.0" are CHECKED.
5. Delete the "SC Info" folder once again...
6. Run iTunes in Admin-Mode
After that, I was able to activate my computer and I changed my browser back to Firefox afterwards...
Hope that will help you too !!
Cheers -
Buyer Account, Welcome mail with password & LDAP related query
Hi All
We are facing an issue with the LDAP configuration while creating Buy side users, please see below
If anyone of you could help, please provide your contact details or a solution to overcome this
Background
We have installed SAP E-Sourcing 5.1 On-premise.
We are currently doing the post installation configuration
- Imported the Out of the Box enterprise Deployment Workbook (We have not modified the contents of the workbook)
- We have configured an SMTP mail host to send and receive all mails from the application
Query
Based on the enterprise Deployment Workbook, the system has created the following Directory configuration settings pointing to different LDAP system
DISPLAY_NAME EXTERNAL_ID
QA SunOne 5.2 u2013 Buyside dir.qa.sun.bs
QA SunOne 5.2 u2013 Sellside dir.qa.sun.ss
QA ActiveDirectory 2003 - Buyside dir.qa.ms.bs
QA ActiveDirectory 2003 u2013 Sellside dir.qa.ms.ss
QA Oracle 9.0.2 u2013 Buyside dir.qa.ora.bs
QA Oracle 9.0.2 u2013 Sellside dir.qa.ora.ss
When we are creating the Buyside users (If we use the Check Box u2013 Create Directory account), we are getting a communication error
If we uncheck it, it creates the account but the system does not generate the welcome mail. We understand that the welcome mail has the system generated password to log-onto the application as the Buyer.
We are also not able to create the local users, as the password.properties template isnu2019t available in the downloaded software, we donu2019t know the format thatu2019s expected by the system.
Please let us know, if there is an alternate way to get the password even without using LDAP or Local directories.
Incase LDAP or creation of local directory is the key, then please let us know whatu2019s happening incorrectly in our case.
This has become a show stopper for us going any forward.
Request your help ASAP
Regards
TridipHi All
I had the same problem when I tried doing the email Set-up
I finally realised that you need to do the configuration steps for SMTP using the enterprise user and the system user. If you have done this setting as only the system user the mails will be in Awaiting retry.
Do this and the mails will start flowing, incase your SMTP mail server is working fine
Please do the following settings logged in as System User and Enterprise User
System Properties->searrch for messaging
Set - Property - Value - Context
messaging messaging.smtp.mailhost replace the default with your value System Context
messaging messaging.smtp.port 25 System Context
Also please let me know what is the status of the messages in your Queued Messages
This should work
Do let me know, if it does
Regards
Tridip
Edited by: Tridip Chakraborthy on May 27, 2009 11:57 AM
Edited by: Tridip Chakraborthy on May 27, 2009 12:02 PM
Edited by: Tridip Chakraborthy on May 27, 2009 12:02 PM -
Hi,
I'm trying to configure Netsacape Directory Server 4.1 to work with the
LDAP Security Realm Update for WebLogic Server 6.1. The Weblogic Server
is unable to connect to NDS and there is not error message to indicate
any exception. I have connect to the NDS using a LDAP browser using the
same principal and credential in the ldaprealm.properties file and was
able to establish connection.
Has anyone encountered the same problem? Any help is appreciated.
Thank you,
PYHumm,
I have heard of different people with the same name but with the same
email address. Strange...
Will the person who did the posting below please email me. You've
already have my email address.
Han.
"Ng, Wey-Han" <[email protected]> wrote in message news:<[email protected]>...
Hi,
I'm trying to configure Netsacape Directory Server 4.1 to work with the
LDAP Security Realm Update for WebLogic Server 6.1. The Weblogic Server
is unable to connect to NDS and there is not error message to indicate
any exception. I have connect to the NDS using a LDAP browser using the
same principal and credential in the ldaprealm.properties file and was
able to establish connection.
Has anyone encountered the same problem? Any help is appreciated.
Thank you,
PY -
Integration of CQ 5.5 with open LDAP
Hi Team,
I am trying to integrate cq 5.5 with open ldap. i am able to see ldap entry in jmx console .
But here the problem is the users in LDAP are not imported to CQ users.
Below are methods in com.adobe.granite.ldap tools section in jmx console.
[Ljava.lang.String;
listOrphanedUsers()
retrieves a list of users not present in the LDAP directory anymore
java.lang.Void
syncAllUsers()
updates all local user informations based on the LDAP directory
[Ljava.lang.String;
syncUser(java.lang.String user)
updates the local user information for a specific LDAP entry
[Ljava.lang.String;
syncUserList([Ljava.lang.String; userlist)
updates the local user information for a list of LDAP entries
[Ljava.lang.String;
purgeUsers()
removes the local user information for all users removed from the LDAP server
using these methods also am unable to import my ldap users to cq.
Please guide me on the same.
Thanks & Regards,
Prasad.please refer to the master guide available for the SRM 5.0 --> which has got details of the R/3 system which you can use with SRM 5.0.
I have seen the guide and according to it , you can use R/3 3.1i - SAP ECC 6.0.
and also there should be no limitation as far as i know , if you are able to use R/3 4.6B , you should be able to use all the functionality. -
sir i have given lot of effort but i am not able to solve my problem either with notifiers or with occurence fn,probably i do not know how to use these synchronisation tools.
sir i am using datasocket read ,i am communicating with java but my problem is that bcz im using while loop to see if value has changed my labview consumes all the processors time ,sir i want a event like thing so that while loop is not in continuous loopHi Sam,
I want to pass along a couple of tips that will get you more and better response on this list.
1) There is an un-written rule that says more "stars" is better than just one star. Giving a one star rating will probably eliminate that responder from individuals that are willing to anser your question.
2) If someone gives you an answer that meets your needs, reply to that answer and say that it worked.
3) If someone suggests that you look at an example, DO IT! LV comes with a wonderful set of examples that demonstate almost all of the core functionality of LV. Familiarity with all of the LV examples will get you through about 80% of the Certified LabVIEW Developer exam.
4) If you have a question first search the examples for something tha
t may help you. If you can not find an example that is exactly what you want, find one that is close and post a question along the lines of "I want to do something similar to example X, how can I modify it to do Y".
5) Some of the greatest LabVIEW minds offer there services and advice for free on this exchange. If you treat them good, they can get you through almost every challenge that can be encountered in LV.
6) If English is not your native language, post your question in the language you favor. There is probably someone around that can help. "We're big, we're bad, we're international!"
Trying to help,
Welcome to the forum!
Ben
Ben Rayner
I am currently active on.. MainStream Preppers
Rayner's Ridge is under construction -
Help with add file name problem with Photoshop CS4
Frustrating problem: Help with add file name problem with Photoshop CS4. What happens is this. When I am in PS CS4 or CS3 and run the following script it runs fine. When I am in Bridge and go to tools/photoshop/batch and run the same script it runs until it wants interaction with preference.rulerunits. How do I get it to quit doing this so I can run in batch mode? Any help is appreciated. HLower
Script follows:
// this script is another variation of the script addTimeStamp.js that is installed with PS7
//Check if a document is open
if ( documents.length > 0 )
var originalRulerUnits = preferences.rulerUnits;
preferences.rulerUnits = Units.INCHES;
try
var docRef = activeDocument;
// Create a text layer at the front
var myLayerRef = docRef.artLayers.add();
myLayerRef.kind = LayerKind.TEXT;
myLayerRef.name = "Filename";
var myTextRef = myLayerRef.textItem;
//Set your parameters below this line
//If you wish to show the file extension, change the n to y in the line below, if not use n.
var ShowExtension = "n";
// Insert any text to appear before the filename, such as your name and copyright info between the quotes.
//If you do not want extra text, delete between the quotes (but leave the quotes in).
var TextBefore = "Lower© ";
// Insert any text to appear after the filename between the quotes.
//If you do not want extra text, delete between the quotes (but leave the quotes in).
var TextAfter = " ";
// Set font size in Points
myTextRef.size = 10;
//Set font - use GetFontName.jsx to get exact name
myTextRef.font = "Arial";
//Set text colour in RGB values
var newColor = new SolidColor();
newColor.rgb.red = 0;
newColor.rgb.green = 0;
newColor.rgb.blue = 0;
myTextRef.color = newColor;
// Set the position of the text - percentages from left first, then from top.
myTextRef.position = new Array( 10, 99);
// Set the Blend Mode of the Text Layer. The name must be in CAPITALS - ie change NORMAL to DIFFERENCE.
myLayerRef.blendMode = BlendMode.NORMAL;
// select opacity in percentage
myLayerRef.opacity = 100;
// The following code strips the extension and writes tha text layer. fname = file name only
di=(docRef.name).indexOf(".");
fname = (docRef.name).substr(0, di);
//use extension if set
if ( ShowExtension == "y" )
fname = docRef.name
myTextRef.contents = TextBefore + " " + fname + " " + TextAfter;
catch( e )
// An error occurred. Restore ruler units, then propagate the error back
// to the user
preferences.rulerUnits = originalRulerUnits;
throw e;
// Everything went Ok. Restore ruler units
preferences.rulerUnits = originalRulerUnits;
else
alert( "You must have a document open to add the filename!" );you might want to try the scripting forum howard:
http://www.adobeforums.com/webx?13@@.ef7f2cb -
Recently my Macbook Pro (June 2011, i7, 8gb RAM, 512gb SSD, AMD Radeon 6750, Mountain Lion - since July - currently 10.8.2) has been presenting me with an array of problems, usually initiated when I am streaming live video. I was streaming Time Warner Cable on 12/9 and it gave me what looked like the blue screen of death. It started up after about five attempts that time. The other day, after about a week of not using the computer, it wouldn't boot past the grey screen. I (option) started it and it gave me two boot choices, the regular HD and a "10.8 restore" option. The HD gave me the grey screen and the restore option gave me the dark blue screen. I reset PRAM and that didn't work. After a force (x) start it worked. Today, I was using "Watch ESPN" and the screen froze and the computer did some kind of repeating RAM beep or something. I rebooted and it started up fine. I'm not watching any videos anymore, but this is a problem since the primary purpose for my mbp is video editing. I'm still under AppleCare but I find more solid answers in the forums or at least better questions for the AppleCare people.
Anybody have similar experiences, or a solid idea of what the heck has happened to my machine?I'm not really sure what method that person was talking about. I just read he had a successful install so I posted it.
But I'll hazard a guess
1. copy your entire drive to a backup drive
2. boot into that drive and test it out - make sure its a flawless backup, it works, and the hard drive has no problems
3. eject that drive, disconnect it and reboot into the leopard install dvd
4. erase your main hard drive using disc utilities on the leopard install dvd -- you've made a backup, made sure that backup was good, and disconnected it so it's currently safely disconnected from the leopard install you're about to do. Also, on the hard drive you're erasing and installing leopard on to, many people recommend "Zeroing" it as well as erasing it. That option is part of the erase function in disc utilities on the leopard install disc.
5. do a clean install of leopard
6. follow step 4 from that original post exactly as that person described to do.
7. read the rest of what they said
That's pretty much it. With the backup/erase/clean install/import/ you pretty much get everything you need exactly the way you want it with very few things missing -- and you've done this over a clean install. Plus that poster did mention that you can select what you want to import from your backup hard drive.
It sounds like its a "clean install" method that gives you control via "import from machine" option in the installer. Control over what parts of your "old mac" you want to import into your "new leopard mac".
Hopefully that helps. It sounds more involved, but its actually pretty quick and provides you with a perfectly save backup in case anything goes wrong with the leopard install.
Maybe you are looking for
-
Is it right to mix sizes of memory modules in a mac mini 2012? for example 2Gb 8Gb?
Is it right to mix sizes of memory modules in a mac mini 2012? for example 2Gb 8Gb?
-
I cannot copy files from adobe bridge cc to a finder window
Is this something that has changed from CS6 to CC?
-
Having to turn Protected mode off to view Microsoft webpages
I'm in the process of building a corporate image and I have just found out that if we go to these types of webpages http://technet.microsoft.com/en-us/library/jj200580(EXCHG.150).aspx and Protected mode is turned on for Internet under security the ac
-
Does Compaq Presario R3000 (AMD) Notebook PC support WPA2-PSK?
Hello all, I know this is an old laptop(Compaq Presario R3000 (AMD) Notebook PC). Recently, I upgraded my network system and start to use WPA2-PSK. I have installed the patch from MS http://www.microsoft.com/en-us/download/details.aspx?id=1974 Howeve
-
i traied all options to fix my iphone but nothing work / i have reseted all my iphone and lost all my apps that i purshased , then i can not open itunes at all plz help me Thx