Certificates, Keychain and Directory Services

Similar Messages

• Starting single sign-on and directory service

  i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
  i am getting falilure messages for the following:
  infrastructure instance configuration assistant: failed
  oracle 9i application server randomize password: failed
  single sign on configuration assistant: failed
  infrastructure mod-osso configuration assistant: failed
  OPMN configuration assistant: failed
  log file says:
  Configuration failed for IAS
  IAS Instance creation failed
  Configuration failed for JAZN
  JAZN configuration failed: unable to establish a directory context.
  Configuration succeeded for IASProperty
  Configuration failed for IAS
  Configuration failed for JAZN
  after which single sign-on and directory service dont start. which means no connectivity :(
  can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
  it would be a great help
  ashish

  Hi,
  we're having exactly the same problem.
  Could you tell me what the problem is with the network ?
  You say configure it properly but what do you mean ?
  It's installed on a Windows 2000 Server machine, it's own DNS.
  Thanks,
  Yuri Arts

• One for Tim Harris: iChat and Directory Services

  Hi Tim or anyone else that know the answer,
  I have a thread in iChat 3's forum http://discussions.apple.com/thread.jspa?threadID=2589810
  The Poster is using an iChat server and has "several thousand" contacts listed in Directory Services.
  What he wants to do and has been doing on a one by one basis is have the "real Name" details show in his iChat.
  Currently he is using the Add Buddy Card and the Address Book Arrow to access the Address Book then he navigates to the Directory Services Entry for that person.
  1) Is there a method of making iChat see the info in Directory Services ?
  2) Without creating a Address Book with thousands of entries is there a quick and easy method to get those Buddies in his iChat connected to the info in the Directory Services other than the method he is doing ?
  (AppleScript, Automator or similar).
  3) Am I barking up completely the wrong tree ?
  7:52 PM Thursday; September 23, 2010

  Closing as there is another thread.
  8:17 PM Tuesday; September 28, 2010
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

• Name and Directory Service (Soap, Rest)

  Hello everyone,
  i would like to implement a directory service for Web-services (like UDDI) that supports SOAP and Rest. My question is can i use JNDI to do that. When yes, muss I write a Plug in for JNDI SPI to support this Protocols(SOAP, Rest). When no, what would you recommend me.
  Thank you very much
  Rodolfo

  oops,thought i was replying to the PgP question:)
  I think you should be able to achieve this via adapter module but i m not really sure how exactly it will be done .
  Thanks
  Aamir
  Edited by: Aamir Suhail on Jul 28, 2009 1:42 PM

• Search field and directory services

  To show contacts using open directory services in the adress book, you have to enter a name in the search field. Is seems to work only when searching with the contact name. Is it possible to search with the company (field) name and how ?
  Thanks

  same question here. maybe anyone can tell us what we dont see - because i dont believe apple mail is only able to search the contact name?

• Using LDAP as Naming and Directory Services of Weblogic

  Hi All,
  I wan to use LDAP(using Netscape Directory Server 4.2 as LDAP server) with weblogic5.1. I want that beans should be bound this LDAP server when they are deployed. For this what I have to change in configuration?
  Anyother suggestions related to using LDAP with weblogic are welcome. In this regard, I want to ask whether weblogic application server has LDAP server built into it or not.
  Thanks and Regards,
  sudarson

  As I understand from your reply, you are suggesting me to bind the beans to LDAP server within the bean class's setentitycontext ? Is it so ? Can we not configure even this feature in weblogic6.0 also ? One thing more, if do this kind of thing then jndiname will be hardcoded into the bean class and can't be changed by simply editing the deployment descriptor. Pls suggest.
  Regards,
  sudarson
  "Michael Girdley" <----> wrote:
  >
  >
  This is not possible through configuration at the current time. One thing
  you could do is have your EJBs make a connection to your LDAP server and
  register themselves when they are deployed.
  Michael Girdley
  BEA Systems
  Learning WebLogic? http://learnweblogic.com
  "sudarson" <[email protected]> wrote in message
  news:3a755fd5$[email protected]..
  Hi All,
  I wan to use LDAP(using Netscape Directory Server 4.2 as LDAP server)with weblogic5.1. I want that beans should be bound this LDAP server when
  they are deployed. For this what I have to change in configuration?
  Anyother suggestions related to using LDAP with weblogic are welcome. Inthis regard, I want to ask whether weblogic application server has LDAP
  server built into it or not.
  Thanks and Regards,
  sudarson

• Help please: re proper use of JNDI and Directory services

  I'm new to this J2EE/JDev stuff and have spent a few days pouring over Sun's JNDI and J2EE documentation as to how best to accomplish my task. Here's the big picture. I am constructing a web site in my PC at home for eventual deployment in an ISP server. I don't have an LDAP or COS server but ISPs usually do. I've found a public LDAP server I can use but the problem is getting an entry on the server that my JSP client and EJB server code can use to find my Entity bean and SQLServer database server respectively. The best I've been able to come up with is that I need to write my own Applet or client application to register my entries on that LDAPserver with appropriate Java attributes and then code my stuff to look it up using the DirContext class.
  As for how I pass my stuff into my EJB bean, I intend to use jndi.properties to specify custom properties that map logicals to the physical resources that DirContext routines act on and use System.getProperty("...") to retrieve them dynamically without having to recode later. I haven't figured out exactly how to do this for Servlets and JSPs yet so they can find the beans.
  I'm interested in any feedback to what I'm doing and how better to achieve my ends.
  As an aside, I noticed as I poured through Sun's J2EE container software that they seem to have embedded COS in their deploytool as a nice feature that would effectively solve my problem if JDeveloper could integrate such a capability. Their sample programs were pretty straight-forward in configuring JDBC and the beans. Any thoughts from the JDev team on providing a similar capability for OC4J?
  Thanks,
  Dean

  I would first left-click with the mouse on the camera icon (to enable/activate the snap shot feature), then I'd go with the mouse to the area I wanted to take the snapshot, click-and-drag so I would box-in the desired area to be copied/duplicated, then let go off the mouse (a ding wound then sound) and finally I would go to the page where I wanted to reproduce the snapshotted and left-click once with the mouse... And presto!
  Not so with 11-Pro. It allows me to paste onto a different program such as MS-Word (or Outliok), but not onto a PDF page.
  ⚽ is☝

• SonicMQ5.0.2 Directory Service Path?

  i have Container1 and Broker1 running on machine1.
  I am Installing a Container (Container2) and Broker(Broker2) on a different machine(machine2).
  at the time of istallation it asks "If the Direcotry Service is running do you want to try Connecting it now?"
  when i say yes, it asks me to enter
  Container's Path and Broker's Path .
  The default values it shows here are "/Containers" and "/Brokers"
  my question is what path should i give to it ?
  (when i keep the same path it gives me error something like this:
  Object Name: ':' Invalid Character in Key
  Do you want to Retry?
  i have done the default installation on machine1 and also i want to setup a cluster with both these brokers.
  please help me.
  thanx in advance
  regards

  It still gives the same error ..... Object Name: ':' Invalid Character in key
  (I want to remind you that Container2 and broker2 are on the other machine- "machine2" )
  and Container1,Broker1 resides on different machine("machine1" where Container1,Broker1 and Directory Service is installed and running)

• The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

  We are in the process of removing a child domain from the forest and are down to two DCs. These are both Server 2008r2 sp1 servers, one physical and virtual (PDC). When I try to remove a DC (not the PDC emulator) I get the following error:
  The operation failed because:
  Active Directory Domain Services could not transfer the remaining data in directory partition DC=DomainDnsZones,DC=mydomain,DC=local to
  Active Directory Domain Controller \\V-Svr03.mydomain.local.
  The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles."
  I have checked replication with repadmin /showrepl and all connections were successful. The dcdiag /test:kccEvent test on all servers passed.
  Most DCdiag tests are successful. The only failure is on NCSecDesc when running dcdiag /test:NCSecDesc
     Testing server: Default-First-Site\DC1-DEV-OFC
        Starting test: NCSecDesc
           Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
              Replicating Directory Changes In Filtered Set
           access rights for the naming context:
           DC=ForestDnsZones,DC=hookemup,DC=local
           ......................... DC1-DEV-OFC failed test NCSecDesc
  In researching this I find "If you do not plan to add an RODC to the forest, you can disregard this error."
  We have not successfully run ADprep /rodcPrep nor do we plan on having any Read-Only DCs, so I think we can ignor this error. We did try running ADprep /rodcPrep but got an LDAP error which I can duplicate if this is important.
  Schema and Naming FSMOs are on a DC higher in the forest. RID, PDC, and Infrastructure FSMOs for the child domain are on the Virtual server (PDC).
  Any guidance on where to go from here would be greatly appreciated as I have no more hair on my head to pull.

  Ok... I ran repadmin /showreps /v again and it shows no errors
  C:\>repadmin /showreps /v
  Default-First-Site\DC1-DEV-OFC
  DSA Options: IS_GC
  Site Options: (none)
  DSA object GUID: b294c59f-8b46-4133-89c5-0f30bfd49607
  DSA invocationID: 1054285d-cffe-42b4-8074-e2d44adbb151
  ==== INBOUND NEIGHBORS ======================================
  CN=Configuration,DC=mydomain,DC=local
      Default-First-Site\HESTIA via RPC
          DSA object GUID: b464fde9-29d7-4490-9582-fe9270050d50
          Address: b464fde9-29d7-4490-9582-fe9270050d50._msdcs.mydomain.local
          DSA invocationID: afea3845-9fa8-40a6-a477-84348a206348
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 16381490/OU, 16381490/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
      Default-First-Site\V-SVR03 via RPC
          DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
          Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
          DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 114817/OU, 114817/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
      Default-First-Site\V-SVR01 via RPC
          DSA object GUID: e2f794eb-9658-4bad-b695-3d8c08f46371
          Address: e2f794eb-9658-4bad-b695-3d8c08f46371._msdcs.mydomain.local
          DSA invocationID: 07bb0fe9-bca9-46d1-92ce-308d36da478d
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 66047/OU, 66047/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
      Default-First-Site\ATHENA via RPC
          DSA object GUID: cb00a5b0-6dea-473c-bb42-19356dd9ed36
          Address: cb00a5b0-6dea-473c-bb42-19356dd9ed36._msdcs.mydomain.local
          DSA invocationID: 57313a9c-46a2-4b94-87cc-b3f91d54faed
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 8098197/OU, 8098197/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
  CN=Schema,CN=Configuration,DC=mydomain,DC=local
      Default-First-Site\ATHENA via RPC
          DSA object GUID: cb00a5b0-6dea-473c-bb42-19356dd9ed36
          Address: cb00a5b0-6dea-473c-bb42-19356dd9ed36._msdcs.mydomain.local
          DSA invocationID: 57313a9c-46a2-4b94-87cc-b3f91d54faed
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 8097482/OU, 8097482/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
      Default-First-Site\V-SVR01 via RPC
          DSA object GUID: e2f794eb-9658-4bad-b695-3d8c08f46371
          Address: e2f794eb-9658-4bad-b695-3d8c08f46371._msdcs.mydomain.local
          DSA invocationID: 07bb0fe9-bca9-46d1-92ce-308d36da478d
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 65239/OU, 65239/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
      Default-First-Site\V-SVR03 via RPC
          DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
          Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
          DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 114149/OU, 114149/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
      Default-First-Site\HESTIA via RPC
          DSA object GUID: b464fde9-29d7-4490-9582-fe9270050d50
          Address: b464fde9-29d7-4490-9582-fe9270050d50._msdcs.mydomain.local
          DSA invocationID: afea3845-9fa8-40a6-a477-84348a206348
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 16381373/OU, 16381373/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
  DC=ForestDnsZones,DC=mydomain,DC=local
      Default-First-Site\V-SVR01 via RPC
          DSA object GUID: e2f794eb-9658-4bad-b695-3d8c08f46371
          Address: e2f794eb-9658-4bad-b695-3d8c08f46371._msdcs.mydomain.local
          DSA invocationID: 07bb0fe9-bca9-46d1-92ce-308d36da478d
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 66295/OU, 66295/PU
          Last attempt @ 2012-10-29 13:57:48 was successful.
      Default-First-Site\ATHENA via RPC
          DSA object GUID: cb00a5b0-6dea-473c-bb42-19356dd9ed36
          Address: cb00a5b0-6dea-473c-bb42-19356dd9ed36._msdcs.mydomain.local
          DSA invocationID: 57313a9c-46a2-4b94-87cc-b3f91d54faed
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 8098367/OU, 8098367/PU
          Last attempt @ 2012-10-29 13:58:13 was successful.
      Default-First-Site\V-SVR03 via RPC
          DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
          Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
          DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 115032/OU, 115032/PU
          Last attempt @ 2012-10-29 13:58:25 was successful.
      Default-First-Site\HESTIA via RPC
          DSA object GUID: b464fde9-29d7-4490-9582-fe9270050d50
          Address: b464fde9-29d7-4490-9582-fe9270050d50._msdcs.mydomain.local
          DSA invocationID: afea3845-9fa8-40a6-a477-84348a206348
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 16381653/OU, 16381653/PU
          Last attempt @ 2012-10-29 13:58:34 was successful.
  DC=mySUBdomain,DC=local
      Default-First-Site\V-SVR03 via RPC
          DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
          Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
          DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 114871/OU, 114871/PU
          Last attempt @ 2012-10-29 13:54:02 was successful.
  DC=DomainDnsZones,DC=mySUBdomain,DC=local
      Default-First-Site\V-SVR03 via RPC
          DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
          Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
          DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
          USNs: 114017/OU, 114017/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
  DC=mydomain,DC=local
      Default-First-Site\V-SVR03 via RPC
          DSA object GUID: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8
          Address: 53018cc4-b8c9-48ce-9a54-1b987e7b08c8._msdcs.mydomain.local
          DSA invocationID: 45de2c10-ec8b-443d-a645-db4e0a352a23
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
          USNs: 114017/OU, 114017/PU
          Last attempt @ 2012-10-29 13:52:39 was successful.
      Default-First-Site\HESTIA via RPC
          DSA object GUID: b464fde9-29d7-4490-9582-fe9270050d50
          Address: b464fde9-29d7-4490-9582-fe9270050d50._msdcs.mydomain.local
          DSA invocationID: afea3845-9fa8-40a6-a477-84348a206348
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
          USNs: 16381614/OU, 16381614/PU
          Last attempt @ 2012-10-29 13:56:52 was successful.
      Default-First-Site\V-SVR01 via RPC
          DSA object GUID: e2f794eb-9658-4bad-b695-3d8c08f46371
          Address: e2f794eb-9658-4bad-b695-3d8c08f46371._msdcs.mydomain.local
          DSA invocationID: 07bb0fe9-bca9-46d1-92ce-308d36da478d
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
          USNs: 66325/OU, 66325/PU
          Last attempt @ 2012-10-29 13:58:34 was successful.
      Default-First-Site\ATHENA via RPC
          DSA object GUID: cb00a5b0-6dea-473c-bb42-19356dd9ed36
          Address: cb00a5b0-6dea-473c-bb42-19356dd9ed36._msdcs.mydomain.local
          DSA invocationID: 57313a9c-46a2-4b94-87cc-b3f91d54faed
          SYNC_ON_STARTUP DO_SCHEDULED_SYNCS
          USNs: 8098385/OU, 8098385/PU
          Last attempt @ 2012-10-29 13:58:38 was successful.

• Directory services and windows 2003

  hello all i am new to the world of solaris. So the trouble is that we have a sunfire and i installed directory services 5.2 but windows 2003 refuse to join the domain at all... the sunfire box is in nat and there's an entry in the nat dns server. the question is: is it really possible for a win box to join the solaris ds? or only other solaris boxes can do it?

  Dear Andreas:
  I have read that:
  Hello together,
  I think I've got a solution for my
  Real-Time-LDAP-Password-Check. T was right there is a BSA package,
  which exectly do this but it is not available through the website
  or any download.
  For this you don't need a NTLM Server running or a reverse
  proxy for user authentication. It simply checks over the LDAP port
  to your LDAP server and
  returns if the login is granted through the LDAP password ior
  not.
  Yesterday I spoke to a Breeze dev. and he sent me these
  scripts. He said they will be already implemented into the next
  Breeze version but will also work with Breeze 6.
  When some is interested in this solution please send me pm
  with your email adress and I will send the zip file to you.
  Regards,
  Andreas
  We are an spanish company specilized in developing PDF forms
  and other type of applications and also involved with Adobe,
  specially in Connect.
  I will appreciate if you can send me the zip file to solve
  the LDAP question.
  My email is [email protected]
  Thanks in advance.
  Desirée

• What is "Directory Service" and why does it "use up 194%" ?

  What is "Directory Service" and why does it "use up 194%" on my istat CPU app monitor?
  Ever since I installed Leopard I've noticed this happening more and more - especially when I install an external hard drive or unplug my ethernet line - this is plainly weird and never happened under Tiger - the temperature shoots up to 84° also - I always to a restart to get rid of it but it's kind of worrying....anybody have any ideas?
  Message was edited by: Host

  Had this happen myself.
  It does have something to do with Spotlight/searching. Should go away after a while, or so I have heard from other users, 'cause it hasn't stopped driving me and my fan mad yet.
  Am going to have my MacBook index and follow-up on indexing and whatever else it feels is necessary to finally allow me to search in peace over the weekend while locking it away where I can't hear it.
  Hopefully that does the trick.
  If it wasn't for things working better/faster and most things looking better I might actually consider taking Leopard off again ...

• Discussion and Announcement Services in webcenter Spaces + Active Directory

  I had successfully customized Discussion and announcement Services in webcenter spaces using the default authenticator user WEBLOGIC. And it was working fine.
  I was able to post and configure announcement and also able to create forums and threads in webcenter spaces.
  Now i have Successfully integrated my ACTIVE DIRECTORY to WLS. And now i want to configure discussion and announcement using active directory users. i am facing problem in it. I am able to login to Webcenter spaces as well as 8890/owc_discussions and also in 8890/owc_discussions/admin (jive forum admin) using AD users. i have also given admin roles to ACTIVE directory users in 8890/owc_discussions/admin under Global Settings -> Admins & Moderators .
  When I tried to configure Discussion and announcement Services in webcenter spaces it gives me errors like.....
  (1) The service did not get provisioned.
  (2) failure to authenticate the user *******, due to: Unable to connect to discussion server.*
  Do i need to make changes in keystore.properties & jive_crypto.jar ? Do i need to make a new connection in EM inside WebCenter > Service Configuration.
  Please help.
  Thanks

  Have you set up ws-security between your webcenter and discussion server? If not you need to set it up to get rid of the authentication error.
  Are you setting up a single-sign on between all webcenter components using OAM? If so there is an additional step to add/update owc_discussions.sso.mode property under discussion admin.

• SSL certificates and Web Services Usage inside Oracle Database Questions!

  We have implemented a specific business logic using PL/SQL for our client, so we open a file and process each line of this, doing something in the Database and also call a Web Services (Service1) using UTL_HTTP package. Service1 runs in a Windows 2008 Server in the DMZ as Database server.
  Service1 is already working, and we can call the service from PL/SQL without troubles.
  However, according with security client's policies they requires all Web services be consumed via https including Service1, so we must to follow the procedure established for Oracle in order to enable the calling of service1 via https from the Database.
  Our client's DBA and IT Team are concerned about two subjects before to continue to follow the certificate installation:
       - SSL Certificates:
  1- Can installed certificates in the Database put in risk the stability of the database?
            2- Can installed certificates in the Database generate performance issues?
            3- Can installed certificates reloading the Databases?
            2- Can installed certificates in the Database generate security issues?
       - Web services:
  1- Can web services calling from the Database put in risk the stability of the database?
  2- Can web services calling from the Database generate performance issues?
  3- Can web services calling from the Database generate security issues in the DMZ?
  Could you please give us any clues, about the possible negative impact related with the SSL certificates and Web Services Usage inside Oracle Database, if it’s the case this impact exists?.
  Those are the links describing the procedure mentioned above.
  1 -http://www.kotti.es/2009/11/oracle-wallet/
  DB: Oracle 9i.
  Average number of lines in file: 300
  Periodicity: Twice at day.

  Thiago:
  You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
  I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
  http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
  Regards,
  Jason

• How can I synchronize directory service and bpm engine?

  hi,all
  I'm using bpm WL 10.3.1 with papi.
  Now I want to assign role to participant in process.
  I use DirHumanParticipant.setRolesAssignment() and DirHumanParticipant.update() to assign role dynamically.
  But it does not work.
  Actually, when I log in to the webconsole. The role has assigned to the participant.
  but when I log in to the workspace. I cannot find expect task in my work items.
  In the history view I can find it.
  Then I remove the role that i assigned previous and assign again in the webconsole.
  After that I log in to the workspace, now i can get the expect task in my work items.
  I think it need to synchronize between directory service and bpm engine. but I don't how to do it?
  Is there any way to do it with some api?
  thanks
  regards
  kenshin

  Hi!
  Here is how it works:
  1. The engine polls the directory periodically and checks if some changes were made to the participant role assignments.
  The poller frequency is configured on the Process Administrator.
  2. When a change is detected, the engine updates the information on the engine partcipant cache.
  However, if the participant is logged it, the update operation is postponed until the participant logs off.
  3. After checking the directory, the engine directory poller sends a notification to all the PAPI clients (including the Workspace)
  and the workspace side poller updates the participant assignment you see in the workspace.
  The notification mechanism is using the JMS Topic on the JEE version of the BPM.
  - First of all verify you are logged out when you add/remove the role.
  After that, wait 1 minute or the time specified in the Process Admin as the directory poller frequency.
  - Verify the JMS Topic is defined correctly. Check the engine log for any JMS Topic related error.
  Hope it helps.

• Directory Services and Windows Question

  If this question has been asked before or if it seems really simple I am sorry. I have a client that has a small windows work group of XP machines. They want to move to a client server infrastructure but are not interested in the headaches involved in Windows licenses and have asked me about OS X Server on a Mac Mini. My question is if I create the users in the Mac server directory services can they use those usernames and passwords to log into their machines essentially making the Mac Mini run as a "Domain Controller" role or would those usernames and password only be used to authenticate to resources hosted on the Mini?
  T

  Actually, the same problems that existed in ARD 2 still exist in ARD 3 and make it difficult to make this useful with ActiveDirectory (but are not problematic in OpenDirectory). That problem is that ARD looks for a group named "ard_admin" (and others for other purposes), and when you make a group in AD it always gets prepended with your domain name (ie: DOMAINNAME\ard_admin).
  The only way of handling this with ARD 2 was to create a local group named ard_admin and add the network users to it, or nest a group, but that only works with 10.4.3+. I asked this question to the project lead for ARD at Apple, and he dismissed this as a "OS issue"... not what I wanted to hear.
  There is a work-arround for ARD 3 where you manually change the com.apple.remotedesktop preferences to include other groups, but this will only work if you do it manually for every computer unless you have OpenDirectory. The instructions for this are in the ARD 3 manual (page 62).