Configure OpenSSO Policy Based on nsroledn?
Hi
It seems I can configure a url policy based on "authenticated users", "group", or "filter role", however, no luck on "nsroledn"? Does openSSO policy supports subject type of "managed role"?
Thanks in advance
silly me, I forgot the scope nsroledn
Similar Messages
-
Policy Based Routing with VPN Client configuration
Hi to all,
We have a Cisco 2800 router in our company that also serves as a VPN server. We use the VPN Client to connect to our corporate network (pls don't laugh, I know that it is very obsolete but I haven't had the time lately to switch to SSL VPN).
The router has two WAN connections. One is the primary wan ("slow wan" link with slower upload 10D/1U mbps) and it is used for the corporate workstations used by the emploees. The other is our backup link. It has higher upload speed - 11D/11U mbps, (fast wan), and thus we also use the high upload link for our webserver (I have done this using PBR just for the http traffic from the webserver). For numerous other reasions we can not use the `fast wan` connection as our primary connection and it is used anly as a failover in case the primary link fails.
The `fast wan` also has a static IP address and we use this static IP for the VPN Client configuration.
Now the thing is that because of the failover, when we connect from the outside using the VPN Client, the traffic comes from the`fast wan` interface, but exits from the `slow wan` interface. And because the `slow wan` has only 1mbps upload the vpn connection is slow.
Is there any way for us to redirect the vpn traffic to always use the `fast wan` interface and to take advantage of the 11mbps upload speed of that connection?
This is our sanitized config
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group dc
key ***
dns 192.168.5.7
domain corp.local
pool SDM_POOL_1
acl 101
max-users 3
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group dc
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile SDM_Profile1
set security-association idle-time 3600
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
interface Loopback0
ip address 10.10.10.1 255.255.255.0
interface FastEthernet0/0
description *WAN*
no ip address
ip mtu 1396
duplex auto
speed auto
interface FastEthernet0/0.3
description FAST-WAN-11D-11U
encapsulation dot1Q 3
ip address 88.XX.XX.75 255.255.255.248
ip load-sharing per-packet
ip nat outside
ip virtual-reassembly
interface FastEthernet0/0.4
description SLOW-WAN-10D-1U
encapsulation dot1Q 4
ip address dhcp
ip nat outside
ip virtual-reassembly
no cdp enable
interface FastEthernet0/1
description *LOCAL*
no ip address
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/1.10
description VLAN 10 192-168-5-0
encapsulation dot1Q 10
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly max-reassemblies 32
no cdp enable
interface FastEthernet0/1.20
description VLAN 20 10-10-0-0
encapsulation dot1Q 20
ip address 10.10.0.254 255.255.255.0
ip access-group PERMIT-MNG out
ip nat inside
ip virtual-reassembly
!!! NOTE: This route map is used to PBR the http traffic for our server
ip policy route-map REDIRECT-VIA-FAST-WAN
no cdp enable
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
interface Virtual-Template3
no ip address
interface Virtual-Template4
no ip address
ip local pool SDM_POOL_1 192.168.5.150 192.168.5.152
ip forward-protocol nd
!!! SLOW-WAN NEXT HOP DEFAULT ADDRESS
ip route 0.0.0.0 0.0.0.0 89.XX.XX.1 5
!!! FAST-WAN NEXT HOP DEFAULT ADDRESS
ip route 0.0.0.0 0.0.0.0 88.XX.XX.73 10
ip nat inside source route-map FAST-WAN-NAT-RMAP interface FastEthernet0/0.3 overload
ip nat inside source route-map SLOW-WAN-NAT-RMAP interface FastEthernet0/0.4 overload
access-list 101 remark SDM_ACL Category=4
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
access-list 101 permit ip 10.10.0.0 0.0.0.255 any
ip access-list extended FAST-WAN-NAT
permit tcp 192.168.5.0 0.0.0.255 range 1025 65535 any
permit udp 192.168.5.0 0.0.0.255 range 1025 65535 any
permit icmp 192.168.5.0 0.0.0.255 any
permit tcp 10.10.0.0 0.0.0.255 range 1025 65535 any
permit udp 10.10.0.0 0.0.0.255 range 1025 65535 any
permit icmp 10.10.0.0 0.0.0.255 any
ip access-list extended REDIRECT-VIA-FAST-WAN
deny tcp host 10.10.0.43 eq 443 9675 192.168.5.0 0.0.0.255
permit tcp host 10.10.0.43 eq 443 9675 any
ip access-list extended SLOW-WAN-NAT
permit ip 192.168.5.0 0.0.0.255 any
permit ip 10.10.0.0 0.0.0.255 any
route-map FAST-WAN-NAT-RMAP permit 10
match ip address FAST-WAN-NAT
match interface FastEthernet0/0.3
route-map REDIRECT-VIA-FAST-WAN permit 10
match ip address REDIRECT-VIA-FAST-WAN
set ip next-hop 88.XX.XX.73
route-map SLOW-WAN-NAT-RMAP permit 10
match ip address SLOW-WAN-NAT
match interface FastEthernet0/0.4Can you try to use PBR Match track object,
Device(config)# route-map abc
Device(config-route-map)# match track 2
Device(config-route-map)# end
Device# show route-map abc
route-map abc, permit, sequence 10
Match clauses:
track-object 2
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Additional References for PBR Match Track Object
This feature is a part of IOS-XE release 3.13 and later.
PBR Match Track Object
Cisco IOS XE Release 3.13S
The PBR Match Track Object feature enables a device to track the stub object during Policy Based Routing.
The following commands were introduced or modified: match track tracked-obj-number
Cheers,
Sumit -
OCP 10g question: Policy-based database configuration framework
Hi Oracle Gurus out there,
I am preparing for Oracle 10g certification. I was able to find answers to most of my questions from the documentation. But this particular topic is somehow missing everywhere, or I am not understanding it correctly.
There are some questions on this topic according to the people who gave their beta exam 1z1-040
Does anybody has any idea what does Oracle mean by 'Policy-based database configuration framework'
Any help will be appreciated
Thanks
YogeshOfonime,
the link to the document is
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=11740.1
But you need a MetaLink account in order to access it. -
Policy based routing on VRF interfaces to route traffic through TE Tunnel
Hi All,
Is there a method to do policy based routing on VRF interfaces and route data traffic through one TE tunnel and non-data traffic through another TE tunnel.
The tunnel is already build up with these below config
interface Tunnel25
ip unnumbered Loopback0
tunnel destination 10.250.16.250
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 10 explicit name test
ip explicit-path name test enable
next-address x.x.x.x
next-address y.y.y.y
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
mpls traffic-eng tunnels
nterface GigabitEthernet5/2
mpls traffic-eng tunnels
mpls ip
Is there additional config needed to work ,also in the destination end for the return traffic,we want to use the normal PATH --I mean non TE tunnel.
We tested with the above scenario,but couldn't able to reach the destination.Meantime we had a question,when the packet uses the policy map while ingress,it may not know the associatuion with VRF(Is that right? --If so ,how to make it happen)
Any help would be really appreciated
Thanks
Regards
Anantha Subramanian Natarajanhi Anantha!
I might not be the right person to comment on your first question. I have not configured MVPNs yet and not very confertable with the topic.
But I am sure that if you read through the CBTS doc thoroughly, you might be able to derive the answer yourself. One thing I notice is that " a Tunnel will be selected regularly according to the routing process (even isf it is cbts enabled). From the tunnels selected using the regular best path selection, the traffic is mapped to a perticular tunnel in the group if specific class is mapped to that tunnel.
So a master tunnel can be the only tunnel between the 2 devices over which the routing (bgp next hops) are exchanged and all other tunnels can be members of this tunnel. So your RPF might not fail.
You might have to explore on this a bit more and read about the co-existance of multicast and TE. This will be the same as that.
For your second question, the answer would be easy :
If you want a specific eompls cust to take a particular tunnel/path, just create a seperate pair of loopbacks on the PEs. Make the loopback learnt on the remote PE through the tunnel/path that you want the eompls to take. Then establish the xconnect with this loopback. I am assuming that your question is that a particular eompls session should take a particular path.
If you meant that certain traffic from the same eompls session take a different path/tunnel, then CBTS will work.
Regards,
Niranjan -
OIM 11g AD Connector Access Policy Based Provisioning Issue
Hi,
I created Approval Policy for Access Policy Based Provisioning request type for request level (autoapproval) and operational level (used standart beneficiaryManagerApproval process), but when the resource must assigned to User,- throws exception when running setAdDn adapter of Process Definition Form:
Running ISADAM
Target Class = java.lang.String
Running Get Attribute Map
Running AD Create User
Running ISADAM
Target Class = java.lang.String
Running GETUSESSL
Target Class = java.lang.String
Running CheckUserStatus
Running GETATTRIBUTEHASH
Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
Running Set User Attribute
Running Set User Expiration Date
Running ISADAM
Target Class = java.lang.String
Running CheckUserStatus
Running GETPWDEXPIRESATTRIBUTEHASH
Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
Running Set Pwd Expires Attribute False
Running GETATTRIBUTEHASH
Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
Running SETADDN
[2012-07-19T16:15:52.281+03:00] [oim_server1] [ERROR] [] [XELLERATE.SERVER] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: tcDataObj/save Error :Insertion of dataobject into database failed
[2012-07-19T16:16:34.375+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 0
[2012-07-19T16:16:55.422+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 1
[2012-07-19T16:17:12.750+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
[2012-07-19T16:17:14.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
[2012-07-19T16:17:15.203+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
[2012-07-19T16:17:15.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
[2012-07-19T16:17:16.469+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 2
[2012-07-19T16:17:37.516+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 3
[2012-07-19T16:17:58.562+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 4
[2012-07-19T16:17:58.562+03:00] [oim_server1] [ERROR] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: DirectDB/getConnection encounter some problems: Error while retrieving database connection.Please check for the follwoing[[
Database srever is running.
Datasource configuration settings are correct. java.sql.SQLException: Unexpected exception while enlisting XAConnection java.sql.SQLException: Transaction rolled back: Event handler ApprovalInitiation is asynchronous but orchestration is configured as synchronous.
at weblogic.jdbc.jta.DataSource.enlist(DataSource.java:1616)
at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1503)
at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
at $Proxy250.execute(Unknown Source)
at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy311.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1522)
at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
at $Proxy250.execute(Unknown Source)
at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy311.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
But when I try to provision this Resource through Access Policy, but without approving it works fine!!!
Please, Help.
Edited by: user13830503 on 19/7/2012 6:392e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
Make sure the lookup table exists and is spelled correctly in your process task. -
ASM and CONFIGURE RETENTION POLICY TO REDUNDANCY 1
I have a 11gR2 database in Linux. ALL the database files (including ARCHIVELOGs) are in ASM. I'm configuing and using RMAN in order to backup the DB & ArchiveLogs.
I have "CONFIGURE RETENTION POLICY TO REDUNDANCY 1" configured.
Please help me understand its meaning and function within ASM.
I thought that based on that configuation that my OBSOLETE ARCHIVELOG files within ASM would be automatically be deleted?
So once I completed my second set of backups, when I executed, "DELETE NOPROMPT OBSOLETE" & "DELETE NOPROMPT EXPIRED ARCHIVELOG ALL", that the first second of ARCHIVELOG backups would be deleted?
...thanks in advanceASM has nothing to do with retention or deletion. You can find the definition of redundancy in the docs at http://tahiti.oracle.com
-
Hello,
I am setting up PBR. Looking at my configuration, will the next hop apply for both access lists 100 and 101? or will access-list 101 use 192.168.0.1 as the next up? I was hoping acl 101 will use 10.10.10.1 as next up.
router configuration:
route-map policy-based-routing permit 10
match ip address 100
set ip next-hop 192.168.10.1
route-map policy-based-routing permit 20
match ip address 101
set ip next-hop 10.10.10.1
access-list 100 permit ip 10.10.10.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 101 deny ip any any
ip route 0.0.0.0 0.0.0.0 10.10.10.1Paul,
All you need is the following configuration.
route-map policy-based-routing permit 10
match ip address 100
set ip next-hop 192.168.10.1
access-list 100 permit ip 10.10.10.0 0.0.0.255 192.168.10.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 10.10.10.1
with the above configuration applied to the correct incoming interface, all traffic from 10.10.10.0 destined to 192.168.10.0 will use the next hop from the route map and all other traffic wil use the default route
HTH
Narayan -
Policy based routing on a Layer 3 switch
I am doing some lab testing on policy based routing. I am having some issues that I can't see to get working right.
Here is the config:
ip local policy route-map Test-map
ip access-list extended icmp
permit icmp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
permit icmp 192.168.2.0 0.0.0.255 192.168.200.0 0.0.0.255
ip access-list extended telnet
permit tcp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255 eq telnet
permit tcp 192.168.2.0 0.0.0.255 192.168.200.0 0.0.0.255 eq telnet
ip access-list extended test
permit icmp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
route-map Test-map permit 10
match ip address icmp
set ip next-hop 192.168.1.3
route-map Test-map permit 20
match ip address telnet
set ip next-hop 192.168.1.2
The first thing I did was I only had 1 network on this box the 192.168.1.x and when I plugged a pc into a port on the switch and tried to ping the remote network of 192.168.200.1 it will not hit on my access-lists for my policy based routes.
If I do a ping from the switches IOS interface directly the access-lists get hits and the policy based routes work fine.
So I was puzzled by this and figured maybe policy based routes only work if they come from one network to another network. So I setup a 2nd vlan called 192.168.2.x and put my pc in that vlan. I then proceed to ping 192.168.200.1 and still was unable to get any hits on the access-lits or policy based routes.
So what am I doing wrong or am I trying to use policy based routing wrong here?I've done that command but then when I do a "show run" I don't see it in the configuration and it doesn't seem to be working.
Also if everything is on the same vlan 100 will the pbr work? or does this require that I use two different vlans? (one for inside and one for outside) so that I have a interface from where the packets are coming from? -
WSA and Cisco Policy Based Routing
I'm looking to convert my WSA from explicit to transparent proxy using policy based routing on a Cisco router. See the config below where xxx.xxx.xxx.xxx is the P1 interface on the WSA. Does anyone see any issues with the following in a production environment?
access-list 110 permit tcp any any eq www
route-map proxy-redirect permit 10
match ip address 110
set ip next-hop xxx.xxx.xxx.xxx
interface ethernet0/1
ip policy route-map proxy-redirect
The P1 interface on the WSA is located upstream from the router so I'm not checking for it in the ACL.That router configuration looks good to me, but just make sure that the WSA was configured for Transparent mode during the initial System Setup Wizard configuration. If it was initially configured for explicit only, then you will need to run the wizard again to change it to transparent.
Also, make sure to add a deny statement to the top of access-list 110 for the WSA IP address if the WSA will be going out to the Internet through the same e0/1 interface. Loops are bad. :twisted:
Cheers,
Jason -
Introduce second default gateway into policy-based routing and optimization
Questions:
1) How to get the second PBR_DEFAULT_GATEWAY address 10.20.20.3 into the policy-based routing for redundancy?
2) Any optimizations as more and more traffic (policy-based routed and otherwise) goes through interface Gi1/0/1?
Address range A.B.0.0/16 represents assigned Internet-routable addresses.
Network also uses 10.0.0.0/8, 172.16.0.0/20, 192.168.0.0/16.
DEFAULT_GATEWAY router participates in OSPF and injects the default routes 0.0.0.0/0 10.10.10.1 and 0.0.0.0/0 10.20.20.1 into OSPF.
PBR_DEFAULT_GATEWAY router participates in OSPF but filters out default routes injected by DEFAULT_GATEWAY router.
ROUTER_A participates in OSPF and receives default routes injected by DEFAULT_GATEWAY router.
ROUTER_A contains the attached policy-routing configuration that allows the subnet A.B.30.0/24 to route anywhere on the network and uses PBR_DEFAULT_GATEWAY as the way out.Ok I will see if I can run out to work and try this today..
After thinking about this, If I need to get to local ip addresses (192.168.1.0 and 192.168.128.0), I might have to change my route map to include those ranges in an ACL, then assign the 172.20.200.1 as the gateway to get to those networks, with the last statement being the traffic to be sent out the firewall
for instance
# Access to one of my local networks
access-list 101 permit ip 172.20.200.0 0.0.0.255 192.168.1.0 0.0.0.255
# Send Internet traffic to ASA/PIX
access-list 172 permit ip 172.20.200.0 0.0.0.255 any
route-map pix-172-20-200 permit 10
match ip address 101
set ip next-hop 172.20.200.1
route-map pix-172-20-200 permit 20
match ip address 172
set ip next-hop 172.20.200.2
and so on?
I know I need to be in front of my switch to test the change from set ip default next-hop to set ip next-hop...
I wantto make sure I can still get to the local networks I need to get to.
I appreciate all your help, and I will test this later on today..
Thanks
Don Hickey -
Does icmp redirect work with policy based route
Setup:
R1 and R2 on same ip net.
On R1 policy based route is configured with R2 as next hop.
Will R1 send icmp redirect (to use R2 instead) to those hosts that match the policy based routing ?
Thanks.
Gert SchaarupHI Gert,
The answer to your question is yes. I have verified this in a lab previously. As long as all the conditions for ICMP redirect have been met (source address on same net, best gateway on same net) then ICMP redirects are sent regardless of whether PBR or normal routing is being used.
Hope that helps - pls rate the post if it does.
Paresh -
Localy configured security policy in domain environment
Hello.
I have run in to a problem when configuring security policy for servers in my domain. Due to the large size of my environment and many different local administrators on servers quite a few of those administrators has configured local security policys on
their servers instead of asking for our central IT-dep to create domain based GPO's for those settings.
It's quite often settings that give a account the right to logon as a batchjob and so on. This creates the problem for us that work centraly that we can't configure central GPO since we will overwrite the localy configured ones and that will quite often
create a application to stop working.
So my question is if there's any way to make a inventory to find out what servers has a local configured policy so that i can change that to a central one.
/LeeYou can use secedit to get the local security policy. You can use
psexec to get it remotely and store the content in a share. Once done, you can fetch the data using Powershell and get what you need.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Configuring group policy for user profiles in Windows Server 2012 R2 Domain
Requesting some experts advise on configuring group policy for user profiles.
We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
The settings which I am concerned:
1. Folder Redirection: Desktop, Documents, Favorites.
2. Quota for Folder Redirection - 1 GB per user.
3. Map a networked drive - 1 GB per user.
4. Roaming profile - (Will ignore if it does not suit our requirement).
The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
Thanks a lot for your valuable time and efforts.Hi,
>>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
This depends on where our outlook data files are stored. If these data files are stored under
drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
However, regarding your question, we can refer to the following thread to find the solution.
Roam outlook profiles without roaming profiles
http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
Configuring Folder Redirection
http://technet.microsoft.com/library/cc786749.aspx
Hope it helps.
Best regards,
Frank Shen -
Problem with Acess policy based Provisioning using DBConnecor in OIM 11g R2
Hi,
I am doing Access policy based Provisioning using DB Connector 9.1.0.5.0 in OIM 11g r2.
it is throwing ITResource Instance with key 0 does not exist. but there no option to select it resource in Process form via Acesspolicy.
in Application instance form there is a form in that it-resource field is available with default value 0. i am trying to update this value it is not updating . at the time of triggering access policy i am getting following error.
[XELLERATE.SERVER] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000JdMSEGQApIGqywYfMG1GU6ud000002,0] [APP: oim#11.1.2.0.0] Class/Method: APIUtils/createApplicationInstance encounter some problems: ITResource Instance with key 0 does not exist.[[
oracle.iam.provisioning.exception.ITResourceNotFoundException: ITResource Instance with key 0 does not exist.
at oracle.iam.provisioning.util.ApplicationInstanceUtil.validateITResource(ApplicationInstanceUtil.java:119)
at oracle.iam.provisioning.impl.ApplicationInstanceServiceImpl.addApplicationInstance(ApplicationInstanceServiceImpl.java:70)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy455.addApplicationInstance(Unknown Source)
at oracle.iam.provisioning.api.ApplicationInstanceServiceEJB.addApplicationInstancex(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
its urgent requirement.
Thanks,
Edited by: 853559 on Oct 12, 2012 2:25 PMYou can re-visit access policy It will have the Process form where you can provide the access policy and save it. Access policy is already created so you can modify access policy and open the process form select IT Resource and save it.
Another way to write pre-pop adapter for populating IT Resource on the process form. But I am sure you can provide it resource via access policy.
---nayan -
Not set configure retention policy to recovery window of 7 days
HI all,
if parameter "" configure retention policy to recovery window of 7 days "" is not set
then i am taking weekly and inreamental cumulative backup any effect of backup
i think in this case delete obsolete is not working.
currently parameter set is CONFIGURE RETENTION POLICY TO REDUNDANCY 1;HI all,
if parameter "" configure retention policy to recovery window of 7 days "" is not set
then i am taking weekly and inreamental cumulative backup any effect of backup
i think in this case delete obsolete is not working.
currently parameter set is CONFIGURE RETENTION POLICY TO REDUNDANCY 1;
Maybe you are looking for
-
T60 2007-FUG ATI X1400 Windows 7 64-bit projector and external display problem
I have Windows 7 64-bit Enterprise on my T60. I have tried to install many different ati drivers, but nothing seems to work. I cant use a projector or external display via VGA port. I heard that if I boot with a projector then it works ok. I have ins
-
IPhoto '09 crashing after rebuilding library - crash log included
My problems started when I tried to rebuild my library so I could burn back-up DVD's for my iPhoto library. Along the way I realized Time Machine never backed up my iPhoto library (although it backed up everything else on my internal and external HD'
-
Vendor Bill Booking - CIN Environment
Hi All, I have a problem in vendor bill booking via MIRO. The purchase order contains details viz. Excise Duty, EDC etc. GR based IV has been ticked. When booking a Vendor invoice thru MIRO (after the GR has been done), there is a problem. If the M
-
I downloaded mountain lion and my audio does not work
I Downloaded mountain lion and my audio input does not work. I am tryig to use it with Articulate. I rebooted twice, I ahve taken out the external mic I have looked in Utilities and see if the setting are muted but all ok I have looked in Activity mo
-
What is the max size (length) that an http post can handle?
I have an application that builds a SOAP document and makes use of Apache SOAP API to do XML messaging. To build the SOAP message, I have to query the database for a batch of data to be posted to another "web service" application using SOAP. The prob