Creating ACL on a directory to allow a certain ou in LDAP

Similar Messages

• SMS_MP_CONTROL_MANAGER Failed to create the CCM_Incoming Virtual Directory

  Hello -
  I'm hoping someone could help me with this problem. I've searched so many websites trying to resolve this issue and it seems no matter what I try I keep getting the same error message.
  I've followed the steps in setting up SCCM 07 from this web site which was very nicely done! I've also followed the directions on Microsofts Tech Net website on how to configure WebDav and IIS settings.
  I'm working on a Virtual Windows Server 2008 32-bit OS, SP2, SCCM 07 SP2, IIS7
  Here is the message I get in the log files:
  Message ID: 4963
  Process ID: 4364
  Thread ID: 7996
  Componet: SMS_MP_CONTROL_MANAGER
  MP Control Manager detected MPsetup has failed to create the CCM_Incoming Virtual Directory.
  Possible cause: The IIS IWAM account has expired, been disabled, or has invalid or too restrictive logon hours. You may verify this information by running the net user command line for the IWAM account. (i.e.: "net user IWAMMachineName)
  Solution: Use the output to verify that the account is enabled, and logon is possible during the time of installation. Note: You can use "net user" to modify the account properties.
  Possible cause: The IIS IUSR account has expired, been disabled, or has invalid or too restrictive logon hours. You may verify this information by running the net user command line for the IUSR account. (i.e.: "net user IWAMMachineName)
  Solution: Use the output to verify that the account is enabled, and logon is possible during the time of installation. Note: You can use "net user" to modify the account properties.
  Possible cause: The designated Web Site is disabled in IIS.
  Solution: Verify that the designated Web Site is enabled, and functioning properly.
  I could be completely wrong but I read somewhere that with the latest version of IIS doesn't install these user accounts. I checked to see if those accounts existed and they didn't.
  I've tried what this one website mentioned:
  http://myitforum.com...-directory.aspx
  - Remove the MP role from the Site Server. Watch the MPSetup.log to ensure that the removal is complete.
  - Uninstall the IIS component from the OS of the Site Server.
  - Reboot the Site Server.
  - Run ccmdelcert.exe from the SMS Toolkit.
  - Reinstall the IIS component (with BITS) on the OS of the Site Server.
  - Go into the IIS manager and allow WebDav.
  - Add the MP role to the Site Server. Watch the MPSetup.log to ensure that the installation completes correctly.
  These steps didn't seem to work, probably because it was for SMS 2003.
  Here is the MPmsi log file:
  <11-24-2009 17:39:28> SMSMP Setup Started....
  <11-24-2009 17:39:28> Parameters: C:\PROGRA~1\MICROS~3\bin\i386\ROLESE~1.EXE /install /siteserver:DELGADO SMSMP
  <11-24-2009 17:39:28> Installing Pre Reqs for SMSMP
  <11-24-2009 17:39:28> ======== Installing Pre Reqs for Role SMSMP ========
  <11-24-2009 17:39:28> Found 1 Pre Reqs for Role SMSMP
  <11-24-2009 17:39:28> Pre Req MSXML60 found.
  <11-24-2009 17:39:28> No versions of MSXML60 are installed. Would install new MSXML60.
  <11-24-2009 17:39:28> Enabling MSI logging. msxml6.msi will log to C:\Program Files\Microsoft Configuration Manager\logs\msxml6MSI.log
  <11-24-2009 17:39:28> Installing C:\Program Files\Microsoft Configuration Manager\bin\i386\00000409\msxml6.msi
  <11-24-2009 17:39:30> msxml6.msi exited with return code: 0
  <11-24-2009 17:39:30> msxml6.msi Installation was successful.
  <11-24-2009 17:39:30> ======== Completed Installion of Pre Reqs for Role SMSMP ========
  <11-24-2009 17:39:30> Installing the SMSMP
  <11-24-2009 17:39:30> Passed OS version check.
  <11-24-2009 17:39:30> IIS Service is installed.
  <11-24-2009 17:39:30> checking WebDAV configuraitons
  <11-24-2009 17:39:30> WebDAV is configured
  <11-24-2009 17:39:30> No versions of SMSMP are installed. Installing new SMSMP.
  <11-24-2009 17:39:30> Enabling MSI logging. mp.msi will log to C:\Program Files\Microsoft Configuration Manager\logs\mpMSI.log
  <11-24-2009 17:39:30> Installing C:\Program Files\Microsoft Configuration Manager\bin\i386\mp.msi CCMINSTALLDIR="C:\Program Files\SMS_CCM" CCMSERVERDATAROOT="C:\Program Files\Microsoft Configuration Manager" USESMSPORTS=TRUE SMSPORTS=80 USESMSSSLPORTS=TRUE SMSSSLPORTS=443 USESMSSSL=TRUE SMSSSLSTATE=0 CCMENABLELOGGING=TRUE CCMLOGLEVEL=1 CCMLOGMAXSIZE=1000000 CCMLOGMAXHISTORY=1
  <11-24-2009 17:40:24> mp.msi exited with return code: 1603
  <11-24-2009 17:40:24> Backing up C:\Program Files\Microsoft Configuration Manager\logs\mpMSI.log to C:\Program Files\Microsoft Configuration Manager\logs\mpMSI.log.LastError
  <11-24-2009 17:40:24> Fatal MSI Error - mp.msi could not be installed. 
  Component Services (DCOMCNFG) is running properly, no error messages when I was browsing around.
  Any advice would be greatly appricated!
  Thanks!

  Just read the post below
  http://social.technet.microsoft.com/Forums/en-AU/configmgrswdist/thread/5638cdf2-09d3-4750-995e-ae60973e86b8
  <Remember to copy tasks from task scheduler to some different location because it gets wiped off in process)
  Imp. Note: Running ccmclean /all on SCCM is one of these unsupported things.
  Remove the MP as a site system role (if it is still installed), wait for it to finish
  2.       
  Remove IIS completely
  4.     
  Reboot
  5.     
  Stop the Task Scheduler Service
  6.     
  Rename the %windir%\Tasks folder to something else (or move it)
  7.     
  Start the Task Scheduler Service (this will recreate the %windir%\Tasks folder)
  8.     
  Optional: Enable auditing on the \inetpub\wwwroot folder (and subfolders). Make sure to set local security policy to trap failures of file access.  We will need this in case we see
  the same security failure.
  9.     
  Reinstall IIS, BITS, WebDAV
  10. 
  Insure BITS and WebDAV are enabled
  11. 
  Reinstall the MP
  Server Engineer

• HT5349 After reset I keep getting prompted to create or join Open Directory.

  I followed this procedure and after step 5 I get the option to create a new Open Directory domain.  I already have a master on this server, but I can't get beyond this dialog box to configure the Profile Manager.  If I click through to create a new Open Directory Master the process dies saying a master already exists.  Can I get around this via the command line?

  I thought I would report back with what I did to get Profile Manager back to a working state for me.  Since I couldn’t get past the dialog box that kept asking me to either create an OD master or join an OD I decided to delete OD altogether.  I did this twice with differing results in the outcome of the Profile Manger service configuration.  The first time I recreated the OD I got Profile Manger to run, but the certificates were buggered and wouldn’t allow me to deliver a trusted profile to my MacBook Pro.  So, the second time I deleted OD I took things a step further. 
  Deleted the replica
  Deleted the master
  Waited for about 15 minutes for things to “cook”
  Rebooted both servers
  Opened Keychain Access and deleted the self-signed machine certificates on the replica
  Opened Keychain Access and deleted the self-signed machine certificates on the master and deleted the OD certificate as well (when you delete the OD it doesn’t go back and delete everything and you will pick-up configuration settings stashed in files, certificates, etc., when you run the wizard again)
  Installed the OD master (see http://krypted.com/iphone/configuring-using-profile-manager-2-in-os-x-mountain-l ion-server/  Apple, please take notes on how document your server products)
  Setup Profile Manager and applied the newly generated self-signed Code Signing certificate (this won’t be created correctly unless the OD certificate is generated correctly when you re-install OD.  That’s why I deleted the OD certificate in step 6)
  Installed my replica
  Downloaded a trusted profile on the MacBook Pro
  So, to sum things up I follow the procedure http://krypted.com/iphone/configuring-using-profile-manager-2-in-os-x-mountain-l ion-server/ after steps 1 through 6.  Your mileage may vary, but this worked for me.  I should add that I am connected to a Microsoft AD as well to provide authentication for Mac users.  I think the Profile Manager is going to be a good tool for me, but it seems a little fragile and the documentation by Apple is limited (the richest company in the history of the world should be able to document their products better and have them available when the product is released – steps off of soapbox).

• Creating ACLs via command-line

  Is it possible to create ACLs using a command-line utility?
  We are developing an application that will initially have 5000 users and will expand to 15000 users.
  When new users are detected in Microsoft Exchange we create a new user using the command-line (unix) but we also need to create a custom ACL for that user that includes existing ACEs for existing GROUPS that will be providing support.
  This is so that we can drop new Oracle reports into the users folders (again using command-line utilities) and have the reports use the ACL from the folder they are dropped into.
  Thanks for any help.
  null

  Thanks for your response Tom. See my post above 15 items down labeled 'TAR submitted ...'.
  Oracle provided sample code (listed in the above mentioned POST) that works just fine to create ACLs.
  I am very interested in your suggestion to us an agent though because there does not appear to be any way to 'manage' objects (delete groups/acls, etc) through XML.
  Also, Joyce indicated several weeks ago that Oracle does not support loading the class files and using Java from with Oracle DB to manage the objects.
  Our application will rollout in a few weeks and we still need to automate the management of user creation/deletion as well as ACL modification for over 5,000 users.
  The application is to automate the production and distribution of weekly reports using Oracle Reports server to produce PDF report files.
  The biggest problem area is not the mechanical process of creating the reports but rather the proper architecture to enable our customer service and technical support departments to assist the users when problems arise.
  Our current approace is:
  1. Create a custom ACL for each user with ACEs that allow the proper access by tech support and customer service.
  2. Create a report folder for each user, owned by system with the user's custom ACL applied to it.
  3. Automatically generate the reports with Oracle Reports server, and load them into IFS using XML files. Prior to the load IFSMODE is used to have the user's report folder ACL (the PARENT) assigned to the report when it is loaded.
  We would like tech support to be able to rerun a user's report if necessary but we can't figure out how to let tech support use the UI to submit the job to the report server, load the report into IFS and assign the proper ACL.
  Will the soon-to-be-released IFS 1.1 allow its Java classes to be loaded in the soon-to-be-released 8.1.7 so that IFS management can be handled from within the database?
  One last note - there are at least a dozen requests in this forum for more extensive documentation on using XML to automate the IFS functionality.
  I would be willing to assist in any such project you guys put together including, writing or proofing documentation, testing sample code, etc. I would need to do this after hours on my NT environment.
  Thanks again for the response.
  null

• How to create a table with directory which is on different machine

  Hi All,
  I have two servers one is db server db1 and another is app server app1
  I will get files from customer into app1 server in the path d:\files\incoming
  I want to create a table with directory (when I create that it will be mapped to db1) which maps to app1\d\files\incoming,
  please let me know how to achieve this,

  NSK2KSN wrote:
  Hi All,
  I have two servers one is db server db1 and another is app server app1
  I will get files from customer into app1 server in the path d:\files\incoming
  I want to create a table with directory (when I create that it will be mapped to db1) which maps to app1\d\files\incoming,
  please let me know how to achieve this,This is nothing to do with SQL or PL/SQL as such.
  The answer lies in the remit of your Windows administrator to create an alias or link that points
  from your db server to your app server.
  Once that is done, you can refer to the directory as if it was a local one situated on the db server, as normal.
  Edited by: Paul Horth on Feb 21, 2013 10:13 AM
  Changed Unix to Windows when I noticed the direction of the slashes.

• "Create quotation for order" is not allowed (ORD 80000119 )

  Hi,
  After creation of service order I want to create quotation then  system gives error massage as below,
  "Create quotation for order" is not allowed (ORD 80000119 )
  Message no. BS002
  Diagnosis
  The transaction 'Create quotation for order' is not allowed for  ORD 80000119, because no status is set to permit it.
  System response
  You cannot carry out the transaction 'Create quotation for order'.
  Procedure
  You can carry out this transaction if you set a user status, which permits 'Create quotation for order'.
  Thanks & Regards
  kapil

  Kapil,
  Check the System status and user status of the order. Quotation can be created only before releasing the order (REL). or Any user status that may prevent creation of Quotation.
  Babu

• Creating users in Active Directory through LDAP connector

  Hello,
  If we need to create users in Active directory using LDAP connector, what are the options for the following:
  1) Update back into SAP from AD. LDAP connector updates only in one direction i.e from SAP to Active directory.
  2) Can we add additional fields in LDAPMAP which are not standard e.g can we we write our own code to extract data from HR to map the value with an attritube within Active directory?
  Regards,
  Ahmad

  Hello!
  I noticed the email in my inbox and understand the reason for deleting it - checked the rules again - no problem with that.
  Here is the posting again - sanitized this time.
  You can create users in LDAP/AD from SAP without a problem. SAP provides function modules to create/maintain/delete users with LDAP attributes in the correct ou path.
  You can also perform group membership assignment in LDAP from SAP if needed.
  I have done this quite a few times at different companies that use SAP HCM.
  A userid in SAP is created automatically during hiring action with default password e.g. birthday of employee and certain authorization roles based on configured information.
  The userid is then created right away in LDAP in the correct ou path (controlled via custom configuration table) and LDAP group membership is assigned.
  A job runs every 8 hours to perform delta updates in LDAP.
  The userid in SAP and LDAP are locked automatically if the user is terminated using termination action in HR.

• Can Dreamweaver create the remote root directory?

  Hi,
  Does Dreamweaver have the capability to create the remote
  root directory? As an example, if I define a remote site and I set
  the host directory to public/site3 where the public directory
  already exists on the server but site3 directory does not, can
  Dreamweaver create the site3 folder? Other programs will notify
  that the directory does not exist and ask if you'd like for it to
  be created. Dreamweaver just seems to give me error messages.
  I'm currently using a straight FTP program to create the
  directory before I define the remote site but it seems ridiculous
  to have to do this.
  Thanks!
  Julie

  > can Dreamweaver create the site3 folder?
  Sure.
  But - what do you expect this to do for you? Are you trying
  to have
  multiple sites on a single hosting account?
  Murray --- ICQ 71997575
  Adobe Community Expert
  (If you *MUST* email me, don't LAUGH when you do so!)
  ==================
  http://www.dreamweavermx-templates.com
  - Template Triage!
  http://www.projectseven.com/go
  - DW FAQs, Tutorials & Resources
  http://www.dwfaq.com - DW FAQs,
  Tutorials & Resources
  http://www.macromedia.com/support/search/
  - Macromedia (MM) Technotes
  ==================
  "[email protected]"
  <[email protected]> wrote in message
  news:fbutc7$88f$[email protected]..
  > Hi,
  >
  > Does Dreamweaver have the capability to create the
  remote root directory?
  > As
  > an example, if I define a remote site and I set the host
  directory to
  > public/site3 where the public directory already exists
  on the server but
  > site3
  > directory does not, can Dreamweaver create the site3
  folder? Other
  > programs
  > will notify that the directory does not exist and ask if
  you'd like for it
  > to
  > be created. Dreamweaver just seems to give me error
  messages.
  >
  > I'm currently using a straight FTP program to create the
  directory before
  > I
  > define the remote site but it seems ridiculous to have
  to do this.
  >
  > Thanks!
  > Julie
  >

• Error creating user home in directory

  Hello All,
  I installed the Jdeveloper with patch p8751878 to work on 11.5.10.2.  This is on a win7 64bit machine.
  My environment and system variables have the following:
  Variable= JDEV_USER_HOME
  value=C:\p8751878_11i_GENERIC\jdevhome\jdev
  When I try to launch the Jdeveloper getting the following message:
  Eror creating user home in directory C:\p8751878_11i_GENERIC\jdevhome\jdev.  Please restart JDeveloper with a new user home specified.
  Error stack shows the following
  java.io.IOException: Error copying file C:\p8751878_11i_GENERIC\jdevhome\jdev\system9.0.3.5.1453\Classic.kdf
  at oracle.ide.MultiCopier.copyDirectory(Ide.java:3356)
  Any suggestions as to what could be causing this (pls. excuse if this has been asked before..)?
  Thanks,
  Monkey

  Does anyone know how Raptor determines where it will create it's user home???
  On our development network I keep getting the noted error message, regardless of Windows 2003, 2000, or XP. So Im starting to think we may have some Windows policy that is preventing the creation of the .raptor folder that Raptor creates when it first starts up.
  On my laptop, which is not tied into the development network, I dont have this problem.

• Create scenario in Integration Directory eroor:java.lang.NullPointerExcept

  Dear all,
  I have create all thing under software component SAP BW 7: message interfarence and import object rfc, also create integration senario.
  now while i am going to create scenario from Integration Directory > select internal communication and enter create getting error:
  java.lang.NullPointerException
  Internal problem occurred (INTERNAL_PROBLEM)
  i have transferd Integaration scenario from IR and than try to do same, got same error,
  whats the initial steps for importing Integration Repository design in to Integration Directory?
  Best regards,
  dushyant.

  Hi Dushyant,
  Actually it should work...
  try first this one
  In ID -->First import the Integration Scenario by clicking tolls -->Transfer IS from IR
  Then
  Click Create Object in ID then you will get the scrren 3 0f 4.5 as per the link...
  Then click create ---> and enter the service name (if does not exist it is automatically created)
  Then select remaining as required...
  Or else...
  follow this...
  Just Double click the Configuration Scenario under Configuration Objects and Proceed ( No need of Configuration Wizard required) and select your Integration scenario created in IR...
  and rest you can create all the remaining steps under the Scenario that you created by following the smae steps...
  Regards,
  sridhar

• Can FIM create OU in Active Directory

  Experts,
  Although I think answer must be YES but asking to confirm as I have not worked on FIM.
  Can FIM also create OU in Active Directory?
  Thanks,
  Mann

  Yes, you can either manage OUs separately or create them during user provisioning, given you set Hierarchical Provisioning up and running.
  That's almost OOTB behavior of AD MA

• Can we create ACL any where?

  Hi,
  as a part of my DB migration, i was asked to create the ACLS in the target DB and i am completely new to ACLS. Can any body guide me following points.
  1) can i create ACLS in any location. for eg. in my source database. ACL related file is located @
  /sys/acls/network_services.xml
  but in my TARGET DB can i create in any other location?
  for eg in ORACLE_HOME location.
  2) How this will be managed in RAC(Active/passive) environment?
  Thanks in-advance.
  Regards
  DBA.

  Hi,
  1) no you can't , the path /sys/acls is inside the database and not on the filesystem, when you configure an acl using
  dbms_network_acl_admin, only refer to the xml filename without the path and the database will take care of properly
  storing the xml file in the XDB repository,
  2) since it's inside the db and not the filesystem there's no issue with RAC
  greetings,
  Harm ten Napel
  Edited by: hnapel on Dec 31, 2012 4:46 AM

• How to create an IIS virtual directory programmatically?

  All-
  Is it possible to create an IIS virtual directory
  programmatically using Coldfusion? Is there some set of server
  objects that could be tapped into using COM, for example?
  Any guidance would be appreciated. Thanks.
  -Josh

  You should be able to do this (as well as all other
  administrative tasks) using CFEXECUTE, Windows Scripting Host, and
  IIS management object. Read IIS documentation. It contains tons of
  ready-to-use scripts.

• Why is RSS in iWeb creating an extra middle directory?

  Hi! I am publishing my iWeb content to a folder for upload (not for use in .mac). However, when I do so, the RRS in iWeb creates an extra middle directory. It correctly places my website (as I typed it when publishing) at the beginning: http://www.evidenceforfaith.org But it adds an extra directory /evidenceforfaith.org/ in the middle so it looks like this: http://www.evidenceforfaith.org/evidenceforfaith.org/evidence/rss.xml. That extra directory is what I happened to name my site within iWeb to beginning making files. And no matter what I rename it, I get that as an extra middle directory. I don't want this middle directory in my RSS since I don't have it that way on the server. I want my main files and folders directly on the server's main directory. What do I do?
  Thanks,
  T. Rainwater
  2 GHz PowerPC G5   Mac OS X (10.4.7)   iWeb 1.1.1
  2 GHz PowerPC G5   Mac OS X (10.4.7)  

  This is the standard format of iWeb generated URLs. The only choice you have is to change the name of your site in iWeb to something shorter or less obvious.
  Or you can upload only the contents of your sitefolder to your root directory. But then you will have to manually edit the RSS file to reflect the missing sitename directory.

• Unable to create a user home directory ?

  When I use root to create a new account, it can not create a default home directory for this user .
  This problem will also cause a lot of other problems when using non-root account to login in.
  $ ssh [email protected]
  Password:
  Last login: Mon Jul 7 10:13:42 2008 from 10.250.X.X
  Could not chdir to home directory /home/admin: No such file or directory
  Sun Microsystems Inc. SunOS 5.10 Generic January 2005
  what's the problem ?

  chances are its the automounter. check /etc/auto_master. it by default includes /home as a mount point for the automount process. if you dont need the automount for /home, comment that line out, save the file, and run automount -v (-v for verbose output). you should then be able to create dirs under /home. or, you could use a diff home dir prefix, or use the automounter (this will take some setup).