Creating GC power users with the Java EM cli kit

Similar Messages

• How can I create a new User with the Java API like OIDDAS do?

  Hello,
  I'm currently working on an BPEL based process. And i need to create an OCS user. So far I can create an user in the OID. But I cant find any documentation about given this user an email account,calendar and content function etc.
  Did anybody know if there are some OIDDAS Webservices? Or did anybody know how to do this using the Java APIs?

  You are asking about a Database User I hope.
  You can look into the Oracle 8i Documentation and find various privillages listed.
  In particular, you may find:
  Chapter 27 Privileges, Roles, and Security Policies
  an intresting chapter.
  You may want to do this with the various tools included with 8i - including the
  Oracle DBA Studio - expand the Security node and you can create USERS and ROLES.
  Or use SQL*Plus. To create a
  user / password named John / Smith, you would login to SQL*Plus as System/manager (or other) and type in:
  Create user John identified by Smith;
  Grant CONNECT to John;
  Grant SELECT ANY TABLE to John;
  commit;
  There is much more you can do
  depending on your needs.
  Please read the documentation.
  -John
  null

• Can I create a cert with the Java API only?

  I'm building a client/server app that will use SSL and client certs for authenticating the client to the server. I'd like for each user to be able to create a keypair and an associated self-signed cert that they can provide to the server through some other means, to be included in the server's trust store.
  I know how to generate a key pair with an associated self-signed cert via keytool, but I'd prefer to do it directly with the Java APIs. From looking at the Javadocs, I can see how to generate a keypair and how to generate a cert object using an encoded representation of the cert ( e.g. java.security.cert.CertificateFactory.generateCertififcate() ).
  But how can I create this encoded representation of the certificate that I need to provide to generateCertificate()? I could do it with keytool and export the cert to a file, but is there no Java API that can accomplish the same thing?
  I want to avoid having the user use keytool. Perhaps I can execute the appropriate keytool command from the java code, using Runtime.exec(), but again a pure java API approach would be better. Is there a way to do this all with Java? If not, is executing keytool via Runtime.exec() the best approach?

  There is no solution available with the JDK. It's rather deficient wrt certificate management, as java.security.cert.CertificateFactory is a factory that only deals in re-treads. That is, it doesn't really create certs. Rather it converts a DER encoded byte stream into a Java Certificate object.
  I found two ways to create a certificate from scratch. The first one is an all Java implementation of what keytool does. The second is to use Runtime.exec(), which you don't want to do.
  1. Use BouncyCastle, a free open source cryptography library that you can find here: http://www.bouncycastle.org/ There are examples in the documentation that show you how to do just about anything you want to do. I chose not to use it, because my need was satisfied with a lighter approach, and I didn't want to add a dependency unnecessarily. Also Bouncy Castle requires you to use a distinct version with each version of the JDK. So if I wanted my app to work with JDK 1.4 or later, I would have to actually create three different versions, each bundled with the version of BouncyCastle that matches the version of the target JDK.
  2. I created my cert by using Runtime.exec() to invoke the keytool program, which you say you don't want to do. This seemed like a hack to me, so I tried to avoid it; but actually I think it was the better choice for me, and I've been happy with how it works. It may have some backward compatibility issues. I tested it on Windows XP and Mac 10.4.9 with JDK 1.6. Some keytool arguments changed with JDK versions, but I think they maintained backward compatibility. I haven't checked it, and I don't know if I'm using the later or earlier version of the keytool arguments.
  Here's my code.
  import java.io.File;
  import java.io.FileInputStream;
  import java.io.FileOutputStream;
  import java.io.IOException;
  import java.security.KeyStore;
  import java.security.KeyStoreException;
  import java.security.NoSuchAlgorithmException;
  import java.security.cert.CertificateException;
  import javax.security.auth.x500.X500Principal;
  import javax.swing.JOptionPane;
  public class CreateCertDemo {
       private static void createKey() throws IOException,
        KeyStoreException, NoSuchAlgorithmException, CertificateException{
       X500Principal principal;
       String storeName = ".keystore";
       String alias = "keyAlias";
       principal = PrincipalInfo.getInstance().getPrincipal();
       String validity = "10000";
       String[] cmd = new String[]{ "keytool", "-genKey", "-alias", alias, "-keyalg", "RSA",
          "-sigalg", "SHA256WithRSA", "-dname", principal.getName(), "-validity",
          validity, "-keypass", "keyPassword", "-keystore",
          storeName, "-storepass", "storePassword"};
       int result = doExecCommand(cmd);
       if (result != 0){
            String msg = "An error occured while trying to generate\n" +
                                "the private key. The error code returned by\n" +
                                "the keytool command was " + result + ".";
            JOptionPane.showMessageDialog(null, msg, "Key Generation Error", JOptionPane.WARNING_MESSAGE);
       KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
       ks.load(new FileInputStream(storeName), "storePassword".toCharArray());
          //return ks from the method if needed
  public static int doExecCommand(String[] cmd) throws IOException{
            Runtime r = Runtime.getRuntime();
            Process p = null;
            p = r.exec(cmd);
            FileOutputStream outFos = null;
            FileOutputStream errFos = null;
            File out = new File("keytool_exe.out");
            out.createNewFile();
            File err = new File("keytool_exe.err");
            err.createNewFile();
            outFos = new FileOutputStream(out);
            errFos = new FileOutputStream(err);
            StreamSink outSink = new StreamSink(p.getInputStream(),"Output", outFos );
            StreamSink errSink = new StreamSink(p.getErrorStream(),"Error", errFos );
            outSink.start();
            errSink.start();
            int exitVal = 0;;
            try {
                 exitVal = p.waitFor();
            } catch (InterruptedException e) {
                 return -100;
            System.out.println (exitVal==0 ?  "certificate created" :
                 "A problem occured during certificate creation");
            outFos.flush();
            outFos.close();
            errFos.flush();
            errFos.close();
            out.delete();
            err.delete();
            return exitVal;
       public static void main (String[] args) throws
            KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException{
            createKey();
  import java.io.BufferedReader;
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.InputStreamReader;
  import java.io.OutputStream;
  import java.io.PrintWriter;
  //Adapted from Mike Daconta's StreamGobbler at
  //http://www.javaworld.com/javaworld/jw-12-2000/jw-1229-traps.html?page=4
  public class StreamSink extends Thread
      InputStream is;
      String type;
      OutputStream os;
      public StreamSink(InputStream is, String type)
          this(is, type, null);
      public StreamSink(InputStream is, String type, OutputStream redirect)
          this.is = is;
          this.type = type;
          this.os = redirect;
      public void run()
          try
              PrintWriter pw = null;
              if (os != null)
                  pw = new PrintWriter(os);
              InputStreamReader isr = new InputStreamReader(is);
              BufferedReader br = new BufferedReader(isr);
              String line=null;
              while ( (line = br.readLine()) != null)
                  if (pw != null)
                      pw.println(line);
                  System.out.println(type + ">" + line);   
              if (pw != null)
                  pw.flush();
          } catch (IOException ioe)
              ioe.printStackTrace(); 
  import java.io.File;
  import java.io.FileInputStream;
  import java.io.FileNotFoundException;
  import java.io.FileOutputStream;
  import java.io.IOException;
  import javax.security.auth.x500.X500Principal;
  public class PrincipalInfo {
       private static String defInfoString = "CN=Name, O=Organization";
       //make it a singleton.
       private static class PrincipalInfoHolder{
            private static PrincipalInfo instance = new PrincipalInfo();
       public static PrincipalInfo getInstance(){
            return PrincipalInfoHolder.instance;
       private PrincipalInfo(){
       public X500Principal getPrincipal(){
            String fileName = "principal.der";
            File file = new File(fileName);
            if (file.exists()){
                 try {
                      return new X500Principal(new FileInputStream(file));
                 } catch (FileNotFoundException e) {
                      // TODO Auto-generated catch block
                      e.printStackTrace();
                      return null;
            }else{
                 return new X500Principal(defInfoString);
       public void savePrincipal(X500Principal p) throws IOException{
            FileOutputStream fos = new FileOutputStream("principal.der");
            fos.write(p.getEncoded());
            fos.close();
  }Message was edited by:
  MidnightJava
  Message was edited by:
  MidnightJava

• Why do I see multiple users with the same name as an output of "users"

  Recently, I found a peculiar thing when I typed "users" in the terminal. There were three users with the same name. After restart(power went down) I now see only one user there. Is this normal and why it can be happening? Why are there duplicate users sometimes?

  alphaniner wrote:
  Well now I'm confused. My xterm (xfce4-terminal) has that option disabled but I still get a user entry for each tab.
  OT: you can run who to get a better idea of what each user is associated with. Eg. with Xorg on tty1 and terminal open with two tabs:
  $ who
  testing tty1 2013-12-11 08:55
  testing pts/0 2013-12-11 08:55 (:0.0)
  testing pts/1 2013-12-11 15:51 (:0.0)
  Oh there is another option on mine besides "Run command as a login shell" called "Update login records when command is launched" I have them both disabled. Check for a second option maybe.

• What's the problem with having multiple users with the same UID?

  I've got three edit systems connected to the SAN using open directory off our server.
  I want all edit systems to have read/write access to everything created. I don't need to protect anything from any of the systems. With all three systems logged on using the same user, I never have to change permissions.
  The other cool thing about this is that Final Cut Pro will let me know if someone else is modifying a project that I have open with the warning:
  “The project "projectName" has been modified externally. If another user is working on it, saving will overwrite their changes. Do you still want to save?”
  This sounds great, right?
  RED FLAG!!!! Apple gives the warning in this article:
  http://docs.info.apple.com/article.html?artnum=302450
  "You should not allow two users with the same UID to access an Xsan volume at the same time."
  So why is it bad to have two (or more) users with the same UID?
  I can see that in some situations it means that you can't prevent people from read/write privileges. But I don't want to restrict privileges.
  What am I missing? With all of these warnings, it seems like if I do this my edit systems could all explode or something. Please help me understand the potential ramifications of having three users have the same UID.

  Hi Russell,
  1) If you have OD set up and "editor" has UID 1111, then when they log in to any machine that's bound to OD as editor, they will get UID 1111. Therefore, there won't be any of these permission errors. This is typically the recommended approach.
  2) I assume you mean "You'd prefer to not using open directory?" Whatever the case, OD isn't mandatory with Xsan -- it's just that with multiple user accounts, managing them centrally tends to be easier. For 3 or 4 accounts and 3 or 4 machines maybe it's no big deal. If you go larger, it could get a lot more complicated. That said, if you set it up such that each machine has the exact same set of users (as you said, Mary = UID 502, Fred = UID 503, William = UID 504), then you can do what you want. Mary can log in from multiple machines at the same time, and in general you won't have permissions problems. Of course, if you try and read and write the same file from multiple workstations at the same time, you will get file locking issues, which will prohibit somebody from successfully writing the file.
  File locking issues are different from general permissions errors. The former basically says "hey, someone else is editing this file. Therefore I won't let you edit it right now... you can read it if you want though." Permissions means somebody saves it, and Xsan thinks you saved it and own the file, when you really don't.
  Quad-Core PMG5, 4 GB RAM, 7800 GT, 1 TB disk.   Mac OS X (10.4.4)  

• How can i create a new user with only read rights ?

  How can i create a new user with only read rights ?

  You are asking about a Database User I hope.
  You can look into the Oracle 8i Documentation and find various privillages listed.
  In particular, you may find:
  Chapter 27 Privileges, Roles, and Security Policies
  an intresting chapter.
  You may want to do this with the various tools included with 8i - including the
  Oracle DBA Studio - expand the Security node and you can create USERS and ROLES.
  Or use SQL*Plus. To create a
  user / password named John / Smith, you would login to SQL*Plus as System/manager (or other) and type in:
  Create user John identified by Smith;
  Grant CONNECT to John;
  Grant SELECT ANY TABLE to John;
  commit;
  There is much more you can do
  depending on your needs.
  Please read the documentation.
  -John
  null

• How to map the bulk users with the required  roles in portal at one time

  Hi,
  Would anyone tell me how to map the bulk users with the required roles in portal at one time?

  Thanks for all the reply.
  <b>I need to assign 1 or 2 group to n((eg) 1000)number of users</b>
  I tried the first option like
  [group]
  gid=
  gdesc=
  user=
  Thr problem with this is I could n't put more no of users in the notepad.
  I would be able to put only 150 users in the single line of notepad. If it goes to next line it is not working.
  I tried creating seperate notepad but in Import it says "exists"
  I'm not sure about LDAP. Would anyone explain me the best approach to do this.

• Create a new user with Privileges to execute Seeded API's

  Hi,
  We have a requirement from our client, they want to create a new user with Privileges to execute Seeded API’s,
  So they dont want to execute using APPS user.
  We want to know is it possible to have a new user for executing seeded API's and if so what all priveleges we need to have.
  We are on 12.1.3 with 11.2.0.3  two node RAC Database on Exadata and Exalogic servers.
  Waiting for your suggestions and replies.
  Thanks

  Hi,
  Plz update this forum,
  and give me a suggestion at the earliest,
  Waiting for your valuable advice.
  Thanks

• 2 Users with the same name/shortname on the same machine

  Hello,
  What will happen if:
  There is a local user called Bob and a network user on a server called Bob? Before you even post anything, please let me know if you have actually SEEN this before. I know something will happen, I just don't know what. Again, 2 different users with the same name. YES it is possible to create, but I have not tested it yet. One home is on the local machine and the other is a network home directory. I didn't post this in the server section for this reason...the question is about a client machine running 10.5.4 not server, so it belongs here! Thanks to all who help and my guess is a dialog box pops up with a choice of network or local? Not sure, but it is going to be quite an interesting topic.

  Thank you both. It seems I need to test this because it doesn't seem anyone has ever run into this situation. The first thing I need to ask is will it do any damage to the system files if a user logs in with the same resolving name?I know I know the UIDs are different, but maybe have the same shortname? Not sure if it will work. The network users authenticate via LDAP and the server is set to an Open Directory Master. Now as for the client machine:
  #1 - If I create both test users (local and network), will I be able to set the network as a Mobile Home Directory even though there is an existing home folder for the local user?
  #2 - I want one specific user to have the same login name and password, but a different login "reaction" when the user logs in depending on the location. For example, I have a current network user Bob, password 1234 who is logged in and connected to the server. He finishes working on his project at the office and then goes home for the day. When he gets home, I want his to be able to login with the user name Bob, connecting to the local account on his machine. I DO NOT want to user PHDs, but rather have two separate home folders for the same resolving login user name! I know it is a lot to ask for but, here is my next question...
  #3 - If I create two different home folders for the same resolving name, but they are accessed in two different locations, one with a server LDAP authentication and one locally (127.0.0.1), will it work?
  I really appreciate the replies, but I am looking for more of straight forward answers rather than an example and background information. Thank you.

• CUA - Creating a test user with profile

  Hi All,
         I just set up the CUA in our newly installed solution manager which is the central system and another sandbox system with three  clients as the child systems.
  I referred to the follwoing for the setup:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/cc/50b43be7492354e10000000a114084/frameset.htm
  One of the tests for checking the setup is to create a test user with profiles in the central system and distribute it to the child systems. I did the text comparision and saved the user; i still cannot see the user in the child systems.
  I checked SCUL and BD87. SCUL shows me grey. BD87 do not show any IDOC that were transferred.
  Could anyone help/direct me in fixing this.
  Thanks
  Shabna

  Hi,
      To make the test simpler I tried it again sending the test user to only one of the child systems. The RFCs between the systems are working fine. I checked /BD64, it shows the whole set up.
  When I check /BD87 of the central system I see the following error:
  "Could not find code page for receiveing system".
  Diagnosis
  For the logical destination XXXCLNTXXX, you want to determine the code page in which the data is sent with RFC. However, this is not currently possible, and the IDoc cannot yet be dispatched.
  Procedure for System Administration
  Possible causes are:
  1. The entry no longer exists in the table of logical destinations.
  2. The target system could not be accessed.
  3. The logon language is not installed in the target system.
  I can see the central system as well as the child systems in the logical systems table. And the RFC destination does note shown any errors in the connection as well as authorization test. What else do I check?
  Thanks
  Shabna

• Error in Associating the Oracle Cache Administration user with the Cache Database

  hi good eve,
  i have done Configuration on the Oracle Database such as
  1.create tablespace ttusers
  2.running initCacheGlobalSchema.sql
  3.creating cache administration user with username cacheadm
  4.running grantCacheAdminPrivileges.sql
  5.granting object privileges on tables to cacheadm
  on Setting Up a Cache Database
  i already created cache database my_ttdb
  here i created and granted the cacheadm user as admin
  then
  {code}
  Command> connect "dsn=my_ttdb;uid=cacheadm;oraclepwd=cacheadm";
  Enter password for 'cacheadm':
  Connection successful: DSN=my_ttdb;UID=cacheadm;DataStore=C:\TimesTen\DataStoreP
  ath\my_ttdb;DatabaseCharacterSet=AL32UTF8;ConnectionCharacterSet=US7ASCII;DRIVER
  =C:\TimesTen\TT1122~1\bin\ttdv1122.dll;LogDir=C:\TimesTen\logs;PermSize=40;TempS
  ize=32;TypeMode=0;OracleNetServiceName=XE;
  (Default setting AutoCommit=1)
  con1: Command> call TTCACHEUIDPWDSET('cacheadm','cacheadm');
  5220: Permanent Oracle connection failure error in OCIServerAttach(): ORA-12154
  : TNS:could not resolve the connect identifier specified rc = -1
  5935: Could not validate Oracle login: uid = CACHEADM, pwd = HIDDEN, OracleNetS
  erviceName = XE, TNS_ADMIN = "C:\TimesTen\TNS_AD~1", ORACLE_HOME= ""
  The command failed.
  {code}
  can you please help in solving this problem sir....
  thanking you,
  prakash

  THe main issue is this:
  TNS:could not resolve the connect identifier specified rc = -1
  TimesTen is not able to resolved the TNS name 'XE'. You need to be sure that (a) your TimesTen instance is correctly configured with the correct value for TNS_ADMIN. This should have been specified at install time but if not you can change it by running ttModInstall as the instance administrator. You will need to shutdown the main daemon and re-start it after making this change. Also, all users who will access Timesten need to have the environment variable TNS_ADMIN, set to the right value, present in their environment.
  Chris

• One User gets error Message saving an Incident, another user with the same rigthts not

  Hi there,
  We have a user sometimes getting an error message (see beyond) when saving an Incdient eg. only modified the descrition field. The user is able to create, update and resolve all other incidents. The user also may have changed this incident before.
  When we use an other user with the same rigths, this user is allowed to modify the description field (and others)
  We tested: The behavoir does not change for the first user, after the second user changed something.
  It's not the workflow for the first assigned to date
  No other user tries to use this incidents
  We have a custom field, but it is not used in this case (so I know Romans SQL
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/401c8083-cd4d-4a74-b300-74f18caaa6a3/kb-2525307-for-2012?forum=systemcenterservicemanager)
  Had a "powershell look" at the incident, but I did not see something "special" about this incident.
  Anyone an idea, where to look at?
  Finaly the Error Message:
  Date: 11.02.2014 09:58:48
  Application:
  Application Version: 7.5.2905.0
  Severity: Error
  Message:
  Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user DOM\xxxxx does not have sufficient permission to perform the operation.
     at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
     at Microsoft.EnterpriseManagement.Common.Internal.ConnectorFrameworkConfigurationServiceProxy.ProcessDiscoveryData(Guid discoverySourceId, IList`1 entityInstances, IDictionary`2 streams, ObjectChangelist`1 extensions)
     at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitInternal(EnterpriseManagementGroup managementGroup, Guid discoverySourceId, Boolean useOptimisticConcurrency)
     at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.Commit(EnterpriseManagementGroup managementGroup)
     at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.EnterpriseManagementObjectProjectionWriteAdapter.WriteSdkObject(EnterpriseManagementGroup managementGroup, IList`1 sdkObjects, IDictionary`2 parameters)
     at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.SdkWriteAdapter`1.DoAction(DataQueryBase query, IList`1 dataSources, IDictionary`2 parameters, IList`1 inputs, String outputCollectionName)
     at Microsoft.EnterpriseManagement.UI.ViewFramework.SingleItemSupportAdapter.DoAction(DataQueryBase query, IList`1 dataSources, IDictionary`2 parameters, IList`1 inputs, String outputCollectionName)
     at Microsoft.EnterpriseManagement.UI.DataModel.QueryQueue.StartExecuteQuery(Object sender, ConsoleJobEventArgs e)
     at Microsoft.EnterpriseManagement.ServiceManager.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)
  Patrick Wahlmüller

  take a look at
  this similar issue and see if the same process can help with your issue.

• How to find login user with the largest account

  Hello. I'm looking to put together a bash script that can do two things: (1) determine the shortname of the user with the largest account in /Users and (2) look up their full/long name. I'm going to use this script to help identify who the user on a computer and while I know that's possible that a sometime-user may have a larger account than the normal-user on any given computer, the results of a script should be sufficient in most cases for my needs.
  I'm not sure the best way to around this. I know that I can use "du -m -d1 /Users" as root:
  root on torchwood
  [ ~ ]$ du -m -d1 /Users
  157 /Users/admin
  128 /Users/johndoe
  70890 /Users/dancollins
  21746 /Users/Shared
  92920 /Users
  I know that I can also use "dscacheutil -q user" to get a full list of all users on a system.
  How can I get both the short and long name of the user with the largest account in the /Users folder?

  We're running JAMF Recon for inventory and my supervisor wants to create a report that lists the primary user of the Mac... assuming that the largest user account may be the primary user. In this case, disk space is not the issue, the top admins simply would like to be able to associate names with individual machines. This isn't the most elegant way to do it and it's not fool-proof, but it'll be correct more often than not, which they're satisfied with.
  Can I ask one more question? Using your script, I've started testing with one building and on a number of Mac, the "admin" (shortname) account is turning out to be the largest account. Is there a way to exclude the admin account from consideration?
  Thanks...

• There are multiple users with the same display name

  Hi,
  We have a user and when she get an item assigned to her she sees the following alert:
  "There are multiple users with the same display name USERNAME and at least one of them does not have read permissions to some of the files"
  Now I looked in the database and when I run the following query with the username:
   SELECT     
       [ProviderDisplayName]  
      ,[DisplayName]  
      ,[HasDisplayName]  
      ,[Domain]  
      ,[AccountName]  
      ,[UniqueUserId]  
      ,[LastSync]  
    FROM [Tfs_Configuration].[dbo].[tbl_Identity] where displayname like '%USERNAME%'  
  Then I get 2 same usernames back, How can I get rid of one of them ? When I access TFS trough the portal I only find 1 occurence of this user.
  We use VS2013 and TFS2013 update 4
  Best regards

  Hi DSW,  
  Thanks for your post.
  In your query result, please check if these two users have the same Account Name. if they are two different Account Name in result, it indicate there’s two users have the same display name in your AD, please check that two users’ information in
  your AD. We suggest change one user’s display name in AD.  
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Is there a way to create a flipping book with the flipping 5k adobe software?

  Am I the only one pissed with the f adobe products?
  Is there a way to create a flipping book with the flipping 5k adobe software? Is it Flash, etc?
  Thanks

  Maybe a forum search on "Windows registry" would turn up some useful things. You're not the first to ask this. You might save yourself and everyone else some time if you'd simply do that.