Creating Users with RDBMS realm

Similar Messages

• Problem creating user in RDBMS realm Using com.bea.wlpi.rdbmsrealm.RDBMSRealm

  Hi,
  I am currently using WLI 2.0 SP2 installation. Here is a very unusual thing I
  noticed. Can somebody tell me what is going on ???
  1 : I have set up the security realm as indicated in the config.xml file. As far
  as I understand, the caching realm entry has attribute pointing to the wlpiRDBMSRealm,
  which is a RDBMS implementation from the WLI 2.0 SP2 distribution.
  2: I start the server, open the WLS console, and create a new user through the
  console. I get no error message and it seems to work fine. ( I also click on the
  save it to database link, and it returns with msg that cache is refreshed ).
  3: I see an entry in the fileRealm.properties file, but no record is inserted
  in the WLSUSER table in the database.
  Since the RDBMS realm (from WLI distribution) is defined as basic
  realm implementation, should it not insert entry into the database, instead of
  the file realm.
  Is this a general problem ( any RDBMS realm ) or is it specific to the WLI ?
  Is there anything that I have not configured here that is causing this behavior
  Is it just refreshing the cache instead of inserting record in DB ?
  Why should it insert entry into fileRealm.properties ?
  Thanks,
  Girish
  [noaa1.zip]

  Hi,
  I turned on the caching realm through the WLS Console, (Security).
  After this I get a very unusual error, which seems to be comming
  from the RDBMS implementation class (from WLI 2.0 SP2 distribution).
  Here is the msg that I get while WLS server boots (the WLS server boots ok, but
  WLPI does not initialize) ....
  Unable to initialize WebLogic Process Integrator:
  SQL Exception: ResultSet not open, operation 'next' not permitted. Verify that
  autocommit is OFF.
  at c8e.k.j.l_(Unknown Source)
  at c8e.k.j.l_(Unknown Source)
  at c8e.k.j.j_(Unknown Source)
  at c8e.k.n.checkIfClosed(Unknown Source)
  at c8e.k.n.movePosition(Unknown Source)
  at c8e.k.n.movePosition(Unknown Source)
  at c8e.k.n.next(Unknown Source)
  at com.bea.wlpi.rdbmsrealm.RDBMSDelegate.getGroup(RDBMSDelegate.java:425)
  at com.bea.wlpi.rdbmsrealm.RDBMSRealm.getGroup(RDBMSRealm.java:235)
  at weblogic.security.acl.CachingRealm.getGroup(CachingRealm.java:1120)
  at weblogic.ejb20.deployer.SecurityRoleMapping.lookupPrincipal(SecurityRoleMapping.java:243)
  at weblogic.ejb20.deployer.SecurityRoleMapping.getSecurityRolePrincipals(SecurityRoleMapping.java:96)
  at weblogic.ejb20.deployer.SecurityRoleMapping.getSecurityRolePrincipals(SecurityRoleMapping.java:128)
  at weblogic.ejb20.deployer.SecurityRoleMapping.isPrincipalInAnyRole(SecurityRoleMapping.java:174)
  at weblogic.ejb20.deployer.MethodInfoImpl.checkAccess(MethodInfoImpl.java:214)
  at weblogic.ejb20.internal.MethodDescriptor.checkAccess(MethodDescriptor.java:285)
  at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:90)
  at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:55)
  at com.bea.wlpi.server.plugin.PluginManagerCfgBeanEOImpl.init(PluginManagerCfgBeanEOImpl.java:1301)
  at com.bea.wlpi.server.initlistener.InitListenerBean.onMessage(InitListenerBean.java:151)
  at weblogic.ejb20.internal.MDListener.execute(MDListener.java:221)
  at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:175)
  at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:1933)
  at weblogic.jms.client.JMSSession.execute(JMSSession.java:1892)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
  at weblogic.kernel.Kernel.execute(Kernel.java:250)
  at weblogic.jms.client.JMSSession.pushEnvelope(JMSSession.java:1779)
  at weblogic.jms.client.JMSCallback.pushEnvelope(JMSCallback.java:69)
  at weblogic.jms.frontend.FESession.execute(FESession.java:1972)
  <Aug 22, 2001 11:56:01 AM MDT> <Notice> <WebLogicServer> <WebLogic Server started>
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  --------------- nested within: ------------------
  com.bea.wlpi.rdbmsrealm.RDBMSException: caught SQL exception - with nested exception:
  [SQL Exception: ResultSet not open, operation 'next' not permitted. Verify that
  autocommit is OFF.]
  at com.bea.wlpi.rdbmsrealm.RDBMSRealm.getGroup(RDBMSRealm.java:242)
  <Aug 22, 2001 11:56:01 AM MDT> <Notice> <WebLogicServer> <ListenThread listening
  on port 7101>
  at weblogic.security.acl.CachingRealm.getGroup(CachingRealm.java:1120)
  at weblogic.ejb20.deployer.SecurityRoleMapping.lookupPrincipal(SecurityRoleMapping.java:243)
  at weblogic.ejb20.deployer.SecurityRoleMapping.getSecurityRolePrincipals(SecurityRoleMapping.java:96)
  at weblogic.ejb20.deployer.SecurityRoleMapping.getSecurityRolePrincipals(SecurityRoleMapping.java:128)
  at weblogic.ejb20.deployer.SecurityRoleMapping.isPrincipalInAnyRole(SecurityRoleMapping.java:174)
  at weblogic.ejb20.deployer.MethodInfoImpl.checkAccess(MethodInfoImpl.java:214)
  at weblogic.ejb20.internal.MethodDescriptor.checkAccess(MethodDescriptor.java:285)
  at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:90)
  at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:55)
  at com.bea.wlpi.server.plugin.PluginManagerCfgBeanEOImpl.init(PluginManagerCfgBeanEOImpl.java:1301)
  at com.bea.wlpi.server.initlistener.InitListenerBean.onMessage(InitListenerBean.java:151)
  at weblogic.ejb20.internal.MDListener.execute(MDListener.java:221)
  at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:175)
  at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:1933)
  at weblogic.jms.client.JMSSession.execute(JMSSession.java:1892)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
  at weblogic.kernel.Kernel.execute(Kernel.java:250)
  at weblogic.jms.client.JMSSession.pushEnvelope(JMSSession.java:1779)
  at weblogic.jms.client.JMSCallback.pushEnvelope(JMSCallback.java:69)
  at weblogic.jms.frontend.FESession.execute(FESession.java:1972)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  "Girish Gupte" <[email protected]> wrote:
  >
  >
  >
  Hi,
  I am currently using WLI 2.0 SP2 installation. Here is a very unusual
  thing I
  noticed. Can somebody tell me what is going on ???
  1 : I have set up the security realm as indicated in the config.xml file.
  As far
  as I understand, the caching realm entry has attribute pointing to the
  wlpiRDBMSRealm,
  which is a RDBMS implementation from the WLI 2.0 SP2 distribution.
  2: I start the server, open the WLS console, and create a new user through
  the
  console. I get no error message and it seems to work fine. ( I also click
  on the
  save it to database link, and it returns with msg that cache is refreshed
  3: I see an entry in the fileRealm.properties file, but no record is
  inserted
  in the WLSUSER table in the database.
  Since the RDBMS realm (from WLI distribution) is defined as basic
  realm implementation, should it not insert entry into the database, instead
  of
  the file realm.
  Is this a general problem ( any RDBMS realm ) or is it specific to the
  WLI ?
  Is there anything that I have not configured here that is causing this
  behavior
  Is it just refreshing the cache instead of inserting record in DB ?
  Why should it insert entry into fileRealm.properties ?
  Thanks,
  Girish

• Problem in creating users with password restrictions

  I have enabled the following option in the Authentication>Enterprise tab of CMC.
  Must contain at least N Characters and specified N as 7
  Enforce mixed-case passwords
  However I am able to create user with password as abcd.
  Please suggest.
  Thanks in Advance

  I might be missing something but the rule applies to users changing their pw not administrators creating accounts. If the administrator sets this rule it would be thought/assumed that they would enforce their own rule when creating accounts. The users however should not be able to select 4 character passwords.
  I'll run some tests and see if I find out anything different.
  Tested this on XIR2 SP4 and XI 3.0 The rules apply to the user not the administrator creating the account.
  So create an account while the 7 character pw is enabled. By default the user logs in with the pw (any amount of characters) and is prompted to change their pw. They cannot choose anything less than 7 characters. So unless an administrator creates an account with a password less than 7 characters AND deselects the option to force a pw change. All new users will be forced to select a 7 character password.
  This is by design. If it forced the administrator to create accounts without a 7 character pw they could simply deselect the options(as administrators) so there is no security in forcing this.
  Regards,
  Tim
  Edited by: Tim Ziemba on Aug 13, 2008 5:28 PM
  Edited by: Tim Ziemba on Aug 13, 2008 5:33 PM

• Create user with select privilege only one schema

  can someone tell me how i can create user with select priviliges only one schema.
  i don't want the user to have any select privileges with other schema.
  can someone advise me.
  Thansk

  In general, you would do something like
  CREATE ROLE abc_read_only;
  FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
  END LOOP;
  CREATE USER your_user ...;
  GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
  Justin

• Creating user with extension mobility on prime provisioning 10.5

  Hi All,
  Does anyone know any document or have any expirenece on creating user with extension mobility on prime provisioning 10.5?
  I'm facing challenges on it, appreciate if you have any document or experience to share with me.
  Thanks,
  Cherry

  What sort of issues are you facing?
  I'm also having problems, but I think it is system related.
  CUCM is LDAP synced.
  When PCP tries to provision Extension Mobility Access, it actually seems to be trying to update the user on CUCM (via AXL) (this fails as it is an LDAP user and the values come from LDAP and cannot be updated)
  I've got a tac case open.
  Bug details are currently hidden - CSCuo11522 - but this one is extension mobility provisioning issue
  There was also mention of another bug related to failures to provision users with directory URI's in their LDAP record. I didn't catch a bug ID for this one though.
  Cheers,
  Tim

• Can't create user with Delegated Administrator Console! Thank you!

  I have installed JES2005Q4 (include Deirectory Server&#12289;Access Manager&#12289;Web Server&#12289;Messaging Server&#12289;Calendar Server&#12289;Instant Messaging&#12289;Communications Express and Delegated Administrator) ,
  i can create domain and user with "commadmin" command, but can't create user with Delegated Administrator console.
  When i checked the logs of the Web Server, found some errors:
  [04/Feb/2006:11:55:25] failure (12015): for host 192.168.182.130 trying to POST /da/wizard/WizardWindow, service-j2ee reports: ApplicationDispatcher[da] WEB2649: Servlet.service() for servlet jsp threw exception
  javax.servlet.ServletException
       at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:536)
       at jsps.com_sun_web_ui._jsp._wizard._WizardWindow_jsp._jspService(_WizardWindow_jsp.java:559)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
       at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
       at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
  ----- Root Cause -----
  javax.servlet.jsp.JspException
       at com.sun.web.ui.taglib.wizard.CCWizardTag.getWizardPageHTML(CCWizardTag.java:1577)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.appendPageletBodyContentHTML(CCWizardTag.java:668)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.appendWizardBodyHTML(CCW
  [04/Feb/2006:11:55:25] failure (12015): for host 192.168.182.130 trying to POST /da/wizard/WizardWindow, service-j2ee reports: WEB2798: [da] ServletContext.log(): [ERROR] Uncaught application exception
  com.iplanet.jato.NavigationException: Exception encountered during forward
  Root cause = [javax.servlet.jsp.JspException]
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
  Root cause:
  javax.servlet.jsp.JspException
       at com.sun.web.ui.taglib.wizard.CCWizardTag.getWizardPageHTML(CCWizardTag.java:1577)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.appendPageletBodyContentHTML(CCWizardTag.java:668)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.appendWizardBodyHTML(CCWizardTag.java:658)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.getHTMLStringInternal(CCWizardTag.java:469)
       at com.sun.web.ui.taglib.common.CCTagBase.doEndTag(CCTagBase.java:114)
       at jsps.com_sun_web_ui._jsp._wizard._WizardWindow_jsp._jspService(_WizardWindow_jsp.java:260)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
       at org.apache.catalina.co
  [04/Feb/2006:11:55:26] failure (12015): for host 192.168.182.130 trying to POST /da/wizard/WizardWindow, service-j2ee reports: StandardWrapperValve[WizardWinServlet]: WEB2792: Servlet.service() for servlet WizardWinServlet threw exception
  javax.servlet.ServletException: Uncaught exception
       at com.iplanet.jato.ApplicationServletBase.onUncaughtException(ApplicationServletBase.java:1415)
       at com.sun.comm.da.WizardWinServlet.onUncaughtException(WizardWinServlet.java:98)
       at com.iplanet.jato.ApplicationServletBase.fireUncaughtException(ApplicationServletBase.java:1164)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:639)
       at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
  ----- Root Cause -----
  com.iplanet.jato.NavigationException: Exception encountered during forward
  Root cause = [javax.servlet.jsp.JspException]
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain

  Now i want to update the Delegated Administrator with the 119778-09.jar patch, but the error show:
  Unable to open keystore </var/sadm/security/patchadd/trustore> for reading.
  Signature invalid on signed patch <119778-09>.

• Creating New Users for RDBMS realm

  I am currently creating new users in the RDBMS realm
  by an EJB that will insert into the "Users" table. Is this
  the correct way to create users or should I be calling
  methods on classes in examples.security.RDBMSRealm?
  Thanks
  Bill.

  Thanks a lot for the guideline.
  I can able to create multiple users using Import option of the user administration but i have one more question regarding the same.
  What about the password setting of these newly created users. Or can the set the password field in test file?? Because when we export the user, it is not showing any Password field.
  Thanks & Regards,
  Prashant

• Create User With JMX

  Attempting to invoke the createUser operation (using Version 10.0) is resulting in:
  Runtime Exception while calling invoke. Invoking management operations on Realm, UserLockoutManager and Security Provider MBeans via Edit MBeanServer is illegal.
  I can see nothing in the docs that says this opertaion is not permitted. Is there an example somewhere of code that successfully does this in case I'm missing something?

  Hi Gabi,
  oops, sent that previous post by accident before I was done... <grin>
  Here is how you want to do it programmatically
  BasicRealm realm = Security.getRealm(); //weblogic.sercurity.acl
  ListableRealm realmDump = null;
  //cast the realmDump to ListableRealm so we can call methods like newUser, newGroup, etc.
  try {
  realmDump = (ListableRealm)realm;
  } catch (Throwable t) {
  System.out.println("Could not cast realm to realmdump -- the realmClass is not a
  ListableRealm");
  out.print("Could not cast realm to realmdump -- the realmClass is not a
  ListableRealm");
  //now you can call any ListableRealm method off of realmDump
  //for example....
  Enumeration enum = realmDump.getGroups();
  That should do it. You could put that code in a servlet or JSP and it will work just fine.
  I'm not sure exactly what packages you need to import, other than the fact that
  weblogic.security.* will be a must
  Cheers,
  Joe Jerry
  Gabi wrote:
  Hi,
  In a production environment, where there is a need to set the environment in a
  transparent way (to the user), is it possible to create User/Group/ACL programmatically?
  that is, for instance, using the management extension (JMX) to get a security
  MBean with a "create user" operation.
  cheers,
  Gabi,

• Create user with DBA privileges with a restriction to access user data

  Hi
  I need to create a user with all DBA privileges with a restriction to access all user schemas
  Thanks,
  Balaji

  Use Database Vault - http://download.oracle.com/docs/cd/E11882_01/server.112/e16544/toc.htm
  HTH
  Srini

• Create Users with Mail enabled in dscl or command line

  I have figured out how to use the dscl to add a user.
  example:
  $ sudo dscl . create /users/rothman uid 701
  $ sudo dscl . create /users/rothman gid 20
  $ sudo dscl . create /users/rothman realname "Ernest Rothman"
  $ sudo dscl . create /users/rothman passwd \*
  I went as far as to launch WorkGroup manager to enable Mail.
  The following gave me the key values:
  dscl . read /Users/test MailAttribute > mailsettings.txt
  When I try to replace from the txt file. WorkGroup Manager than believes the Mail is not enabled.
  How do I use dscl or a terminal command to enable the user with mail server and to use IMAP Only?
  I do not want to always have to remotely connect to launch Workgroup Manager to enable mail for new users.
  I hope you can help for I am new dscl or even NetInfo command line tools.
  I have tried these, but I guess it does't like how it is being restored into that property.
  dscl . create /Users/test MailAttribute `< mailsettings.txt`
  <?xml version="1.0" encoding="UTF-8"?>
  <dict>
  <key>kAPOPRequired</key>
  <string>APOPNotRequired</string>
  <key>kAltMailStoreLoc</key>
  <string></string>
  <key>kAttributeVersion</key>
  <string>Apple Mail 1.0</string>
  <key>kAutoForwardValue</key>
  <string></string>
  <key>kIMAPLoginState</key>
  <string>IMAPAllowed</string>
  <key>kMailAccountLocation</key>
  <string>192.168.181.132</string>
  <key>kMailAccountState</key>
  <string>Enabled</string>
  <key>kPOP3LoginState</key>
  <string>POP3Deny</string>
  <key>kUserDiskQuota</key>
  <string>0</string>
  </dict>
  I have also tried appending by doing something like this.
  dscl . create /Users/test MailAttribute '<?xml version="1.0" encoding="UTF-8"?>’
  dscl . append /Users/test MailAttribute ‘<dict>’
  dscl . append /Users/test MailAttribute ‘<key>kAPOPRequired</key>’
  dscl . append /Users/test MailAttribute ‘<string>APOPNotRequired</string>’
  dscl . append /Users/test MailAttribute ‘<key>kAltMailStoreLoc</key>’
  dscl . append /Users/test MailAttribute ‘<string></string>’
  dscl . append /Users/test MailAttribute ‘<key>kAttributeVersion</key>’
  dscl . append /Users/test MailAttribute ‘<string>Apple Mail 1.0</string>’
  dscl . append /Users/test MailAttribute ‘<key>kAutoForwardValue</key>’
  dscl . append /Users/test MailAttribute ‘<string></string>’
  dscl . append /Users/test MailAttribute ‘<key>kIMAPLoginState</key>’
  dscl . append /Users/test MailAttribute ‘<string>IMAPAllowed</string>’
  dscl . append /Users/test MailAttribute ‘<key>kMailAccountLocation</key>’
  dscl . append /Users/test MailAttribute ‘<string>192.168.181.132</string>’
  dscl . append /Users/test MailAttribute ‘<key>kMailAccountState</key>’
  dscl . append /Users/test MailAttribute ‘<string>Enabled</string>’
  dscl . append /Users/test MailAttribute ‘<key>kPOP3LoginState</key>’
  dscl . append /Users/test MailAttribute ‘<string>POP3Deny</string>’
  dscl . append /Users/test MailAttribute ‘<key>kUserDiskQuota</key>’
  dscl . append /Users/test MailAttribute ‘<string>0</string>’
  dscl . append /Users/test MailAttribute ‘</dict>’

  Got it to take as a single statement.
  dscl . create /users/test applemail "<?xml version='1.0' encoding='UTF-8'?> <dict> <key>kAPOPRequired</key> <string>APOPNotRequired</string> <key>kAltMailStoreLoc</key> <string></string> <key>kAttributeVersion</key> <string>Apple Mail 1.0</string> <key>kAutoForwardValue</key> <string></string> <key>kIMAPLoginState</key> <string>IMAPAllowed</string> <key>kMailAccountLocation</key> <string>192.168.181.132</string> <key>kMailAccountState</key> <string>Enabled</string> <key>kPOP3LoginState</key> <string>POP3Deny</string> <key>kUserDiskQuota</key> <string>0</string> </dict>"
  Doing the above showed in WorkGroup manager and I tested and the user received a email, so now I can automate adding users without needing the GUI. *Just to note you still have to setup mail services and your virtual, aliases files for postfix. This is just so the user is opened up to be allowed to receive email in the first place.
  I still could not seem to pipe a file into dscl command even though the file was a single line of text. I had planned to embed this in a single command so no big deal.

• Create user with User ID like A123456.

  Hi,
  We have requirement that all user ID must be starting with alphabet and than appended with six digits like Z345678.
  So, please suggest how can we force in create user page the above restriction. And if user violates this rule we want to generate error message.
  Thanks

  Hi,
  There are two option to achieve the same....
  First one to let the user enter the user id in the fomat, and make the adapter which will check the whether the userid in desired format or not, and if any user voilate that error message will be displayed.
  Just go through the design guide to know more about the erros and how we can put in the adpters.
  Second option, let the user enter any id and genetate the user id through entity adapter under pre-insert as per desired format.
  Let me know if you have any question for the same.
  Regards
  Alabhya Goel

• Create user with dba privileges

  How do I create a user with DBA privileges in Oracle? The user should be able to create, insert, delete, truncate and other functions without any limits. Do I have to issue GRANT statements?

  Hi,
  I don't believe there's any way to create a user and grant privileges in one command.
  First, create the user:
  CREATE USER  foo  IDENTIFIED BY  bar;Then grant the privileges. There's a pre-defined role called DBA that has all the privileges you mentioned.
  GRANT  dba  TO  foo;It's easy to write a script to do these two commands together, so you could say
  @CREATE_USER  foo  bar  dba

• OIM 11g create user with API - double resources

  Hello.
  We have a custom web client for creating a user in OIM. When we create a user with the OOTB web app (formerly xlWebApp), it creates the user and the Access Policies work correctly to give the user one of each resource.
  When we create the user with the API from our custom web app, it tries to assign 2 of each resource to the new user. Has anyone seen this behavior before? Thank you.

  Bump Thanks.

• Unlocking user in RDBMS realm of portal

  Hi All,
  Does any body know where the information of a user being locked is stored in case
  oif RDBMS Realm ? In portal server, some user is locked b'coz of wrong password
  and I tried unlocking from weblogic console, but didn't work. Does any body having
  any idea on this ?
  Any suggestion is welcome.
  TIA,
  Sudarson

  Hi All,
  Does any body know where the information of a user being locked is stored in case
  oif RDBMS Realm ? In portal server, some user is locked b'coz of wrong password
  and I tried unlocking from weblogic console, but didn't work. Does any body having
  any idea on this ?
  Any suggestion is welcome.
  TIA,
  Sudarson

• Email notification of create user with password

  Hi all
  After creating user in oim with all details like user-id , password, user name,email....etc.
  The same information will be sent to his mail-id.
  Is OOTB template works for it, if yes which template i need to use
  Or if i go for custom which steps i have to follow
  Thanks in advance

  Hi,
  I am working on a similar use-case. It would be great if you could share the solution of this task if you have got it.
  I have figured out this much till now
  Create User Self Service Notification Template is used.
  Need to create a Mail Server IT Resource with the name Email Server as that is the default value in Email Server System Property.
  and we need to have RequestNotification system property as 1
  Let me know if i have missed out anything.
  Problem is after doin all these steps i am still not able to send the notification ...if you could help me out ...the log says unexpected error occured while sending the notification.