DHCP and LDAP at Login... possible?

Hi..
All my users use network homes and are working fine via static IPs and manual LDAP settings. (So why fix it, right?)
I want to try moving my clients to DHCP to simplify setups. I enabled DHCP and configured the options for IPs as well as the LDAP settings. On the clients I set to DHCP in network settings, and Auto assign DHCP LDAP in Directory Access.
Problem is, when clients boot up, they dont seem to get their DHCP assignment until after a user logs in, which prevents them from reading the LDAP unless a local user logs in to register DHCP.
Is there a way to force the client to register DHCP at the login window, rather than after logging in a [local] user?
Or am I misdiagnosing the problem?

Hi,
supplying LDAP information via DHCP works. The only issue is that it will take a while (up to 10 seconds or even longer) until a network user can login. So patience is the key!
Try this: in the loginwindow, click several times on the Bonjourname of you client. The displayed infomation (SN, ip address, etc) will change. There is a new info displayed about availability of network-accounts. It's bullet should be red right after loginwindow is launched, but turn green after a while if you use DHCP.
If it stays red, you have another issue, probably related to DHCP and the provided LDAP-info.
Oliver

Similar Messages

Profile server and ldap server login

To enable my portal to have anonymous login and skip the login menu, from the admin console, i've added "Membership" and "Ldap" under the interactive mode section. This is to allow Ldap or Membership authentication methods enabled at the anonymous page. I tried to use the default login channel to log into the portal using LDAP authentication, but it doesn't work. I can log into the portal via the login channel using "Membership" authentication method. But somehow i have no idea how to "integrate" my membership (profile) authentication with Ldap authentication. (Syncs between profile server and LDAP Server for user name and password). Anyone out there have any idea what went wrong here? Thanks a lot.

The sp3a release notes shows how you can modify the login channel to work with other authentication modules.
The sample given is for unix authentication to make that sample work for ldap authentication take a copy of that sample
cp display_iwtAuthUnix.html display_iwtAuthLdap.html
now look for form action and replace the form action from /login/Unix to /login/Ldap, now follow the instructions given in the sp3a release notes, replace unix with ldap everywhere and it should work ..

How to use DS 5.2 to create LDAP user ID and password to Login to Sun ONE I

Hi all,
I have just install Sun One Web server 6.1, Sun One Directory 5.2 and Sun One Instant Messaging 6.1 together on Win2K advance server. And I have successful launch Sun� ONE Instant Messenger.
But I can not know, how to create LDAP user ID and password to Login to Sun ONE Instant Messenger???
Could anyone help me to solve this problem?
I'm looking forward to receive your reply soon.
Thanks

Hi Tuo,
I think you better ask this in the forum where the ACS experts are, since this does not seem to be a problem on the ASA side.
hth
Herbert

Troubles with DHCP-supplied LDAP servers

Hello,
this feature does'nt work at all in my environment....
I've a openldap server (RFC 2307) and a couple of macs (newest leopard) which are working quite nice together for a while now.
It's a closed Network and want to get rid of the following commands, which I have to enter on each new mac:
sudo dsconfigldap -x -e -v -s -a ldap.mydomain.de -n "MYLDAP"
sudo dscl -q localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath
sudo dscl -q localhost -merge /Search CSPSearchPath /LDAPv3/ldap.mydomain.de
Instead i want to use the possibility to transmit the needed ldap-data using DHCP.
Therefore I've added the following lines to my dhcpd.conf-Server
option ldap-server code 95 = text;
option ldap-server “ldaps://ldap.mydomain.de:636/dc=mydomain,dc=de”;
Booting a mac I've got the following results:
bo-dhcp-228:~ sysadm$ ipconfig getpacket en1
op = BOOTREPLY
htype = 1
flags = 0
hlen = 6
hops = 0
xid = 276885973
secs = 0
ciaddr = 10.0.0.228
yiaddr = 10.0.0.228
siaddr = 10.0.0.78
giaddr = 0.0.0.0
chaddr = 0:1c:b3:b0:e2:d5
sname =
file =
options:
Options count is 9
dhcpmessagetype (uint8): ACK 0x5
server_identifier (ip): 10.0.0.78
lease_time (uint32): 0x5a0
subnet_mask (ip): 255.255.255.0
router (ip_mult): {10.0.0.1}
domainnameserver (ip_mult): {10.0.0.9}
domain_name (string): mydomain.de
ldap_url (string): ldaps://ldap.mydomain.de:636/dc=mydomain,dc=de
end (none):
So far so good.
But the ldap-server never got used.
dscl localhost list /LDAPv3 on the mac-client shows emtpy results, and
on the wire there is absolutely no traffic to ldap.mydomain.de.
In fact the mac-client completely
ignores the dhcp-provided settings. Of course I've enabled the
Setting "Add DHCP-supplied LDAP servers to automatic search policies" on
the client.
I've tried to trace the problem on the client-side by doing
sudo ipconfig setverbose 1
touch /Library/Preferences/DirectoryService/.DSLogAtStart
and looking into /Library/Logs/DirectoryService/DirectoryService.debug.log , /var/log/system.log
and /var/log/com.apple.IPConfiguration.bootp but there is no hint why the client is not using the published ldap-settings.
It must be some problem on the mac-side.
Can anybody give a hint howto solve this problem?
Thanks
Christian

I have not tried to set this up using the command line (as you described), but have in the past done it using "Server Manager" (on the server) and "Directory Access" on a Mac OS X 10.4.x client.
When I did this I found that Macs after booting would not show a list of network login acocunts (as they should have) and typically trying to login using 'other' would fail. Also typically after a minute or two (and several attempts) it usually did work. AppleCare's suggested workaround at the time was to not use DHCP to advertise the OpenDirectory but to instead manually define it on the clients (using Directory Access).
My belief as to why it did not work is that when a Mac boots, it enables its network interface, asks the DHCP server for an address (and the LDAP details) and then in theory should continue to boot and connect to the LDAP server. However I believe that the timing of these events is such that the Mac goes past the LDAP stage before it has finished the DHCP stage and as a result does not have the LDAP information in time. By manually defining the LDAP (OpenDirectory) server in Directory Access it is already known in advance and you avoid this problem.
I have seen nothing to suggest that Leopard is any different in this area (although my recollection is that Panther - Mac OS X 10.3) did not have this problem.
So I use a manually defined entry on all our computers, and I have incorporated this in to the standard disk image I use to build all the new computers.

Forte Classic and LDAP

Greetings,
I am in the process of assessing the amount of effort to have a Forte
application interface with Netscape's Directory Server. I know that the
Directory Server has a C SDK so a wrapper is possible. Has anyone else
attempted this using a C wrapper or otherwise?
Thanks in advance,
Phil

We have used the Netscape Directory SDK for C Version 3.0 and have written
and compiled some Digital Unix C code that calls out to the Netscape LDAP
shared library. We then built a Forte wrapper around this code and can now
call out from Forte to LDAP and get authentication results back etc.
It was however, something of a mission to get Forte on Digitial Unix 4
working with the Netscape code :
Netscape Unix Library is only 32 bit. Forte itself is compiled using 64 bit
option so the runtime loader cannot link ftexec to Netscape code without
crashing. So I have altered the way forte compiles partitions / libraries
on our Unix node using the -taso flag - so now its all running in 32 bit
address space - but only if we don't use ftexec to run the app. So I'm
compiling my C code, the forte library and the forte partition as 32 bit.
Cheers Dave.
At 04:06 PM 11/19/99 +0100, you wrote:
We built a Forté wrapper for a c API that implements the interface for an
Ldap client.
We download the documentation about Ldap c API from the Internet Engineering
Task Force and the Ldap Libraries from the University of Michigan.
We use the document rfc1823 that now is considered obsolete but the Ldap
Libraries delivered by the University of michigan were built using this
standard.
Feel free to contact me if you need some more information.
Hope this help.
Cheers, Max.
Massimiliano Delsante
O.T. Consulting S.r.l - www.otconsulting.com
Via della Previdenza Sociale N° 11 - 42100 - Reggio Emilia
Tel. +39 0522 271550 - Fax +39 0522 230710
-----Messaggio originale-----
Da: [email protected] <[email protected]>
A: [email protected] <[email protected]>
Data: venerdì 19 novembre 1999 15.52
Oggetto: (forte-users) Forte Classic and LDAP
Greetings,
I am in the process of assessing the amount of effort to have a Forte
application interface with Netscape's Directory Server. I know that the
Directory Server has a C SDK so a wrapper is possible. Has anyone else
attempted this using a C wrapper or otherwise?
Thanks in advance,
Phil
For the archives, go to: http://lists.sageit.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: [email protected]
For the archives, go to: http://lists.sageit.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: [email protected]
Dave Maclaurin
Database Administrator
ATS University of Otago
mailto:[email protected]
http://www.otago.ac.nz
Phone: +64 03 479 6545
Fax : +64 03 479 5080

Security using both rpd users and ldap

Hi,
I need 5 dummy users in rpd. I dont want to give them adminstrator previleges because they are not allowed to see everything in my dashboards. My authentication works using an LDAP server, is there any way I can let these dummy users login along with those in the LDAP server??

I dont think it is possible to use both BI server default authentication and LDAP. You can always have multiple LDAP servers to authenticate. You can request for 5 service accounts to be created in the LDAP for OBIEE, and assign the privileges accordingly so they will see only required dashboards.
Please award points if helpful,
Thanks,
-Amith.

Apple Airport Extreme Base Station for PPPoE, DHCP and NAT with ActionTec DSL modem

I just spent several hours trying to track down proper instructions for setting up my Apple AEBS to do the PPPoE, DHCP and NAT while connected to an ActionTec M1000 (no wireless module). It turns out my initial set ups on both devices were correct, but that the order for rebooting and reconnecting the two devices is critical. All of the threads I found on this forum and on many others suggested this was not possible, but it is. What I don't yet know is whether it is the best method for running my home network DSL connection to my ISP (CenturyLink).
The instructions I found that worked come courtesy of Brandon Konkle's blog and are both simple and clear: http://brandon.konkle.us/post/19637529637/centurylink-actiontec-q1000-airport-ex treme-bridge
The proper settings for the ActionTec DSL Modem can be found under Advanced Setup/IP Adressing/WAN IP Address
Click RFC 1483 Transparent Bridging then click on Apply.
(see also http://qwest.centurylink.com/internethelp/modems/m1000/pdf/M1000_BRIDGE.pdf )
To reduce time, do this BEFORE you reset your AEBS then set the AEBS so that you don't have to wait for the AEBS to reboot.
In contrast to what Brandon described for the Q1000 modem, my AEBS never reconnected to the modem (he describes his as getting an IP from his ISP, then dropping it then getting another over and over - mine never got an IP). Once you have reset both devices as described, the critical steps I have not found described elsewhere were:
1. Disconnect the power from both the modem and the Airport Extreme.
2. Disconnect the Ethernet cable between the two devices
3. Restore power to the 2 devices and allow them to fully reboot. For the ActionTec M1000, this is indicated when the lights stop blinking. (Note that the Internet light will NOT be lit in this instance since the modem is acting only as a bridge. You will NOT have an Internet connection until the AEBS is reconnected.) The AEBS will be blinking yellow.
4. Reconnect the Ethernet cable between the devices (make sure on the M1000 that you are using the connector with the circle icon over it, not the arrow icon).
Within about 60 seconds, the AEBS light went to steady green and the connection to the Internet was restored.
Now I have to see if this is a more stable configuration than the flaky one I had before while using the AEBS as a bridge and the M1000 to do everything.
Does anyone think or know if it will make a difference?
Message was edited by: Bud Shaw

Now I have to see if this is a more stable configuration than the flaky one I had before while using the AEBS as a bridge and the M1000 to do everything.
Does anyone think or know if it will make a difference?
No one can accurately predict in advance what the actual results might be. I've tried both ways with different products and cannot say that one method is better than the other. What works is best.
In theory, it is preferable to have the modem provide the PPPoE connection service since it is the device connected directly to the Internet.
In practice, results vary depending on the service provider, products used, phase of the moon, alignment of the planets, etc.

Weblogic Server 10.3.0 and LDAP authentication Issue

Hi - I have configured my WebLogic Server 10.3.0 for LDAP authentication (OID = 10.1.4.3.0) and so far the authentication works fine but I am having issue in terms of authorization.
I am not able to access the default web logic administrator console app using any of the LDAP user, getting Forbiden message.
It appears to me that the Weblogic Server is not pulling out the proper groups from the LDAP where user belongs too.
Can anyone please point me towards the right direction to get this resolved.
Thanks,
STEPS
Here are my steps I have followed:
- Created a group called Administrators in OID.
- Created a test user call uid=myadmin in the OID and assigned the above group to this user.
- Added a new Authentication Provider to the Weblogic and configured it what is required to communicate with OID (the config.xml file snipet is below)
<sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
<sec:name>OIDAuthentication</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
<wls:host>pmpdeva-idm.ncr.pwgsc.gc.ca</wls:host>
<wls:port>1389</wls:port>
<wls:principal>cn=orcladmin</wls:principal>
<wls:user-base-dn>ou=AppAdmins, o=gc, c=ca</wls:user-base-dn>
<wls:credential-encrypted>removed from here</wls:credential-encrypted>
<wls:group-base-dn>ou=IDM, ou=ServiceAccounts, o=gc, c=ca</wls:group-base-dn>
</sec:authentication-provider>
- Marked the default authentication provider as sufficient as well.
- Re-ordered the authentication provide such that the OIDauthentication is first in the list and default one is the last.
- Looking at the log file I see there are no groups returned for this user and that is the problem in my opinion.
<LDAP Atn Login username: myadmin>
<getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<authenticate user:myadmin>
<getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<authentication succeeded>
<returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<LDAP Atn Authenticated User myadmin>
<List groups that member: myadmin belongs to>
<getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
*<search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>*
*<Result has more elements: false>*
<returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<login succeeded for username myadmin>
- I see the XACML RoleMapper getRoles() only returning the Anonymous role as oppose to Admin (because the OID user is a part of Administrators group in OID then it should be returning Admin as fars I can tell. Here is the log entry that shows that:
<XACML RoleMapper getRoles(): returning roles Anonymous>
- I did a ldap search and I found no issues in getting the results back:
C:\>ldapsearch -h localhost -p 1389 -b"ou=IDM, ou=ServiceAccounts, o=gc, c=ca" -D cn=orcladmin -w "removed from here" (uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupOfUniqueNames)
cn=Administrators,ou=IDM,ou=ServiceAccounts,o=gc,c=ca
objectclass=groupOfUniqueNames
objectclass=orclGroup
objectclass=top
END
Here are the log entries:
<1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
<1291668685624> <BEA-000000> <LDAP Atn Login>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will use NameCallback to retrieve name>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle got username from callbacks[0], UserName=myadmin>
<1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
<1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection { ldapVersion:2 bindDN:""}>
<1291668685624> <BEA-000000> <authenticate user:myadmin>
<1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685624> <BEA-000000> <returnConnection conn:LDAPConnection { ldapVersion:2 bindDN:""}>
<1291668685624> <BEA-000000> <[Security:090302]Authentication Failed: User myadmin denied>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize LoginModuleClassName=weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize ClassLoader=java.net.URLClassLoader@facf0b>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize created delegate login module>
<1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
<1291668685624> <BEA-000000> <LDAP Atn Login>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle did not get username from a callback>
<1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
<1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685624> <BEA-000000> <authenticate user:myadmin>
<1291668685624> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685671> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<1291668685671> <BEA-000000> <authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<1291668685671> <BEA-000000> <authentication succeeded>
<1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685686> <BEA-000000> <LDAP Atn Authenticated User myadmin>
<1291668685686> <BEA-000000> <List groups that member: myadmin belongs to>
<1291668685686> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685686> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685686> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<1291668685686> <BEA-000000> <search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>
<1291668685686> <BEA-000000> <Result has more elements: false>
<1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685686> <BEA-000000> <login succeeded for username myadmin>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login delegated, returning true>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
<1291668685686> <BEA-000000> <LDAP Atn Commit>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning false>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
<1291668685686> <BEA-000000> <LDAP Atn Commit>
<1291668685686> <BEA-000000> <LDAP Atn Principals Added>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning true>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login logged in>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login subject=Subject:
     Principal: myadmin
>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSIdentityServiceImpl.getIdentityFromSubject Subject: 1
     Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principals)>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) Principal=myadmin>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator handles this PrincipalClass>
<1291668685686> <BEA-000000> <Signed WLS principal myadmin>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator signed the principal>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) All required PrincipalValidators signed this PrincipalClass, returning true>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login identity=Subject: 1
     Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate authenticate succeeded for user myadmin, Identity=Subject: 1
     Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.UserLockoutServiceImpl$ServiceImpl.isLocked(myadmin)>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate login succeeded and myadmin was not previously locked out>
<1291668685702> <BEA-000000> <Using Common RoleMappingService>
<1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity>
<1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity will use common security service>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals)>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) Principal=myadmin>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator handles this PrincipalClass>
<1291668685702> <BEA-000000> <Validate WLS principal myadmin returns true>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator said the principal is valid>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) One or more PrincipalValidators handled this PrincipalClass, returning true>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals) validated all principals>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Identity=Subject: 1
     Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): input arguments:>
<1291668685702> <BEA-000000> <     Subject: 1
     Principal = weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> <     Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*, httpMethod=GET>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*, httpMethod=GET>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/, httpMethod=GET>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console>
<1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp>
<1291668685702> <BEA-000000> <     Parent: type=<app>, application=consoleapp>
<1291668685702> <BEA-000000> <     Parent: type=<url>>
<1291668685702> <BEA-000000> <     Parent: null>
<1291668685702> <BEA-000000> <     Context Handler: >
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AdminChannelUsers,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AdminChannelUser:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AdminChannelUser: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AppTesters,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AppTester:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AppTester: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(everyone,[everyone,users]) -> true>
<1291668685702> <BEA-000000> <primary-rule evaluates to Permit>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Anonymous:, 1.0 evaluates to Permit>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Anonymous: GRANTED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Monitors,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Monitor:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Monitor: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Operators,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Operator:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Operator: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(CrossDomainConnectors,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:CrossDomainConnector:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role CrossDomainConnector: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Deployers,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Deployer:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Deployer: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, SC=null, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Administrators,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Admin:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Admin: DENIED>
<1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): returning roles Anonymous>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles returning [ "Anonymous" ]>
<1291668685702> <BEA-000000> <AuthorizationManager will use common security for ATZ>
<1291668685702> <BEA-000000> <weblogic.security.service.WLSAuthorizationServiceWrapper.isAccessAllowed>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Identity=Subject: 1
     Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Roles=[ "Anonymous" ]>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Direction=ONCE>
<1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
<1291668685702> <BEA-000000> <     Subject: 1
     Principal = weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> <     Roles:Anonymous>
<1291668685702> <BEA-000000> <     Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <     Direction: ONCE>
<1291668685702> <BEA-000000> <     Context Handler: >
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:role, SC=null, Value=Anonymous>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of([Admin,Operator,Deployer,Monitor],Anonymous) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): returning DENY>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed AccessDecision returned DENY>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Results=[ DENY ]>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <DefaultAdjudicatorImpl.adjudicate results: DENY >
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Adjudictor returned false, returning that value>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed returning adjudicated: false>

Okay Finally the issue is resolved. Here is the findings to help others in case they ran into the same issue.
The OID version that we are using is not returning the groups the way Weblogic is building the ldapsearch command. We captured the ldap traffic to go deeper and noticed the filters and attributes list that wls was asking. For example, the filter was like:
"(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" cn
its was the "cn" attribute that was causing the result set to be empty.
from a command line we tried
"(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" uniquemember
and got the results back.
Then we start looking into OID configuration and one of my coworker pointed me towards the orclinmemfiltprocess attributes in cn=dsaconfig entry and told me that they had lot of issues in the past in relation to this attribute.
So as a test we removed the groupofuniquenames objectclass from the orclinmemfiltprocess attribute list and bingo it worked!
Since we needed the groupofuniquenames in this list for performance/other reasons and decided to use a different objectclass for our groups instead i.e. orclGroup.
Thanks everyone for showing interest on the problem and providing suggestions.

Non-ISP DDNS with Apple DHCP and DNS Services

I have two questions about Dynamic DNS (DDNS) as it applies to Apple's DNS and DHCP services within my home network. I am not talking about DDNS in the context of making my external-facing router available by a domain name on the Internet using the dynamically-assigned IP from my ISP.
Starting with Snow Leopard Server, I attempted to use Apple's DNS and DHCP services (I have the firmware-based DHCP service in my router turned off.) The difficulty I immediately faced was that Apple's DHCP implementation didn't update the DNS service as IPs were handed out to DHCP clients. Because of this, it wasn't possible to access hosts by their hostname, since getting a DHCP-assigned dynamic IP at boot-up didn't do anything to automagically register the hostname-to-IP mapping in DNS. Manually registering the hostname in DNS was pointless, becuase over time the client IP address can and did change. I could create static IP assignments based on the MAC address, but doing that for all of the devices on my home network sort of defeated the purpose of using dynamic IPs.
The only solution I eventually found was to go out and get an open source DHCP server, compile it for my Mac, install it, and configure it. After doing this, everything worked great; every time a new host or other device was booted it got a dynamic IP through DHCP, and then the DHCP server automatically updated Apple's DNS serive with the hostname and assigned IP. I could immediately access every device on my network by hostname. As IP addresses changed over time, the hostname-to-IP mapping in DNS was automatically updated.
Except, Apple's point upgrades kept breaking my non-Apple DHCP install. Every time I applied software updates to my server I had to go back and re-finagle DHCP to get it to automatically start and run. By the time Lion Server came out, I drank the Kool-Aid and went back to Apple's DHCP implementation. I was disappointed that it still didn't seem able to update DNS with hostnames as it assigned IPs, but I was so tired of mucking about at the command prompt to fix DHCP every time Software Updates broke it, I just lived with the inconvenience of not being able to access devices on my network by hostname.
I'm sorry to say this, but Windows Server has had this capability since at least server 2003. In fact, until I dumped my Windows Server and switched to Snow Leopard Server, I was running Microsoft's DNS and DHCP services on Server 2003 and they did exactly what I'm describing brilliantly.
Can anyone offer any advice here? Does Mountain Lion's implementation of DHCP allow for DDNS updates to the DNS service? If not, how are other people handling this? Should I go back to running Windows Server for my DNS and DHCP services? My Netgear WNDR3700 router appears to have the standard, substandard DHCP server in firmware as most home routers, and no facility for DNS at all--much less the ability to update an on-site DNS sever with IP addresess it hands out. In fact, the only appliance I know of that does this is the InfoBlox my employer uses, but that's too expensive for a home solution.
As a Post Script, I'll add that I've been VERY unhappy that I lost the ability to bind Windows clients to Open Directory under Lion Server. Since I'm starting to see articles that say this capability hasn't been added back to Mountain Lion Server, I'm seriously considering implementing a Windows Server AD master and establishing a "magic triangle" or "golden triangle". If I end up having to do that, I wonder if I might as well just go back to using Microsoft's DNS and DHCP services.

Hi,
Whether to move your DHCP to another server depends on the workload of your server. If there are too many clients on the network, you should move your DHCP to another server.
Did the record which owned by the machine generate before you configure the DnsUpdateProxy group? You can try to regenerate the record and check the result.
For more detailed information, you can view the link below.
DNS best practices
http://technet.microsoft.com/en-us/library/cc778439(v=ws.10).aspx
Using DNS servers with DHCP
http://technet.microsoft.com/en-us/library/cc787034(v=ws.10).aspx
DNS registration changes for Windows Server 2003 based DHCP Servers
http://technet.microsoft.com/en-us/library/ee441167(v=ws.10).aspx
Hope this helps.
Steven Lee
TechNet Community Support

Windows 7-8.1 Can not change the MAC Address on wifi and cannot load login page in public HotSpot.

Windows 7-8.1 Can not change the MAC Address on wifi and cannot load login page in public HotSpot.
Adapter: Ralink RT3070 Chipset wifi adapter
Tested: os Windows 8.1 Professional
Hot Spot: 802.11b
The first problem windows 7-8.1 got IP adress and connect he public HotSpot but cannot load login page or any other page. It does not work with it.
The second problem Wifi canrd/configure/Advandes (No network adress change function).Tested with the default windows driver and the ralink rt 3070 driver the same problem.On windows XP the same function the same driver works perfectly.
multiple users to have expressed interest in the problem But Microsoft not corrected the problem window7-8.1 10?
lizardsystems.com/wiki/change_mac_address/faq/change_mac_address_in_windows_7
blog.technitium.com/2011/05/tmac-issue-with-wireless-network.html
superuser.com/questions/519189/how-to-change-the-mac-address-in-win-8-to-spoof-a-roku-player-through-a-wifi-spl
social.technet.microsoft.com/Forums/windows/en-US/59e07df3-471c-499e-ad5f-e7cb507595df/cannot-change-mac-address-in-windows-7-driver-has-option-doesnt-work-neither-does-regedit-ms?forum=w7itpronetworking
networksteve.com/windows/topic.php/CANNOT_CHANGE_WIRELESS_%28SPOOF%29_MAC_ADDRESS_ON_WINDOWS_7/?TopicId=16810&Posts=1
On windows XP or linux have a MAC adress Change function allow 00 mac adress and another normal mac adress range.On windows 8.1 all Mac changer program dont work.This 2,6,A,E on second adress are not vaild Mac adress. You simply can not use normal MAC
addresses on windows 8.1.When i connect the usb the Pc windows 8.1 recognizes the adapter but the default driver and the downloaded ralink driver the same problem.On windows xp the current driver works perfectly have (Local Mac Network Adress) funktion
and works with the 802.11b hot spot.I got the internet my PC and laptop too public HotSpots and another wifi HotSpots if wont work correctly i can not use neither the windows 7,8,8.1 or 10. Many users have expressed interest in the problem more forums.
The 3. problem im tested in virtualbox the windows 7 and 8.1 on 8.1 (on the blue wifi platform) not show correctly the signal strengh. On windows 7 show this correctly.The windows 7-8.1 Configure/advanced the advanced options on Ralink 3070 the default (windows
driver) somehow downgraded function is less than for Xp. Configure/advanced the advanced options (needs to be upgraded in the future) because it does not advance but rather regressed.
Today it is very common these wi-fi technology increasingly used (hotels,Public Hots Spots,Internet coffe,) growing free bublic wifi projects. The wifi funktions on windows need debugging and modernize.The quality of Wi-Fi is now the operating system
is now a thing order which is not good then the operating system is unusable.

Hi,
For changing the MAC address for Windows 7 is designed with some limitation, we cannot get over it. Thanks for your understanding.
Under Windows 7, the possible range of spoofed addresses for wireless adapters that can be set is limited. To be used by Windows 7, a spoofed MAC address should have 0 as a least significant bit (unicast) and 1 as a second least significant
bit (locally administered) in the second nibble. Thus possible values for the second nibble are limited to 2, 6, A and E.
In other words
MAC address: “XY-XX-XX-XX-XX-XX” “X” can be anything hexadecimal. The hexadecimal “Y”, written in binary format, is Y: “kmnp”, where “p” is the least significant bit;
p=0 --> unicast;
p=1 --> multicast;
n=0 --> globally assigned MAC;
n=1 --> locally administered;
So, actually MAC can be changed to any combination in which p=0 and n=1;
“Y” can be 2, 6, A or E.
So the possible MAC addresses in Windows 7 for wireless adapters:
X2-XX-XX-XX-XX-XX
X6-XX-XX-XX-XX-XX
XA-XX-XX-XX-XX-XX
XE-XX-XX-XX-XX-XX
For the wifi hotspot issue, please check this blog to see if it can be helpful.
Windows 7 Connectivity Problems in Public Hotspots
http://blogs.technet.com/b/patrickr/archive/2010/07/28/windows-7-connectivity-problems-in-public-hotspots.aspx
Kate Li
TechNet Community Support

How to Get the Login Window and/or Bypass Login Items?

Greetings, folks!
This is a silly question, but the old standby of “hold down the shift key” doesn’t work in 10.6.1:
What key(s) need to be pressed to get the LogIn window and then after LogIn, to bypass LogIn Items?
Thanks!!
Richard Fairbanks

Not here, on a fresh (erased) install.
Pressed either before or after the initial gray Mac appears, the shift key does not access the LogIn screen. It is possible to bypass the account’s LogIn items by holding down the shift key after the LogIn screen has been called and successfully commenced, but how does one call the Login screen when the Mac is normally set up for automatic login?
It used to be the shift key . . .
Thanks!

DHCP and mtu size in rc.conf

Is it possible to set an interface to use both DHCP and a custom MTU size by setting the value in rc.conf?
I tried using the line "eth0="dhcp mtu 9000", but that did not work.

There is a hackish way to do it:
eth0="dhcp"
eth0mtu="eth0 mtu 1234"
INTERFACES=(lo eth0 eth0mtu)
It is important that eth0mtu is after eth0 in INTERFACES.

Adding phones and users with bat and LDAP sync

What are the various ways of importing users with phones when the Communications Manager 9.0 is sync'd with LDAP. Also, what method is the easiest and fastest?
For example, I could do the following steps:
Sync CUCM with LDAP to import new users, add phones using bat files, manually update users to associate devices etc
I believe I should also be able to do the above method and use a bat file to update the users to associate devices etc. This method still involves 2 steps and the creation of 2 seperate bat files.
In CUCM version 9 it is possible to have local and LDAP users, so is it possible to add the phones and users using the phones/users tab of the bat file and have them beocme LDAP users?
Thank you,
Danny

#1 Remove this embedded CSS code from your HTML document(s). You don't need it.
body {
    background-color: #CCC;
body,td,th {
    color: #FFF;
    font-size: 14px;
#2 Open PW.css file and add this to the top:
body {
font-family: Arial, Helvetica, sans-serif;
font-size: 14px;
background-color: #CADFEB;
/**or insert a background-image using the CSS editor**/
#3 Remove font-family and font-size from all your other CSS selectors. You don't need to duplicate styles on every element.
#4 Replace this:
#content {
    position:absolute;
    left:199px;
    top:10px;
    width:860px;
    z-index:1;
    right: auto;
    background-color: #FFF;
    text-align: center;
    color: #000;
    height: auto;
with this:
#content {
     width:860px;
     margin: 20px auto;
     border: 4px solid silver;
     background-color: #FFF;
     text-align: center;
     color: #000;
     -moz-box-shadow: 5px 5px 5px #888;
     -webkit-box-shadow: 5px 5px 5px #888;
     box-shadow: 5px 5px 5px #888;
#5 Save your PW.css file and upload to server.
Nancy O.
Alt-Web Design & Publishing
Web | Graphics | Print | Media Specialists
http://alt-web.com/
http://twitter.com/altweb

Oracle e business suite user name and password to login oracle bi?

Hi,
it is possible to use oracle e bussiness suite user name and password to login oracle BI PUBLISHER SERVER.??
we are using 11.1.1.6.0 OBIEE and R12 (12.0.6) e business suite.

SAURAV KUMAR SINGH wrote:
During Oracle Installation i have given SID : RD1 & Password :admin@1234
... insert BUZZER sound here ...
Using "@" in a password for a DB User is not supported at all (allthough it works).
I did so myself once and I think it was possible to get a connection utilize quotes,
but I do not remember which ones in what way.
Could have been like
sqlplus "sapsr3/admin@1234"
but not very sure any more.
My be toy around with this, but more easy is to use brtools and change the
password to contain only valid oracle letters.
The problem with "@" is, that it delimits the SQLNET Connect identifier.
Volker
Oh, and for executing brtools, do not provide a user at all or only "-u /"
This should do a sysdba connect.
Edited by: Volker Borowski on Jan 30, 2012 7:25 PM

Solaris 10 x86 u5 dhcp and jumpstart install fail

hello
I have problem in solaris 10 u5 jumpstart install.
I can use jumpstart install with dhcp and get a static ip address (assigned by dhcp server) before solaris 10 u3.
But now I can't use jumpstart install in solaris 10 u5 without setting up a static ip address in sysidcfg.
I have many x86 machines.
If I have to set up every different sysidcfg for every machine when I install a new machine.
I will get into big trouble.
here is my sysidcfg
###### sysidcfg #######
system_locale=en_US
timeserver=localhost
timezone=Asia/Taipei
terminal=sun-color
security_policy=NONE
root_password=xxxxxxxx
nfs4_domain=example.com
network_interface=primary { hostname=solaris
default_route=192.168.100.254
netmask=255.255.255.0
protocol_ipv6=no}
name_service=DNS {domain_name=example.com
name_server=192.168.100.1
search=example.com}
Edited by: cheung79 on 2008/4/19 ?? 5:29

I think that you should modify the script discovery-install, so you'll be able to create the sysidcfg file dynamically. I had the same problem as you and there is a possibility to add some arguments to the boot command that you execute at the ok prompt. These arguments can be defined in the discovery-install script. It's quite easy.
Regards,
Przemek

DHCP and LDAP at Login... possible?

Similar Messages

Maybe you are looking for