Dynamic Users in ACS
I want to Disable caching of dynamically mapped users. Unfortunately the check box to disable the caching is hidden and I can not find it. What do I enable it inorder to see this check box so I may disable it.
There is no way to disable dynamic user cache, we can only manually remove the users from time to time when they keep adding on.They actually become a part of the database and stay unless you delete it manually.
To remove dynamic users manually -- in user set up page -- select " Remove Dynamic Users"
Similar Messages
-
Dynamic User Group Role for ASA 8 ACS 4 External Windows DB
1. I've successfully got a Win2003 AD user to authenticate to the ASA via an ACS but the default group settings the dynamic user becomes part of don't get transfered to the user. How do I get the user to adopt the group settings?
2. ASDM recommends nabling authentication for admin console sessions so you don't ssh into a box then have to login as the enable password which isn't logged. When I check the box for this feature I can ssh to the ASA but my password is denied ASA. How do I keep the user credentials all the way to the privilege exec mode?
3. Back in the day I could configure the ACS shell, privilege 15, custom attributes cisco-av-pair "priv-lvl-15" to get a user to jump directly to privilege exec mode. This doesn't work now. Is there a different way to do this on ACS v 4?
Thanks in advance,
MattTry this:
aaa authentication enable console
aaa authorization command
on ACS go to the user or group that the user is in and go to enable options and click on "Max Privilege for any AAA client" and set it to "15". Then go to the "tacacs+" section on click on "Shell(exec)" and click on "Privilege leve" and enter 15. Then go to the "Shell command authorization set" and set the default to permit any commands not listed. This will get the user into privilege mode. In ASA/Pix it requires command authorization and authentication for enable console. On IOS it requires that you use aaa authentication exec and then the aaa authorization exec/command. This will allow the user to go straight into privilege mode instead of user mode. -
Disable caching ACS dynamic users
Hi all!
I have an ACS 3.3(2)b2 what use AD as an external DB. I experianced, that dynamic users created after successful authentication from the AD, and these users don't purge themself from the ACS internal DB. I did a test environment, and the same thing happened. I upgraded the ACS to 4.0, and the same thing happened.
I find a mention in the ACS4.0 user guide, what says the following:
"Users that are dynamically mapped will keep on being dynamically mapped even when their group
mapping settings are modified to a group which is set to Disable caching of dynamically mapped users."
So my question is, where can I disable caching of dynamically mapped users?
Thanks a lot for the answers!
By(e)
MikiMiki,
This is a feature that is added on ACS 4.2 see the release notes below:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html#wp90436
Option of disabling caching of dynamic users-Administrators can determine whether they want to disable the creation of dynamic users while using an external database for authentication. Minimal performance disruption occurs when disabling caching of dynamic users. -
ACS 4.2 - automate removal of dynamic users
Is it possible to automate the removal of dynamic users to a preset schedule, say once a month?
thanks
BobNo its not possible to automate the removal of dynamic users to a preset schedule. The only option is to use the "Remove Dynamic Users" button manually in the User Setup.
-
Automating removal of Discovered Users from ACS
I use ACS 4.1 on a Windows server that looks up unknown users in Active Directory. Users in AD are in various groups and ACS has these groups mapped to the ACS groups so that users are granted appropriate access to their needs. This has worked well.
I am now seeing that users are are removed from one AD group and added to another group do not have this change reflected in the ACS system. This is because ACS only looks at the AD group for *unknown users*. The user who has moved AD groups was an unknown user, but, upon first logon, that user became a discovered user. From that point forward, only credentials are checked, not group membership.
On the User Setup section in ACS, there is a button to *Remove Dynamic Users*.
I would love to know the following:
1. Is there a way to have ACS check the current group assignment in AD for *Discovered Users*?
2. If not, is there a way to automate the *Remove Dyanmic Users* fucntion? I have used CSUtil in the past but it seems a little cumbersome for this feature in that I had to dump out the users, reformat the output, and then push the deletion back through. I don't recall it making distinctions of known versus discovered users. It just had users names in ACS groups.
Any insights would be greatly appreciated!Right, I mention that in my original post. But it requires me to go in and do it. Not the automated process I am looking for.
The other approach I mentioned is to script around the CSUTIL command. While it meets part of the automation requirement, it is not very robust and does not do exactly what I am looking for. It also becomes another complex script that I would have to support.
Thank you. -
Help needed, Createing Dynamic User input
Hello,
I am attempting to create some dynamic user input by "predicting" what the user requires in a text box.
For example if the user enters "Smi" I have a select list pop up which gives the user all options that begin with "Smi".
I am able to achieve the popups but the interface is quite jerky and not terribly responsive I am trying to solve this by using a thread which starts and stops when new input is received but it is still not quite right.
The program uses a Sorted TreeSet to hold the data (I thought this would give me a quick search time) and a simple interface at this stage.
Any help would be fantastic
Thanks in advance :P
import java.io.*;
import java.awt.*;
import javax.swing.*;
import java.awt.event.*;
import javax.swing.event.*;
import java.text.*;
import java.util.*;
/** This program represents part of a larger user interface for allowing the
user to select data from a file or database.
<p>
When the program starts up, it will read in data from a given file, and hold
it in some type of container allowing rapid access.
<p>
The user may then type in the first few letters of the surname of a person,
and this program should immediately present in a popup dialog the names which
match. The user will be able to click on one of the names in the popup and
that will cause all data about that person to be displayed in the JTextArea
at the bottom of the window.
<p>
This program requires the FormLayout.class, FormLayout$Placement.class, and
FormLayout$Constraint.class files in the same directory
(folder) or in its classpath. These is provided separately.
class PartMatch extends JFrame implements Runnable
/** Close down the program. */
JButton quitbtn;
/** Field for the surname. */
JTextField namefld;
/** Full details of the person(s). */
JTextArea results;
/** Popup dialog to display the names and addresses which
match the leading characters given in namefld. */
Chooser matches;
/** Default background color for a window. */
final static Color defBackground = new Color(0xD0C0C0);
/** Default foreground color for a window. */
final static Color defForeground = new Color(0x000000);
/** Default background color for a field */
final static Color fldBackground = new Color(0xFFFFFF);
/** Default background color for a button */
final static Color btnBackground = new Color(0xF0E0E0);
final static Color dkBackground = new Color(0xB0A0A0);
/** Larger font */
final static Font bold = new Font("Helvetica", Font.BOLD, 30);
TreeSet members;
String input;
String[] found;
public static void main(String arg[])
UIManager.put("TextField.background",fldBackground);
UIManager.put("TextField.foreground",defForeground);
UIManager.put("TextField.selectionBackground",btnBackground);
UIManager.put("TextArea.background",fldBackground);
UIManager.put("TextArea.foreground",defForeground);
UIManager.put("TextArea.selectionBackground",btnBackground);
UIManager.put("Panel.background",defBackground);
UIManager.put("Label.background",defBackground);
UIManager.put("Label.foreground",defForeground);
UIManager.put("Button.background",btnBackground);
UIManager.put("Button.foreground",defForeground);
UIManager.put("CheckBox.background",defBackground);
UIManager.put("ScrollBar.background",defBackground);
UIManager.put("ScrollBar.thumb",btnBackground);
UIManager.put("ComboBox.background",btnBackground);
UIManager.put("ComboBox.selectionBackground",dkBackground);
PartMatch trial = new PartMatch(arg);
public PartMatch( String [] arg )
super("Part Match");
setDefaultCloseOperation(EXIT_ON_CLOSE);
Container cpane = getContentPane();
FormLayout form = new FormLayout(cpane);
JLabel lab1 = new JLabel("Fetch details") ;
lab1.setFont( bold );
form.setTopAnchor( lab1, 4 );
form.setLeftAnchor( lab1, 4 );
JLabel lab2 = new JLabel("Surname: ") ;
form.setTopRelative( lab2, lab1, 4 );
form.setLeftAlign( lab2, lab1 );
namefld = new JTextField( 30 );
form.setBottomAlign( namefld, lab2 );
form.setLeftRelative( namefld, lab2, 4 );
namefld.addCaretListener( new CaretListener()
public void caretUpdate(CaretEvent e)
showMatches();
quitbtn = new JButton( "Quit" );
quitbtn.addActionListener( new ActionListener()
public void actionPerformed(ActionEvent e)
quitProcessing();
form.setBottomAlign( quitbtn, namefld );
form.setLeftRelative( quitbtn, namefld, 15 );
results = new JTextArea( 10,50 );
results.setEditable(false);
JScrollPane jsp = new JScrollPane( results,
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED,
JScrollPane.HORIZONTAL_SCROLLBAR_AS_NEEDED );
form.setTopRelative( jsp, lab2, 6 );
form.setLeftAlign( jsp, lab2 );
form.setBottomAnchor( jsp, 5 );
form.setRightAnchor( jsp, 5 );
form.setRightAnchor( quitbtn, 5 );
matches = new Chooser( this );
//matches.setUndecorated(true);
pack();
setVisible(true);
namefld.requestFocus();
if (arg.length > 0) init(arg[0]);
else init("triathlon.txt"); //<<<<<<<<<<<<<<<< Place the default filename here
/** Called once only, at the end of the constructor, to read the data
* from the membership file.
public void init( String fname )
members = new TreeSet();
try {
FileReader fr = new FileReader(new File (fname));
Scanner scan = new Scanner(fr);
trimember cmem;
String cLine, eTag, memberNo, first, last, gender, yob, tel ,addr,
club;
while(scan.hasNextLine())
cLine = scan.nextLine();
Scanner scan2 = new Scanner(cLine);
scan2.useDelimiter(";");
eTag = scan2.next().trim();
memberNo = scan2.next().trim();
first = scan2.next().trim();
last = scan2.next().trim();
gender = scan2.next().trim();
yob = scan2.next().trim();
tel = scan2.next().trim();
addr = scan2.next().trim();
club = scan2.next().trim();
cmem = new trimember(eTag, memberNo, first, last, gender, yob,
tel, addr, club);
members.add(cmem);
catch (FileNotFoundException ex)
results.append("Sorry can't find the input file\n");
results.append("Please check file name and location and try again");
ex.printStackTrace();
/** Called every time there is a change in the contents of the text field
* namefld. It will first clear the text area. It then needs to search
* through the container of data to find all records where the surname
* starts with the characters that have been typed. The names and
* addresses need to be set up as strings and placed in
* an array of Strings. This can be placed in the "matches" window and
* displayed for the user, inviting one to be selected.
* <p>
* The performance of this is very important. If necessary, it may be
* necessary to run as a separate thread so that the user interface is
* not delayed. It is essential that the user be able to type letters at a
* reasonable speed and not have the keystroke processing held up by
* previous text.
public void showMatches( )
run();
// First clear the text area
//results.setText("");
// Determine the leading characters of the surname that is wanted
input = namefld.getText();
// Locate the data for this name, and display each matching item
// in the JTextArea ...
// Example of how to set the data in the popup dialog
matches.list.setListData(found);
matches.pack(); // resize the popup
// set the location of the popup if it is not currently visible
if ( ! matches.isVisible())
Dimension sz = matches.getSize();
Point mouse = getMousePosition();
Point framepos = getLocation();
int x=0, y=0;
if (mouse == null)
Point pt = results.getLocation();
x = pt.x + 20 + framepos.x;
y = pt.y + 20 + framepos.y;
else
x = mouse.x - 2 + framepos.x;
y = mouse.y - 2 + framepos.y;
matches.setLocation(x,y);
matches.setVisible(true);
namefld.requestFocus();
/** Perform any final processing before closing down.
public void quitProcessing( )
// Any closing work. Then
System.exit(0);
public void run()
ArrayList<String> foundit = new ArrayList<String>();
System.out.println(input);
if(input != null)
Iterator it = members.iterator();
while(it.hasNext())
trimember test = (trimember) it.next();
if (test.last.startsWith(input))
foundit.add(test.last +", "+ test.first);
found = new String[foundit.size()];
for(int i=0; i<foundit.size();i++)
found[i] = foundit.get(i);
/** A window for displaying names and addresses from the data set which
match the leading characters in namefld.
<p>
This will automatically pop down if the user moves the mouse out of the
window.
<p>
It needs code added to it to respond to the user clicking on an item in
the displayed list. */
class Chooser extends JWindow
/** To display a set of names and addresses that match the leading
characters of the namefld text field. */
public JList list = new JList();
Chooser( JFrame parent )
super( parent );
Container cpane = getContentPane();
cpane.addMouseListener( new MouseAdapter()
public void mouseExited(MouseEvent e)
Chooser.this.setVisible(false);
cpane.add("Center",list);
list.addListSelectionListener( new ListSelectionListener()
public void valueChanged(ListSelectionEvent e)
Chooser.this.setVisible(false);
System.out.println("ValueChanged");
// First clear the text area
results.setText("");
String in = (String) list.getSelectedValue();
System.out.println("Selected Value was : "+in);
String[] inlf = in.split(", ");
System.out.println("inlf[0]:"+inlf[0]+" inlf[1]:"+inlf[1]);
results.append("Surname \tFirst \teTag \tMemberNo \tSex \tYOB " +
"\tTel \tAddress \t\t\tClub\n");
Iterator it = members.iterator();
while(it.hasNext())
trimember test = (trimember) it.next();
if (test.last.equals(inlf[0])&&test.first.equals(inlf[1]))
results.append(test.toString()+"\n");
namefld.requestFocus();
public class trimember implements Comparable
String eTag;
public String memberNo;
public String first;
public String last;
String gender;
String yob;
String tel;
String addr;
String club;
public trimember(String eT, String me, String fi, String la,
String ge, String yo, String te, String ad, String cl)
eTag = eT;
memberNo = me;
first = fi;
last = la;
gender = ge;
yob = yo;
tel = te;
addr = ad;
club = cl;
//To String method to output string of details
public String toString()
return last + "\t" + first + "\t" + eTag + "\t" +
memberNo + "\t" + gender + "\t" + yob + "\t"+ tel + "\t" +
addr + "\t" + club;
//Compare and sort on Last name
public int compareTo(Object o)
trimember com = (trimember) o;
int lastCmp = last.compareTo(com.last);
int firstCmp = first.compareTo(com.first);
int memCmp = memberNo.compareTo(com.memberNo);
if (lastCmp == 0 && firstCmp !=0)return firstCmp;
else if (lastCmp==0&&firstCmp==0)return memCmp;
else return lastCmp;
}Please don't cross-post. It is considered very rude to do that here:
http://forum.java.sun.com/thread.jspa?messageID=9953193 -
Help needed, Providing Dynamic User input
Hello,
I am attempting to create some dynamic user input by "predicting" what the user requires in a text box.
For example if the user enters "Smi" I have a select list pop up which gives the user all options that begin with "Smi".
I am able to achieve the popups but the interface is quite jerky and not terribly responsive I am trying to solve this by using a thread which starts and stops when new input is received but it is still not quite right.
The program uses a Sorted TreeSet to hold the data (I thought this would give me a quick search time) and a simple interface at this stage.
Any help would be fantastic
Thanks in advance :P
import java.io.*;
import java.awt.*;
import javax.swing.*;
import java.awt.event.*;
import javax.swing.event.*;
import java.text.*;
import java.util.*;
/** This program represents part of a larger user interface for allowing the
user to select data from a file or database.
<p>
When the program starts up, it will read in data from a given file, and hold
it in some type of container allowing rapid access.
<p>
The user may then type in the first few letters of the surname of a person,
and this program should immediately present in a popup dialog the names which
match. The user will be able to click on one of the names in the popup and
that will cause all data about that person to be displayed in the JTextArea
at the bottom of the window.
<p>
This program requires the FormLayout.class, FormLayout$Placement.class, and
FormLayout$Constraint.class files in the same directory
(folder) or in its classpath. These is provided separately.
class PartMatch extends JFrame implements Runnable
/** Close down the program. */
JButton quitbtn;
/** Field for the surname. */
JTextField namefld;
/** Full details of the person(s). */
JTextArea results;
/** Popup dialog to display the names and addresses which
match the leading characters given in namefld. */
Chooser matches;
/** Default background color for a window. */
final static Color defBackground = new Color(0xD0C0C0);
/** Default foreground color for a window. */
final static Color defForeground = new Color(0x000000);
/** Default background color for a field */
final static Color fldBackground = new Color(0xFFFFFF);
/** Default background color for a button */
final static Color btnBackground = new Color(0xF0E0E0);
final static Color dkBackground = new Color(0xB0A0A0);
/** Larger font */
final static Font bold = new Font("Helvetica", Font.BOLD, 30);
TreeSet members;
String input;
String[] found;
public static void main(String arg[])
UIManager.put("TextField.background",fldBackground);
UIManager.put("TextField.foreground",defForeground);
UIManager.put("TextField.selectionBackground",btnBackground);
UIManager.put("TextArea.background",fldBackground);
UIManager.put("TextArea.foreground",defForeground);
UIManager.put("TextArea.selectionBackground",btnBackground);
UIManager.put("Panel.background",defBackground);
UIManager.put("Label.background",defBackground);
UIManager.put("Label.foreground",defForeground);
UIManager.put("Button.background",btnBackground);
UIManager.put("Button.foreground",defForeground);
UIManager.put("CheckBox.background",defBackground);
UIManager.put("ScrollBar.background",defBackground);
UIManager.put("ScrollBar.thumb",btnBackground);
UIManager.put("ComboBox.background",btnBackground);
UIManager.put("ComboBox.selectionBackground",dkBackground);
PartMatch trial = new PartMatch(arg);
public PartMatch( String [] arg )
super("Part Match");
setDefaultCloseOperation(EXIT_ON_CLOSE);
Container cpane = getContentPane();
FormLayout form = new FormLayout(cpane);
JLabel lab1 = new JLabel("Fetch details") ;
lab1.setFont( bold );
form.setTopAnchor( lab1, 4 );
form.setLeftAnchor( lab1, 4 );
JLabel lab2 = new JLabel("Surname: ") ;
form.setTopRelative( lab2, lab1, 4 );
form.setLeftAlign( lab2, lab1 );
namefld = new JTextField( 30 );
form.setBottomAlign( namefld, lab2 );
form.setLeftRelative( namefld, lab2, 4 );
namefld.addCaretListener( new CaretListener()
public void caretUpdate(CaretEvent e)
showMatches();
quitbtn = new JButton( "Quit" );
quitbtn.addActionListener( new ActionListener()
public void actionPerformed(ActionEvent e)
quitProcessing();
form.setBottomAlign( quitbtn, namefld );
form.setLeftRelative( quitbtn, namefld, 15 );
results = new JTextArea( 10,50 );
results.setEditable(false);
JScrollPane jsp = new JScrollPane( results,
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED,
JScrollPane.HORIZONTAL_SCROLLBAR_AS_NEEDED );
form.setTopRelative( jsp, lab2, 6 );
form.setLeftAlign( jsp, lab2 );
form.setBottomAnchor( jsp, 5 );
form.setRightAnchor( jsp, 5 );
form.setRightAnchor( quitbtn, 5 );
matches = new Chooser( this );
//matches.setUndecorated(true);
pack();
setVisible(true);
namefld.requestFocus();
if (arg.length > 0) init(arg[0]);
else init("triathlon.txt"); //<<<<<<<<<<<<<<<< Place the default filename here
/** Called once only, at the end of the constructor, to read the data
* from the membership file.
public void init( String fname )
members = new TreeSet();
try {
FileReader fr = new FileReader(new File (fname));
Scanner scan = new Scanner(fr);
trimember cmem;
String cLine, eTag, memberNo, first, last, gender, yob, tel ,addr,
club;
while(scan.hasNextLine())
cLine = scan.nextLine();
Scanner scan2 = new Scanner(cLine);
scan2.useDelimiter(";");
eTag = scan2.next().trim();
memberNo = scan2.next().trim();
first = scan2.next().trim();
last = scan2.next().trim();
gender = scan2.next().trim();
yob = scan2.next().trim();
tel = scan2.next().trim();
addr = scan2.next().trim();
club = scan2.next().trim();
cmem = new trimember(eTag, memberNo, first, last, gender, yob,
tel, addr, club);
members.add(cmem);
catch (FileNotFoundException ex)
results.append("Sorry can't find the input file\n");
results.append("Please check file name and location and try again");
ex.printStackTrace();
/** Called every time there is a change in the contents of the text field
* namefld. It will first clear the text area. It then needs to search
* through the container of data to find all records where the surname
* starts with the characters that have been typed. The names and
* addresses need to be set up as strings and placed in
* an array of Strings. This can be placed in the "matches" window and
* displayed for the user, inviting one to be selected.
* <p>
* The performance of this is very important. If necessary, it may be
* necessary to run as a separate thread so that the user interface is
* not delayed. It is essential that the user be able to type letters at a
* reasonable speed and not have the keystroke processing held up by
* previous text.
public void showMatches( )
run();
// First clear the text area
//results.setText("");
// Determine the leading characters of the surname that is wanted
input = namefld.getText();
// Locate the data for this name, and display each matching item
// in the JTextArea ...
// Example of how to set the data in the popup dialog
matches.list.setListData(found);
matches.pack(); // resize the popup
// set the location of the popup if it is not currently visible
if ( ! matches.isVisible())
Dimension sz = matches.getSize();
Point mouse = getMousePosition();
Point framepos = getLocation();
int x=0, y=0;
if (mouse == null)
Point pt = results.getLocation();
x = pt.x + 20 + framepos.x;
y = pt.y + 20 + framepos.y;
else
x = mouse.x - 2 + framepos.x;
y = mouse.y - 2 + framepos.y;
matches.setLocation(x,y);
matches.setVisible(true);
namefld.requestFocus();
/** Perform any final processing before closing down.
public void quitProcessing( )
// Any closing work. Then
System.exit(0);
public void run()
ArrayList<String> foundit = new ArrayList<String>();
System.out.println(input);
if(input != null)
Iterator it = members.iterator();
while(it.hasNext())
trimember test = (trimember) it.next();
if (test.last.startsWith(input))
foundit.add(test.last +", "+ test.first);
found = new String[foundit.size()];
for(int i=0; i<foundit.size();i++)
found[i] = foundit.get(i);
/** A window for displaying names and addresses from the data set which
match the leading characters in namefld.
<p>
This will automatically pop down if the user moves the mouse out of the
window.
<p>
It needs code added to it to respond to the user clicking on an item in
the displayed list. */
class Chooser extends JWindow
/** To display a set of names and addresses that match the leading
characters of the namefld text field. */
public JList list = new JList();
Chooser( JFrame parent )
super( parent );
Container cpane = getContentPane();
cpane.addMouseListener( new MouseAdapter()
public void mouseExited(MouseEvent e)
Chooser.this.setVisible(false);
cpane.add("Center",list);
list.addListSelectionListener( new ListSelectionListener()
public void valueChanged(ListSelectionEvent e)
Chooser.this.setVisible(false);
System.out.println("ValueChanged");
// First clear the text area
results.setText("");
String in = (String) list.getSelectedValue();
System.out.println("Selected Value was : "+in);
String[] inlf = in.split(", ");
System.out.println("inlf[0]:"+inlf[0]+" inlf[1]:"+inlf[1]);
results.append("Surname \tFirst \teTag \tMemberNo \tSex \tYOB " +
"\tTel \tAddress \t\t\tClub\n");
Iterator it = members.iterator();
while(it.hasNext())
trimember test = (trimember) it.next();
if (test.last.equals(inlf[0])&&test.first.equals(inlf[1]))
results.append(test.toString()+"\n");
namefld.requestFocus();
public class trimember implements Comparable
String eTag;
public String memberNo;
public String first;
public String last;
String gender;
String yob;
String tel;
String addr;
String club;
public trimember(String eT, String me, String fi, String la,
String ge, String yo, String te, String ad, String cl)
eTag = eT;
memberNo = me;
first = fi;
last = la;
gender = ge;
yob = yo;
tel = te;
addr = ad;
club = cl;
//To String method to output string of details
public String toString()
return last + "\t" + first + "\t" + eTag + "\t" +
memberNo + "\t" + gender + "\t" + yob + "\t"+ tel + "\t" +
addr + "\t" + club;
//Compare and sort on Last name
public int compareTo(Object o)
trimember com = (trimember) o;
int lastCmp = last.compareTo(com.last);
int firstCmp = first.compareTo(com.first);
int memCmp = memberNo.compareTo(com.memberNo);
if (lastCmp == 0 && firstCmp !=0)return firstCmp;
else if (lastCmp==0&&firstCmp==0)return memCmp;
else return lastCmp;
}Edited by: Roger on Nov 3, 2007 11:50 AMPlease don't cross-post. It is considered very rude to do that here:
http://forum.java.sun.com/thread.jspa?threadID=5233033&messageID=9953169#9953169 -
I configure a RFC Receiver adapter to communicate with R/3. In my client application (via Webdynpro) I send the message that use this communication, but I need to call the RFC using a dynamic user/password, that is, the user credentials that is logged. Is it possible? How I do it?
thanks.Hi Elton,
I don't think so, it is possible to have dynamic user ID and password for the RFC adapter. As of now...
Because you need to enter the user id and password while configuring adapter itself.
But if you want , you can call different RFCs based on the Condition etc.
Hope this helps,
Regards,
Moorthy -
Hello,
here's a little teaser for user interface experts out there:
I wonder what kind of techniques ABAP offers for creating dynamic user interfaces.
When talking of 'dynamic' I imagine something like an arbitrary number of 'containers' where other programs (classes f.ex.) can draw their own user interface into.
In Java this could be realized with the container concept in swing.
I have done some research on this topic and the results are so far:
a plain dynpro: seems to have no dynamic at all -> not an option
a plain dynpro with a tabstrip: in case the number of tabs CAN be set at runtime AND the subscreens CAN be drawn from inside separate classes -> a definite option otherwise not an option
any kind of web-frontend (BSP, JSP etc.): web-frontends are not allowed by company restrictions -> not an option
dynamic documents: I could not find many information on these yet (also not on sdn). In case that an arbitrary number of parts of the dynamic document can be created from inside separate classes -> an option otherwise not an option
I will be happy about any further information on this topic.
Best regards,
Patrick BaerI spent some time today doing research on BSP's and built a "BSP-Viewer" embedded into the SAP-GUI. Though I like the concept of BSP's a lot (like I did already with JSP's) but company restricitions are too strict. So BSP's are out of the play.
After the discussion I started to play around with the different containers and basically I'm quite pleased with them and the "cl_gui_container_bar" allows an arbirtary number of "subscreens" which matches my requirements.
But as usual there's still a downside:
I found no option to built text labels and text fields into a container. Unless this is possible I can't give this approach a chance. I already found some postings which seemed to confirm that this is in fact not possible but I can't really believe it. At least from what it looks like it seems to me that the object navigator utilizes both: splitters, containers and all the stuff AS WELL AS the "classical" elements like text boxes, labels and so on.
Any ideas on how to combine the container concept with text fields, labels maybe whole dynpros or subscreens ?
Best regards,
Patrick Baer -
Failed to authenticate user to ACS 5.1 with LDAP as external identity storage
Hi , I have an ACS and Open-LDAP server running on my company network.
Now, I 'm setting up a new linksys WAP-54G and choose WPA2-Enterprise option with ACS as the radius server.
first thing first, I created new internal user on ACS, and trying to join the wireless network from my computer. I made it....
then, I'm moving on external entity (LDAP Server). I've set up the LDAP configuration and identity sequence, also select it on access service. but when I tried to authenticate from my computer, an error was occurred. I received :
the following error 22056 Subject not found in the applicable identity store (s)
Wonder 'bout this thing, I set up a cisco 1841 router to become AAA client. and surprisingly... it works !!!
so, is there any problem to authenticate from windows platform to ACS (pointing to LDAP) ?
any suggestion ?
thanksThis is the log when using windows 7 as authentication client (Failed) :
Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15004 Matched rule
15012 Selected Access Service - Default Network Access
11507 Extracted EAP-Response/Identity
12500 Prepared EAP-Request proposing EAP-TLS with challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12301 Extracted EAP-Response/NAK requesting to use PEAP instead
12300 Prepared EAP-Request proposing PEAP with challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12302 Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
12318 Successfully negotiated PEAP version 0
12800 Extracted first TLS record; TLS handshake started.
12805 Extracted TLS ClientHello message.
12806 Prepared TLS ServerHello message.
12807 Prepared TLS Certificate message.
12810 Prepared TLS ServerDone message.
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
12318 Successfully negotiated PEAP version 0
12812 Extracted TLS ClientKeyExchange message.
12804 Extracted TLS Finished message.
12801 Prepared TLS ChangeCipherSpec message.
12802 Prepared TLS Finished message.
12816 TLS handshake succeeded.
12310 PEAP full handshake finished successfully
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
12313 PEAP inner method started
11521 Prepared EAP-Request/Identity for inner EAP method
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
11522 Extracted EAP-Response/Identity for inner EAP method
11806 Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
11808 Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store -
22043 Current Identity Store does not support the authentication method; Skipping it.
24210 Looking up User in Internal Users IDStore - xxxxx
24216 The user is not found in the internal users identity store.
22016 Identity sequence completed iterating the IDStores
22056 Subject not found in the applicable identity store(s).
22058 The advanced option that is configured for an unknown user is used.
22061 The 'Reject' advanced option is configured in case of a failed authentication request.
11815 Inner EAP-MSCHAP authentication failed
11520 Prepared EAP-Failure for inner EAP method
22028 Authentication failed and the advanced options are ignored.
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
12307 PEAP authentication failed
11504 Prepared EAP-Failure
11003 Returned RADIUS Access-Reject
This is the log when using 1841 router as authentication client (succeded) :
Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
11049 Settings of RADIUS default network will be used
Evaluating Service Selection Policy
15004 Matched rule
15012 Selected Access Service - Default Network Access
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - LDAPyyyy
24031 Sending request to primary LDAP server
24015 Authenticating user against LDAP Server
24022 User authentication succeeded
22037 Authentication Passed
22023 Proceed to attribute retrieval
22038 Skipping the next IDStore for attribute retrieval because it is the one we authenticated against
24210 Looking up User in Internal Users IDStore - xxxxx
24216 The user is not found in the internal users identity store.
22016 Identity sequence completed iterating the IDStores
Evaluating Group Mapping Policy
Evaluating Exception Authorization Policy
15042 No rule was matched
Evaluating Authorization Policy
15006 Matched Default Rule
15016 Selected Authorization Profile - Permit Access
11002 Returned RADIUS Access-Accept
I realized that Windows is using PEAP-MSCHAPv2 while Router is using PAP-ASCII as it's protocol.
so now, why PEAP-MSCHAPv2 can't authenticate to LDAP ?
is there anything I can do to make it work ? -
I have installed and configured Kanaka plug-in and my nds users can now login and see their home folders. However, they cannot launch any local applications eg. TextEdit generates a message "TextEdit quit unexpectedly" and so does Opera, Firefox always tries to create a new profile and then gives a "Profile Creation failed" due to chosen folder not being writable and MS Word will always bring the initial setup screen up but never actually loads. Is there something I have to do within Kanaka to give the dynamic users more rights. We are trying to implement this for students using our public Macs so we don't want them to have administrator privileges but they do need to be able to launch programs. Thanks
andyh100,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Dynamic User Tracking Ignoring Traps
LMS3.2
Campus Manager 5.2.0
Set up a switch per instructions and moved a PC from port to port. The Results:
S0068SWT0CW#sh mac ad not change
MAC Notification Feature is Enabled on the switch
Interval between Notification Traps : 1 secs
Number of MAC Addresses Added : 5
Number of MAC Addresses Removed : 4
Number of Notifications sent to NMS : 9
Maximum Number of entries configured in History Table : 1
Current History Table Length : 1
MAC Notification Traps are Enabled
History Table contents
History Index 1, Entry Timestamp 954048629, Despatch Timestamp 954048629
MAC Changed Message :
Operation: Added Vlan: 5 MAC Addr: 0024.e8f4.52fe Dot1dBasePort: 4
S0068SWT0CW#
Wireshark on the server shows the SNMP traps arrived at the server, but nothing is logged in the MACUHIC log (all items set for debugging and debugging is enabled) and nothing shows up in the end host report.
Trap listener configuration Listen traps from device is checked.
Dynamic User Tracking Configuration validate trap source by IP address is checked. The source address in validate trap source matches the source shown by wire shark.
What am I missing? How can I further troubleshoot this? ThanksTrap listener Configuration
Listen traps from device is selected
Listen traps from DFM/HPOV is not selected
trap listener port 1431
Dynamic User Tracking Configuration
validate SNMP Community not selected
validate trap source is selected
IP address is 10.67.139.100
It didn't work with the validate trap source not selected
I am not using DFM. The device is sending its traps to the server with campus manager. -
I would like to get the real time updates on end hosts on my switches. From reading other posts it sounds like I need to do the following:
1. Configure DHCP snooping on the switches.
2. Enable the mac notification traps on the switches and verify they are being sent to LMS.
I have catalyst 4000 and 4500 access switches. I've read that I may have problems with how LMS will handle the traps from the 4500 switches in this post: http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&topicID=.ee71a02&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd34898
Has anyone had much luck in getting dynamic user tracking to work with the Catalyst 4500?Not really. You'd have to run major acquisitions back to back to back, and that will just put too much strain on the server (and network).
-
Hi,
I'm trying configure a workstation without Client32. I can map drive
letters using Net Use with CIFS as a first step now I'm trying to log in
as another user so that user's local account get created but it doesn't.
Is Client32 required for a dynamic user?
Thanks
Bob CrandellOriginally Posted by rolflidvall
> Craig said that Novell client is not required in ZCM11 for this..
Nwgina.dll is *not* a Novell Client specific file.
See:
"Which GINA is used if multiple products on the workstation install NWGINA?"
10096351: Which GINA is used if multiple products on the workstation install NWGINA?
"Client32, the ZenWorks management agent, and SecureLogin in LDAP mode all
share a common NWGINA.DLL."
Regards
Rolf Lidvall
Swedish Radio (Ltd)
Oh, didn't know that... but now I know :)
Thank you Rolf from across the pond.
Thomas -
Dynamic user/role management
I'm currently working with WebLogic 6.1 and looking into doing what seems to be
a standard piece of development work, specifically dynamic user management. I
need the ability to create/modify a user and define them as members of security
role(s) from within my application, and not through the Weblogic adminstrative
console. From what I've read the only option is to create a custom RDBMS
security realm. Does anyone know of any other available options or is this it?
If anyone has implemented a custom RDBMS security realm I'd be interested in any
feedback about your experience doing so. Such as performance issues or
deficiencies of this security model. Thanks in advance.
- RichCameron -
Thanks for your input. Clearly LDAP will not cut it for what I'm trying to do.
I really need the ability to manage these user accounts from within the
application not from a separate administrative tool. A custom RDBMS realm seems
the only option at this point. I looked at some of the vendors you mentioned,
but they do not seem to offer the type of solution I'm looking for. These
vendors seem to manage authorization policies which will keep programatic
security out of your business logic. I did not see where they would allow you to
create and manage user accounts/groups/ACL's. If there is one that does I'd
definitely like to take a look at it. Thanks again.
- Rich
Cameron Purdy wrote:
First, if you are using LDAP then you typically use directory management
tools, not an application, to manage security.
Second, there are security products that work with J2EE from vendors such as
Entegrity, IBM, Netegrity, et al. Basically all of them provide advanced
features like what you describe.
Third, if you must manage stuff from within the app, you need to use a
ManageableRealm implementation. See the Weblogic docs to see what I mean.
Peace,
Cameron Purdy
Tangosol, Inc.
Clustering Weblogic? You're either using Coherence, or you should be!
Download a Tangosol Coherence eval today at http://www.tangosol.com/
"Rich Naylor" <[email protected]> wrote in message
news:[email protected]...
I'm currently working with WebLogic 6.1 and looking into doing what seemsto be
a standard piece of development work, specifically dynamic usermanagement. I
need the ability to create/modify a user and define them as members ofsecurity
role(s) from within my application, and not through the Weblogicadminstrative
console. From what I've read the only option is to create a custom RDBMS
security realm. Does anyone know of any other available options or is thisit?
If anyone has implemented a custom RDBMS security realm I'd be interestedin any
feedback about your experience doing so. Such as performance issues or
deficiencies of this security model. Thanks in advance.
- Rich
Maybe you are looking for
-
Umlaut Conversion issue in Sender communication channel SAP PI
Hi Gurus, We are facing issue while conversion. umlaut Conversion issue in Sender communication channel that is reason channel not able to pic the file from the path. Sender CC error: Value of incoming field is too large. Segment:'IMD', Field:'7008',
-
Introduction to Web Dynpro Java?
Where can I find a good Introduction to Web Dynpro Java? Thanks, JJJ
-
IDOC_ADAPTER.SENDER_BSI_INCORRECT
Hi, I get the following error message. Can anyone help on this? I have imported the metadata using transaction IDX2. Also the cache displays the logical system for the receiver system. My sender system is a third party and not an SAP System. Do I s
-
Re assigning master location files
I have ported across an entire client library to his computer system. The masters still reside under the same file structure except the external hard disc is new and has been assigned a new name....e.g From :DA Backup/DA Imagebank/etc/etc/etc To:DA I
-
We cannot decline calls from our contact list iOS 7
Cannot decline calls which are saved in contact list