Glassfish and LDAP

Similar Messages

• Problem with ADS and LDAP

  Problem with ADS and LDAP
  I have installed Win2000 + sp1 and ADS on a computer. This computer is PDC.
  After connection via LDAP I cann't get any object ( users or goups etc. ).
  I try connect to ADS by java ( JNDI ).
  When I use another clients of LDAP ( eg. Maxware Directory Explorer) I have
  the same problem - no objects.
  Can anybody help me?
  Grzegorz Pszona
  my e-mail: [email protected]

  Thanks a lot.
  Softerra's browser is really good.
  Thanks
  Rashmi
  "Anant Kadiyala" <[email protected]> wrote:
  >
  I used Softerra's LDAP browser. The browser is free. There is also a
  java baded
  LDAP browser from Univ of Michigan. I found the Softerra browser to be
  more easier
  to use.
  -anant
  "rashmi" <[email protected]> wrote:
  Hi,
  Can you please let me know which exact ADS tool that you used to examine
  the
  DN. I have Active Directory Users and Computers, Sites and Servicesand
  Domain
  and Trusts installed on my machine but I am not able to figure out how
  to get
  the DN?
  Thanks
  Rashmi
  for Stephen Davies <[email protected]> wrote:
  Grzegorz,
  I have had WLS6.1 & ADS working ok using LDAP V2. Mind you it did take
  a
  fair bit of messing around to get it going. MS does have a few oddities,
  for example the Administrators DN might look something like this:
  cn=Administrator,cn=Users,dc=eglobal,dc=net
  One tool that I found invaluable came with the additional support tools
  for Windows 2000. The 'Active Directory Administration Tool' made it
  easy to list the directory contents and examine the DNs.
  Regards,
  Steve
  Stephen Davies
  Principal Consultant
  eGlobal Services Pty. Ltd.
  Sydney, Australia
  Ph. +61 2 9283 1033
  http://www.eglobal.net/

• Single sign-on using Kerberos and Ldap

  I am currently setting up single sign-on using Kerberos for authentication and Ldap for authorization and information store.
  The setup includes several Solaris 8 & 9 workstations, a couple of SGI's, as well as a M$ terminal server farm, several WinXP desktops and their associated Active Directory.
  I am required to authenticate etc against the AD. (which has M$ SFU3.5 installed)
  I have the Kerberos authentication and part of the Ldap service working via pam & nss.
  ie. I can logon to the solaris worksatations using the AD username and password, mount the home directory from a M$ NFS server.
  BUT...
  id gives:- userID, groupID (primary group only)
  groups :- primary group only. (no secondary groups are listed)
  Question: what additional configuration information do I need in the pam, nss &/or ldap config files, so that I can list the secondary groups.
  Thanks in advance for any help.

  After evaluating (giving up on, and finally throwing out) the Sun Directory server it looks like we are going to endup with a similar solution..
  Sadly enough, the MS AD seems much more stable and easier to handle than Suns DS, kerberos and associated services.
  Anyway, currently we are evaluating a product called vintela ( www.vintela.com ), and it seems very promising; its easy, robust, stable and does what we require it to do, as well as more :) It comes with an additional nss module called 'vas', so you easily can retrieve data like hosts/groups from your AD.
  //M.

• Adding phones and users with bat and LDAP sync

  What are the various ways of importing users with phones when the Communications Manager 9.0 is sync'd with LDAP.  Also, what method is the easiest and fastest?
  For example, I could do the following steps:
  Sync CUCM with LDAP to import new users, add phones using bat files, manually update users to associate devices etc
  I believe I should also be able to do the above method and use a bat file to update the users to associate devices etc.  This method still involves 2 steps and the creation of 2 seperate bat files.
  In CUCM version 9 it is possible to have local and LDAP users, so is it possible to add the phones and users using the phones/users tab of the bat file and have them beocme LDAP users?
  Thank you,
  Danny

  #1 Remove this embedded CSS code from your HTML document(s).  You don't need it.
  body {
      background-color: #CCC;
  body,td,th {
      color: #FFF;
      font-size: 14px;
  #2 Open  PW.css file and add this to the top:
  body {
  font-family: Arial, Helvetica, sans-serif;
  font-size: 14px;
  background-color: #CADFEB;
  /**or insert a background-image using the CSS editor**/
  #3 Remove font-family and font-size from all your other CSS selectors.  You don't need to duplicate styles on every element. 
  #4 Replace this:
  #content {
      position:absolute;
      left:199px;
      top:10px;
      width:860px;
      z-index:1;
      right: auto;
      background-color: #FFF;
      text-align: center;
      color: #000;
      height: auto;
  with this:
  #content {
       width:860px;
       margin: 20px auto;
       border: 4px solid silver;
       background-color: #FFF;
       text-align: center;
       color: #000;
       -moz-box-shadow: 5px 5px 5px #888;
       -webkit-box-shadow: 5px 5px 5px #888;
       box-shadow: 5px 5px 5px #888;
  #5 Save your PW.css file and upload to server.
  Nancy O.
  Alt-Web Design & Publishing
  Web | Graphics | Print | Media  Specialists 
  http://alt-web.com/
  http://twitter.com/altweb

• OBIEE and LDAP problem

  Hi all!
  After connecting our OBIEE 11.1.1.5 to LDAP we faced with a strange problem: after one user enters the system any next user logged in has the same privileges in OBIEE as the first one.
  We turned off the following caches:
  - WebLogic Principal Validator Cache in a security realm Performance section
  - Group Membership Lookup Hierarchy Caching in our LDAP authentication provider Performance section
  But the problem still occurs. Does anyone have any suggestions on this?

  Hi I was having endless issues with OBIEE and LDAP, I followed the exact steps here:
  http://docs.oracle.com/cd/E17904_01/web.1111/e13707/atn.htm#SECMG169
  These worked for me, so you could check for a start these recommended setting are same in your environment.
  Thanks

• XI 3.1 Client Tools and LDAP Authentication

  I have Business Objects XI 3.1 SP2 installed.  For the web clients (InfoView) single sign on and LDAP authentication are working correctly.  However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
  [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
  Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?

  Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
  Take a look at note 1272536 (http://service.sap.com/notes)
  Regards,
  Stratos

• I want to see list of Disabled user from AD and LDAP

  Hi
  i wan see the list of disabled user from AD and LDAP and it shows in the next page as Tabular format
  having all the details of AD (Attributes)

  Hi
  i wan see the list of disabled user from AD and LDAP and it shows in the next page as Tabular format
  having all the details of AD (Attributes)

• Connected MDM and LDAP, but but now what? Why user mapping?

  Hi Gurus,
  In my last thread, I posted that I was not able to connect MDM with LDAP. I was finally able to.
  My problem now is I have to define user mapping in SAP Portal for the MDM business iViews to work.
  By connecting MDM and LDAP, I got the benefit that now the authentication and authorization is happening via LDAP.
  But this does eliminate the need for user mapping. If this is the case then why the real benefit of using LDAP?
  In this case this becomes worse as I need to know the user's LDAP Password which no body will share for sure.
  Any ideas? I want to get rid off this user mapping stuff.
  Warn Regards,
  Karan

  without knowing specifics of ur architecture, i can quickly point out two things:
  1)  LDAP is primarily used for authentication, true.
  2) Portal User mapping should not be an issue if u already have portal tied up to the active directory or some kind of single sign on?
  So portal knows the users who has logged it, polls the Active directory for authentication and Active directory logs into MDM with that users role.
  -Sudhir

• ISE and LDAP Integration

  Hello,
  I have a question about the LDAP integration with the ISE:
  Since the ISE has a limitation of reading only 100 groups, I cannot find the groups that I need to use on the authorization, and also the ISE cannot find group if I search for it directly.
  What I mean here, that I can fetch the first 100 groups from the top of the directory, but when I search as example for any group (appear on the list or not) the ISE did not find it.
  Even I tried to change the base DN and the search DN but without luck.
  The ISE version is 1.1.4 installed on VM and the LDAP schema is AD.
  Is there any missing information/tips required in such integration?

  Hello,
  I found a cisco doc that provides resolution of Key Features of Integration of Cisco ISE and LDAP .I hope this helps!
  This section contains the following:
  •Directory  Service
  •Multiple  LDAP Instances
  •Failover
  •LDAP  Connection Management
  •User  Authentication
  •Authentication  Using LDAP
  •Binding  Errors
  •User  Lookup
  •MAC  Address Lookup
  •Group  Membership Information Retrieval
  •Attributes  Retrieval
  •Certificate  Retrieval
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1059913

• Database Table and LDAP Authentication in the same repository?

  I'm wondering if it's possible to authenticate through database tables for some users and LDAP for other users. I can configure each one separately but I'm curious if anyone has ever successfully done both in the same repository.
  Thanks,
  -Matt

  Another thing to try is this. I don't have an LDAP server here but it worked for me without LDAP. I think it should also work with LDAP as it is the same idea. I don't think there is a way to have a conditional Init Blocks. Also you can't have two init blocks setting the same variable (USER in our case). But what you can do is to have two Init Blocks, one for LDAP authentication and the other one for table authentication. So you could have this scenario:
  1) LDAP "authentication" init block sets custom variable LDAP_USER
  2) Table "authentication" init block sets custom variable TABLE_USER
  3) Final authentication init block (the real one) sets USER variable using something like this:
  SELECT CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
  ELSE ':TABLE_USER'
  END
  FROM DUAL
  WHERE CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
  ELSE ':TABLE_USER'
  END = ':USER'
  Note how I use the CASE statement both to return the user value I want the USER variable to be set and also in the WHERE clause to make sure no rows are returned in case authentication fails (which should return no rows to denote a failed authentication). Obviously you need to set the init block dependancies correctly. I did a quick test with users coming from two separate Oracle tables in 2 init biocks and it worked fine for me. Give it a try and let me know how it goes.

• How to config messaging 5.2 and ldap 5.2 with smtp auth?

  Hello.
  I want to config smtp auth for msg 5.2 and ldap 5.2.
  How to step of work.
  I config follow admin guide but it not work.
  Please help me and advice me.

  For your internal clients to be authenticated,
  replace "mustsaslserver" instead of "maysaslserver" in tcp_intranet channel on your imta.cnf file. Then all clients connecting from your internal IPs (listed on your mappings file) will be authenticated.
  Add the below two parameters for messenger express users to use the same system.
  configutil -o local.service.http.smtpauthuser -v "store admin user name"
  configutil -o local.service.http.smtpauthpassword -v "store admin password"
  All other external smtp connections (MX pointed) are not authenticated since they are directed to tcp_local channel.

• Where can I find The JavaEE tutorial in the downloaded Glassfish and EE SDK

  Where can I find The JavaEE tutorial in the downloaded Glassfish and EE SDK.The downloaded URL is (http://java.sun.com/javaee/downloads/index.jsp). I downloaded the whole pack.It includes the Java EE tutorial, But I can't find it to view offline
  Varuna

  The LOAD command instruction is 0xE8 and not 0xE0/0xE1.
  Lc is one byte, so how can you exceed FF?
  Optionally the LOAD response can include a receipt (delegated management). If your card mandates a response length of 1 byte (Le=01) it means that no receipt is expected --> receipt length 00. JCOPs LOAD command has Le=0x00 set by default --> response length undefined. This is in accordance with Java Card API, which follows the ISO 7816-4 APDU structure.
  Let's look at the help of the JCOP tools upload command:usage: upload [-p|--progress][-c|--components][-r|--random][-l|--package package-name][-s|--sd SD-AID][-m|--params parameters][-b|--block_length length][-a|--auto][-d|--load-debug] CAP-file
  -c|--components
              Load CAP-file component wise.
  -r|--random
              Load with random APDU length.
  -b|--block_length length
              Max. block (APDU) length sent to the card during package upload.
      length  Max. block (APDU) length.So you can set the block length --> Lc as you wish.
  Message was edited by:
  lexdabear

• OAS and LDAP or OAS and OID ???

  1) Is OAS and LDAP a good combination or OAS and OID ???
  how do we connect and make use of LDAP from OAS?
  please let me know
  thanks in advance

  Get hold of Whitepaper 774783.1 LDAP Integration for Oracle Utilities Application Framework based products from My Support

• WLC and LDAP Groups

  Is there any way on an LDAP server to create an LDAP group that can be tied to the WLC for LDAP authentication.  I have this url that explains local authentication and LDAP...  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml .  That helps with local authentication but one thing I don't see is any guidance on how to create a group in a DC to communicate with anything on WLC.  Any ideas?

  You are right. You need a radius server overall that integrates with AD and do AD-to-radius group mapping. This way authentication is allowed/denied from radius, not WLC itself.
  If the user can get a radius server to achieve this that will be great (especially if the user is using 802.1x/EAP authenticaion). If not, what I described about OU mapping is the only solution to get the users classified as per what I understood from users requirements.
  The user is not only limited to Microsoft RADIUS (IAS or NPS). However, any radius server that supports AD group mapping can be used. with cisco ACS for example this is supported as well. I am not sure if this is also supported with open-source radius (openRadius for example). But if it is then openRadius can also be used.

• WLC and LDAP

  Hi to all,
  i want to use local-eap+LDAP (microsoft AD) and i'm experiencing some issue.
  First of all i'm not able to bind WLC and LDAP...if a perform a debug aaa ldap enable i get this output:
  Any idea about how to solve this issue?
  Regards
  Ale

  It sounds like .... invalid credentials ? :-)
  Please post your LDAP config on WLC.
  Is your admin username with which you're binding within the search context that you defined ? this is very important