GroupWise ldap attributes names

Similar Messages

• Using OID in place of attribute name in an update operation

  Hi,
  I use Iplanet DS 5.0 on Solaris 8.0
  An application that I use needed a custom defined schema.
  This application tries to update entries using the OID of the attribute instead of the attribute name.
  ie. It uses
  Add: 2.5.4.58;binary
  instead of the name of the attribute -- attributeCertificateAttribute that has been defined in the directory.
  This operation fails with an objectClass violation.
  The developer pointed out that this was allowed by the RFC and that it worked with other directories.
  Later I tried replacing attribute names by their OIDs in corect LDIF files and these operations failed too.
  I have included an ethereal trace of the request and of the response.
  Question:
  Does this work on Iplanet DS? How can I get it to work ?
  Thanks,
  sriad
  Request
  =========================================
  Message Id: 2
  Message Type: Modify Request (0x06)
  Message Length: 437
  Distinguished Name: CN=User0,O=PERMIS,C=GB
  Add: 2.5.4.58;binary
  Response
  ======================================
  Message Id: 2
  Message Type: Modify Result (0x07)
  Message Length: 7
  Result Code: Objectclass violation (0x41)
  Matched DN: (null)
  Error Message: (null)

  Thank you ReubenC, the business has decided to not proceed with the LDAP configuration of web.config at this time and would rather stay with using the TNS entry for the time being; this is because we just mirgated their instance to an 11g environment and they want to ensure they have no issues with the migration before they take on web.config changes too.
  I will however try your recommendation when they choose to proceed and let you know how it turns out.
  Thank you,
  Charlie

• ISE 1.1.1. and additional LDAP attribute retrieval

  Hello All,
  I'm authenticating users against Active Directory and want to also check additionals attributes from LDAP. In ACS 5.3. it was possible to set this up via External Identity Sequence, but in ISE I don't see this possibility. I can set sequence only for authentication, but not for additional attribute retrieval.
  When I set a condition in a policy that an LDAP attribute must match with some value, the attribute is not retrieved and autorization ends on default Deny Access.
  Can anyone help me how this can be set on ISE?
  Thanks!
  Regards
  Karel Navratil

  Yes that's what I've tried as I wrote in my first post, but the ISE does not retrieve the attribute from LDAP
  Here are some screenshots:
  authorization rule:
  ldap attribute in external identity source:
  and the logs:
  11001  Received RADIUS Access-Request
  11017  RADIUS created a new session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  Evaluating Service Selection Policy
  15048  Queried PIP
  15048  Queried PIP
  15004  Matched rule
  11507  Extracted EAP-Response/Identity
  12100  Prepared EAP-Request proposing EAP-FAST with challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12102  Extracted EAP-Response containing EAP-FAST challenge-response and accepting EAP-FAST as negotiated
  12800  Extracted first TLS record; TLS handshake started
  12805  Extracted TLS ClientHello message
  12806  Prepared TLS ServerHello message
  12807  Prepared TLS Certificate message
  12810  Prepared TLS ServerDone message
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  12812  Extracted TLS ClientKeyExchange message
  12804  Extracted TLS Finished message
  12801  Prepared TLS ChangeCipherSpec message
  12802  Prepared TLS Finished message
  12816  TLS handshake succeeded
  12149  EAP-FAST built authenticated tunnel for purpose of PAC provisioning
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  12209  Starting EAP chaining
  12218  Selected identity type 'User'
  12125  EAP-FAST inner method started
  11521  Prepared EAP-Request/Identity for inner EAP method
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  12212  Identity type provided by client is equal to requested
  11522  Extracted EAP-Response/Identity for inner EAP method
  11806  Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  11808  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
  Evaluating Identity Policy
  15006  Matched Default Rule
  15013  Selected Identity Store - Internal Endpoints
  22043  Current Identity Store does not support the authentication method; Skipping it
  24210  Looking up User in Internal Users IDStore - test,host/test-pc
  24216  The user is not found in the internal users identity store
  24430  Authenticating user against Active Directory
  24402  User authentication against Active Directory succeeded
  22037  Authentication Passed
  11824  EAP-MSCHAP authentication attempt passed
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  11810  Extracted EAP-Response for inner method containing MSCHAP challenge-response
  11814  Inner EAP-MSCHAP authentication succeeded
  11519  Prepared EAP-Success for inner EAP method
  12128  EAP-FAST inner method finished successfully
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  12126  EAP-FAST cryptobinding verification passed
  12200  Approved EAP-FAST client Tunnel PAC request
  12219  Selected identity type 'Machine'
  12125  EAP-FAST inner method started
  11521  Prepared EAP-Request/Identity for inner EAP method
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  12212  Identity type provided by client is equal to requested
  11522  Extracted EAP-Response/Identity for inner EAP method
  11806  Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  11808  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
  Evaluating Identity Policy
  11055  User name change detected for the session. Attributes for the session will be removed from the cache
  15006  Matched Default Rule
  15013  Selected Identity Store - Internal Endpoints
  22043  Current Identity Store does not support the authentication method; Skipping it
  24210  Looking up User in Internal Users IDStore - test,host/test-pc
  24216  The user is not found in the internal users identity store
  24431  Authenticating machine against Active Directory
  24470  Machine authentication against Active Directory is successful
  22037  Authentication Passed
  11824  EAP-MSCHAP authentication attempt passed
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  11810  Extracted EAP-Response for inner method containing MSCHAP challenge-response
  11814  Inner EAP-MSCHAP authentication succeeded
  11519  Prepared EAP-Success for inner EAP method
  12128  EAP-FAST inner method finished successfully
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  12126  EAP-FAST cryptobinding verification passed
  12201  Approved EAP-FAST client Machine PAC request
  Evaluating Authorization Policy
  15004  Matched rule
  15016  Selected Authorization Profile - DenyAccess
  15039  Rejected per authorization profile
  12855  PAC was not sent due to authorization failure
  12105  Prepared EAP-Request with another EAP-FAST challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  11105  Request received from a device that is configured with KeyWrap in ISE.
  12104  Extracted EAP-Response containing EAP-FAST challenge-response
  11514  Unexpectedly received empty TLS message; treating as a rejection by the client
  12512  Treat the unexpected TLS acknowledge message as a rejection from the client
  11504  Prepared EAP-Failure
  11003  Returned RADIUS Access-Reject
  So no any information that ISE tries to retrieve something from LDAP.
  Regards
  Karel

• Finding LDAP server names by DNS lookup.

  Hi,
  I'm very new with JNDI and DNS
  We are hardcoding the ldap server name in our configuration to connect to the Active directory, but the requirement is to know the ldap server name dynmaically by querying the DNS server.
  The input given to us are below.
  Dns domain : indbank.is.
  SRV RRecord : ldap.tcp.
  Query dns : ldap.tcp.indbank.is.
  The domain controller should be found by a DNS lookup for the domain, then a DNS for Domain controllers that advertise the service, then try to see if the domain controllers areanswering, and if so choose the one with the fastest answer time (to avoid choosing a domain controller over WAN).
  Kindly help me.I am beginner and some code sample and tip will be welcome. :)
  Thanks in advance.
  Hiubert

  Thanks a lot to All.
  My code is as follows...
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.*;
  public class dns1
       public static void main(String[] args)     {
            try {
                 Hashtable env = new Hashtable();
                 env.put("java.naming.factory.initial","com.sun.jndi.dns.DnsContextFactory");
                 env.put("java.naming.provider.url", "dns://indbank.is");
                 DirContext ctx = new InitialDirContext(env);
                 System.out.println("Intial context created...");
                 Attributes attrs = ctx.getAttributes("_ldap._tcp.indbank.is",new String[] {"SRV"});
                 System.out.println("Attributes are been retrieved...");
                 for (NamingEnumeration ae = attrs.getAll();ae.hasMoreElements();)
                      Attribute attr = (Attribute)ae.next();
                      String attrId = attr.getID();
                      System.out.println("Attribute ID retrieved is" + attrId);
                      for (Enumeration vals = attr.getAll();vals.hasMoreElements(); System.out.println(attrId + ": " + vals.nextElement()));
                 ctx.close();
            catch(Exception e)
                 System.err.println("Problem querying DNS: " + e);
                 e.printStackTrace();
  The code runs fine and I get the output as follows
  0 100 389 ib500ad1.indbank.in
  0 100 389 ib500ad2.indbank.in
  I have following questions
  1) Do these servers which are returned are the domain controllers or the ldap servers.?(or both domaincontrollers and ldap server are same)
  2) how to extract the server name alone from this string.
  3) If these two server names are domain controllers then how can I query for a DNS for Domain controllers that advertise the service, then try to see if the domain controllers are answering, and if so choose the one with the fastest answer time (to avoid choosing a domain controller over WAN).
  Thanks in advance.
  -Hiubert

• Provision user to a resource when a LDAP attribute is set to true by active

  HI,
  I have the following requirement
  When a particular attribute in LDAP is set to true then we have to pick it by the active sync process and provision the user in another resource.
  Can any one let me know how to go about this.

  I'd do it like this:
  Create a business role "SomeRole" that includes an IT-Role that includes the target resource.
  In the activeSync form, assign this role depending on the LDAP attribute:
  <Field name='waveset.roles'>
    <Expansion>
      <cond>
        <eq>
          <ref>accounts[LDAP].thisParticularAttribute</ref>
          <s>true</s>
        </eq>
       <s>SomeRole</s> <!-- you will need to append the role to the list if the user already has roles, otherwise all roles will be overwritten by this single value -->
       <ref>waveset.roles</ref>
      </cond>
    </Expansion>
  </Field>

• Retrieving LDAP attributes

  Hi, I've successfully configured authentication acces with LDAP (it's the first time for me) with the code below: String user=request.getParameter("user");
  String pwd=request.getParameter("pwd");
  session.setAttribute("user",user);
  String[] args={"mail.xxxxxx.it","389","xxxxxx",user,pwd};
  Hashtable env = new Hashtable(11);
  System.out.println("ciao");
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL, "ldap://" + args[0] + ":" + args[1]);
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, args[2] + "\\" + args[3]);
  env.put(Context.SECURITY_CREDENTIALS, args[4]);
  LdapContext ctx = new InitialLdapContext(env, new Control[0]);but I cannot find mail attributes (name,surname,phone,etc)
  What's wrong?
  Thanks in advance
  Bye

  OK, figured it out. I was worried because of some configuration options changes. The previous versions were more explicit. But it seems it's also easy to achive this using PE 2.2.
  Thanks.

• DBMS_LDAP Seems to Change Attribute Name Case

  When we use DBMS_LDAP.populate_mod_array with DBMS_LDAP.mod_replace and then DBMS_LDAP.modify_s our attribute names (not values) stored in LDAP change to all lower case from mixed case. For example, if we have Attribute Name "telephoneNumber" with an Attribute Value of "555-1212". When we change the value to "111-1111" the name changes to "telephonenumber."
  Any ideas?
  We are passing a mod_type of "telephoneNumber."

  it would help us analyze if you can post the codes. thanks.

• Which LDAP attribute is utilized by CertStore to retrive certifications?

  Hi
  thank you for reading my post
  I find that CertStore and LDAPCertStoreParameters and X509CertSelector and X509CRLSelector can be used to extract certifications from LDAP.
  What i can not figure out is,
  which LDAP attribute uses by these class to extract certifications?
  for example we have person class in LDAP which one of its attribute can be userCertificate, how does these class figure out what is name of these attribute?
  maybe they uses some other mechanism, and my assumption are not correct?
  Thanks

  Hi
  Thank you for your reply.
  Imagine that i have the following requirement, what could be possible steps to implement it?
  I need to check and see whether a digital certification belongs to a user or not.
  user will gives it uid and digital certification.
  here is one way that i have in my mind:
  -Search the LDAP for that user.
  -Extract the userCertificate attribute as binary
  -Create a X509 certificate from it
  -Compare it with what user provides.
  Is it a good way?
  Does all of the above steps are do-able?
  Do you have suggestion to improve the procedure or make it more standard ?
  Thanks

• How to change the attribute name for a relation

  When the Data Modeler engineers a logical model into a relational model it create table columns for the relations. The names of the generated columns are listed in the attributes list in the properties dialog of the relation. The actual name of the attribute gets calculated by the attribute name of the entity which is part of the relation. This is okay, if there is only one relation between two entities. But when there are two relations between two entities the second attribute gets a stupid number suffix. This makes it impossible to give the attribute a useful semantic meaning.
  When I engineer the model into a relational model I can change the column name in the relational model. Changing the column name in the relational model is not perfect but it would be okay for me, if it would not be overwritten during the next engineering run.
  So I have two questions:
  How can I change the attribute name in the attributes section of the properties dialog of a relation? See here for screen shot:
  http://public.ceving.de/2012050300/relationattribute.png
  And if it is not possible:
  How can I preserve any changes on column names in the relational model during a re-engineering run?
  Edited by: 931739 on 03.05.2012 08:07

  Hi,
  I've logged an Enhancement request on this.
  I don't believe it's possible to change it from the Entity or Relationship dialog, as it's not updatable in these dialogs.
  What you can do is change it in the Relational Model, and then reverse engineer the change back to the Logical Model.
  David

• Get the attributes NAME and VALUE from an XML

  I really love this forum :)
  I load an XML an populate a Tree, from which I start to drag
  items.
  the xml looks like this:
  <myTag attrName="attrValue"
  otherAttrName="otherAttrValue"/>
  var ds:DragSource = event.dragSource;
  var var1:String =(event.dragInitiator as
  Tree).value.@attrName;
  -> the var1 variable has now: "attrValue"
  my question is.. how can I get all the attributes' names? in
  this example: attrName and otherAttrName (suppose I don't know the
  structure of that xml node)
  what about attributes values?
  thank you!

  The snippet below takes an xml node(nodeCur), loops over the
  attributes list and builds an array that contains the attribute
  name and value for each attribute. It comes from a sample app that
  allows you to edit an xml file.
  Sorry that the forum will remove the formatting
  var aDPAttributes:Array = new Array();
  var xlAttributes:XMLList = nodeCur.@*;
  var attribute:Attribute;
  for ( var i:int = 0; i < xlAttributes.length(); i++) {
  aDPAttributes.push({name:xlAttributes [ i ]
  .name(),value:xlAttributes [ i ] });
  dgAttributes.dataProvider = aDPAttributes; //set the property
  sheet dataProvider
  Tracy

• Cannot create or replace : The specified extended attribute name was invalid.

  New problem arrived today. Trying to copy a file from 10.6 server with an XP (SP3) client. I get this error:
  Cannot create or replace (file name here): The specified extended attribute name was invalid.
  The contents of the file can be copied, but not the folder. Other files can be copied. There are no funny characters. The name is not too long. I propogated the permissions on the share and that had no affect. The problem exists on three different XP systems. Can't find extended properties that could be causeing a problem. Any ideas?

  Nikon just released a Firmware update today for the D750

• Inbound mail routing based on LDAP attribute mailsystem

  Hi gents and ladies,
  i have a small question ...
  is it possible to route an email to a recipient based on an LDAP attribute like mailsystem or ldap attribute domain ?
  We have an infrastructure with domino and Xchange. All users have a - so called - maindomain.net SMTP Address.
  Is it possible to manage such routing via mail policies or message filters ?
  Or is it just easy to realize this jjust with SMTP routing list ? e.g. maindomain.net gets an entry in SMTP routing pointing to the domino gateway ... if no delivery is possible the default gateway (Xchange gateway) would be used instead ?
  Thanks in advance for your help and hints.                

  Hello  HPGroh2013,
  I think I answered your question in the previous entry, at least it looks the same to me.
  Regards,
  Andreas

• Automatic Generation of classes with required attribute names

  Hi ,
  I am new to XML technologies ...I am having a problem in deciding whether I
  should use JAXB or Castor for data binding.
  The problem is the attributes I am to use are named differently as that found in
  the DTD.I have creted my own classes using the required attribute names and the
  n mapped them using the Castor mapping with the attributes.
  I was wondering how should I achieve --"automatic generation of classes" with th
  e specified attribute names?
  I understand that JAXB can be used to automatically generate classes ,but this
  uses the same default names as that of the XML file ..is there a way of forcing
  JAXB to generate classes that use my name attributes rather than that of the XM
  L dtd
  If I use Castor ..is there a way to do the same.Generate Classes with the specif
  id attributes

  Hi ,
  I am new to XML technologies ...I am having a problem in deciding whether I
  should use JAXB or Castor for data binding.
  The problem is the attributes I am to use are named differently as that found in
  the DTD.I have creted my own classes using the required attribute names and the
  n mapped them using the Castor mapping with the attributes.
  I was wondering how should I achieve --"automatic generation of classes" with th
  e specified attribute names?
  I understand that JAXB can be used to automatically generate classes ,but this
  uses the same default names as that of the XML file ..is there a way of forcing
  JAXB to generate classes that use my name attributes rather than that of the XM
  L dtd
  If I use Castor ..is there a way to do the same.Generate Classes with the specif
  id attributes

• Text  variable   replacementpath  with   key, attribute, name  then what

  text  variable   replacementpath  with   key, attribute, name  then  what  are the changes in my report in quary designer

  The XML 1.0 spec does not allow elements or attribute names to include spaces in the names.
  See: http://www.xml.com/axml/axml.html
  for a nice annotated version of the spec.
  [Definition:] A Name is a token beginning with a letter or one of a few punctuation characters, and continuing with letters, digits, hyphens, underscores, colons, or full stops, together known as name characters. Names beginning with the string "xml", or any string which would match (('X'|'x') ('M'|'m') ('L'|'l')), are reserved for standardization in this or future versions of this specification.

• ERROR ITMS-9000: "index_split_000.html(257): attribute "name" not allowed here; expected attribute "accesskey", "charset", "class", "coords", "dir", "href", "hreflang", "id", "rel", "rev", "shape", "style", "tabindex", "target", "title", "type" or "xml:la

  I have all these errors, can anyone help with this all means? trying to get my book published in iBooks. Nedd your help. Thanks, Jo
  ERROR ITMS-9000: "index_split_000.html(257): attribute "name" not allowed here; expected attribute "accesskey", "charset", "class", "coords", "dir", "href", "hreflang", "id", "rel", "rev", "shape", "style", "tabindex", "target", "title", "type" or "xml:lang"" at Book (MZItmspBookPackage)
  Use of the block quote element can cause ePubecheck to give the error "text not allowed here".  Text must not be alone inside of a body tag and if it is not enclosed in some other block level tag, this may lead to the error you are receiving.  

  I have all these errors, can anyone help with this all means? trying to get my book published in iBooks. Nedd your help. Thanks, Jo
  ERROR ITMS-9000: "index_split_000.html(257): attribute "name" not allowed here; expected attribute "accesskey", "charset", "class", "coords", "dir", "href", "hreflang", "id", "rel", "rev", "shape", "style", "tabindex", "target", "title", "type" or "xml:lang"" at Book (MZItmspBookPackage)
  Use of the block quote element can cause ePubecheck to give the error "text not allowed here".  Text must not be alone inside of a body tag and if it is not enclosed in some other block level tag, this may lead to the error you are receiving.