How to configure CLI/DNIS based access restriction in 5.3 ?

Similar Messages

• Host-based access restrictions

  What is the preferred method for implementing host-based access restrictions in Directory Server 5.2?
  I am setting up Solaris 9 clients using the native LDAP client.
  I tried setting up host-based access using netgorups, and it works great, but found the user's group associations stopped working. Only the default group shows up.
  Removing netgroups allows any valid user to authenticate to any host. Very bad.
  As a last resort, one could add an ACL for each user in the LDAP server specifying which hosts he can bind from. But then again, it's the proxyagent that will be binding.
  There has to be a better way to do this. Absolutely no info on this in the admin guides.

  Solaris10u6 (Solaris 10 10/08) added a pam_list module that appears to do what your asking about from a brief glance at the whats new.

• How to configure oracle and ms-access db

  Hi All,
  I have a requirement to push data from the oracle to ms access. My oracle database is on the Unix server and ms access is on my local desktop. Is there a way to configure if so how to configure both the db? Basically I am wanted to make the ms access visible to oracle so that I can use the Heterogeneous package. Please let me know if there are any different ways.
  my oracle version is
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit
  ms-access 2007
  Thanks in advance.

  Hi,
  You could use the Database Gateway for ODBC (DG4ODBC) to do this. It uses a third party ODBC driver to make the connection to MS-Access so the best option would be to install it on the Windows machine where Access is running and use the Microsoft Access driver.
  Otherwise, you could install on Unix where Oracle is running but I don't think there is third party Access driver for Unix.
  The following note available in My Oracle Support describes the setup on Windows -
  Note.466225.1 How to Setup DG4ODBC (Oracle Database Gateway for ODBC) on Windows 32bit
  You should install the latest 11.2 DG4ODBC and this note has pointers to the download sites -
  Note.1083703.1 Master Note for Oracle Gateway Products
  DG4ODBC can be installed standalone without an RDBMS being installed.
  Regards,
  Mike

• LDAP support limited. How to configure Address Book / Directory Access?

  I complained to a sysadmin that my LDAP searches were returning very limited information (just surname and e-mail). He replied,
  "...[Address Book] can't be configured to query specific attributes, it can't be configured to show specific attributes except for the small set they have elected to permit, ... it doesn't even show cn/commonName which is a compulsory field in the inetOrgPerson schema or ou/organizationalUnitName which is the standard way of distinguishing components of an organization..."
  Directory Access seems to offer facilities for requesting specific attributes. I tried mapping them to Address Book fields, but with no improvement in the search results. Any tips?

  Here is some info I found on manually configuring and mapping schemas.
  Configuring LDAP Searches and Mappings
  Using Directory Access, you can edit the mappings, search bases, and search scopes that specify how Mac OS X finds specific data items in an LDAP directory. You can edit these settings separately for each LDAP directory configuration listed in Directory Access. Each LDAP directory configuration specifies how Mac OS X accesses data in an LDAPv3 or LDAPv2 directory.
  You can edit the mapping of each Mac OS X record type to one or more LDAP object classes.
  For each record type, you can also edit the mapping of Mac OS X data types, or attributes, to LDAP attributes.
  You can edit the LDAP search base and search scope that determine where Mac OS X looks for a particular Mac OS X record type in an LDAP directory.
  IMPORTANT: When mapping Mac OS X user attributes to a read/write LDAP directory domain (an LDAP domain that is not read-only), the LDAP attribute mapped to RealName must not be the same as the first attribute in a list of LDAP attributes mapped to RecordName. For example, the cn attribute must not be the first attribute mapped to RecordName if cn is also mapped to RealName.
  For detailed specifications of Mac OS X record types and attributes, refer to "Mac OS X Server Open Directory Administration for Version 10.4 or Later" (available at www.apple.com/server/documentation/).
  In Directory Access, click Services.
  If the lock icon is locked, click it and type the name and password of an administrator.
  Select LDAPv3 in the list of services, then click Configure.
  If the list of server configurations is hidden, click Show Options.
  Select a server configuration in the list, then click Edit.
  Click Search & Mappings.
  Select the mappings that you want to use as a starting point, if any.
  Click the "Access this LDAPv3 server using" pop-up menu and choose a mapping template to use its mappings as a starting point or choose Custom to begin with no predefined mappings.
  Add record types and change their search bases as needed.
  To add record types, click the Add button below the Record Types and Attributes list. In the sheet that appears, select Record Types, select one or more record types from the list, and then click OK.
  To change the search base and search scope of a record type, select it in the Record Types and Attributes List. Then edit the "Search base" field. Select "all subtrees" to set the search scope to include the entire LDAP directory's hierarchy from the search base down. Select "first level only" to set the search scope to include only the search base and one level below it in the LDAP directory's hierarchy.
  To remove a record type, select it in the Record Types and Attributes List and click Delete.
  To add a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an object class from the LDAP directory. To add another LDAP object class, you can press Return and enter the name of the object class. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
  To change a mapping for a record type, select the record type in the Record Types and Attributes List. Then double-click the LDAP object class that you want to change in the "Map to __ items in list" and edit it. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
  To remove a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the LDAP object class that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
  Add attributes and change their mappings as needed.
  To add attributes to a record type, select the record type in the Record Types and Attributes List. Then click the Add button below the Record Types and Attributes list. In the sheet that appears, select Attribute Types, select one or more attribute types, and then click OK.
  To add a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an attribute from the LDAP directory. To add another LDAP attribute, you can press Return and enter the name of the attribute.
  To change a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then double-click the item that you want to change in the "Map to __ items in list" and edit the item name.
  To remove a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the item that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
  To change the order of attributes displayed in the list on the right, drag the attributes up or down in the list.
  Click Save Template if you want to save your mappings as a template.
  Templates saved in the default location are listed in pop-up menus of LDAP mapping templates the next time the current user opens Directory Access. The default location for saved templates is in the current user's home folder at this path:
  ~/Library/Application Support/Directory Access/LDAPv3/Templates
  Click Write to Server if you want to store the mappings in the LDAP directory so that it can supply them automatically to its clients.
  You must enter a search base to store the mappings, a distinguished name of an administrator (for example, uid=diradmin,cn=users,dc=ods,dc=example,dc=com), and a password. If you are writing mappings to an Open Directory LDAP server, the correct search base is "cn=config, suffix" (where suffix is the server's search base suffix, such as "dc=ods,dc=example,dc=com").
  The LDAP directory supplies its mappings to Mac OS X clients whose custom search policy includes a connection that's configured to get mappings from the LDAP server. The LDAP directory also supplies its mappings to all Mac OS X clients that have an automatic search policy. For instructions, see Configuring Access to an LDAP Directory and Setting Up Search Policies.

• How to configure bpm composer and access the projects present in bpm mds re

  To access the bpm composer I performed the below mentioned steps: - Installed the standalone weblogic server with soa server configured
  - Invoked the bpm composer using the url : http://machine:soa_port/bpm/composer
  - Used weblogic and weblogic1 as username and password.
  Please let me know whether I am following the correct approach as I am not able to see any options in bpm composer like open project etc, the project menu appears but there are no projects visible.

  The answer couldn't help us much. I will give you the steps we have followed in detail
  We have created a sample customizable BPEL process by selecting a Customizable checkbox in Jdev.
  Then,The sample BPEL process is deployed to SOA server from JDeveloper. We could see the deployed BPM process in EM console.
  Also the MDS repositories required for customization too are present in EM.
  Then We tried accessing the BPM Composer to do some customization on the sample BPEL process deployed. We are able to login to the BPM composer using "weblogic" user.
  But the composer displays only the welcome page. There are no other links enabled.
  Please let us know How to make a BPEL process customizable using BPM composer.
  Also there is an another SOA Composer. When this composer is mainly used?
  There is another BPM Workspace console. But we could not login to this using "Weblogic" user though we are able to login in EM, SOA and BPM composer.
  Why the login failed uisng "weblogic" user here?What for this console is used?

• How to configure tns listener to access remote application?

  Hi all,
  Hope doing well,
  sir i am trying to access host database in my client system. both are connected with the same network through LAN.
  i have installed oracle client in client system. but when i running web application getting this error: ORA-12541: TNS:no listener
  i have googled for that and i got that if in tns.ora file we set the ip address of client system instead of localhost it will work.
  i changed that in my tns.ora file which is here
  # tnsnames.ora Network Configuration File: C:\app\securax\product\11.2.0\dbhome_1\network\admin\tnsnames.ora
  # Generated by Oracle configuration tools.
  GRAND1 =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.4)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = Grand1)
  ORACLR_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
  (CONNECT_DATA =
  (SID = CLRExtProc)
  (PRESENTATION = RO)
  LISTENER_GRAND1 =
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  but still getting same error.
  how to come out from this error?
  thanks

  952646 wrote:
  Hi sir,
  this is my tns.ora file
  # tnsnames.ora Network Configuration File: C:\app\securax\product\11.2.0\dbhome_1\network\admin\tnsnames.ora
  # Generated by Oracle configuration tools.
  GRAND1 =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  (CONNECT_DATA =
  (SERVICE_NAME = Grand1)
  and this is my listener.ora file
  # listener.ora Network Configuration File: C:\app\securax\product\11.2.0\dbhome_1\network\admin\listener.ora
  # Generated by Oracle configuration tools.
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (GLOBAL_DBNAME = Grand1)
  (ORACLE_HOME = C:\app\securax\product\11.2.0\dbhome_1)
  (SID_NAME = Grand1)
  LISTENER =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  ADR_BASE_LISTENER = C:\app\securax
  when i am using this command "lsnrctl start Grand1"
  it is telling the listener of the name LISTENER is already started.
  means it's telling about that listener which is in listener file not in tns.ora file.
  so this is correct or not?
  thanksits wrong you don't have listener with name called Grand1 , your listener name is LISTENER

• How to configure a user to access RFC functions

  In production system, a user account with RFC access privilege is need to configured for a .NET Connector application.
  Some documents see than need to add access object RFC_ACL for this user.
  But how to operate to add such kind of access object?
  Thanks a lot. I'm not very professional on R/3 operation.

  Well, for fastest you don't want Fast User Switching enabled, that leaves everything in the other account running, you want to log out of that other account & log into the new one.
  Just don't setup Mail or such things in the new account, remove uneeded things from Accounts Login Items.

• How to configure the network and access to the Extender

  I have the Philips Wifi router of Belgacom and le LED of LINK of the Extender stay red. When I use the software on PC, it doesn't find the Extender.. 
  How are parameters to configure router for the Extender can configure it? On my Extender, I can't connect a cable, this is the first model.... Thanks for help

  try to reset the extender...
  look for its default SSID which is linksysRxxxx on yOur wireless computer then connect to it...
  after connecting set staticIP on yOur wireless computer and then try to access the extender frOm there(192.168.1.240)....
  hOpe this helps...  

• How to configure Mailbox Read-Only access for Mailbox's owner on Exchange Server 2010?

  I have to configure the Exchange Server 2010's mailbox to only grant Read-Only Access on the mailbox's owners.  So they can only allowed to read their messages and cannot modify or remove them.  Are there any references or methods to do?

  Hi,alexchy8
  We can make use of 2 PowerShell commands to achieve this goal.
  Add-MailboxPermission and Add-MailboxFolderPermission.
  Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
  Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
  You can read the following article as reference:
  http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
  or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards.

• How to Configure a WebTemplate based on Teamsite to "enable Treeview"

  Hi,
  we use WebTemplates that derive from the Teamsite SiteDefinition. In my newly created Webs I want
  the Quicklaunch set to false
  Treeview set to true
  Is there anyway where I can configure this for the Webtemplate? I know how to perform this in a Feature, but I would prefer to do this via configuration.
  Thanks
  Cheers
  Sven

  Hi Sven,
  The configuration of Quicklaunch and Treeview is in the Elements.xml file. You can set QiuckLaunchEnabled to false and TreeViewEnabled to true.
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• How to configure a form based login page with entitlement role

  We need to have login page to our portal app.
  When using "form based" authentication is it possible to map the security on a
  "entitlement role" ?
  Our need is to be abled to give direct url acces to some pages of the portal (for
  exemple by sending urls like "http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_pageLabel=mypage")"
  by email to portal users) and need a simple mecanism of authentication before
  redirecting to the portal page.
  Inste

  Olivier,
  You can't reference WLP visitor roles in weblogic.xml, but you can
  reference global roles (created using the WLS console):
  - <security-role-assignment>
  <role-name>PortalSystemAdministrator</role-name>
  <externally-defined />
  </security-role-assignment>
  -Phil
  "Olivier" <[email protected]> wrote in message
  news:[email protected]..
  >
  We need to have login page to our portal app.
  When using "form based" authentication is it possible to map the securityon a
  "entitlement role" ?
  Our need is to be abled to give direct url acces to some pages of theportal (for
  exemple by sending urls like"http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_page
  Label=mypage")"
  by email to portal users) and need a simple mecanism of authenticationbefore
  redirecting to the portal page.
  Inste

• How to Configure Landing pages in Access Manager

  On successful authentication, I need to redirect every user to to a specific page - Landing page. Which property I shoud set in AMagent.properties file to do that ?
  Thanks
  Abhijeet_tcs

  Hi,
  Were you successful in configuring a landing page in the Authentication Policies.
  I have similar requirement, but it doesnot work somehow the login page goto parameter seems to take preference.
  Any help is higly appreciated
  thanks

• ADF UIX Role Based Access Control Implementation

  Hi,
  Can anybody suggest a detailed example or tutorials of how to implement a role based access control for my ADF UIX application.
  The application users can be dymanically added to specific roles (admin, Secretary, Guest). Based on the roles, they should be allowed to access only certain links or ADF entity/view operations. Can this be implemented in a centralized way.
  Can this be done using JAZN or JAAS. If so, Please provide me references to simple tutorial on how to do this.
  Thanks a lot.
  Sathya

  Brenden,
  I think you are following a valid approach. The default security in J2EE and JAAS (JAZN) is to configure roles and users in either static files (jazn-data.xml) or the Oracle Internet Directory and then use either jazn admin APIs or the OID APIs to programmatically access users, groups and Permissions (your role_functions are Permissions in a JAAS context).
  If you modelled your security infrastructure in OID than the database, an administrator would be able to use the Delegated Administration Service (DAS), as web based console in Oracle Application Server. To configure security this way, you would have two options:
  1. Use J2EE declarative security and configure all you .do access points in web.xml and constrain it by a role name (which is a user group name in OID). The benefit of this approach is that you can get Struts actions working dirctly with it because Struts actions have a roles attribute.
  The disadvantage is that you can't dynamically create new roles because they have to be mapped in web.xml
  2. Use JAAS and check Permissions on individual URLs. This allows you to perform finer grained and flexible access control, but also requires changes to Struts. Unlike the approach of subclassing the DataActionForward class, I would subclass the Struts RequestProcessor and change the processRoles method to evaluate JAAS permissions.
  The disadvantage of this approach is that it requires coding that should be done carefully not to lock you in to your own implementation of Struts so that you couldn't easily upgrade to newer versions.
  1 - 2 have the benefit of that the policies can be used by all applications in an enterprise that use Oracle Application Server and e.g. SSO.
  Your approach - as said - is valid and I think many customers will look for the database first when looking at implementing security (so would I).
  Two links that you might be interested in to read are:
  http://sourceforge.net/projects/jguard/ --> an open source JAAS based security framework that stores the user, roles and permissions in database tables similar to your approach
  http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf --> a whitepaper I've written about J2EE security for Web applications written with Struts and JavaServer pages. You may not be able to use all of it, but its a good source of information.
  Frank

• How do you use Default Resource Access Information?

  I have some 10g Forms & Reports that I want to use with SSO and they will all be connecting to the database with the same connection info. I know how to configure a Default Resource Access Information, but how do you use this with Forms & Reports?

  Douglas,
  the default Resource Access Infomation should be the connection information right? This is used in conjunction with SSO. You need to configure your F&R applications to delegate authentication to SSO by placing ssoMode=true in the config section of formsweb.cfg.
  The Forms Servlet will connect to OID retrieve the Resource Access Information (descriptor) for a given user and automatically log them into the application.
  Users will need a global identity in OID and SSO must be enabled to use resource access info with F&R
  regards,
  tt

• PLZ. HELP !!!  ---  HOW TO Configure my "Internal PCI MODEM" in Sol9-X86.

  Hi Folks!!
  I am Karthi from India and have recently purchased Solaris 9 for X86 Platform.
  I am really at a loss as to how to configure my Connexant-based Internal PCI MODEM.
  Will Solaris 9 recognise my Connexant-based MODEM from an Indian company or do I have to purchase any other "Solaris 9 supported MODEM Chipsets"?
  Can you please help me out by giving any weblink or brief steps to go about it.
  I will be grateful to you and advance thanks to whoever is willing to help this helpless amateur.
  Bye and have a nice day!!!
  Karthi Shanmugam
  [email protected]

  Ok here is a brief answer to your question if it is a Linux HCL modem then you can search on google or check out http://www.linuxant.com/drivers/ for information.
  If it is a winmodem then you pretty much have a worthless modem for running any type of Unix/Linux. However you should be able to buy a Serial Modem for around $30-$50 USD that is compatible with almost anything since they have been around forever and use a different communication scheme than PCI.