How to disable nonsecure port in Directory Server 5.2
We have recently upgraded from Directory Server 5.1 to 5.2. With version 5.1, you could set the non-secure LDAP port to be 0, and that would disable connections to the non-secure port. Version 5.2 doesn't allow you to do this. I tried from the console, and even changed it manually in the dse.ldif file, and neither method worked. Is there any way to disable the non-secure port for Directory Server 5.2?
Thanks!
I have found the simplest way is to lock the nonsecure port down to the localhost using
listenhost: 127.0.0.1
This means that it won't answer outside queries on that unsecured port, but it still has the advantage of allowing you to use it locally (which can save on the typing a bit).
Note you can of course set this to any ip or range for example 24.24.*
This also works for the secure port using securelistenhost: (I think that's the spelling but didn't check.)
Ward
Similar Messages
-
Disabling anynomous access in directory server 5.2_Patch_3
Dear All,
Would anyone help me out on how to disable anonymous access in directory server 5.2?
Thanks,
LewisTry removing following line from dse.ldif [of that instance of directory server]
aci: (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(
read,search,compare) userdn="ldap:///anyone";)
If there is no exact match you will find a similar entry.. its at the begining of dse.ldif.
You can read more about aci in Directory Server Developer's Guide.
I hope this fixes you problem -
How to disable or rename Oracle Report Server servlet command?
Hi,
I'm using Oracle9i App Server R2.
I would like to learn how to disable or rename Oracle Report Server's servlet command?
This is to avoid user from accessing http://myserver/reports/rwservlet/showmap to view the key map file content.
Please advise.or example, my report server was rep_appserver, then i want to rename it to rep_test.
Here some step to accomplish it,
1. stop mid-tier
$ORACLE_HOME\opmn\bin\opmnctl stopall
2. stop em website
$ORACLE_HOME\bin\emctl stop iasconsole
3. rename $ORACLE_HOME\reports\conf\rep_<old_report_server_name>.conf to something else or delete it
4. rename $ORACLE_HOME\reports\server\rep_<old_report_server_name>.dat to something else or delete it
5. edit $ORACLE_HOME\reports\conf\rwservlet.properties file then change the SERVER parameter to new report server name(remember this new name has to be a unique name)
6. create a backup copy of the $ORACLE_HOME\sysman\emd\targets.xml file
7. open $ORACLE_HOME\sysman\emd\targets.xml, find old report server name and then replace it to new report server name
8. save new targets.xml file
9. open $ORACLE_HOME\opmn\conf\opmn.xml, old report server name and then replace it to new report server name
10. start em website
$ORACLE_HOME\bin\emctl start iasconsole
11. start mid-tier
$ORACLE_HOME\opmn\bin\opmnctl startall
HTH
Amkotz -
How to disable autostart (application) when managed server restart ?
Hi Ppl,
How to disable autostart (application) when managed server restart ?
I want some of the applications to remain not started. In WebSPhere, we have an option disable auto start for applications.
I don't find in weblogic.
ThanksHi,
I agree with Faisal. When you shutdown your WL server while the application is running, the thing is when you start your server again, it would automatically start the application with it. Now if the application was down when you shutdown the server, it _the application_ won't start with the server.
So it depends on the application last state, when you start your server.
Regards,
Mohab -
How to validate users with Novell Directory Server
Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
Directory Sever?
ThanksHi
I believe iAS is designed to work with iDS which is bundled along
with the SP3 download. Also the directory server which is working with
iAS must be Nortel LDAP Schema compatible and I'm not sure if NDS(Novell
Directory Server) is compatible. What I'm trying to understand is if you
have already registered iAS with NDS and you are having trouble in
accessing the users or if you are having trouble in the installation.
Raj
Josep Maria Camps Riba wrote:
Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
Directory Sever?
Thanks -
How to enable "Starttls" on sun directory server?
I setup directory server 5.2 on windows XP SP2. using InitialLdapContext of JNDI to connect, the program throws a exception in "StartTlsResponse tls =(StartTlsResponse)ctx.extendedOperation(tldsReq);"
the exception message:
javax.naming.CommunicationException: [LDAP: error code 2 - unsupported extended operation]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.extendedOperation(Unknown Source)
at javax.naming.ldap.InitialLdapContext.extendedOperation(Unknown Source)
at LDAPtlsDemo.main(LDAPtlsDemo.java:28)
so i think that the "Starttls" of server is unabled. I have enabled "SSL", and connected ok by using nitialLdapContext of JNDI.
But I can't find the way to enable "Starttls" via the GUI. Please make some help.To enable the TLS Encryption Cipher
1. Check out the ssl-supported-ciphers property of the server.
$ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
$ dsconf get-server-prop -h host -p port ssl-supported-ciphers
ssl-supported-ciphers : TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ssl-supported-ciphers : TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ssl-supported-ciphers : TLS_DHE_RSA_WITH_AES_256_CBC_SHA
ssl-supported-ciphers : TLS_DHE_DSS_WITH_AES_256_CBC_SHA
...Hope this helps,
-Shankar -
How to disable AUX port in ASR 9010
Hi All,
How to disable the AUX port in ASR 9010. Inside "line aux" I can't configure anything except "login authentication" (which is used for aaa authentication).
Also after IOS XR 3.2 the configuration for AUX port has been removed
Platform used: ASR 9010
Version: IOS-XR 4.1.2
Best Regards
Saikat ChakrabortyHi Saikat,
AUX has the same authentication method as we have on the system. From this perspective, AUX is protected the same way as the Console port and only those who have an account can login via AUX (same way as via console). Any attempts to log on AUX will be logged:
Successful:
ksh[65902]: Successfully authenticated user 'XXX' for ksh access via 'aux' on '0/RSP0/CPU0'
Incorrect:
ksh[65902]: Failed authentication attempt by user 'YYY' for ksh access via 'aux' on '0/RSP0/CPU0
But if anyone has a physical access to the device, that would be even bigger threat compare to system protected AUX login.
BTW, tacacs authentication should work for AUX too. We’d need to define a template for it.
Example:
aaa authentication login tacacs_template group tacacs+ local
line template aux
login authentication tacacs_template
Regards,
/A -
How to disable extra visit to portal server
hi Experts,
I am using wcp11.1.1.8, in a customized page template with portal builder, I used an EL expression to generate link like this:
"http://localhost/webcenter/portal/Portal1/page1?_adf.ctrl-state=1dvjebskda_596"
I clicked this link, using httpwatch to monitor network traffic, found IE visited portal server twice: first visit is a "Get" method for ""http://localhost/webcenter/portal/Portal1/page1?_adf.ctrl-state=1dvjebskda_596"", result code is 200, the second visit is a "Post" method for "http://localhost/webcenter/faces/oracle/webcenter/page/scopedMD/s64679523_e5d0_454a_952a_55128e607e07/Page7.jspx?wc.contextURL=/spaces/Portal1&_adf.ctrl-state=1dvjebskda_596", result code is 200.
If I paste this url "http://localhost/webcenter/portal/Portal1/page1?_adf.ctrl-state=1dvjebskda_596" to ie addressing field, and press return, httpwatch showed me there is no "second visit" for "/faces/oracle/webcenter/page/scopedMD/s64679523_e5d0_454a_952a_55128e607e07/Page7".
Seems the "second visit" is auto generated by portal framework, how to disable it?
Best regardsHi.
Sorry about the delay, I was too busy and I only could do a small testing.
I was checking quickly how WebCenter Portal (formerly Spaces) works with links compared to Framework Portal.
The responsible of the "possible twice visit" is the following ViewHandler: oracle.webcenter.webcenterapp.internal.view.navigation.NavigationViewHandler in spaces-model.web.jar (method getPageTargetViewId, getActionURL and also isRedirectRequired).
First of all, try to check that you're Pages have the "Redirect" checkbox unchecked (or you're navigation-model links). In case of being checked it will be 2 Requests.
There are following behaviors:
Using <af:commandLink> just will navigate using PPR and doing a POST.
Using <af:goLink> using goLinkPrettyUrl there are many behavior:
Already wc.contextURL is present in the URL and then it will call just one GET.
If not is present, getActionURL it will add it in order to maintain the correctly the relationship Page - Space. It will generate you're behavior.
I'm trying to understand why sometimes just call one GET and why sometimes generate a GET,POST,GET behavior.
Anyway if it's urgent open a SR to Oracle.
I think that If you try to add to your goLinkPrettyUrl the wc.contextURL parameter it just should do a visit once time (one GET). Try it if you have free time .
I hope this information helps.
Regards. -
Changing IP Address and ports in Directory Server 5.1 SP 4 and 5.2 SP4
I have installed multiple instance of Sun Directory Server 5.1 and 5.2 on ports 389 and 390,now I want to change the IP Address and ports, I am able to change the directory server port from 389 by editing the dse.ldif file, now I want to change the port 390 and the IP address same as directory server, can someone expert from the forum guide me.
Thanks in Advance.
Mukesh Kumar1) I don't know what you've typed in when installing... but I've never seen that message. Are you using any language specific characters ?
Do you get the error after this screen ?
<b>
The suffix is the root of your directory tree. You may have more than
one suffix.
Suffix [dc=sun,dc=com]:
</b>
If yes, then this means that the value you typed in is not a valid DN... and you must enter a valid one.
2)The Directory Server is installed under /usr/iplanet but the database is under /var/iplanet/ds5 and configuration is under /etc/iplanet/ds5 ...
You can use symbolic links if you want to move things around.
3) You mean you downloaded the tar.gx file of iDS 5.1 and install it on Solaris 9... No problem, I do this every day. As long as you have right to create directories and files, you should be able to install as anyone. If not, you should install as root and then let the server run as a special user.
4) Solaris 9 comes with iDS5.1 packages already installed. But the server is not configured at all.
Running directoryserver setup allows you to configure it and create the database, accounts...
Running directoryserver uninstall remove the instance of the installed database... It doesn't remove the packages. You can start again a setup...
By the way, I think that iDS 5.1 on Solaris 9 comes with the full documentation... May be you should start by reading it.
Regards,
Ludovic. -
How to create first instance of directory server (Solaris 9).
With solaris 9 installation also installs iplanet directory server in "/usr/iplanet/ds5". But there is no instance of the directory server available.
How can I add the first instcance of the directory server.
I can not use the admin server as it requires the userid to connect which is not known to me.Bharat,
I have used a script like the following to add a DS instance, though not on Solaris 9. I believe it should work
#!/bin/sh
cd /usr/iplanet/ds51/servers/bin/slapd/admin/bin
./ds_create -f /setup_scripts/installDataDSD02.inf
The .inf file is a silent install file which is well documented in the directory server installation documentation.
Hope this helps
-Pawan -
How to enable FIPS on sunone directory server 6.3?
Hi all,
My product needs FIPS certification.
As part of that we will be connecting to sunone directory server and use it as user store.
For that i need the steps to enable FIPS on sunone directory server 6.3.
Has any one done this before?
Please help me in this.
Thanks in advance.
Usha.To enable the TLS Encryption Cipher
1. Check out the ssl-supported-ciphers property of the server.
$ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
$ dsconf get-server-prop -h host -p port ssl-supported-ciphers
ssl-supported-ciphers : TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ssl-supported-ciphers : TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ssl-supported-ciphers : TLS_DHE_RSA_WITH_AES_256_CBC_SHA
ssl-supported-ciphers : TLS_DHE_DSS_WITH_AES_256_CBC_SHA
...Hope this helps,
-Shankar -
How to find what port the admin server is running
how can I find out what port the admin server is running on a server?
thanks,Hi
Go to your domain root folder/config and open config.xml file in any editor. Search for the name of the admin server which is typically like AdminServer and under this tag see if you have a tag by name <listen-port>. If yes, then you should see the port number. If not, it means it is running at default port of 7001.
If you have admin access, i hope when you login you will be giving url like http://adminhost:adminport/console. Now this adminport is the port on which admin server is running. If not, then check config.xml file.
Thanks
Ravi Jegga -
How to disable drop down of Report Server
Hi,
i had install Report server 2012 and want to move form 2008 to 2012 .
1) how to disable drop down that show on folder and report level for end user (as shown in following screen shot).
2) report name coming on report server are not full name how to show full name of report like we have in 2008. Following is screen shotHi Mujahid,
1.) For migrating from Sql server 2008 to 2012, please follow this links
Migrating the whole Instance from 2008 to 2012 - > http://msdn.microsoft.com/en-us/library/ms143747.aspx
Migrating the rdl defination to 2008 to 2012 - > http://msdn.microsoft.com/en-us/library/a1a10c67-7462-4562-9b07-a8822188a161
2.) We can't disable the drop down box for the reporting services per user basic(end user), If you really want to do it, you
need to edit the ReportingServices.js file (This will effect all the user including admins) located at C:\Program Files\Microsoft SQL Server\<<SSRS Instance>>\Reporting Services\ReportManager\js\ReportingServices.js
If you want the end user not to perform certain action, you set appropriated permission for the report.
Managing Permissions and Security for Reporting Services
http://technet.microsoft.com/en-us/library/ms156014.aspx
3.) When report name is too long it truncated and dot dot are shown in the end. User always have a option to move from Title View to Details View
You need click on the right side of the report manager preview and click on the detail view to change between detail view and title view
Regards Harsh -
How to check installation type of Directory server in 5.2.
Dear All,
I have DS 5.2 environment and here i want to know the installation method of the directory server 5.2 (i mean either it is native or ZIP ). Please revert ASAP it will be really helpful for me. Thanks!
KarthikHello,
Try the following method:
ldd ./ns-slapd | grep libnspr | awk '{print $3}'
If the target file is a symbolic link, you are using a package/native install else this is a zip install.
example:
pc1234$ pwd
/data/test/DS/Patch6/bin/slapd/server/64
pc1234$ ldd ./ns-slapd | grep libnspr | awk '{print $3}'
../../../../lib/64/libnspr4.so
if [ -h /data/test/DS/Patch6/bin/slapd/server/64/../../../../lib/64/libnspr4.so ]; then
echo "Symlink. pkg"
else
echo "Not a symlink - zip install"
fi
Hope this helps
Sylvain
Edited by: Sylvain Duloutre on Sep 17, 2012 1:05 PM -
How to disable TRACE on Web Application Server v 7.0?
Hello Professional Sun Users,
According to:
http://blogs.sun.com/meena/entry/disabling_trace_in_sun_java
I can disable HTTP TRACE by either through:
1. Adding the following code into obj.conf
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
which I get 413 Request Entity Too Large
here is my obj.conf file:
# Sun Microsystems, Inc. - obj.conf
# You can edit this file, but comments and formatting changes
# might be lost when the admin server makes changes.
# Use only forward slashes in pathnames--backslashes can cause
# problems. See the documentation for more information.
<Object name="default">
<Client method="TRACE">
AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501"
</Client>
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="D:/Sun/AppServer7U10/lib/icons" name="es-internal"
NameTrans fn="document-root" root="$docroot"
PathCheck fn="nt-uri-clean"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index" index-names="index.html,home.html"
PathCheck fn="check-acl" acl="default"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/imagemap" fn="imagemap"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
Error fn="error-j2ee"
AddLog fn="flex-log" name="access"
</Object>
<Object name="j2ee">
ObjectType fn="force-type" type="text/html"
Service fn="service-j2ee" method="*"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
or
2. adding the following code into generated.server1.acl and genwork.server1.acl
deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
which I get 200 OK
My generated.server1.acl file:
version 3.0;
acl "default";
authenticate (user, group) {
prompt = "Sun ONE Application Server";
deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
acl "es-internal";
deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
and genwork.server1.acl file:
version 3.0;
acl "default";
authenticate (user, group) {
prompt = "Sun ONE Application Server";
deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
acl "es-internal";
deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
Both methods of disabling HTTP TRACE seems not working......... Could anyone point where had went wrong?
Thank you
Edited by: draggy on Jan 5, 2009 8:28 AMHello Joe,
Thank you for replying.
However I did recheck everything
here my /server1/config/obj.conf:
# Use only forward slashes in pathnames--backslashes can cause
# problems. See the documentation for more information.
<Object name="default">
<Client method="TRACE">
AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501"
</Client>
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn=pfx2dir from=/mc-icons dir="D:/Sun/AppServer7/lib/icons" name="es-internal"
NameTrans fn=document-root root="$docroot"
PathCheck fn=nt-uri-clean
PathCheck fn="check-acl" acl="default"
PathCheck fn=find-pathinfo
PathCheck fn=find-index index-names="index.html,home.html"
ObjectType fn=type-by-extension
ObjectType fn=force-type type=text/plain
Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
Error fn="error-j2ee"
AddLog fn=flex-log name="access"
</Object>
<Object name="j2ee">
ObjectType fn=force-type type=text/html
Service fn="service-j2ee" method="*"
</Object>
<Object name="cgi">
ObjectType fn=force-type type=magnus-internal/cgi
Service fn=send-cgi
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>and my /server1/config/server1-obj.conf:
# Use only forward slashes in pathnames--backslashes can cause
# problems. See the documentation for more information.
<Object name="default">
<Client method="TRACE">
AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501"
</Client>
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn=pfx2dir from=/mc-icons dir="D:/Sun/AppServer7/lib/icons" name="es-internal"
NameTrans fn=document-root root="$docroot"
PathCheck fn=nt-uri-clean
PathCheck fn="check-acl" acl="default"
PathCheck fn=find-pathinfo
PathCheck fn=find-index index-names="index.html,home.html"
ObjectType fn=type-by-extension
ObjectType fn=force-type type=text/plain
Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
Error fn="error-j2ee"
AddLog fn=flex-log name="access"
</Object>
<Object name="j2ee">
ObjectType fn=force-type type=text/html
Service fn="service-j2ee" method="*"
</Object>
<Object name="cgi">
ObjectType fn=force-type type=magnus-internal/cgi
Service fn=send-cgi
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>I still getting the same 413...
$ telnet localhost 81
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
TRACE / HTTP/1.1
HOST: foo
HTTP/1.1 413 Request Entity Too Large
Server: Sun-ONE-Application-Server/7.0.0_01
Date: Tue, 06 Jan 2009 06:32:29 GMT
Content-length: 168
Content-type: text/html
Connection: close
<HTML><HEAD><TITLE>Request Entity Too Large</TITLE></HEAD>
<BODY><H1>Request Entity Too Large</H1>
A request entity is longer than the server can handle.
</BODY></HTML>Connection closed by foreign host.Thank you
Maybe you are looking for
-
Delivery is not possible as per Schedule line dates
Hi Gurus, The schedule lines insales order are for eaxample--- 01.12.2008 - 10 pieces (quantity) 15.12.2008 - 10 10.01.2009 - 10 25.01.2009 - 10 Tried to deliver the quantity 10 dated 15.12.2008 in the last after all the materials pertain
-
I combined two user accounts on my MacBook Pro into a new, third, user account. The biggest account in terms of my I Tunes library, past purchases, etc., was preserved. The smaller deleted acount with about 40 I Tunes purchases needed to be "reload
-
How do i disable an itunes account
I have an itunes account and I wanted to update the email address but apparently I already made an account from that email so i want to delete the second account so i can update the old one
-
While video taping, the camera says videoing stopped automatically.
I purchased my canon rebel t2i at Staples, along with a 16GB card with a 10 in the top rt corner. When recording with my camera, it will often say videoing has stopped automatically. I also cleared everything off the card . I had it checked today b
-
How to use my warranty without purchase receipt?
Hi, I know this was a really dumb thing to let happen, but I don't have my purchase receipt for my 17" MBP. Nothing bad's happened to it yet, but I've read that I can't use my warranty without it. I've registered the laptop with Apple, and checking t