How to disable nonsecure port in Directory Server 5.2

Similar Messages

• Disabling anynomous access in directory server 5.2_Patch_3

  Dear All,
  Would anyone help me out on how to disable anonymous access in directory server 5.2?
  Thanks,
  Lewis

  Try removing following line from dse.ldif [of that instance of directory server]
  aci: (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(
  read,search,compare) userdn="ldap:///anyone";)
  If there is no exact match you will find a similar entry.. its at the begining of dse.ldif.
  You can read more about aci in Directory Server Developer's Guide.
  I hope this fixes you problem

• How to disable or rename Oracle Report Server servlet command?

  Hi,
  I'm using Oracle9i App Server R2.
  I would like to learn how to disable or rename Oracle Report Server's servlet command?
  This is to avoid user from accessing http://myserver/reports/rwservlet/showmap to view the key map file content.
  Please advise.

  or example, my report server was rep_appserver, then i want to rename it to rep_test.
  Here some step to accomplish it,
  1. stop mid-tier
  $ORACLE_HOME\opmn\bin\opmnctl stopall
  2. stop em website
  $ORACLE_HOME\bin\emctl stop iasconsole
  3. rename $ORACLE_HOME\reports\conf\rep_<old_report_server_name>.conf to something else or delete it
  4. rename $ORACLE_HOME\reports\server\rep_<old_report_server_name>.dat to something else or delete it
  5. edit $ORACLE_HOME\reports\conf\rwservlet.properties file then change the SERVER parameter to new report server name(remember this new name has to be a unique name)
  6. create a backup copy of the $ORACLE_HOME\sysman\emd\targets.xml file
  7. open $ORACLE_HOME\sysman\emd\targets.xml, find old report server name and then replace it to new report server name
  8. save new targets.xml file
  9. open $ORACLE_HOME\opmn\conf\opmn.xml, old report server name and then replace it to new report server name
  10. start em website
  $ORACLE_HOME\bin\emctl start iasconsole
  11. start mid-tier
  $ORACLE_HOME\opmn\bin\opmnctl startall
  HTH
  Amkotz

• How to disable autostart (application) when managed server restart ?

  Hi Ppl,
  How to disable autostart (application) when managed server restart ?
  I want some of the applications to remain not started. In WebSPhere, we have an option disable auto start for applications.
  I don't find in weblogic.
  Thanks

  Hi,
  I agree with Faisal. When you shutdown your WL server while the application is running, the thing is when you start your server again, it would automatically start the application with it. Now if the application was down when you shutdown the server, it _the application_ won't start with the server.
  So it depends on the application last state, when you start your server.
  Regards,
  Mohab

• How to validate users with Novell Directory Server

  Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
  Directory Sever?
  Thanks

  Hi
  I believe iAS is designed to work with iDS which is bundled along
  with the SP3 download. Also the directory server which is working with
  iAS must be Nortel LDAP Schema compatible and I'm not sure if NDS(Novell
  Directory Server) is compatible. What I'm trying to understand is if you
  have already registered iAS with NDS and you are having trouble in
  accessing the users or if you are having trouble in the installation.
  Raj
  Josep Maria Camps Riba wrote:
  Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
  Directory Sever?
  Thanks

• How to enable "Starttls" on sun directory server?

  I setup directory server 5.2 on windows XP SP2. using InitialLdapContext of JNDI to connect, the program throws a exception in "StartTlsResponse tls =(StartTlsResponse)ctx.extendedOperation(tldsReq);"
  the exception message:
  javax.naming.CommunicationException: [LDAP: error code 2 - unsupported extended operation]; remaining name ''
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.extendedOperation(Unknown Source)
       at javax.naming.ldap.InitialLdapContext.extendedOperation(Unknown Source)
       at LDAPtlsDemo.main(LDAPtlsDemo.java:28)
  so i think that the "Starttls" of server is unabled. I have enabled "SSL", and connected ok by using nitialLdapContext of JNDI.
  But I can't find the way to enable "Starttls" via the GUI. Please make some help.

  To enable the TLS Encryption Cipher
  1. Check out the ssl-supported-ciphers property of the server.
  $ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
  $ dsconf get-server-prop -h host -p port ssl-supported-ciphers
    ssl-supported-ciphers :     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    ...Hope this helps,
  -Shankar

• How to disable AUX port in ASR 9010

  Hi All,
  How to disable the AUX port in ASR 9010. Inside "line aux" I can't configure anything except "login authentication" (which is used for aaa authentication).
  Also after IOS XR 3.2 the configuration for AUX port has been removed
  Platform used: ASR 9010
  Version: IOS-XR 4.1.2
  Best Regards
  Saikat Chakraborty

  Hi Saikat,
  AUX has the same authentication method as we have on the system.  From this perspective, AUX is protected the same way as the Console port and only those who have an account can login via AUX (same way as via console). Any attempts to log on AUX will be logged:
  Successful:
  ksh[65902]: Successfully authenticated user 'XXX' for ksh access via 'aux' on '0/RSP0/CPU0'
  Incorrect:
  ksh[65902]: Failed authentication attempt by user 'YYY' for ksh access via 'aux' on '0/RSP0/CPU0
  But if anyone has a physical access to the device, that would be even bigger threat compare to system protected AUX login.
  BTW, tacacs authentication should work for AUX too. We’d need to define a template for it.
  Example:
  aaa authentication login tacacs_template group tacacs+ local
  line template aux
        login authentication tacacs_template
  Regards,
  /A

• How to disable extra visit to portal server

  hi Experts,
  I am using wcp11.1.1.8, in a customized page template with portal builder, I used an EL expression to generate link like this:
  "http://localhost/webcenter/portal/Portal1/page1?_adf.ctrl-state=1dvjebskda_596"
  I clicked this link, using httpwatch to monitor network traffic, found IE visited portal server twice: first visit is a "Get" method for ""http://localhost/webcenter/portal/Portal1/page1?_adf.ctrl-state=1dvjebskda_596"", result code is 200, the second visit is a "Post" method for "http://localhost/webcenter/faces/oracle/webcenter/page/scopedMD/s64679523_e5d0_454a_952a_55128e607e07/Page7.jspx?wc.contextURL=/spaces/Portal1&_adf.ctrl-state=1dvjebskda_596", result code is 200.
  If I paste this url "http://localhost/webcenter/portal/Portal1/page1?_adf.ctrl-state=1dvjebskda_596" to ie addressing  field, and press return, httpwatch showed me there is no "second visit" for "/faces/oracle/webcenter/page/scopedMD/s64679523_e5d0_454a_952a_55128e607e07/Page7".
  Seems the "second visit" is auto generated by portal framework, how to disable it?
  Best regards

  Hi.
  Sorry about the delay, I was too busy and I only could do a small testing.
  I was checking quickly how WebCenter Portal (formerly Spaces) works with links compared to Framework Portal.
  The responsible of the "possible twice visit" is the following ViewHandler: oracle.webcenter.webcenterapp.internal.view.navigation.NavigationViewHandler in spaces-model.web.jar (method getPageTargetViewId, getActionURL and also isRedirectRequired).
  First of all, try to check that you're Pages have the "Redirect" checkbox unchecked (or you're navigation-model links). In case of being checked it will be 2 Requests.
  There are following behaviors:
  Using <af:commandLink> just will navigate using PPR and doing a POST.
  Using <af:goLink> using goLinkPrettyUrl there are many behavior:
  Already wc.contextURL is present in the URL and then it will call just one GET.
  If not is present, getActionURL it will add it in order to maintain the correctly the relationship Page - Space. It will generate you're behavior.
  I'm trying to understand why sometimes just call one GET and why sometimes generate a GET,POST,GET behavior.
  Anyway if it's urgent open a SR to Oracle.
  I think that If you try to add to your goLinkPrettyUrl the wc.contextURL parameter it just should do a visit once time (one GET). Try it if you have free time .
  I hope this information helps.
  Regards.

• Changing IP Address and ports in Directory Server 5.1 SP 4 and 5.2 SP4

  I have installed multiple instance of Sun Directory Server 5.1 and 5.2 on ports 389 and 390,now I want to change the IP Address and ports, I am able to change the directory server port from 389 by editing the dse.ldif file, now I want to change the port 390 and the IP address same as directory server, can someone expert from the forum guide me.
  Thanks in Advance.
  Mukesh Kumar

  1) I don't know what you've typed in when installing... but I've never seen that message. Are you using any language specific characters ?
  Do you get the error after this screen ?
  <b>
  The suffix is the root of your directory tree. You may have more than
  one suffix.
  Suffix [dc=sun,dc=com]:
  </b>
  If yes, then this means that the value you typed in is not a valid DN... and you must enter a valid one.
  2)The Directory Server is installed under /usr/iplanet but the database is under /var/iplanet/ds5 and configuration is under /etc/iplanet/ds5 ...
  You can use symbolic links if you want to move things around.
  3) You mean you downloaded the tar.gx file of iDS 5.1 and install it on Solaris 9... No problem, I do this every day. As long as you have right to create directories and files, you should be able to install as anyone. If not, you should install as root and then let the server run as a special user.
  4) Solaris 9 comes with iDS5.1 packages already installed. But the server is not configured at all.
  Running directoryserver setup allows you to configure it and create the database, accounts...
  Running directoryserver uninstall remove the instance of the installed database... It doesn't remove the packages. You can start again a setup...
  By the way, I think that iDS 5.1 on Solaris 9 comes with the full documentation... May be you should start by reading it.
  Regards,
  Ludovic.

• How to create first instance of directory server (Solaris 9).

  With solaris 9 installation also installs iplanet directory server in "/usr/iplanet/ds5". But there is no instance of the directory server available.
  How can I add the first instcance of the directory server.
  I can not use the admin server as it requires the userid to connect which is not known to me.

  Bharat,
  I have used a script like the following to add a DS instance, though not on Solaris 9. I believe it should work
  #!/bin/sh
  cd /usr/iplanet/ds51/servers/bin/slapd/admin/bin
  ./ds_create -f /setup_scripts/installDataDSD02.inf
  The .inf file is a silent install file which is well documented in the directory server installation documentation.
  Hope this helps
  -Pawan

• How to enable FIPS on sunone directory server 6.3?

  Hi all,
  My product needs FIPS certification.
  As part of that we will be connecting to sunone directory server and use it as user store.
  For that i need the steps to enable FIPS on sunone directory server 6.3.
  Has any one done this before?
  Please help me in this.
  Thanks in advance.
  Usha.

  To enable the TLS Encryption Cipher
  1. Check out the ssl-supported-ciphers property of the server.
  $ dsconf set-server-prop -h host -p port ssl-cipher-family:cipher2 View the available SSL ciphers.
  $ dsconf get-server-prop -h host -p port ssl-supported-ciphers
    ssl-supported-ciphers :     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    ssl-supported-ciphers :     TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    ...Hope this helps,
  -Shankar

• How to find what port the admin server is running

  how can I find out what port the admin server is running on a server?
  thanks,

  Hi
  Go to your domain root folder/config and open config.xml file in any editor. Search for the name of the admin server which is typically like AdminServer and under this tag see if you have a tag by name <listen-port>. If yes, then you should see the port number. If not, it means it is running at default port of 7001.
  If you have admin access, i hope when you login you will be giving url like http://adminhost:adminport/console. Now this adminport is the port on which admin server is running. If not, then check config.xml file.
  Thanks
  Ravi Jegga

• How to disable drop down of Report Server

  Hi,
  i had install Report server 2012 and want to move form 2008 to 2012 .
  1) how to disable drop down that show on folder and report level for end user (as shown in following screen shot).
  2) report name coming on report server are not full name how to show full name of report like we have in 2008. Following is screen shot

  Hi Mujahid,
  1.) For migrating from Sql server 2008 to 2012, please follow this links
  Migrating the whole Instance from 2008 to 2012 - > http://msdn.microsoft.com/en-us/library/ms143747.aspx
  Migrating the rdl defination to 2008 to 2012 - > http://msdn.microsoft.com/en-us/library/a1a10c67-7462-4562-9b07-a8822188a161
  2.) We can't disable the drop down box for the reporting services per user basic(end user), If you really want to do it, you
  need to edit the ReportingServices.js file (This will effect all the user including admins) located at C:\Program Files\Microsoft SQL Server\<<SSRS Instance>>\Reporting Services\ReportManager\js\ReportingServices.js
  If you want the end user not to perform certain action, you set appropriated permission for the report.
  Managing Permissions and Security for Reporting Services
  http://technet.microsoft.com/en-us/library/ms156014.aspx
  3.)  When report name is too long it truncated and dot dot are shown in the end. User always have a option to move from Title View to Details View
       You need click on the right side of the report manager preview and click on the detail view to change between detail view and title view
  Regards Harsh

• How to check installation type of Directory server in 5.2.

  Dear All,
  I have DS 5.2 environment and here i want to know the installation method of the directory server 5.2 (i mean either it is native or ZIP ). Please revert ASAP it will be really helpful for me. Thanks!
  Karthik

  Hello,
  Try the following method:
  ldd ./ns-slapd | grep libnspr | awk '{print $3}'
  If the target file is a symbolic link, you are using a package/native install else this is a zip install.
  example:
  pc1234$ pwd
  /data/test/DS/Patch6/bin/slapd/server/64
  pc1234$ ldd ./ns-slapd | grep libnspr | awk '{print $3}'
  ../../../../lib/64/libnspr4.so
  if [ -h /data/test/DS/Patch6/bin/slapd/server/64/../../../../lib/64/libnspr4.so ]; then
  echo "Symlink. pkg"
  else
  echo "Not a symlink - zip install"
  fi
  Hope this helps
  Sylvain
  Edited by: Sylvain Duloutre on Sep 17, 2012 1:05 PM

• How to disable TRACE on Web Application Server v 7.0?

  Hello Professional Sun Users,
  According to:
  http://blogs.sun.com/meena/entry/disabling_trace_in_sun_java
  I can disable HTTP TRACE by either through:
  1. Adding the following code into obj.conf
  <Client method="TRACE">
  AuthTrans fn="set-variable"
  remove-headers="transfer-encoding"
  set-headers="content-length: -1"
  error="501"
  </Client>
  which I get 413 Request Entity Too Large
  here is my obj.conf file:
  # Sun Microsystems, Inc. - obj.conf
  # You can edit this file, but comments and formatting changes
  # might be lost when the admin server makes changes.
  # Use only forward slashes in pathnames--backslashes can cause
  # problems. See the documentation for more information.
  <Object name="default">
  <Client method="TRACE">
  AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501"
  </Client>
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="D:/Sun/AppServer7U10/lib/icons" name="es-internal"
  NameTrans fn="document-root" root="$docroot"
  PathCheck fn="nt-uri-clean"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index" index-names="index.html,home.html"
  PathCheck fn="check-acl" acl="default"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/imagemap" fn="imagemap"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
  Error fn="error-j2ee"
  AddLog fn="flex-log" name="access"
  </Object>
  <Object name="j2ee">
  ObjectType fn="force-type" type="text/html"
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="cgi">
  ObjectType fn="force-type" type="magnus-internal/cgi"
  Service fn="send-cgi"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  or
  2. adding the following code into generated.server1.acl and genwork.server1.acl
  deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
  which I get 200 OK
  My generated.server1.acl file:
  version 3.0;
  acl "default";
  authenticate (user, group) {
  prompt = "Sun ONE Application Server";
  deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
  acl "es-internal";
  deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
  and genwork.server1.acl file:
  version 3.0;
  acl "default";
  authenticate (user, group) {
  prompt = "Sun ONE Application Server";
  deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
  acl "es-internal";
  deny absolute (http_trace, http_put, http_delete, http_move, http_mkdir, http_rmdir) user="anyone";
  Both methods of disabling HTTP TRACE seems not working......... Could anyone point where had went wrong?
  Thank you
  Edited by: draggy on Jan 5, 2009 8:28 AM

  Hello Joe,
  Thank you for replying.
  However I did recheck everything
  here my /server1/config/obj.conf:
  # Use only forward slashes in pathnames--backslashes can cause
  # problems. See the documentation for more information.
  <Object name="default">
  <Client method="TRACE">
  AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501"
  </Client>
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn=pfx2dir from=/mc-icons dir="D:/Sun/AppServer7/lib/icons" name="es-internal"
  NameTrans fn=document-root root="$docroot"
  PathCheck fn=nt-uri-clean
  PathCheck fn="check-acl" acl="default"
  PathCheck fn=find-pathinfo
  PathCheck fn=find-index index-names="index.html,home.html"
  ObjectType fn=type-by-extension
  ObjectType fn=force-type type=text/plain
  Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
  Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
  Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
  Error fn="error-j2ee"
  AddLog fn=flex-log name="access"
  </Object>
  <Object name="j2ee">
  ObjectType fn=force-type type=text/html
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="cgi">
  ObjectType fn=force-type type=magnus-internal/cgi
  Service fn=send-cgi
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>and my /server1/config/server1-obj.conf:
  # Use only forward slashes in pathnames--backslashes can cause
  # problems. See the documentation for more information.
  <Object name="default">
  <Client method="TRACE">
  AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501"
  </Client>
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn=pfx2dir from=/mc-icons dir="D:/Sun/AppServer7/lib/icons" name="es-internal"
  NameTrans fn=document-root root="$docroot"
  PathCheck fn=nt-uri-clean
  PathCheck fn="check-acl" acl="default"
  PathCheck fn=find-pathinfo
  PathCheck fn=find-index index-names="index.html,home.html"
  ObjectType fn=type-by-extension
  ObjectType fn=force-type type=text/plain
  Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
  Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
  Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
  Error fn="error-j2ee"
  AddLog fn=flex-log name="access"
  </Object>
  <Object name="j2ee">
  ObjectType fn=force-type type=text/html
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="cgi">
  ObjectType fn=force-type type=magnus-internal/cgi
  Service fn=send-cgi
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>I still getting the same 413...
  $ telnet localhost 81
  Trying 127.0.0.1...
  Connected to localhost.
  Escape character is '^]'.
  TRACE / HTTP/1.1
  HOST: foo
  HTTP/1.1 413 Request Entity Too Large
  Server: Sun-ONE-Application-Server/7.0.0_01
  Date: Tue, 06 Jan 2009 06:32:29 GMT
  Content-length: 168
  Content-type: text/html
  Connection: close
  <HTML><HEAD><TITLE>Request Entity Too Large</TITLE></HEAD>
  <BODY><H1>Request Entity Too Large</H1>
  A request entity is longer than the server can handle.
  </BODY></HTML>Connection closed by foreign host.Thank you