IGMP configuration (flooding, static group)

Similar Messages

• I can't find iplanet-am-static-group

  After intstallation JES, and during configuring now
  postinstallation, Access Manager step, i cant find the
  attribute iplanet-am-static-group.
  I enbaled successfully the plugin Referential integrity
  postoperation. But when adding the indexes.
  Anyone has a response for my problem.
  Thanks in advance.

  enlarge your DS admin window. Find out Additional Indexes:
  Scrolling down as attributes are alphabetic order. You will find iplanet-am-static-group is below iplanet-am-modifiable-by attribute. Jerry

• Can you configure a static port to use with certsrv.msc?

  I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes.  Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
  I configured a static DCOM port for certsvc by following this article, including bouncing the service and also rebooting the CA box:
  http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
  The static port was opened in the firewall from my workstation to the CA.  We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open.  Sniffing the firewall
  showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.
  I am wondering if there is a way to configure a static port for this high-level random port to use with certsrv.msc as I was able to do with the certsvc dcom port?  I am trying to avoid having tens of thousands of network ports wide open going to my
  CA...  Thanks in advance!

  Hi Steve,
  I am sorry that I wasn’t able to find references about restricting certificate services only use one port in the random port range.
  However, we can configure RPC dynamic ports allocation to restrict port range. In the meantime, we should keep at least 100 ports open to keep necessary system services running.
  More information for you:
  How to configure RPC dynamic port allocation to work with firewalls
  http://support.microsoft.com/kb/154596/en-us
  Service overview and network port requirements for Windows
  http://support.microsoft.com/kb/832017/en-au
  Firewall Rules for Active Directory Certificate Services
  http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
  Best Regards,
  Amy Wang

• LDAPAuthenticator Static Groups

  I setup a custom LDAPAuthenticator that successfuly reads users and groups from our internal LDAP server. The problem I'm running into is setting up group membership; I checked with our admins and I believe static is what I want. The following is a sample of our LDAP schema that defines a group and its members:
  dn: cn=group1,ou=group,<BASEDN>
  cn: group1
  gid: 1000
  memberUid: user1
  memberUid: user2
  memberUid: user3
  objectClass: top
  objectClass: posixGroup
  So I setup the static group settings in my custom authenticator as follow:
  Static Group Attribute: cn
  Static Group Class: posixGroup
  Static Member DN Attribute: memberUid
  Static Group DNs from Member DN: (&(memberUid=%u)(objectClass=posixGroup))
  Using this, none of my LDAP users get marked as members of the groups they're in. I'm a little worried that the documentation for the "Static Member DN Attribute" says that it should be an attribute that specifies the DN of the group members, but according to our schema we only list the uid of the group members. I tried to account for this in the filter by using %u instead of the default %M, but I'm not having any luck.

  For anyone who stumbles across this, I did figure out the problem. The answer is that, indeed, whatever attribute you specify that contains members, it must specify full DNs of the members.
  For example, this is how our LDAP looked when it did not work:
  dn: cn=group1,ou=group,<BASEDN>
  cn: group1
  gid: 1000
  memberUid: user1
  memberUid: user2
  memberUid: user3
  objectClass: top
  objectClass: posixGroup
  To solve the proble, the memberUid parameter needed to use full DNs:
  dn: cn=group1,ou=group,<BASEDN>
  cn: group1
  gid: 1000
  memberUid: user1,ou=people,...
  memberUid: user2,ou=people,...
  memberUid: user3,ou=people,...
  objectClass: top
  objectClass: posixGroup

• Static Groups

  I have run into a big problem setting and searching dynamic groups and was told static groups are the most supported and most understood. I created a static group and added some members; now I am trying to search for members of this group and am facing difficulties. This is the code I am using and its on Windows 2003 Will appreciate your help as always.
  <cfldap action="QUERY"
  name="GetLDAP3"
  attributes="uid"
  start="ou=new group, ou=groups,dc=example,dc=com"
  Scope="subtree"
  filter="(|(&(objectclass=groupofuniquenames)(uniquemember=cn=New Group,uid=xxxx,ou=xxxx,dc=example,dc=com)(member=uid=xxxx)))"
  server="xxx.xxx.x.xxx"
  Port="1389"
  username="cn=ldapforwindows"
  password="sunforwindows">

  have you tried this ?
  ldapsearch -p 1389 -b dc=example,dc=com uid=xxx isMemberOf

• Configure custom query group in navigation menu

  How do we configure custom query groups? Say for example: I have created a custom query group and added my custom query definitions to it. How do I configure this so that when I click on Contract Management Tab on the workbench, my custom query group is invoked?
  I need to configure custom query group in navigation menu. Any help would be appreciated.
  Regards,
  Bindu Sharma

  Hi Bindu,
  As per my understanding, it is standard and query group cannot be added in the navigation but you can add your quries under Agreement and Claus Library.
  Kindly refer the blog for the same: http://scn.sap.com/docs/DOC-55733
  Let me know if you need any other information.
  Thanks,
  Kushagra A

• Using the iplanet-am-static-group-dn attribute

  Hi,
  I'm trying to construct a user query filter that would return me all the users in a particular static group, in order to integrate with some Synchronisation Services in Plumtree Portal.
  I'm thinking of using the iplanet-am-static-group-dn attribute to do so.
  However it seems that although I can see this attribute, there are restrictions using this for queries. I could only use this attribute to query when using the root account. When I tried the same query with my application account, it returned no results.
  I need advice on a few issues:
  1) Are there other better ways to query for the users in a static group? I'm not sure if the iplanet-am-static-group-dn attribute will remain stable in future releases.
  2) If there are no better ways to do this, can the right to query using this attribute be delegated? This is a system attribute, so I'm not sure if we can really open this out to be searchable by other users other than root?
  Appreciate any advice on this at all, as I'm running on a tight deadline for this solution.
  Thanks!

  The best way to query for members of a static group is to read the list of uniqueMembers in the group entry itself.
  The iplanet-am-static-group-dn attribute is an attribute whose usage is private to Identity Server, and is not guaranteed to be up to date, accurate, or maintained by any other tool that used the directory.

• Static group performance down considerably in 5.2?

  With the caveat that this system is supporting a set of applications that require static groups (and therefore preventing us from moving to a more scalable alternative), i've found that iPlanet 5.2 is much slower than 5.1 when it comes to handling static groups.
  Consider this simple case.
  1 - Create a sample tree with 500 inetOrgPerson entries and one groupOfUniquenNames entry.
  2 - Create an LDIF file that adds the users to the group in 500 separate operations (e.g. 500 individual changetype: modify stanzas).
  3 - Create an LDIF file that deletes the 500 users from the group in the same way (500 individual changetype: modify stanzas).
  In 5.1, this operation takes 20 seconds to add, 15 seconds to delete for a total of 35 seconds.
  In 5.2, this operation takes 31.2 seconds to add, 125.5(!!!) seconds to delete, for a total of 156.7 seconds.
  Any ideas? I've worked with Sun support a bit and have implemented the nsslapd-search-tune parameter, but that's about it so far.
  Help?

  Well first lets start with what exact version of 5.1
  and 5.2 you are comparing?DS 5.2 is 5.2 Patch 2 (DS 5.2_2)
  DS 5.1 is 5.1 Service Pack 2 (DS 5.1 SP2)
  Second do you have the referential integrity plugin
  enabled? If yes is it properly indexed on 5.2?Yes it is enabled. The current attributes it is monitoring are:
  - member
  - uniquemember
  - owner
  - nsroledn(note, this only shows up in the dse.ldif, not the gui)
  All attributes are indexed for equality
  What value for nsslapd-search-tune are you using and
  what was you case number?Current nsslapd-search-tune is set to 57. Case was 64814323
  Is 5.2x installed on exactly the same machine as 5.1?
  Using the same disk partitions?Yes and yes. Tests are being run one at a time. System is a 4CPU SunFire 480R with 8GB of memory.
  Upon further investigation, it appears that group modifications are where we have the biggest hit. In my test case, i build have an ldif file with 1,000 'add single user to a specific group' operations in it. I then have a file that deletes all of those users, one at a time, from the same group.
  I then time how long it takes for ldapmodify to execute these files against the respective versions of the directory server.
  In 5.1 it takes 43 seconds to add the users, in 5.2 it takes 97.
  In 5.1 it takes 33 seconds to delete the users, in 5.2 it takes 750!!!(12.5 mins)
  This is with the same content in the tree to start with (it isn't empty). We did run into an allids threshold issue before, it is now set to 8000, which gives us enough room to avoid hitting it for objectclass=groupOfUniqueNames.
  Thanks for any suggestions you may have.

• Dynamic Group pull from static group

  We've been restructuring our distribution groups to utilize dynamic groups for some areas.  We're finding this minimizes the amount of confusion and management we have to perform on the groups.
  What I'd like to know is if it is possible to create a dynamic group that pulls from a static group.  An example, we have a static group made up of all members of a specific group.  What I'd like to accomplish, is to create a dynamic group that
  would pull from members from this group based on their Job Title.  Example: Static Group members with Title Partner

  According to this document, MemberOf is a filterable property.  You're welcome to give it a try.
  https://technet.microsoft.com/en-us/library/bb738157(v=exchg.150).aspx
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• External emails in members of static group

  Hi,
  I have been using static groups as list of emails (like alias) but all emails members of this groups are internal emails all from my domain. Someone ask me to do a list or group of emails but email members are external (yahoo, hotmail etc). How could I do this?.

  Hi jay,
  Your assumptions are correct but,
  The command "commadmin group modify
  " reported OK when I tried to add an external member but did'nt add the member. So I just add the attribute
  mgrpRFC822MailMember: [email protected]
  with an ldif file and it works fine.

• Configure Balance logon Group in Portal

  Hello experts,
  I've installed the portal central instance in one machine and a dialog java instance for this portal in another machine, after i installed the webdispacher in central instance machine, now I want to configure the Logon Group, does anyone could help me ?
  I don't have idea to do this, if someone does this configuration please help make the same.
  Thanks

  Hi,
  Please check the below link for configuring the logon groups:
  Link: [http://help.sap.com/saphelp_nw70/helpdata/en/c4/3a64b4505211d189550000e829fbbd/content.htm]
  Hope it helps.
  Thanks & Regards,
  Gourav

• Static Group headers while scrolling "Down"

    Finally got Row Header to stay present while "scrolling down". 
  Now I would like to have the 1st group row also remain present while scrolling down in the details.  Any
  options?

  Hi Marzipan24,
  Sorry for misunderstanding you question in my former reply.
  In a table, if we want to freeze column header, we should make the changes in the first Static row group in Row Groups pane with Advanced Mode. For more details, please see:
  In the Grouping pane, click the arrow that appears to the right of the Column Groups label, and click Advanced Mode to display all groups. You have done this according to the picture you posted.
  In the Row Groups sections, click the first Static group, and then in the Properties window, set the RepeatOnNewPage property to True.
  The following screenshot is for your reference：
  Besides, if we want to freeze column header in a matrix, we can enable “Repeat header columns on each page” and “Keep header visible while scrolling” options in Column Headers in Tablix Properties dialog box.
  If there are any other questions, please feel free to ask.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• Need Help for configuring Floating static route in My ASA.

  Hi All,
  I need your support for doing a floating static route in My ASA.
  I have tried this last time but i was not able to make it. But this time i have to Finish it.
  Please find our network Diagram and configuration of ASA
  route outside 0.0.0.0 0.0.0.0 6.6.6.6 1 track 1
  route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
  route rOutside 0.0.0.0 0.0.0.0 3.3.3.3 10
  route inside 10.10.4.0 255.255.255.0 10.10.3.1 1
  route inside 10.10.8.0 255.255.255.0 10.10.3.1 1
  route inside 10.10.9.0 255.255.255.0 10.10.3.1 1
  route inside 10.10.15.0 255.255.255.0 10.10.3.1 1
  route rOutside x.x.x.x 255.255.255.255 5.5.5.5 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 10.10.3.77 255.255.255.255 inside
  http 10.10.8.157 255.255.255.255 inside
  http 10.10.3.59 255.255.255.255 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sla monitor 123
  type echo protocol ipIcmpEcho 8.8.8.8 interface outside
  num-packets 3
  frequency 10
  sla monitor schedule 123 life forever start-time now
  crypto ipsec transform-set cpa esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map vpn_cpa 1 match address acl_cpavpn
  crypto map vpn_cpa 1 set peer a.a.a.a
  crypto map vpn_cpa 1 set transform-set abc
  crypto map vpn_cpa 1 set security-association lifetime seconds 3600
  crypto map vpn_cpa interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  track 1 rtr 123 reachability
  telnet 10.10.3.77 255.255.255.255 inside
  telnet 10.10.8.157 255.255.255.255 inside
  telnet 10.10.3.61 255.255.255.255 inside
  telnet timeout 500
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics port
  threat-detection statistics protocol
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 10.10.3.14
  webvpn
  tunnel-group .a.a.a.a ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
  inspect sip 
    inspect xdmcp
  service-policy global_policy global
  smtp-server 10.10.5.11
  prompt hostname context
  Cryptochecksum:eea6e7b6efe5d1a180439658c3912942
  : end
  i think half of the configuration stil there in the ASA.
  Diagram.
  Thanks
  Roopesh

  You have missed the last command in your configuration, Please check it again
  route ISP1  0.0.0.0 0.0.0.0 6.6.6.6 track 1
  route ISP2   0.0.0.0 0.0.0.0 3.3.3.3
  sla monitor 10
  type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1
  num-packets 3
  frequency 10
  sla monitor schedule 123 life forever start-time now
  track 1 rtr 123 reachability
  You can do NAT in same way, here the logical name of the interface will be different.
  Share the result
  Please rate any helpful posts.

• How to configure Multiple static NATs

  Hi,
  I am trying to configure a Cisco 871 router.
  I have 3 servers on my network that need static public IPs but also still need to communicate on the local network.
  I have given my WAN interface the first IP in the block and set up PAT for the rest of the computers on the network which is working fine. Next I set up static NAT rules for the servers translating 3 of the remaining public IPs to the internal addresses of the servers.
  I can access those servers internally using the public IPs but not from outside the network. A tracroute from outside the network gets dropped when it gets to my ISP.
  I've never configured more than one static ip for a network before and i know i've just missed a step here. Do I also need to set up static routes? Will that update the next hop's routing table?
  Thanks in advance for any help.

  You can execute multiple apply processes ( parallel parameter ). It is pretty much scalable.
  There is one thing why 2 propagate processes can be helpfull: I consulted one client with different reqs for replication delivery for different tables. In this case you can create 2 propagate processes in different schemas (with different db links).
  For maitainence point of view one propagation and one apply is better
  Regards,
  SergeR

• No Internet Access while Apps configure with Static IP - How to resolve?

  Dear Legends,
  I have installed a development instance which my configuration as follows:
  OS - Oracle Enterprise Linux 5.7 64 bit
  Instance - R12.1.3
  HDD - 500 GB
  RAM - 8GB
  IP - static - 192.168.1.10
  Subnet mask - 255.255.255.0
  Gateway - 192.168.1.1 --> router ip
  I need to setup a static ip only, but if i setup a static ip am able to access instance but no internet access, so that if i need to do any automation work like cron and sendmail is not working. How do i resolve this?
  1. I tried to setup a static ip configuration as editing the /etc/hosts and entry as
  192.168.1.10 hostname alias
  2. edited the resolv.conf for adding a nameserver as follows
  search hostname
  nameserver primary dns
  nameserver secondary dns
  but these entries are not available when i issue a service network restart
  3. Edited /etc/sysconfig/network-scripts/ifcfg-eth0
  # Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
  DEVICE=eth0
  BOOTPROTO=none --> even i have changed this to STATIC/none but no change
  HWADDR=B8:88:E3:30:1A:ED
  ONBOOT=yes
  TYPE=Ethernet
  USERCTL=no
  IPV6INIT=no
  PEERDNS=yes
  HOSTNAME=devl.rel.net
  IPADDR=192.168.1.10
  NETMASK=255.255.255.0
  GATEWAY=192.168.1.1
  Since i'm trying to update my old threads if it is similar to this but i dont find any old threads, please kindly request you to provide your valuable suggestions.
  Regards,
  Karthik Singh

  karthiksingh_dba wrote:
  Hi Hussein,
  As per your request i am continuing this thread in the followiing link HOW TO ACCESS MY VISION INSTANCE GLOBALLY? is it correct?
  Regards,
  Karthik SinghYes.
  Thanks,
  Hussein