Is there support in certmap.conf for using DN's with dc= attributes
Hi Folks-
The Question:
Is there any support on certmap.conf (or the like) for dealing with suffixes that use the "dc=example,dc=com" format (in either 5.2 or 6.0)?
The Details/Background:
Like many places our suffixes are named ending with "dc" attributes (e.g. dc=example,dc=com). I've been setting up SSL Client Certificate based authentication. It's working via the CmapLdapAttr with a custom attribute/class added to the schema (I haven't finished with VerifyCert yet).
The docs say that DNComps and FilterComps support the following RDN keywords: cn, ou, o, c, l, st, e, and mail. Notably missing from both is "dc". This seems to leave no valid value for DNComps (forcing all the searches to be across ALL suffixes including cn=config and co). With those global searches FilterComps also seems to be fairly limited (especially if uid is not part of the Certificate's Subject DN which it arguably shouldn't be in many situations).
It seems all I'm left with is CmapLdapAttr (after creating the custom attribute & class) with every search across all suffixes. I don't think I can (or should) place indexes in the stuff in dse.ldif, hopefully they won't stop the other suffixes to be searched using their indexes and these should be small enough (and hopefully in memory) that they don't make a real difference.
Thanks,
-Scott-
Ok, so as far as I can tell that just leaves using "CmapLdapAttr" with a custom attribute (& class) extension to the schema.
Since I won't be able to restrict the suffix being searched it's going to do at least 6 separate scans: one each on userRoot (and any other user suffixes), NetscapeRoot, "", cn=schema, cn=config, and cn=monitor (based on what it's reported in the logs already).
(1) Am I correct in my assumption that creating indexes on attributes in the suffixes in dse.ldif is probably not possible and would be a bad idea?
My guess is that everything in dse.ldif gets loaded into memory on startup and stays there. Also these aren't that big so the combination should mean that their search time is negligible.
(2) When automatically searching all 6+ suffixes (on every client certificate authenticated connection) will it perform indexed searches on userRoot & NetscapeRoot (assuming the correct indexes exist for CmapLdapAttr) and unindexed searches for the suffixes in dse.ldif? Or will the lack of indexes in the dse.ldif suffixes cause all of the searches to be unindexed?
(3) Is there something I'm missing that would be a better approach?
Thanks,
-Scott-
Similar Messages
-
To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?
have you out.flush() and out.close() before you call connection.getInputStream()?
-
Is there a set up tutorial for using Outlook with iCloud
I am using Outlook on my PC (windows 7 and Outlook 2010)
1. Is there a set up tutorial for using Outlook with iCloud?
2. Please clarify, I don't need to set up a XXX@me email account to get iCloud to sync with Outlook, correct?
3. My emails appear to by syncing, but the Outlook Calendar does not sync its Pre-Cloud entries with my Iphone and IPad. Is this what is to e expected?
4. If I put a calendar entry on my PC's Outlook Calendar, it should sync with my Iphone and Ipad correct? Again, what about entries that were made in Outlook before I signed up for iCloud?
I am hoping there is a simple step by step tutorial somewhere, because I am pretty disappointed with Apple about how confusing this is all becoming.Hello:
Sorry I can't bring you a solution but I am surprised your mail is working. Many of us with outlook 2010 seem to be having trouble sending. It seems apple's Pxx-smpt.mail.me.com server is rejecting the loging. I have tried it on three PC's with Win7 and Outlook 2010. It simply does not work after installing from the iCloud control panel. I have also manually configured the servers, encryption method, etc to no avail.
On the positive side, Calenda and contacts does work. First time around, the claendar duplictaed everything but I manually cleans it out. The iCloud calendar is a seperate calendar in Outlook. It seems to perform a sync with your local calendar one time. From them on, I beleive you need to use the iCloud calendar to have the same appointments show on each device. I renamed the defaut iClouds calendar to "iCloud Calendar". It's definatelly confusing and not seamless. It would be nicer to sync your OL calendar permenantly so you don;t see two or more.
Let me know your settings for iCloud email on Outlook. Try sending an email from the @me.com account.
Thanks,
Kevin -
powerpoint presentation I have stored in icloud until recently were syncing to Keynote on my iPad with no problem. Now when I open Keynote on my iPad there is nothing. I could use some help with this problem.
Morning AndreD86,
Thanks for using Apple Support Communities.
These articles explain exactly what is backed up by using their method.
iTunes: About iOS backups
http://support.apple.com/kb/ht4946
and
iCloud: Backup and restore overview
http://support.apple.com/kb/ht4859
Also we want to double-click the Home button and swipe the Task Bar to the right.
Then make sure the button on the far left of Task Bar is not muted.
Best of luck,
Mario -
Is there an adapter that lets you use iPhone earbuds with an iMac?
I have big heavy uncomfortable headphones with a mic that I use for gaming on my iMac.
I'd rather use the earbuds from my iPhone.
Is there an adapter that lets you use iPhone earbuds with an iMac?I got the splitter, (see link below), but the mic does not seem to work. Apparently, there's a difference between a mic port and a line-in port. Mic ports are powered by the computer, line-in ports are not. They expect a powered signal to come from the input device. The iMac has a line-in port.
I downloaded an app called Line-in that is supposed to give back the ability to use unpowered mics with Macs that lost the abiliy after a system update. It did not work for me. I guess my iMac never had the ability to use unpowered mics.
So I ordered the USB Stereo Audio Adapter below. It's basically a sound card that plugs into a USB port and will work with an unpowered mic. It has not arrived yet. I'll let you know how it goes.
GTMax Headset Adapter: Smartphone Headset to PC Adapter - Use a 3.5mm iPhone/Smartphone Headset With Your PC, Converts 3.5mm Plug to Dual Mic/Audio 3.5mm, for Skype/VOIP
http://www.amazon.com/gp/product/B0046FMRGA/ref=oh_details_o01_s00_i00
Syba SD-CM-UAUD USB Stereo Audio Adapter, C-Media Chipset, RoHS
http://www.amazon.com/gp/product/B001MSS6CS/ref=oh_details_o00_s00_i00 -
can i create additional apple id's using the same email address for using multiple products with iCloud?
Hi Anne,
I'm pretty sure different eMail addies are needed for different Apple IDs. -
I am from turkey and Iphone4 can be used Turkcell and vodafone(carriers) in turkey but i bought my iphone in usa and it only works with at&t.Is there anything i can do to use my iphone with turkcell or vodafone?
No. Return it and get your money back if still within the 30 day return window. All US iPhones are carrier locked and cannot be officially unlocked.
-
HT1229 what is the best method for using a iphoto with an external hard drive for greater capacity?
what is the best method for using a iphoto with an external hard drive for greater capacity?
Moving the iPhoto library is safe and simple - quit iPhoto and drag the iPhoto library intact as a single entity to the external drive - depress the option key and launch iPhoto using the "select library" option to point to the new location on the external drive - fully test it and then trash the old library on the internal drive (test one more time prior to emptying the trash)
And be sure that the External drive is formatted Mac OS extended (journaled) (iPhoto does not work with drives with other formats) and that it is always available prior to launching iPhoto
And backup soon and often - having your iPhoto library on an external drive is not a backup and if you are using Time Machine you need to check and be sure that TM is backing up your external drive
LN -
Are there any DAQmx examples available for use with pci 6229 M series card?
I have been searching around for examples which work with the pci 6229 M series DAQ card. Most examples do not list this card as applicable and the one I have found gives an error. Is there anywhere specifically available, what I am particularly interested in is seeing an analogue channel being triggered by another analogue channel reaching a certain value.
Thanks
KevinHi Kejoglo,
You are right in the fact that the M-Series card is newer than LabVIEW (and therefore the examples that are shipped with it) and therefore the example finder doesn't list the M-Series cards in the list of available hardware.
Basically though, the M-Series cards work with DAQmx and not Traditional DAQ so if you just go into the example finder and search under Hardware Input and Output>>DAQmx and choose an example from that folder to run on your M-Series card. As long as you don't try to do anything outside of the specifications of your card (which I doubt you will do) then you shouldn't have any trouble running any of the DAQmx examples on an M-Series card.
Hope this helps, if you still have problems then please feel free to write back.
Best regards,
Peter H
Applications Engineer
National Instruments UK -
Is there any internet security needed for use with the ipad 2??
is there any internet security needed for the ipad 2? I.e. For when you're shopping online etc?
You don't have to purchase a mouse. You already have one, it's wireless and the only one that will work on an iPad.
Cheers, Tom -
What is best practice for using a SAN with ASM in an 11gR2 RAC installation
I'm setting up a RAC environment. Planning on using Oracle 11g release 2 for RAC & ASM, although the db will initially be 10g r2. OS: RedHat. I have a SAN available to me and want to know the best way to utilise that via ASM.
I've chosen ASM as it allows me to store everything, including the voting and cluster registry files.
So I think I'll need three disk groups: Data (+spfile, control#1, redo#1, cluster files#1), Flashback (+control#2, redo#2, archived redo, backups, cluster files#2) and Cluster - Cluster files#3. So that last one in tiny.
The SAN and ASM are both capable of doing lots of the same work, and it's a waste to get them both to stripe & mirror.
If I let the SAN do the redundancy work, then I can minimize the data transfer to the SAN. The administrative load of managing the discs is up to the Sys Admin, rather than the DBA, so that's attractive as well.
If I let ASM do the work, it can be intelligent about the data redundacy it uses.
It looks like I should have LUN (Logical Unit Numbers) with RAID 0+1. And then mark the disk groups as extrenal redundancy.
Does this seem the best option ?
Can I avoid this third disk group just for the voting and cluster registry files ?
Am I OK to have this lower version of Oracle 10gr2 DB on a RAC 11gr2 and ASM 11gr2 ?
TIA, DuncanHi Duncan,
if your storage uses SAN RAID 0+1 and you use "External" redundancy, then ASM will not mirror (only stripe).
Hence theoretically 1 LUN per diskgroup would be enough. (External redundancy will also only create 1 voting disk, hence only one LUN is needed).
However there are 2 things to note:
-> Tests have shown that for the OS it is better to have multiple LUNs, since the I/O can be better handled. Therefore it is recommended to have 4 disks in a diskgroup.
-> LUNs in a diskgroup should be the same size and should have same I/O characteristica. If you now have in mind, that maybe your database one time will need more space (more disks) than you should use a disk size, which can easily be added, without waisting too much space.
E.g:
If you have a 900GB database then does it make sense to only use 1 lun with 1TB?
What happens if the database grows, but only grows slightly above 1TB? Then you should add another disk with 1TB.... You loose a lot of space.
Hence it does make more sence to use 4 disks á 250GB, since the "disks" needed to grow the disk groups can be extended more easily. (just add another 250G disk).
O.k. there is also the possibility to resize a disk in ASM, but it is a lot easier to simple add an additional lun.
PS: If you use a "NORMAL" redundancy diskgroup, then you need at least 3 disks in your diskgroup (in 3 failgroups) to be able to handle the 3 voting disks.
Hope that helps a little.
Sebastian -
Need solution for using Symbol LRT3840 with Apps 10.7 and/or 11i?
Any suggestions for using Symbol's scanner/terminal with Oracle 10.7 and/or 11i? The symbol unit runs a telnet session (with a 1/4 viewable area). I'm looking for some alternate screen templates and/or a software solution that will allow me to remap the existing full screen forms so all critical information is displayed on the symbol unit in the allowable viewing area. I understand that version 11i of Oracle Apps does not support character-based telnet sessions, so I'm also interested in a fix that will be transparent to my material handlers when we upgrade from 10.7 to 11i. Any help would be greatly appreciated.
Hi
We are developing solutions in that area.
If we can know more of the exisitng solution you have implemented or PDA and how it is integrated with Oracle Application(whether it is a third party tool?)
then we can discuss about arriving at a solution.
My mail-id is [email protected]
Thanks and Regards,
Bibs -
I purchased Lightroom for use on a MAC using the new operating system of Yosemite, and it crashes every time it tries to open. I have removed and reinstalled it, but it does not help. Is this program mac compatible? How can I get it to work?
This should not be so difficult, and really does not require a screenshot, or a chain of a dozen email.
The message says “Lightroom quit unexpectedly. Click report to send a report to apple.” There is no error number or any other message. That is it.
It has been installed, removed and reinstalled.
IT DOES NOT OPEN.
How do I resolve this. I have now spent hours on this issue and I am in the same place. -
Tips for using Galil Tools with Labview
This post is not a question, but below is a link to Galil's site that provides various methods and tips for using Galil's software for communicating with their controllers using LabVIEW. Hopefully it will assist others in the future.
http://www.galilmc.com/techtalk/software/using-labview-with-the-galiltools-communication-library/
Enjoy!
-AK2DM
~~~~~~~~~~~~~~~~~~~~~~~~~~
"It’s the questions that drive us.”
~~~~~~~~~~~~~~~~~~~~~~~~~~Thank you very much!
This is the information I was looking for. -
Is there no external power option for new MacBook pro with dual core?
Is there no external power option for a MacBook pro 17 with dual core. Apparently apple doesn't offer one and I can't ind any who does
Courcoul wrote:
Given that the stumbling block to more flexible power options is the infamous patent-protected MagSafe connector
The funny thing is, I've seen loads of cheap "replacement" MagSafe adapters on eBay, Amazon and in local shops. On eBay, they cost (new) about $26, on Amazon I've seen them as cheap as $17!!, against the $80 that Apple charges. And apparently, it's not worth it to pursue the matter, it's been going on for more than a year now.
made of pure unobtanium and guarded by packs of rabid lawyers, someone is shooting themselves in the foot by making the power bricks so frail that the secondary damaged goods recovery market grows without bounds...
I really dig that unobtainium reference :-)
What I've found is that the bricks aren't so frail but the DC cord is! Apparently that's difficult to make resilient, with the characteristics that Apple wanted them to have. Out of every ten broken MagSafe adapters I've seen, only two actually have failed electronics, five have frayed DC wiring and three have a broken MagSafe connector.
Maybe you are looking for
-
My laptop reads all my iPods as corrupted...
I have reset the iPods numerous times but I keep getting the error message, "iTunes has detected an iPod that appears to be corrupted. You may need to restore this iPod before it can be used with iTunes. You mat also try disconnecting and reconnect
-
Question about Intel 82801FBM LPC Interface Controller in a Tecra A3X
I have had to replace the HDD in a A3X. XP pro sp2 loaded fine and all's well but the device mngr is reporting this Intel 82801FBM LPC Interface Controller as an Unknown Device. The Intel Chipset ID Utility identifies this as a component of the Chips
-
Nothing on google to resync LOGICAL standby database
Dear All, Either for Linux or Oracle there are thousand of documents available to resyn PHYSICAL standby database BUT not a single document to resync LOGICAL standby database. Why is this? I have 2 Oracle instance on windows 2003 server one for Logic
-
Edit/remove cards from lock screen - Lollipop update
Hi, is it possible to edit or remove cards from the lock screen ? ? If so, where do i do it? ? Tank you.
-
Clamav:incorrect argument, console warning,exited with exit code 1. respawn
Hi, every 10 seconds the console is launching this warnings: 10/4/09 1:59:45 PM org.clamav.freshclam[6111] com.apple.console Notice ERROR: Incorrect argument format for option --checks (-c) 10/4/09 1:59:55 PM com.apple.launchd[1] com.apple.console Wa