Issue of configuring a tivoli ldap

Similar Messages

• Issues when configure LDAP server in OBIEE

  Hi,
  I have a big issue, I configure LDAP server for authentication of users, and everything looks fine, but my problem is when I log in Interactive Dashbaords, I enter without any problem, but some parameters and some filters and some functions are NOT working, for example:
  -In a parameter I have this condition for Default value: SELECT YEAR(Tiempo.Dia) FROM Finanzas WHERE Tiempo.dia = CURRENT_DATE, and returns me a null value, but if I change to this SELECT YEAR(Tiempo.Dia) FROM Finanzas WHERE Tiempo.dia = CURRENT_DATE-1, returns me "2010"
  I have similar behaviors in other parameters, and some filters and some functions.
  Everything happen in Development instance. I configure LDAP server in Development instance.
  In Production instance nothing of this is happen, but I do not configure LDAP server yet.
  What do anyone think is happen here? This happens because I configure LDAP server? What do you think that mades this behavior for my parameters, filters and functions?
  Do you think is a better practice to clone Production instance to Development instance? If so, how can I do a clone instance, only for OBIEE?
  Regards,
  Arnulfo
  Edited by: ArnulfoPA on 25-may-2010 15:35

  The date returned by CURRENT_DATE is determined by the system in which the Oracle BI Server is running. So, does CURRENT_DATE returns an equal values on prom and dev instances in your case?

• Issue  in Configuring Oracle WebCenter Content: Records

  HI,
  I have an issue in Configuring Oracle WebCenter Content: Records
  In "Records Management Setup Checklist"
       Checked-in Audit Entries Default Metadata    
       Checked-in Screening Reports Default Metadata    
       Checked-in Reservation Default Metadata
  Am not able to select the category/folder in the default check-in form for the above, and i don't see anything in the drop down also
  When i click on the Browse button of above 3..
  see Retention Schedule & favorite Schedule
  But am not able to select any of those.
  AnyOne faced this issue, pls help..
  Thanks!!!!

  The Oracle webcenter content: Records system will enable the retention schedule but it won't create any default retention category. If you want apply retention to a content then first you have to create the retention category and the disposition rule. Once you create the retention category then it will be listed under Retention Schedule. In your case complete the default configuration without applying retention, once you create retention you can apply that to those contents.
  Browse Content --> Retention Schedules --> Create Retention Category
  HTH..
  Regards,
  Manoj

• Unable to load new information from configuration file /var/ldap/ldap_clien

  Hi all,
  When I run the command "ldapclient init", I got the error message:
  # ldapclient init -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=ca -a domainName=example.ca -a profileName=UserProfile -a proxyPassword=pwd 10.1.10.50
  Unable to load new information from configuration file '/var/ldap/ldap_client_file' ('Unable to open filename '/var/ldap/ldap_client_file' for reading (errno=2).').
  Any idea?
  Thanks a lot for your help!

  Does the profile UserProfile exist on your LDAP server?
  Do the logs on your LDAP server show access problems?
  Try using -v to get more verbose output

• Issues to Configure SAML ,I tried alot but its not working ,Below Given instruction how to configure SAML

  SAML Overview
  Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and
  authorization data between security domains, that is, between an identity provider (a producer of assertions)
  and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services
  Technical Committee.
  SAML is relevant to those customers who already have a SAML implementation in use with other systems in
  their organization. Therefore, it is recommended you engage your technology team that has a working 
  knowledge of SAML and provide this document to them for their review.
  Key Roles
  • Identity Provider (IDP): The system in authority that provides the user information
  • Service Provider (SP): The system that trusts the asserting party’s information, and uses the data to
  provide an application to the user.
  • Subject: The user and their identity that is involved in the transaction.
  Note! In our context, Learning Maestro is the SP, the IDP is customer-specific, and the Subject is the user
  who is logged in.
  Copyright © 2013 SumTotal Systems, LLC. All rights reserved. Duplication prohibited. 2
  Typical SAML Components
  Source: http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf
  Copyright © 2013 SumTotal Systems, LLC. All rights reserved. Duplication prohibited. 3
  Implementing SAML 2.0
  • SumTotal LMS supports only SAML 2.0 Standards.
  • We support only IDP-initiated SAML authentication.
  • The SAML Response should be signed and base64 Encoded.
  • UserName should be passed in NameID element under Assertion\Subject Keys.
  • We use the timestamp provided in IssueInstant attribute of SAML Assertion to find the valid period
  (+/- 5 min ) for the SAML Response.
  • Currently, we do not support signed or encrypted assertions.
  • Deep linked URLs can be passed through an additional URL parameter of “OriginalURL.”
  IDP Initiated Web SSO
  Source: http://www.ijcsi.org/papers/2-41-48.pdf
  4
  When Learning Maestro is Accessed from a Portal
  1. The user logs into the customer portal.
  2. The user clicks on a link to the LMS from the customer’s portal.
  3. The link points to an IDP page.
  4. The IDP pages posts an HTTP Request to Learning Maestro
  5. The request is an < ... > message.
  Typical Structure of a SAML Response
  • Below is the typical SAML Response received by LMS from IDP
  • Value of SAMLResponse parameter should be base64 Encoded.
  Please double-click to open the below XML file to view how the response looks after decoding:
  ExampleSuccessfulAssertion.xml
  5
  Configuring SAML 2.0
  SumTotal Maestro supports SAML 2.0 for the “Identity Provider Initialized SSO” protocol.
  To configure your Maestro domain to accept SAML 2.0 Assertions, the following steps must be taken:
  1. Confirm that Usernames are in sync
  2. Provide an X.509 Certificate to SumTotal Systems (SHA1 Hashed)
  SumTotal Systems will configure your environment with the X.509 cert you provide.
  3. Point your call to the following URL:
  https://gm1.geolearning.com/geonext/<your_domain>/saml.geo
  After authenticating to your Identity Provider, the provider will pass a user into Maestro IF:
  • The user has a username matching an existing Maestro username
  • The x509 certificates match on both sides
  If authentication fails, the user will be presented with a failure page.
  Assertions
  An optional assertion is available to specify the URL a user will be sent if there is an authentication error.
  ErrorRedirectURL Assertion
  • If ‘ErrorRedirectURL’ is not specified and an authentication error or other security exception 
  occurs it will redirect the user to the default secerror.geo page as it does today
  • If a value (URL) is specified for ‘ErrorRedirectURL’ and there is an authentication error the user 
  will be redirected to the URL specified
  Sample
  6
  Additional Information
  For additional information on SAML, please refer to the following sources:
  Wikipedia: Security Assertion Markup Language
  OASIS Executive Summary
  IJCSI Intermediate Concept
  OASIS Technical Overview
  FAQs
  Question Answer
  What .NET library are we using? SumTotal uses “Componentspace” net SAML 2.0 library
  Can users still log in via the login page? Yes. The SAML target page is different than the login page.
  Can we deep link into the LMS through 
  the SAML 2.0 authentication workflow?
  Can I get rid of the Logout button?
  What is the Session timeout setting? Session Hard Life and Idle Life settings can be configured in 
  What is the unique ID for SAML? The “username” field.
  Yes. “Deep Link Target” (target or original URL parameter) is 
  accepted. If none is provided, then it will default to the default 
  landing page as configured in Maestro.
  Yes, When using SAML, the logout button still exists 
  intentionally in the navigation but can be disabled in the 
  “configure Navigation” options.
  the security section of the administration interface of Maestro.
  What is the failure page if
  Authentication fails?
  If the authentication fails, by default an intentionally simple error
  is presented to the user stating “Authentication Failure”.
  For security purposes, no further information regarding the 
  specifics of the failure are defined to the user.
  An optional ErrorRedirectURL assertion can be used.
  What URL do we point to? https://gm1.geolearning.com/geonext/<your_domain>/saml.geo

  Hello,
  Thanks for posting your question to here. However, this forum is used to discuss and ask questions about .NET Framework Base Classes (BCL) such as Collections, I/O, Regigistry, Globalization, Reflection. For issues regarding configuring SAML, this is beyond
  the scope of our support.
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Facing issue in configuring soa server in local jdev 11G

  Hi All,
  I am facing an issue in configuring local soa server in jdev 11G. I was trying to do the practice excercises in the local jdev and while configuring soa server followed following steps :-
  1. Configure SOA to install the Integrated OC4J Server
  a. In JDeveloper, select Tools -> Preferences, Run, and then select Integrated OC4J Server.
  b. Next, select Tools -> Configure SOA…
  c. Complete the dialog for your configuration specifying the database location and the SOA schema user name and password
  d. Use the Test button to test the database connection and then click on Ok
  This will take 8-10 minutes to run and when finished will end with "Build Successful."
  In the end I am getting following log file
  [echo] ==Starting standalone oc4j. Check server log D:\FMW\JdevInstance\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\log\startsoa.log.
  [echo] ==Waiting max 420 second(s) for startup of URL http://LAP1-RBAGRI-IN:8988...
  [echo]
  * Configuring SOA Infrastructure has FAILED. *
  * Please check following logs for possible cause: *
  * D:\FMW\JdevInstance\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\install\tmp\soa-infra-java.log
  * D:\FMW\JdevInstance\system11.1.1.0.22.47.96\o.j2ee\embedded-oc4j\log\startsoa.log
  [echo] ==Stopping oc4j standalone...
  BUILD SUCCESSFUL
  Total time: 7 minutes 11 seconds

  Hi Heidi,
  Thanks a lot for your response. The solution you provided worked for me. I am able to configure SOA now and the SOAConsole is coming up properly.
  One issue I am facing while deploying my application . The application is getting deployed properly but it does not show up in the console if I look at Default server console I can see this error message :-
  Incorrect db schema version.
  The database schema version "11.1.6" from the database does not match the version "11.1.7" expected by the server.
  The database schema for your SOA installation was not properly installed or your installation is using a database schema installed for a prior release.
  The database schema currently in place has probably been configured for a previous release; please re-install the database schema and try to start the server again.
  Though I have configured the database locally just like mentioned in the training material. Please let me know if you have any thoughts on this.
  Regards,
  Ranjana

• Issue with Scripted Probe for LDAP

  I have the script LDAP_PROBE loaded into memory on my ACE 4710 (A4(2.0)) and th Probe is name is configured for the LDAP port the servers are listening on. So here is th econfiguration.
  probe scripted LDAP_PROBE_3389
    port 3389
    interval 5
    passdetect interval 5
    passdetect count 2
    receive 5
    script LDAP_PROBE 3389
  I have tried removing the argument of 3389 at the bottom as well but I continue to get the result:
  real      : LDAP02[3389]
                  10.220.31.81    3389  PROBE    2491     2491     0        FAILED
     Socket state        : RESET
     No. Passed states   : 0         No. Failed states : 1
     No. Probes skipped  : 0         Last status code  : 30002
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Probe error: Server did not respond as expected
     Last probe time     : Thu Jul 12 16:24:41 2012
     Last fail time      : Thu Jul 12 12:56:59 2012
     Last active time    : Never
  The server log states this was successful however...
  Admin Acct Status: Not Locked
  AuditV3--2012-07-11-14:18:21.428+00:00DST--V3 anonymous Bind--bindDN: <*CN=NULLDN*>--client: 10.220.31.217:56908--connectionID: 8--received: 2012-07-11-14:18:21.428+00:00DST--Success
  name: <*CN=NULLDN*>
  authenticationChoice: simple
  Admin Acct Status: Not Locked
  Am I missing an argument? I have run debug on LDAP but really don't know what I am looking at...

  To update the script
  ==============
  Extract the Cisco-supplied LDAP script from the tar.gz or zip file. Rename it to something unique. Update it to use the
  new length and offset.
  Import the script into the LDAP contexts on both ACEs. Remember, scripts are not replicated and having mismatched scripts will cause replication to fail.
  ACE1/ldap# copy tftp: disk0:
  Enter source filename[]? UoN-LDAP_PROBE-iLDAP2
  Enter the destination filename[]? [UoN-LDAP_PROBE-iLDAP2]
  Address of remote host[]? [redacted]
  Trying to connect to tftp server......
  TFTP get operation was successful
  ACE2/ldap# copy tftp: disk0:
  Enter source filename[]? UoN-LDAP_PROBE-iLDAP2
  Enter the destination filename[]? [UoN-LDAP_PROBE-iLDAP2]
  Address of remote host[]? [redacted]
  Trying to connect to tftp server......
  TFTP get operation was successful
  script file 13 UoN-LDAP_PROBE-iLDAP2
  If you look at (for example) packet 651 in the capture in wireshark you'll see a
  successful bind response. You will need to tell wireshark to decode the packet as LDAP.
  The payload is:
  30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0a 01 00 04 00 04 00
  You need to have a basic understanding of ASN.1 and something called Basic Encoding Rules (BER) - whicj comes down to TLV format structures.
  The key to understanding this output is that there are three ways of specifying a length in ASN.1. The first way we have already seen in the Cisco script is to use a single byte. This known as the "definite" form and can be used for lengths of 127 bytes or less. Otherwise if the high bit is set to one, the low seven bits define the length of length. The length is then encoded in that many bytes. This is the "length of the length field" form. It looks like Microsoft Active Directory uses the indefinite form for all length encoding. The third form (for completeness is "indefinite" where the length is coded as x'80' and the end of the content is marked by x'0000'. Deconstructing the data:
  0x30    The start of a universal constructed sequence
  0x84    The length of the sequence in "length of the length" format. The next 4 bytes give the length.
  0x00000010    sequence length of 16 bytes
  0x02    Integer
  0x01    The length of the next field (1 byte)
  0x01    Value (this is the message ID which agrees with the ID in the BIND Request)
  0x61    Application, number 0, use RFC2251 to decode. This is a Bind Response
  0x84    The length of the sequence in "length of the length" format. The next 4 bytes give the length.
  0x00000007    bind response length of 7 bytes   
  0x0a    Enumeration
  0x01    Length 1
  0x03    0 - Success
  0x04    String
  0x00    Length 0 (null string)
  0x04    String
  0x00    Length 0 (null string)
  The patch given takes in 20 bytes from the bitstream,converts it into a hexadecimal string  and finds the 6 hexadecimal characters from the 16th byte onwards   (Tcl uses zero-based arrays). This is the response code.
  Kind Regards
  Cathy

• Issue with configuring Hyperion HUB 7.1.2 with SQLSERVER 2005

  Hello Experts,
  One of my customer has an issue with configuring Hyperion HUB 7.1.2 with SQLSERVER 2005.
  "We are trying to configure the SQL server 2005 database with Hyperion hub and we are unable to get the cofiguration completed. We suspect the driver class (hyperion.jdbc.sqlserver.SQLServerDriver) used in the domain.xml (path \Hyperion\HyperionHub\7.2.1\deployments\Tomcat\4.1.30\) is not helping to connect with sql server 2005. We would appreciate if you can provide new driver class which we can included while deploying the app under the web server."
  Please suggest. Thanks in advance
  Regards,
  Sonu

  Hi
  Please redeploy only the Web Server under shared service. It has to be redeployed once EPMA and others are configured.
  Thanks
  Rupak
  Mantra to Win | WinMantras.com | http://hyperion.winmantras.com

• Configuring groups in LDAP

  Hello experts !
  I'm trying to configure group in LDAP, and add members to this group :
  The group :
  ~~~~~~~~~
  objectClass:     groupOfNames
  objectClass:     top
  cn:     billingdept
  member:     o=ibm,c=us,uid=c0001,ou=people
  member:     o=ibm,c=us,uid=c0002,ou=people
  member:     o=ibm,c=us,uid=c0003,ou=people
  member:     o=ibm,c=us,uid=c0004,ou=people
  One of the members (C0004) :
  ~~~~~~~~~~~~~~~~~~~~~~~~
  uid:     c0004
  displayName:     David
  givenName:     David
  objectClass:     inetOrgPerson
  objectClass:     top
  objectClass:     person
  objectClass:     organizationalPerson
  userPassword:      [B@5c5e5c5e
  ou:     Billing
  cn:     Steven Moyer
  sn:     Moyer
  title:     Billing worker
  The Problem : When i give permission in Websphere for a specific user, it's OK and the user can log in.
  BUT, When I give a permission in Websphere for a group, websphere does\n't allow the group's users to log in, because Websphere doesn't recognize the user i'm tring to login with, as a user of this group.
  So maybe this is not the way i should configure group.
  can anyone help ?

  member DN appears to be incorrect but i cant confirm unless u provide your DIT

• Issue while configuring XLIFF as resource bundle

  We are using Jdeveloper 11.1.1.7.0 ver. We are configuring ADF Faces project for XLIFF by creating xliff file in resources folder and adding xliff file to project properties.
  In design time we are able to see the configured values when we use expression builder however, we are getting following exception at runtime:
  java.util.MissingResourceException: Can't find bundle for base name UIRes, locale en
    at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1521)
    at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1260)

  I am getting issue while configuring report in integrated mode! The issue and the solution to that is as mentioned  here.
  I tried to set the Report Server Service account to Use Another Account
  but when i try to apply i get the issue as below.
  Microsoft.ReportingServices.WmiProvider.WMIProviderException: An unknown error has occurred in the WMI Provider. Error Code 800708AC
  ---> System.Runtime.InteropServices.COMException (0x800708AC): The group name could not be found. (Exception from HRESULT: 0x800708AC)
  --- End of inner exception stack trace ---
  at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.ThrowOnError(ManagementBaseObject mo)
  at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.SetWindowsServiceIdentity(String accountName, String password, Boolean useBuiltinAccount)
  at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.SetWindowsServiceIdentity(String accountName, String password, Boolean useBuiltinAccount)
  Kindly help!
  I have the same error after a change in domain policies and after reconfigure the password of the domain account user used for the Report Server Service Account.
  I don't use a group!!!
  Thank You for any help!
  Alessio

• Issue in Configuring Linksys RV042 router

  Hi,
  I am facing some issues in configuring the Linksys RV042 router with dual WAN configuration. We are having two internet connection and I want to perform the "Load balancing" between the two internet connections. I have followed the RV042 manual and configured the router.
  But while using the Linksys RV042 for load balancing the "Outlook 2007" and "MSN" are frequently disconnecting in the client machines. We could not use the Linksys RV042 router because of this issue.
  We are using the "Static IP" for the two internet connection and configured with manual. We are facing issue only in "Outlook" and "MSN" but I can browse the sites without any issues.
  Is there any configurtaions needed? Please help us to get the solution in this issue.
  If you need any more details please mail me @ [email protected]
  Thanks in Advance,
  R. Manikandan.

  R. Manikandan,
  Without knowing more about your configuration, and the reason for "Outlook" and "MSN" disconnecting.  I would suggest that you look at the following documentation for setting up "Dual WAN" on the RV042.
  http://www.cisco.com/en/US/products/ps9923/products_qanda_item09186a0080a36632.shtml
  It sounds like you may need to setup "Protocol Bindings" for your SMTP traffic to be directed out a specific WAN port.
  If you continue to have issues, please let us know.
  Darren

• Issue while configuring Xampp

  Hi Experts,
  We are facing an issue while configuring Xampp. We have successfully installed Xampp but while selecting Admin Tab we are getting below error. We have release ports(25) and made the Windows Firewall OFF, still the issue exists. Can you please suggest us how to move forward...
  Thanks in Advance..
  Regards,
  Krishna.M

  I am getting issue while configuring report in integrated mode! The issue and the solution to that is as mentioned  here.
  I tried to set the Report Server Service account to Use Another Account
  but when i try to apply i get the issue as below.
  Microsoft.ReportingServices.WmiProvider.WMIProviderException: An unknown error has occurred in the WMI Provider. Error Code 800708AC
  ---> System.Runtime.InteropServices.COMException (0x800708AC): The group name could not be found. (Exception from HRESULT: 0x800708AC)
  --- End of inner exception stack trace ---
  at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.ThrowOnError(ManagementBaseObject mo)
  at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.SetWindowsServiceIdentity(String accountName, String password, Boolean useBuiltinAccount)
  at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.SetWindowsServiceIdentity(String accountName, String password, Boolean useBuiltinAccount)
  Kindly help!
  I have the same error after a change in domain policies and after reconfigure the password of the domain account user used for the Report Server Service Account.
  I don't use a group!!!
  Thank You for any help!
  Alessio

• Having issues while configuring JDI/ on my NWDS.

  Having issues while configuring JDI on my NWDS.
  I am logged on to Client's domain. Is there some setting thats required to be done in the hosts/service file which would ensure the same.
  Please advise.

  Hi,
  Can you specify what issues you are facing ?
  Thanks & Regards,
  Meenakshi.

• Newbie in need assistance configuring iChat server (LDAP).

  I needs some assistance in setting up iChat server for our office. I running LDAP and I have the iChat server basics setup and it is working, however my boss wants to set up different domains in iChat for the various departments (i. e. Accounting, Sales, production, etc.). These will not be accessed outside of the building. He states I need to configure additional search bases. It is at this point I am drawing a blank.

  Hi Paul,
  An intersetng one.
  James Weston may be able to post more on this.
  iChat can Chat to other Macs using the Bonjour option
  (Click the Apple/Command key + 2 together)
  Bonjour has to be enabled in the Account section of iChat Preferences.
  All computers have to be in the same subnet
  This is going to be the sticking point.
  Lets say you have one routing device for your local net and it issues all computers and devices with IP Addresses in the range 192.168.1.xxx then all the computers on on the same Subnet as there is only one LAN.
  If you have subsequent routers that change the IP addresses to somethng like 192.168.1.xxx for sales and 192.168.2.xxx fo accounts etc, then you will have subnets. Computers in 192.168.1.xxx will only see other Bonjour/iChat computers in that group and the same for 192.168.2.xxx but not from group to group.
  To show up in the Bonjour window iChat takes the Address Book Me card entry of the MAc user account and broadcasts it to the other computers.
  This would give you an option of using this method to pass out information where people were. The revelant "Sales" or "Accuounts" could be added to their Real Names.
  (Bonjour would have problems if several computers were changed to read just Sales as the Address Book name).
  An alternative would be to set up a VPN and have all computers on the same network for Bonjour independent of any of network they were on.
  James knows more about networks than I do and may have other information that may help.
  Ralph

• Failed to configured referral on LDAP Sun Directory

  Hi all,
  My customer has a problem in config. BOE to LDAP servers; which has 2 referral ldap hosts.
  The test cases are:
  - If BOEXIR2 talks to LDAP v6.2, it works.  BOE can see the users and logon via Infoview
  - But the problem exists when 2 LDAP servers setup with referral users.
  LDAP A has 2 dynamic groups.  1 dynamic group referred to users created in LDAP A.  Another dynamic group was referral to LDAP B.
  In this case, BOE is not able to see any user group.
  The customer is using BOEXIR2 and LDAP Sun Dir 6.2.  I understand this is not an official supported platform, but I suspect the issue was not caused by version compatibility, but the configuration.
  Have you heard any similar issue?  Any idea?  Thanks.
  Regards,
  Gloria

  Have you configured the referral in the CMC/auth/LDAP?
  Does the user account used to configure it have read/query access to both LDAP servers?
  Try using a directorymanager/admin account instead to see if it produces different results.
  I honestly have not seen the referral option used very often (usually gets configured by mistake).
  Also what if you use static groups, in other words are referrals only failing for dynamic groups? The query mechanism for dynamic groups is quite a bit different than that of static so it's possible you may have found a bug
  Regards,
  Tim