JNDI to access Novell NDS LDAP

Similar Messages

• PEAP with Novell NDS and LDAP?

  I was reading this Cisco Q&A doc (http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item0900aecd801764fa.shtml) that contained the following question and answer:
  Q. Can I use PEAP with LDAP or Novell NDS databases?
  A. Yes. PEAP provides interoperability with both LDAP and Novell NDS.
  I was under the impression that LDAP and Netware only supported EAP-GTC, EAP-Fast (phase 2 only), or EAP-TLS???
  Can anyone comment?

  Getting 802.1x to work with novell using PEAP w/ GTC is a slam dunk with some exceptions. I'm using Cisco ACS with Backend connection to NDS. If you have XP clients you can easily use the Cisco PEAP supplicant to allow connecting with EAP-GTC. I ran into problems with the mixture of cards and Client OS. I turned to Funk Odyssey Client to solve all my problems on the clients.

• PEAP EAP-MSCHAP and Novell(NDS)

  We have several 350/1220/1131 ap's and would like to implement a 802.1x solution. We have a ACS 4.0 and are running Novell(NDS) as userdatabase.
  As far as I have understood, PEAP MSCHAP only support Microsoft databases, and only EAP-GTC can be used with NDS/LDAP databases.
  Is this correct ?
  Johann Folkestad

  PEAP uses TLS to encrypt any subsequent CHAP exchanges. Yes, MSCHAP uses a hashing algorithym. But it runs within a server-side cert TLS tunnel for server-side authentication and encryption.
  peter

• EAP-TLS with Novell NDS

  I configured EAP-TLS for the wireless LAN in the Novell 6 environment. However encountered a problem on the ACS with Novell NDS. Attached is the error messge, any advice on how to overcome ? I have generated the server key and the client key from Windows 2000 server. The error message is 'AUth type not supported by Ext DB'

  EAP-TLS is not supported with Novell NDS as per the compatability matrx shown in the following document,
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/o.htm

• How to access an External LDAP on a weblogic server using OPSS APIs.

  Hi,
  Can anyone let me know how I can access an External LDAP configured on a weblogic server using OPSS APIs( or alternative APIs).
  I'm currently using the below snippet and I'm getting only the Users and groups from the DefaultAutheticator on the weblogic server and not the external LDAP Server.
  I've verified the providers, users and groups on the weblogic server console and can see that external LDAP server content is being picked, but my below code does not query them.
  import oracle.security.idm.IMException;
  import oracle.security.idm.IdentityStore;
  import oracle.security.idm.Role;
  import oracle.security.jps.JpsContext;
  import oracle.security.jps.JpsContextFactory;
  import oracle.security.jps.JpsException;
  import oracle.security.jps.service.idstore.IdentityStoreService;
  List<Role> rowData = null;
  JpsContextFactory ctxf = JpsContextFactory.getContextFactory();
  JpsContext ctx = ctxf.getContext();
  IdentityStoreService storeService = ctx.getServiceInstance(IdentityStoreService.class);
  IdentityStore idStore = storeService.getIdmStore();
  rowData = this.getRoles(idStore, "*");
  Any help or pointers are highly appreciated.
  Thanks,
  Bhasker

  Can anyone please provide any suggestions. I trying to google around but still not able to find any solution.
  Thanks,
  Bhasker

• Using JNDI to access config file located outsite j2ee app

  Hi I'm wanting to store a config file for my J2ee app, somewhere on a tomcat server possibly inside the
  conf/ directory so that I can update this config file without having to redeploy the j2ee app every time a change is made.
  I've been told I can use JNDI to access this file, but I can't seem to find any examples or documentation on how I can do this.
  I'm new to JNDI and would appreciate any help, or suggestions.
  Thanks,
  Tim
  EDIT:
  So far I can access the file with this code:
  Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.fscontext.RefFSContextFactory");
            try {
                 Context ctx = new InitialContext(prop);
                 // look up context for name
                 //env.put(Context.PROVIDER_URL, "file:C:\\confluence\\confluence-2.5.1-std\\conf");
                 File f = (File)ctx.lookup("/confluence/confluence-2.5.1-std/conf/test.txt");My new problems are:
  1. The commented line env.put(Context.PROVIDER_URL, "file:C:\\confluence\\confluence-2.5.1-std\\conf"); it says in examples that this should set the dir to look in to the conf dir but if i change the lookup value to just test.txt it cannot find it.
  2. Can I somehow set the context to look into the conf directory of Tomcat without hard coding the path, as the path could change or be different on different machines??
  Edited by: Timothyja on Jan 15, 2008 7:00 PM

  Hi Kiran,
  Looking at the code you sent and the error, it looks like you should be casting the ds object to a javax.sql.DataSource object not a weblogic.jdbc.common.internal.RmiDataSource object.
  You may find some useful info at the following URL:
  http://edocs.bea.com/wls/docs81/jdbc/rmidriver.html#1026007

• 4402 PEAP w/ACS3.3 using Novell NDS.

  I am trying to configure WPA2 with 802.1x authentication through ACS 3.3. Having issue with using PEAP authentication through ACS 3.3 configured for Novell NDS as External Database. Client is stuck "Verifying credentials". Controller sends authentication requests to ACS, but it is not getting any response back from ACS. ACS is on the same subnet, no firewalls of any kind in between. Under Failed Authentication on ACS nothing gets logged if I have PEAP enabled under Global Authentication Setup (EAP-MSCHAPv2). If I uncheck PEAP options under Global Authentication, then ACS will log under Failed Attempts error message saying that "EAP type not configured. Check Global Authentication Setup". Correct IP address of ACS and secret key is entered in Wireless Controller. I have also tried using port 1645 and 1812 with the same result.
  Any ideas would be appreciated. Thanks.

  If you are authenticating against Novell eDirectory/NDS, you should use EAP-GTC. Also, when you create your database configuration, be sure to enter all contexts (separated by commas) in which your user accounts reside.

• JAVA library for authen. RADIUS or Novell NDS?

  Probably certainly to me not here...
  The question consists in the following:
  What libraries (if are available) for JAVA for authentication through RADIUS and/or Novell NDS are available?
  Please at presence of such libraries to write to me on E-mail: [email protected]
  Thank for attention.
  K$V

  Does that mean that you are not going to come back here and check any answers and expect someone to email you the answer. I doubt that happening.
  I think there is a product called Radiator for Radius and Novell provides a Java toolkit for its directory servers. You might be able to use these.
  Anyways, I did not have a right answer.
  Sorry, could not help being arrogant.

• Retrieve Attribute Description with Novell.Directory.Ldap C#

  I'm trying to retrieve all available attributes in the schema using
  Novell.Directory.Ldap.dll
  I use:
  LdapSchema schema = _ldapConnection.FetchSchema(schemaDN);
  Then I get Enumerator:
  IEnumerator attributeSchemas = schema.LDAPSchema.AttributeSchemas
  All attributes in the enumerator contain Name only. No Description.
  I can retrieve Description using some other technology, but I would like
  to use just this one.
  Is there a way to retrieve an attribute description fro LDAP/Active
  Directory using Novell.Directory.Ldap.dll?
  Thank you.
  bbobskt
  bbobskt's Profile: https://forums.netiq.com/member.php?userid=2833
  View this thread: https://forums.netiq.com/showthread.php?t=45015

  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  That seems a little odd to me. Schema entries are not, as far as I have
  ever seen, retrievable by ONLY their names. If you ask for cn=schema
  and you ask for attributeTypes or objectClasses you get everything about
  them because each schema definition is one "value" on the cn=schema
  "object" not to be grabbed in pieces. I would bet that your application
  has all of the information from the LDAP source and it's now just a
  matter of figuring out how to see the details. You could (dis)prove
  this via a LAN trace when requesting schema, most-easily over TCP port 389.
  Good luck.
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v2.0.19 (GNU/Linux)
  Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
  iQIcBAEBAgAGBQJQhw8nAAoJEF+XTK08PnB5YMsQALAqzboRh/JTdF17Fr9Z7+9L
  Gu/SRHbskj5Oh6cNc2fcwj3P3yzphTOxLWAyS51075u4VpTJEsFr9 Kak8PLD9JID
  hOqQ1lfQ7Z4P4U5ceE9cNx1xks2419KpStP6CPfZqRuUJGesV1 8KLveuWDiT9pw1
  TRZwHivdR2c7tIS5lLuaBc7mB7qJNUGw7/OmWoTIh27zWOhMEWxBj8LRX4n6DhU8
  udVcbSnJkNzpzifVMMl7mVCZp0NCDd8B6i0gadGxUVh/U2hodxXhQuq/9w0fdR5L
  47ozjYrYu6gztjh0L+kO+IGmbpbJh1gFCqGpX4VwzQ2qS7N1Wx JgK2swDgHkmy5U
  BktuJZL5UI8wyc4iysdOA9nHfwnR2s6Jo5Dt7V/241MSTViKZbLuCnHRGCZ/08/Y
  dLIV1nrISpLdWsVZRwyCZIeHbESk0hLbxifbMoRU4+/zKXjdEd6aa96lF9zHsKZT
  kyRx+80zpiZOu8sAEWNAarxoka5VGWApPvU+7fya960O1BWgwa azsSmLXZZh0C00
  Yr21M0hpaRmB89mniSw+6evqEpzmNEakXs6D2Pg9B46vZhn5UU +gdmAMd6hWd5eE
  jvc+Vd7dc+oOffvL0CHrM4xw2jDTDZGd+RZxbYigqwa9lKqY07 Ufpy3DcDxQP0mO
  VgHjyXGguV2dzZYiBODc
  =dQqx
  -----END PGP SIGNATURE-----

• Novell.directory.ldap C# GroupMembership

  Hello,
  How can I retrieve the groupmembership attribute from a userid using the
  novell.directory.ldap within C#. Please add an example.
  Thanks in advance.
  Eric

  Start here:
  http://developer.novell.com/wiki/ind...es_for_C_sharp
  -jim
  Eric Pastor wrote:
  > Hello,
  >
  > How can I retrieve the groupmembership attribute from a userid using the
  > novell.directory.ldap within C#. Please add an example.
  >
  > Thanks in advance.
  >
  > Eric
  >

• ASA Remote Access Authentication with LDAP Server

  Thank you in advance for your help.
  I am configuring an ASA to authenticate with a ldap server for ipsec vpn access.  My customer has 3 networks that are to be accessed by remote users.  However they want to be able to say that one user can get to 2 of the networks and not the 3rd.  So basically they want control over what network behind the firewall each user can access.  This seems doable from my reading and I had planned to creating a group for each network that needs accessible and either do attribute maps to each group with a separate group created on the ldap server for authentication.  Basically a ldap group on the ldap server that will have the users name in the group in order for access.  I can restrict access via acl's or filtering to force my group to only be allowed access to a specific network.  Here is the problem I am having now.
  The ldap server has been created and seems to be working fine.  I have created my AAA groups and servers and I have done the ldap test with a test user vpntest and a password on the ldap server.  When I run the authentication test from the ADSM or command line I get a good authentication successful message.  So I configured a vpn client remotely and attempted to authenticate to this group and it says there is no user by that name.  Below is a paste of the debug.  The second part is when I did a successful test from the ASDM or CLI and it worked great.  The first part is when I attempted from the vpn client.  It all looks the same from the search criteria.  What am I missing here or does anyone more knowledgeable see anything that I am doing wrong.  Can this be done this way or should I try radius.  The customer was just adament about using ldap.
  extvpnasa5510#
  [243] Session Start
  [243] New request Session, context 0xd5713fe0, reqType = 1
  [243] Fiber started
  [243] Creating LDAP context with uri=ldaps://130.18.22.44:636
  [243] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
  [243] supportedLDAPVersion: value = 2
  [243] supportedLDAPVersion: value = 3
  [243] No Login DN configured for server 130.18.22.44
  [243] Binding as administrator
  [243] Performing Simple authentication for  to 130.18.22.44
  [243] LDAP Search:
          Base DN = [ou=employees,o=msues]
          Filter  = [uid=vpntest]
          Scope   = [SUBTREE]
  [243] User DN = [uid=vpntest,ou=employees,o=msues]
  [243] Talking to iPlanet server 130.18.22.44
  [243] No results returned for iPlanet global password policy
  [243] Fiber exit Tx=386 bytes Rx=414 bytes, status=-1
  [243] Session End
  extvpnasa5510#
  [244] Session Start
  [244] New request Session, context 0xd5713fe0, reqType = 1
  [244] Fiber started
  [244] Creating LDAP context with uri=ldaps://130.18.22.44:636
  [244] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
  [244] supportedLDAPVersion: value = 2
  [244] supportedLDAPVersion: value = 3
  [244] No Login DN configured for server 130.18.22.44
  [244] Binding as administrator
  [244] Performing Simple authentication for  to 130.18.22.44
  [244] LDAP Search:
          Base DN = [ou=employees,o=msues]
          Filter  = [uid=vpntest]
          Scope   = [SUBTREE]
  [244] User DN = [uid=vpntest,ou=employees,o=msues]
  [244] Talking to iPlanet server 130.18.22.44
  [244] Binding as user
  [244] Performing Simple authentication for vpntest to 130.18.22.44
  [244] Processing LDAP response for user vpntest
  [244] Authentication successful for vpntest to 130.18.22.44
  [244] Retrieved User Attributes:
  [244]   sn: value = test user
  [244]   givenName: value = vpn
  [244]   uid: value = vpntest
  [244]   cn: value = vpn test user
  [244]   objectClass: value = top
  [244]   objectClass: value = person
  [244]   objectClass: value = organizationalPerson
  [244]   objectClass: value = inetOrgPerson
  [244] Fiber exit Tx=284 bytes Rx=414 bytes, status=1
  [244] Session End

  Hi Larry,
  You can map AD group memberships to specific group policies on the ASA, you can find that configuration here:
  - http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html
  Let me know if further assistance is required!
  Please proceed to rate and mark as correct the helpful Post!
  David Castro,
  Regards,

• GRC 10.0: Access Request Creation - LDAP user advanced search not working

  Dear Experts,
  We are implementing SAP GRC Access Control and we have an issue in Access Request Creation. If we put the user name in “User” field and press intro, the user details are updated, but if we want to make an "Advanced search" the user is not found and the application give us the following message: “No records found for the search criteria entered.”
  Scenario 1: If we put the user name in “User” field and press intro, the user details are updated:
  Scenario 2: If we want to make an "Advanced search" the user is not found and the application give us the following message: “No records found for the search criteria entered.”
  We are using the Active Directory as Data Source.
  Thanks and Regards.

  Hi Jose,
  Try maintaning the parameter 2050 as YES and check once.
  Kindly, also make refer to  the below list of SAP notes:
  1757906 - GRC 10.0 - LDAP user search does not work in NWBC
  1745370 - LDAP search in GRC does not work anonymously
  1718242- UAM: User search not working in Access Request.
  Regards,
  Neeraj Agarwal

• Mail problem accessing Novell POP server

  This one is both complicated and puzzling, and I sure would appreciate a solution.
  We use Novell Groupwise for email. It allows both POP and IMAP access.
  Two weeks ago, I stopped being able to access mail from the servers using either POP or IMAP from both home and office. Simultaneously, almost. At home I was using Mail, at the office Eudora.
  After the usual tinkering, I got both home and office working with Mail through POP. That lasted a few days.
  Yesterday, POP stopped working at the office. Then, at one point, it worked, and the day's mail came in all at once. Then it stopped working. I went home. I got a lot of mail when I checked in. Then it stopped. Today, I've gotten no mail at the office from the POP server.
  Mail is communicating with the server. When I put the wrong password in, it lets me know it was not accepted. I don't get that message with the right password.
  My IT people say the mail server is functioning properly, and that no one else who uses Mail is having similar problems. I've checked all the settings, and they are as they should be.
  I recently upgraded to 10.4.1.11.
  Does this sound like a problem anyone has seen before?

  Thanks to infinite vortex.  Changing the frequency from five to fifteen minutes seems to have solved the problem, at least so far.  Curious--but not surprising--that I could find nothing about such a limit anywhere on Cox's web site, nor was this mentioned by their tech support in a series of exchanges trying to resolve the problem. 

• Error during JNDI lookup Accessing Remote EJB (access to web service restricted using declarative security model)

  Hello everyone,
  I developed a Web Service prototype accessing remote EJB using the EJB
  control with special syntax in the jndi-name attribute: @jws:ejb
  home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
  Everything works fine, but I get an error when I restrict access to my web
  service with a declarative security model by implementing steps provided in
  help doc:
  - Define the web resource you wish to protect
  - Define which security role is required to access the web resource
  - Define which users are granted the required security role
  - Configure WebLogic Server security for my web service(Compatibility
  Security/Users)
  I launch the service by entering the address in a web browser. When prompted
  to accept the digital certificate, click Yes, when prompted for network
  authentication information, enter username and password, navigate to the
  Test Form tab of Test View, invoke the method by clicking the button and I
  get the following exception:
  <error>
  <faultcode>JWSError</faultcode>
  <faultstring>Error during JNDI lookup from
  jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
  name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
  <detail>
  <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
  lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed
  for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
  weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
  8) at
  weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
  .java:220) at
  weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
  ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
  ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
  </detail>
  </error>
  I have a simple Hello method as well in my WebService (which is also
  restricted) and it works fine, but remote EJB access doesn't. I tested my
  prototype on Weblogic 7.2 and 8.1 platforms - same result.
  Is that a bug or I am missing some additional configuration in order to get
  that working. Has anyone seen similar behavior? Is there a known resolution?
  Or a suggested way to work around the problem?
  Thank you.
  Andre

  Andre,
  It would be best if this issue is handled as an Eval Support case. Please
  BEA Customer Support at http://support.beasys.com along with the required
  files, and request that an Eval support case be created for this issue.
  Thanks
  Raj Alagumalai
  WebLogic Workshop Support
  "Andre Shergin" <[email protected]> wrote in message
  news:[email protected]...
  Anurag,
  I removed "t3", still get an error but a different one (Unable to create
  InitialContext:null):
  <error>
  <faultcode>JWSError</faultcode>
  <faultstring>Error during JNDI lookup from
  jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
  create InitialContext:null]</faultstring>
  <detail>
  <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
  lookup from
  jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
  create InitialContext:null] at
  weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
  8) at
  weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
  .java:220) at
  weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
  ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
  ibas.GetVisaHistoryTransactions.getVisaHistoryTxn(GetVisaHistoryTransactions
  .jws:67) </jwErrorDetail>
  </detail>
  </error>
  Note: inter-domain communication is configured properly. The Web Service to
  remote EJB works fine without a declarative security.
  Any other ideas?
  Thank you for your help.
  Andre
  "Anurag" <[email protected]> wrote in message
  news:[email protected]...
  Andre,
  It seems you are using the URL
  jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB
  whereas you should not be specifying the "t3:" protocol.
  The URL should be like
  jndi://secuser1:[email protected]:7131/AccountDelegatorEJB
  Please do let me know if you see any issues with this.
  Note that this will only allow you to access remote EJBs in the same WLS
  domain. For accessing EJBs on another domain, you need to configure
  inter-domain communication by
  following a few simple steps as mentioned at
  http://e-docs.bea.com/wls/docs81/ConsoleHelp/jta.html#1106135. This link has
  been provided in the EJB Control Workshop documentation.
  Regards,
  Anurag
  "Andre Shergin" <[email protected]> wrote in message
  news:[email protected]...
  Raj,
  I tried that before, it didn't help. I got similar error message:
  <error>
  <faultcode>JWSError</faultcode>
  <faultstring>Error during JNDI lookup from
  jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
  failed for
  name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB]</faultstr
  ing>
  <detail>
  <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
  lookup from
  jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
  failed for
  name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB] at
  weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
  8) at
  weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
  .java:220) at
  weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
  ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
  ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
  </detail>
  </error>
  Anything else should I try?
  P.S. AccountDelegatorEJB, the remote EJB my Web Service calls is NOTaccess
  restricted.
  I hope there is a solution.
  Thanks,
  Andre
  "Raj Alagumalai" <[email protected]> wrote in message
  news:[email protected]...
  Andre,
  Can you try using the following url with username and password
  jndi://username:password@host:7001/my.resource.jndi.object ?
  once you add webapp level security, the authenticated is the user who
  invokes the EJB.
  http://e-docs.bea.com/workshop/docs81/doc/en/workshop/guide/controls/ejb/con
  CreatingANewEJBControl.html?skipReload=true
  has more info on using remote EJB's.
  Hope this helps.
  Thanks
  Raj Alagumalai
  WebLogic Workshop Support
  "Alla Resnik" <[email protected]> wrote in message
  news:[email protected]...
  Hello everyone,
  I developed a Web Service prototype accessing remote EJB using the EJB
  control with special syntax in the jndi-name attribute: @jws:ejb
  home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
  Everything works fine, but I get an error when I restrict access to my
  web
  service with a declarative security model by implementing steps
  provided
  in
  help doc:
  - Define the web resource you wish to protect
  - Define which security role is required to access the web resource
  - Define which users are granted the required security role
  - Configure WebLogic Server security for my web service(Compatibility
  Security/Users)
  I launch the service by entering the address in a web browser. Whenprompted
  to accept the digital certificate, click Yes, when prompted for
  network
  authentication information, enter username and password, navigate tothe
  Test Form tab of Test View, invoke the method by clicking the buttonand
  I
  get the following exception:
  <error>
  <faultcode>JWSError</faultcode>
  <faultstring>Error during JNDI lookup from
  jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
  name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
  <detail>
  <jwErrorDetail> weblogic.jws.control.ControlException: Error during
  JNDI
  lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookupfailed
  for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
  weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
  8) at
  weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
  .java:220) at
  weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260)at
  ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
  ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64)</jwErrorDetail>
  </detail>
  </error>
  I have a simple Hello method as well in my WebService (which is also
  restricted) and it works fine, but remote EJB access doesn't. I testedmy
  prototype on Weblogic 7.2 and 8.1 platforms - same result.
  Is that a bug or I am missing some additional configuration in order
  to
  get
  that working. Has anyone seen similar behavior? Is there a knownresolution?
  Or a suggested way to work around the problem?
  Thank you.
  Andre

• Securing AnyConnect VPN user access via specific LDAP groups in Active Directory?

  Is there a brief tutorial on how to secure AnyConnect VPN access using Active Directoty security groups?
  I have AAA LDAP authentication working on my ASA5510, to authenticate users against my internal AD 2008 R2 server, but the piece I'm missing is how to lock down access to AnyConnect users ONLY if they are a member of a specific Security Group (i.e. VPNUsers) within my AD schema.

  This looks fairly complete
  http://www.compressedmatter.com/guides/2010/8/19/cisco-asa-ldap-authentication-authorization-for-vpn-clients.html
  Sent from Cisco Technical Support iPad App