LDAP AND ACL

Can we use the weblogic LDAP realm in any way to access the ACL which are stored in a netscape directory server.

It's not clear to me. I'm not familiar with how Process Integrator uses the
security in WLS since
they have implemented their own security schemes.
If Process Integrator just uses the LDAP realm provided in WebLogic Server
without modifications,
then your custom realm should be able to be used by Process Integrator. If
it provides its own,
then it is highly unlikely that it will work.
Paul Patrick
"Vibhu " <[email protected]> wrote in message
news:3a4cbb55$[email protected]..
>
Will this custom realm be able to function with process integrator.
"Paul Patrick" <[email protected]> wrote:
The current LDAP realm implementation does not support the use retrieval
of
ACLs, in any form,
from an LDAP directory server. You could develop your own LDAP-basedcustom
realm to
handle this.
Paul Patrick
"Vibhu S" <[email protected]> wrote in message
news:3a4b980d$[email protected]..
Can we use the weblogic LDAP realm in any way to access the ACL which
are
stored in a netscape directory server.

Similar Messages

  • LDAP realm for authentication and ACL in Database

    We are thinking of using LDAP realm for authentication and we want to use ACL from a Database. But the documentation says: "WebLogic Server defers to the LDAP realm for authentication, but not for authorization. Authorization is accomplished with access control lists (ACLs), which are defined in the weblogic.properties file"
    Can we use LDAP realm for authentication and manage our ACL from a Database? or do we have to use the weblogic.properties file? Do the weblogic security API help in the above scenario? Thanks Ram

    Unfortunately, there is no easy way to do this in wls 6.0.
    The only way to handle it is to write your own custom realm
    that uses ldap for users and groups and a database for acls -
    probably not a viable alternative.
    -Tom
    "kevin doherty" <[email protected]> wrote:
    >
    Jeffrey Hirsch <[email protected]> wrote:
    You should be able to use the DelegatedRealm interface to utilize the authentication methods from LDAP and the authorization methods from RDBMSRealm...
    I'm trying to do this too, but we are using WL6 and I see that the DelegatedRealm interface has been deprecated in this version. I'd greatly appreciate more information on doing this in WL6.
    Thanks!
    -kd

  • 10.6.6 Server Combo Update Crashes LDAP and Kerberos Services

    Just updated apple server from 10.6.4 to 10.6.6 with combo server overnight.
    Everything was working fine under 10.6.4
    All users can no longer authenticate to server via mail or ldap logins
    LDAP and Kerberos Services stopped.
    Will downgrade from an open directory master to standalone then back to master again and post status...

    I think there is something with LDAP on 10.6.6
    I was forced to make clean install in combo from 10.6.0 to 10.6.6 and today LDAP crashed.
    It seems to be an issue on ldap ACL.
    Message was edited by: Xalio

  • LDAP Realm & ACLs

    i'm using WL510sp8 with a Netscape Dir Server...
    when i start weblogic with the LDAP Realm configured it takes forever (20+ minutes) to start up because weblogic goes to the realm and ldap to check other acls in weblogic.properties like "everyone" and "system"...
    how can i get around having these other acls checked in the ldap server??? subclass LDAPRealm and stop it manually? delegating realm with both ldap and wlproperties???
    thanks
    mal

    "Mike Westaway" <[email protected]> wrote in message
    news:[email protected]..
    >
    My weblogic web application is configured to authenticate against a groupin an ldap
    realm using basic authentication.
    This all works just fine.
    But now I want to query the LDAP server in the context of the current userto find
    out what directory entries I have read/write acecss to.
    I don't believe there is any method in the LDAP realm that would allow you
    to do your own
    queries against the LDAP server.

  • Errors found when using tar and ACL's

    Having difficulties with TAR and ACLs, and wondering if anyone had seen this before.
    Here's the scenario: create a few directories and a few files. Tar it up and extract the files. Now assign some ACL's to them (some default for directories), tar it up, and extract the files. Permissions should remain the same. Under most circumstances they are.
    Now repeat the procedure, but put a default directory ACL on the parent directory where the TAR is created. What happens is that the group permissions for anything un-tared gets trashed.
    Here's a script to test it out.
    Create a dummy user (I called mine foobar) -- required for setting ACL's. Run the script with the "-d" option at first. Things appear good. You can compare the permissions on the bottom for each file/directory.
    Run the script with the "-s" option setting default ACL's on the parent.
    #!/usr/bin/sh
    ROOTDIR=/export/home/christian/config
    TESTDIR=/export/home/christian
    USER_X="oam"
    # Run the script once with normal permissions (no ACL's) in the test directory (where tar is located)
    # --> ./test.sh -d
    # look at the result (ls -l) of .../sub1dir, .../sub1dir_acl, and /sub1dir_orig
    # They should be relatively the same:
    # --> rwxrwxrwx permissions on directories
    # --> rw-rw-rw- on files
    # Now run the script but set the parent directory of the script (where the TAR's are located) to have default ACL's
    # --> /opt/MMSsyscnf/sub2dir/test/test.sh -s
    # Now look at the result (ls -l) of .../sub1dir, .../sub1dir_acl, and /sub1dir_orig
    # They are COMPLETELY skewed. Both times we tried to untar the files, ACL's wound up
    # all over the place and permissions were not set correctly.
    # --> rwxrwxrwx permissions ONLY on original directory (not the product of an UNTAR)
    # --> rwxr--rwx permissions on directories created by untar
    # --> rw-rw-rw- on files ONLY on original directory (not the product of an UNTAR)
    # --> rw-r--rw- on files created by untar
    # ****** Why is group affected by this, but "other" is not?! It's gotta be a bug!
    # MAIN
    ACTION="NOPREP"
    while [ -n "$1" ]
    do
    if [ "ABC$1" = "ABC-d" ]; then
    #flag set to try and remove default directory ACL's
    setfacl -d u:$USER_X $TESTDIR
    setfacl -d d:u:$USER_X $TESTDIR
    setfacl -d d:u::,d:g::,d:m:,d:o: $TESTDIR
    elif [ "ABC$1" = "ABC-s" ]; then
    setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $TESTDIR
    setfacl -r -m d:u:$USER_X:rw- $TESTDIR
    setfacl -r -m u:$USER_X:r-x $TESTDIR
    fi
    shift;
    done
    # clean up previous run of the test
    rm -r $ROOTDIR
    # create files/directories
    mkdir $ROOTDIR
    mkdir $ROOTDIR/sub1dir
    mkdir $ROOTDIR/sub1dir/sub2dir
    mkdir $ROOTDIR/sub1dir/sub2dir/sub3dir
    #set permissions
    chmod 777 $ROOTDIR
    chmod 777 $ROOTDIR/sub1dir
    chmod 777 $ROOTDIR/sub1dir/sub2dir
    chmod 777 $ROOTDIR/sub1dir/sub2dir/sub3dir
    # create files
    echo "" > $ROOTDIR/sub1dir/sub2dir/file1.txt
    echo "" > $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
    chmod 666 $ROOTDIR/sub1dir/sub2dir/file1.txt
    chmod 666 $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
    # tar/zip the files:
    /usr/bin/tar -cvf $ROOTDIR/tarBeforeACLs.tar $ROOTDIR/sub1dir
    /usr/bin/gzip $ROOTDIR/tarBeforeACLs.tar
    # move the directory (so we keep the original as a template of what things should look like)
    mv $ROOTDIR/sub1dir $ROOTDIR/sub1dir_orig
    # untar/zip the files:
    /usr/bin/gunzip $ROOTDIR/tarBeforeACLs.tar
    /usr/bin/tar -xvf $ROOTDIR/tarBeforeACLs.tar
    ls -lR $ROOTDIR
    # Ok. These have been tested to be the exact same.
    echo "********************************************************************************"
    echo "********************************************************************************"
    echo "********************************************************************************"
    # Let's try using ACL's now
    # --> directories (owned by root) must be acessible to OAM user.
    # --> files (owned by root) must be read/writable by user OAM when created in the directories
    setfacl -r -m u:$USER_X:r-x $ROOTDIR/sub1dir
    setfacl -r -m u:$USER_X:r-x $ROOTDIR/sub1dir/sub2dir
    setfacl -r -m u:$USER_X:r-x $ROOTDIR/sub1dir/sub2dir/sub3dir
    setfacl -r -m u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir/file1.txt
    setfacl -r -m u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
    setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $ROOTDIR/sub1dir
    setfacl -r -m d:u:$USER_X:rw- $ROOTDIR/sub1dir
    setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $ROOTDIR/sub1dir/sub2dir
    setfacl -r -m d:u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir
    setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $ROOTDIR/sub1dir/sub2dir/sub3dir
    setfacl -r -m d:u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir/sub3dir
    # here are things as they stand
    ls -lR $ROOTDIR
    echo "********************************************************************************"
    echo "********************************************************************************"
    echo "********************************************************************************"
    # tar/zip the files:
    /usr/bin/tar -cvfp $ROOTDIR/tarAfterACLs.tar $ROOTDIR/sub1dir
    /usr/bin/gzip $ROOTDIR/tarAfterACLs.tar
    # move the directory (so we keep the directory that was applied ACL's)
    mv $ROOTDIR/sub1dir $ROOTDIR/sub1dir_acl
    # untar/zip the files:
    /usr/bin/gunzip $ROOTDIR/tarAfterACLs.tar
    /usr/bin/tar -xvfp $ROOTDIR/tarAfterACLs.tar
    # here are things after we've untared them
    ls -lR $ROOTDIR
    echo "********************************************************************************"
    echo "********************************************************************************"
    echo "********************************************************************************"
    getfacl $ROOTDIR/sub1dir_orig $ROOTDIR/sub1dir_acl $ROOTDIR/sub1dir
    echo "********************************************************************************"
    getfacl $ROOTDIR/sub1dir_orig/sub2dir $ROOTDIR/sub1dir_acl/sub2dir $ROOTDIR/sub1dir/sub2dir
    echo "********************************************************************************"
    getfacl $ROOTDIR/sub1dir_orig/sub2dir/sub3dir $ROOTDIR/sub1dir_acl/sub2dir/sub3dir $ROOTDIR/sub1dir/sub2dir/sub3dir
    echo "********************************************************************************"
    getfacl $ROOTDIR/sub1dir_orig/sub2dir/file1.txt $ROOTDIR/sub1dir_acl/sub2dir/file1.txt $ROOTDIR/sub1dir/sub2dir/file1.txt
    echo "********************************************************************************"
    getfacl $ROOTDIR/sub1dir_orig/sub2dir/sub3dir/file2.txt $ROOTDIR/sub1dir_acl/sub2dir/sub3dir/file2.txt $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
    echo "********************************************************************************"
    Any ideas?

    UFSDUMP has some limitations, including being on a file system that is read-only. Yes, I could force it on a read-write FS, but I normally stay away from big sticker labels found in man pages when I encounter them. :-(
    What I was originally after was a script that makes a backup of application configuration files before I modify them. Thus, I tar/zip the directory.
    These config files/directores have ACL's attached to them to allow various roles to access them (group permissions are not fine-grain enough). However, when I ran through a couple of tests, I came across a scenario that overwrote the original permissions. Tested it on Solaris 10 and Solaris 9, and both fail.
    So now (very late into the feature design) I'm VERY concerned about using ACL's on Solaris, and wonder what other side-effects there are that I'm not aware of. Can't seem to find a bug report on it, so I thought I'd ask around to see if it was just the behaviour of the TAR/ACL that I'm not quite getting, or if it really is a bug.
    /chris

  • OD, LDAP and DNS

    I am new to LDAP and I believe I have everything setup correctly on the server (everything under Open Directory in SA says "Running", logs don't show any errors). However, I can not access the LDAP server from a client machine using Directory Access. I suspect that client machines still can not "see" my LDAP server.
    I believe the issue may be with DNS and I am trying to understand the interaction between DNS and OD, etc. First off, I do not have DNS turned on for my Mac OS X Server since my ISP has always hosted our DNS. Is this a problem? Do I need DNS activated on the same server that I am running this LDAP server? I have tried entering the IP and DNS name on the client server using Directory Access and neither worked.

    The requirement is that references using your server's Fully Qualified Domain Name look up to its IP Address and its IP Address looks up to its Fully Qualified Domain Name. If your ISP does that for you, and does it correctly, Merry Christmas!
    All others must set up their own tiny DNS service to do the lookups. If you are behind an NAT firewall, you can Make Up whatever names you like and look them up locally, because they are invisible from the Internet.
    Remember that each workstation must have the address of the DNS available to it. It needs to be configured in the TCP/IP setup or dispensed via DHCP. If you use your own DNS (highly recommended) you must also dispense or configure the next upstream DNS (your ISP's DNS Address).
    "An Open Directory master requires properly configured DNS so it can provide single sign-on Kerberos authentication.
    Make sure DNS service is configured to resolve fully qualified DNS names and provide corresponding reverse lookups.
    DNS must resolve the fully qualified DNS name and provide reverse lookups for the Open Directory master server, all replica servers, and other servers that are members of the Kerberos realm.
    You can use the Lookup pane of Network Utility (in /Applications/Utilities/) to do a DNS lookup of a server's DNS name and a reverse lookup of the server's IP address.
    For instructions on setting up DNS service, browse Network Services Overview."
    -- from Server Admin 10.4 Help: Kerberos is Stopped on an Open Directory Master or Replica
    Message was edited by: Grant Bennet-Alder

  • Role based security and ACLs

    Hello,
    I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
    Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
    So:
    1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
    2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
    3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
    Your response is appreciated.

    Hello,
    I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
    Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
    So:
    1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
    2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
    3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
    Your response is appreciated.

  • MAC OS and LDAP and Samba Server

    How can I make my Mac OS authenticate against LDAP and automatically map shared by a Samba server folders? (samba domain)? The idea is that any person who is registered in the database of LDAP can log into any Mac machine and automatically access the folders stored on the Samba server.

    Are you using TopLink 11g or TopLink Essentials?
    You seem to be wanting to use TopLink 11g, but you have the provider set to Essentials in your persistence.xml.
    <provider>oracle.toplink.essentials.PersistenceProvider</provider>
    Change this to,
    <provider>oracle.toplink.PersistenceProvider</provider>
    The sessions-xml properties are only supported with TopLink 11g.
    Note that currently in 11g when using a sessions-xml it must contain a project xml that completely defines the mappings. It will not merge with annotations nor defaults.

  • LDAP and OID

    FYI: I am new to Oracle (<1 month), and new to APEX (<3 weeks) so forgive me if I am asking the obvious.
    I would like to have APEX authenticate against LDAP (active directory), and went about trying to set that up. Got all AD settings from our sys admin, and then tried them in the LDAP test tool. I kept getting " Authentication failed!" no matter what I did. Due to the detailed nature of that error message, I started trying to track down every possible avenue so I talked to one of our DBA's about DBMS_LDAP.SIMPLE_BIND_S. The answer I got back was that we don't have access to it because it is part of OIN which we would have to pay outrageous amounts of money for if we wanted to use it. Not likely to happen, so I was hoping that there was another way to authenticate APEX via LDAP.
    Any suggestions would be most helpful.

    John - DBMS_LDAP is not part of OID so you can use it as part of your existing database product installation. Search this forum for LDAP and AD and you'll find lots of discussions about what you are trying to do.
    Also, just to clarify, you're not trying to authenticate Application Express using AD, you'll be authenticating users to your application (essentially a PL/SQL application in the database) using account information stored in AD. The authentication code that gets executed will belong to your application.
    Scott

  • Document browser and ACL Authorization

    Dear friends,
    We are working on ECC 6.0 and required to implement SAP DMS. As of with every ERP 2005 default two features are coming, document browser and ACL Authroization. These features are not required by users, so we need to de-activate these. We have a note for these wherein it is mentioned that one of the component is required to upgrade. We dont want to go with this. If any note is there by applying which we can de-activate those features will be well and good, instead of upgrading component.
    Regards,

    Dear Tushar,
    This t-code will be enable only after support pack SAPKGPAD11 or greater version is implemented. Our client is not in the position to upgrade, by implementing support packs. Alternate solution if any, pls suggest. By applying any notes if we can de-activate these features, let us know.
    Regards,
    Punam

  • LDAP and SAP integration

    Hi,
    As a part of a project requirement, we are trying to integrate Solution manager with LDAP (Lightweight Directory Access Protocol).
    Using the directory service, we are trying to synchronize the CUA (Central user administration within Solution manager) with Active directory of LDAP so that we can maintain the User data centrally from a single point in LDAP.
    Problem description:
    Currently, Client has implemented the LDAP and CUA integration and when a new user is added in LDAP, it is automatically getting copied in all SAP systems and at real time, when the useru2019s u201CLASTNAMEu201D field is updated in LDAP, it is automatically getting synchronized in all SAP systems.
    But, If any attribute other than u201CLASTNAMEu201D is changed (i.e. The expiry /validity date of the User in LDAP, GLTGB in SAP), then the field value is not getting synchronized in the SAP Central User Adm.
    Our Findings:
    We have checked the configurations and imported mappings in SAP Solution Manager and everything looks fine. We have debugged the standard program RSLDAPSYNC_USER extensively and found out that an RFC call to function module LDAPRFC_SEARCH is not returning the expected values.
    Thanks
    Deb

    Hi Deb,
    It would be really nice if you can elaborate on the configurations that need to be done as part of this integration. I hope, you have been successfull by now.
    Actually, I too need to perform the same as part of a project.
    Thanks in advance.

  • Hello, Identity manager fail to add entries in the LDAP and database table

    Hello,
    Well I installed identity manager 7 in a windows 2003 advanced server.
    I I appended an NT server resource, a Mysql table, a solaris server resource and an ldap server resource.
    I created the roles for these resources and then I assigned them to an account that I created for testing purposes.
    After the aprooval, in the solaris machine, the user has been added in the user database but no home directory has been created as I didn't set the apropriate flag to true.
    I the windows resource everything worked very smooth and with no problem.
    In the ldap and mysql table resources I recieved a failure having error message null. and from a sniffing that I did for investigation I never saw a sigle packed arrive to the mysql server or to the directory server from the idm server.
    Any ideas or suggestions on what to do ?

    Well the problem with the directory server just solved.
    But the problem with mysql remains.
    The first thing that I do when I add a resource is to test the connection.
    The problem with the LDAP is that the dn was not present in the directory server. They gave me an ou that didn't exist.

  • Domino ldap and weblogic server 6.1

    Hi,
    I am trying to use domino ldap for authentication in weblogic server 6.1
    I configured a custom ldap realm.
    But the users were not listed from domino ldap and authentication also failed.
    Can anybody help me?
    Thanx in advance.
    - prabha.

    at the moment it is possible for me to work, though. i worked around the
    problem and i set web.xml as a read only file. i still can't use wizards to
    create servlets and i can't edit web.xml with jbuilder.

  • Authentication against both LDAP and BI repository

    I have a lot of user who are authenticated against LDAP. I need add few users who aren't exist in LDAP. I can create user in BI repository and if this user is in an Administrator group he is able to log in. But if this user isn't in an Administrator group he get error "Succesfull execution of intitializtion block LDAP is required". Is there any way how to authenticate users agains both LDAP and BI repository?

    Hi,
    why dont you create a group in ldap and add the correspondng users to that group.
    You can configure the LDAP server with that group and try...
    Hope it works...
    Regards
    Venkat

  • LDAP and everyone group

    I am using wls version 5.1 with service pack 7. I still need to add all
    users the the "everyone" group in order to be able to authenticate. I
    thought this issue was resolved in the latest service pack. But I still
    get an exception thrown if my user is not in "everyone" group. Does
    anyone know what the status of this bug is? Is it resolved or not?
    Here is the exception:
    java.rmi.RemoteException: Security violation: insufficient permission to
    access method
    at
    weblogic.ejb.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:431)
    at
    com.itginc.webtrade.ejb.LoginBeanEOImpl.loginUser(LoginBeanEOImpl.java:143)
    at
    com.itginc.webtrade.ejb.LoginBeanEOImpl_ServiceStub.loginUser(LoginBeanEOImpl_ServiceStub.java:112)
    at
    com.itginc.webtrade.servlets.LoginServlet.service(LoginServlet.java:190)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
    at
    weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:106)
    at
    weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:907)
    at
    weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:851)
    at
    weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContextManager.java:252)
    at
    weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:364)
    at
    weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:252)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)

    Glen wrote:
    >
    I just encountered this error and deleted the 'everyone' group as a workaround.We authenticate with LDAP and WL always complained about not finding the group 'everyone'. The app worked fine but I thought I'd be a good guy and add the group to LDAP. Once I did, I got your error.Could the issue be that the 'everyone' group is OK but the permissions on the group deny access? I'm searching BEA to find out the expected permissions when I found your posting.I still need the expected permissions for the 'everyone' group.According to http://www.weblogic.com/docs51/admindocs/ldap.html#changes
    .. you don't need to define the everyone group in any version after WLS 5.0
    because of the introduction of the CachingRealm.

Maybe you are looking for

  • When I touch my apps the screen blinks but nothing happens what can I do?

    when i touch an app to start it, the screen blinks but nothing happens.  I did refresh that didn't help.  What next?

  • I cannot select or play music from Ipod touch

    I am unable to select music at all directly from the ipod touch. I can access it thru my car stereo though. What all of a sudden happened?

  • SEM-CPM-MC: Creating CPM variables

    Hi, I know this is probably not the right place to post it, but I couldnt find a better place. I trying to create a variable in SEM-CPM-MC, but no matter what I do, I'm only able to create a runtime variable with selection type P - Variable for singl

  • Inserting Small Cd's

    I tried to insert a small software cd in my drive. It got stuck, but it never tried to read it. All the other software cd's I have used before have been regular sized ones. Do I need a special tray or am I just not inserting it properly? I got the cd

  • Broken images in photo stream in iPhoto on iMac

    I don't know where these images are coming from but they look like broken images from the internet. I can't delete them because they are on my photostream. I've reset my photo stream on my other devices but the broken images are still there and it ha