LDAP anonynous access

Hi there
I'm trying to access an LDAP server using ODI LDAP jdbc driver without supplying username and passowrd (anonymous) but I get an error:
"java.sql.SQLException: A java.lang.NullPointerException occurred saying: null"
Is there a way to tell the driver that I'm trying to do anonynous access?
thanks

Smtltwbanp,
> So, what are the new components or changes in the existing components
> which I have to do.
It depends on the application.
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)
Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

Similar Messages

  • ******Ldap Server Access Permission Attributes.

    How can i get all the attributes associated with an object from iplanet directory server version 5.0 , including access permissions.
    Thanks & Regards
    Chandan Kalra

    I'm not familiar with iPlanet specifically, so I'm not sure what kind of 'object' you're trying to retrieve. You can loop through the NamingEnumeration results printing out the attribute names to see if what you want is there, though. Or you can try adding the policy information to your search. i.e. search forcn=Policy,secAuthority=Default,uid=xxxx,ou=people,o=xxxx,c=xxxxinstead of justuid=xxxx,ou=people,o=xxxx,c=xxxxNote that this example is for IBM's LDAP, so may not apply in your case. of course, you can probably consult the docs for iPlanet to get more specific information about where the AC properties are stored in the directory...

  • Python ldap write access (acl) from another machine?

    i've downloaded and installed:
    http://python-ldap.sourceforge.net/
    and used this example code:
    http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/303336
    and i'm using this code to connect to another machine that is running a vanilla install of leopard 10.5.2.
    The search works fine, but add and delete return this error:
    {'info': 'no write access to parent', 'desc': 'Insufficient access'}
    It would appear that the default acl for * doesn't allow for other computers to have write access?
    access to *
    by set="user/uid & [cn=admin,cn=groups,dc=test,dc=mydomain,dc=com]/memberUid" write
    by dn.exact="cn=test.mydomain.com$,cn=computers,dc=test,dc=mydomain,dc=com" write
    by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
    by * read
    What I don't understand about acls is: are the 'by' lines all additive? if I was to add a new acl like the one below, will that give other computers, when authenticated as someone in the admin group, write access?
    It would appear that the default acl for * doesn't allow for other computers to have write access? or commenting out the dn=exact and sockurl?
    access to *
    by set="user/uid & [cn=admin,cn=groups,dc=test,dc=mydomain,dc=com]/memberUid" write
    by * read
    do i add this to /etc/openldap/slapd_macosxserver.conf and restart the server?

    Hi,
    You can check these few text-book style troubleshooting steps :-
    1. Can you PING the system computername from another System ?
    2. Can you check the ServerName Parameter in httpD.Conf of your IAS's Apahce & check if it contains computername ?
    3. Can you check if you can access http://computername:7777 or http://computername:7778 ( Default Ports ).
    4. Can you Telnet to computername at Port 80 ( using some software like Putty ) and issue Http Commands like GET / HTTP/1.1 ( just to check if the port is open ) ?
    Regards,
    Sandeep

  • Using accuont other than amldapuser to login to ldap via access maanger ?

    Hi,
    We have multi-domain setup with about 70 subdomains (JES2005Q4). when we try to view the accounts in a domain, it takes us up to 3 minutes to display maybe 200 users in one specific domain.
    We had to increase "timeout for search' to 180 secons to allow for the largest domain all users to be returned.
    I suspect this is caused by amldapuser which is now used for the ldap login and the amount of ACI's installed.
    Is it possible to login to the ldap with another user that would return results more quickly (directory manager ?)
    If so, is this a low risk operation, and what must we change exactly ?
    current config:
    DN for Root user bind: cn=amldapuser,ou=DSAME Users,o=jes.xxxxx.be
    kind regards,
    Tom.

    Hi Tom,
    Using Dirmanager would not be the best option ...
    You could check the following:
    1) what is the BASEDN when searching for users?
    By default this is o=ROOTORG,ou=PEOPLE since all is copied from the root org by creating the service template, except for the amldapuser password
    This should be o=ROOTORG,o=SUBORG,ou=PEOPLE
    (or the DC= equivalent)
    2) what is the time the actual LDAP query takes (etime)
    3) Are there any unindexed searches?
    HTH

  • WPA2 802.1x with MS RADIUS, LDAP, Clean Access

    We are in a multivendor enviornment using NAC and WCS.  We would like to implement WPA2 Enterprise.  We currently authenticate with LDAP to place users in proper roles.
    Not 100% sure on this.  As far as I know, it is not possible to implement 802.1x with LDAP.....so how could we use LDAP and a Radius server together in order to implement WPA2 Enterprise?  Is this possible?  Any documentation out there that I have yet to find explaining this?
    Any help would be appreciated.
    Thanks in advance,
    Ben

    Hi,
    Let's clarify all possibilities and you can chose one from there :-)
    1) the Wireless Controller (WLC) can act as radius server. The feature is called "local eap". So the WLC authenticates the client (wpa2 if you like).
    The WLC can use an LDAP database as user database. The only restrictions are that you cannot use "mschapv2" methods. So only peap-gtc,eap-fast-gtc and eap-tls. Of those 3, only eap-tls is present on the client default windows supplicant.
    2) You can have a complete radius server like Cisco ACS. However the limitation coming with LDAP remains. Unless your database is Active Directory in which case ACS can integrate with it and allow for all eap methods.
    3) If you go for WPA enterprise, that means you will authenticate users 2 times. One with dot1x to join the wireless and one with NAC afterwards to get network connectivity. Again if you have active directory, you can go with "single sign on" so that users never have to enter their credentials. Otherwise they will have to enter them twice.
    Apart from that fact, NAC pretty much doesn't care if your wireless is open or dot1x-secured, it comes after the dot1x authentication anyway.
    I hope this clarifies ?
    Nicolas
    ===
    please rate answers that you find useful

  • No Internet access

    Hi everybody,
    I am unable to access internet with one of the vlan. i have two vlans
    VLAN 2   192.168.1.0
    VLAN 8   172.168.1.0
    When i am on vlan 2 i can access to internet. when i work with vlan 8, i cannot access to internet. As a matter of fact VLAN 8 (172.168.1.0) is new. I need to know what else i need to configure to get access. the following is the configuration of my cisco ASA firewall. Any help will be apprieciated.
    Thanks
    hostname abcASA1
    domain-name abc.com
    enable password .4rNnGSuheRe encrypted
    passwd 2KFQnbNIdI.2K encrypted
    names
    name 192.168.1.3 Email_DNS
    name 192.168.1.4 SQLServer
    name 192.168.2.2 VPN_3005
    name 192.168.2.0 DMZ_Subnet
    name 192.168.3.0 VPN_Subnet
    name 192.168.1.0 Inside_Subnet
    name 192.168.3.5 VPNNET_DNS
    name 128.8.10.90 D_Root
    name 192.5.5.241 F_Root
    name 198.41.0.10 J_Root
    name 192.33.4.12 C_Root
    name 193.0.14.129 K_Root
    name 198.32.64.12 L_Root
    name 192.36.148.17 I_Root
    name 192.112.36.4 G_Root
    name 128.63.2.53 H_Root
    name 128.9.0.107 B_Root
    name 198.41.0.4 A_Root
    name 202.12.27.33 M_Root
    name 192.203.230.10 E_Root
    name 12.183.68.51 ATT_DNS_2
    name 12.183.68.50 ATT_DNS_1
    name 192.168.1.6 FileServer_NAS
    name 192.168.2.6 abc_WEB
    name 199.130.197.153 CA_Mgmt_USDA
    name 199.130.197.19 CA_Roaming_USDA
    name 199.130.214.49 CA_CRLChk_USDA
    name 199.134.134.133 CA_Mgmt_USDA_
    name 199.134.134.135 CA_Roaming_USDA2
    name 192.168.2.9 PublicDNS2
    name 192.168.2.8 PublicDNS
    name 192.168.1.11 abc02EX2
    name 162.140.109.7 GPO_PKI_DIR
    name 162.140.9.10 GPO_PKI
    name 192.168.1.12 Patchlink
    name 192.168.1.10 abcSLIMPS1
    name 192.168.1.7 FileServer_DNS
    name 192.168.1.15 abc06ex2
    name 192.168.101.0 NEW_VPN_SUBNET
    name 192.168.77.0 NEW_VPN_POOL description NEW_VPN_POOL
    name 192.168.1.16 VTC description LifeSize VTC
    name 12.18.13.16 VTC_Outside
    name 192.168.2.50 Email_Gateway
    name 192.168.1.20 Exch10
    name 192.168.1.8 SharePoint
    name 192.168.1.19 abc09ic description Web Servr
    name 192.168.1.180 ExternalDNS
    name 192.168.2.223 abc11ids
    name 192.168.50.0 inside_new_Network
    dns-guard
    interface Vlan1
    nameif outside
    security-level 0
    ip address 12.18.13.20 255.255.255.0
    interface Vlan2
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    interface Vlan3
    nameif dmz
    security-level 10
    ip address 192.168.2.1 255.255.255.0
    interface Vlan4
    nameif vpnnet
    security-level 75
    ip address 192.168.3.1 255.255.255.0
    interface Vlan5
    nameif asainside
    security-level 50
    ip address 192.168.4.1 255.255.255.0
    interface Vlan6
    nameif testinside
    security-level 50
    ip address 192.168.5.1 255.255.255.0
    ipv6 address 2001:ab1:5::/64 eui-64
    interface Vlan7
    description New Local Area Network for Server
    nameif inside_new
    security-level 50
    ip address 192.168.50.1 255.255.255.0
    interface Vlan8
    description abcdone Server VLAN
    nameif Internal_LAN
    security-level 100
    ip address 172.168.1.254 255.255.255.0
    interface Vlan16
    description out of band
    nameif oobnet
    security-level 100
    ip address 172.16.1.1 255.255.255.0
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    speed 100
    duplex full
    interface Ethernet0/2
    switchport access vlan 3
    interface Ethernet0/3
    switchport access vlan 7
    interface Ethernet0/4
    interface Ethernet0/5
    switchport trunk allowed vlan 1-10
    switchport mode trunk
    interface Ethernet0/6
    interface Ethernet0/7
    boot system disk0:/asa802-k8.bin
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    dns domain-lookup inside
    dns domain-lookup vpnnet
    dns server-group DefaultDNS
    name-server 192.168.1.2
    name-server Email_DNS
    domain-name abc.com
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network Inside_Server_Group
    description EmailServer, FileServer, SQLServer
    network-object Email_DNS 255.255.255.255
    network-object SQLServer 255.255.255.255
    network-object 192.168.1.2 255.255.255.255
    network-object FileServer_NAS 255.255.255.255
    network-object host abc02EX2
    network-object host abc06ex2
    object-group network Inside_Server_Group_ref
    network-object 192.168.3.73 255.255.255.255
    network-object 192.168.3.74 255.255.255.255
    network-object 192.168.3.72 255.255.255.255
    network-object 192.168.3.76 255.255.255.255
    object-group service DNS tcp-udp
    description DNS Service both TCP/UDP
    port-object eq domain
    object-group network InternetDNS
    network-object A_Root 255.255.255.255
    network-object B_Root 255.255.255.255
    network-object C_Root 255.255.255.255
    network-object D_Root 255.255.255.255
    network-object E_Root 255.255.255.255
    network-object F_Root 255.255.255.255
    network-object G_Root 255.255.255.255
    network-object H_Root 255.255.255.255
    network-object I_Root 255.255.255.255
    network-object J_Root 255.255.255.255
    network-object K_Root 255.255.255.255
    network-object L_Root 255.255.255.255
    network-object M_Root 255.255.255.255
    network-object ATT_DNS_2 255.255.255.255
    network-object ATT_DNS_1 255.255.255.255
    object-group network USDA-PKI-Users
    description GAO PKI User Group
    network-object 192.168.1.51 255.255.255.255
    network-object 192.168.1.52 255.255.255.255
    network-object 192.168.1.53 255.255.255.255
    network-object 192.168.1.54 255.255.255.255
    network-object 192.168.1.55 255.255.255.255
    network-object 192.168.1.56 255.255.255.255
    network-object 192.168.1.57 255.255.255.255
    network-object 192.168.1.58 255.255.255.255
    network-object 192.168.1.59 255.255.255.255
    network-object 192.168.1.60 255.255.255.255
    network-object host 192.168.1.61
    network-object host 192.168.1.62
    network-object host 192.168.1.63
    object-group network CITABCDAS
    network-object 192.168.3.241 255.255.255.255
    network-object 192.168.3.242 255.255.255.255
    network-object 192.168.3.243 255.255.255.255
    network-object 192.168.3.244 255.255.255.255
    network-object 192.168.3.245 255.255.255.255
    network-object VPNNET_DNS 255.255.255.255
    object-group service Virginia.edu tcp
    description blackboard java classroom
    port-object range 8010 8012
    object-group network PDASB1-VPN-Inside
    network-object host abcPLIasd1
    network-object host 192.168.3.10
    object-group service http-https tcp
    port-object range https https
    port-object range www www
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group service VTC tcp-udp
    description LifeSize
    port-object range 60000 64999
    object-group service DM_INLINE_TCP_1 tcp
    port-object eq 3268
    port-object eq ldap
    object-group service EmailGateway udp
    description TrustManager
    port-object eq 19200
    port-object eq 8007
    object-group service DM_INLINE_TCP_2 tcp
    port-object eq 990
    port-object eq ftp
    port-object range 2000 5000
    object-group service Barracuda tcp
    port-object eq 5124
    port-object eq 5126
    object-group service barracuda udp
    port-object eq 5124
    port-object eq 5126
    object-group service IMAP tcp
    port-object eq 993
    port-object eq imap4
    object-group service DM_INLINE_SERVICE_0
    service-object tcp eq domain
    service-object udp eq domain
    access-list inside_access_in extended permit ip any any
    access-list inside_access_in extended permit object-group TCPUDP any object-group InternetDNS object-group DNS
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_0 any host 12.18.13.222
    access-list outside_access_in remark Website
    access-list outside_access_in extended permit tcp any host 12.18.13.19 eq 8090
    access-list outside_access_in remark Allow ICMP replies to inside
    access-list outside_access_in extended permit icmp any host 12.18.13.21 echo-reply
    access-list outside_access_in remark VTC
    access-list outside_access_in extended permit tcp any host VTC_Outside eq h323
    access-list outside_access_in remark VTC
    access-list outside_access_in extended permit object-group TCPUDP any host VTC_Outside eq sip
    access-list outside_access_in extended permit icmp any host VTC_Outside
    access-list outside_access_in remark Barracuda
    access-list outside_access_in extended permit tcp any host 192.168.1.25 object-group Barracuda
    access-list outside_access_in remark Barracuda
    access-list outside_access_in extended permit udp any host 192.168.1.25 object-group barracuda
    access-list outside_access_in remark VTC
    access-list outside_access_in extended permit udp any host VTC_Outside range 60000 64999
    access-list outside_access_in remark VTC
    access-list outside_access_in extended permit tcp any host VTC_Outside range 60000 64999
    access-list outside_access_in remark for Public DNS2
    access-list outside_access_in extended permit udp any host 12.18.13.223 eq domain
    access-list outside_access_in remark for Public DNS2
    access-list outside_access_in extended permit tcp any host 12.18.13.223 eq domain
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.224 eq www
    access-list outside_access_in remark NTP from Router to DMZ
    access-list outside_access_in extended permit udp host 12.18.13.1 host 12.18.13.15 eq ntp
    access-list outside_access_in remark Syslog from Router
    access-list outside_access_in extended permit udp host 12.18.13.1 gt 1023 host 12.18.13.13 eq syslog
    access-list outside_access_in remark Inbound Email SMTP to DMZ Host 192.168.2.50
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.13 eq smtp
    access-list outside_access_in remark VPNNET IPSec ESP
    access-list outside_access_in extended permit esp any host 12.18.13.31
    access-list outside_access_in remark VPNNET IPSec AH
    access-list outside_access_in extended permit ah any host 12.18.13.31
    access-list outside_access_in remark VPNNET IPSec Port 4500
    access-list outside_access_in extended permit udp any eq 4500 host 12.18.13.31 eq 4500
    access-list outside_access_in remark VPNNET IPSec ISAKMP
    access-list outside_access_in extended permit udp any eq isakmp host 12.18.13.31 eq isakmp
    access-list outside_access_in remark VPNNET IPSec over UDP port 10000
    access-list outside_access_in extended permit udp any eq 10000 host 12.18.13.31 eq 10000
    access-list outside_access_in remark Sharepoint1
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.42 eq https
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.31 eq https
    access-list outside_access_in remark Access Rule to Webmail
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.32 eq https
    access-list outside_access_in remark SLIMPSdev
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.33 object-group http-https
    access-list outside_access_in remark Inbound Website
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.19 eq www
    access-list outside_access_in remark Inbound SharePoint
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.42 eq www
    access-list outside_access_in remark Inbound WEb Traffic to ISA server-SLIMPS
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.41 eq www
    access-list outside_access_in remark Inbound Secure Web Traffic to ISA server-SLIMPS
    access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.41 eq https
    access-list outside_access_in remark Inbound FTP abc_web
    access-list outside_access_in extended permit tcp any host 12.18.13.14 object-group DM_INLINE_TCP_2
    access-list outside_access_in remark DNS1
    access-list outside_access_in remark for Public DNS2
    access-list outside_access_in remark for Public DNS2
    access-list outside_access_in remark NTP from Router to DMZ
    access-list outside_access_in remark Syslog from Router
    access-list outside_access_in remark Inbound Email SMTP to DMZ Host 192.168.2.5
    access-list outside_access_in remark VPNNET IPSec ESP
    access-list outside_access_in remark VPNNET IPSec AH
    access-list outside_access_in remark VPNNET IPSec Port 4500
    access-list outside_access_in remark VPNNET IPSec ISAKMP
    access-list outside_access_in remark VPNNET IPSec over UDP port 10000
    access-list outside_access_in remark Inbound WEb Traffic to Facilitate Web Server in DMZ
    access-list outside_access_in remark Inbound Secure Web Traffic to Facilitate Web Server in DMZ
    access-list outside_access_in remark Access Rule to FE Server
    access-list outside_access_in remark SLIMPSdev
    access-list outside_access_in remark Inbound WEb Traffic to ISA server-SLIMPS
    access-list outside_access_in remark Inbound Secure Web Traffic to ISA server-SLIMPS
    access-list outside_access_in remark Inbound port 93 to ISA server-SLIMPS
    access-list outside_access_in remark Explicit Deny All
    access-list vpnnet_access_in remark Patrica RDP
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.53 eq 3389
    access-list vpnnet_access_in remark Berry RDP
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.51 eq 3389
    access-list vpnnet_access_in remark John Tsai RDP
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.156 eq 3389
    access-list vpnnet_access_in remark Chopper RDP
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.128 eq 3389
    access-list vpnnet_access_in remark Ms Ballard RDP
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.58 eq 3389
    access-list vpnnet_access_in remark Wakita
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.153 eq 3389
    access-list vpnnet_access_in remark Amy RDP
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.124 eq 3389
    access-list vpnnet_access_in remark KC RDP
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.57 eq 3389
    access-list vpnnet_access_in remark Eyang RDP
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.161 eq 3389
    access-list vpnnet_access_in remark SLIMPS doc
    access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.13 eq 3389
    access-list vpnnet_access_in extended deny ip any any
    access-list vpnnet_access_in remark for SLIMPS APP
    access-list vpnnet_access_in remark for SLIMPS APP
    access-list vpnnet_access_in remark for SLIMPS APP
    access-list vpnnet_access_in remark FOR SLIMPS Application
    access-list vpnnet_access_in remark SLIMPS Production Workflow
    access-list vpnnet_access_in remark SLIMPS
    access-list vpnnet_access_in remark FOR SLIMPS Application
    access-list vpnnet_access_in remark SLIMPS VPN access to SLIMPSTEST2 Alpha website
    access-list vpnnet_access_in remark SLIMPS VPN access to abc02SLIMPS1
    access-list vpnnet_access_in remark SLIMPS VPN access to abc02SLIMPS2
    access-list vpnnet_access_in remark for abc06SLIMPS1
    access-list vpnnet_access_in remark for abc06SLIMPS1
    access-list vpnnet_access_in remark VPNNET Windows Port 135 Netbios
    access-list vpnnet_access_in remark VPNNET Windows Port 137 Netbios Name Service
    access-list vpnnet_access_in remark VPNNET Windows Port 138 Netbios Datagram
    access-list vpnnet_access_in remark VPNNET Windows Port 139 Netbios Session Service
    access-list vpnnet_access_in remark VPNNET Windows Port 445 Server Message Block
    access-list vpnnet_access_in remark VPNNET Windows Port 389 Lightweight Directory Access Protocol
    access-list vpnnet_access_in remark VPNNET Windows Port 389 Lightweight Directory Access Protocol
    access-list vpnnet_access_in remark VPNNET Windows Port 88 Kerberos
    access-list vpnnet_access_in remark VPNNET Windows Port 88 Kerberos
    access-list vpnnet_access_in remark VPNNET Windows Port 1433 Windows Sql Server
    access-list vpnnet_access_in remark VPNNET Windows Port 9000 Static RPC Port
    access-list vpnnet_access_in remark VPNNET Windows Port 9000 Static RPC Port
    access-list vpnnet_access_in remark VPNNET Windows Port 9001 Static RPC Port
    access-list vpnnet_access_in remark VPNNET Windows Port 9001 Static RPC Port
    access-list vpnnet_access_in remark VPNNET Windows Port 4000 Status NTDS Port
    access-list vpnnet_access_in remark VPNNET Windows TCP Domain Name Service
    access-list vpnnet_access_in remark VPNNET Windows UDP Domain Name Service
    access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
    access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
    access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
    access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
    access-list vpnnet_access_in remark VPNNET Outbound Web
    access-list vpnnet_access_in remark VPNNET Outbound Secure Web
    access-list vpnnet_access_in remark VPNNET Outbound FTP
    access-list vpnnet_access_in remark VPNNET ICMP Echo
    access-list vpnnet_access_in remark VPNNET ICMP Echo-Reply
    access-list vpnnet_access_in remark RDP for ISA
    access-list vpnnet_access_in remark Allow access after Exemption from nat to inside network
    access-list vpnnet_access_in remark talin test
    access-list dmz_access_in remark isa to SLIMPS1 vote portal
    access-list dmz_access_in extended permit tcp host 192.168.2.20 host 192.168.2.10 eq 8200
    access-list dmz_access_in extended permit udp host 192.168.2.101 host 12.18.13.1 eq ntp
    access-list dmz_access_in remark ISA to SLIMPS Dev
    access-list dmz_access_in extended permit tcp host 192.168.2.14 host 12.18.13.33 eq www inactive
    access-list dmz_access_in remark ClearSwift TRUSTmanager Reputations server &
    access-list dmz_access_in remark Broadcasting of greylisting data to peer Gateway
    access-list dmz_access_in extended permit udp host Email_Gateway any eq 8007
    access-list dmz_access_in remark ClearSwift TRUSTmanager Reputations server &
    access-list dmz_access_in remark Broadcasting of greylisting data to peer Gateway
    access-list dmz_access_in extended permit udp host Email_Gateway any eq 19200
    access-list dmz_access_in remark NTP Email Gateway
    access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 host FileServer_DNS eq ntp
    access-list dmz_access_in remark FTP
    access-list dmz_access_in extended permit tcp host Email_Gateway host FileServer_DNS eq ftp
    access-list dmz_access_in remark ldap
    access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 host 192.168.2.78
    access-list dmz_access_in remark ldap
    access-list dmz_access_in extended permit udp host SharePoint gt 1023 host 192.168.2.78
    access-list dmz_access_in remark HTTP for Email_Gateway
    access-list dmz_access_in extended permit object-group TCPUDP host Email_Gateway host FileServer_DNS object-group DNS
    access-list dmz_access_in remark HTTP for Email_Gateway
    access-list dmz_access_in extended permit tcp host Email_Gateway host FileServer_DNS eq ldap
    access-list dmz_access_in remark HTTP for Email_Gateway
    access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 host 192.168.2.78 eq www inactive
    access-list dmz_access_in remark HTTPS access to the Clearswift Update Server
    access-list dmz_access_in extended permit tcp Inside_Subnet 255.255.255.0 gt 1023 host Email_Gateway eq https inactive
    access-list dmz_access_in remark HTTP for SharePoint
    access-list dmz_access_in extended permit tcp host SharePoint host FileServer_DNS eq ldap
    access-list dmz_access_in remark LDAP Communication for Email Gateway
    access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 host 192.168.2.78 object-group DM_INLINE_TCP_1
    access-list dmz_access_in remark LDAP Communication
    access-list dmz_access_in extended permit tcp host SharePoint gt 1023 host 192.168.2.78 eq 3268
    access-list dmz_access_in remark DMZ DNS Forwarding to Outside
    access-list dmz_access_in extended permit udp host PublicDNS object-group InternetDNS object-group DNS
    access-list dmz_access_in remark DMZ DNS Forwarding to Outside for Email Gateway
    access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 object-group InternetDNS object-group DNS
    access-list dmz_access_in remark DMZ ISA DNS Forwarding to Outside
    access-list dmz_access_in extended permit udp host 192.168.2.15 gt 1023 object-group InternetDNS object-group DNS
    access-list dmz_access_in remark DMZ DNS Forwarding to Outside
    access-list dmz_access_in extended permit udp host SharePoint gt 1023 object-group InternetDNS object-group DNS
    access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
    access-list dmz_access_in extended permit udp host abc_WEB gt 1023 object-group InternetDNS object-group DNS
    access-list dmz_access_in remark DMZ DNS Forwarding to Outside for Email Gateway
    access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 object-group InternetDNS object-group DNS
    access-list dmz_access_in remark DMZ DNS Forwarding to Outside
    access-list dmz_access_in extended permit tcp host SharePoint gt 1023 object-group InternetDNS object-group DNS inactive
    access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
    access-list dmz_access_in extended permit tcp host PublicDNS gt 1023 any eq https
    access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
    access-list dmz_access_in extended permit tcp host PublicDNS2 gt 1023 any eq https
    access-list dmz_access_in remark DMZ DNS Outbound https Web
    access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 object-group InternetDNS object-group DNS inactive
    access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
    access-list dmz_access_in extended permit udp host PublicDNS gt 1023 object-group InternetDNS object-group DNS
    access-list dmz_access_in remark Public DNS server.
    access-list dmz_access_in extended permit tcp host PublicDNS2 gt 1023 object-group InternetDNS object-group DNS
    access-list dmz_access_in remark Public DNS Server
    access-list dmz_access_in extended permit tcp host PublicDNS gt 1023 any eq www
    access-list dmz_access_in remark Public DNS Server
    access-list dmz_access_in extended permit tcp host PublicDNS2 gt 1023 any eq www
    access-list dmz_access_in remark DMZ Public DNS Outbound Web
    access-list dmz_access_in remark DMZ Public DNS Outbound Web
    access-list dmz_access_in remark DMZ Public  DNS to Outside
    access-list dmz_access_in remark DMZ DNS to Outside
    access-list dmz_access_in remark DMZ Public DNS Outbound Web
    access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.73 eq www
    access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
    access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.73 eq www
    access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
    access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.75 eq www
    access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
    access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.75 eq www
    access-list dmz_access_in remark DMZ DNS FTP for Email Gateway
    access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq ftp
    access-list dmz_access_in remark DMZ DNS Outbound Web for Email Gateway
    access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq www
    access-list dmz_access_in remark DMZ ISA DNS Outbound Web
    access-list dmz_access_in extended permit tcp host 192.168.2.15 gt 1023 any eq www
    access-list dmz_access_in remark DMZ DNS Outbound Web
    access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq www
    access-list dmz_access_in remark For Email  Gateway
    access-list dmz_access_in extended permit icmp host Email_Gateway host 12.18.13.1
    access-list dmz_access_in remark ISA
    access-list dmz_access_in extended permit icmp host 192.168.2.15 host 12.18.13.1
    access-list dmz_access_in extended permit icmp host SharePoint host 12.18.13.1
    access-list dmz_access_in remark DMZ DNS Outbound Web
    access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 any eq www
    access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 any eq www
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
    access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.73 eq ftp inactive
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
    access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.73 eq ftp
    access-list dmz_access_in remark DMZ DNS Outbound FTP
    access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq ftp inactive
    access-list dmz_access_in remark DMZ DNS Outbound FTP
    access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 any eq ftp
    access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
    access-list dmz_access_in extended permit tcp host SharePoint host 192.168.2.73 eq smtp
    access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
    access-list dmz_access_in extended permit tcp host Email_Gateway host 192.168.2.77 eq smtp
    access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
    access-list dmz_access_in extended permit tcp host Email_Gateway host Exch10 eq smtp
    access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
    access-list dmz_access_in extended permit tcp host Email_Gateway host abc06ex2 eq smtp
    access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
    access-list dmz_access_in extended permit tcp host SharePoint host abc06ex2 eq smtp inactive
    access-list dmz_access_in remark DMZ DNS Inbound Web Shield Relay SMTP
    access-list dmz_access_in extended permit tcp host SharePoint gt 1023 host 192.168.2.75 eq smtp inactive
    access-list dmz_access_in remark Mailsweeper access to FE Server
    access-list dmz_access_in extended permit tcp host SharePoint gt 1023 host 192.168.2.11 eq smtp inactive
    access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 host 192.168.2.73 eq smtp
    access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 host 192.168.2.75 eq smtp
    access-list dmz_access_in remark DMZ EMail Gateway outbound delivery
    access-list dmz_access_in extended permit tcp host Email_Gateway any eq smtp
    access-list dmz_access_in remark DMZ Mail Sweeper outbound delivery
    access-list dmz_access_in extended permit tcp host SharePoint any eq smtp inactive
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
    access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.73 eq https inactive
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
    access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.73 eq https
    access-list dmz_access_in remark DMZ DNS Outbound HTTPS for Email Gateway
    access-list dmz_access_in extended permit udp host Email_Gateway object-group EmailGateway any eq 8007
    access-list dmz_access_in remark DMZ DNS Outbound HTTPS for Email Gateway
    access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq https
    access-list dmz_access_in remark DMZ DNS Outbound HTTPS
    access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq https
    access-list dmz_access_in remark DMZ DNS Outbound HTTPS
    access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 any eq https inactive
    access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 any eq https inactive
    access-list dmz_access_in remark DMZ DNS Outbound SMTP to Internet
    access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq smtp inactive
    access-list dmz_access_in remark for ISA
    access-list dmz_access_in extended permit tcp host 192.168.2.20 gt 1023 any eq www
    access-list dmz_access_in remark for ISA
    access-list dmz_access_in extended permit tcp host 192.168.2.20 gt 1023 any eq https
    access-list dmz_access_in extended permit object-group TCPUDP host SharePoint Inside_Subnet 255.255.255.0 eq domain
    access-list dmz_access_in extended permit icmp host SharePoint Inside_Subnet 255.255.255.0
    access-list dmz_access_in extended permit ip host abc11ids any
    access-list dmz_access_in extended permit ip Inside_Subnet 255.255.255.0 any
    access-list dmz_access_in remark Explicit Rule
    access-list dmz_access_in extended deny ip any any
    access-list dmz_access_in remark isa to SLIMPS1 vote portal
    access-list dmz_access_in remark ISA to SLIMPS Dev
    access-list dmz_access_in remark ldap
    access-list dmz_access_in remark LDAP Communication
    access-list dmz_access_in remark DMZ DNS Forwarding to Outside
    access-list dmz_access_in remark DMZ DNS Forwarding to Outside
    access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
    access-list dmz_access_in remark DMZ DNS Forwarding to Outside
    access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
    access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
    access-list dmz_access_in remark DMZ DNS Outbound https Web
    access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
    access-list dmz_access_in remark Public DNS server.
    access-list dmz_access_in remark Public DNS Server
    access-list dmz_access_in remark Public DNS Server
    access-list dmz_access_in remark DMZ Public DNS Outbound Web
    access-list dmz_access_in remark DMZ Public  DNS to Outside
    access-list dmz_access_in remark DMZ DNS to Outside
    access-list dmz_access_in remark DMZ Public DNS Outbound Web
    access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
    access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
    access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
    access-list dmz_access_in remark DMZ DNS Outbound Web
    access-list dmz_access_in remark DMZ DNS Outbound Web
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
    access-list dmz_access_in remark DMZ DNS Outbound FTP
    access-list dmz_access_in remark DMZ DNS Outbound FTP
    access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
    access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
    access-list dmz_access_in remark DMZ DNS Inbound Web Shield Relay SMTP
    access-list dmz_access_in remark Mailsweeper access to FE Server
    access-list dmz_access_in remark DMZ Mail Sweeper outbound delivery
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
    access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
    access-list dmz_access_in remark DMZ DNS Outbound HTTPS
    access-list dmz_access_in remark DMZ DNS Outbound HTTPS
    access-list dmz_access_in remark DMZ DNS Outbound SMTP to Internet
    access-list dmz_access_in remark for ISA
    access-list dmz_access_in remark for ISA
    access-list dmz_access_in remark Explicit Deny All
    access-list testinside_access_in remark Deny IP Traffic from Test to Production DMZ
    access-list testinside_access_in remark Allow all other Traffic to Outside
    access-list testinside_access_in remark Deny IP Traffic from Test to Production DMZ
    access-list testinside_access_in remark Allow all other Traffic to Outside
    access-list vpnnet_nat0_outbound extended permit ip VPN_Subnet 255.255.255.0 Inside_Subnet 255.255.255.0
    access-list vpnnet_nat0_outbound extended permit ip VPN_Subnet 255.255.255.0 NEW_VPN_POOL 255.255.255.0
    access-list inside_nat0_outbound extended permit ip Inside_Subnet 255.255.255.0 host Email_Gateway
    access-list inside_nat0_outbound remark SharePoint
    access-list inside_nat0_outbound extended permit ip Inside_Subnet 255.255.255.0 host SharePoint
    access-list inside_nat0_outbound extended permit ip Inside_Subnet 255.255.255.0 NEW_VPN_POOL 255.255.255.0
    access-list dmz_nat0_outbound remark For Email Gateway
    access-list dmz_nat0_outbound extended permit ip host Email_Gateway Inside_Subnet 255.255.255.0
    access-list dmz_nat0_outbound remark Sharepoint
    access-list dmz_nat0_outbound extended permit ip host SharePoint Inside_Subnet 255.255.255.0
    access-list dmz_nat0_outbound extended permit ip DMZ_Subnet 255.255.255.0 NEW_VPN_SUBNET 255.255.255.0
    access-list dmz_nat0_outbound extended permit ip DMZ_Subnet 255.255.255.0 NEW_VPN_POOL 255.255.255.0
    access-list capture_acl extended permit ip host 12.18.13.33 host 12.18.13.180
    access-list capture_acl extended permit ip host 12.18.13.180 host 12.18.13.33
    access-list cap_acl extended permit ip host 192.168.2.14 host 12.18.13.180
    access-list cap_acl extended permit ip host 12.18.13.180 host 192.168.2.14
    access-list 213 extended permit ip host SharePoint host 192.168.2.21
    access-list asainside_access_in remark permit traffic from the new ASA
    access-list asainside_access_in extended permit ip 192.168.100.0 255.255.255.0 Inside_Subnet 255.255.255.0
    access-list asainside_access_in extended permit ip 192.168.4.0 255.255.255.0 Inside_Subnet 255.255.255.0
    access-list asainside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 Inside_Subnet 255.255.255.0
    access-list asainside_nat0_outbound extended permit ip 192.168.4.0 255.255.255.0 Inside_Subnet 255.255.255.0
    access-list acl_cap extended permit ip host 192.168.100.1 host 192.168.4.1
    access-list acl_cap extended permit ip host 192.168.4.1 host 192.168.100.1
    access-list abcdONE_splitTunnelAcl standard permit Inside_Subnet 255.255.255.0
    access-list abcdONE_splitTunnelAcl standard permit DMZ_Subnet 255.255.255.0
    access-list abcdONE_splitTunnelAcl standard permit 172.16.1.0 255.255.255.0
    access-list oobnet_access_in extended permit ip any Inside_Subnet 255.255.255.0
    access-list VMman_nat0_outbound extended permit ip 172.16.1.0 255.255.255.0 Inside_Subnet 255.255.255.0
    access-list Internal_LAN_access_in extended permit object-group TCPUDP any object-group InternetDNS object-group DNS
    access-list Internal_LAN_access_in extended permit ip any any
    snmp-map mysnmpmap
    pager lines 30
    logging enable
    logging timestamp
    logging monitor informational
    logging buffered informational
    logging trap debugging
    logging history warnings
    logging asdm debugging
    logging mail informational
    logging from-address [email protected]
    logging recipient-address [email protected] level errors
    logging device-id ipaddress outside
    logging host vpnnet VPNNET_DNS
    logging host inside abc09ic
    logging host inside 192.168.1.60
    mtu outside 1500
    mtu inside 1500
    mtu dmz 1500
    mtu vpnnet 1500
    mtu asainside 1500
    mtu testinside 1500
    mtu inside_new 1500
    mtu Internal_LAN 1500
    mtu oobnet 1500
    ip local pool VPNPOOL 192.168.101.1-192.168.101.254 mask 255.255.255.0
    ip local pool NEW_VPN_POOL 192.168.77.10-192.168.77.240 mask 255.255.255.0
    ip verify reverse-path interface outside
    ip verify reverse-path interface inside
    ip verify reverse-path interface dmz
    ip verify reverse-path interface vpnnet
    ip verify reverse-path interface asainside
    ip audit name Outside attack action drop
    ip audit interface outside Outside
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    asdm image disk0:/asdm-621.bin
    asdm history enable
    arp outside 12.18.13.20 0024.c4e9.4764
    arp timeout 14400
    global (outside) 1 12.18.13.21 netmask 255.255.255.255
    global (outside) 2 12.18.13.22 netmask 255.255.255.255
    global (outside) 3 12.18.13.23 netmask 255.255.255.255
    global (outside) 4 12.18.13.24 netmask 255.255.255.255
    global (outside) 5 12.18.13.25 netmask 255.255.255.255
    global (inside) 1 interface
    global (dmz) 1 192.168.2.21 netmask 255.255.255.255
    global (dmz) 3 192.168.2.23 netmask 255.255.255.255
    global (dmz) 4 192.168.2.24 netmask 255.255.255.255
    global (dmz) 5 192.168.2.25 netmask 255.255.255.255
    global (vpnnet) 1 192.168.3.21 netmask 255.255.255.255
    nat (outside) 1 NEW_VPN_POOL 255.255.255.0
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 Inside_Subnet 255.255.255.0
    nat (dmz) 0 access-list dmz_nat0_outbound
    nat (dmz) 2 DMZ_Subnet 255.255.255.0
    nat (vpnnet) 0 access-list vpnnet_nat0_outbound
    nat (vpnnet) 3 VPN_Subnet 255.255.255.0
    nat (asainside) 0 access-list asainside_nat0_outbound
    nat (asainside) 1 192.168.4.0 255.255.255.0
    nat (oobnet) 0 access-list VMman_nat0_outbound
    static (dmz,outside) 12.18.13.31 VPN_3005 netmask 255.255.255.255
    static (inside,vpnnet) 192.168.3.72 FileServer_DNS netmask 255.255.255.255
    static (inside,vpnnet) 192.168.3.74 SQLServer netmask 255.255.255.255
    static (inside,vpnnet) 192.168.3.73 Email_DNS netmask 255.255.255.255
    static (inside,vpnnet) 192.168.3.76 FileServer_NAS netmask 255.255.255.255 dns
    static (inside,vpnnet) 192.168.3.80 abcSLIMPS1 netmask 255.255.255.255 dns
    static (inside,dmz) 192.168.2.73 Email_DNS netmask 255.255.255.255
    static (inside,dmz) 192.168.2.77 abc06ex2 netmask 255.255.255.255
    static (dmz,outside) 12.18.13.13 Email_Gateway netmask 255.255.255.255
    static (dmz,outside) 12.18.13.14 abc_WEB netmask 255.255.255.255
    static (outside,inside) VTC VTC_Outside netmask 255.255.255.255
    static (dmz,outside) 12.18.13.15 192.168.2.101 netmask 255.255.255.255
    static (inside,outside) 12.18.13.19 abc09ic netmask 255.255.255.255
    static (inside,outside) 12.18.13.42 SharePoint netmask 255.255.255.255
    static (inside,dmz) 192.168.2.78 FileServer_DNS netmask 255.255.255.255
    static (inside,outside) 12.18.13.32 Exch10 netmask 255.255.255.255
    static (inside,dmz) 192.168.2.10 abcSLIMPS1 netmask 255.255.255.255
    static (inside,dmz) 192.168.2.11 abc02EX2 netmask 255.255.255.255
    static (inside,vpnnet) 192.168.3.11 abc02EX2 netmask 255.255.255.255
    static (inside,vpnnet) 192.168.3.81 192.168.1.155 netmask 255.255.255.255
    static (inside,vpnnet) 192.168.3.82 192.168.1.28 netmask 255.255.255.255 dns
    static (inside,dmz) 192.168.2.13 192.168.1.13 netmask 255.255.255.255
    static (inside,outside) VTC_Outside VTC netmask 255.255.255.255
    static (inside,outside) 12.18.13.33 192.168.1.13 netmask 255.255.255.255
    static (inside,outside) 12.18.13.41 abcSLIMPS1 netmask 255.255.255.255
    static (inside,outside) 12.18.13.222 ExternalDNS netmask 255.255.255.255
    static (inside,Internal_LAN) Inside_Subnet Inside_Subnet netmask 255.255.255.0
    static (Internal_LAN,inside) 172.168.1.0 172.168.1.0 netmask 255.255.255.255
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    access-group dmz_access_in in interface dmz
    access-group vpnnet_access_in in interface vpnnet
    access-group asainside_access_in in interface asainside
    access-group Internal_LAN_access_in in interface Internal_LAN
    access-group oobnet_access_in in interface oobnet
    route outside 0.0.0.0 0.0.0.0 12.18.13.1 1
    route asainside 192.168.100.0 255.255.255.0 192.168.4.2 1
    timeout xlate 1:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server abc.com protocol nt
    aaa-server abc.com (inside) host 192.168.1.2
    nt-auth-domain-controller abc12dc1
    aaa-server abc.com (inside) host Email_DNS
    nt-auth-domain-controller abc12dc2
    aaa authentication ssh console LOCAL
    aaa authentication enable console LOCAL
    http server enable
    http 10.0.0.0 255.255.255.0 outside
    http Inside_Subnet 255.255.255.0 outside
    http Inside_Subnet 255.255.255.0 inside
    http VPN_Subnet 255.255.255.0 vpnnet
    snmp-server group Authentication_Only v3 auth
    snmp-server group Authentication&Encryption v3 priv
    snmp-server user mkaramat Authentication&Encryption v3 encrypted auth md5 25:57:33:8a:86:b0:fc:71:36:5f:de:3d:83:35:eb:d4 priv aes 128 25:57:33:8a:86:b0:fc:71:36:5f:de:3d:83:35:eb:d4
    snmp-server host inside 192.168.1.60 version 3 mkaramat udp-port 161
    no snmp-server location
    no snmp-server contact
    snmp-server community *****
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    no service resetoutbound interface outside
    no service resetoutbound interface inside
    no service resetoutbound interface dmz
    no service resetoutbound interface vpnnet
    no service resetoutbound interface asainside
    no service resetoutbound interface testinside
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map inside_map interface inside
    crypto map oobnet_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map oobnet_map interface oobnet
    crypto isakmp enable outside
    crypto isakmp enable inside
    crypto isakmp enable inside_new
    crypto isakmp enable oobnet
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    no crypto isakmp nat-traversal
    telnet 12.18.13.0 255.255.255.0 outside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh Inside_Subnet 255.255.255.0 inside
    ssh VPN_Subnet 255.255.255.0 vpnnet
    ssh timeout 30
    ssh version 1
    console timeout 0
    dhcpd auto_config inside
    dhcpd dns 192.168.1.2 Email_DNS interface oobnet
    dhcpd domain abc.com interface oobnet
    dhcpd option 3 ip 172.16.0.1 interface oobnet
    threat-detection basic-threat
    threat-detection statistics
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    ntp server 192.43.244.18 source outside prefer
    tftp-server vpnnet 192.168.3.10 /
    webvpn
    group-policy DfltGrpPolicy attributes
    vpn-idle-timeout 60
    group-policy abcdONEVPN internal
    group-policy abcdONEVPN attributes
    dns-server value 192.168.1.7 192.168.1.3
    vpn-tunnel-protocol IPSec
    default-domain value abc
    group-policy abcdONE internal
    group-policy abcdONE attributes
    dns-server value 192.168.1.7 192.168.1.3
    vpn-idle-timeout 30
    vpn-tunnel-protocol IPSec l2tp-ipsec
    split-tunnel-policy tunnelall
    split-tunnel-network-list value abcdONE_splitTunnelAcl
    default-domain value abc.com
    service-type remote-access
    service-type remote-access
    tunnel-group abcdONE type remote-access
    tunnel-group abcdONE general-attributes
    address-pool NEW_VPN_POOL
    default-group-policy abcdONE
    tunnel-group abcdONE ipsec-attributes
    pre-shared-key *
    isakmp keepalive disable
    tunnel-group abcdONE ppp-attributes
    authentication pap
    authentication ms-chap-v2
    authentication eap-proxy
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map type inspect ipsec-pass-thru VPN
    parameters
      esp
      ah
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect http
      inspect icmp
    policy-map type inspect dns migrated_dns_map_1
    parameters
      message-length maximum 512
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:02e178404b46bb8758b23aea638d2f24
    : end
    asdm image disk0:/asdm-621.bin
    asdm location NEW_VPN_POOL 255.255.255.0 inside
    asdm location abc09ic 255.255.255.255 inside
    asdm location VTC 255.255.255.255 inside
    asdm location Email_Gateway 255.255.255.255 inside
    asdm location Exch10 255.255.255.255 inside
    asdm location ExternalDNS 255.255.255.255 inside
    asdm location abc11ids 255.255.255.255 inside
    asdm history enable

    Hi,
    Could you let me know if you  have tried the configuration I originally suggested. I mean creating a  "nat" statement for the "Internal_LAN" thats ID number matches one of  the existing "global" or make a new "global" for  it. And also if the "Internal_LAN" needs to access "inside" you could  have added the "static" command suggested.
    It seems there has been some  other suggestions in between that  have again suggested completely  different things. I would have been  interested to know what the  situation is after the suggested changes  before going and  doing something completely different.
    If you are changing a lot of NAT configurations for the new "Internal_LAN" interface I would suggest checking the output of
    show xlate | inc 172.168.1
    To see if you need to use some  variant of the "clear xlate" command to clear old translations still  active on the firewall. You should not use the "clear xlate" without  additional parameters as otherwise it clears all  translations on the firewall in the mentioned form of the command
    You can use
    clear xlate ?
    To view the different optional parameters for the command
    - Jouni

  • Can't login to local NON-admin accounts-Directory Access set to server

    I have a strange problem on a set of laptops that I cannot resolve and am hoping someone can help me.
    Here is the issue:
    I have a set of building laptops (PowerPC, OSX.4.11) that seemingly will not "search locally" in the authentication process. The logins seem to work fine for NETWORK logins to our Open Directory Master xserve, but these machines will not login to any LOCAL non-admin accounts. The local root and local admin account logins do, however, work fine. ?? The remainder of the building computers (Intel iMacs OSX.4.11) appear to have the exact same settings and login fine both locally and via the network home directories.
    I have tried the following:
    Deleted DirectoryService preferences folder (MacintoshHD-->Library-->Preferences->DirectoryService)
    Deleted the mcx cache in Directory Access
    Tried adding a new non-admin user to test (still will not login)
    Removed and re-created LDAP configuration (all set to custom)
    Tried setting the LDAP to the automatic settings ("Add DHCP-supplied LDAP servers to automatic search policies")
    Disabled all network connectivity (turned off Airport and disconnected the ethernet cable), still cannot login to local accounts
    Tried to bind in LDAP configuration (when I did bind the machine, it would no longer authenticate to the network authentication server, so I did an "unbind" and restarted and it went back to performing the network logins, but still will not login to local non-admin accounts).
    Reset passwords in System Prefs and also re-typed them in NetInfo Manager
    Deleted login keychains
    Deleted mcx.plist
    Reinstalled the OS from disk and local logins worked TEMPORARILY--UNTIL I set the LDAP directory access to authenticate to our server (which I also need for the network logins to work),then, the issue started again.
    *Same results with both ethernet and wireless connectivity enabled.
    *Note: I also manage these local accounts via WGM (installed on the local machine) and even tried disabling that and still no luck.
    Please help...I have spent hours and hours trying to find a solution and nothing seems to work! What am I missing??

    Mostly just a bump...
    How about that .local extension, or trailing / ?

  • LDAP and ORACLE 10g

    I have a lot of users in my application (say 10000) and I need to access DB for each of them with there own username and password.
    I store my users in a LDAP, how can I use it to authenticate these users on DB.
    Will there be a problem with creation of schema for every user in my LDAP, course I don't need this?

    Hi DanielD,
    the first steps I would take are:
    1) from the Oracle box, run
    ldapsearch -D 'CN=TEST_USER,OU=HRusers,DC=ad,DC=fgfield,DC=COM' -w TEST_PASSWORD -h MY_LDAP_HOST -b "" -s base objectclass=\*
    to make sure that there are no name resolution/firewall/etc issues.
    If that passes, then I would use 'tail -f' on the LDAP server access log and try to authenticate in Oracle see if the BIND request is reaching the LDAP server and if the request completes without error on the LDAP side.

  • Using the DBMS_LDAP PL/SQL package to access OID images

    Hey,
    I have built a script using LDAP to access the OID information for all the Portal users and store that information in a regular table in my database, but I am having some trouble retrieving the images associated with each user, so I was wondering if someone could help me out with a code example or point me in the right direction in how I could do this.
    Thanks

    I am seaching for a similar solution. Any ideas please?

  • LDAP Configuration Error

    Initial context factory: com.sun.jndi.ldap.LdapCtxFactory
    Provider URL: ldap://wus.contatan.local:38486/cn=workflowusers,dc=contatan,dc=local
    Username: admin
    Password: admin
    Search filter:
    Search context:
    Scope: null
    Nested context:
    Base DN: null
    RequiredAttributes
    Exception:null
    Please help for this error,
    Test tab on Action properties gives
    [LDAP Error Code :34, Invalid DN]
    Neither can we get the Base DN populated from "refresh" button...
    On console , we get
    Exception occurred during event dispatching:
    java.lang.NullPointerException
    at com.avoka.workflow.qpac.ldap.LdapPanel.getBaseDNs(LdapPanel.java:1385
    at com.avoka.workflow.qpac.ldap.LdapPanel.populateComboBoxDns(LdapPanel.
    java:1371)
    at com.avoka.workflow.qpac.ldap.LdapPanel.access$700(LdapPanel.java:58)
    at com.avoka.workflow.qpac.ldap.LdapPanel$9.actionPerformed(LdapPanel.ja
    va:1356)
    at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Sour
    ce)
    at java.awt.Component.processMouseEvent(Unknown Source)
    at javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.awt.Component.processEvent(Unknown Source)
    at java.awt.Container.processEvent(Unknown Source)
    at java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Window.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.Dialog$1.run(Unknown Source)
    at java.awt.Dialog.show(Unknown Source)
    at com.adobe.workflow.saf.SAFApplication.showDialog(SAFApplication.java:
    350)
    at com.adobe.workflow.tools.processdesigner.QPACContainer.showDialog(QPA
    CContainer.java:104)
    at com.adobe.workflow.pat.gui.PATBaseDialog.showComponent(PATBaseDialog.
    java:207)
    at com.adobe.workflow.pat.gui.PATBaseCustomPanel.showComponent(PATBaseCu
    stomPanel.java:351)
    at com.adobe.workflow.tools.processdesigner.template.ProcessTemplateView
    .editAction(ProcessTemplateView.java:418)
    at com.adobe.workflow.tools.processdesigner.template.ActionNode.doMouseD
    blClick(ActionNode.java:235)
    at com.nwoods.jgo.JGoView.doMouseDblClick(Unknown Source)
    at com.nwoods.jgo.JGoView.onMouseReleased(Unknown Source)
    at com.nwoods.jgo.JGoView$JGoViewCanvas.mouseReleased(Unknown Source)
    at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
    at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
    at java.awt.Component.processMouseEvent(Unknown Source)
    at javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.awt.Component.processEvent(Unknown Source)
    at java.awt.Container.processEvent(Unknown Source)
    at java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Un

    I think the problem is the username you are using. You likely need to specify the DN of the user that you want to bind as (assuming you don't want to anonymously bind, in which case leave it blank), instead of a common username like Admin.
    Also, change your provider URL to just: ldap://wus.contatan.local:38486
    Chris
    Adobe Enterprise Developer Support

  • Authorization Scheme based on a group in LDAP?

    Hi,
    I would like to write an Authorization Scheme that checks whether a user (authenticated via a Authentication scheme based on LDAP) is a member of a specific group in LDAP, for access control.
    I can't seem to find documentation or an example of this. Would appreciate any tips or links to docs and examples....
    Thanks!

    I came across this nice example from the docs for the authorization scheme using the "IS_MEMBER Function".
    http://download.oracle.com/docs/cd/E17556_01/doc/apirefs.40/e15519/apex_ldap.htm#CDEJAAEI
    Very straightforward....
    However, my question now is, how would I tie this in to my authentication scheme?
    One Page Secured by > Authorization scheme (APEX_LDAP.IS_MEMBER) > From a user authenticated by my Authentication Scheme From LDAP directory?
    How would I tie these two schemes together?
    Thanks in advance for any help offered....

  • Address book ldap problems

    Hi. My organization uses a domain controller server on port 3268 for ldap/GAL access. In the past I have had intermitant problems accessing the GAL through address book and the mail app. The last time this happened I trashed some pref files and got it working again. Since upgrading to Mountain Lion, it is not working again. I've tried trashing various plist files, but none have seemed to help. I've been doing this over the last few weeks so I can't specifically list which plist files I've tried.
    If anyone has a solution or any suggestions I would appreciate it. If there is a way to see at what level it is failing that would be helpful too. It does not show up in the Mail activity window.
    Thanks

    Hi Jay,
    It is a Outlook 2003 problem.. the way around it is:
    Open registry editor.
    a. Find the following registry key.
    HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook
    b. Edit --> New -->Key
    c. Input "ldap" and press Enter key.
    HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\LDAP
    1.Edit --> New -->[DWORD]
    6. Input "NoDisplayNameSearch" ane press Enter key.
    7. Right click the above and click "change".
    8. Input "1" to [data value] and press [OK]
    9. Edit --> New -->[DWORD]
    10.Input "DisableVLVBrowsing" and press Enter key
    11. Right click the above and click "change".
    12. Input "1" to [data value] and press [OK]
    13. Close the registry editor.

  • Getting Sun Calendar (csconfigurator.sh/comm_dssetup.pl) - my LDAP server

    I currently am trying to install a Sun Calendar server on a CentOS4
    machine which has working kerberos/ldap server access. Unfortunately
    when I try to run the csconfigurator script, despite correct entries
    and connections verified through 'ldapsearch' on a command line, I
    receive a protocol error #2 when csconfigurator tries to verify the
    connection to the LDAP server.
    I am using openldap on a ubuntu instance for the kerberos/ldap server,
    I believe that it is using v3 of LDAP. Is there anything in
    particular I need to know about how Calendar wants to access LDAP? I
    know that I saw a lot of documentation referring to Sun's Directory
    Server; all of the documentation that I dug up on this gave me the
    impression that it was just a standard LDAP server, thus leading me to
    believe that my current LDAP server should work alright.
    I would appreciate any pointers in the right direction or tips, and
    I'm certainly able to cut 'n paste any information that would be
    applicable to this issue. I really need to try to get this calendar
    server online as fast as possible, but the documentation that I've
    found seems to gloss over some of the areas where I'm having issues.
    Thanks for your time!
    -Damon Getsman

    You didn't mention which LDAP server you are using, however, JCS is really designed to work with Sun Directory Server.
    That isn't to say that one could not run JCS against OpenLDAP, etc but you would need to potentially modify the schema files that are part of comm_dssetup.pl
    The JCS 5 release notes contain product requirements:
    [http://docs.sun.com/app/docs/doc/819-4439/6n6jehs0r?a=view]
    The sequence is to install LDAP (nominally Sun DSEE), run comm_dssetup.pl, and then install Calendar Server against your LDAP instance.

  • Help needed to figure out URL and username for the LDAP server

    Given that LDAP directory parameters as follows, how can i identify the exact parameters to be used in my LDAP service access Java code. Im using JNDI to access a LDAP server given by an Ip address (say, 10.1.1.20) and the port number (say, 389)
    Given: -D "cn=mycn,ou=mystaff,o=myorg,dc=test,dc=my,dc=org" -w secret
    Heres my sample Java code
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "<URL>");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "<PRINCIPAL>");
    env.put(Context.SECURITY_CREDENTIALS, "secret");
    ctx = new InitialDirContext(env);
    SearchControls controls = new SearchControls();
    controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    results = ctx.search("ou=mystaff,o=myorg", null);Could any one please help me to recognize what will be the values to be comes to URL, and PRINCIPAL , so that i can search all the objects inside "ou"
    Note: Actually i tried several times, bt i was getting "Invalid Credentials" exception.. i doubt that is because the URL or the user name i gave was not syntactically correct. Thats y i need to verify with you all.
    Thanks in advance
    Saj

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "<URL>");env.put(Context.PROVIDER_URL, "ldap://10.1.1.20:389");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "<PRINCIPAL>");env.put(Context.SECURITY_PRINCIPAL, "cn=mycn,ou=mystaff,o=myorg,dc=test,dc=my,dc=org");
    env.put(Context.SECURITY_CREDENTIALS, "secret");
    ctx = new InitialDirContext(env);
    SearchControls controls = new SearchControls();
    controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    results = ctx.search("ou=mystaff,o=myorg", null);

  • Cannot start BI services after configuring LDAP integration

    Hi all,
    After configuring LDAP integration with OBIEE , I have stopped all BI services and started again. It throws following error:
    <Nov 24, 2012 2:05:16 PM AST> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see th
    ption stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to
    ore information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider>
    <Nov 24, 2012 2:05:16 PM AST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializatio
    tion: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root c
    If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps
    ception: [PolicyUtil] Exception while getting default policy Provider
    weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception
    trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more in
    ion. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
            at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
            at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
            at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
            at weblogic.security.SecurityService.start(SecurityService.java:141)
            at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
            Truncated. see log file for complete stacktrace
    Caused By: oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provid
            at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:293)
            at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
            at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
            Truncated. see log file for complete stacktrace
    Caused By: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
            at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:899)
            at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
            at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
            at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
            Truncated. see log file for complete stacktrace
    Caused By: java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
            at java.security.AccessController.doPrivileged(Native Method)
            at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
            at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
            at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
            at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
            Truncated. see log file for complete stacktrace
    Caused By: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
            at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:860)
            at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:844)
            at java.security.AccessController.doPrivileged(Native Method)
            at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
            at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
            Truncated. see log file for complete stacktrace
    Caused By: oracle.security.jps.service.idstore.IdentityStoreException: JPS-00056: Failed to create identity store service instance idstore.ldap.
    er:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
    The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
            at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getIdStoreConfig(LdapIdentityStoreProvider.java:195)
            at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.access$300(LdapIdentityStoreProvider.java:70)
            at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider$NoLibOvd.getInstance(LdapIdentityStoreProvider.java:242)
            at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:114)
            at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:70)
            Truncated. see log file for complete stacktrace
    >
    <Nov 24, 2012 2:05:16 PM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
    <Nov 24, 2012 2:05:16 PM AST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
    <Nov 24, 2012 2:05:16 PM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
    D:\OraHome\Middlleware>I was not able to login to console since admin server not getting started.
    Kindly help me to overcome this issue.
    Thanks,
    Haree

    Thanks for the reply Veeravalli.
    I have stoped the services and delete the config.lok file then edited the config.xml file under *%MW_HOME%\user_projects\domains\bifoundation_domain\config* . Then started the BI services. Now its working fine.
    Thanks,
    Haree

Maybe you are looking for