Ldap automounter problem on Solaris7
Hi ,
I am not able to get automounter to work on Solaris7 using LDAP , I am using the PADL gateway for enabling ldap client on Solaris 7, automounter works fine however for Solaris 8 and 9 that use Solaris Native LDAP client , any clues how to get this working .
Thanks
-nishant
Good, the "sim.schema" is created inside Oracle Internet Directory by the mentioned ldif files inside the zip file, search how to import them, for example:
with a windows client (it is also in Oracle Client for Linux)
D:\oracle\product\10.2.0\client_1\bin\ldapadd.exe
ldapadd -c -h oidserver -p 3060 -D "cn=orcladmin" -w masterpwd -v -f sim_add_company.ldif
ldapadd -c -h oidserver -p 3060 -D "cn=orcladmin" -w masterpwd -v -f sim_add_containers.ldif
ldapadd -c -h oidserver -p 3060 -D "cn=orcladmin" -w masterpwd -v -f sim_objectclasses.ldif
ldapadd -c -h oidserver -p 3060 -D "cn=orcladmin" -w masterpwd -v -f sim_add_containers2.ldif
ldapadd -c -h oidserver -p 3060 -D "cn=orcladmin" -w masterpwd -v -f sim_data_roles2.ldif
ldapadd -c -h oidserver -p 3060 -D "cn=orcladmin" -w masterpwd -v -f sim_data_users2.ldif
ldapadd -c -h oidserver -p 3060 -D "cn=orcladmin" -w masterpwd -v -f sim_data_users_role2.ldif
Hope it helps.
Similar Messages
-
LDAP CUA problem -- Could not logon to directory
Hi Experts,
I'm facing difficulties in accessing Active directory from SAP.
The LDAP Connectors were setup correctly (status with Green light).
The System User were also setup as: UserID :DirectoryUser; Distinguished Name:"cn=DirectoryManager" (DirectoryManager is a username in my Active Directory)
The LDAP Servers were also setup as: Hostname="sapserver001.abc.com", port number="389", Product name="MS03 Microsoft Windows 2003 Active Directory (Domain Mode)", Protocol Version="LDAP Version 3", LDAP Application="User", Base entry ="ou=Company00", System Logon="DirectoryUser"
But when I tried to logon the directory, system returns message:"Could not logon to directory"
Could not logon to directory
Message no. LDAPRC049
Diagnosis
The combination of user name (DN) and password transferred to the directory was not accepted by the directory.
Procedure
Check the set or entered data for the user and password for the directory.
If you are using an application with which you do not need to enter this data directly, you can find the data as configuration setting in the LDAP server used ("System User" field).
Procedure for System Administration
Check whether you can log on to the directory with the entered data using the LDAP protocol.
Note: A frequent error when using the Microsoft Active Directory is that the user enters their Microsoft Windows user name instead of the full Distinguished Name, since it is also possible to log on to the directory using this Microsoft Windows logon with Microsoft tools (such as ldp.exe). However, these tools do not use the user/password logon used by the SAP system.
Could anyone help me find the solution?
For more information, I'm using Windows server 2003 as my AD server.
Ad server: sapserver001.abc.com
sap server:sapserver002.abc.com
In the control panel of sapserver001.abc.com., I open "Active Directory users and computers", within abc.com, I created an OU as "Company00", and under that OU, I created the InetOrgPerson "DirectoryManager".
That's all the information I can provide.
Any suggestions will be appreciated.
Thank you very much in advance.
Best regards,
NickHi, all,
Thanks for your reply.
The problem has been solved. that's because I specified wrong user name, if I enter"DirectoryManager" instead of "cn=DirectoryManager" in the Distinguished Name field, it will be ok. or, I should input entire path "cn=DirectoryManager,OU=employees,DC=abci,DC=com".
Just one more question: is there any tools or commands that can display the detail information of Active Directory on windows server 2003? I just wonder whether the detailed path like ""cn=DirectoryManager,OU=employees,DC=abci,DC=com"" can be shown by the tool or command.
And I have run ABAP program RSLDAPSCHEMAEXT to get an LDIF file for SAP fields extention on AD server, after successfully imported into the Directory, where can I find out/verify the added fields which are coming from SAP?
Sorry I'm lack of knowledge of Active Directory, any suggestions are appreciate.
Best regards,
Nick -
HOW-TO: Integrating Snow Leopard w/LDAP & Automounter
I just finished a week-long personal project where I figured out how to get my three Snow Leopard Macs at home to authenticate against an Ubuntu 9.10 Linux LDAP server (running slapd 2.4.18). It also uses autofs/automounter to automatically mount each user's home directory to when the login to an LDAP account.
There's not a lot of documentation about how to do this out there, so I thought I'd post it here in order to give back to the community:
http://www.backupcentral.com/content/view/306/47/Is there a way to do this for Macs connected to a PC network? How do I get the Mac to mount a Win shared folder automatically using the username and password of the person logging in tot he Mac. Also, is there a way to invisibly hide the volume (without disconnecting it)from prying eyes on the Mac? I know it can be done thru the Finder->Preferences->Connected Servers but this isn't a foolproof view of hiding it because the user can still always turn this feature on again and can also "see" the volume mounted on the sidebar.
On the PC side "hiding" shared volumes from public/user view was possible while being able to retain access if you knew the exact "path" the hidden server/folder/file. -
I am having a problem with LDAP integration. I have been working through the oracle manuals and the guide posted at http://onlineappsdba.com/index.php/2010/12/29/part-viii-optional-configure-ldap-sync-with-oim-11g-oim-11g-integration-with-ovdoid/.
I have competed all of the steps but when I try to create a new user I get the following Error:
An error occurred while performing create user operation. Unable to get LDAP connection, and the root cause is - Failed to get connection due to initialization error with the pool: Failed to intialize and start UCP Connection pool
I have created the full jar file for the client. Can anyone offer up any suggestions here?The other are related to something about a global connection pool, note the traces here are trimmed due to forum post limits:
<Jun 6, 2011 1:48:44 PM EDT> <Notice> <Stdout> <BEA-000000> <<Jun 6, 2011 1:48:44 PM EDT> <Error> <XELLERATE.SERVER> <BEA-000000> <PooledResourceConnectionProvider/createConnection: Failed to create Resource Connection to target
com.oracle.oim.gcp.exceptions.ResourceConnectionCreateException: java.lang.NullPointerException
at oracle.iam.ldapsync.impl.repository.LDAPConnection.createConnection(LDAPConnection.java:118)
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:84)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1570)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1378)
at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:445)
at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:945)
at oracle.ucp.common.UniversalConnectionPoolBase.getInitialConnections(UniversalConnectionPoolBase.java:613)
at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:728)
at com.oracle.oim.gcp.ucp.UCPPool.initializePool(UCPPool.java:94)
at com.oracle.oim.gcp.pool.PoolFactory.getPool(PoolFactory.java:91)
at com.oracle.oim.gcp.pool.ConnectionService.getConnection(ConnectionService.java:46)
at com.oracle.oim.gcp.pool.ConnectionService.getConnection(ConnectionService.java:176)
at oracle.iam.ldapsync.impl.repository.ITResourceRepository.getConnection(ITResourceRepository.java:34)
Caused By: java.lang.NullPointerException
at oracle.iam.ldapsync.impl.repository.LDAPConnection.createConnection(LDAPConnection.java:87)
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:84)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1570)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1378)
at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:445)
at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:945)
>>
<Jun 6, 2011 1:48:44 PM EDT> <Notice> <Stdout> <BEA-000000> <<Jun 6, 2011 1:48:44 PM EDT> <Error> <XELLERATE.SERVER> <BEA-000000> <Class/Method: UCPPool/initializePool encounter some problems: Failed to create Resource Connection to target
oracle.ucp.UniversalConnectionPoolException: Failed to create Resource Connection to target
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:90)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1570)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1378)
at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:445)
at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:945)
at oracle.ucp.common.UniversalConnectionPoolBase.getInitialConnections(UniversalConnectionPoolBase.java:613)
at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:728)
Caused By: com.oracle.oim.gcp.exceptions.ResourceConnectionCreateException: java.lang.NullPointerException
at oracle.iam.ldapsync.impl.repository.LDAPConnection.createConnection(LDAPConnection.java:118)
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:84)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1570)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1378)
at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:445)
at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:945)
Caused By: java.lang.NullPointerException
at oracle.iam.ldapsync.impl.repository.LDAPConnection.createConnection(LDAPConnection.java:87)
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:84)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1570)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1378)
at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:445)
at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:945)
at oracle.ucp.common.UniversalConnectionPoolBase.getInitialConnections(UniversalConnectionPoolBase.java:613)
at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:728)
>>
<Jun 6, 2011 1:48:44 PM EDT> <Notice> <Stdout> <BEA-000000> <<Jun 6, 2011 1:48:44 PM EDT> <Error> <XELLERATE.SERVER> <BEA-000000> <Class/Method: ConnectionService/getConnection encounter some problems: Failed to intialize and start UCP Connection pool
com.oracle.oim.gcp.exceptions.ConnectionPoolInitException: Failed to intialize and start UCP Connection pool
at com.oracle.oim.gcp.ucp.UCPPool.initializePool(UCPPool.java:100)
at com.oracle.oim.gcp.pool.PoolFactory.getPool(PoolFactory.java:91)
at com.oracle.oim.gcp.pool.ConnectionService.getConnection(ConnectionService.java:46)
at com.oracle.oim.gcp.pool.ConnectionService.getConnection(ConnectionService.java:176)
at oracle.iam.ldapsync.impl.repository.ITResourceRepository.getConnection(ITResourceRepository.java:34)
Caused By: oracle.ucp.UniversalConnectionPoolException: Failed to create Resource Connection to target
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:90)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1570)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1378)
at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:445)
at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:945)
at oracle.ucp.common.UniversalConnectionPoolBase.getInitialConnections(UniversalConnectionPoolBase.java:613)
at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:728)
at com.oracle.oim.gcp.ucp.UCPPool.initializePool(UCPPool.java:94)
at com.oracle.oim.gcp.pool.PoolFactory.getPool(PoolFactory.java:91)
at com.oracle.oim.gcp.pool.ConnectionService.getConnection(ConnectionService.java:46)
at com.oracle.oim.gcp.pool.ConnectionService.getConnection(ConnectionService.java:176)
at oracle.iam.ldapsync.impl.repository.ITResourceRepository.getConnection(ITResourceRepository.java:34)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.getChangelogType(LDAPDataProvider.java:2261)
Caused By: com.oracle.oim.gcp.exceptions.ResourceConnectionCreateException: java.lang.NullPointerException
at oracle.iam.ldapsync.impl.repository.LDAPConnection.createConnection(LDAPConnection.java:118)
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:84)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1570)
Caused By: java.lang.NullPointerException
at oracle.iam.ldapsync.impl.repository.LDAPConnection.createConnection(LDAPConnection.java:87)
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:84)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1570)
>>
<Jun 6, 2011 1:48:45 PM EDT> <Notice> <Stdout> <BEA-000000> <<Jun 6, 2011 1:48:44 PM EDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042017> <An error occurred while finding the change log type - oracle.iam.platform.entitymgr.vo.ConnectivityException: com.oracle.oim.gcp.exceptions.ConnectionServiceException: Failed to get connection due to initialization error with the pool: Failed to intialize and start UCP Connection pool >>
<Jun 6, 2011 1:48:45 PM EDT> <Notice> <Stdout> <BEA-000000> <<Jun 6, 2011 1:48:45 PM EDT> <Warning> <oracle.iam.platform.entitymgr.impl> <IAM-0040017> <Cannot initialize data provider - java.lang.NullPointerException
at java.util.Hashtable.get(Hashtable.java:334)
at oracle.iam.ldapsync.impl.repository.ITResourceRepository.returnConnection(ITResourceRepository.java:46)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.getChangelogType(LDAPDataProvider.java:2291)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.initialize(LDAPDataProvider.java:378)
at oracle.iam.ldapsync.impl.provider.LDAPSyncDataprovider.initialize(LDAPSyncDataprovider.java:28)
at oracle.iam.platform.entitymgr.impl.EntityManagerConfigImpl.getDataProvider(EntityManagerConfigImpl.java:325)
>>
<Jun 6, 2011 1:48:45 PM EDT> <Notice> <Stdout> <BEA-000000> <<Jun 6, 2011 1:48:45 PM EDT> <Error> <XELLERATE.SERVER> <BEA-000000> <PooledResourceConnectionProvider/createConnection: Failed to create Resource Connection to target
com.oracle.oim.gcp.exceptions.ResourceConnectionCreateException: java.lang.NullPointerException
at oracle.iam.ldapsync.impl.repository.LDAPConnection.createConnection(LDAPConnection.java:118)
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:84)
Caused By: java.lang.NullPointerException
at oracle.iam.ldapsync.impl.repository.LDAPConnection.createConnection(LDAPConnection.java:87)
at com.oracle.oim.gcp.ucp.PooledResourceConnectionProvider.createConnection(PooledResourceConnectionProvider.java:84) -
Portal LDAP permission problems: Login causing "Insufficient access"
Hello,
We have OID / Portal / 10gAS version 9.0.4.1 in development and production. We are using the 10gAS as a J2EE webapp server and the OID server as an LDAP server. Portal was working, but we had to make modifications to the default ACP's in OID for our DIT to be secure.
Bottom line:
Logging in as a user to portal yields:
" Unexpected error encountered in wwsec_app_priv.process_signon (User-Defined Exception) (WWC-41417)
An exception was raised when accessing the Oracle Internet Directory: 50: Insufficient access
Details
Operation: dbms_ldap_utl.get_group_membership. (WWC-41743)
Looking back at the ACL trace yields the following:
BEGIN
2004/12/10:08:57:25 * ServerWorker:4 * ConnID:31 * OpId:1 * OpName:search
gslsfbiDumpSubscribedGroups: Op. ID: <1> Subscribed Orclprivilege Groups for the user DN: <orclapplicationcommonname=portal.040405.1647,cn=portal,cn=products,cn=oraclecontext>
08:57:25 * Op. ID: <1> Group0 for the user DN:<cn=authenticationservices,cn=groups,cn=oraclecontext>
08:57:25 * Op. ID: <1> Group1 for the user DN:<cn=userproxyprivilege,cn=groups,cn=oraclecontext>
08:57:25 * Op. ID: <1> Group2 for the user DN:<cn=oracledascreateuser,cn=groups,cn=oraclecontext>
08:57:25 * Op. ID: <1> Group3 for the user DN:<cn=oracledascreategroup,cn=groups,cn=oraclecontext>
08:57:25 * Op. ID: <1> Group4 for the user DN:<cn=common group attributes,cn=groups,cn=oraclecontext>
08:57:25 * Op. ID: <1> Group5 for the user DN:<cn=oracledasconfiguration,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
08:57:25 * Op. ID: <1> Group6 for the user DN:<cn=authenticationservices,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
08:57:25 * Op. ID: <1> Group7 for the user DN:<cn=userproxyprivilege,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
08:57:25 * Op. ID: <1> Group8 for the user DN:<cn=oracledascreateuser,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
08:57:25 * Op. ID: <1> Group9 for the user DN:<cn=oracledascreategroup,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
08:57:25 * Op. ID: <1> Group10 for the user DN:<cn=common group attributes,cn=groups,cn=oraclecontext,dc=tekelec,dc=com>
08:57:25 * gslsfbiDumpSubscribedGroups: Op. ID: <1> Subscribed Orclacp Groups for the user DN: <orclapplicationcommonname=portal.040405.1647,cn=portal,cn=products,cn=oraclecontext>
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Entry DN:(uid=saitken,cn=users,dc=tekelec,dc=com)
08:57:25 * gslfacZEvaluate_Filter: Operation id:(1) User DN: (orclapplicationcommonname=portal.040405.1647,cn=portal,cn=products,cn=oraclecontext)
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Visiting ACP at: (cn=users,dc=tekelec,dc=com)
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Filter Accees denied by ACP: (cn=users,dc=tekelec,dc=com)
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) User being Privileged group member, Evaluation continues
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Visiting ACP at: (dc=tekelec,dc=com)
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Visiting ACP at: (dc=com)
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Filter Accees denied by ACP: (dc=com)
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) User being Privileged group member, Evaluation continues
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Visiting ACP at: (cn=root)
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) Filter Accees denied by ACP: (cn=root)
08:57:25 * gslfacZEvaluate_Filter:Operation id:(1) User being Privileged group member, Evaluation continues
08:57:25 * gslfacZEvaluate_Filter: Op id:(1) Filter Access to entry (uid=saitken,cn=Users,dc=tekelec,dc=com) not allowed
08:57:25 * INFO: gslfrsDSendSearchEntry : Access to filter attributes not allowed
END
The interpretation of this is that the service account "(orclapplicationcommonname=portal.040405.1647,cn=portal,cn=products,cn=oraclecontext)" does not have sufficient privileges to "Op id:(1) Filter Access to entry" or, "Browse the entry" with the DN "uid=saitken,cn=Users,dc=tekelec,dc=com". This is the user I am attempting to log in as.
The current ACP entries against the "users" container that is causing the deny.. "Filter Accees denied by ACP: (cn=users,dc=tekelec,dc=com)" seems to be the problem.
The real issue is that "entry level" access should be possible by all users in the system. The ACP entries I have on the 'users' entry / container is as follows:
- orclaci: access to entry by self (browse)
- orclaci: access to entry filter=(objectclass=tekuser) by * (browse) by group="cn=service accounts,cn=groups,dc=tekelec,dc=com" (browse,delete) by group="cn=it - user admins,cn=groups,dc=tekelec,dc=com" (browse,delete)
- orclaci: access to entry filter=(objectclass=inetorgperson) by group="cn=oracledascreateuser, cn=groups,cn=OracleContext,dc=tekelec,dc=com" added_object_constraint=(objectclass=orcluser*) (browse,add) by group="cn=oracledasdeleteuser, cn=groups,cn=OracleContext,dc=tekelec,dc=com" (browse,delete) by group="cn=oracledasedituser, cn=groups,cn=OracleContext,dc=tekelec,dc=com" (browse) by group="cn=UserProxyPrivilege, cn=Groups,cn=OracleContext,dc=tekelec,dc=com" (browse, proxy) by dn="orclApplicationCommonName=DASApp, cn=DAS, cn=Products,cn=oraclecontext" (browse,proxy) by self (browse, nodelete, noadd) by group="cn=Common User Attributes, cn=Groups,cn=OracleContext,dc=tekelec,dc=com" (browse)
All users under the "Users" container are of objectclass 'tekuser'. The last ACP point was massaged from the original install of Portal.
The real clincher that I don't understand is that the single entry "access to entry filter=(objectclass=tekuser) by * (browse)" should be allowing browse access to my entry to everyone! (Including the service account for portal!)
So, as I wind around this ball of wax, I deparately seek assistance. I understand the complexities of ACP's and know of a few problems, but nothing that would cause this.
Does anyone have any insight? Any feedback is greatly appreciated!
The best thing that I could have right now would be a spec (or requirements) of permission configuration against an LDAP server (or OID) for Portal to perform it's normal tasks. Unfortunately, I have yet to find any docos on ACL requirements of Portal. :(
-SeanSean: Did you find an answer to your issue. We seem to be experiencing the same issue here - but not much help for the Error - WWC-41743.
Error Text - Operation: dbms_ldap.modify_s
Entry DN: cn=AUTHENTICATED_USERS,cn=portal.050125.132734.548814000,cn=groups,dc=us,dc=deloitte,dc=com
Changes
uniquemember: Add: cn=invcm1,cn=users,dc=us,dc=deloitte,dc=com.
Would appreciate any help. You can send mail to [email protected]
Thank you again!
Shomic -
Gvm automounting problems [Solved]
Ok I was able to successfully install gnome-volume-manager and get it to automount my cdrom drives correctly, but only as root; I stick in a disc, it gets read, and the nautilus file browser appears with its content. This is all great, except that I can't get it to work for a regular user.
If I insert a disc as a regular user I can see the volume name, but it doesn't appear to actually mount the disc until I manually right click on the drive in nautilus and select the 'mount' option. GVM is set to defaults just like root btw.
Obviously this is a permissions related problem. Is there some group I have to add my user to? I tried the 'storage' and 'optical' groups to no avail :?I guess it was the optical & storage groups after all. I had added the user to those groups before without any luck, but I decided to try it again and...tada! Go figure
-
We are runnign BEA weblogic server 8.1 sp2 on windows 2000 machine. It
starts up fine but after some days the service is stopped. If I try to restart
it,
it doesn't start but shows the following exception.
<main> <<WLS Kernel>> <> <BEA-000364> <Server failed during initialization.
Exception:java.lang.NumberFormatException:
null
java.lang.NumberFormatException: null
at java.lang.Integer.parseInt(Integer.java:394)
at java.lang.Integer.<init>(Integer.java:567)
at weblogic.ldap.EmbeddedLDAP.validateVDEDirectories(EmbeddedLDAP.java:1057)
at weblogic.ldap.EmbeddedLDAP.initialize(EmbeddedLDAP.java:196)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:777)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:627)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:337)
at weblogic.Server.main(Server.java:32)
####<Jan 7, 2004 5:35:01 PM PST> <Emergency> <WebLogicServer> <SAM-APPS38>
<EpServer-US-Srv1>
<main> <<WLS Kernel>> <> <BEA-000342> <Unable to initialize the server:
java.lang.NumberFormatException:
null>
We haven't changed or even used nothing referring to LDAP. So?????I am having the same problem, though the source code line number is different.
<Feb 4, 2005 1:01:58 PM EST> <Critical> <WebLogicServer> <BEA-000364> <Server failed during initialization. Exception:java.lang.NumberFormatException: null
java.lang.NumberFormatException: null
at java.lang.Integer.parseInt(Integer.java:394)
at java.lang.Integer.<init>(Integer.java:567)
at weblogic.ldap.EmbeddedLDAP.validateVDEDirectories(EmbeddedLDAP.java:1069)
at weblogic.ldap.EmbeddedLDAP.initialize(EmbeddedLDAP.java:196)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:814)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:664)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:342)
at weblogic.Server.main(Server.java:32)
> -
HELP! LDAP server problem
I'm using IDS 5.1 in our system, yesterday it had problems, other servers connected it's port 389 said connection time out. The network was ok, the service was ok, but users could not authenticated. In the ldap server files in the directory changelogdb had been held for days, the errors log said:
[11/Jan/2006:10:49:39 +0800] NSMMReplicationPlugin - agmt_delete: begin
[11/Jan/2006:10:49:48 +0800] NSMMReplicationPlugin - agmt_delete: begin
[11/Jan/2006:10:53:55 +0800] NSMMReplicationPlugin - _cl5GetNextEntry: failed to get entry;
db error - 12 Not enough space
[11/Jan/2006:10:53:55 +0800] NSMMReplicationPlugin - _cl5TrimFile: failed to commit transac
tion; db error - -30989 DB_RUNRECOVERY: Fatal error, run database recovery
[11/Jan/2006:10:53:56 +0800] NSMMReplicationPlugin - _cl5TrimFile: failed to begin transact
ion; db error - -30989 DB_RUNRECOVERY: Fatal error, run database recovery
[11/Jan/2006:10:53:56 +0800] NSMMReplicationPlugin - _cl5TrimFile: failed to begin transact
ion; db error - -30989 DB_RUNRECOVERY: Fatal error, run database recovery
Does anyone know what happened and what might cause this problem?
ThanksAs indicated by the log:
11/Jan/2006:10:53:55 +0800] NSMMReplicationPlugin - _cl5GetNextEntry: failed to get entry;
db error - 12 Not enough space
So check out your disk space first. -
Hi,
I'm trying to configure Netsacape Directory Server 4.1 to work with the
LDAP Security Realm Update for WebLogic Server 6.1. The Weblogic Server
is unable to connect to NDS and there is not error message to indicate
any exception. I have connect to the NDS using a LDAP browser using the
same principal and credential in the ldaprealm.properties file and was
able to establish connection.
Has anyone encountered the same problem? Any help is appreciated.
Thank you,
PYHumm,
I have heard of different people with the same name but with the same
email address. Strange...
Will the person who did the posting below please email me. You've
already have my email address.
Han.
"Ng, Wey-Han" <[email protected]> wrote in message news:<[email protected]>...
Hi,
I'm trying to configure Netsacape Directory Server 4.1 to work with the
LDAP Security Realm Update for WebLogic Server 6.1. The Weblogic Server
is unable to connect to NDS and there is not error message to indicate
any exception. I have connect to the NDS using a LDAP browser using the
same principal and credential in the ldaprealm.properties file and was
able to establish connection.
Has anyone encountered the same problem? Any help is appreciated.
Thank you,
PY -
i have some trouble configuring a solaris 10 clients to use netgroups.
if i change my nsswitch.conf to:
passwd: compat
passwd_compat: files ldap
shadow: files ldap
and add a netgroup to /etc/passwd, i can not see any ldap users on my system.
if i change it to:
passwd: files ldap
the ldap users are there, and can log in.
we have several solaris 9 boxes that work with this configuration.
any hints are welcome.
thankssorry it was a typo, the entries in my nsswitch are:
passwd: compat
passwd_compat: ldap [tryagain=continue]
shadow: files ldap
group: files ldap
hosts: files dns
netgroup: ldap
.........Looks valid to me (although I don't think 'tryagain' is valid in the passwd_compat field, I also don't think it'll cause too many problems).
You might want to start looking through the ldap server logs and see what requests are coming in. Is the machine doing queries for the netgroup and getting answers, or is it not even bothering to look?
Darren -
Hi
usually when I bung a dvd in my drive, hal automounts it to /media and I can see it in thunar
but all of a sudden it gets mounted to /mnt/cd and when I click on it in thunar I get the following error:
Failed to mount "stuff".
Failed to determine the mount point for /dev/hdc
nor can I eject it, I get a message saying it wasn't mounted by hal:
how can I find out what is mounting it and stop it??
I've recently installed banshee and rhythmbox, could this have anything to do with it?In case anyone cares, or has a similar problem I fixed this
I think the problem was I had pmount installed as a dependancy of one of the mp3 players I installed (banshee I think), and it was auto-mounting dvds before hal got a chance.
When I uninstalled banshee, it didn't uninstall the huge amount of other packages it installed with it. I'm still an arch newbie, and would like to know how I would have uninstalled banshee and all the other packages that come with it using pacman.
Anyone help? -
Java JNDI LDAP connectivity problem. NoSuchAttributeException
Hello,
I am trying to add a user to Active Directory server through LDAP. Following is the code I am using:
======================================================================
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://192.123.321.123:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "user1");
env.put(Context.SECURITY_CREDENTIALS, "user123");
try {
System.out.println("68");
Context ctx = new InitialContext(env);
System.out.println("71");
BasicAttribute oc = new BasicAttribute("objectclass", "top");
oc.add("person");
oc.add("organizationalperson");
oc.add("User");
BasicAttribute ouSet = new BasicAttribute("ou");
ouSet.add("test");
BasicAttributes attrs = new BasicAttributes(true);
attrs.put(oc);
attrs.put(ouSet);
attrs.put("cn", "ndubey001");
attrs.put("sn", "ndubey001");
attrs.put("sAMAccountName", "ndubey001");
attrs.put("givenName", "ndubey001");
attrs.put("name", "ndubey001");
ctx.bind("uid=ndubey001,ou=test,o=myserver.com", attrs);
System.out.println("74");
ctx.close();
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
======================================================================
I have tried with so many different combinations. Most of the times the parameters I am passing looks okay but I keep getting the same exception as follows:
======================================================================
68
71
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_bind(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_bind(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(Unknown Source)
at javax.naming.InitialContext.bind(Unknown Source)
at LDAPTest.main(LDAPTest.java:99)Coming out
======================================================================
Can anyone tell what is the exact problem ?
Cheers,
NitinToo many errors to even consider correcting your code (objectClasses, UID attribute, ctx.create)....
Refer to the following for a description & sample code:
JNDI, Active Directory (Creating new users & demystifying userAccountControl
http://forum.java.sun.com/thread.jspa?threadID=582103&tstart=15 -
WL6.0 LDAP Realm problems
I'm trying out WL6.0 (eval version) LDAP realm support and having trouble
getting it to work - basic auth just keeps popping the window up 3 times and
then giving up. Only pertinent message in the log is:
####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security> <FOOBAR>
<examplesServer> <ExecuteThread: '11' for queue: 'default'> <> <> <090021>
<Locking account, user jdoe.>
No obvious LDAP info or errors in the log, despite adding the following two
to the startup script cmd line and restarting the server:
-Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose=t
rue
The HTTP basic-auth dialog box is correctly showing me that I'm trying to
authenticate to: MyLDAPRealm
Here's the config info for MyLDAPRealm
<LDAPRealm AuthProtocol="simple"
Credential="myserverpasswd"
GroupDN="o=mycompany,c=us" GroupIsContext="false" GroupNameAttribute="cn"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://tug:390"
Name="MyLDAPRealm"
Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
UserAuthentication="local"
UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
It's a Netscape 4.1 Directory server, and I've verified that the above
server account exists AND can authenticate and retrieve account
userpasswords (yes, the server account is "cn=" while the user accounts are
"uid=" - don't ask :-)....
I've tried both "bind" and "local" and get the same results both ways.
Any ideas???Did you use the most recent ldap patch? I could not get it to work fine
with the default wls6.0sp1, but with the ldap-patch it works fine.
AND probably even more important... change
<Realm FileRealm="..." Name=".....">
to
<Realm CachingRealm"MyCachingRealm" FileRealm="..." Name=".....">
Hope this helps...
Ronald
Sushil Pulikkal wrote:
Hi Tom,
I am using iPlanet Directory server with WL6.0 (which I presume is supported as
Netscape's is) and facing the same problem as Mike was i.e account locking after
three attempts(bottom of the message). I have created my own caching realm with
the basic realm being MyLDAPRealm.
The log gives no info other than the one about account locking.
My config.xml looks something like this -
<CachingRealm BasicRealm="MyLDAPRealm" CacheCaseSensitive="true" Name="MyCachingRealm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<LDAPRealm AuthProtocol="simple" Credential="enslaved"
GroupDN="ou=Aussies,dc=timerasolutions,dc=com"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://DJ-SUSHILP.timerasolutions.com:389"
Name="MyLDAPRealm"
Principal="uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot"
UserAuthentication="bind"
UserDN="ou=Aussies,dc=timerasolutions,dc=com"
UserNameAttribute="uid"/>
The browser window does pop up, but the user id doesn't get authenticated. Is
there a way to know whether WLS is actually going to the LDAP server for authentication?
Any insight into this?
Thanks in advance,
Sushil
"Tom Moreau" <[email protected]> wrote:
Mike,
I haven't had any trouble getting the LDAPRealm to work
in WLS 6.0. Could it be that while you've created the LDAPRealmMBean,
you haven't told WLS to use it?
In other words, you can create many realm configurations then
you need to activate the one you want. If you haven't, the
we just use the file realm. The file realm won't be able
to authenticate you (since you put the info in LDAP!) and
after 3 failures, will lock out the account.
The instructions for selecting the realm are at:
http://e-docs.bea.com/wls/docs60/adminguide/index.html
See:
12. Managing Security
Specifying a Security Realm
Configuring the Caching Realm
The basic idea is:
1) create your LDAP Realm (you've already done this)
2) create a CachingRealm
3) set the CachingRealm's BasicRealm to your LDAP Realm
4) set the Security Realm's CachingRealm to your Caching Realm
5) reboot
It's pretty easy to do this through the admin console.
Otherwise, you can edit config.xml by hand.
Here's how:
<Domain>
<Security
Name="mydomain"
Realm="myRealm"
/>
<Realm
Name="myRealm"
FileRealm="myFileRealm"
CachingRealm="myCachingRealm"
/>
<FileRealm
Name="myFileRealm"
/>
<CachingRealm
Name="myCachingRealm"
BasicRealm="myLDAPRealm"
/>
<LDAPRealm
Name="myLDAPRealm"
/>
-Tom
"Mike" <[email protected]> wrote:
BTW, before someone suggests it, I found Tom Moreau's
suggestion to use:
<ServerDebug Name="examplesServer" DebugSecurityRealm="true"
/>
under the <Server> element in config.xml and restarted
with this and still
no additional
info from the LDAP realm printed about why it's not working
(nothing but the
same
locking account message mentioend below).
Is the source for the LDAP realm available so I can debug
it myself or has
anybody
written their own LDAP realm that they'd be willing to
share with the group?
Thanks again,
...Mike
"Mike" <[email protected]> wrote in message
news:[email protected]...
Ok I've verified that the -Dweblogic.security.ldaprealm.verbose
probably
won't
work with 6.0 (old 5.x and previous style property),
but I can't figure
out
what
replaced it, to figure out why the LDAP realm isn't
working for me...
The property mapping guide at:
http://e-docs.bea.com/wls/docs60///////config_xml/properties.html
shows that things like weblogic.security.ldaprealm.url
changed to LDAPURL in config.xml (without telling
you that this resides as an XML attribute of
<Domain><LDAPRealm ... /></Domain> although that's
easy enough to find by looking through the example
LDAP realm.
It then says that weblogic.security.ldaprealm.verbose
has changed to "Debug" in config.xml, but doesn't
say whether that's a "Debug" XML attribute on one
of the XML elements in there, or whether it's an
XML node itself, or where in the config.xml doc
it goes... It doesn't work as an attribute of
<LDAPRealm ...> (server won't start with it there)
and it doesn't show up at all in the DTD for config.xml
so I'm assuming the mapping doc at the above url is
wrong. Anybody know what this really became in 6.0?
I've tried setting StdoutDebugEnabled="true" in config.xml
and turning the logging level all the way up to see
everything, but even
then all I
get is the account locked message, not why it's failing
to authenticate
via
LDAP...
Any other ideas?
"Mike" <[email protected]> wrote in message
news:[email protected]...
I'm trying out WL6.0 (eval version) LDAP realm support
and having
trouble
getting it to work - basic auth just keeps popping
the window up 3 times
and
then giving up. Only pertinent message in the log
is:
####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security>
<FOOBAR>
<examplesServer> <ExecuteThread: '11' for queue: 'default'>
<> <>
<090021>
<Locking account, user jdoe.>
No obvious LDAP info or errors in the log, despite
adding the following
two
to the startup script cmd line and restarting the
server:
-Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose
=t
rue
The HTTP basic-auth dialog box is correctly showing
me that I'm trying
to
authenticate to: MyLDAPRealm
Here's the config info for MyLDAPRealm
<LDAPRealm AuthProtocol="simple"
Credential="myserverpasswd"
GroupDN="o=mycompany,c=us" GroupIsContext="false"
GroupNameAttribute="cn"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://tug:390"
Name="MyLDAPRealm"
Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
UserAuthentication="local"
UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
It's a Netscape 4.1 Directory server, and I've verified
that the above
server account exists AND can authenticate and retrieve
account
userpasswords (yes, the server account is "cn=" while
the user accounts
are
"uid=" - don't ask :-)....
I've tried both "bind" and "local" and get the same
results both ways.
Any ideas??? -
Built-in LDAP Authentication Problem
Hi All,
I have used Built-in LDAP Authentication Method for my application authentication which works fine,but i need to have an database authentication as well in combination to LDAP one.
I tried putting a database authentication function (Returning Boolean) in the post authentication process but without success.
Please suggest how to go about this.
cheers
DhruboYou really didn't explain much more than in your first post.
For Example ,LDAP verifies all users now,but i would like to enable persons with their role as managers to have access priviledge for my application.Right now, managers do have access privilege so that requirement does not make sense.
For this Manager problem i need a database level authentication.What does that mean? You can't just make up terms like that.
I think you are mixing up authentication and authorization. Please search this forum and read the User's Guide for more info about how these are differrent.
We can show you how to do both authentication and authorization, you just need to work harder stating your exact requirements.
Scott -
LDAP V2 Problems after 6.1SP3 upgrade
I've got an LDAP custom realm working with 6.1 SP2, but then move the exact configuration to 6.1 SP3 and the server boots, but does not authenticate. I can see the groups from the LDAP server in the console, but the console hangs when I try and look at users. Is there anything I need to change for SP3?
there are some patches available on top sp3 for ldap problems. please
contact support.
"Jason Prigge" <[email protected]> wrote in message
news:3d933268$[email protected]..
I've got an LDAP custom realm working with 6.1 SP2, but then move theexact configuration to 6.1 SP3 and the server boots, but does not
authenticate. I can see the groups from the LDAP server in the console, but
the console hangs when I try and look at users. Is there anything I need to
change for SP3?
Maybe you are looking for
-
How do I open a .xml document
Google downloaded my blogger posts (at my request) into a zipped file, which when I try to open it, it is in .xml format, unreadable to me. Online I found a number of people who said to use either IE or Firefox. HOW? Is there a tool here that would h
-
What's the best quality way to download video taken on my iPhone 4s to iMovie?
Looks like my only options are to email, message or send to YouTube. I want these videos taken to be put in iMovie. I thinking the quality and size of the video file is decrease by emailing it to me.
-
Java.lang.NullPointerException when trying to preview an iVew in EP
We have set up a portal federation with a BI portal as the producer and a enterprise portal as the consumer. When we try to do a preview on iView which is based on BW 7 based contents from producer portal, we get java.lang.NullPointerException. The 3
-
Union dataset from oracle function with dataset from a postgres function
I retrieve two sets of data, one from an oracle database using Command_1 select * from table(functionname(param1, param2)) one from postgres database using Command_2 select * from functionname(param1, param2) i can join the two tables (Co
-
ABAP Dump: MESSAGE_TYPE_X
Dear Folks, We are using BW 3.1 and R/3 4.6C. Daily I am getting one ABAP dump of MESSAGE_TYPE_X type. Upon further investigation, I got the following information: Short text of error message: Structures have changed (sy-subrc=2) Long text of