LDAP correct binding?
To start, I have successfully bound a new "user" into this leaf that has been created. The problem comes when I try to log in as that user onto that leaf. I can login, with only the username, if I add the password, it gives me a javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]. I must not be correctly binding the password to the user. How would I do this?
env.put(Context.PROVIDER_URL,"url");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=company,dc=company,dc=net");
env.put(Context.SECURITY_CREDENTIALS, "password");
try{
DirContext ctx = new InitialDirContext(env); <-------------connects with my username and password
// Create attributes to be associated with the object
BasicAttributes attrs = new BasicAttributes(true);
attrs.put("cn","username")
attrs.put("userPassword","No12we3**"
attrs.put("ou", "people");
attrs.put("dc", "company");
attrs.put("dc", "net");
// Perform bind
ctx.bind("cn=Name,ou=people,dc=company,dc=net",attrs);
}....So then when I replace my username and password with the new guys, it doesn't work. And it does work when I don't use a password for him...
Thanks
Edited by: Flavouski on Oct 25, 2007 6:58 PM
It looks like you have a little bit of inconsistency between the user name and the attributes in the entry.
ctx.bind("cn=Name,ou=people,dc=company,dc=net",attrs);
but
attrs.put("cn","username");
Make sure you've changed the Context.SECURITY_PRINCIPAL to "cn=Name,ou=people,dc=company,dc=net"
Beside, i am not sure that the entry was created properly. There is no objectclass attribute, thus it is not sure that you have provided all of the required attributes.
For a Person (or OrganizationalPerson or InetOrgPerson), sn is also mandatory.
Regards,
Ludovic.
Similar Messages
-
I have been looking for documentation on LDAP authenticated bind, except there is very little and the stuff that is there doesn't go into any detail. I was able to get authenticated binds to work properly but I wanted to ensure that it was all done correctly.
I found that the users that you are authenticating have to be in the same OU as the service account that you are using to perform the authenticated bind. For example you have an OU called Wireless. users1, user2 and a service account called WiSA are all in this OU. You can authenticate users1 and user2, but no users out of any other OU.
Is this really all there is? There appears to be no ability to do memberOf which really limits what you can do with this.
I am running 6.0.182.0. Any thoughts??You can use users in another location for authenticated binding of LDAP, in that case while writing the the username you should mention entire path instead of username.
for eg: you should specify the username as cn=user,ou=cisco,ou=wireless,dc=com.
If both your client authentication username and bind username in same location then you can just specify the username controller will pick the path from the LDAP config.
I hope i answerd your question. -
PCI Vulnerability Reports LDAP NULL BIND ENABLED
I’m Running PCI compliance Report on a windows 2008 R2 and the report fails
The error summary points to LDAP NULL BIND being
Enabled I thought LDAP NULL BIND was disabled by default.
How can I test for LDAP NULL BIND being disabled?
How can I disable LDAP NULL BIND?
Thanks for your helpPlease start by reading that: http://support.microsoft.com/kb/837964/en-us
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
Correct binding and searching -- please look
Given the following DIT:
edge.com (Domain)
|-- Subgroup 1(type Organizational Unit)
|-- MMC_Users (type Organizational Unit)
|-- Advisors (type Organizational Unit)
|-- Person One (type User)
|-- Person Two (type User)
|-- Q (type Organizational Unit)
|-- Person Three (type User)
|-- Person Four (type User)
|-- Person Five (type User)
|-- TNBT (type Organizational Unit)
|-- Person Six (type User)
|-- MSU (type Organizational Unit)
|-- Person Seven (type User)
How would I bind to find all the user names of people listed in a subgroups of MMC_Users? In other words, what user exist in the Advisors, Q, TNBT, and MSU groups.
I am using the following search code:
Hashtable oEnv =new HAshtable();
oEnv.put(javax.naming.Context.PROVIDER_URL, "ldap://bos-gc01:389/dn=edge,dn=com");
oEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
oEnv.put(Context.SECURITY_PRINCIPAL, "user");
oEnv.put(Context.SECURITY_CREDENTIALS, "pasword");
DirContext oCTX = new InitialDirContext(oEnv);
SearchControls constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
System.out.println("asking for search results....");
results = oCTX.search("ou=Q,ou=MMC_Users","(uid=*)", constraints);
System.out.println("@@@ DOES IT GET HERE?");
while ((results != null) && results.hasMore())
System.out.println("never get here");
Any help would be greatly appreciated.ARGH! correct spacing wasn't showing is showing on this before....
edge.com (Domain)
|-- Subgroup 1(type Organizational Unit)
|-- MMC_Users (type Organizational Unit)
|-- Advisors (type Organizational Unit)
|-- Person One (type User)
|-- Person Two (type User)
|-- Q (type Organizational Unit)
|-- Person Three (type User)
|-- Person Four (type User)
|-- Person Five (type User)
|-- TNBT (type Organizational Unit)
|-- Person Six (type User)
|-- MSU (type Organizational Unit)
|-- Person Seven (type User) -
I'm trying to create an authentication function that can perform a search/bind.
The algorithm for this is as follows:
1) Bind to the LDAP server as the application (ie: admin username and password)
2) Search the LDAP directory for the sign-in username %userid%
3) Get the DN of that entry
4) Unbind as the application
5) Bind as the sign-in username %userid% with the DN from above
I'm pretty sure that this is possible with the DBMS_LDAP and DBMS_LDAP_UTL packages, but I'm not sure how to put it all together. Does anyone out there know if a function such as this already exists?
Thanks,
LoganWell, I figured it out.
create or replace FUNCTION F_Authenticate (p_username in varchar2, p_password in varchar2)
RETURN BOOLEAN
IS
CURSOR ldap_param_cur
IS
SELECT *
FROM ldap_parameters;
ldap_param_rec ldap_param_cur%ROWTYPE;
l_session DBMS_LDAP.SESSION;
l_srch_attr DBMS_LDAP.STRING_COLLECTION;
l_attr_values DBMS_LDAP.STRING_COLLECTION;
l_result DBMS_LDAP.MESSAGE;
l_entry DBMS_LDAP.MESSAGE;
l_dn VARCHAR2 (200);
l_retval PLS_INTEGER;
multiple_uid EXCEPTION;
no_ldap_entry EXCEPTION;
BEGIN
-- get parameters from uvic_ldap_parameters table
OPEN ldap_param_cur;
FETCH ldap_param_cur
INTO ldap_param_rec;
-- if the cursor returns no records display error message and exit
IF ldap_param_cur%NOTFOUND
THEN
DBMS_OUTPUT.PUT_LINE
( 'LDAP Parameters not configured in UVIC_LDAP_PARAMETERS table'
CLOSE ldap_param_cur;
RETURN FALSE;
END IF;
CLOSE ldap_param_cur;
DBMS_LDAP.use_exception := TRUE;
BEGIN
-- open session to ldap server
l_session :=
DBMS_LDAP.init (ldap_param_rec.ldap_host,
ldap_param_rec.ldap_port
-- bind with credentials from cursor
l_retval :=
DBMS_LDAP.simple_bind_s (l_session,
ldap_param_rec.search_credential,
ldap_param_rec.search_passwd
-- run ldap search
l_retval :=
DBMS_LDAP.search_s (l_session,
ldap_param_rec.search_base,
DBMS_LDAP.SCOPE_SUBTREE,
ldap_param_rec.search_filter || p_username,
l_srch_attr,
0,
l_result
-- count the search result records
l_retval := DBMS_LDAP.count_entries (l_session, l_result);
-- if multiple search result records raise exception
-- the userid should be unique and only return 1 search record
IF l_retval > 1
THEN
RAISE multiple_uid;
ELSIF NVL (l_retval, 0) = 0
THEN
RAISE no_ldap_entry;
END IF;
-- select first entry from ldap search record
l_entry := DBMS_LDAP.first_entry (l_session, l_result);
-- get the distinguished name from the ldap record
l_dn := DBMS_LDAP.get_dn (l_session, l_entry);
-- close ldap session used to retrieve search results
l_retval := DBMS_LDAP.unbind_s (l_session);
-- open session to ldap server
l_session :=
DBMS_LDAP.init (ldap_param_rec.ldap_host,
ldap_param_rec.ldap_port);
-- bind using ldap search results distinguished name and password
-- if the bind is successful the user can login
l_retval := DBMS_LDAP.simple_bind_s (l_session, l_dn, p_password);
-- close ldap session
l_retval := DBMS_LDAP.unbind_s (l_session);
RETURN TRUE;
EXCEPTION
WHEN multiple_uid
THEN
l_retval := DBMS_LDAP.unbind_s (l_session);
DBMS_OUTPUT.PUT_LINE('Multiple LDAP entries found.'
RETURN FALSE;
WHEN no_ldap_entry
THEN
l_retval := DBMS_LDAP.unbind_s (l_session);
DBMS_OUTPUT.PUT_LINE ('No LDAP records found.'
RETURN FALSE;
WHEN OTHERS
THEN
l_retval := DBMS_LDAP.unbind_s (l_session);
DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
RETURN FALSE;
END;
EXCEPTION
WHEN OTHERS
THEN
l_retval := DBMS_LDAP.unbind_s (l_session);
DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
RETURN FALSE;
END F_Authenticate; -
LDAP client binding failure stops TimerTask thread
Hi There,
I try to schedule a TimerTask once ldap binding fails, but the binding failure prevents the TimerTask thread to start. Any idea? or any work around?
Thanks.
try{
ctx = new InitialLdapContext(envs[ctx_idx], null);
}catch(NamingException ne){
START();
public static void start() {
timer = new Timer();
timer.schedule(new TimerTask() {
public void run(){
System.out.println(".... Visit moniter ....");
}, 10, 1000) ;
} // end of start
...Problem Fixed. Windows XP client did not have WINS server IP address is TCP/IP properties.
-
I have seen many recommendations to set the network binding order on you Hyper-V hosts to something similar to:
Management NIC
Cluster NICs
iSCSI NICS
However, all of these recommendations are for scenarios where the NICs are all physical NICs in the host.
Using Server 2012 R2, I am building converged networks with logical switches, NIC Teams, and vNICs on the host. So when I go set the network binding order, I now have all these components to deal with as well. For example, on a 4 adapter blade,
I might typically have the following items in the binding order drop-down.
4 - physical NICs (2- teamed for the 1 virtual switch, the other 2 used for iSCSI)
1 - Team interface (Datacenter_Switch)
5 - vNICs (Management, Cluster, LiveMigration, iSCSI-1, iSCSI-2)
So, should you only worry about order of the vNICS (placed at the top) and let the other components just fall to the bottom of the list? This seems to be likely to me, since the binding order applies to service access to the resources, and the other
components are not being directly accessed by network services?
Or, should the order start out with the physical resources needed to access the vNICs, followed by any intermediate resources (switches or team interfaces, then the vNICS themselves, to ensure that the resources are available to the subcompnents accessing
them?
Any help would be appreciated.
Thanks.
-Tim ReidIf by 'network binding order' you mean the order set in the Advanced Settings of the Network Connections of the Control Panel, then the most important one is to make sure the domain network is at the top of the list. Whichever network is at the top
of the list is used first for auth functions. So auth functions perform best when the proper network is placed first in the binding order. After that, I don't know that it makes much difference at all. (If it does, I'm sure my statement will
start a lively discussion. <grin>)
. : | : . : | : . tim -
LDAP Simple Bind - Authetication?
Hi
We have requirement to authenticate LDAP user id and password in a BSP.
In function module LDAP_SIMPLEBIND we have the parameters Usr_string and pwd_string.
Is these parameters for LDAP user id and password? If user details are incorrect it is supposed to return code LDAPRC as 49.
I need to know whether we can use this method to authenticate LDAP user.
Please provide your views.
Thanks
Rakeshok got the point.
to be able to connect to check the uid/pwd
here is how you have to pass the password
CALL FUNCTION 'LDAP_SIMPLEBIND'
EXPORTING
serverid = p_serv
usr = wf_base
pwd = pwd
IMPORTING
ldaprc = wf_error
where for p_serv you pass the server alias defined in transaction LDAP
and for wf_base (passed to parameter usr)
you have pass it with its path
CONCATENATE 'uid=' user_id ',' 'ou=people,dc=domain,dc=com,o=internet' INTO wf_base.
this syntax will change based on the setup of your LDAP server.
Regards
Raja -
SharePoint 2010 with LDAP authentication, using NOVELL eDirectory
One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
In the Membership provider name text box I entered "LdapMember"
In the Role provider name text box I entered "LdapRole"
In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
<membership>
<providers>
<add name="LdapMember"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
<providers>
<add name="LdapRole"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
groupContainer="OU=people,O=validobject"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="((ObjectClass=group)"
userFilter="((ObjectClass=person)"
scope="Subtree" />
</providers>
</roleManager>
I modified the SecurityTokenServiceApplication web.config with these details
<system.web>
<membership>
<providers>
<add name="LdapMemebr"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<add name="LdapRole"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
groupContainer="OU=people,O=validobject"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree" />
</providers>
</roleManager>
</system.web>
I modified the web.config of the test application I created with these details
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
groupContainer="OU=people,O=validobject"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="cn"
dnAttribute="dn"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree" />
</providers>
</roleManager>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
useDNAttribute="true"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
The server could not sign you in. Make sure your user name and password are correct, and then try again.
I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
8306 - SharePoint Foundation - The security token username and password could not be validated.
in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
then this:
Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
The LDAP server tells the SharePoint server it is ready to communicate
the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
The SharePoint server acknowledges the connection is closing
... and then nothing happens, except the error on SharePoint
What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
specified in the web.config). That part does not seem to be happening.
I am at a standstill on this and any help would be greatly appreciated.OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
for enabling Forms Based Authentication:
"ASP.NET Membership provider name"
"ASP.NET Role manager name"
We entered a name for Membership provider, and left Role manager blank.
In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
<membership>
<providers>
<add name="LdapMember"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword="validpassword"
useDNAttribute="false"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager>
<providers>
</providers>
</roleManager>
useDNAttribute="false" turned out to be important as well.
So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
leave anything related to the role provider blank
configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
a non-existent role manager. -
ServletContainerAdapter manager not initialized correctly wls11g
Hi,
I am using the weblogic 11g(10.3.1 version) to connect with LDAP server.
I created the new authenticatior provider.in provider specific tab of this Authenticator Provider,
i gave the settings for LDap server.
then,i restarted the weblogic server.and check for the users in security realm,then i am not getting any users from Ldap.
The base_domain.log is :
####<Oct 3, 2009 6:13:20 PM GMT+05:30> <Notice> <Security> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573800182> <BEA-090082> <Security initializing using security realm myrealm.>
####<Oct 3, 2009 6:13:22 PM GMT+05:30> <Warning> <Deployer> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573802964> <BEA-149617> <Non-critical internal application uddi was not deployed. Error: [Deployer:149158]No application files exist at 'C:\oracle\MIDDLE~1\WLS103~1.0\WLSERV~1.3\server\lib\uddi.war'.>
####<Oct 3, 2009 6:13:22 PM GMT+05:30> <Warning> <Deployer> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573802964> <BEA-149617> <Non-critical internal application uddiexplorer was not deployed. Error: [Deployer:149158]No application files exist at 'C:\oracle\MIDDLE~1\WLS103~1.0\WLSERV~1.3\server\lib\uddiexplorer.war'.>
####<Oct 3, 2009 6:13:23 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573803979> <BEA-000365> <Server state changed to STANDBY>
####<Oct 3, 2009 6:13:23 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573803979> <BEA-000365> <Server state changed to STARTING>
####<Oct 3, 2009 6:13:44 PM GMT+05:30> <Warning> <oracle.adf.share.jndi.ReferenceStoreHelper> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1254573824729> <BEA-000000> <Incomplete connection information>
####<Oct 3, 2009 6:13:44 PM GMT+05:30> <Warning> <oracle.adf.share.jndi.ReferenceStoreHelper> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1254573824761> <BEA-000000> <Incomplete connection reference object >
####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <Log Management> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573826464> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573826557> <BEA-000365> <Server state changed to ADMIN>
####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573826557> <BEA-000365> <Server state changed to RESUMING>
####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <Server> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573826604> <BEA-002613> <Channel "Default" is now listening on 192.168.1.63:7001 for protocols iiop, t3, ldap, snmp, http.>
####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <Server> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573826604> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7001 for protocols iiop, t3, ldap, snmp, http.>
####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573826604> <BEA-000331> <Started WebLogic Admin Server "AdminServer" for domain "base_domain" running in Development Mode>
####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573826636> <BEA-000360> <Server started in RUNNING mode>
####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573826636> <BEA-000365> <Server state changed to RUNNING>
####<Oct 3, 2009 6:15:55 PM GMT+05:30> <Error> <org.apache.beehive.netui.pageflow.internal.AdapterManager> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1254573955292> <BEA-000000> <ServletContainerAdapter manager not initialized correctly.>
####<Oct 3, 2009 6:16:31 PM GMT+05:30> <Error> <Console> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1254573991120> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3224)
at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2248)
at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:314)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1031_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy122.listUsers(Unknown Source)
at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:83)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:262)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.reflect.InvocationTargetException
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3890)
at weblogic.security.utils.Pool.newInstance(Pool.java:37)
at weblogic.security.utils.Pool.getInstance(Pool.java:33)
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3219)
... 119 more
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3860)
... 122 more
>
org.apache.beehive.netui.util.logging.logger error
why i am getting the error:
####<Oct 3, 2009 6:15:55 PM GMT+05:30> <Error> <org.apache.beehive.netui.pageflow.internal.AdapterManager> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1254573955292> <BEA-000000> <ServletContainerAdapter manager not initialized correctly.>
can anyone help me to figure out wherer the problem is.
SailajaAs for this error
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3219)
... 119 more
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
It means the password for the principal is incorrect.. please try to connect to the LDAP Server from a stanalone client and verify.. -
Folks,
We'll be adding a farm this weekend to do some kind of balance for LDAP and LDAPs servers.
I've been thinking about what would be the best way to probe that servers.
I assume an generic TCP probe has to be created testing 389 and 636, but i honestly don't know what should i expect coming from the real servers.
Does anyone have a LDAP farm in place or something like that.. ? I've found an script on the internet, but it seems a little bit further that what i can understand.. therefore i'm not really confident to use this.
Thanks for any advices.
AndreHi Andre,
You can use scripted ldap probe (LDAP_PROBE) available with ACE. It sends an anonymous bind request and check for bind success.
probe tcp LDAPS_Probe
port 636
probe tcp LDAP_Probe
port 389
This is how you can apply the script for LDAP port 389.
script file 1 LDAP_PROBE
probe scripted LDAP_PROBE_389
interval 5
passdetect interval 30
receive 5
script LDAP_PROBE
serverfarm host SF-LDAP-389
description SF LDAP Port 389
predictor leastconns
probe LDAP_PROBE_389
rserver LDAP-RS1-389
inservice
The only supported LDAP probe on the ACE module is the unsecure scripted probe,
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/script.html#wp1111558
The pre-made TCL script probes available from the Software download page also contains an LDAP probe that you can use to verify the health of the LDAP servers.
The ace_scripts.tgz zip file contains these scripts and is located at this URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cat6500-ace
To unzip this file, use the gunzip command in Exec mode,
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/script.html#wp1107470
For your convenience, the following sample scripts for the ACE are available to support the TCL feature and are supported by Cisco TAC:
•CHECKPORT_STD_SCRIPT
•ECHO_PROBE_SCRIPT
•FINGER_PROBE_SCRIPT
•FTP_PROBE_SCRIPT
•HTTP_PROBE_SCRIPT
•HTTPCONTENT_PROBE
•HTTPHEADER_PROBE
•HTTPPROXY_PROBE
•IMAP_PROBE
•LDAP_PROBE -----------------> "The LDAP probe you are looking for"
•MAIL_PROBE
•POP3_PROBE
•PROBENOTICE_PROBE
•RTSP_PROBE
•SSL_PROBE_SCRIPT
•TFTP_PROBE
Also remember that the binding request should be send as a binary and not via ASCII. To get a packet capture of a succeessful credential binding request with username and password and then convert this to HEX value and insert it in the script.
The easiest way is to capture a packet with the authentication credentials and then replace the hex bind string in the example.
The alternative is to handcode the BER coded ASN.1 data string - which while more fun is time consuming. The remainder of the script can stay the same.
You can do this on an ACE module. You have to be aware that 300c02010160 in the example script string is a sort of "header" that holds the request id (1). This will be different in your packet capture.
If you look at the decomposition of the example you'll be able to see how it is put together and what you need to change.
0x30 The start of a universal constructed sequence
0x0c The length of the sequence minus the tag and length bytes = 12 bytes
0x02 Next field is an integer
0x01 The length of the next field (1 byte)
0x01 Value (this is the message ID)
0x60 Application, number 0, use RFC2251 to decode. This is a Bind Request
0x07 Length of data to follow.
0x02 Integer
0x01 Length 1
0x03 3 - this is the LDAP version.
0x04 String
0x00 Length 0
0x80 Simple Authentication
0x00 Length 0
Just keep the id the same in the unbind.
The string I use is:
302d02010160280201030418636e3d41636550726f78792c6f3d556e69766572736974798009ffffffffffffffffff
where I've replaced the 9 character password with 9*x'ff'.
The username for binding is AceProxy. If you want to use the same script then create that username and set the password in the string above (in hex). If for example you set the password to Example12 then you need to set the 9*x'ff' to '4578616d706c653132' - which is the hex representation of the ASCII.
Note that if you use fewer or more than 9 characters then you'll need to change other values in the string because they refer to lengths.
You need to create a copy of the standard LDAP probe into your own file and then replace the hex string in the "puts" line which you identified above with the new string.
Then copy the file to the ACE:
ace1/ldap# copy ftp: disk0:
Enter source filename[]? My-LDAP_PROBE
Enter the destination filename[]? [My-LDAP_PROBE]
Enter hostname for the ftp server[]?
1.2.3.4
Enter username[]? anonymous
Enter the file transfer mode[bin/ascii]: [bin]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
In the context create a scripted probe definition:
probe scripted PROBE-LDAP-389
interval 60
receive 20
script My-LDAP_PROBE
Load the script into the context:
script file 10 My-LDAP_PROBE
And then add it to the serverfarm:
serverfarm host FARM-LDAP
probe PROBE-LDAP-389
The manual implies that you can pass arguments to a scripted probe, but you would then have to build the hex string dynamically - taking care that all the length values were correct.
This should be enough to enable you to implement the script.
Find another example on this
URL:http://scuq.abyle.org/?page_id=201
#!name = ADV_LDAP_PROBE
#### > user for linux tclsh !/usr/bin/tclsh8.4
# Stefan Nistelberger
# changes to cisco's original probe
# * username and password with ldap simple bind (dynamically generated packets)
# * unable to connect exception handling
# * debug message for invalidCredentials
# debug procedure
# set the EXIT_MSG environment variable to help debug
# also print the debug message when debug flag is on
proc ace_debug { msg } {
global debug ip port EXIT_MSG
set EXIT_MSG $msg
if { [ info exists ip ] && [ info exists port ] } {
set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
if { [ info exists debug ] && $debug } {
puts $EXIT_MSG
# main
# parse cmd line args and initialize variables
## set debug value
set debug 1
if { [ regsub -nocase "DEBUG" $argv "" argv] } {
set debug 1
ace_debug "initializing variable"
set EXIT_MSG "Error config: script ADV_LDAP_PROBE \[DEBUG\]"
set ip $scriptprobe_env(realIP)
set port "0"
set ldap_start "30"
set ldap_bindheader "02010160"
set ldap_bind "0201"
set ldap_version "02"
set ldap_gap1 "04"
set ldap_gap2 "80"
set ldap_bindheader_len 5
set base_len 0c
set ldap_simple_auth "8007"
proc toASCII { char } {
scan $char %c value
return [format %-x $value]
set username [ lindex $argv 0 ]
set hexusername ""
set password [ lindex $argv 1 ]
set hexpassword ""
foreach char [split $username ""] {
set hexchar [toASCII $char]
append hexusername $hexchar
foreach char [split $password ""] {
set hexchar [toASCII $char]
append hexpassword $hexchar
set username_len [string length $username]
ace_debug $username_len
set password_len [string length $password]
ace_debug $password_len
set base_len [expr 0x$base_len]
set seq_len [expr $username_len + $password_len + $base_len]
set sub_seq_len [expr $seq_len - $ldap_bindheader_len]
set seq_len [format %02x $seq_len]
set sub_seq_len [format %02x $sub_seq_len]
set hexldapbindpckt ""
append hexldapbindpckt $ldap_start
append hexldapbindpckt "$seq_len"
append hexldapbindpckt $ldap_bindheader
append hexldapbindpckt $sub_seq_len
append hexldapbindpckt $ldap_bind
append hexldapbindpckt $ldap_version
append hexldapbindpckt $ldap_gap1
append hexldapbindpckt [format %02x $username_len]
append hexldapbindpckt $hexusername
append hexldapbindpckt $ldap_gap2
append hexldapbindpckt [format %02x $password_len]
append hexldapbindpckt $hexpassword
# if port is zero the use well known ldap port 389
if { $port == 0 } {
set port 389
#ace_debug $hexldapbindpckt
# PROBE START
set errorcode [catch {
set sock [ socket $ip $port ]
} msg ]
if {$errorcode != 0} {
ace_debug $msg
exit 30002
fconfigure $sock -buffering line -translation binary
# anonymous bind request
#puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]
puts -nonewline $sock [ binary format "H*" $hexldapbindpckt ]
set code "ffffff"
flush $sock
ace_debug "bef"
set line [read $sock 22]
ace_debug "aft"
binary scan $line H* res
binary scan $line @15H6 code
close $sock
# make probe fail by exit with 30002 if ldap reply code != success code 0x0a0100
if { $code != "0a0100" } {
if { $code == "0a0131" } {
ace_debug " probe failed : expect response code \'0a0100\' but received
\'$code\' = invalidCredentials"
} else {
ace_debug " probe failed : expect response code \'0a0100\' but received
\'$code\'"
exit 30002
## make probe success by exit with 30001
ace_debug "probe success"
exit 30001
URL for reference:
https://cisco-support.hosted.jivesoftware.com/thread/132800?decorator=print&displayFullThread=true
HTH
Sachin Garg -
Issue while accessing Approve Clockin/Clockout corrections from UWL
Hi All,
We are not able to access approve clockin/clockout correction application from UWL.
We found one Note - 1600953 and implemented but still we are facing issue.
Request_id value is passed as Null in the URL.
Please find the URL and XML below :
URL:
https://Hostname:port/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fevery_user!2fgeneral!2fdefaultAjaxframeworkContent!2fcom.sap.portal.standalonecontentarea?NavigationTarget=OBN%3A%2F%2FBOTechnicalName%3Demployee%2FOperation%3Dapprovecorrections%2FBOSystemAlias%3DSAP_ERP_HumanResources&DynamicParameter=FROM_POWL%3DX%26Operation%3Dapprovecorrections%26BOTechnicalName%3Demployee%26REQUEST_ID%3Dnull%26BOSystemAlias%3DSAP_ERP_HumanResources&PrevNavTarget=navurl%3A%2F%2Fc3d9aa78324902a8e37ccfd1581ea857&sap-obn-url=OBN%3A%2F%2FBOTechnicalName%3Demployee%2FOperation%3Dapprovecorrections%2FBOSystemAlias%3DSAP_ERP_HumanResources&NavMode=1&CurrentWindowId=WID1401688105969
XML:
<ItemType name="uwl.task.webflow.TS91000330.SAP_ECC_HumanResources" connector="WebFlowConnector"
defaultView="DefaultView" defaultAction="defaultAction" executionMode="default">
<ItemTypeCriteria systemId="SAP_ECC_HumanResources" externalType="TS91000330" connector="WebFlowConnector"/>
<CustomAttributes>
<CustomAttributeSource id="WEBFLOW_CONTAINER" objectIdHolder="externalObjectId"
objectType="WebflowContainer" cacheValidity="final">
<Attribute name="REQUEST_ID" type="string" displayName="Request ID"/>
</CustomAttributeSource>
</CustomAttributes>
<Actions>
<Action name="defaultAction" groupAction="" handler="ObjectNavigationLauncher"
returnToDetailViewAllowed="yes" launchInNewWindow="yes">
<Properties>
<Property name="Operation" value="approvecorrections"/>
<Property name="ObjectValue" value="REQUEST_ID=${item.REQUESTID}&FROM_POWL=X"/>
<Property name="DynamicParameter" value="REQUEST_ID=${item.REQUESTID}&FROM_POWL=X"/>
<Property name="ObjectName" value="employee"/>
<Property name="WebDynproApplication" value="HRMSS_A_CICO_APPR"/>
<Property name="WebDynproNamespace" value="sap"/>
<Property name="System" value="SAP_ERP_HumanResources"/>
<Property name="openInNewWindow" value="true"/>
</Properties>
<Descriptions default="defaultAction"/>
</Action>
</Actions>
</ItemType>
Please help.
Thanks,
Ravi.Hi All,
This is resolved.
Issue was from WF approver task, in that Request id is not binded to correct Container element,.
After doing the correct binding it is working,
Thanks,
Ravi -
LDAP External Authentication Multiple Search Base DNs question
hi,
im trying two add two LDAP search DNs to a portal 6.2 organisation.
with one search base dn it works fine.
when i add another, all ldap auth for that org stops working.
the docs confusingly state that if you have multiple search dns (not talking about multiple ldap servers here - just the search base dns) that you should prefix each entry with the local server name. the docs however provide no examples of the syntax.
can anyone provide an example for multiple search dns? e.g. is it <server:port>:o=<etc> (doesn't seem to work).
thankshi,
yes i have.. but when you enter more than one it stop working... with only one entry in the gui it will work for that entry but when you add another it stops working...
i had to use a manual workaround like this to get the second going... :(
External ldap authentication
register the LDAP authentication service in the gui and setup the first DN as normal.
create the first set of entries for the ldap host and the base dn in the gui as normal etc.
the gui in the admin console is not working (depending on your point of view), so you need to add the second ldap config manually -
All commands are run from the /apps/jes/SUNWam/bin directory
1. Get an encrypted value for the bind dns (cn=Directory Manager) password you want to bind to the ldap directory as by using the ampassword utility shipped with Identity Server.
./ampassword -e directory_manager password
More information on this utility can be found in the Sun ONE Identity Server Administration Guide.
2. Copy the encrypted password as the value for the iplanet-am-auth-ldap-bind-passwd in the XML file (serviceAddMultipleLDAPConfigurationRequests.xml) created in Step 1. The XML file contains a template for creating the second LDAP DN.
3. Modify the data XML file accordingly so that the relevant details are provided for the 2nd ldap server (bind dn search base etc) and load this into the portal directory using the amadmin command line tool as follows from the /opt/SUNWam/bin directory
./amadmin -u amadmin -w administrator_password -v -t serviceAddMultipleLDAPConfigurationRequests.xml
If the imported xml values are incorrect delete and reload the imported xml data using amadmin command tool. Alternatively you can modify the ldap data directly on the primary identity server (ldap server) using a client browser though this method is not supported .
You should be able to see new imported values for the second ldap server at dn:ou=subconfig1,ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAP
Service,ou=services,ou=ORG,o=lgaq.qld.gov.au on the primary ldap server (where ORG is the organisation you wanted to add the second DN). -
Package 'bind' for Oracle VM 2.2.2
Hi All,
Am very new to using the virtualization provided by Oracle.
I have installed Oracle VM Server 2.2.2. My guest creation using a template fails with the error message below. The deploy.sh script has a series of steps that tar and then create the virtual guest.
[root@OEL seed_pool]# ./deploy.sh
chown: `named:named': invalid user
error reading information on service named: No such file or directory
error reading information on service named: No such file or directory
error reading information on service named: No such file or directory
I was asked to install BIND package for VM Server 2.2.2. I tried installing the bind package from OEL5 Update 3 [bind-9.3.4-10.P1.el5.x86_64.rpm]. However it failed with a lot of dependencies errors when i run it in VM Server 2.2.2 (rpm -ivh bind-9.3.4-10.P1.el5.x86_64.rpm)
In VM Server 2.2.2, rpm -qa bind* gives the below output:
bind-libs-9.3.4-10.P1.el5_3.3
bind-utils-9.3.4-10.P1.el5_3.3
From where can i get the correct 'bind' package for VM Server 2.2.2?
Regards,
Narenfuzzydba wrote:
My guest creation using a template fails with the error message below. The deploy.sh script has a series of steps that tar and then create the virtual guest.What template is this? You should be creating guests using Oracle VM Manager, which would not require any non-Oracle VM packages. There is no bind package for Oracle VM, as you would never run a DNS server in Dom0. -
IOS LDAP authenication against sAMAccountName
Hi,
I'm running a 881 with c880data-universalk9-mz.151-3.T.bin and now I'm trying to enable LDAP authentication. This works but it only allows me to authenticate against the full CN (like CN=Firstname Lastname). But I would like to authenticate againt the sAMAccountName since this is the same username the users are using in Windows.
This is my config:
ldap server dc01
ipv4 10.10.250.111
bind authenticate root-dn CN=LDAPReader,CN=Room,DC=customer,DC=local password 7 encrpasswordhere
base-dn OU=Room,OU=Users,DC=customer,DC=local
search-filter user-object-type *
Any idea on how to do this?
Thanks!
Regards,
Armand.Hi Anisha,
I've just removed the search-filter user-object-type * line and added the search-filter user-object-type sAMAccountName line. Then I've performed a debug ldap all:
001356: Apr 5 10:20:13.608 CET: LDAP: LDAP: Queuing AAA request 79 for processing
001357: Apr 5 10:20:13.608 CET: LDAP: Received queue event, new AAA request
001358: Apr 5 10:20:13.608 CET: LDAP: LDAP authentication request
001359: Apr 5 10:20:13.608 CET: LDAP: Attempting first next available LDAP server
001360: Apr 5 10:20:13.608 CET: LDAP: Got next LDAP server :dc01
001361: Apr 5 10:20:13.608 CET: LDAP: Server connection not up. Current state DOWN
001362: Apr 5 10:20:13.608 CET: LDAP: No servers left in LDAP server-group. Perform method failover
001363: Apr 5 10:20:13.608 CET: LDAP: Failed to send request. No more LDAP servers left.
001364: Apr 5 10:20:13.608 CET: LDAP: Performing method failover
001365: Apr 5 10:20:19.184 CET: LDAP: Received timer event
001366: Apr 5 10:20:19.184 CET: LDAP: Connection timeout occured. Retrying
001367: Apr 5 10:20:19.184 CET: LDAP: Opening ldap connection ( 10.10.250.111, 389 )ldap_open
ldap_init libldap 4.5 18-FEB-2000
open_ldap_connection
ldap_connect_to_host: 10.10.250.111:389
001368: Apr 5 10:20:19.184 CET: LDAP: socket 0 - connecting to 10.10.250.111 (389)
001369: Apr 5 10:20:19.184 CET: LDAP: socket 0 - connection in progress
001370: Apr 5 10:20:19.184 CET: LDAP: socket 0 - local address 10.10.250.254 (51705)
001371: Apr 5 10:20:19.184 CET: LDAP: Connection on socket 0
001372: Apr 5 10:20:19.184 CET: LDAP: Connection to LDAP server (dc01, 10.10.250.111) attempted
001373: Apr 5 10:20:19.184 CET: LDAP: Connection state: DOWN => CONNECTING
001374: Apr 5 10:20:19.184 CET: LDAP: Received socket event
001375: Apr 5 10:20:19.184 CET: LDAP: Checking the conn status
001376: Apr 5 10:20:19.184 CET: LDAP: Socket read event socket=0
001377: Apr 5 10:20:19.184 CET: LDAP: Found socket ctx
001378: Apr 5 10:20:19.184 CET: LDAP: Making socket conn up
001379: Apr 5 10:20:19.184 CET: LDAP: Notify the protocol codeldap_open successful
Notify LDAP main if it has to initiate any bind requests
001380: Apr 5 10:20:19.184 CET: LDAP: Protocol received transport up notication
001381: Apr 5 10:20:19.184 CET: LDAP: Connection state: CONNECTING => UP
001382: Apr 5 10:20:19.184 CET: LDAP: Set socket=0 to non blocking mode
001383: Apr 5 10:20:19.184 CET: LDAP: Performing Root-Dn bind operationldap_req_encode
Doing socket write
001384: Apr 5 10:20:19.188 CET: LDAP: Root Bind on CN=LDAPReader,CN=Room,DC=customer,DC=local initiated.
001385: Apr 5 10:20:19.188 CET: LDAP: Received socket event
001386: Apr 5 10:20:19.684 CET: LDAP: Received socket event
001387: Apr 5 10:20:19.684 CET: LDAP: Checking the conn status
001388: Apr 5 10:20:19.684 CET: LDAP: Socket read event socket=0
001389: Apr 5 10:20:19.684 CET: LDAP: Found socket ctx
001390: Apr 5 10:20:19.684 CET: LDAP: Receive event: read=1, errno=9 (Bad file number)
001391: Apr 5 10:20:19.684 CET: LDAP: Passing the client ctx=87179024ldap_result
wait4msg (timeout 0 sec, 1 usec)
ldap_select_fd_wait (select)
ldap_read_activity lc 0x86A7DB08
Doing socket read
LDAP-TCP:Bytes read = 22
ldap_match_request succeeded for msgid 1 h 0
changing lr 0x85034958 to COMPLETE as no continuations
removing request 0x85034958 from list as lm 0x8715A3F8 all 0
ldap_msgfree
ldap_msgfree
001392: Apr 5 10:20:19.688 CET: LDAP: LDAP Messages to be processed: 1
001393: Apr 5 10:20:19.688 CET: LDAP: LDAP Message type: 97
001394: Apr 5 10:20:19.688 CET: LDAP: Got ldap transaction context from reqid 26ldap_parse_result
001395: Apr 5 10:20:19.688 CET: LDAP: resultCode: 0 (Success)
001396: Apr 5 10:20:19.688 CET: LDAP: Received Bind Response
001397: Apr 5 10:20:19.688 CET: LDAP: Received Root Bind Response ldap_parse_result
001398: Apr 5 10:20:19.688 CET: LDAP: Ldap Result Msg: SUCCESS, Result code =0
001399: Apr 5 10:20:19.688 CET: LDAP: Root DN bind Successful on :CN=LDAPReader,CN=Room,DC=Customer,DC=local
001400: Apr 5 10:20:19.688 CET: LDAP: Transaction context removed from list [ldap reqid=26]ldap_msgfree
ldap_result
wait4msg (timeout 0 sec, 1 usec)
ldap_select_fd_wait (select)
ldap_err2string
001401: Apr 5 10:20:19.688 CET: LDAP: Finished processing ldap msg, Result:Success
001402: Apr 5 10:20:19.688 CET: LDAP: Received socket event
001403: Apr 5 10:20:33.832 CET: LDAP: LDAP: Queuing AAA request 79 for processing
001404: Apr 5 10:20:33.832 CET: LDAP: Received queue event, new AAA request
001405: Apr 5 10:20:33.832 CET: LDAP: LDAP authentication request
001406: Apr 5 10:20:33.832 CET: LDAP: Attempting first next available LDAP server
001407: Apr 5 10:20:33.832 CET: LDAP: Got next LDAP server :dc01
001408: Apr 5 10:20:33.832 CET: LDAP: First Task: Send search req
001409: Apr 5 10:20:33.832 CET: LDAP: Check the default map for aaa type=username
001410: Apr 5 10:20:33.832 CET: LDAP: Ldap Search Req sent
ld 2266468388
base dn OU=Lokaal10,OU=Room,DC=customer,DC=local
scope 2
filter (&(objectclass=sAMAccountName)(cn=armandputs))ldap_req_encode
put_filter "(&(objectclass=sAMAccountName)(cn=armandputs))"
put_filter: AND
put_filter_list "(objectclass=sAMAccountName)(cn=armandputs)"
put_filter "(objectclass=sAMAccountName)"
put_filter: simple
put_filter "(cn=armandputs)"
put_filter: simple
Doing socket write
001411: Apr 5 10:20:33.836 CET: LDAP: LDAP search request sent successfully (reqid:27)
001412: Apr 5 10:20:33.836 CET: LDAP: Sent the LDAP request to server
001413: Apr 5 10:20:34.344 CET: LDAP: Received socket event
001414: Apr 5 10:20:34.344 CET: LDAP: Checking the conn status
001415: Apr 5 10:20:34.344 CET: LDAP: Socket read event socket=0
001416: Apr 5 10:20:34.344 CET: LDAP: Found socket ctx
001417: Apr 5 10:20:34.344 CET: LDAP: Receive event: read=1, errno=9 (Bad file number)
001418: Apr 5 10:20:34.344 CET: LDAP: Passing the client ctx=87179024ldap_result
wait4msg (timeout 0 sec, 1 usec)
ldap_select_fd_wait (select)
ldap_read_activity lc 0x86A7DB08
Doing socket read
LDAP-TCP:Bytes read = 22
ldap_match_request succeeded for msgid 2 h 0
changing lr 0x85034958 to COMPLETE as no continuations
removing request 0x85034958 from list as lm 0x8715A3F8 all 0
ldap_msgfree
ldap_msgfree
001419: Apr 5 10:20:34.348 CET: LDAP: LDAP Messages to be processed: 1
001420: Apr 5 10:20:34.348 CET: LDAP: LDAP Message type: 101
001421: Apr 5 10:20:34.348 CET: LDAP: Got ldap transaction context from reqid 27ldap_parse_result
001422: Apr 5 10:20:34.348 CET: LDAP: resultCode: 0 (Success)
001423: Apr 5 10:20:34.348 CET: LDAP: Received Search Response resultldap_parse_result
001424: Apr 5 10:20:34.348 CET: LDAP: Ldap Result Msg: SUCCESS, Result code =0
001425: Apr 5 10:20:34.348 CET: LDAP: Failed to get any search entries ldap_msgfree
001426: Apr 5 10:20:34.348 CET: LDAP: Closing transaction and reporting error to AAA
001427: Apr 5 10:20:34.348 CET: LDAP: Transaction context removed from list [ldap reqid=27]
001428: Apr 5 10:20:34.348 CET: LDAP: Notifying AAA: REQUEST FAILED
001429: Apr 5 10:20:34.348 CET: LDAP: Received socket event
I'm not really good at AD but "armandputs" is my sAMAccountName in the AD. My CN=Armand Puts in the AD.So there is still something going wrong. Any idea's?
Thanks!
Maybe you are looking for
-
i am deleting files through my trash in my macbook pro (2010) and then emptying the trash can, but my hard disk space is not increasing! i recently upgraded to lion and the problem is new, wasn't the same with snow leopard! HELP!!!!! When i press com
-
How to call a C program in java PACKAGE
am trying to call a method implemented in C from java. I followed the instructions of sun.java.com tutorial for the simple example of HelloWorld. It works fine. BUT, when I try to do the same in a package, I run into a lot of trouble. I did the follo
-
hi during the installation ,at last stage configuration assistants while running at oracle BPEL process manager configuration assistant i m getting stuck here,although it shows in status progess,but it not move anymore. Failed at "Could not get Deplo
-
Can we include any custom T-Code in SAP Menu path
Hi, Can we maintain any custom T-codes in the SAP Menu path in the SAP Menu displayed on the SAP EASY ACCESS. Or can we maintain user Menu...? If so how to create? and where? If so please help me to maintain Thanks in Advance, Shalem.
-
Caching whole Application Object[in addition to swf]
My whole application is written in JSF. I am using SWFobject to embed Flex component in a JSF page[which just contains Flex swf only]. Now the user can click a button on JSF application and can navigate to this JSF page[with Flex application embedded