LDAP help
It says in the documentation (Fusion developer guide) that any LDAPv3 will do the job...
Well I have a problem (that seems to be a little oracle specific). After configuring OpenLDAP (added some users and groups), I added it as an provider for WLS (an it works... meaning that the users and groups are retrieved). Then I started ADF Security wizard and choose LDAP, entered all the necessary info and finished. Now I have some problems:
1) Using BC Browser triggers the authentification, but the process fails with
javax.naming.NameNoFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=common, cn=products, cn=oraclecontext'I must say I do not have such entry 'cn=common, cn=products, cn=oraclecontext'. I would like to replicate that (I bet in OID it exists) but I don't know where it sits what it contains(attributes,sub-entry)
Anyone managed some other LDAP sever beside OID? How did you do it?
2)testing in browser (with internal WLS) i authenticate ( on a page i display my status)
username florinp
principal florinp
subject florinp; developers; authenticated-role; anonymous-role;
roles developers; authenticated-role; anonymous-role;
authenticated true
code behind is
public boolean isAuthenticated() {
return ADFContext.getCurrent().getSecurityContext().isAuthenticated();
public String getPrincipal() {
return ADFContext.getCurrent().getSecurityContext().getUserPrincipal().getName();
public String getRoles() {
StringBuffer sb = new StringBuffer();
int roles = ADFContext.getCurrent().getSecurityContext().getUserRoles().length;
String[] rol = ADFContext.getCurrent().getSecurityContext().getUserRoles();
for (int i = 0 ;i < roles ; i++) {
sb.append(rol[i]+"; ");
return sb.toString();
public String getSubject() {
StringBuffer sb = new StringBuffer();
for(Principal p :ADFContext.getCurrent().getSecurityContext().getSubject().getPrincipals()){
sb.append(p.getName()+"; ");
return sb.toString();
public String getUser() {
return ADFContext.getCurrent().getSecurityContext().getUserName();
}but trying to access a taskflow ( it contains deps.jspx with no grants) granted to authenticated-role gives me
oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: '/WEB-INF/task-flow-definition.xml#task-flow-definition' 'VIEW'.although is granted to any user
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl</class>
<name>authenticated-role</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>hxbs.view.pageDefs.statusPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.controller.security.TaskFlowPermission</class>
<name>/WEB-INF/task-flow-definition.xml#task-flow-definition</name>
<actions>view</actions>
</permission>
</permissions>
</grant>and 'authenticated=true'
on standalone WLS Can't even access the status page (granted to anonymous-role and authenticated-role)... perhaps I have to migrate my policies... but why isn't it working on the internal wls?
thanks
Florin POP
Hi,
1) Setting LDAP as a security provider at design time is not supported and will be removed in a next release. So the solution is - don't configure LDAP.
2) for authorization,
<grantee>
<principals>
<principal>
<class>oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl</class>
<name>authenticated-role</name>
</principal>
</principals>
</grantee>
needs to be mapped to
Role (Group)
from oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl
to weblogic.security.principal.WLSGroupImpl
User --> weblogic.security.principal.WLSUserImpl
Frank
Similar Messages
-
How can we check authentication using LDAP server and JSP
Hi pytir,
. Two body tags check authentication against the given LDAP server. Tag isAuthenticated executes own body is user is authenticated and tag isNotAuthenticated executes own body if user is not authenticated.
For example:
<%@ taglib uri="taglib.tld" prefix="if" %>
<if:isAuthenticated user="uid=guest" password="12345"
url="ldap://localhost:389" factory="com.sun.jndi.ldap.LdapCtxFactory">
I am a guest
</if:isAuthenticated>
For more info look at this url:
http://coldjava.hypermart.net/servlets/ldaptag.htm
I hope this will help you out.
Regards,
Tirumalarao
Developer Technical Support,
Sun Microsystems. -
hi, i'm new the thid jazn ldap. i'm trying to setup the jazn using ldap on 2 different ORACLE10gAS. Is it possible for 1 configuration file to be in 1 server pointing to the OID in another server?
Hi,
I am not sure what exactly you are referring to as you haven't metioned the Application Servers that you are using, OS, etc. ...here is the general information...
A part of the configuration process for JAZN LDAP is to include the details of the OID in theorion-application.xml configuration file. You can specify the access details for the OID like this :
<!-- use JAZN-LDAP provider type -->
<jazn provider="LDAP" location="<ldap://incq160.idc.oracle.com:3060>" />
So, in effect, you may deploy your application in an Application Server and access different OIDs, based on the connection information.
You can get more information at this link :
http://www.oracle.com/technology/sample_code/tech/java/codesnippet/security/jaznldap/index.html
Regards,
Sandeep -
How to connect from XI to LDAP
Hi
How to integrate XI and LDAP server.I know there is no LDAP adapter is available in XI. Can i use java proxy to connect to LDAP or is ther any other way to do the integration
Regards
Ravi Shankar BHi
You use a java proxy for doing XI <-> LDAP
Helpful blogs.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/7d4db211-0d01-0010-1e8e-9b07fc2113ab
There is some config within XI (3.0 - SP5 onwards).
Run transaction spro > Sap web Application Server > System Administration > Directory Integration > configure LDAP Connector, Define LDAP Users Confgure LDAP Server.
Probably this could help you.
Thanks
Swarup -
Help, Java newbie a little over my head with LDAP
I'm actually a network admin but I've been dabling in Java for a little while now.
I am trying to write an app that will allow me to insert and remove attributes to entries in Active Directory.
I have found some sample code which I have altered to make a "proof of concept" before I start on the actuall app I want.
The problem I am having is writing into the AD. I can query entries with no error but when I try a modification I get an "DSA is unwilling to perform" LDAPException. I am pretty sure it's not a permissions issue but from reading stuff on here I am begnining to think that it may have something to do with SSL connections. There is commented out code below where I experimented with this but I was unable to connect the the AD when this was in. "unable to connect to the directory server error".
If anyone can offer me any advice I would be most grateful.
package LDAPTest;
import netscape.ldap.*;
import java.util.*;
import com.novell.service.ndssdk.jndi.ldap.ssl.*;
// Simple program to experiment with searching LDAP
public class FilterSearch
public static void main(String[] args)
if(args.length != 6)
System.out.println("Usage: java FilterSearch " +
"<host> <port> "+
"<authdn> <password> "+
"<basedn> <filter> ");
System.exit(1);
String host = args[0];
int port = Integer.parseInt(args[1]);
String authid = args[2];
String authpw = args[3];
String base = args[4];
String filter = args[5];
String[] ATTRS = {"memberOf"};
int status = -1;
//SSL experiment that would not connect to the AD server.
//LDAPConnection ld = new LDAPConnection(new LDAPSSLSocketFactory("com.novell.service.ndssdk.jndi.ldap.ssl.LdapSecureSocketFactory"));
LDAPConnection ld = new LDAPConnection();
System.out.println("done connection");
try
//Connect to server and authenticate
ld.connect(host, port,authid,authpw);
System.out.println("Search filter = " +filter);
LDAPSearchResults res = ld.search(base, ld.SCOPE_SUB, filter, null, false);
//Loop on results until complete
while(res.hasMoreElements())
try
//Next Directory entry
LDAPEntry entry = res.next();
prettyPrint(entry, ATTRS, ld);
status=0;
catch(LDAPReferralException e)
System.out.println(e);
continue;
catch(LDAPException e)
System.out.println(e.toString() );
continue;
LDAPAttribute atrib = new LDAPAttribute("memberOf", "CN=Tight VNC,OU=Staging Transmitter Channels,DC=marimba,DC=local");
LDAPModification mod = new LDAPModification(LDAPModification.ADD, atrib);
System.out.println(ld.isAuthenticated());
try{
// This is the code the throws the Exception DSA is unwilling to perform.
ld.modify("CN=smstest0005,CN=MarimbaComputers,CN=Computers,DC=marimba,DC=local", mod);}
catch(LDAPException e){
System.out.println(e);}
catch(LDAPException e)
System.out.println(e.toString() );
//Done, so disconnect
if((ld!=null) && (ld.isConnected()))
try
ld.disconnect();
catch(LDAPException e)
System.out.println(e.toString());
System.exit(status);
public static void prettyPrint(LDAPEntry entry, String[] attrs, LDAPConnection ld)
System.out.println("DN: " + entry.getDN());
//Use array to pick attributes. We could have
//enumerated them all user LDAPEntry.getAttributes
//but this gives us control of the display order
for(int i = 0; i < attrs.length; i++)
LDAPAttribute attr = entry.getAttribute( attrs);
if (attr == null )
System.out.println(attrs[i] + " not present");
continue;
Enumeration enumVals = attr.getStringValues();
//Enumerate on values for this attribute
boolean hasVals = false;
while ((enumVals!=null) && enumVals.hasMoreElements())
String val = (String)enumVals.nextElement();
System.out.println(attrs[i] + ": " + val);
hasVals=true;
if(!hasVals)
System.out.println(attrs[i] + " has no values");
System.out.println("----------------------");OK, I have learned a little about JNDI today and have attempted to implement this using JNDI instead.
I am now getting the OperationNotSupportedException when attempting to add an attribute to an item in Active Directory.
here's the code, can anybody who has managed to add data into AD help with this?
cheers.
package JNDI;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
class Getattr
public static void main(String[] args)
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://hostname:389/");
env.put(Context.SECURITY_PRINCIPAL, args[0]);
env.put(Context.SECURITY_CREDENTIALS, args[1]);
try {
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of the object
Attributes attrs = ctx.getAttributes("CN=smstest0005,CN=MarimbaComputers,CN=Computers,DC=marimba,DC=local");
for (NamingEnumeration ae = attrs.getAll(); ae.hasMore();)
Attribute attr = (Attribute)ae.next();
System.out.println("attribute: " + attr.getID());
/* Print each value */
for (NamingEnumeration e = attr.getAll(); e.hasMore();System.out.println("value: " + e.next()));
// Specify the changes to make
ModificationItem mod[] = new ModificationItem[1];
mod[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("memberOf", "CN=Tight VNC,OU=Staging Transmitter Channels,DC=marimba,DC=local"));
ctx.modifyAttributes("CN=smstest0005,CN=MarimbaComputers,CN=Computers,DC=marimba,DC=local", mod);
// Find the surname attribute ("memberOf") and print it
//System.out.println("memberOf: " + attrs.get("memberOf").get());
} catch (NamingException e) {
System.err.println("Problem getting attribute:" + e); -
Please Help - To keep LDAP connection alive
Hi,
I have used the below function to communicate with LDAP which I have taken and modified from one of the posts in this forum.
My issue is, each time the function opens a connection, search and closing the connection and its seriously affects the performance.
I hope we can resolve this by keeping the connection alive. As I am new to this concept, I am not sure how to do this.
It would be great, if some one help me to keep the connection alive for the below function. Thanks in advance.
create or replace FUNCTION <name> (loginname VARCHAR2)
RETURN NUMBER
IS
-- Adjust as necessary.
l_ldap_host VARCHAR2(256) := '';
l_ldap_port VARCHAR2(256) := '';
l_ldap_user VARCHAR2(256) := '';
l_ldap_passwd VARCHAR2(256) := '';
l_ldap_base VARCHAR2(256) := '';
l_retval PLS_INTEGER;
l_session DBMS_LDAP.session;
l_attrs DBMS_LDAP.string_collection;
l_message DBMS_LDAP.message;
l_filter varchar2(35):='xxxx='|| loginname;
l_count NUMBER:=0;
BEGIN
-- Choose to raise exceptions.
DBMS_LDAP.USE_EXCEPTION := TRUE;
-- Connect to the LDAP server.
l_session := DBMS_LDAP.init(hostname => l_ldap_host,portnum => l_ldap_port);
l_retval := DBMS_LDAP.simple_bind_s(ld => l_session,dn => l_ldap_user,passwd => l_ldap_passwd);
-- Get attribute
l_attrs(1) := 'xxxx';
l_retval := DBMS_LDAP.search_s(ld => l_session, base => l_ldap_base, scope => DBMS_LDAP.SCOPE_SUBTREE, filter => l_filter, attrs => l_attrs, attronly => 0, res => l_message);
l_count:=DBMS_LDAP.count_entries(ld => l_session, msg => l_message);
-- Disconnect from the LDAP server
l_retval := DBMS_LDAP.unbind_s(ld => l_session);
return l_count;
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line('Error :'||SQLERRM);
return 0;
END <fun name>;
Thanks,
Praveen
Edited by: 920577 on Mar 13, 2012 9:40 AM
Edited by: 920577 on Mar 13, 2012 9:41 AMThe basic template looks as follows:
SQL> create or replace package Foo as
2
3 procedure LdapLogoff;
4 function GetData( empName varchar2 ) return number;
5
6 end;
7 /
Package created.
SQL>
SQL> create or replace package body Foo as
2
3 isLoggedOn boolean;
4
5 procedure LdapLogon is
6 begin
7 DBMS_OUTPUT.put_line( '..running logon()' );
8 isLoggedOn := true;
9 end;
10
11 procedure LdapLogoff is
12 begin
13 DBMS_OUTPUT.put_line( '..running logoff()' );
14 isLoggedOn := false;
15 end;
16
17 function GetData( empName varchar2 ) return number is
18 begin
19 if not isLoggedOn then
20 LdapLogon();
21 end if;
22
23 DBMS_OUTPUT.put_line( '..running GetData() for '||empName );
24 return(
25 round(DBMS_RANDOM.Value(1,100))
26 );
27 end;
28
29
30 --// main()
31 begin
32 DBMS_OUTPUT.put_line( 'Package Foo loaded into memory' );
33 isLoggedOn := false;
34 end;
35 /
Package body created.
SQL>
SQL>
SQL> select empno, ename, Foo.GetData(ename) as ID from emp order by empno;
EMPNO ENAME ID
7369 SMITH 23
7499 ALLEN 47
7521 WARD 88
7566 JONES 71
7654 MARTIN 91
7698 BLAKE 28
7782 CLARK 92
7788 SCOTT 91
7839 KING 48
7844 TURNER 89
7876 ADAMS 64
7900 JAMES 16
7902 FORD 18
7934 MILLER 35
14 rows selected.
Package Foo loaded into memory
..running logon()
..running GetData() for SMITH
..running GetData() for ALLEN
..running GetData() for WARD
..running GetData() for JONES
..running GetData() for MARTIN
..running GetData() for BLAKE
..running GetData() for CLARK
..running GetData() for SCOTT
..running GetData() for KING
..running GetData() for TURNER
..running GetData() for ADAMS
..running GetData() for JAMES
..running GetData() for FORD
..running GetData() for MILLER
SQL>
SQL> select empno, ename, Foo.GetData(ename) as ID from emp where rownum = 1;
EMPNO ENAME ID
7369 SMITH 9
..running GetData() for SMITH
SQL>
// call Foo.Logoff manually when done, or leave it to
// Oracle to close and release resources when the
// session terminates -
hi all,
iam getting this error, when i try to add user in a group.
can any one help me out?
Problem modifying member: javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000525: NameErr: DSID-031A0B16, problem 2001 (NO_OBJECT), data 0, best match of:
' 'Also it will be of a great help if somebody can tell me the proper syntax for writting userName and groupName. with a small active directory structure. like if the domain name is "dom1". and inside the folder "Users" we have a group "grp1" and a user "user1". then what will be the code?
also tell the same for a directory "dir1" under domain "dom1". and user "dir_user1" and group "dir_group1".
i need it urgently. please somebody help.
thanks in advance. -
Error in LDAP Authentication for Sun One App Server 8..pls help
I need to authenticate my sun java system application server 8 with openldap server.....
i have added ldap realm as given in the administrators guide http://docs.sun.com/source/817-6088/security.html
My settings in the sun app server were like this:
Realm: ldap
Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
directory ldap://10.1.1.79:389
base-dn o=stooges
jaas-context ldapRealm
search-bind-dn cn=StoogeAdmin,o=stooges
search-bind-password secret1
My openldap schema is as follows
file : /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
database ldbm
suffix "o=stooges"
rootdn "cn=StoogeAdmin,o=stooges"
rootpw secret1
directory /var/lib/ldap/stooges
defaultaccess read
schemacheck off
lastmod on
index cn,sn,st pres,eq,sub
index uid,userPassword eq
file : /var/lib/ldap/stooges/stooges.ldif
dn: o=stooges
objectClass: top
objectClass: organization
o: stooges
description: The Three Stooges
dn: cn=StoogeAdmin,o=stooges
objectClass: organizationalRole
cn: StoogeAdmin
description: LDAP Directory Administrator
dn: ou=MemberGroupA,o=stooges
ou: MemberGroupA
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupA
dn: ou=MemberGroupB,o=stooges
ou: MemberGroupB
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupB
dn: uid=vikram,ou=MemberGroupA,o=stooges
uid:vikram
givenName:vicky
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:inetorgperson
sn:kone
cn:Kone Vikram
userPassword:glamsham
When i start ldap server and sun server,
the login page for sun server asks for username and password ....
when i give
username : vikram
password : glamsham
Error page comes.....
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Sun-Java-System/Application-Server-PE-8.0
Subsequent attempts to login gives another error page
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
com.sun.enterprise.tools.guiframework.exception.FrameworkException: Unabled to handle pre-compiled JSP '/jsp/j_security_check'. Expected pre-compiled classname: 'org.apache.jsp.jsp.j_005fsecurity_005fcheck'.
com.sun.enterprise.tools.admingui.servlet.HandlePrecompiledJsp.doPost(HandlePrecompiledJsp.java:59)
javax.servlet.http.HttpServlet.service(HttpServlet.java:768)
javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0
So pls... help as to how to go about this..
P.S. My ldap server runs as "ldap" user not as rootTry with "vikram" as a member of "cn=asadmin" group in your LDAP directory...
-
Need help setting up LDAP server for Address Book
I've set up Panther servers before for AFP which is pretty simple but now the office I work at wants me to setup an LDAP server so they can share the same contact information, probably about 2,000+ entries. I'm guessing that this will have to be entered in the LDAP server entry by entry.
I need to know how to setup the server and what settings need to be on the clients' computers, such as in Address Book.
The server is an older G4 tower and I've got 8 computers hooked up to it on a simple network. I don't think I'll need to make the LDAP server accessible from outside the network but it's something I'll have to worry about for the future.
Thanks for any help you can offer.bump
-
LDAP + SSL + tomcat- Please help!
Please help I searched the whole site, i m new to JNDI, Security and E-directory, all I got was confusion, and lots of exception.
Here's my problem, I trying to run a web application on tomcat web server. I have a login.html, for users to login to my application. Currently all username and password are stored Novell e-directory. Currently I have the following Code.
<%@page import="javax.naming.*"%>
<%@page import="javax.naming.directory.*"%>
<%@page import="java.util.*"%>
<%@page import=" java.lang.*"%>
<%@page import="java.security.*"%>
<%
String uid = request.getParameter("user");
// Set up the environment for creating the initial context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.1.1.199:636/o=hcfhe");
env.put(Context.SECURITY_PRINCIPAL, "cn=ldapbrowse, ou=it, o=hcfhe");
env.put(Context.SECURITY_CREDENTIALS, "ldapbrowse");
env.put(Context.SECURITY_PROTOCOL,"ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put("java.naming.ldap.factory.socket","javax.net.ssl.SSLSocketFactory");
env.put("java.naming.ldap.version","3");
System.setProperty("javax.net.ssl.keyStore", "c://j2sdk1.4.0//jre//lib//security//cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.ssl.trustStore", "c://j2sdk1.4.0//jre//lib//security//cacerts");
System.setProperty("javax.net.debug","all");
// Create the initial context
try {
DirContext ctx = new InitialDirContext(env);
System.out.println("Is it binding..................");
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search("", "(cn="+ uid +")", ctls);
SearchResult sr = (SearchResult)results.nextElement();
String dn = sr.getName();
//String mycon = ((SearchResult)answer.next()).getName();
System.out.println("DN" + dn);
// ... do something useful with ctx
if(dn != null) {
response.sendRedirect("index2.html");
ctx.close();
} catch (NamingException e) {
System.err.println("Problem getting attribute:" + e);
e.printStackTrace();
%>
I am trying to authenticate my users over SSL to e-directory, and HERE'S where i am totally lost(BTW i can connect to my LDAP directory without SSL. My Network adminsistrator has given me a certificate from the server called SSLMASTER.DER, which I tried install in file called CACERTS in java_home\jre\lib\security using keytool. An it seems like its there using keytool -list command.
and edited the server.xml:
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="8443"/>
<Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory"/>
<!--<Parameter name="keystore" value="C:/jakarta-tomcat-3.2.4/conf/.keystore" />-->
<Parameter name="keystore" value="C:/j2sdk1.4.0/jre/lib/security/cacerts" />
<Parameter name="keypass" value="changeit"/>
<Parameter name="clientAuth" value="true"/>
</Connector>
Now I start re-start tomcat, and type in the following URL
http://localhost:8080/college_register/uk/ac/havering-college/index122.html, then i enter the username and password, when submitted it goes to the above java code or even if i do https://localhost:8443/college_register/uk/ac/havering-college/index122.html. I still get the error below.
javax.naming.CommunicationException: simple bind failed: 10.1.1.199:636. Root e
xception is javax.net.ssl.SSLHandshakeException: Couldn't find trusted certifica
te
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA62
75)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:385)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:309)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:168)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2516)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:263)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:76)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
62)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>
please tell me what else i need to do.Get a copy of your ldap server's public certificate. Use keytool to import (and create) that cert into a truststore. Configure the ssl props to use the new truststore.
-
Help setting up windows auth for lighttpd/ldap etc
I'm running a server on my office that I only have accessible to people in our workgroup. I'd like to set it up to authenticate into our windows domain for ease of password management. I havent been able to get ldap working..and was wondering if anyone could point me in the right direction? most of the how-tos I find online are for setting up ldap for user account authentication. I dont need the users to be able to log into the box at all..just webserver.
my company uses secure ldap and I have the needed certificates, though I cant seem to get basic ldap queries working so I must be setting something up wrong. I'm open to using other authentication methods than ldap as I just need to auth into lighttpd.
Here's basically what I want to do:
Specify a list of users that are allowed to access the page.
If the users are in the allowed list, query the windows domain controller to validate their username/password.
thats it. nothing really fancy or complex. is ldap the best way to do this or kerberos, etc..? I would even be willing to switch to apache if that would simplify things.
any help would be greatly appreciated.How to use multiple iPods, iPads, or iPhones with one computer
http://support.apple.com/kb/HT1495
How to Share a Family iPad
http://www.macworld.com/article/1163347/how_to_share_a_family_ipad.html
Using iPhone, iPad, or iPod with multiple computers
http://support.apple.com/kb/ht1202
iOS & iCloud Tips: Sharing an Apple ID With Your Family
http://www.macstories.net/stories/ios-5-icloud-tips-sharing-an-apple-id-with-you r-family/
How To Best Use and Share Apple IDs across iPhones, iPads and iPods
http://www.nerdsonsite.com/blog/2012/06/07/help-im-appleid-confused/
Be sure to set up Restrictions for In-App purchases.
Cheers, Tom
How to Childproof Your iPad
http://ipad.about.com/od/ipad-family/a/How-To-Childproof-Your-iPad.htm
Set up a kid-friendly iPad
http://www.macworld.com/article/2041627/set-up-a-kid-friendly-ipad.html
How to set up an iPad or iPod touch for kids
http://www.pcadvisor.co.uk/how-to/apple/3422580/how-set-up-ipad-or-ipod-touch-fo r-kids/
Message was edited by: Texas Mac Man -
LDAP authentication (Help urgently)
Dear All,
I am facing a problem, while running follwing code.
import java.util.Hashtable;
import java.util.Enumeration;
import javax.naming.*;
import javax.naming.directory.*;
public class JNDISearch
/** Creates a new instance of JNDISearch */
public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
public static String MY_HOST = "ldap://INCHINADC:389";
public static String MY_SEARCHBASE = "DC=dnbchn,DC=com";
public static String MY_FILTER = "(OU=BA)";
public static void main(String args[])
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,INITCTX);
env.put(Context.PROVIDER_URL, MY_HOST);
//get reference for the Direct context
DirContext ctx = new InitialDirContext(env);
//scope of the search
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search(MY_SEARCHBASE,MY_FILTER,constraints);
while(results != null && results.hasMore())
SearchResult sr = (SearchResult) results.next();
String dn= sr.getName();
System.out.println("Distinguished Name is " + dn);
Attributes attr = sr.getAttributes();
for (NamingEnumeration ne = attr.getAll(); ne.hasMoreElements()
Attribute attrs = (Attribute) ne.next();
String attrID = attrs.getID();
System.out.println(attrID + ":");
for (Enumeration vals = attr.getAll(); vals.hasMoreElements()
System.out.println("\t" + vals.nextElement());
System.out.println("\n");
}catch (Exception e){
e.printStackTrace();
System.exit(1);
Error is
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=dnbchn,DC=com'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java: 368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirC ontext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirC ontext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at loginauthentication.JNDISearch.main(JNDISearch.java:44)
Java Result: 1
can anybody help me to underatsnd this error? what it means? and how to fix it?
ASAP
RegardsHello,
I now that this is an old post but I am having a similar problem.
I am trying to access a topic jms using bam and I also have Invalid login/password.
Furthermore I can't access a topic or queue using JMSUtils. the problem is the same.
How did you solve your problem?
Thanks
Gonçalo Ribeiro (I am portuguese so if you know portguese ......) -
Please Help. How can you monitor a directory using jndi connection to a ldap server?
How can you monitor a directory using jndi connection to a ldap server? I
want the ldap server to monitor the content change in a file system
directory on another computer on the network. Can someone please help.
Thanks
FredHi,
Why do you want to use LDAP for Hard disk monitoring..???
U can do this by creating a MD5 checksum for all the files existing in some
perticular
directory and every hour or any configurable period u can recalculate the
checksum
to find out the change in the content.
I guess all u need is to get the code for "updatedb" utility of Linux and
instrument it for ur needs..
Hope it helps...
-aseem
mr wrote:
How can you monitor a directory using jndi connection to a ldap server? I
want the ldap server to monitor the content change in a file system
directory on another computer on the network. Can someone please help.
Thanks
Fred -
Help with setting up LDAP Client on Oracle Linux 6.4
Hi,
I'm having problems getting my Oracle Linux server setup as a ldap client and hoping someone can find where I'm going wrong. We have Oracle/Sun Directory Server 7 with Solaris ldap clients already setup with ssl. We are also using crypt for storing passwords. Here are the steps I have done on the Linux server.
yum install -y openldap openldap-clients nss-pam-ldapd pam_ldap
Edited the line FORCELEGACY=no to yes in /etc/sysconfig/authconfig
Copied the CA certs to /etc/openldap/cacerts
Ran: authconfig updateall enableldap enableldapauth ldapserver=zldap1.<domain> ldapbasedn="o=<domain>,o=isp" enableldaptls --enableldapstarttls
Changed pam_password md5 to crypt in /etc/pam_ldap.conf
Restarted /etc/init.d/nslcd and also tried rebooting.
I'm seeing the following errors in messages:
May 21 08:50:01 ryolinux nslcd[1261]: [c79ea8] ldap_start_tls_s() failed: Connect error (uri="ldap://zldap1.<domain>/")
May 21 08:50:01 ryolinux nslcd[1261]: [c79ea8] failed to bind to LDAP server ldap://zldap1.<domain>/: Connect error
May 21 08:50:01 ryolinux nslcd[1261]: [c79ea8] no available LDAP server found
Here is what my /etc/openldap/ldap.conf file looks like:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
URI ldap://zldap1.<domain>/
BASE o=<domain>,o=isp
Any help would be appreciated.
ThanksCopy cacerts to /etc/openldap/cacerts
yum install -y openldap ldap-clients nss-pam-ldapd pam_ldap authconfig sssd
authconfig enablesssd enablesssdauth enablelocauthorize update
authconfig updateall enableldap enableldapauth ldapserver=zldap1.<domain> ldapbasedn="o=<domain>,o=isp" enableldaptls --enableldapstarttls
Add line to /etc/sssd/sssd.conf "ldap_tls_reqcert = allow"
Change /etc/pam_ldap.conf line:
pam_password md5 --> pam_password crypt
service sssd restart -
Urgent: Please help: Trusted recon - Sun LDAP - timeout
Hi Experts,
I am doing trusted reconciliation with sun ldap using oim 11.1.1.5 bp4.
LDAP system has around 3 lakh users. so i am planned to do trusted recon in 5 or 6 intervals to get around 50K records each time.
i tested for 1000 users - no timeout is happening and all users are created perfectly using trusted recon
when i run for 25K users, i am getting timeout excception below,
1. It is searching and listing the users, (please chck time)
recon.schedule.tasks.tcTskIPlanetUserReconciliation : countRecord() : Before search time: Tue Oct 09 13:24:41 KST 2012
recon.schedule.tasks.tcTskIPlanetUserReconciliation : countRecord() : TotalRecords from LDAP: 22882
recon.schedule.tasks.tcTskIPlanetUserReconciliation : countRecord() : After search time: Tue Oct 09 15:54:42 KST 2012
2. Timeout exception
recon.schedule.tasks.tcTskIPlanetUserReconciliation : pagingBatchingReconciliation() : The searchBase is: ou=XX,ou=XX,o=XX
pagingBatchingReconciliation() : Problem searching directory: javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; Remaining name: ou=XX,ou=XX,o=XX
In iPlanet User Truseted Recon I gave,
Abandoned connection timeout - 108000 (seconds)
Connection pooling supported - false
Connection wait timeout - 60 (seconds)
LDAP Connection TimeOut - 3000 (seconds)
Inactive connection timeout - 60 (seconds)
Above parameters are good for more than 25K users?
Please help me...
Thanks..They look good...
Try to use Connection pooling too if possible...
Abandoned connection timeout - 108000 (seconds)
Connection pooling supported - true
Connection wait timeout - 60 (seconds) --> Increase it to say 90 (seconds)
LDAP Connection TimeOut - 3000 (seconds) --->
Inactive connection timeout - 60 (seconds) --> Increase it to 600 (As the default value in the LDAP Server IT Resource Type Definition)
Alternatively You can rather break your chunks in 20000 records because you are able to fetch 22882 records successfully....
Maybe you are looking for
-
ITunes wont download at all!
iTunes wont download at all, at first I have no idea why! ive been trying to get it for over a month now. In which it downloaded once, but would not open. Someone please help me! I have windows vista.
-
Invoice/credit number - which table?
Hi friends, I have to create a new report and I need to include the information: "INVOICE/CREDIT NUMBER" I have never seen this in SD before. Does anybody have a clue where I can find the table and the name of the field? Thank you, Roger
-
How to set a Pop-up message in Bex queries
Hello all, I need to set a pop-up warning message to appear whenever users attempt to look up information for dates outside a criteria. I have created a variable in cmod with the following abap code. IF ( year > sy-datum(4) ) OR ( year = sy-d
-
Wizard generated table control: bug in insert line function?
Hi, I added a table control to a dynpro using the wizard in the screen painter. Now I have an issue with the inserting line button: If I add a new line the first time, a new empty line is added to the table control before my last line. So far so good
-
I have downloaded java so I could play POGO and I keep getting an error about my browser having a problem. I'm new at this. Can you help me please? What can I do to correct this problem?