Ldap identity configs
Hi,
Can you provide some identity examples (workflow-identity-config.xml ) so I can use AD or OID
thanks edwin
Yes, you won't see any hits on ACS for PEAP authentication failure. Also, you should have a valid contract with Cisco before you download the latest images.
If you would like to test, you may download the evaluation vesrion of ACS 5.3 along with the trial license file.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/installation/guide/csacs_vmware.html#wp1069919
Regards,
Jatin
Do rate helpful posts-
Similar Messages
-
How to configure SOA Suite 11g Worklist with LDAP Identity Store
Hi
Im trying to configure the worklistapp to use an ldap identity store (SOA Suite 11g)
The ldap is a open source ldap (Open DS in this case), is NOT : OID, OVD, Active Directory, WLS OVD, IPlanet.
for doing so, i did the next configurations:
workflow-identity-config.xml
<configuration realmName="realm1">
<provider providerType="JPS" name="JpsProvider" service="Identity">
<property name="jpsContextName" value="worklist" />
</provider>
</configuration>
jps-config.xml
<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" schema-major-version="11" schema-minor-version="1">
<!-- This property is for jaas mode. Possible values are "off", "doas" and "doasprivileged" -->
<property name="oracle.security.jps.jaas.mode" value="off"/>
<property name="custom.provider" value="true"/>
<serviceProviders>
<serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider">
<description>LDAP-based IdentityStore Provider</description>
</serviceProvider>
</serviceProviders>
<serviceInstances>
<serviceInstance name="idstore.ldap.opends" provider="idstore.ldap.provider">
<property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<property name="idstore.type" value="CUSTOM"/>
<property name="ldap.url" value="ldap://host:port"/>
<property name="subscriber.name" value="dc=company,dc=com"/>
<property name="search.type" value="SIMPLE"/>
<property name="security.principal" value="cn=adminuser,dc=company,dc=com"/>
<property name="security.credential" value="!adminuser_password"/>
<property name="user.login.attr" value="cn"/>
<property name="username.attr" value="cn"/>
<property name="groupname.attr" value="cn"/>
<extendedProperty>
<name>group.mandatory.attrs</name>
<values>
<value>cn</value>
<value>objectClass</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.object.classes</name>
<values>
<value>top</value>
<value>groupOfUniqueNames</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.filter.object.classes</name>
<values>
<value>groupOfUniqueNames</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.member.attrs</name>
<values>
<value>uniqueMember</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.search.bases</name>
<values>
<value>o=groups,dc=company,dc=com</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.mandatory.attrs</name>
<values>
<value>cn</value>
<value>objectClass</value>
<value>sn</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.object.classes</name>
<values>
<value>organizationalPerson</value>
<value>person</value>
<value>inetOrgPerson</value>
<value>top</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.filter.object.classes</name>
<values>
<value>inetOrgPerson</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.search.bases</name>
<values>
<value>o=users,dc=company,dc=com</value>
</values>
</extendedProperty>
</serviceInstance>
</serviceInstances>
<jpsContexts default="default">
<jpsContext name="worklist">
<serviceInstanceRef ref="credstore"/>
<serviceInstanceRef ref="keystore"/>
<serviceInstanceRef ref="policystore.xml"/>
<serviceInstanceRef ref="audit"/>
<serviceInstanceRef ref="idstore.ldap.opends"/>
</jpsContext>
</jpsContexts>
</jpsConfig>
but i get the error:
Jul 2, 2009 12:52:40 PM oracle.security.jps.internal.idstore.util.IdentityStoreUtil getIdentityStoreFactory
WARNING: The identity store factory name is not configured.
Jul 2, 2009 12:52:40 PM oracle.bpel.services.common.ServicesLogger __logException
SEVERE: <.> Error in authenticating user.
Error in authenticating and creating a workflow context for user realm1/user1.
Verify that the user credentials and identity service configurations are correct.
ORABPEL-30501
Error in authenticating user.
Error in authenticating and creating a workflow context for user sigfe.com/user1.
Verify that the user credentials and identity service configurations are correct.
at oracle.bpel.services.workflow.verification.impl.VerificationService.authenticateUser(VerificationService.java:603)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
So, anyone knows how i can specify the identity store factory?
or the correct parameters for a ldap identity store repository?
I used the 11G documentation for the security file :
http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/jpsprops.htm
thanksI am having exactly the same issue. Once I configure jps-config.xml file to use my custom authenticator and login into the worklist app, the following gets thrown. I was wondering if you need map some roles to the existing users in the Custom Authenticator.
Exception
exception.70692.type: error
exception.70692.severity: 2
exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present. -
ISE Admin Access Authentication against multiple AD/LDAP Identity Sources
Hi all!
We would like to grant admin cccess to our ISE deplyoment to users stored in multiple Active Directories. Since there is no trust relationship between these ADs, we created an LDAP Identity Source for each AD and also an Identity Source Sequence but in the UI we can only select one Identity Source.
Any ideas how to solve this problem?
Thanks in advance!
Kind regards,
Michael LangerreiterI did check in my lab and yes for admin access we can't select identity store sequence in authentication. We can only pick one external database. However, on the login page you may select the appropriate database before you enter the username and password.
Jatin Katyal
- Do rate helpful posts - -
Error configuring BI Publisher 10.1.3.3.2 with OID LDAP Security Config
I have installed BI Publisher Enterprise Standalone version 10.1.3.3.2 and am able to successfully log in as Administrator. I need to integrate BI Publisher with LDAP. I accessed the Security Configuration section and updated the LDAP information and set up the required XMLP_* groups in OID and assigned them to OID users as instructed in the BI Publisher users document, however the LDAP connection does not appear to be working. When I log in as a user that has been assigned to the XMLP_ADMIN or users that have been assigned to one of the other XMLP_* groups I get an error message:
Error
The server can not be used due to a configuration error, please contact the administrator. If you are the administrator, please consult BI Publisher user guide for proper configuration. Then when I click on the Error Details link I get the following information:
oracle.apps.xdo.security.ValidateException
I have verified that the LDAP information entered is correct. The values in my xmlp-server-config.xml are below:
<property name="SUPERUSER_PASSWORD" value="value not included for security reasons"/>
<property name="SUPERUSER_USERNAME" value="Administrator"/>
<property name="GUEST_FOLDER" value="false"/>
<property name="LDAP_PROVIDER_GROUP_ATTR_DESCRIPTION" value="description"/>
<property name="SAW_SERVER" value=""/>
<property name="SAW_USERNAME" value="Administrator"/>
<property name="LDAP_PROVIDER_GROUP_ATTR_MEMBER" value="uniquemember"/>
<property name="LDAP_PROVIDER_ADMIN_USERNAME" value="orcladmin"/>
<property name="SAW_VERSION" value="v4"/>
<property name="ENABLE_SUPERUSER" value="true"/>
<property name="LDAP_PROVIDER_URL" value="ldap://stars.rogersgroupinc.com:389/"/>
<property name="DEBUG_LEVEL" value="debug"/>
<property name="LDAP_PROVIDER_GROUP_SEARCH" value="(&(objectclass=groupofuniquenames)(cn=*))"/>
<property name="SAW_SESSION_TIMEOUT" value="90"/>
<property name="SAW_PORT" value=""/>
<property name="SAW_PROTOCOL" value="http"/>
<property name="SECURITY_MODEL" value="LDAP"/>
<property name="LDAP_PROVIDER_ADMIN_PASSWORD_ENC" value="value not included for security reasons"/>
<property name="LDAP_PROVIDER_GROUP_SEARCH_ROOT" value="cn=groups,dc=rogersgroupinc,dc=com"/>
<property name="SAW_PASSWORD_ENC" value="41671566C02C7880B95B49C7F8D40467"/>
<property name="LDAP_PROVIDER_FACTORY" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<property name="LDAP_PROVIDER_USER_DN" value="cn=hrsyncuserstest,cn=users,dc=rogersgroupinc,dc=com"/>
<property name="LDAP_PROVIDER_GROUP_ATTR_NAME" value="cn"/>
I have opened an SR on this but so far have not gotten anywhere. Any assistance is appreciated. Thanks.
New information: I found the following messages in the default_group~home~default_group~1.log file:
When the service starts the following message appears -
[021208_091215109][][STATEMENT] oracle.apps.xdo.servlet.resources.ResourceNotFoundException: /data/oracle/bipubtest/10.1.3/xmlp/XMLP/Admin/Security/pkiconfig.xml
at oracle.apps.xdo.servlet.ReportException.fillInStackTrace(ReportException.java:124)......
and when I attempt to log in I get the following error:
[021208_091704879][][EXCEPTION] javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66).......
I have tested this user with ldapbind as shown below and
I get a bind successful so I am not sure why I am getting the Invalid Credentials error:
ldapbind -h stars.rogersgroupinc.com -p 389 -D "cn=droberts,cn=hrsyncuserstest,cn=users,dc=rogersgroupinc,dc=com" -w <password not included>
Message was edited by:
user571286
I am disappointed that I have received no responses to this issue either on the forum or on my SR with Support. If I need to provide more detailed information in order to get assistance please let me know. Our project is at a standstill until this issue is corrected so I really need some assistance in finding a solution.
Message was edited by:
user571286Thank you SO MUCH, Dave! I had entered cn=orcladmin in the Security Configuration screen and did not notice that it was saved to the xmlp-server-config.xml as orcladmin... I manually editted the xmlp-server-config.xml file to cn=orcladmin and it appears to be working now!
Why is the entry not saving correctly from the Security Configuration screen? Is this a bug?
Thanks again, Dawna. -
Where is the LDAP manager config stored?
Hi,
Can anybody tell me where the configuration for the applied LDAP policies are stored?
I have servers running LDAP.
I have added a LDAP policy file to one server, I copied it over to another server.
But when I select the dropdown to see it in User Manager/LDAP it does not show.
I also copied the casadmin.xml file, edited the server name, but it still does not show.
The only thing that works is to create a dummy LDAP, with the correct name, save it and then copy the proper LDAP over it.
Where is this data stored for the LDAP manager?
AndyMost of these files are held in memory. Probably would be best to stop servletexec prior to overwritting the files and then restarte it.
There is also a config file, login-config.xml, that goes along with it.
Regards,
Jamie -
Hi
Another question. Is an LDAP version of the Identity service on the way? Is it possible to integrate a custom Identity service into the BPEL Designer/PM?
Best wishes
John PrinceHi John,
Yes the BPEL PM 10.1.2 does support LDAP for Human Workflow as well as Engine. The documentation for the same is under construction. Please Send me a mail on collaxa_support_us.oracle.com, and I will reply as soon as the documentation is available.
Dhaval -
https://wiki.archlinux.org/index.php/HO … entication (workarounds on that page not work!!)
NOT working at all, too old info.
when trying to do ldap auth:
udev - won't start
netfs - don't start
homedirs not created
why ??
i have last release of arch, and doing all from archwiki to setup ldap auth.Hey Murdoch,
First of all, are you even able to search your LDAP tree ( via ldapsearch ) ?
Does browsing the tree require authentication or have you left it open ?
Are you able to authenticate via LDAP ?
Does "getent passwd" return a listing of your LDAP users ?
Do you receive any error messages during your boot sequence regarding udev or netfs ?
Do you receive an error message when attempting to start udev manually ?
Have you checked your log files ? -
No POST, 3 Identical Config machines
I currently have three 651M-L based board's with the following configuration:
AOpen A340 Case w/ 250w PSU
Celeron 2.4Ghz 478
DirectPC DDR333 RAM
Western Digital 80GB HDD
None of these machines are able to reach a POST screen, and sit on a black screen upon bootup. I have tested two additional CPU's, swapped ram between the machines and a third machine (.: ram + cpu's work). As all-in-one board's I would expect there would be very few compatibility issues when only loaded with minimal part's. Is there any known problem's with these boards with any of the above part's? (note, as I said, there are three board's - it's possible - but v. unlikely that 3 boards were DOA.)
Thanks,
-AdamDont know D-Bracket number.
Does the system fails to post after you've change the DRAM settings to 266MHz or even before the changes...?
If I cannot post, then I cannot get to the BIOS, is there another method of changing frequency? (No jumpers)
I'm going to see if I can get these returned (outside of D.O.A period from my supplier, and the customer concerned is getting agitated - with good reason), as I have now tested with every other piece of external equipment I can get my hands on (gfx, ram, processor, power supply). Do MSI representitives browse these forums?
-Adam -
Connection Pooling and Connection Identity
On this link:
http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html
I read that: "The LDAP provider maintains pools of connections; each pool holds connections (either in-use or idle) that have the same connection identity."
This to me suggested that if I am doing "simple" authentication then the "connection identity" consists of:
1) connection controls
2) host name, port number as specified in the "java.naming.provider.url" property, referral, or URL supplied to the initial context
3) java.naming.security.protocol
4) java.naming.ldap.version
5) java.naming.security.principal
6) java.naming.security.credentials
But when I run a test where user1, user2 and user3 login over and over again, I see (from tracing the conenctions) that 3 TCP connections are bing reused for user1, 2 and 3.
Now this is good as it shows that pooled connections are being reused...BUT what I don't understand is why do I keep seeing new bind requests on each of these connections for the same user? for example, the TCP connection for user1 shows a series of BIND requests for user1.
Now my question is this:
IF each pool holds connections that have the same connection identity, and
IF user principal and password are part of the simple "connection identity"
THEN why do I see multiple BINDs? Shouldn't they not be needed anymore once the 1st BIND happens successfully?
Looking forward to hearing from the experts :)
Cheers!what DBMS and what JDBC driver are you using?
-
Configuring ADF Security to use LDAP
HI All
We are building an application which is secured using SSO authentication. We have an LDAP setup for this.
During development, we wanted to configure LDAP in ADF Security Wizard in Jdeveloper for authentication. I tried the following in ADF Security Wizard in the 10 steps of the wizard:
1) Configure ADF for Web Application, enforce Authorization
2) Enable Credential Store
3) No Policy Store
4) LDAP Identity Store
5) Enter LDAP credentials, LdAp URL, user base
6) No Anonymous Provider
7) Did not select any login module
8) Form Based Authentication, generate default
9) Added pages that need to be secured
10) Finish
The login page is rendered whenever i try to access a protected page. But when I enter the LDAP user credentials for login, it does not work. It says "You are not authorized to view this page".
Is there anything missing in the setup that is causing the issue. Any pointers on this would be helpful.
Thanks
Srinidhi.Hi,
note that there don't exist documentation for configuring ADF Security in JDeveloper 11 with LDAP. In general, ADF Security in JDeveloper 11 is not yet ready for SSO and LDAP testings and still is under development. Note that LDAP authentication - as container managed authentication - is configured in the jps-config.xml file of the deployed application. However, as said, its not documented and would be just too much at this point to put into a forum answer
Frank -
Hi,
I have a requirement to change the server that the ACS Appliance( 2 x running primary / secondary) (5.2) using as an external identity store. I previously changed the server Host name under External Identity Stores\LDAP\ Server connection Tab. The issue was that when I performed a test bind it was successful BUT under the Directory Groups Tab I lost the Group name entries - only recovering them as I exited the config without saving anything.
So my question is how do I change the server connection and re instate the directory Group list ? There are a number of entries and I need them all back in with minimal disruption to the network. There must be an easier way than entering them all manually ?
Thanks,
PeteAny changes in server connection like ip or credential would not be allowed unless you remove all the refrences from the ACS config because the connection is built based on that information.
However, you can create more than one LDAP instance in ACS 5.2. By creating more than one LDAP instance with different IP address or port settings, you can configure ACS to authenticate by using different LDAP servers or different databases on the same LDAP server.
Each primary server IP address and port configuration, along with the secondary server IP address and port configuration, forms an LDAP instance that corresponds to one ACS LDAP identity store instance.
ACS 5.3 does not require that each LDAP instance correspond to a unique LDAP database. You can have more than one LDAP instance set to access the same database.
Regards,
Jatin -
Hi,
I have setup an Identity Firewall on a ASA version 5.6 on a DMZ interface.
I have installed the ADAgent on a domain member Win2008 and configured as follows:
aaa-server ADAGENT_SERVER protocol radius
ad-agent-mode
aaa-server ADAGENT_SERVER (VPN) host 172.17.v.x key *****
I have configured the LDAP connection to the DC as follows:
aaa-server DOMAIN_SERVER protocol ldap
aaa-server DOMAIN_SERVER (VPN) host 172.17.v.z
ldap-base-dn DC=YYY,DC=local
ldap-scope subtree
ldap-login-password *****
ldap-login-dn vvvvv
server-type microsoft
The identity config is as follows:
user-identity domain YYY aaa-server DOMAIN_SERVER
user-identity default-domain YYY
user-identity action netbios-response-fail remove-user-ip
user-identity logout-probe netbios local-system
user-identity ad-agent aaa-server ADAGENT_SERVER
user-identity user-not-found enable
access-list 122 extended permit ip user YYY\ashdew any any
where ashdew is a domain user and ACL 122(only one line) is applied on the dmz interface and NAT is properly configured.
The ADagent has been properly tested and ASA can register to it.
The ASA can connect to AD DC controller and query user database.
I have placed a laptop ip 172.17.h.x on the DMZ and can ping the DMZ interface.
The laptop cannot authenticate on the domain and the asa does not seem to retrieve the user identity
Do I need to add extra rules in the access-list 122 to permit trafic to DC?
Can I check on the AD Agent if it can retrieve the user to ip mapping ?
Thanks
AshleyThanks Karsten,
Great its clear now. I know the DMZ seems a bit odd. Actually, the DMZ is only accessible through the any-connect VPN.
In the DMZ, we will have a citrix farm to access internal resources through identity management.
We are testing with a laptop in the first place.
Now, we have allowed in the acl to access AD, the laptop authenticates in the domain but then all connections are refused since the AD Agent is not retrieving the mapping.
Is there a way to check if the ADAgent is properly retrieved the mapping. We suspect the problem is here.
We did a capture on the ASA and we have found that the ASA contact the ADAgent when the user authenticates but then ADAgent does not return any ip mapping. The ASA sees the user as ip as user-not -found .
Thanks again for your help,
Ashley -
Help needed in installing Identity management 11.1.1.2
Hi,
I have installed Oracle Webcenter and SOA suite (11g) in single domain and also installed and conten server 10.1.3.4. All in a single machine. And I want to provide LDAP Identity store for custom applications/Spaces application with content management. I am in the process installing Identity management. I have the following issues
1. Do I need to install all the 5 components of Identity suite?
2. Due to performance reasons I want to install Idm suite on different machine. Can the webcenter application on machine1 be configured to use the identity services from machine2 ,consideing i created a new domain on machine2 that contains it identity servers with its own admin console/Fusion control?
installation guide contains lot of options which i could not understand .Please help me in this regard.
Thansk,
indraresolved
-
WLC 5508 running 7.4.110.0 unable to tftp upload config from controller
Hi,
Two WLC 5508 running identical code version. One is 50 license Primary, the second is HA. Identical config on both. HA WLC can upload its config to the TFTP or FTP server but Primary cannot. The operation fails for both CLI and GUI and for different protocols i.e. TFTP, FTP.
#### Primary Controller
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.110.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.95.16
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... PRODWC7309
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.1.30.210
Last Reset....................................... Power on reset
System Up Time................................... 18 days 18 hrs 51 mins 35 secs
System Timezone Location......................... (GMT+10:00) Sydney, Melbourne, Canberra
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... AU - Australia
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +34 C
External Temperature............................. +17 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 8
Number of Active Clients......................... 138
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 3C:08:F6:CA:52:20
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 50
(Cisco Controller) >debug transfer trace enable
(Cisco Controller) >transfer upload start
Mode............................................. TFTP
TFTP Server IP................................... 10.1.22.2
TFTP Path........................................ /
TFTP Filename.................................... PRODWC7309-tmp.cfg
Data Type........................................ Config File
Encryption....................................... Disabled
*** WARNING: Config File Encryption Disabled ***
Are you sure you want to start? (y/N) Y
*TransferTask: Jun 02 10:41:15.183: Memory overcommit policy changed from 0 to 1
*TransferTask: Jun 02 10:41:15.183: RESULT_STRING: TFTP Config transfer starting.
TFTP Config transfer starting.
*TransferTask: Jun 02 10:41:15.183: RESULT_CODE:1
*TransferTask: Jun 02 10:41:24.309: Locking tftp semaphore, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
*TransferTask: Jun 02 10:41:24.393: Semaphore locked, now unlocking, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
*TransferTask: Jun 02 10:41:24.393: Semaphore successfully unlocked, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
*TransferTask: Jun 02 10:41:24.394: tftp rc=-1, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
pLocalFilename=/mnt/application/xml/clis/clifile
*TransferTask: Jun 02 10:41:24.394: RESULT_STRING: % Error: Config file transfer failed - Unknown error - refer to log
*TransferTask: Jun 02 10:41:24.394: RESULT_CODE:12
*TransferTask: Jun 02 10:41:24.394: Memory overcommit policy restored from 1 to 0
% Error: Config file transfer failed - Unknown error - refer to log
(Cisco Controller) >show logging
*TransferTask: Jun 02 10:41:24.393: #UPDATE-3-FILE_OPEN_FAIL: updcode.c:4579 Failed to open file /mnt/application/xml/clis/clifile.
*sshpmReceiveTask: Jun 02 10:41:24.315: #OSAPI-3-MUTEX_FREE_INFO: osapi_sem.c:1087 Sema 0x2b32def8 time=142 ulk=1621944 lk=1621802 Locker(sshpmReceiveTask sshpmrecv.c:1662 pc=0x10b07938) unLocker(sshpmReceiveTask sshpmReceiveTaskEntry:1647 pc=0x10b07938)
-Traceback: 0x10af9500 0x1072517c 0x10b07938 0x12020250 0x12080bfc
*TransferTask: Jun 02 10:39:01.789: #UPDATE-3-FILE_OPEN_FAIL: updcode.c:4579 Failed to open file /mnt/application/xml/clis/clifile.
*sshpmReceiveTask: Jun 02 10:39:01.713: #OSAPI-3-MUTEX_FREE_INFO: osapi_sem.c:1087 Sema 0x2b32def8 time=5598 ulk=1621801 lk=1616203 Locker(sshpmReceiveTask sshpmrecv.c:1662 pc=0x10b07938) unLocker(sshpmReceiveTask sshpmReceiveTaskEntry:1647 pc=0x10b07938)
-Traceback: 0x10af9500 0x1072517c 0x10b07938 0x12020250 0x12080bfc
#### HA Controller
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.110.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.95.16
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... PRODWC7310
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.1.31.210
Last Reset....................................... Software reset
System Up Time................................... 18 days 19 hrs 1 mins 27 secs
System Timezone Location......................... (GMT+10:00) Sydney, Melbourne, Canberra
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... AU - Australia
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +34 C
External Temperature............................. +17 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 4
Number of Active Clients......................... 0
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 3C:08:F6:CA:53:C0
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 500
(Cisco Controller) >debug transfer trace enable
(Cisco Controller) >transfer upload start
Mode............................................. FTP
FTP Server IP.................................... 10.1.22.2
FTP Server Port.................................. 21
FTP Path......................................... /
FTP Filename..................................... 10_1_31_210_140602_1050.cfg
FTP Username..................................... ftpuser
FTP Password..................................... *********
Data Type........................................ Config File
Encryption....................................... Disabled
*** WARNING: Config File Encryption Disabled ***
Are you sure you want to start? (y/N) y
*TransferTask: Jun 02 10:51:31.278: Memory overcommit policy changed from 0 to 1
*TransferTask: Jun 02 10:51:31.278: RESULT_STRING: FTP Config transfer starting.
FTP Config transfer starting.
*TransferTask: Jun 02 10:51:31.278: RESULT_CODE:1
*TransferTask: Jun 02 10:52:05.468: ftp operation returns 0
*TransferTask: Jun 02 10:52:05.477: RESULT_STRING: File transfer operation completed successfully.
*TransferTask: Jun 02 10:52:05.477: RESULT_CODE:11
File transfer operation completed successfully.
Not upgrading to 7.4.121.0 because of bug CSCuo63103. Have not restarted the controller yet.
Any one else had this issue ? Is there a workaround ?
Thanks,
Rick.Thanks Stephen, In my deployments of 7.4.110.0 version I have not seen this issue so may be controller reboot will fix it (we do have HA to minimize the impact). I will keep the thread updated with findings and may request TAC for the special release 7.4.121.0 if the still not happy with 7.4.110.0
Rick. -
Unable to connect remote LDAP server 2005Q1
To connect remote LDAP server with local mail server in iMS5.2, it was successful and very easy.
But, with Sun Java Messaging 2005Q1, I failed so many times when I configure mail server.
Only two things( LDAP and messaging ) are in the same machine, it was successful.
It's very weird.
In Install Guide, remote LDAP system has no problem to connect with local mail server.
Here is LDAP server version.
# ./monitor
version: 1
dn: cn=monitor
objectClass: top
objectClass: extensibleObject
cn: monitor
connectionpeak: 9
version: Sun Java(TM) System Directory Server/5.2_Patch_3 B2004.331.1125
Messaging server version is Sun Java Messaging 2005Q1.
================ Install Log ================
The following items for the product Messaging Server will be configured:
Product: Messaging Server
Location: /data/MailData
Space Required: 0 bytes
Message Transfer Agent
Message Store
Messenger Express
Ready to Configure
1. Configure Now
2. Start Over
3. Exit Configure Program
What would you like to do [1] {"<" goes back, "!" exits}?
Starting Task Sequence
===== Thu Apr 21 18:50:38 KST 2005 =====
Running /usr/sbin/groupadd mail
===== Thu Apr 21 18:50:38 KST 2005 =====
Running /usr/sbin/useradd -g mail -d / mailsrv
===== Thu Apr 21 18:50:38 KST 2005 =====
Running /usr/sbin/usermod -G mail mailsrv
===== Thu Apr 21 18:50:38 KST 2005 =====
Running /bin/rm -rf /opt/java05Q1/Mail/config /opt/java05Q1/Mail/data
===== Thu Apr 21 18:50:38 KST 2005 =====
Running /bin/chmod 600 /opt/java05Q1/Mail/lib/config-templates/Devsetup.
properties
===== Thu Apr 21 18:50:38 KST 2005 =====
Running /opt/java05Q1/Mail/lib/devinstall -l schema1:sepadmsvr:pkgcfg:config:
msg:msg_en:imta:msma:webmail:imta -v -m -i /opt/java05Q1/Mail/lib/config-
templates/config.ins /opt/java05Q1/Mail/lib/config-templates
/opt/java05Q1/Mail/lib/jars /opt/java05Q1/Mail/lib
===== Thu Apr 21 18:50:45 KST 2005 =====
Running /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta clbuild -
image_file=IMTA_COMMAND_DATA IMTA_BIN:pmdf.cld
===== Thu Apr 21 18:50:46 KST 2005 =====
Running /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta chbuild
===== Thu Apr 21 18:50:46 KST 2005 =====
Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/cfgdir23381 -c -
e /opt/java05Q1/Mail/config/cfgdir.ldif.rej -f /opt/java05Q1/Mail/config/cfgdir.
ldif
===== Thu Apr 21 18:50:46 KST 2005 =====
Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/usergroup.ldif.rej -f
/opt/java05Q1/Mail/config/usergroup.ldif
===== Thu Apr 21 18:50:46 KST 2005 =====
Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/dctree.ldif.rej -f /opt/java05Q1/Mail/config/dctree.
ldif
===== Thu Apr 21 18:50:46 KST 2005 =====
Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/mid_dctree.ldif.rej -f
/opt/java05Q1/Mail/config/mid_dctree.ldif
===== Thu Apr 21 18:50:47 KST 2005 =====
Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/last_dctree.ldif.rej -f
/opt/java05Q1/Mail/config/last_dctree.ldif
===== Thu Apr 21 18:50:47 KST 2005 =====
Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/pab.ldif.rej -f /opt/java05Q1/Mail/config/pab.ldif
===== Thu Apr 21 18:50:47 KST 2005 =====
Running /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta cnbuild
===== Thu Apr 21 18:50:47 KST 2005 =====
Running /bin/sh -c /bin/cp /opt/java05Q1/Mail/lib/config-
templates/madman_solaris.reg /etc/snmp/conf/ims.reg
===== Thu Apr 21 18:50:47 KST 2005 =====
Running /bin/sh -c /bin/cp /opt/java05Q1/Mail/lib/config-
templates/madman_solaris.acl /etc/snmp/conf/ims.acl
===== Thu Apr 21 18:50:47 KST 2005 =====
Running /bin/sh -c /usr/bin/crle
===== Thu Apr 21 18:50:47 KST 2005 =====
Running /bin/sh -c /usr/bin/crle -s /usr/lib/secure -s /opt/java05Q1/Mail/lib
===== Thu Apr 21 18:50:48 KST 2005 =====
Running /bin/sh -c /usr/bin/crle
===== Thu Apr 21 18:50:48 KST 2005 =====
Running /bin/sh -c /bin/cp -rpf /opt/java05Q1/Mail/lib/config-templates/html
/opt/java05Q1/Mail/config/
===== Thu Apr 21 18:50:57 KST 2005 =====
Running /bin/chown -Rh mailsrv /opt/java05Q1/Mail/config/html
===== Thu Apr 21 18:50:57 KST 2005 =====
Running /bin/chgrp -Rh mail /opt/java05Q1/Mail/config/html
===== Thu Apr 21 18:50:57 KST 2005 =====
Running /bin/sh -c /bin/cp -rpf /opt/java05Q1/Mail/config
/opt/java05Q1/Mail/install/configure_20050421184758
===== Thu Apr 21 18:51:08 KST 2005 =====
Running /bin/sh -c /bin/cp -p /opt/java05Q1/Mail/lib/config-templates/Devsetup.
properties /opt/java05Q1/Mail/install/configure_20050421184758/Devsetup.
properties
Sequence Completed
PASSED: /usr/sbin/groupadd mail : status = 9
PASSED: /usr/sbin/useradd -g mail -d / mailsrv : status = 0
PASSED: /usr/sbin/usermod -G mail mailsrv : status = 3
PASSED: /bin/rm -rf /opt/java05Q1/Mail/config /opt/java05Q1/Mail/data : status
= 0
PASSED: /bin/chmod 600 /opt/java05Q1/Mail/lib/config-templates/Devsetup.
properties : status = 0
FAILED: /opt/java05Q1/Mail/lib/devinstall -l schema1:sepadmsvr:pkgcfg:config:
msg:msg_en:imta:msma:webmail:imta -v -m -i /opt/java05Q1/Mail/lib/config-
templates/config.ins /opt/java05Q1/Mail/lib/config-templates
/opt/java05Q1/Mail/lib/jars /opt/java05Q1/Mail/lib : status = 1
PASSED: /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta clbuild -
image_file=IMTA_COMMAND_DATA IMTA_BIN:pmdf.cld : status = 0
PASSED: /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta chbuild : status = 0
FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/cfgdir23381 -c -
e /opt/java05Q1/Mail/config/cfgdir.ldif.rej -f /opt/java05Q1/Mail/config/cfgdir.
ldif : status = 89
FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/usergroup.ldif.rej -f
/opt/java05Q1/Mail/config/usergroup.ldif : status = 89
FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/dctree.ldif.rej -f /opt/java05Q1/Mail/config/dctree.
ldif : status = 89
FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/mid_dctree.ldif.rej -f
/opt/java05Q1/Mail/config/mid_dctree.ldif : status = 89
FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/last_dctree.ldif.rej -f
/opt/java05Q1/Mail/config/last_dctree.ldif : status = 89
FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
e /opt/java05Q1/Mail/config/pab.ldif.rej -f /opt/java05Q1/Mail/config/pab.ldif
: status = 89
PASSED: /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta cnbuild : status = 0
PASSED: /bin/sh -c /bin/cp /opt/java05Q1/Mail/lib/config-
templates/madman_solaris.reg /etc/snmp/conf/ims.reg : status = 0
PASSED: /bin/sh -c /bin/cp /opt/java05Q1/Mail/lib/config-
templates/madman_solaris.acl /etc/snmp/conf/ims.acl : status = 0
PASSED: /bin/sh -c /usr/bin/crle : status = 0
PASSED: /bin/sh -c /usr/bin/crle -s /usr/lib/secure -s /opt/java05Q1/Mail/lib :
status = 0
PASSED: /bin/sh -c /usr/bin/crle : status = 0
PASSED: /bin/sh -c /bin/cp -rpf /opt/java05Q1/Mail/lib/config-templates/html
/opt/java05Q1/Mail/config/ : status = 0
FAILED: /bin/chown -Rh mailsrv /opt/java05Q1/Mail/config/html : status = 1
FAILED: /bin/chgrp -Rh mail /opt/java05Q1/Mail/config/html : status = 1
PASSED: /bin/sh -c /bin/cp -rpf /opt/java05Q1/Mail/config
/opt/java05Q1/Mail/install/configure_20050421184758 : status = 0
PASSED: /bin/sh -c /bin/cp -p /opt/java05Q1/Mail/lib/config-templates/Devsetup.
properties /opt/java05Q1/Mail/install/configure_20050421184758/Devsetup.
properties : status = 0
FAILURE: Number of task failed:9. Please check install log
/opt/java05Q1/Mail/install/configure_20050421184758.log
for further details.
Hit NEXT to continue
Configuration Details:
Product Result More Information
1. Messaging Server Failed Available
2. Done
Enter the number corresponding to the desired selection for more
information, or enter 2 to continue [2] {"!" exits}:
================
Any Good ADVICE would be welcomed.I already did what you advised - installing admin server on each machine. I tested throught connecting admin console,modifying ldap,mail config and adding users.
To say about running 'comm_dssetup.pl' script , if I didn't I could not even setup and configure mail server.
In a month, there is a chance to setup both mail and ldap servers on diferrent machines.
I am a little bit worry. What did I wrong?
welcomed... any words of advice..
Maybe you are looking for
-
Handling of SOAP Faults in SOAP Clients consuming PI Web services
Hi there, the following is in regards to SOAP fault error handling in a SOAP client that consumes a Web Service published by PI. I have been reading a number of threads and blogs in regards to this topic and I am still left with some open questions w
-
Giving logical system name for PI 7.11 system
Hi, how can i give logical system name for PI 7.11? Thanks.
-
Hi all, The structure of my application is : - a flex client - a tomcat server - a mysql database I use hibernate to retrieve my objects from the database. I'm trying to have the flex client display images loaded at runtime from the database. Those i
-
SQL query: select billaddress if no delivery address exist.
hi sql expert, The Query shall filter all invoices by date, articles and show the delivery address. Problem: Not every customer has deposited a delivery address. In this case the billing address is to be taken. How can this be done ? This query SELEC
-
E71 Bar code scanner versus camera quality
So I just updated my E71 from an older firmware to the latest: 501.21.001 and it's a RM-357 (E71-2; 270.07). I've been playing around with it to see the changes and I noticed that when using the bar code scanner, the quality of the picture is incred