LDAP Password Aging and JNDI
Does any one know how to read the Password Aging info from SunOne Directory server using JNDI? I need the password expiration details to be very specific.
Never used JNDI before but you can read from standard command line as follows ....
/usr/bin/ldapsearch -h ldaphost -D "cn=Directory Manager" -w shroot -b "cn=proxyagent,ou=profile,dc=marconi,dc=dddd,dc=eeee,dc=com" "objectclass=*" createtimestamp
/usr/bin/ldapsearch -h ldaphost -D "cn=Directory Manager" -w shroot -b "cn=proxyagent,ou=profile,dc=marconi,dc=dddd,dc=eeee,dc=com" "objectclass=*" passwordexpirationtime
/usr/bin/ldapsearch -h ldaphost -D "cn=Directory Manager" -w shroot -b "cn=proxyagent,ou=profile,dc=marconi,dc=dddd,dc=eeee,dc=com" "objectclass=*" pwdchangedtime
Similar Messages
-
SCCM 2012 Password Age and if not set to Expire
Hi,
I browsed the Resource Explorer in SCCM 2012, and found that it shows the Age a person last changed their passwords.
Can anyone assist me on how to get that data out of SCCM 2012?
Kind RegardsIf you are talking about reports, First you need to configure sccm to collect that attribute from AD in the
ad user discovery properties on Active directory Attributes tab. After the successful collection of those attributes you can query against "v_R_User" view and extract the information.
Adding the attribute Pwd-Last-Set and msds-UserPasswordExpiryTime0 to user inventory would be of some help.
Delphin -
dear all
Netscape LDAP API's and JNDI are also the interface to directory server from programming. What is the different to them? and what is the advantage of each? Could you please give me a brief?
thanks
yanIf you are trying to decide which to use in writing an application, I would go with JNDI. Your code will be more portable and not Netscape Directory specific. A co-worker of mine worked with the Netscape LDAP API and thought it was a pain.
I have used JNDI with our Netscape LDAP directory and it works great, plus there's a really good JNDI tutorial available at:
http://java.sun.com/products/jndi/tutorial/index.html -
Change (or add) a password to Active Directory with Java and JNDI
I've create a new account in LDAP with attributs, It's ok. But a can't initialize the password, i've tryed some samples without result.
Maybe it's a SSL problem (i don't know why, i read it somewhere).
my code :
import java.util.*;
import java.io.*;
import java.net.*;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
public class addUser {
private static final String UNICODE = "Unicode";
private static final String UNICODE_PASSWORD = "unicodePwd";
public addUser() {}
private Hashtable env;
private DirContext ctx;
private void _initialize()
String jndiURL = "ldap://DOMAINSRV:389/";
String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
String authenticationMode = "simple";
String contextReferral = "ignore";
String principal = "[email protected]";
String credentials = "oce";
env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
env.put(Context.PROVIDER_URL, jndiURL);
env.put(Context.SECURITY_AUTHENTICATION, authenticationMode);
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, credentials);
env.put(Context.REFERRAL, contextReferral);
public boolean createUser()
try
ctx = new InitialDirContext(env);
ctx.destroySubcontext("cn=FBXX,cn=users,DC=gedeon,DC=fr");
BasicAttributes attrs = new BasicAttributes();
BasicAttribute ocs = new BasicAttribute("objectclass");
ocs.add("user");
attrs.put(ocs);
BasicAttribute sa = new BasicAttribute("sAMAccountName", "FBXX");
attrs.put(sa);
BasicAttribute na = new BasicAttribute("name", "FRANCOIS BERTOUX");
attrs.put(na);
BasicAttribute sn = new BasicAttribute("sn", "BERT");
attrs.put(sn);
BasicAttribute up = new BasicAttribute("userPrincipalName", "[email protected]");
attrs.put(up);
BasicAttribute ua = new BasicAttribute("userAccountControl", "512");
attrs.put(ua);
BasicAttribute dn = new BasicAttribute("displayName", "FRA BERT");
attrs.put(dn);
BasicAttribute gn = new BasicAttribute("givenName", "FRA");
attrs.put(gn);
BasicAttribute des = new BasicAttribute("description", "CECI EST MON TEST");
attrs.put(des);
BasicAttribute cp = new BasicAttribute("codePage", "0");
attrs.put(cp);
BasicAttribute cc = new BasicAttribute("countryCode", "0");
attrs.put(cc);
BasicAttribute it = new BasicAttribute("instanceType", "4");
attrs.put(it);
ctx.createSubcontext("cn=FBXX,cn=users,DC=gedeon,DC=fr", attrs);
changePassword ("cn=FBXX,cn=users,DC=gedeon,DC=fr", "TOTO" , "FBX");
ctx.close();
catch (NameAlreadyBoundException nex)
System.out.println("User ID is already in use, please select a different user ID ...");
catch (Exception ex)
System.out.println("Failed to create user account... Please verify the user information...");
ex.printStackTrace();
return true;
public final void changePassword(
String argRDN,
String argOldPassword,
String argNewPassword)
throws NamingException
ModificationItem modificationItem[] = new ModificationItem[2];
try
modificationItem[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,new BasicAttribute("unicodePwd",(byte[])this.encodePassword(argOldPassword)));
modificationItem[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE,new BasicAttribute("unicodePwd",(byte[])this.encodePassword(argNewPassword)));
catch (UnsupportedEncodingException e1)
System.out.println("changePassword(String argOldPassword, String argNewPassword)" +
"Passwordchange failed: " + e1.toString());
throw new RuntimeException(e1.toString());
try
ctx.modifyAttributes(argRDN, modificationItem);
catch (NamingException e1)
System.out.println(
"changePassword(String argOldPassword, String argNewPassword)" +
"Passwordchange failed : " + e1.toString());
throw e1;
private byte[] encodePassword(String pass) throws UnsupportedEncodingException
final String ATT_ENCODING = "Unicode";
// Agree with MS's ATTRIBUTE_CONSTRAINT
String pwd = "\"" + pass +"\"";
byte bytes[] = pwd.getBytes(ATTENCODING);
// strip unicode marker
byte bytes[] = new byte [_bytes.length - 2];
System.arraycopy(_bytes, 2, bytes, 0,_bytes.length - 2);
return bytes;
public static void main(String[] args)
addUser testUser = new addUser();
testUser._initialize();
testUser.createUser();
And the result is :
changePassword(String argOldPassword, String argNewPassword)Passwordchange failed : javax.naming.OperationNotSupportedException: [LDAP: erro
r code 53 - 00002077: SvcErr: DSID-03190ADF, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=FBXX,cn=users,DC=gedeon,DC=fr'
Failed to create user account... Please verify the user information...
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190ADF, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=FBXX,cn=users,DC=gedeon,DC=fr'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2804)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2677)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2483)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1285)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:253)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:170)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:159)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:144)
at addUser.changePassword(addUser.java:129)
at addUser.createUser(addUser.java:92)
at addUser.main(addUser.java:167)
And with "userPassword" no error but no change.
Please, help.
ThanksHello!
I have a new variant of the set password problem, and as i did not get any longer with a big running application i wrote a small standalone program to connect to an Active Directory server, and, hm, it works! I can login with a account which has administrator priveledges, i can set passwords, works fine, unless, and now it gets a little bit curious, unless i change the VM.
Everything works fine with a jdk 1.5.0_07, but if i switch over to the fine new 1.6.0_16, the login works still but the change of a password leads to a not so fine javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0.
As i use the same cacerts file, i do not really understand what is failing here, anyone who has an idea? -
Passing a login and password while using JNDI for RT jobs
Why can we not pass a user name and password when using JNDI for Real Time jobs? Can it be passed in the URL line or somewhere else that I'm missing? This is frustrating as we actually have to connect using Anonymous with no password which opens up so many security holes that we simply can't go to production with this. Please advise.
you can set the login using the JNDI properties file and create the file in the classpath, but again the password will be in plain text
please file a case with Support I think this can be added to JMS adapter operation (user credentials) -
Enhanced login security and password ageing in SAP R3 Enterprise 110
Hi,
today we will activate "Enhanced login security and password ageing" on our R3 (SAP R3 Enterprise 110) development environment.
new parameters
Enhanced login security and password ageing
login/min_password_lng = 8
login/password_expiration_time = 365
login/min_password_diff = 2
login/min_password_letters = 1
login/min_password_digits = 1
anyone any expirience on possible problems which can occur after activating these new settings.
Many thanks in advance
Patrick Van VlerkenNo... this should do what it sais in the tin.
Read,
http://www.*********************/password_sap.htm
Regards
Juan -
LDAP Password Error in Publisher for CUCM and Unity Connection
HI all,
We recently virtualized all our unified communications and I'm having an odd issue with LDAP Directory configuration.
When attempting to do an Ldap synch from the publisher in either CUCM OR CUC I get the following error:
Ldap Password::
- Passwords do not match
If I try to do a synch through the subscriber, directory will synch with no issues. If I redo the password and the confirm password and immediately synch without first saving,it works, but if I Save before re-synching, I get the above error.
Current Versions:
CUCM: 8.6.2.22900-9
CUC: 8.6.2ES44.22900-44
Anyone have any ideas?Have you taken a look at the docwiki about spec based hardware of unified communications?
http://docwiki.cisco.com/wiki/UC_Virtualization_Supported_Hardware#Processors_.2F_CPUs -
How to use DS 5.2 to create LDAP user ID and password to Login to Sun ONE I
Hi all,
I have just install Sun One Web server 6.1, Sun One Directory 5.2 and Sun One Instant Messaging 6.1 together on Win2K advance server. And I have successful launch Sun� ONE Instant Messenger.
But I can not know, how to create LDAP user ID and password to Login to Sun ONE Instant Messenger???
Could anyone help me to solve this problem?
I'm looking forward to receive your reply soon.
ThanksHi Tuo,
I think you better ask this in the forum where the ACS experts are, since this does not seem to be a problem on the ASA side.
hth
Herbert -
Problem with OpenLDAP and JNDI
I'm having problem working with OpenLDAP and JNDI.
First I have changed LDAP's slapd.conf file:
suffix "dc=antipodes,dc=com"
rootdn cn=Manager,dc=antipodes,dc=com
directory "C:/Program Files/OpenLDAP/data"
rootpw secret
schemacheck offthan i used code below, to create root context:
package test;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.*;
import java.util.*;
public class MakeRoot {
final static String ldapServerName = "localhost";
final static String rootdn = "cn=Manager,dc=antipodes,dc=com";
final static String rootpass = "secret";
final static String rootContext = "dc=antipodes,dc=com";
public static void main( String[] args ) {
// set up environment to access the server
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
try {
// obtain initial directory context using the environment
DirContext ctx = new InitialDirContext( env );
// now, create the root context, which is just a subcontext
// of this initial directory context.
ctx.createSubcontext( rootContext );
} catch ( NameAlreadyBoundException nabe ) {
System.err.println( rootContext + " has already been bound!" );
} catch ( Exception e ) {
System.err.println( e );
}this worked fine, I could see that by using "LDAP Browser/Editor".
and then I tried to create group with code:
package test;
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;
public class MakeGroup
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String ldapURL = "ldap://127.0.0.1:389";
String groupName = "CN=Evolution,OU=Research,DC=antipodes,DC=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new group
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass","group");
attrs.put("samAccountName","Evolution");
attrs.put("cn","Evolution");
attrs.put("description","Evolutionary Theorists");
//group types from IAds.h
int ADS_GROUP_TYPE_GLOBAL_GROUP = 0x0002;
int ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 0x0004;
int ADS_GROUP_TYPE_LOCAL_GROUP = 0x0004;
int ADS_GROUP_TYPE_UNIVERSAL_GROUP = 0x0008;
int ADS_GROUP_TYPE_SECURITY_ENABLED = 0x80000000;
attrs.put("groupType",Integer.toString(ADS_GROUP_TYPE_UNIVERSAL_GROUP + ADS_GROUP_TYPE_SECURITY_ENABLED));
// Create the context
Context result = ctx.createSubcontext(groupName, attrs);
System.out.println("Created group: " + groupName);
ctx.close();
catch (NamingException e) {
System.err.println("Problem creating group: " + e);
}got the error code: Problem creating group: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - groupType: attribute type undefined]; remaining name 'CN=Evolution,OU=Research,DC=antipodes,DC=com'
I tried by creating organizational unit "ou=Research" from "LDAP Browser/Editor", and then running the same code -> same error.
also I have tried code for adding users:
package test;
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import javax.net.ssl.*;
import java.io.*;
public class MakeUser
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String userName = "cn=Albert Einstein,ou=Research,dc=antipodes,dc=com";
String groupName = "cn=All Research,ou=Research,dc=antipodes,dc=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:389");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
//These are the mandatory attributes for a user object
//Note that Win2K3 will automagically create a random
//samAccountName if it is not present. (Win2K does not)
attrs.put("objectClass","user");
attrs.put("samAccountName","AlbertE");
attrs.put("cn","Albert Einstein");
//These are some optional (but useful) attributes
attrs.put("giveName","Albert");
attrs.put("sn","Einstein");
attrs.put("displayName","Albert Einstein");
attrs.put("description","Research Scientist");
attrs.put("userPrincipalName","[email protected]");
attrs.put("mail","[email protected]");
attrs.put("telephoneNumber","999 123 4567");
//some useful constants from lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
//Note that you need to create the user object before you can
//set the password. Therefore as the user is created with no
//password, user AccountControl must be set to the following
//otherwise the Win2K3 password filter will return error 53
//unwilling to perform.
attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Created disabled account for: " + userName);
//now that we've created the user object, we can set the
//password and change the userAccountControl
//and because password can only be set using SSL/TLS
//lets use StartTLS
StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
tls.negotiate();
//set password is a ldap modfy operation
//and we'll update the userAccountControl
//enabling the acount and force the user to update ther password
//the first time they login
ModificationItem[] mods = new ModificationItem[2];
//Replace the "unicdodePwd" attribute with a new value
//Password must be both Unicode and a quoted string
String newQuotedPassword = "\"Password2000\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
//now add the user to a group.
try {
ModificationItem member[] = new ModificationItem[1];
member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName));
ctx.modifyAttributes(groupName,member);
System.out.println("Added user to group: " + groupName);
catch (NamingException e) {
System.err.println("Problem adding user to group: " + e);
//Could have put tls.close() prior to the group modification
//but it seems to screw up the connection or context ?
tls.close();
ctx.close();
System.out.println("Successfully created User: " + userName);
catch (NamingException e) {
System.err.println("Problem creating object: " + e);
catch (IOException e) {
System.err.println("Problem creating object: " + e); }
}same error.
I haven't done any chages to any schema manually.
I know I'm missing something crucial but have no idea what. I have tried many other code from tutorials from net, but they are all very similar and throwing the same error I showed above.
thanks in advance for help.I've solved this.
The problem was that all codes were using classes from Microsoft Active Directory, and they are not supported in OpenLDAP (microsoft.schema in OpenLDAP is just for info). Due to this some fields are not the same in equivalent classes ("user" and "person").
so partial code for creating user in root would be:
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import javax.net.ssl.*;
import java.io.*;
public class MakeUser
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String userName = "cn=Albert Einstein,ou=newgroup,dc=antipodes,dc=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:389");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass","user");
attrs.put("cn","Albert Einstein");
attrs.put("userPassword","Nale");
attrs.put("sn","Einstein");
attrs.put("description","Research Scientist");
attrs.put("telephoneNumber","999 123 4567");
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Successfully created User: " + userName);
catch (NamingException e) {
System.err.println("Problem creating object: " + e);
}hope this will help anyone. -
Embedded LDAP password issue in Weblogic 7
Is this normal? Seems odd to me...
After installing weblogic 7 using the wizard and giving a new password other than "weblogic" for the "weblogic" user, and after using boot.properties to get an encrypted version, the embedded LDAP servers for both admin and managed servers do not seem to have the new password.
If I try to use JNDI to get a JMX MBean Home on the managed server, I get an exception saying I have the wrong password for "weblogic".
After using the admin console to change the password to the value it supposedly already has, the embedded LDAP servers for both the admin and consumer have a new (encrypted but presumably correct) password but the JNDI call still fails.
After undeploying and redeploying the relevant web application the JNDI call succeeds.
Killing and restarting the admin and managed servers does not seem to be relevant. Setting the read replica on startup flag doesn't seem to help. This is mostly on testing on the petstore example. This may be relevant since at some point BEA changed the user/password for it to "weblogic/weblogic"
QUESTIONS:
Does anybody understand why this is happening?
Any ideas for fixes that avoid bouncing and redeployment?
---Paul ONever mind...
I think I have solved this with the help of an LDAP browser and a custom JNDI/JMX password tester.
One problem that threw me off was that changes that were thought to be happening in testing were not really "taking"
due to precompilation of JSPs. I had thought that redeploying made the correct password "take" but actually it was helping changes in the code to take effect. Another problem that I believe but have yet to verify contributed to the confusion and a related failure to log is that once a user is rejected repeatedly, Weblogic locks the account for a half hour by default.
The bottom line is it really pays to use instruments that tell you what the actual state of affairs is as conjectures are often wrong for unexpected reasons.
---Paul O
Paul O'Rorke wrote:
Is this normal? Seems odd to me...
After installing weblogic 7 using the wizard and giving a new password
other than "weblogic" for the "weblogic" user, and after using
boot.properties to get an encrypted version, the embedded LDAP servers
for both admin and managed servers do not seem to have the new password.
If I try to use JNDI to get a JMX MBean Home on the managed server, I
get an exception saying I have the wrong password for "weblogic".
After using the admin console to change the password to the value it
supposedly already has, the embedded LDAP servers for both the admin and
consumer have a new (encrypted but presumably correct) password but the
JNDI call still fails.
After undeploying and redeploying the relevant web application the JNDI
call succeeds.
Killing and restarting the admin and managed servers does not seem to be
relevant. Setting the read replica on startup flag doesn't seem to
help. This is mostly on testing on the petstore example. This may be
relevant since at some point BEA changed the user/password for it to
"weblogic/weblogic"
QUESTIONS:
Does anybody understand why this is happening?
Any ideas for fixes that avoid bouncing and redeployment?
---Paul O -
Problem with creating Connection pool and JNDI, driver is not detected
Hi,
I have an issue with creating Connection Pool and JNDI.
I'm using:
- JDK 1.6
- OS: Linux(ubuntu 8.10)
- Netbeans IDE 6.5.1
- Java EE 5.0
- Apache Tomcat 6.0.18 Its lib directory contains all necessary jar files for Oracle database driver
- Oracle 11g Enterprise
My problem is that the Oracle database driver is not detected when I want to create a pool (it works pretty well and is detected without any problem when I create ordinary connection by DriverManager)
Therefore after running:
InitialContext ic = new InitialContext();
Context context = (Context)ic.lookup("java:comp/env");
DataSource dataSource = (DataSource)context.lookup("jdbc/oracle11g");
Connection connection = dataSource.getConnection();and right after dataSource.getConnection() I have the following exception:
org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'oracle.jdbc.OracleDriver'
at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1136)
at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880)
at servlets.Servlet1.doPost(Servlet1.java:47)
at servlets.Servlet1.doGet(Servlet1.java:29)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.ClassNotFoundException: oracle.jdbc.OracleDriver
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at sun.misc.Launcher$ExtClassLoader.findClass(Launcher.java:229)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:169)
at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1130)
... 17 more
My application context file (context.xml) is:
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/WebApplication3">
<Resource auth="Container"
driverClassName="oracle.jdbc.OracleDriver"
maxActive="8"
maxIdle="4"
name="jdbc/oracle11g"
username="scott"
password="tiger"
type="javax.sql.DataSource"
url="jdbc:oracle:thin:@localhost:1521:database01" />
</Context>and my web.xml is:
<resource-ref>
<description>Oracle Datasource example</description>
<res-ref-name>jdbc/oracle11g</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
...I found similar threads in different forums including sun, such as
http://forums.sun.com/thread.jspa?threadID=567630&start=0&tstart=0
http://forums.sun.com/thread.jspa?threadID=639243&tstart=0
http://forums.sun.com/thread.jspa?threadID=5312178&tstart=0
, but no solution.
As many suggest, I also tried to put context directly in the server.xml (instead of my application context) and referencing it by <ResourceLink /> inside my application context but it didn't work and instead it gave me the following message:
org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create JDBC driver of class ' ' for connect URL 'null'
Has anyone succeeded in creating a connection pool with JNDI by using Tomcat 6 or higher ? If yes, could kindly explain about the applied method.
Regards,Hello again,
Finally I managed to run my application also with Tomcat 6.0.18. There was only two lines that had to be modified
in the context.xml file (the context of my application project and not server's)
Instead of writing
<Context antiJARLocking="true" path="/WebApplication2">
type="javax.sql.DataSource"
factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
</Context>we had to write:
<Context antiJARLocking="true" path="/WebApplication2">
type="oracle.jdbc.pool.OracleDataSource"
factory="oracle.jdbc.pool.OracleDataSourceFactory"
</Context>- No modification was needed to be done at server level (niether server.xml nor server context.xml)
- I just added the ojdbc6.jar in $CATALINA_HOME/lib (I didn't even need to add it in WEB-INF/lib of my project)
- The servlet used to do the test was the same that I presented in my precedent post.
For those who have encountered my problem and are interested in the format of the web.xml and context.xml
with Tomcat 6.0, you can find them below:
Oracle server: Oracle 11g Enterprise
Tomcat server version: 6.0.18
Oracle driver: ojdbc.jar
IDE: Netbeans 6.5.1
The context.xml file of the web application
<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/WebApplication2">
<Resource name="jdbc/oracle11g"
type="oracle.jdbc.pool.OracleDataSource"
factory="oracle.jdbc.pool.OracleDataSourceFactory"
url="jdbc:oracle:thin:@localhost:1521:database01"
driverClassName="oracle.jdbc.OracleDriver"
userName="scott"
password="tiger"
auth="Container"
maxActive="100"
maxIdle="30"
maxWait="10000"
logAbandoned="true"
removeAbandoned="true"
removeAbandonedTimeout="60" />
</Context>The web.xml of my web application
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<resource-ref>
<description>Oracle Database 11g DataSource</description>
<res-type>oracle.jdbc.pool.OracleDataSource</res-type>
<res-auth>Container</res-auth>
<res-ref-name>jdbc/oracle11g</res-ref-name>
</resource-ref>
<servlet>
<servlet-name>Servlet1</servlet-name>
<servlet-class>servlets.Servlet1</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet1</servlet-name>
<url-pattern>/Servlet1</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>Ok, now I'm happy as the original problem is completely solved
Regards -
Password aging on individual accounts
Hi,
I have password aging enabled on this server. The MAXWEEKS is set to 13. After an audit, the MAXWEEKS has to be set to 12. If I do that, will all users currently at 91 days go to 84, or do I have to alter each one individually as well? Like if I change the /etc/default/passwd, will that only take effect for new users (which I suspect is the case)? How can I set each current userid from 91 days to 84? Also there are some IDs with no password again enabled. How can I enable it for a single userid?
Thank you,
S.Changes to /etc/default/passwd file do not update existing fields in the /etc/shadow file.
The passwd command has some options that allow you to set these values. The following will change a user's max to 91:
# passwd -x 91 <login>
Now all you need is a script to loop through each user account and make the change. For ksh it would lool like this:
for username in `awk -F: 'print{ $1}' /etc/shadow`
do
passwd -x 91 $username
doneYou probably ought to test this first, though, and make sure you'll get the results you need. -
Problem in Synchronizing LDAP Password
I have done every step as described in idm doc to synchronize LDAP password to IdM, but I encountered a problem when activeSync is fetching the idmpasswd attribute value from LDAP.
In my activeSync log I have the message below:
2006-05-29T10:12:05.209+0200: Entry skipped because object class not in "Object Classes to Synchronize" list.
I have already added idmpasswd and userPassword attributes in 'Attributes to synchronize' list. idmpasswd is an operational attribute so it doesn't really need to be in the 'Object Classes to Synchronize' list.
So I really wonder I am missing here!?The problem stated above is solved now. ActiveSync now can detect the the password change on LDAP.
But I am stuck with another problem. I can't see how to retrieve the password. The attribute activeSync.password returns null in the activeSync form.
Where exactly is the decypted password stored? Is there any other special configuration I am missing? -
Password aging with ACS + UCP in a wireless network.
Hello
We want to use ACS in our wireless network, but we would like to allow users to change their own passwords, so we want to use UCP.
Additionally, we want to force them to change their passwords after a period of time or number of logins.
Is it possible to use password aging based on time or number of connections when users connect through UCP web interface?
Also, does using UCP requiere some kind of additional license/payment?
Thanks.Juilo,
No the UCP sample scripts have to run on a seperate ACS server and you have to enable the ucp intefaces through the cli to accept the UCP requests from the other server.
Here is a link that will help you.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_config.html#wp1105672
Tarik Admani
*Please rate helpful posts* -
Password Aging & Account Lockout in ACS 4.2
I have a requirement that in ACS the user accounts should get disabled after 1 day , so in the group setting under the Password Aging Field I configured the same as 1 day , the Grace & Warning Period is 0 days
I want that all these user accounts would be active for 30 days , and the moment the account is used (i.e the Start Message appears in the Radius Accounting ) then after 1 day from the usage then as per the Password Aging Rule the account should get expired.
Now my query is this password aging rule will start from the day I create the account in the ACS or from the day the user logs in.
I don’t want to use the Account Lockout Tab as I don’t know when the guest account would be used.
Request someone to help pls clarify my doubt.
RegardsHi Yusuf,
Password Aging on ACS will just prompt to change the password. it will not disable the account.
The Account is present on the AD. So the Disabling and lockout features for an account will come from the AD.
I don't think a change in password for a guest account is what you would want to do.
Also according to me disabling the account should be a feature only for the AD admin and not open. A lockout can definately happen but that also has to be defined on the AD.
The link to password Aging on ACS is as follows:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/GrpMgt.html#wp525115
Hope this helps.
Regards,
Anisha
P.S.: please mark this string as answered if you feel the query is answered.
Maybe you are looking for
-
Adding Form pages via JS and templates. Stop text from copying to the new page
Hello Community, Over the past few days I've been getting a crash course in Adobe acrobat, and JavaScript. One of our clients asked us to make a PDF form with fillable fields, and a button that will make a new copy of the form. I have the text fields
-
Placing an Image in Dreamweaver CS6 and Mavericks
To place an image in a web page, I have always been able to drag the file (say jpeg) from the Macintosh Finder and drop it into the web page. I'm using Dreamweaver CS6 and it worked fine with Lion, but stopped working with Mavericks. Can anyone tel
-
Oracle Documaker 12.1.1 (12.1 Patch 01) was released in late December. Goto the Oracle Software Delivery Cloud (https://edelivery.oracle.com) and search for Insurance products. Or goto the Oracle Support site, login, select Patches & Updates, select
-
I recently re-installed WinXP, on a computer that had WinXP on it already. I am not a developer. Before re-installing the application worked fine. After, well I get this error after running this particular application. I used all of the same drivers
-
FCP Crashes when I Try to Log and Transfer
I just got a new iMac and installed a new copy of Final Cut Studio on it. I'm trying to transfer footage from my camera (Cannon Vixia HFM300) to Final Cut Pro via Log and Transfer. When I first tried, the thumbnails came up fine. I realized however t