LDAP Roles and WAR

This might be a simple problem, but I'm new to this and want to verify this
concept. We are looking at using IPlanet Directory Server 5.0 (which has
Roles) as our LDAP server and Weblogic 6.0 as our Web/Application Server.
Our project consists of manuals (Web Applications consisting of JSPs and
HTMLs), some of which are restricted to a specific roles/groups. So if a
user tries to access a restricted manual, they are prompted for their
username/password, which will be authenticated and if that user is a member
of the proper role/group then they are granted access to the manual.
We are maintaining user accounts and roles/groups in LDAP. In the web.xml
file of the Web Application I can specify our LDAP Realm to authenticate the
user and I can restrict web-resources (manuals) to a specific roles.
Can I configure the web.xml/weblogic.xml files to validate that the user is
a member of the proper role/group? If so, how do I do it? It looks like I
can map a role name in the web.xml file to user names in the weblogic.xml
file, but there are alot of users in each group so I don't want to have to
do this for all the web applications.
This seems pretty common problem but I can't seem to find examples of this.
Thanks,
Jon

You have to write your own Custom Security Realm. Take a look at the
example RDBMSrealm and tailor it to use your LDAP Server.
[att1.html]

Similar Messages

Roles and .wars in WebLogic

 I have a .war file whose web.xml file defines a security role of LoggingRole. No
 matter what I do, I cannot successfully login and access the web-app. I am running
 on WebLogic 7.0 on Windows 2000.
 I tried going into the admin console and defining a role named LoggingRole then
 adding the Administrators group to it. Then I make sure there are some users in
 the Administrators group. Everytime I try to use those users to login, it fails.
 If I delete the secuirty constraints from the web-app it works fine. if I install
 the web-app on other servlet engines wit hthe security, it works. Any ideas?
 Here is the relevant snippet of the web.xml:
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>System Viewer</web-resource-name>
 <url-pattern>/menu2</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>LoggingRole</role-name>
 </auth-constraint>
 </security-constraint>
 <security-role>
 <role-name>LoggingRole</role-name>
 </security-role>
 Thanks,
 brian


 In WL6, normally you should have something like <security-role-assignment>
 <role-name>developer</role-name>
 <principal-name>developer</principal-name>
 <principal-name>customer</principal-name>
 </security-role-assignment>
 in your weblogic.xml. I never try this in WL7 and hope it will work.
 The alternative is, open your weblogic admin console, following the following
 steps: (Left pane) Deployment->Web Applications->YourWebApplication, then (right
 pane)Edit web application descriptors. On the next screen, (Left pane)Web AppExt->Security
 role assignment->.... If you don't have Web AppExt, you should be able to create
 one when you see this screen. After you assign tghe roles, click persistent and
 a new web.xml and a new weblogic.xml will be generated and you can use them for
 future use.
 "Brian Pipa" <[email protected]> wrote:
 >
 >I have a .war file whose web.xml file defines a security role of LoggingRole.
 >No
 >matter what I do, I cannot successfully login and access the web-app.
 >I am running
 >on WebLogic 7.0 on Windows 2000.
 >
 >I tried going into the admin console and defining a role named LoggingRole
 >then
 >adding the Administrators group to it. Then I make sure there are some
 >users in
 >the Administrators group. Everytime I try to use those users to login,
 >it fails.
 >If I delete the secuirty constraints from the web-app it works fine.
 >if I install
 >the web-app on other servlet engines wit hthe security, it works. Any
 >ideas?
 >
 >Here is the relevant snippet of the web.xml:
 > <security-constraint>
 > <web-resource-collection>
 > <web-resource-name>System Viewer</web-resource-name>
 > <url-pattern>/menu2</url-pattern>
 > </web-resource-collection>
 > <auth-constraint>
 > <role-name>LoggingRole</role-name>
 > </auth-constraint>
 > </security-constraint>
 >
 > <security-role>
 > <role-name>LoggingRole</role-name>
 > </security-role>
 >
 >Thanks,
 >brian

LDAP groups and WebLogic Roles - Urgent ( weblogic 6.1 sp1, iPLanet 5.1)

I have 2 questions and these are very urgent :-
1. Where the mapping can be defined between LDAP groups and WebLogic Roles. I have
2 groups in iPLanet :- Contarctors and employees and I have 2 security roles in weblogic:-
contractactors and employess. How do I map LDAP group contractors to weblogic security
Role contractors? Similarly for employees ?
2. I have not defined contarctors and employeees under People container in IPlanet.
e.g. The RDN for contractor is
uid=1234,ou=dir,dc=orams,dc=com
Can I still use the defualt security realm of weblogic (the WebLogic Security Realm
under People ) OR I have to write my own custom code ?
3. I am planning to use Roles insetad of groups to manage the logical grouping in
iPLant. Can I still use the groups in WebLogic security realm ( in the configuratin
parameters ?)
This is very urgent ....so if any of you can throw any hints that will be greatly
appreciated.
--Sunita

Hi Ariel,
The driver is bundled with the product in WLS 6.1sp1. you don't have to
download any additional driver. Use it as you normally would only thing to
remember is if you are trying to write standalone java code then you have to
have weblogic.jar in your classpath. For the rest of the info follow the wls
docs for 6.1
HTH
sree
"Ariel" <[email protected]> wrote in message
news:3bb4a643$[email protected]..
We want to connect our Weblogic 6.1 sp1 server to a SQLServer 2000 db. We
downloaded the JDriver from bea.com, but all the istructions that camewith
it are for WLserver 5.1.
What has to be done to do this with 6.1 sp1?
Thanks,
Ariel

Managing LDAP groups and roles through SUN IDM

Hi Guys,
We have a requirement to build the following functionality in our Sun IDM tool.
1.     Ability to create/manage Static LDAP group.
2.     Ability to create/manage filtered LDAP group.
3.     Ability to create/manage Static LDAP roles.
4.     Ability to create/manage filtered LDAP roles.
Can anyone let us know any pointers as to how to accomplish this or any ideas for the path to follow for this.
Any reply will be appreciated.

http://myidm.blogspot.com/2009/06/how-to-create-groups-in-ldap-or-active.html

LDAP Users and Groups

Hi,

I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:

com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.


It seems that this needs to be setup. How do I do this?


Some general notes on LDAP:

I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.

Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.

It would be interesting to read what Bea and other developer think about this.

Kind regards,

Kai


Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)

Mapping Roles to LDAP Roles

Hi all I come with a new problem!!
I have installed the following
Oracle Database XE
Weblogic
RCU
JDeveloper
SOA Suite
Everything is working fine however Im trying to map the roles I seeded to my SOA server into my application in Jdeveloper but it is not possible. Am I missing something? Do I have to install Webcenter and UCM?
I can perfectly see I have the groups and roles uploaded in the console however I cannot seem to map them to the lane roles in Jdeveloper.
Can any body give me some Ideas??
Regards!!
Edited by: 887976 on Oct 11, 2011 7:51 PM

Hi Yasmena,
Basically you can use the same configuration for an LDAP authentication server as an LDAP lookup servr - the differences are that one is used for authentication (which you are already doing by using AD SSO) and one is for mapping purposes. So, if you're having problems with the mapping portion, you can duplicate the LDAP server and mappings as an authentication server, and then use the Auth Test to see what you're being mapped to.
Thanks,
Lauren

Problems with roles and ldapgroups in IDM 8

Hello Guys,
I'm facing a problem. I have to put users in ldap groups and i using roles. I have create an IT role and a Business role.
I use the IT Role to add users in ldap groups through a rule and the business role to assign groups to a user. The business contains the IT Role.
Normally, when i put a list of two groups in the rule, i must have user put in the two groups and if i remove one of this group in the rule, user must be removed from the choosen group. Unfortunatly, the second scenario doesn't work. I always have the two. And i can't removed the users from all groups.
Is there something that i'm missing?
I'm using IDM 8.A patch 2 and Sun Directory Server 6.3.
The definition of my IT Role is :
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Role PUBLIC 'waveset.dtd' 'waveset.dtd'>
<Role authType='ITRole' name='My Groups'>
<ResetLimit count='0'>
 </ResetLimit>
<Services>
 <ObjectRef type='Resource' name='RESSOURCE LDAP'/>
</Services>
<ContainedRoles>
</ContainedRoles>
<RoleAttributes>
 <RoleAttribute name='My Groups:#ID#RESSOURCE LDAP:groups'>
 <Comment>Auto generated by Role Mes Groupes</Comment>
 <AttributeName>groups</AttributeName>
 <AttributeValueRef>
 <ObjectRef type='Rule' id='#ID#RuleListeUserGroups' name='Rule Liste User Groups'/>
 </AttributeValueRef>
 <Requirement>Authoritative merge with value, clear existing</Requirement>
 <ResourceRef>
 <ObjectRef type='Resource' id='#ID#RESSOURCE LDAP' name='RESSOURCE LDAP'/>
 </ResourceRef>
 </RoleAttribute>
</RoleAttributes>
<MemberObjectGroups>
 <ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
</MemberObjectGroups>
</Role>Thanks All!

i have it role mapped to ldap groups implemented successfully with the following...
1. Instead of a rule adding to groups, you should have a resource attribute mapping ... this is described in the ldap resource adapter references....
<AccountAttributeType id='101' name='ldapGroups' syntax='string' mapName='ldapGroups' mapType='string' multi='true' />2. Now have your IT ROLE to have the group population like the following
<RoleAttribute name='MYROLE:RESOURCE-NAME:ldapGroups'>
 <AttributeName>ldapGroups</AttributeName>
 <AttributeValueString>
 <List>
 <String>cn=Wirelessaccess,ou=Groups,dc=example,dc=com</String>
 </List>
 </AttributeValueString>
 <Requirement>Authoritative merge with value</Requirement>
 <ResourceRef>
 <ObjectRef type='Resource' name='RESOURCE-NAME'/>
 </ResourceRef>
 </RoleAttribute>

BPM11g-LDAP Roles

Hi All,
I am stuck with the following issue.
I am using Jdeveloper 11.1.1.3.0 for BPM 11g implementation on Sales Application.
I have Weblogic Server 10.3.3 Installed and configured the domain. Also the server is up and running.
In Jdeveloper from BPM Project Navigator I am using my Sales.bpmn process with complete flow, simulation
and implementation. When I open the Organization from BPM Project Navigator. In Organization my created roles
are Approvers, Business Practices, Contracts and Sales Rep. from the IDE connections I created my weblogic
application server connection and tested showing all the 9 connections successful.
In the Identity lookup I select the newly created My weblogic application server connection, which displays
the next Realm field as jazn.com which in the search pattern of lookup displays only weblogic and system user.
At this point I need the pre-seeded LDAP roles as (jcooper, cdickens, jstein, wfaulk and others) to be displayed
in the users list.
My query is how we use the pre-seeded roles in the LDAP of the Oracle Weblogic Server installed.
How do I add the pre-seeded roles in the LDAP of Oracle Weblogic Server ?
Awaiting quick response.
Regards
Ajaz Ahmed

Hi Ravi,
Thanks a lot for your suggestion. I was able to create the LDAP users as roles and could see them in jazn.com lookup.
I have another issue now. I successfully deployed my process, without any errors and warnings, Build was successful. Deployment was finished as
[05:08:56 PM] /workflow/EnterQuotUILab
[05:08:56 PM] /workflow/BusinessPracticesReviewUILab
[05:08:56 PM] /workflow/ApproveTermsUILab
[05:08:56 PM] /workflow/ApproveDealUILab
[05:08:56 PM] /workflow/FinalizeContractsUILab
[05:08:56 PM] Elapsed time for deployment: 1 minute, 56 seconds
[05:08:56 PM] ---- Deployment finished. ----
When I am logging in BPM workspace with URL as
http://localhost:7001/bpm/workspace
On the Upper left of the Applications Area, I can see the link as [QuoteProcessLab] RequestQuoteLab v1.0
when clicked on the just completed application I get the following error popped up as
Cannot create instance in process
'default/QuoteProcessLab!1.1*soa_80....b/RequestQuoteLab'.
Please correct me where I am wrong. How the Instance Process is created after successful deployment of application.
Please Advice.
Regards
Ajaz Ahmed

Provisioning LDAP roles from SIM

SIM Experts:
I am trying to provision LDAP roles from SIM into our local IPlanet/Sun DS LDAP instance.
When I created the resource in SIM, I noticed it didnt rope in the built in roles from our LDAP instance, just as it did LDAP groups.
I tried to circumvent this by :
1. Creating individual Role_<> attribute entries in the LDAP resource schema which in turn get mapped to 'nsRoleDN' from LDAP.
2. Create 'Roles' in SIM mapped to the LDAP resource and set attribute values for the 'Role_<>' attributes (added earlier to the schema mapping) like -
Role_auditor : cn=Auditor,dc=example,dc=com
The hitch with this approach is if I add multiple roles to the account (during creation), only the last role gets added .. in other words, I see only 1 'nsroleDN'' entry.
I do not know if this the right approach, but could someone suggest a better alternative, if there is one.
Thanks in advance,
apn.

Answered here: http://forum.java.sun.com/thread.jspa?threadID=5247269&tstart=30
... although, as indicated getRoles should return a list of Role names as well... If you create a variable in the workflow and populate it with this call... it should be a List. [item1,item2,item3] may just be the trace representation of a list.

LDAP user and group configuration in ADF application

Hi All,
I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
I am using JDeveloper 11.1.1.5.
Thanking you all in advance.
Mukesh.

I have below changes in files
1] In jps-config.xml
-- Added identity store and selected it from drop down in Security Context tab.
2] In weblogic-application.xml
In Security tab --> Role assignment mapped valid-users to principle name.
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>DERDev</principal-name>
</security-role-assignment>
</security>
3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
4] Added security role "DERDev" along with the default/automatically added role "valid users"
<security-role>
<role-name>DERDev</role-name>
</security-role>
Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
Mukesh

Server Manager error 0x80070422 - Roles and features are not accesible

Hi
I cannot view Roles and Features in Server Manager on my Server 2008 R2 box. The error is:
Unexpected error refreshing Server Manager: The service cannot be started, either because it is disbaled or because it has no enabled devices assicaited with it (Exception from HResult: 0x80070422)
I have looked at my services - but don't know what service to look for, everything seems to be in order.
After some investigation on the net, I understood that I need to setup the win readiness tool, I did and the output in CheckSur file is as follows
=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 12.0
2011-05-31 19:02
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
(f) CBS MUM Corrupt 0x00000000 servicing\Packages\Package_for_KB2296199_RTM~31bf3856ad364e35~amd64~~6.1.1.1.mum Expected file name Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum does not match the actual
file name
(fix) CBS MUM Corrupt CBS File Replaced Package_for_KB2296199_RTM~31bf3856ad364e35~amd64~~6.1.1.1.mum from Cabinet: C:\Windows\CheckSur\v1.0\windows6.1-servicing-x64-apr29.cab.
(fix) CBS Paired File CBS File also Replaced Package_for_KB2296199_RTM~31bf3856ad364e35~amd64~~6.1.1.1.cat from Cabinet: C:\Windows\CheckSur\v1.0\windows6.1-servicing-x64-apr29.cab.
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 4058
Found 1 errors
Fixed 1 errors
CBS MUM Corrupt Total count: 1
Fixed: CBS MUM Corrupt. Total count: 1
Fixed: CBS Paired File. Total count: 1
Here again, it seems that everything is fine.
Thanks in advance for your help

Hi,
Please try to install Windows Server 2008 R2 Service Pack 1 directly and check the result. Service Pack 1 for Windows Server 2008 R2 includes all the
previous released Windows Updates and hotfixes.
If it does not work, you will need to copy these files from another working Windows Server 2008 R2 system to replace the corrupt ones.
Otherwise, you will need to perform an In-Place upgrade to repair the system.
Regards,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

How to create a report of users in ucm about their roles and permission

Hi All ,
I need to create a report and it should contain all the users in ucm as well as their roles and permissions. Basically the report would be for the admin who can see all the users in a single report and can know about the roles and access of each and every users.
How to create such report ?? I have tried from web layuot editor but the default report template i.e stdUserReport in user datasource does not contain more than three fields..Is there any method to get such kind of report???
Please suggest!!

There was an example component to demonstrate this kind of function. Under Stellent in version 7.5
I do not know if they hand it out anymore but it is not on the standard samples page for Oracle. You may want to open a Support SR to ask for it. It should still be around in their servers if they can get permission to hand it out as a sample again.
Sample CustomReports component to demonstrate how to create customized reports
CustomReportsBundle.zip
Date:     October 30, 2006
Sample Version:     version=2006_10_20 (build 1)
Product and Version:     Content Server
Sample Status:     This is a Stellent Sample. Stellent Samples are free and include non-supported add-ons, utilities, tutorials or programming examples. It may require additional configuration or security auditing for maximum effect. It is not supported by Stellent without a consulting engagement.

Problem with Roles and Triggers

I'm having a strange problem with Roles and Triggers in Oracle. It's a little difficult to describe, so bear with me...
I'm trying to create a trigger that inserts records into a table belonging to a different user/owner. Of course, the owner of this trigger needs rights to insert records into this other table. I find that if I add these rights directly to the owner of the trigger, everything works okay and the trigger compiles successfully.
However, if I first create a Role and grant the "insert" rights to it, and then assign this role to the owner of the trigger, the trigger does not compile successfully.
To illustrate this, here's an example script. I'm using Oracle 10g Release 2...
-- Clean up...
DROP TABLE TestUser.TrigTable;
DROP TABLE TestUser2.TestTable;
DROP ROLE TestRole;
DROP TRIGGER TestUser.TestTrigger;
DROP USER TestUser CASCADE;
DROP USER TestUser2 CASCADE;
-- Create Users...
CREATE USER TestUser IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
CREATE USER TestUser2 IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
CREATE TABLE TestUser.TrigTable (TestColumn VARCHAR2(40));
CREATE TABLE TestUser2.TestTable (TestColumn VARCHAR2(40));
-- Grant Insert rights on TestTable to TestRole...
CREATE ROLE TestRole NOT IDENTIFIED;
GRANT INSERT ON TestUser2.TestTable TO TestRole;
-- Add TestRole to TestUser. TestUser should now have rights to INSERT on TestTable
GRANT TestRole TO TestUser;
ALTER USER TestUser DEFAULT ROLE ALL;
-- Now, create the trigger. This compiles unsuccessfully...
CREATE TRIGGER TestUser.TestTrigger AFTER INSERT ON TestUser.TrigTable
BEGIN
INSERT INTO TestUser2.TestTable (TestColumn) VALUES ('Test');
END;
When I do a "SHOW ERRORS;" after this, I get:
SQL> show errors;
Errors for TRIGGER TESTUSER.TESTTRIGGER:
LINE/COL ERROR
2/3 PL/SQL: SQL Statement ignored
2/25 PL/SQL: ORA-00942: table or view does not exist
SQL>
As I said above, if I just add the Insert rights directly to TestUser, the trigger compiles perfectly. Does anyone know why this is happening?
Thanks!
Adrian

Hi Raghu,
If the insert rights exist only on TestRole, and TestRole is assigned to TestUser, I can do the INSERT statement you suggest with no problems if I just execute it from SQLPlus (logged in as TestUser).
The question is, why does the same INSERT fail when it's inside the trigger?

BI Publisher - SuperUser not able to acces Roles and Permission Page

I have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
But
1. SuperUser is not able to access Roles and Permission.
2. I'm not able to access the BI Answers Catalog.
I also have a doubt about the BI Server Admin. Is it the RPD Admin?
Kindly Help

I have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
But
1. SuperUser is not able to access Roles and Permission.
2. I'm not able to access the BI Answers Catalog.
I also have a doubt about the BI Server Admin. Is it the RPD Admin?
Kindly Help

EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

Hello everyone,
Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
Here's what happens:
1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
http://discussions.apple.com/thread.jspa?messageID=5967023
http://discussions.apple.com/message.jspa?messageID=5982070
these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
Thanks,
Andrew

Hard to tell what is happening without looking at the application
source, knowing what OS & hardware you're using etc. You might want to
try running with different JVM versions to see if it's actually the VM
that is the problem. If you have a support contract with BEA you could
ask support to help you diagnose this.
Regards,
/Helena
Ayub Khan wrote:
I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
seems to happen on loading the machine..the performance progressively gets worse
and after a couple of seconds, all the threads stop responding. I checked the
heap, cpu and the idle threads in the execute queue and there is nothing there
to trigger alarms...there are quite a few idle threads still and the heap and
the cpu utilization seem OK. On doing a thread dump, Is see that all the other
threads seem to be in a state where they are waiting for data from LDAP and it
is basically read only data that they are waiting on.
Does anyone know what it is going on and help point me in the right direction.
-Ayub

LDAP Roles and WAR

Similar Messages

Maybe you are looking for