LDAP SSL requirement and setup
Can someone point me the direction on setting up LDAP SSL in Apex 2.2?
Is there any documentation available? Thank you.
I have same request. Only information i could find was here: LDAP Authentication Failed
Similar Messages
-
Graphical Business Blueprinting : Technical Requirements and Setup
Dear All,
I am trying to use the Graphical Business Blueprint in Solution Manager 7.1
I followed the following steps in a bid to complete the product technical setup.
Installed the So-Co Add on using SAINT transaction. No special steps, just normal add-on installation.
Followed the steps in the setup guide for BPB (define logical ports, endpoints, services, aliases)
I am able to then load the http://hostname:port number/ebb/setup.asp web page to create a new workspace and thus create my own text file.
Then I install the BPBxxxx.exe client on my local machine, and am able to see my solution manager's name there, and log-in and validate my credentials.
However when I click on "open existing business blueprint ", it just stays as is, no dialog box nothing.
In my Solution Manager 7.1, there is 1 project , which has business processes dragged from the Business Process Repository (BPR). (This is a sandbox system, in an isolated environment, not connected to any other system, hence no logical components are defined et all. )
Now is there a trick I am missing to view the project defined in Solution Manager system?
Any help is greatly appreciated!
Cheers!Hi,
For me, the issue I faced was that the service user assigned to the logical port (LP_SOCO_SOLAR) did not have the authorisation role SAP_SOL_KW_ALL at time of creation of the logical port. Adding it to the service user later on made no difference.
I created the logical port LP_SOCO_SOLAR with a service user with the following authorisation roles and associated profiles:
/SOCO/FABRIC_ADMIN
/SOCO/FABRIC_USER
SAP_BC_WEBSERVICE_ADMIN
SAP_BC_WEBSERVICE_CONFIGURATOR
SAP_BC_WEBSERVICE_CONSUMER
SAP_SOL_KW_ALL
SAP_SOL_PROJ_ADMIN_ALL
SAP_SOLAR01_ALL
SAP_SOLAR02_ALL
I am now able to open the project list, access and edit the business blueprint for my implementation projects.
Hope this helps.
Kind regards,
Patrick -
EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility
Hello everyone,
Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
Here's what happens:
1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
http://discussions.apple.com/thread.jspa?messageID=5967023
http://discussions.apple.com/message.jspa?messageID=5982070
these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
Thanks,
AndrewHard to tell what is happening without looking at the application
source, knowing what OS & hardware you're using etc. You might want to
try running with different JVM versions to see if it's actually the VM
that is the problem. If you have a support contract with BEA you could
ask support to help you diagnose this.
Regards,
/Helena
Ayub Khan wrote:
I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
seems to happen on loading the machine..the performance progressively gets worse
and after a couple of seconds, all the threads stop responding. I checked the
heap, cpu and the idle threads in the execute queue and there is nothing there
to trigger alarms...there are quite a few idle threads still and the heap and
the cpu utilization seem OK. On doing a thread dump, Is see that all the other
threads seem to be in a state where they are waiting for data from LDAP and it
is basically read only data that they are waiting on.
Does anyone know what it is going on and help point me in the right direction.
-Ayub -
SolMan 7.1 setup: Activity Services aktivieren is required and must be perf
Hi experts,
I try to configure the new SolMan 7.1 and I am facing the following error in step "System preparation" => Post processing of central correction note:
Activity Services aktivieren is required and must be performed for SM1
I have implemented SAP note 0001552585 SAP Solution Manager: Basic functions 7.1 SP1
Existing Version in Solution Manager: 0027
I don't find any hint which services have to be activated. Any ideas?
Thanks and kind regards, Bastibd wrote:
All services are active except /sap/bc/webdynpro/sap/wd_ags_uda_display_sap_note (part of SM_IMPLEMENTATION). I cannot found this service in SICF. Has anybody faced a similar issue?
Thanks for highlighting this issue.
Web dynpro application wd_ags_uda_display_sap_note was removed in ST 710, but the activation of the services was not updated.
It's controlled via this table entry:
Table: ICFINSTACT
NAME SM_IMPLEMENTATION
APPL SV-SMG
COUNTER 17
PATH /sap/bc/webdynpro/sap/wd_ags_uda_display_sap_note
EXPAND
HOSTNUMBER 0
STATUS Service activated
CUSER SAP
CDATE 28.10.2009
CCLNT 200
DESCRIPTION WC Implementierung UDA: DISPLAY
INACTIVE
I have created customer message 2511076 2011 (not accessible for you) for easier follow-up. I will let you know, as soon as I have response from the development team.
In the meanwhile, please ignore the warning.
Thanks,
Ruediger -
Authorizations Required for Accessing WAD and setup an Active RFC
Hi All,
I an having problems for accessing WAD. It says 'You are not authorised to run WAD'. Does any one have idea of what authorizations are required to access WAD. I need to do the set up for information Broadcasting.
Also some help is need for setting up an active RFC server. Can any one specify what attributes are required to setup an active RFC Server.Hi,
will you be able to provide more specific information.... regarding it........
I need the information as I need to Broadcast a web template... -
Clientless SSL VPN and ActiveX question
Hey All,
First post for me here, so be gentle. I'll try to be as detailed as possible.
With the vast majority of my customers, I am able to configure an IPSEC L2L VPN, and narrow the traffic down to a very minimal set of ports. However, I have a customer that does not want to allow a L2L VPN tunnel between their remote site, and their NOC center. I thought this might be a good opportunity to get a clientless (they don't want to have to launch and log into a separate client) SSL VPN session setup. Ultimately, this will be 8 individual sites, so setting up SSL VPN's at each site would be cost prohibitive from a licensing perspective. My focus has been on using my 5510 (v8.2(5)) at my corp site as the centralized portal entrance, and creating bookmarks to each of the other respective sites, since I already have existing IPSEC VPN's via ASA5505, (same rev as the 5510 )setup with each of the sites.
First issue I've run into is that I can only access bookmarks that point to the external address for the remote web-server (the site has a static entry mapping an external address to the internal address of the web server). I am unable to browse (via bookmark) to the internal address of the remote web server. Through my browser at the office, I can access the internal address fine, just not through the SSL VPN portal. I am testing this external connectivity using a cell card to be able to simulate outside access. Is accessing the external IP address by design, or do I have something hosed?
Second issue I face is when I access the external address through the bookmark, I am ultimately able to log onto my remote website, and do normal browsing and javascript-type functions. I am not able to use controls that require my company's ActiveX controls (video, primarily). I did enable ActiveX relay, and that did allow the browser to start prompting me to install the controls as expected, but that still didn't allow the video stream through. The stream only runs at about 5 fps, so it's not an intense stream.
I have researched hairpinning for this situation, and "believe" that I have the NAT properly defined - even going as far as doing an ANY ANY, just for testing purposes to no avail. I do see a decent number of "no translates" from a show nat:
match ip inside any outside any
NAT exempt
translate_hits = 8915, untranslate_hits = 6574
access-list nonat extended permit ip any any log notifications
access-list nonat extended permit ip 192.168.17.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list nonat extended permit ip 192.168.16.32 255.255.255.224 192.168.2.0 255.255.255.0
access-list nonat extended permit ip 192.168.17.0 255.255.255.0 192.168.16.32 255.255.255.224
access-list nonat extended permit ip 192.168.16.32 255.255.255.224 192.168.17.0 255.255.255.0
access-list nonat extended permit ip 192.168.17.0 255.255.255.0 172.16.250.0 255.255.255.0
access-list nonat extended permit ip 192.168.16.32 255.255.255.224 172.16.250.0 255.255.255.0
access-list nonat extended permit ip 192.168.16.32 255.255.255.224 172.16.254.0 255.255.255.0
access-list nonat extended permit ip 192.168.17.0 255.255.255.0 172.16.254.0 255.255.255.0
access-list nonat extended permit ip 192.168.17.0 255.255.255.0 host A-172.16.9.34
access-list nonat extended permit ip 192.168.18.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list nonat extended permit ip 192.168.18.0 255.255.255.0 192.168.16.32 255.255.255.224
access-list nonat extended permit ip 192.168.18.0 255.255.255.0 192.168.17.0 255.255.255.0
access-list nonat extended permit ip 192.168.18.0 255.255.255.0 172.16.250.0 255.255.255.0
access-list nonat extended permit ip 192.168.18.0 255.255.255.0 172.16.254.0 255.255.255.0
access-list nonat extended permit ip 192.168.18.0 255.255.255.0 host A-172.16.9.34
access-list nonat extended permit ip 192.168.17.0 255.255.255.0 192.168.18.0 255.255.255.0
access-list nonat extended permit ip 192.168.16.32 255.255.255.224 192.168.18.0 255.255.255.0
access-list nonat extended permit ip 192.168.16.32 255.255.255.224 host 172.16.62.57
access-list nonat extended permit ip 192.168.17.0 255.255.255.0 host 172.16.62.57
access-list nonat extended permit ip 192.168.18.0 255.255.255.0 host 172.16.62.57
access-list nonat extended permit ip 192.168.17.0 255.255.255.0 172.16.8.0 255.255.254.0
access-list nonat extended permit ip 192.168.16.32 255.255.255.224 172.16.8.0 255.255.254.0
access-list D_Traffic extended permit ip 192.168.16.32 255.255.255.224 192.168.2.0 255.255.255.0
access-list D_Traffic extended permit ip 192.168.16.32 255.255.255.224 192.168.17.0 255.255.255.0
access-list D_Traffic extended permit ip 192.168.16.32 255.255.255.224 192.168.18.0 255.255.255.0
access-list D_Traffic extended permit ip 192.168.16.32 255.255.255.224 172.16.250.0 255.255.255.0
access-list D_Traffic extended permit ip 192.168.17.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list D_Traffic extended permit ip 192.168.17.0 255.255.255.0 192.168.16.32 255.255.255.224
access-list D_Traffic extended permit ip 192.168.17.0 255.255.255.0 192.168.18.0 255.255.255.0
access-list D_Traffic extended permit ip 192.168.18.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list D_Traffic extended permit ip 192.168.18.0 255.255.255.0 192.168.16.32 255.255.255.224
access-list D_Traffic extended permit ip 192.168.18.0 255.255.255.0 192.168.17.0 255.255.255.0
access-list D_Traffic extended permit ip 192.168.18.0 255.255.255.0 172.16.250.0 255.255.255.0
access-list D_Traffic extended permit ip 192.168.17.0 255.255.255.0 172.16.250.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.16.32 255.255.255.224 host A-172.16.9.34
access-list outside_1_cryptomap extended permit ip 192.168.17.0 255.255.255.0 host A-172.16.9.34
access-list outside_1_cryptomap extended permit ip 192.168.18.0 255.255.255.0 host A-172.16.9.34
access-list outside_1_cryptomap extended permit ip 192.168.16.32 255.255.255.224 host 172.16.62.57
access-list outside_1_cryptomap extended permit ip 192.168.17.0 255.255.255.0 host 172.16.62.57
access-list outside_1_cryptomap extended permit ip 192.168.18.0 255.255.255.0 host 172.16.62.57
access-list External_VPN extended permit ip 192.168.16.32 255.255.255.224 172.16.254.0 255.255.255.0
access-list External_VPN extended permit ip 192.168.17.0 255.255.255.0 172.16.254.0 255.255.255.0
access-list outside_in extended permit icmp any any log notifications
access-list outside_in extended permit tcp any any log notifications
pager lines 24
logging enable
logging asdm informational
logging ftp-server 192.168.16.34 / syslog *****
mtu inside 1500
mtu outside 1500
ip local pool Remote 172.16.254.1-172.16.254.25 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (inside) 1 interface
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 192.168.16.32 255.255.255.224
nat (inside) 1 192.168.17.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_in in interface outside
192.168.2.0 is my corp network range
192.168.2.171 is my internal IP for corp ASA5510
97.x.x.x is the external interface for my corp ASA5510
192.168.16.34 is the internal interface for the remote ASA5505
64.x.x.x is the external interface for the remote ASA5505
192.168.17.0, and 192.168.18.0 are two other private LANS behind the remote 5505
As you can see, I have things reasonably wide open - with no port restrictions on this one yet - this is for troubleshooting purposes, and it will get restrictive as soon as I figure this out Right now, the ASA5510 is pretty restrictive, and to be brutally honest, I'm not certain I'm even using the packet tracer 100% proper to be able to simulate coming from the outside of the network through my ASA5510, out to a remote ASA5505, and to a web server behind that 5505. I'm sure that the issue is probably going to be a mix of ACL's between the 5510, and the 5505.
I guess the main question, is Clientless SSL VPN really a good choice for this, or are there other real alternatives - especially since my client doesn't want to have to install, or use an actual client (like AnyConnect), nor do they want to have an always-on IPSEC VPN. Am I going about this the right way? Anyone have any suggestions, or do I have my config royally hosed?
Thanks much for any and all ideas!Hey All, I appreciate all of the views on this post. I would appreciate any input - even if you think it might be far-fetched. I'm grasping at straws, and am super-hesitant to tell my customer this is even remotely possible if I can't have a POC myself. Thanks, in advance!!
-
I am putting an rodc on the DMX in a separate forest than the internal network
On the DMZ, I have a Read/write 2012 DC in 2008R2 mode. Then I added a RODC in the same DMZ forest.
I want to open up 636 to the RODC from the public for ldap ssl.
Is this ok? How would I go about setting up the ldap ssl over the public internet? I guess I will need a public certHello,
maybe you can describe the reason which requires LDAP over SSL access?
In the meanwhile see
http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx
You can also work with self-signed certificates
http://gregtechnobabble.blogspot.de/2012/11/enabling-ldap-ssl-in-windows-2012-part-1.html
It depends on the service/application requirement.
We use for example an external access to our network but work with self-signed certificates for password change if accounts are required to change the password.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
How to configure LDAP SSL using auto login wallet?
Hello,
I need to enable authentication over LDAP SSL.
I've configured a wallet (auto login) containing required certificates and set accordingly WALLET_PATH and WALLET_PWD settings using apex_instance_admin.set_parameter method.
With this, everything is working fine and LDAP over SSL is working well. It confirms that the wallet is properly configured, valid and usable.
So, the wallet was created with auto login option and it seems to work well without specifying password when calling utl_http.
Proof of properly configured auto login wallet (without password).
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- test without wallet
BEGIN show_html_from_url('https://www.verisign.com/'); END;
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1527
ORA-29261: bad argument
ORA-06512: at "TEST01.SHOW_HTML_FROM_URL", line 25
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-29024: Certificate validation failure
ORA-06512: at line 1TEST01@DB11G> exec utl_http.set_wallet('file:/u01/app/oracle/product/11.2.0/dbhome_1/network/admin'); -- set wallet info for use without password (autologin)
PL/SQL procedure successfully completed.
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- It works!
PL/SQL procedure successfully completed.
So, when I configure WALLET_PATH without WALLET_PWD, it not seems to work as it should with my auto login wallet...
What am I missing? Is it APEX not handling auto login wallets correctly?
Apex Version: 4.2.0.00.27
OS: OEL 6.4
DB: 11.2.0.3 x64
Thanks
Bruno LavoieHello,
I need to enable authentication over LDAP SSL.
I've configured a wallet (auto login) containing required certificates and set accordingly WALLET_PATH and WALLET_PWD settings using apex_instance_admin.set_parameter method.
With this, everything is working fine and LDAP over SSL is working well. It confirms that the wallet is properly configured, valid and usable.
So, the wallet was created with auto login option and it seems to work well without specifying password when calling utl_http.
Proof of properly configured auto login wallet (without password).
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- test without wallet
BEGIN show_html_from_url('https://www.verisign.com/'); END;
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1527
ORA-29261: bad argument
ORA-06512: at "TEST01.SHOW_HTML_FROM_URL", line 25
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-29024: Certificate validation failure
ORA-06512: at line 1TEST01@DB11G> exec utl_http.set_wallet('file:/u01/app/oracle/product/11.2.0/dbhome_1/network/admin'); -- set wallet info for use without password (autologin)
PL/SQL procedure successfully completed.
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- It works!
PL/SQL procedure successfully completed.
So, when I configure WALLET_PATH without WALLET_PWD, it not seems to work as it should with my auto login wallet...
What am I missing? Is it APEX not handling auto login wallets correctly?
Apex Version: 4.2.0.00.27
OS: OEL 6.4
DB: 11.2.0.3 x64
Thanks
Bruno Lavoie -
Convergence with LDAP SSL Failure
Hello,
I'm now having a problem securing connections between Convergence and my LDAP server.
Once I set it in iwcadmin, ugldap.enablessl to true and change the port to 636, the following error occurs and convergence just couldn't authenticate.
server.log in Glassfish 2.1.1, enterprise profile using NSS keystore
[#|2010-11-12T20:17:15.208+0000|SEVERE|sun-appserver2.1|com.sun.comms.shared.ldap|_ThreadID=19;_ThreadName=Thread-114;_RequestID=f4814afe-c0b0-4245-b21b-64be2d4a39e3;|LDAPS:Error occured during SSL handshake java.lang.RuntimeException: Could not parse key values|#]
[#|2010-11-12T20:17:15.209+0000|SEVERE|sun-appserver2.1|com.sun.comms.shared.ldap.LDAPSingleHostPool|_ThreadID=19;_ThreadName=Thread-114;_RequestID=f4814afe-c0b0-4245-b21b-64be2d4a39e3;|buildConnection: got LDAPException while connecting to Pool number:0. Host=<ldaphost> :netscape.ldap.LDAPException: Error occured during SSL handshake java.lang.RuntimeException: Could not parse key values (91)|#]
HTTP SSL connections to Webmail server and calendar servers are fine. I tried deploying the same configuration using developer profile with JKS keystore, the SSL authentication goes through then, but I need clustering for high availability.
Does anyone have any ideas?
Thanks so much in advance!
MathewHard to tell what is happening without looking at the application
source, knowing what OS & hardware you're using etc. You might want to
try running with different JVM versions to see if it's actually the VM
that is the problem. If you have a support contract with BEA you could
ask support to help you diagnose this.
Regards,
/Helena
Ayub Khan wrote:
I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
seems to happen on loading the machine..the performance progressively gets worse
and after a couple of seconds, all the threads stop responding. I checked the
heap, cpu and the idle threads in the execute queue and there is nothing there
to trigger alarms...there are quite a few idle threads still and the heap and
the cpu utilization seem OK. On doing a thread dump, Is see that all the other
threads seem to be in a state where they are waiting for data from LDAP and it
is basically read only data that they are waiting on.
Does anyone know what it is going on and help point me in the right direction.
-Ayub -
I am currently trying to install Office 2010 Pro Plus onto my machine that has Access 97 and Access 2003, Visio 2003, Excel 2003, PowerPoint 2003, and Word 2003 installed. I need to keep the previous versions of Office installed as they are used for development
work. When I try installing Office 2010 I've stopped with the following error message: "An Office installation on your computer is corrupted and setup cannot continue. Remove or repair the Office 2003 product and re-run setup." I can't remove and
repair doesn't seem to do anything. Most posts suggest removing previous office versions or deleting/altering the MS Office registry keys (which would damage the previous versions of Office). Is there a solution to install Office 2010 independently of any
other version of Office installed?I figured out a method to finally install Office 2010 bypassing the error stated in the title, by manually removing all the keys that included the term "Office 2003" from the Windows registry.
I share my fix with more details and pictures step by step here :
Link
Please note that you need to be very careful when manually editing the Windows registry as it may cause problems to your operating system and even cause a massive failure requiring you to re-format your disk.
Feel free to use my fix at your own risk. I will not be held responsible for any damage caused or data loss. -
IdM SPE Ldap SSL operations hang
Hi all,
We're having a problem with IdM SPE hanging while doing LDAP operations over SSL. Has anyone encountered this before? We're under a tight deadline and any inputs/suggestions would automatically make the contributor my hero.
Description:
Our application is hanging when we try to use SPE's APIs to add some users to an LDAPS resource. We see these connections being logged in the LDAP logs, however binding never occurs. Instead these LDAP connections from SPE seem to sit until timeout.
Environment:
IdM 6.0 SPE SP1
AIX 5.2
J2RE 1.4.2 IBM AIX SP7
BEA WebLogic 8.1 SP5
SunOne Directory Server 5.2
Evaluation:
After a long period of time we see the following exception in our application logs:
javax.naming.CommunicationException: Request: 1 cancelled
at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java(Inlined Compiled Code))
at com.sun.jndi.ldap.Connection.readReply(Connection.java(Compiled Code))
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:357)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:210)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2657)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:307)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190)What we noticed is that LDAP connection (no SSL) seem to be okay. We have verified that connections can be made from our app server box to our LDAP server on the ssl port. We've also created a simple java servlet that makes LDAPS using JNDI and put this in the same container as IdM and this seems to connect okay as well. This seems to indicate that the hanging is not a SSL issue but an SPE one.
We do notice from examining the LDAP logs that the same connections are being used over and over. This is expected connection pooling behavior, but could this be an issue if we switch our connection from LDAP to LDAPs? Does the pool not get purged when we switch on SSL?Updated findings:
We were able to duplicate this on a windows sand box environment. Again it breaks when SPE tries to do an LDAPS operation. Here's what we figured out so far.
a.) Definately not a certificate issue
b.) Almost definately not a JDK/JCE/JSSE issue
c.) Definately not an LDAP issue
d.) Not an IdM 6.0 issue (Can provision users from IdM console)
e.) Not a connection pooling issue (Turned off pooling and it still hung)
f.) Not a network issue.
It seems at this stage that the problem stems from SPE, has anyone ever gotten SPE to work with LDAP over ssl? Any suggestions? -
What hardware is required to setup Fail over cluster using windows 2003 enterprise edition.
I want to setup fail over cluster...i have already installed HP 350 G6 server in my environment. now i want to know which hardware i may require to setup failover cluster for statefull application. and secondly, does my existing server can be utilized .
AN Update:
The Oracle Universal Installer shows the following in the screen before the error appears:
Starting Oracle Universal Installer...
No pre-requisite checks found in oraparam.ini, no system pre-requisite checks w
ill be executed.
Preparing to launch Oracle Universal Installer from D:\DOCUME~1\ADMINI~1\LOCALS
~1\Temp\OraInstall2011-03-02_04-25-26PM. Please wait ... Oracle Universal Instal
ler, Version 10.1.0.6.0 Production
Copyright (C) 1999, 2007, Oracle. All rights reserved.
...............................................................Val: 0
Val: 0
Val: 0
Val: 2
Val: 0
Val: 0
Val: 0
Val: 2
Val: 0
Val: 0
Val: 0
Val: 0
Val: 0
Val: 0
Val: 2
Val: 0
Val: 0
Val: 0
Val: 0
Val: 2
Val: 0
Val: 0
path: D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OraInstall2011-03-02_04-25-26PM\jre\bin
;.;D:\WINDOWS\system32;D:\WINDOWS;D:\StageR12\startCD\Disk1\rapidwiz\unzip\NT;D:
\MVS\VC\bin;D:\cygwin\bin;D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbe
m
toload is D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OraInstall2011-03-02_04-25-26PM\Win
dowsGPortQueries.dll
100% Done.
Copying files in progress (Wed Mar 02 16:25:59 IST 2011)
.................................................Val: 0
. 79% Done.
Copy successful
Setup in progress (Wed Mar 02 16:26:05 IST 2011)
.....Oracle JAAS [Wed Mar 02 16:26:28 IST 2011]: exception: 9
opmnctl: opmn started
Please help me.
Thanks and regards,
Adm -
What level suplemental logging requires to setup Streams at Schema level
Hi,
Working on setting-up streams from 10g to 11g db @ schema level. And the session is hanging with statement "ALTER DATABASE ADD SUPPLEMENTAL LOG DATA" while running following command - generated using DBMS_STREAMS_ADM.MAINTAIN_SCHEMAS.
Begin
dbms_streams_adm.add_schema_rules(
schema_name => '"DPX1"',
streams_type => 'CAPTURE',
streams_name => '"CAPTURE_DPX1"',
queue_name => '"STRMADMIN"."CAPTURE_QUEUE"',
include_dml => TRUE,
include_ddl => TRUE,
include_tagged_lcr => TRUE,
source_database => 'DPX1DB',
inclusion_rule => TRUE,
and_condition => get_compatible);
END;
The generated script also setting each table with table-level logging "'ALTER TABLE "DPX1"."DEPT" ADD SUPPLEMENTAL LOG DATA (PRIMARY KEY, FOREIGN KEY, UNIQUE INDEX) COLUMNS'".
So my question is: Is Database level supplemental logging required to setup schema-level replication? If answer is no then why the following script is invoking "ALTER DATABASE ADD SUPPLEMENTAL LOG DATA" command.
Thanks in advance.
Regards,
SridharHi sri dhar,
From what I found, the "ALTER DATABASE ADD SUPPLEMENTAL LOG DATA" is required for the first capture you create in a database. Once it has been run, you'll see V$DATABASE with the column SUPPLEMENTAL_LOG_DATA_MIN set to YES. It requires a strong level of locking - for example, you cannot run this alter database while an index rebuild is running (maybe an rebuild online?)
I know it is called implicitly by DBMS_STREAMS_ADM.add_table_rules for the first rule created.
So, you can just run the statement once in a maintenance window and you'll be all set.
Minimal Supplemental Logging - http://www.oracle.com/pls/db102/to_URL?remark=ranked&urlname=http:%2F%2Fdownload.oracle.com%2Fdocs%2Fcd%2FB19306_01%2Fserver.102%2Fb14215%2Flogminer.htm%23sthref2006
NOT to be confused with database level supplemental log group.
http://download.oracle.com/docs/cd/B19306_01/server.102/b14228/mon_rep.htm#BABHHCCC
Hope this helps,
Regards, -
SSL certificates and Web Services Usage inside Oracle Database Questions!
We have implemented a specific business logic using PL/SQL for our client, so we open a file and process each line of this, doing something in the Database and also call a Web Services (Service1) using UTL_HTTP package. Service1 runs in a Windows 2008 Server in the DMZ as Database server.
Service1 is already working, and we can call the service from PL/SQL without troubles.
However, according with security client's policies they requires all Web services be consumed via https including Service1, so we must to follow the procedure established for Oracle in order to enable the calling of service1 via https from the Database.
Our client's DBA and IT Team are concerned about two subjects before to continue to follow the certificate installation:
- SSL Certificates:
1- Can installed certificates in the Database put in risk the stability of the database?
2- Can installed certificates in the Database generate performance issues?
3- Can installed certificates reloading the Databases?
2- Can installed certificates in the Database generate security issues?
- Web services:
1- Can web services calling from the Database put in risk the stability of the database?
2- Can web services calling from the Database generate performance issues?
3- Can web services calling from the Database generate security issues in the DMZ?
Could you please give us any clues, about the possible negative impact related with the SSL certificates and Web Services Usage inside Oracle Database, if it’s the case this impact exists?.
Those are the links describing the procedure mentioned above.
1 -http://www.kotti.es/2009/11/oracle-wallet/
DB: Oracle 9i.
Average number of lines in file: 300
Periodicity: Twice at day.Thiago:
You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
Regards,
Jason -
How to install and setup macports for mac os mavericks, for open vpn purpose.
Hi Guys! I'm using OS Mavericks now in my macbook pro, I need help and suggestions regarding open vpn application that i can use for my laptop so that i can access my server in my office even im out of town and country. I found vpn network setup in network preference but i dont know how to setup. also others are suggesting macports for mac but still difficult to analyze and setup. I need to troubleshoot in terminal which i'm not familiar with commands. Please help me guys! Please!
You're going to need to figure out the required settings for the VPN server you're working with, whether you use the standard client or some add-on. That information is a prerequisite for a VPN client; for any VPN client.
If the standard VPN client present in OS X doesn't and cannot be gotten to work, then something like IPSecuritas or the OpenVPN client would be a typical fallback choice, but IPSecuritas is far more flexible — which means far more complex. These clients are available as application downloads; no Brew or MacPorts required.
Is this your server you're connecting into? Or is somebody else controlling it?
If it's your server and thus your VPN server, then you'll have the option to get either the VPN server in the gateway firewall box or the VPN server running in the target system configured to allow the OS X VPN client to work.
If the server is controlled by somebody else, ask them for the settings necessary for the VPN client.
As Barney-15E states, using Brew or MacPorts won't help, unless you're installing the VPN client that way — which would be a little unusual — and you're still going to have to figure out the L2TP / IPSec or PPTP or other settings here, irrespective of how the VPN client gets installed.
Maybe you are looking for
-
Is there a way to speed up Applications Listing?
Every time I open Finder and click on Applications, it takes 20-30 seconds until it lets me scroll through the listing because it has to redraw the icons for every application. Is there a way to cache these icons so it doesn't stall every time? Note
-
Controlling Multiple PRI T-1's with 1 d Channel
We are connecting a Redcom IGX to three Cisco 3745 routers (12.4(7g) ios) with 13 T-1's using MGCP and a Call manager running 4.1. We just converted to PRI using 4ESS between the two. The redcom has a way to control (span) up to 5 T-1's using one D C
-
Have large number of book files in pdf format sent by a client. Other than the covers, all pages are grey, but they are in cmyk format. Our digital press will track those as color prints and we will be charged accordingly. I have Quite a Box of Trick
-
USERS_GEN : Upload User from file
Does anyone knows where the field cournty is stocked and what is its role? Thanks
-
Is it possible to add keywords on review mode?
I was wondering if it is possible to add a predefined keyword on selected photos in Review Mode in Bridge CC. This will definetely make my photo library quickly organized.