LDAP sub tree search by OAM during authentication

Hi,
Is it possible to configure OAM to perform sub tree search for user id while authenticating a user. The scenario is - OAM is configured to search LDAP at level ou=comp, dc=com. User ID U01 is stored in ou=fin,ou=comp,dc=com. When user logs in with user ID U01, will OAM search in sub tree level ou=fin,ou=comp,dc=com and not just under ou=comp, dc=com?

Also, you can get more info at http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/datasrc.htm#CHDIACJI URL with more description.
~J

Similar Messages

Managing ldap sub tree with Solaris Mnagement Console

Hi,
I'm using Sun ONE Directory Server 5.2 in Solaris 9 envronment.
I want to use Solaris Management Console to manage my Ldap Name Service.
On my ldap server I can display two scopes :
Scope 1 file:/example/example
Scope 2 ldap:/example/dc=example,dc=com
With SMC Editor I've created a toolbox to manage my ldap domain and I can manage users and groups only on trunk tree but not on the sub tree.
Does someone can tell me please if it's possible to display the ldap sub tree with SMC and if it's possible to manage other cotainers than people or group containers with SMC (for ex. netgroup container) ?
Thanks.
Dra

By try and error I found out that even when I upgraded my
Sun ONE Directory Server 5.2 to patch level 2, the configuration
in the administration directory was not changed to the new
version. So one couldn't connect with the new console
version 5.2pl2 but used and needed the old one effectively.
To use the 5.2 pl 2 console there need to be the following
files in the client directory:
<root of sun ldap console>/java/jars/
ds522.jar (main console application)
ds522_en.jar (english language resources)
ds522_de.jar (german language resources, in my case, optional)
ds522.icon (icon used in the console)
and for the administration console:
admserv522.jar
admserv522_en.jar
admserv522_de.jar
admserv522.icon
The old file with the '52' in their name may stay where they
are to connect to unpatched 5.2 Servers and 5.2pl2 Servers
without updated configuration.
The configuration is under:
cn=ResourceEditorExtension, ou=4.0, ou=Admin, ou=Global Preferences, ou=zentrale.edekanet.de, o=NetscapeRoot
Search for the attribute 'nsclassname' in all subentries where there
is a substring '@ds52.jar' and change it to '@ds522.jar'.
With newer versions of the Sun Directory Server there are
even jar files with names like 'ds523.jar'. Proceed like above.
After the next start of the console you are using the new 5.2pl2
Versions with all bugfixes and enhancements. To verify you may
move the '52' files away, start and connect. If the directory server
is configured the right way it won't try to download the '52' files
to your local computer.
Frerk

RZ20 - Missing sub-tree entries in CCMS_Selfmonitoring

Hello,
Please could some let me know how to restore missing monitoring sub-tree entries in RZ20 in a Sol Man 7.01 system ?
Due to an error message displayed when trying to start a ccmsping agent on a satellite system I found SAP Note 517533 which advised the following steps to refresh the System Component Repository (SCR) : -
Repeat the SCR upgrade process.
Here is the procedure:
    1. Start transaction RZ20.
    2. Open monitor collection SAP CCMS Monitors for Technical Experts.
    3. Open the monitor CCMS Selfmonitoring.
    4. Open the branch CCMS_Selfmonitoring.
    5. Choose Extras -> Activate maintenance function
    6. In the CCMS_Selfmonitoring branch, delete the subtree labelled 'System Component Repository' (Edit -> Nodes -> Delete -> Option 4).
    7. Switch to transaction RZ21.
    8. Choose Techn. Infrastructure -> Method execution -> Activate background dispatching.
I carried out these steps in the Solution Manager environment and when I ran step 6 a number of entries vanished from the RZ20 - CCMS Selfmonitoring - CCMS_Selfmonitoring subtree.
I then did as the note suggests and made sure the CCMS background dispatching job SAP_CCMS_MONI_BATCH_DP had ran (it does every 5 minutes) but the tree entries have still not re-appeared.
For example, in RZ20 - SAP CCMS Techincal Expert Monitors - CCMS Selfmonitoring - <SID> - CCMS_Selfmonitoring only the following subtree entries are present:
- Tooldispatching (long running tasks)
- Tooldispatching (central system)
- Central Performance History
Previously the CCMS_Selfmonitoring sub tree looked more like our other Solman systems with entries such as: -
- Tooldispatching (long running tasks)
- Tooldispatching (central system)
- Central Performance History
- Startuptools once per system
- Runtime
- Availability Monitoring
- SapmssyT
- CCMS Agents
- System Component Repository
- XML_SelfMonitoring
- GRMG_Self-Monitoring
To find a resolution I've searched multiple SAP notes and Google without success.
Please can someone advise how to get these entries back into the monitoring sub-tree ?
Thank you.

Hello Jansi
Thanks for your responding.
I can confirm that no Technical Views have been changed. Even when I change them for testing the missing tree entries do not return.
I have carried out the steps as described to reset the entire self monitoring node but the entries that were present are still not present.
Any further suggestions ?
Thanks,
Dave.

How to implement Force password change during authentication

Description of problem
Our client requires web applications to support its internal security policy beyond
normal authentication. This includes:
- force password change periodically. This should be performed at logon time.
- maintain password history so that a new password would not repeat any of its
previous 15 changes.
We already have an authentication server that satisfy these requirements. However,
we would also like to base our solution on WebLogic security framework so that
we can leverage the benefit of the container-managed declarative security (e.g.
we don't need to use our special cookie to check whether a user is authenticated
for every web page in the application). So the best scenario for us is to wrap
up this authentication server using WLS 7.0 authentication SSPI.
My initial investigation of WLS 7.0 security framework (based on edocs and the
sample customer security provider codes) convinced me that overall, this is achievable.
However, I am still left with quite a few questions, which I would like to get
your help.
Questions:
1. (web container) The J2EE-standard container-based authentication is to specify
<login-config> element. My understanding is that only FORM based authentication
is applicable. The specified form elements:
<form method="post" action="j_security_check">
<INPUT TYPE="TEXT" NAME="j_username">
<INPUT TYPE= "password" NAME="j_password">
</form>
is adequate for authentication. However, if the authentication service provider
indicates that password change is needed, what would be the most appropriate way
within WebLogic for the authentication service provider to pass such a flag to
the web container know so that our application can access it? I guess, a simpler
question, would be, using the standard <login-config>, webapp knows only about
authentication fails or succeeds. Can it possibly know more information provided
by the authentication service provider right after authentication?
2) If we don't use standard FORM-based authentication, we will code up our own
authentication control, which could give us a lot more flexibility, but can we
then bind our Subject obtained through our authentication control to the WebLogic
Subject that is running the webapp.
3) (Authentication service provider) Our design is for the custom LoginModule
to delegate login calls to the authentication server, and throws more refined
exceptions such as: FailedLoginException, PasswordExpiredException, UserAccountLockedException
(all subclassed from LoginException). Another approach is to provide detailed
information such as password expired in callbacks. Either way, when Authentication
service provider returns, how our web application can access this refined flag
of authentication result.
4) Can our customer authentication service provider use DataSource defined in
a weblogic server? I ask this question because DataSource itself is a protected
resource of WebLogic. Will referencing it during authentication initiate another
authentication cycle?
Can anyone who has experienced similar requirements and worked solutions please
give me a hint? I appreciate your guidance.
regards
Licheng

"Licheng" == Licheng <[email protected]> writes:
Licheng> Description of problem
Licheng> Our client requires web applications to support its internal security policy beyond
Licheng> normal authentication. This includes:
Licheng> - force password change periodically. This should be performed at logon time.
Licheng> - maintain password history so that a new password would not repeat any of its
Licheng> previous 15 changes.
Licheng> ..
Licheng> We already have an authentication server that satisfy these requirements. However,
Licheng> we would also like to base our solution on WebLogic security framework so that
Licheng> we can leverage the benefit of the container-managed declarative security (e.g.
Licheng> we don't need to use our special cookie to check whether a user is authenticated
Licheng> for every web page in the application). So the best scenario for us is to wrap
Licheng> up this authentication server using WLS 7.0 authentication SSPI.
I believe it's impractical to fit the requirement of forcing a password change
into the standard JAAS interface.
I think the only practical way to do this is to implement a servlet filter that
reads the persistent record of the logged-in user to check for a "force change
password flag". If it finds this, the servlet filter will forward to a page to
change your password. Note that the servlet filter may be hit again when
trying to get to the change password page, so it needs to know to not do the
check in that case.
If you implement this, I would strongly urge you to softcode the "change
password" page URL in your system configuration, and not hardcode it in the
servlet filter.
===================================================================
David M. Karr ; Java/J2EE/XML/Unix/C++
[email protected] ; SCJP; SCWCD

Unable to login using OAM Custom Authentication Plugin

Hi,
I have a problem with OAM Custom Authentication Plugin, My Plugin is Activate successfully. When try to login from Access Manager SSO login page, it is unable to login. I am getting followiing message in the log file.
I am return ExecutionStatus.SUCCESS from my Java code and I have only one step where I have attached Plugin and my Steps Orchestration is
On Success -> Success
On Failure -> Failure
On Error -> Failure
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:is_resource_protected.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
INFO: Processing Event is_resource_protected
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
INFO: Is Resource Protected status : success
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :is_resource_protected with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_valid_session.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
INFO: Processing Event check_valid_session
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
INFO: Processing Event check_valid_session
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_valid_session with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
INFO: Successfully validated the submitted credentials.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:validate_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
INFO: Processing Event validate_creds
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.authn processEvent
INFO: Policy ID : DB User Authentication Scheme
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Authentication Scheme Id: DB User Authentication Scheme.
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Runtime Authentication Scheme: Scheme name: = DB User Authentication Scheme
Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
Scheme Challenge Mec: = FORM
Scheme Challenge Par: = {contextType=default, username=string, contextValue=OAM, password=sercure_string, challenge_url=/pages/login.jsp}
Authentication Module Name: = DB Authentication module
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
INFO: Authentication Module Factory Class: DB Authentication module.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector: ["PluginPhaseEvent.oracle.security.am.plugin.diagnostic.PluginPhaseEvent@6d6a08fb":" Collector    : OAMS/OAM/Plugin/AUTHN/Plugin_SamplePlugin/PluginLocate
Type     : PHASE_EVENT
Metrics : 511
LogLevel : OFF
EnableRate : false EnablePersistence : false"], registered at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
User Name: test and Password : test
Authentication Successfull return ExecutionStatus.SUCCESS
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Result of Authentication Scheme Execution: false.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :validate_creds with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_authn_retry.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_authn_retry with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:cred_collect.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Processing Event cred_collect
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Credential collection process success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :cred_collect with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:PBL_return.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :PBL_return with status success.
Can anyone help me regarding this issue.
Thanks
Tamim Khan

Hi,
Little update about authentication plugin, please see the log file below, Result of Authentication Scheme Execution:true, now but, still the cookie is LOGGEDOUTCONTINUE and still I am unable to login.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:InProcess for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:Success for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
INFO: Successfully validated the submitted credentials.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:validate_creds.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
INFO: Processing Event validate_creds
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.authn processEvent
INFO: Policy ID : DB Authentication Scheme
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Authentication Scheme Id: DB Authentication Scheme.
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Runtime Authentication Scheme: Scheme name: = DB Authentication Scheme
Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
Scheme Challenge Mec: = FORM
Scheme Challenge Par: = {contextType=external, username=string, contextValue=/oam, password=sercure_string, challenge_url=http://192.168.1.220:14100/ssologin/ssologin.jsp}
Authentication Module Name: = DB Authentication Module
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
INFO: Authentication Module Factory Class: DB Authentication Module.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
User Name: test and Password : test
Set 1st Responce
Set 2nd Responce
Set 3rd Responce
Setting cookie
Authentication Successfull return ExecutionStatus.SUCCESS
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Result of Authentication Scheme Execution: true.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :validate_creds with status fail.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_authn_retry.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_authn_retry with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:cred_collect.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Processing Event cred_collect
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Credential collection process success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :cred_collect with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:PBL_return.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :PBL_return with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:InProcess for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:Success for request -414941018507193158;
Can anyone help me please.
Thanks
Tamim Khan

An unexpected error occurred during authentication

When one of our users tries to login they get this message in red above the login text box, "An unexpected error occurred during authentication." We can't recreate the error and have made sure the user has their security and browser settings correct. They are using IE 6.02 on XP. We have tested this configuration and it works for us. We have also tested their login and we can login here. I can't find anything about this error message and have run out of places to look. Does anyone have any suggestions?

Even i have the same issue...were you able to figure out how that can be done.

How to drag and drop a sub tree between 2 treeview?

Suppose I have 2 tree rendered in 2 treeview. Then I want to drag and drop any subtree on any node between the 2 tree.
For example, in tree 1, if I drag node node1 and drop it on tree 2 node node2. I want all nodes from node1(subtree) moved to node 2 in tree 2.
How can I do it? Should I code for treeview 1 begindrag event, and code for treeview 2 dragenter event?
and how to move a sub tree with pb built-in function?

Hi Kent,
I have just experimented with drag and drop between treeviews. Below is your bare minimum and caters for one node only. It does not drag any children along. If you drag an item it loses any children. Although it works both ways and within.
The handle is set in the dragbegin events.
In the dragdrop events you get source as an argument which is a pointer to the treeview where the drag started.
You get the node using GetItem ( ref treeviewitem ), then InsertItemSort as a child of the node dropped on.
NOTE: Must uncheck DisableDragAndDrop property for both treeviews.
// Instance Variable
ulong draggedhandle
type tv_1 from treeview within w_treehop
string dragicon = "Form!"
boolean dragauto = true
boolean disabledragdrop = false
end type
event begindrag;
draggedhandle = handle
end event
event dragdrop;
treeview tvSource
treeviewitem ltvidropped, ltvidragged
tvSource = source
if draggedhandle > 0
if handle <> draggedhandle or tvSource <> this then
    tvSource.GetItem( draggedhandle , ltvidragged )
    this.GetItem( handle , ltvidropped)
    this.Insertitemsort( handle, ltvidragged )
    tvSource.Deleteitem( draggedhandle )
    draggedhandle = 0
end if
end if
end event
type tv_2 from treeview within w_treehop
string dragicon = "Form!"
boolean dragauto = true
boolean disabledragdrop = false
end type
event begindrag;
draggedhandle = handle
end event
event dragdrop;
treeview tvSource
treeviewitem ltvidropped, ltvidragged
tvSource = source
if draggedhandle > 0
if handle <> draggedhandle or tvSource <> this then
    tvSource.GetItem( draggedhandle , ltvidragged )
    this.GetItem( handle , ltvidropped)
    this.Insertitemsort( handle, ltvidragged )
    tvSource.Deleteitem( draggedhandle )
    draggedhandle = 0
end if
end if
end event
To carry over nested treeview items (children) you can use FindItem ( draggedhandle, navigationcode )
navigationcode as per help:
     ChildTreeItem! The first child of itemhandle.
     NextTreeItem! The sibling after itemhandle. A sibling is an item at the same level with the same parent.
HTH
Lars

Oracle error 6550 during authentication

Hi,
we have upgraded from 11.5.9 to 11.5.10.2
and db 9.2.0.8 to 10.2.0.4
after that when try to copy the output or log file of any request i am getting the following error
Oracle error 6550 during authentication
i have ran adadmin .. recreate grants and sysn...
Edited by: 123user on Jul 1, 2009 3:20 PM

Hi,
Please review these documents, and see if it helps.
Note: 156436.1 - Viewing Output With Browser Gets: Encountered Oracle error 6550 During Authentication. Authentication Failed
Note: 274158.1 - Viewing Request Error ORA 6550 Authentication Failed On Newly Cloned Instance
Regards,
Hussein

Regarding ADFbound tree search problem

Hi
I have done adf bound tree search after rendered using the following url
http://www.oracle.com/technetwork/developer-tools/adf/learnmore/61search-in-rendered-trees-177577.pdf
The search is happening as expected, but if i select manually any of the node and try for searching , then search is not happening at all .
Can anybody having idea on this ????????
Regards
Senthil

Dear Frank,
The following is my steps
1. First i did search using some 'X'
2. it selected the node 'X' as expected
3. if i just select a node manually using mouse for example 'Y' for drag and drop into another tree
4. Again i do search with any text , This time search is not happening , and it doesnt happen forever until i log out
manual selection using mouse stops the successive search, can not find the reason , please help me out
Thanks & regards
Senthil

An error occurred during authentication. Try again later or contact your

Hi
I am try to login OBIEE 11g analytics (http://siva:9704/analytics) iam getting error "An error occurred during authentication. Try again later or contact your system administrator". Please help me .my Em and Admin console and rpd working fine.
I have problem only analytics login..
Thanks
Naveen

I would say try this first
1. Log in to EM
2. Click on Business Intelligence link on he left-hand side to expand it
3. Click on Coreapplication.
4. Click on the Capacity Management tab
5. Click Restart All
If helps pls mark as correct else let me know updates

Macbook won't respond until moved, especially during authentication. Continued after upgrade to Lion.

My Macbook won't respond until I physically pick it up and move it, especially during authentication. This continues after upgrade to Lion. How can I resolve this?

This is almost certainly a hardware problem, that will require the skills of a certified Apple repair shop to fix.

Help on insert sub tree option

hi all,
kindly provide step by step document for creating hierarchy using insert sub tree option.
Regards,
Sohil Shah.

HI Sohil
please go through the below link it can help you to create hierarchy
http://help.sap.com/saphelp_nw70/helpdata/en/0e/fd4e3c97f6bb3ee10000000a114084/content.htm
thanks
kishore

OAM 11gR2 Authentication using username/password/additional ldap field

I want to add additional credential parameter along with username and password to be validated against LDAP.
Is there any out of the box solution for authentication using username/password/additional ldap field in OAM 11gR2?
This solutions exist in 10g and could not find any OOB feature in 11g.

Do you need to accept additional parameter from user via login form & then use it in credential mapping step
Not sure if %% syntax would work .. havent tried it. next option is to develop custom authentication plugin
Additional ldap attribute against static value
If you need to add additional ldap attribute (check against static value) that you can specify in LDAP search filter in "User Identification plugin" configuration
Take a look at "MTLDAPPlugin" under custom authentication modules
Hope this helps

Still LDAP server not responding when add to authentication search path ...

Howdy All,
I still have an OS X Server 10.5.6 (running Open Directory with its own Master directory) that when configured to connect to a corporate LDAP server indicates the server is responding fine, but when I add the server to the authentication search path, the server is no-longer responding.
I suspect this may mean the LDAP server is choosing to no-longer respond? Is it possible that the LDAP server could have my machine / IP address "black-listed" in some way? I have asked corporate IT but they didn't seem to think so (although I was queried before about repeated connect attempts).
Somewhat strangely I can configure a laptop client (OS X 10.5.6) to connect to the same LDAP server from an Ethernet port on the same LAN and it works fine. However, when I connect this laptop to the LAN through my server (WiFi NAT) I get the same issue as described above.
I don't have the firewall on the server turned on, I have played around with some certificates on the server, but have set "TLS_REQCERT never" in the ldap.conf file on the server (and client) as suggested by corporate IT. I have Kerberos running on the server and all else seems fine on the server.
Can anyone suggest what may be causing this? Or how I can debug the problem?
Thanks in advance.
Cheers,
Ashley.

Hi Jeff,
Thanks for your post. That said, I'm not sure how you got the impression that I wish to go to Maine I'm happy here in Perth, Western Australia.
Jeff Kelleher wrote:
Connecting a Mac to an LDAP server is a far cry from connecting a OS X Server to an existing LDAP server. Not that I could necessarily help, but asking how to connect an OS X Server to an LDAP server is a bit like asking "guess where I am now, how do I get to Maine?"
You need to provide as much info as you can.
Seriously though, I'm not sure of the difference. I am using Directory Utility to allow this OS X Server to get authentication information from an LDAP server just like an OS X Client would.
I have Open Directory in Server Admin just setup to connect to a directory system (i.e. the organisation LDAP server), not a master or replica.
My final goal is to allow access to an OS X TeamsServer Wiki by users who are authenticated against the LDAP server (rather than having to have separate accounts, logins, on the OSXS.)
I am hoping that I can use a group from the LDAP server to define the team, but perhaps I will have to run a standalone OD. I hope then I can add LDAP users to the OD group.
What other information would help?
Thanks,
Ashley.
OS X Server 10.5.6

Setting application level item during authentication

We’re having an issue with an application level item that we set during our custom authentication function to store a role list for authorization. The issue is that the application level item, which should be set using htmldb_util.set_session_state(‘ITEM_NAME’, p_item_value), is not being set.
On further investigation we realised that this issue was only affecting developers, not users of the application. This seems to be because the home page link, set in Shared Components > Edit Security Attributes, is set to “f?p=&APP_ID.:1:&SESSION.”, which means that the developers session was being passed to the application when the “Run Application” button was pressed. What then happens is that following the successful execution of the authentication function, a new session id is generated and visible on the URL and the Application Level Items are not set correctly.
Examples:
I’m developing an application on Apex that has the home page link set to “f?p=&APP_ID.:1:&SESSION.”, here’s the first part of my URL at the Application home page:
http://apex.oracle.com/pls/otn/f?p=4000:1:1065658352862710::
I hit “Run Application” and get to this URL (note the session id is the same)
http://apex.oracle.com/pls/otn/f?p=16033:1:1065658352862710:::::
I log in using any old username and password (the auth scheme on this demo app always returns true) and I get to this URL (note the session id is different):
http://apex.oracle.com/pls/otn/f?p=16033:1:1403999736046638
My application level item is not set and I start to cry. When I recover from my tearful episode I try to log in again, I hit logout and get taken to this URL:
http://apex.oracle.com/pls/otn/f?p=16033:1
I log in again (with the same username or different, it doesn’t matter) and low and behold, my application level item is set ok. This is the URL I can see (note another new session id):
http://apex.oracle.com/pls/otn/f?p=16033:1:4917752800353335
In despair, I close my browser window and go to my other application, this one has got the home page link set to “f?p=&APP_ID.:1” (no session id passed).
I log back into Apex as a developer and go to the application home page at this URL:
http://apex.oracle.com/pls/otn/f?p=4000:1:131988631742187::
I hit “Run Application” and get to this URL (note the session id is missing):
http://apex.oracle.com/pls/otn/f?p=19114:1::::::
I log in using any old username and password (same deal as before) and I get to this URL (new session id):
http://apex.oracle.com/pls/otn/f?p=19114:1:4320851658879093:::::
Amazingly, this time the application level items are set first time.
What I’d like to know (there is a purpose to this) is:
- Why is a different session allocated to the application after login, when a “developer’s” session id is passed to the application?
- If I remove the session id from the home page url what is the impact? I can’t think of anywhere within the application that this is used (other than between page 101 and the home page), but our thoughts are that this could mean that users end up generating more sessions on the server.
- Is there any other way around this, perhaps using a different method of setting the application level item? The authentication procedure which sets the item reads as follows and mimics our authentication procedure (which you can assume does a little bit more than just returning true):
function test_login
(p_username in varchar2 default null,
p_password in varchar2 default null) return boolean is
begin
htmldb_util.set_session_state('F16929_SYSDATE', to_char(sysdate, 'DAY'));
return true;
end;- Has anyone else encountered difficulties with the setting of application level items during login or has anyone come up with a more ingenious plan for passing something back from authentication that can later be used for authorisation?
Thanks
matt

Scott,
Many thanks for the response.
We've found a way around this now, by changing the developer's usernames to the same as their NT/ Active Directory signon, which fools APEX into maintaining the session id from their builder session even though when logging into the application they get authenticated by LDAP.
Using a post authentication process would be ok but I can't see any way of passing a variable retrieved in the authentication process under the first session to the post authentication process so that it can be set in the second session. We'd either therefore have to insert the data into a table and read it back or add an extra LDAP call to retrieve the user role/ group list during the post authentication process.
Thanks again,
Matt

LDAP sub tree search by OAM during authentication

Similar Messages

Maybe you are looking for