LDAP supporting multiple DNS domains

Similar Messages

• Multiple DNS Domain support in Single instance of Portal

  Can BEA portal support multiple DNS domains in a single instance of BEA Portal.
  For example can I setup portal to respond as bothe www.xxx.com and www.yyy.com
  and keep those urls as trhough the entire portal?

  Hi,
  thanks for your quick response. You mean we should run only one copy of the package I mentioned and seperate the plants and machines by logic implemented in the package? Well, I think this is critical in case of deploying a new version, since all machines at all sites won't have the system available at the same time. At the moment we do not have things in the system that are needed to go on with production, but we have planned to implement some things that will be indispensable and in this stage we need a clear seperation of the plants to minimize the risk of a simultaneous stand at all plants.
  Thanks for your suggestion and best regards,
  Matthias

• SPNego supports multiple AD Domains?

  As far as I know, SPNego has been tested on Windows 2000 Advanced Server SP4 as Active Directory Server and Domain Controller (Single Domain). I know that works on Windows 2003 also, but do anyone knows if supports multiple AD domains?
  Thanks
  Ofelia

  Hi Christian,
  Regarding user mapping: we don't want to use user mapping to map samaccountname to R/3 user (administration issue, we don't want to administer one more system!!), then, not using user mapping I have the option to develop and deploy a login module in UME to strike the domain name and pass only the samaccountname to the R/3, but there is a security vulnerability since two persons with same ID logged on to the portal could eventually execute a SAP Transaction from the portal and since R/3 does not receive the domain data, it should'n know who is running the transaction. Do you understand what I mean? So, we are in a deadlock!! We cannot implement this!!
  Thanks for the suggestion. If you know how to solve this issue, I'll appreciate your comment!
  Regards,
  Ofelia

• CUPS 8.6 - Supporting Multiple SIP Domains on a per-user basis

  Working on a CUPS 8.6 PoC with a customer who currently is running a deployed OCS environment. 
  Users all sign into a single domain internally but have multiple SMTP domains for email as this customer has many different companies they have aquired.
  OCS  is able to support and route multiple SIP domains by specifing the SIP address under AD User settings such that two users both signed into the same OCS server can send IM's to each other even though they have different SIP addresses.  sip:[email protected] , sip:[email protected]
  CUPS on the other hand does not seem to allow this on a per-user basis.  It places every user in the sip domain that the server is a member of.
  The Jabber client allows you to specify a domain but I am not how this is used as the actual user account in CUPS is only ever the one domain and if you try and specify a different domain in the Jabber Connection Settings, it will not allow you to login.
  It is not a big deal for internal communications if everyone is on the same domain, but where it is important is for future B2B IM.  Users need to be able to give out THEIR IM address with THEIR respective domain.
  Does anyone else know for a fact that I will only be able to have one domain per CUP cluster?
  Any thoughts on this design?

  Not sure on the design perspective but as for CUPS Domain, we can only have single domain per cluster. As you have already found out that for any user licensed for CUPS, their IM address would be userid@CUPSDomain
  CUPS does have funtionality of federating with foreign domains such as AOL/GoogleTalk/WebEx Connect.

• Jabber and Multiple DNS Domains

  have a customer that is running into some "minor" issues in getting Jabber to work well on their mobile devices.
  The issues revolves around I think a DNS issue in that their Internet domain is "mycomp.com" while inside they are "corp.mycomp.local"
  Am I correct in that this is easily fixed for the expressway-E and expressway-C is to have the following setup:
  On the External DNS server
  _collab-edge.tls.mycomp.com  =>  expresswaye.mycomp.com
  On the Internal DNS server:
  _cisco-uds._tcp.mycomp.com => cucm1.corp.mycorp.local
  _cisco-uds._tcp.corp.mycomp.local =>  cucm1.corp.mycomp.local
  If the Expressways are configured correctly, then this should work and the credentials for the users should be the same instde and out, OR am I missing something?
  Thanks

  Hi Richard,
  Please check the following links
  https://ciscocollab.wordpress.com/2014/07/23/collaboration-edge-mra-with-split-dns-domains/
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide_chapter_010.html#CJAB_TK_D380F2C5_00
  HTH
  Manish

• GetDesktopURL() problem with multiple DNS domains

  Hello,
  I use PS6.1 on a server with more domain names. If I login to one domain many portal links are directed to other domain.
  I suppose that there is something wrong in function/tag getDesktopURL(). The domains are swaped sometimes after server restart. (I clear all cookies between tests).
  For examle:
  Page URL:
  www.d1.com/portal/dt
  In channel JSP:
  <dtpc:getDeskpc.geDesktopURL/> -> www.d2.com/portal/dt
  pc.getDesktopURL(null) -> www.d2.com/portal/dt
  pc.getDesktopURL(request) -> www.d2.com/portal/dt
  but:
  request.getServerName() -> www.d1.com
  request.getHeader("host") -> www.d1.com
  Thank you for any hint, M.C.

  You should give Apple a call and ask to speak to the iPhone enterprise group. They should be able to help you get your network setup properly.

• Can ACS support multiple Active Directory Domains for 802.1x EAP-TLS?

  Hi
  I'm looking to implement ACS 5.2 using 802.1X, we have two seperate AD domains.
  Now.. this is the tricky part...
  A single switch will need to support both ADs, so if a machine in AD1 is connected, it will be authenticated to the ACS using AD1 and applied to VLAN1, while a machine that is in AD2 will be authenticated to AD2 and applied to VLAN 2.
  I'm looking at machine authentication, not user authentication, so I assume that I will need to import two certs from each AD.
  Can any expert please let me know if they think that this will be possible please??
  Many thanks

  Yes ACS can support multiple AD domains but you will have to configure one as your AD domain and the other as an LDAP database and this will work since you are planning to use eap-tls.
  The question I have is which version of ACS are you using? If you are using ACS 5.x then you can setup and identity store sequence so if the user is not found you can move to the next store and this will prevent you from installing two certificates on every machine.
  You can then setup an authorization rule for the seperate containers on where the workstations are located (this is assuming machine authentication is being used) for the AD database or the LDAP database and then assign the vlan based off that.
  Thanks and I hope this helps!
  Tarik Admani

• Cisco Jabber client to support Multiple e-mail domains

  Hi All,
  Per the following link, CUCM an IM&Presence starts supporting multiple domains at version 10:
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/10_0_1/delta/CUCM_BK_C206A718_00_cucm-new-and-changed-1001/CUCM_BK_C206A718_00_cucm-new-and-changed-1001_chapter_010.html#CUCM_RF_I31EA3AB_00
  However, we have heard from Cisco that there is NO Jabber client that works with version 10 to support multiple email domains.
  This may or not may be true.
  Can someone who has connection with BU confirm this? If there is Jabber client that supports multiple email domains, what is the version and when is it going to be available?
  Thanks,
  Mustafa

  Per-Olov
  How are you dealing with this DA restriction?
  Also, what are your comments about the use of Domain Alias vs. Domain with inetdomainbaseDN pointing to my organization? Which one was your choice?
  Thanks,
  Ivo

• Lync 2013 certificate requirements for multiple SIP domains

  Hi All,
  I am engaged with a client in respect of a Lync 2013 implementation initially as a conferencing platform with a view to enabling EV functions (inc. PSTN conferencing) in the future. They initially need to support 30 SIP domains and eventually
  around 100 SIP domains which is proving to be either not possible or severely cost prohibitive. Their current certificate provider, Thawte, can only support up to 25 SANs and have quoted them 5 figures. We tend to use GeoTrust as they are cheaper but they
  appear to have a limit of 25 SANs. GoDaddy appear to support up to 100 SANs for a pretty reasonable cost. My questions are as follows:
  Is there a way that I’m missing of reducing the number of SANs required on the Edge server?
  Use aliases for access edge FQDNs - Supported by desktop client but not by other devices so not really workable
  Don’t support XMPP federation therefore removing the need for domain name FQDNs for each SIP domain
  Is there a way that I’m missing of reducing the number of SANs required on the Reverse Proxy server?
  Friendly URL option 3 from this page:
  http://technet.microsoft.com/en-us/library/gg398287.aspx
  Client auto-configuration:
  i.     
  Don’t support mobile client auto-configuration in which case no lyncdiscover.sipdomain1.com DNS records or SANs would be required.
  ii.     
  Support mobile client auto-configuration over HTTP only in which case CNAME records are required for each SIP domain (lyncdiscover.sipdomain1.com, etc. pointing to lyncdiscover.designateddomain.com) but no SANs are required.
  iii.     
  Support mobile client auto-configuration over HTTPS in which case DNS records are required for each SIP domain and a SAN entry for each SIP domains is also required. This is because a DNS CNAME to another domain is not supported over
  HTTPS.
  If the answer to 1 and/or 2 is no, are there certificate providers that support over 100 SANs?
  How do certificate requirements differ when using the Lync 2013 hosting pack? I would think that this issue is something that a hosting provider would need to overcome.
  Would the Lync 2013 Hosting Pack work for this customer? The customer uses SPLA licensing so I think is eligible to use the hosting pack but not 100% sure it will work in their environment given that client connections are supposed
  to all come through the Edge where their tenants will be internal and also given the requirement for an ACP for PSTN conferencing.
  Many thanks,

  Many thanks for the response.
  I was already planning to use option 3 from the below page for simple URLs to cut down on SAN requirement.
  http://technet.microsoft.com/en-us/library/gg398287.aspx
  What are the security concerns for publishing autodiscover over port 80? I.e. Is this only used for the initial download of the discovery record and then HTTPS is used for authentication? This seems to be the case from the following note on the below page:
  http://technet.microsoft.com/en-gb/library/hh690030.aspx
  Mobile device clients do not support multiple Secure Sockets Layer (SSL) certificates from different domains. Therefore, CNAME redirection to different domains is not supported over HTTPS. For example, a DNS CNAME record for lyncdiscover.contoso.com that redirects
  to an address of director.contoso.net is not supported over HTTPS.
  In such a topology, a mobile device client needs to use HTTP for the first request, so that the CNAME redirection is resolved over HTTP. Subsequent requests then use HTTPS. To support this scenario, you need to configure your reverse proxy with a web publishing
  rule for port 80 (HTTP).
  For details, see "To create a web publishing rule for port 80" in Configuring the Reverse Proxy for Mobility. CNAME redirection to the same domain is supported over HTTPS. In this case, the destination domain's certificate covers the originating
  domain.”
  I don’t think SRV records for additional SIP domain access edge is a workable solution as this is not supported by some devices.
  As per the below article:
  http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
  “The recommended approach for external client Automatic Sign-In when supporting multiple SIP domains is to include a unique Access Edge FQDN for each domain name in the SAN field.  This is no longer a requirement (it was in OCS) as it is possible to
  create a DNS Service Locator Record (SRV) for each additional SIP domain yet have them all point back to the same original FQDN for the Access Edge service (e.g. sip.mslync.net). 
  This approach will trigger a security alert in Windows Lync clients which can be accepted by the user, but some other clients and devices are unable to connect when the Automatic Sign-In process returns a pair of SRV and Host (A) records which do not share
  the same domain namespace.  Thus it is still best practice to define a unique FQDN for each additional SIP domain and include that hostname in the external Edge certificate’s SAN field”.
  ===================
  1. Basically the requirement is to initially provide Lync conferencing services (minus PSTN conferencing) to internal, external, federated and anonymous participants with a view to providing PSTN conferencing and therefore enterprise voice services later.
  2. The customer currently supports close to 100 SMTP domains and wants to align their SIP domains with these existing domains. The structure of their business is such that “XXX IT Services” provide the IT infrastructure for a collection of companies who
  fall under the XXX umbrella but are very much run as individual entities.
  Question:
  Would you agree that I’m going to need a SAN for every SIP domain’s access edge FQDN?
  Thanks.

• RDBMS Security Store supporting multiple domains

  Can one instance of the RDBMS Security Store be utilized to support multiple WLS 10.3.2 domains?
  I have several 10.3.2 domains, all of which have clusters and role requirements? The documentation 'suggests' one Store per domain, but all of the tables in the schema contain DOMN (domain) and REALMN (realm) columns that would seem to indicate domain independence. It would be nice to be able to manage one Store schema that supports several Domains.

  Hi,
  The document which you are referring is for WLS 10.0 and RDBMS security is introduced from WLS 10.3.0 onwards.
  The reason why RDBMS security store should not be stored between two domains is RDBMS security store is used by authorization, role mapping, credential mapping, and certificate registry providers.
  Once the RDBMS security store is configured in a domain, an instance of any of the preceding security providers that has been created in the security realm automatically uses only the RDBMS security store as a datastore, and not the embedded LDAP server.
  It is just the replacement for Embedded LDAP.
  Thanks & Regards,
  Murali.
  ============

• Supporting Multiple domains in IM&P with and Expressway deployment?

  Hello everyone. This is long winded but the context is needed to explain what I'm looking for. Any help is appreciated.
  My customer has piloted IM&P for 1 year now and is looking to take it to the next level. They purchased Expressway Core & Edge and they are looking to enable Mobile Remote Access, B2B Video and XMPP Federation. One issue is that the Jabber domain that was selected 1 year ago for the pilot was a local domain. The reason for this is because the multidomain support was not available at the time. Internally there are 3 domains. example.ca, examplesales.ca, and examplebanannas.com. Their Jabber ID they use today is example.root.local. I am reading through the guides and it seems as though IM&P allows you to map a JABBER ID to an email address or a directory URI. This will allow multiple presence domains within one Presence cluster. The problem is that it appears as though federation will not work through expressway core / edge if you use this method. Can this be confirmed?
  I am providing you these URL's only for guidance, to show you how I arrived at my situation where I’m asking for help on a configuration change to my customers IM&P settings.
  note the section on page 41 of the following guide http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-5-1.pdf
  One would presume that Multi-domain support is now supported with expressway core & edge. The caveat I found on page 4 of the following guide in relation to xmpp federation.
  http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/XMPP-Federation-with-Cisco-VCS-and-IM-and-Presence-Service.pdf
  and page 10 of the following guide
  http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/XMPP-Federation-with-Cisco-VCS-and-IM-and-Presence-Service.pdf
  and this section
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_5_1/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105_chapter_01010.html#CUP0_RF_CAF8AEDD_00
  Expressway-E does not support XMPP address translation (of email addresses, for example). If you are using Expressway-E for XMPP federation, you must use native presence Jabber IDs from IM and Presence Service.
  This being said
  Based on my findings, I believe Cisco now supports multi-domain setup for IM&P with the "caveat" federation still doesn't work. My customer is not happy with this but still would like to proceed with the rest of the benefits that MRA brings to the table for their Jabber deployment. 
  To support the above scenario it is my understanding I need to make an adjustment to the configuration of IM&P. As I stated when I opened the case my customer’s current IM&P domain is “example.root.local” their JID is made up of [email protected]. It’s my understanding we cannot use this domain and activate MRA so we need to adjust everyone’s JID to be a Publicly routable DNS name. Since everyone that has a JABBER account also has an email account I was thinking we map the JID to the email. I’m trying to understand how to get from where we are to where we need to be. I found this guide but it doesn’t talk about the effects of doing this on a live system setup the way my customer is setup.
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_5_1/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105_chapter_01100.html
  I am also not certain this is the setting I’m looking for. I believe what I need to change is actually on the Presence server under the domains section I found this
  Domains Configuration
  Use the controls on this window to view and edit domains managed by the IM and Presence Service. Previously, the IM and Presence Service supported a single domain. With this release, you can specify multiple domains.
  Before You Begin
  To take advantage of multiple IM and Presence Service domains, you must choose Directory URI as the IM address scheme on the Advanced Presence Settings window. If the IM address scheme is set to UserID@domain, the default domain is used for the IM and Presence Service. The status of the IM Address Scheme setting is displayed at the top of the window in the Status box. The Status box contains a link to the Advanced Presence Settings window.
  Is this what I need to do?

  Hello everyone. This is long winded but the context is needed to explain what I'm looking for. Any help is appreciated.
  My customer has piloted IM&P for 1 year now and is looking to take it to the next level. They purchased Expressway Core & Edge and they are looking to enable Mobile Remote Access, B2B Video and XMPP Federation. One issue is that the Jabber domain that was selected 1 year ago for the pilot was a local domain. The reason for this is because the multidomain support was not available at the time. Internally there are 3 domains. example.ca, examplesales.ca, and examplebanannas.com. Their Jabber ID they use today is example.root.local. I am reading through the guides and it seems as though IM&P allows you to map a JABBER ID to an email address or a directory URI. This will allow multiple presence domains within one Presence cluster. The problem is that it appears as though federation will not work through expressway core / edge if you use this method. Can this be confirmed?
  I am providing you these URL's only for guidance, to show you how I arrived at my situation where I’m asking for help on a configuration change to my customers IM&P settings.
  note the section on page 41 of the following guide http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-5-1.pdf
  One would presume that Multi-domain support is now supported with expressway core & edge. The caveat I found on page 4 of the following guide in relation to xmpp federation.
  http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/XMPP-Federation-with-Cisco-VCS-and-IM-and-Presence-Service.pdf
  and page 10 of the following guide
  http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/XMPP-Federation-with-Cisco-VCS-and-IM-and-Presence-Service.pdf
  and this section
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_5_1/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105_chapter_01010.html#CUP0_RF_CAF8AEDD_00
  Expressway-E does not support XMPP address translation (of email addresses, for example). If you are using Expressway-E for XMPP federation, you must use native presence Jabber IDs from IM and Presence Service.
  This being said
  Based on my findings, I believe Cisco now supports multi-domain setup for IM&P with the "caveat" federation still doesn't work. My customer is not happy with this but still would like to proceed with the rest of the benefits that MRA brings to the table for their Jabber deployment. 
  To support the above scenario it is my understanding I need to make an adjustment to the configuration of IM&P. As I stated when I opened the case my customer’s current IM&P domain is “example.root.local” their JID is made up of [email protected]. It’s my understanding we cannot use this domain and activate MRA so we need to adjust everyone’s JID to be a Publicly routable DNS name. Since everyone that has a JABBER account also has an email account I was thinking we map the JID to the email. I’m trying to understand how to get from where we are to where we need to be. I found this guide but it doesn’t talk about the effects of doing this on a live system setup the way my customer is setup.
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_5_1/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105_chapter_01100.html
  I am also not certain this is the setting I’m looking for. I believe what I need to change is actually on the Presence server under the domains section I found this
  Domains Configuration
  Use the controls on this window to view and edit domains managed by the IM and Presence Service. Previously, the IM and Presence Service supported a single domain. With this release, you can specify multiple domains.
  Before You Begin
  To take advantage of multiple IM and Presence Service domains, you must choose Directory URI as the IM address scheme on the Advanced Presence Settings window. If the IM address scheme is set to UserID@domain, the default domain is used for the IM and Presence Service. The status of the IM Address Scheme setting is displayed at the top of the window in the Status box. The Status box contains a link to the Advanced Presence Settings window.
  Is this what I need to do?

• LDAP Authentication - Multiple Domains

  I want to be able to use the built in LDAP Authentication scheme to allow authentication against multiple AD Domains... each with it's own separate Host IP/Server, and LDAP DN String. The User ID is formated the same among all Domains, so that is not a concern. I am currently authenticating against one Domain and it scans the tree successfully.
  Host: xx.xx.xx.xx
  DN String: %LDAP_USER%@amer.globalco.net
  (amer.globalco.net is the domain)
  How can this be accomplished? Is it possible all you guru's out there?
  I saw one forum thread discussing how to add a drop down list to the login page, then use the value of the page item in the DN String to specify Domain... That makes sense - HOWEVER - I also have to use a different Host Server / IP address for each domain as well.... Now that is 2 fields that need updating based on one select list.
  I can build the select list using "IP/Domain" - but how do I separate the two data bits in the ITEM Value into their own field values?
  Can I use the ldap_dnprep function to do text editing to create two field values from one ITEM value that I can use in the standard LDAP authentication form fields?
  As you can tell - I am not a SQL/PLSQL person... and I want to avoid creating my own LDAP scheme.
  Please include example/suggested SQL -
  Thanks in advance...
  Rich
  Apex v3.2.1
  Oracle 10G Express

  Based on prior post I had similar question and the result was to write custom auth scheme to read the values from the login page, perform auth against appropriate ldap, then return a valid session to proceed with login in apex app. In our case, the issue was having users is different branch nodes on the same ldap server but not being able to search from a common higher-level branch for some reason...
  Another option you could try, not recommended as it would mean multiple pages to maintain, would be a separate login page per ldap/domain, maybe would even have to multiple apps with just a login page and then redirect to the main app... been a really long time since i've tried anything like it, just giving some options to try.

• IOS AIR3.6  runtime error 3747 Multiple application domains are not supported on this operating syst

  3747
  Multiple application domains are not supported on this operating system.
  I'm getting this error from an IOS app compiled with air 3.6.
  No code has changed  from Air 3.5 which is error free. Web app / android versions of the same codebase do not error.
  See the stackTrace below ( well done Adobe for providing this since air 3.5 !! )
  I use swfloaders for loading embedded swf vector art graphics. This has not caused any issue until now. Should I load all art into the main app's application domain ?
  The error does not crash the app and I could suppress it easily but is could the tip of the iceberg because application domains are scary stuff.
  Error: Error #3747
          at flash.display::Loader/loadBytes()
          at mx.core::MovieClipLoaderAsset()
          at mx.controls::SWFLoader/loadContent()
          at mx.controls::SWFLoader/load()
          at mx.controls::SWFLoader/initializeHandler()
          at flash.events::EventDispatcher/dispatchEvent()
          at mx.core::UIComponent/dispatchEvent()
          at mx.core::UIComponent/set processedDescriptors()
          at mx.core::UIComponent/initialize()
          at com.komodomath.app::ImageSWFloader/initialize()
          at mx.core::UIComponent/http://www.adobe.com/2006/flex/mx/internal::childAdded()
          at mx.core::UIComponent/addChildAt()
          at spark.components::Group/addDisplayObjectToDisplayList()
          at spark.components::Group/http://www.adobe.com/2006/flex/mx/internal::elementAdded()
          at spark.components::Group/setMXMLContent()
          at spark.components::Group/set mxmlContent()
          at spark.components::SkinnableContainer/set mxmlContent()
          at spark.components::SkinnableContainer/createDeferredContent()
          at spark.components::SkinnableContainer/createContentIfNeeded()
          at spark.components::SkinnableContainer/createChildren()
          at mx.core::UIComponent/initialize()
          at com.komodomath.lesson::SaveStatusCheck/initialize()
          at mx.core::UIComponent/http://www.adobe.com/2006/flex/mx/internal::childAdded()
          at mx.core::UIComponent/addChildAt()
          at spark.components::Group/addDisplayObjectToDisplayList()
          at spark.components::Group/http://www.adobe.com/2006/flex/mx/internal::elementAdded()
          at spark.components::Group/addElementAt()
          at mx.states::AddItems/addItemsToContentHolder()
          at mx.states::AddItems/apply()
          at mx.core::UIComponent/applyState()
          at mx.core::UIComponent/commitCurrentState()
          at mx.core::UIComponent/setCurrentState()
          at mx.core::UIComponent/set currentState()
          at com.komodomath.maingroups::LessonGroup/handleNewLessonClick()
          at com.komodomath.maingroups::LessonGroup/___LessonGroup_KButton1_click_lessonOver()

  same issue as http://forums.adobe.com/message/4736711

• Can ASA support multiple LDAP authenticate?

  This document describes the use of LDAP authentication method:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml
  But we have multiple LDAP(windows 2003 AD), So can ASA support multiple LDAP authenticate?

  Yes.
  -Kureli

• DNS Domain name ISE 1.2

  Question:  Can the DNS domain name in ISE 1.2 be differnt from the AD domain that ISE is joined to?
  Situation:  I have an internal AD domain 'mydomain.local'.  Currently ISE is setup with mydomain.local as it's dns domain it's FQDN is isebox.mydomain.local, it is also joined to that domain.  The problem comes with the certificate for HTTPS sites (management, guest, etc...) specifically guest.  If I use a certificate for isebox.mydomain.local, guest users (that do not have our internal ca) will get a certificate error.  The certificate used for HTTPS sites in ISE has to match the hostname of ISE.  This seems to me to be an unresolvable problem.  I have to have mydomain.local as the DNS domain, so that I can join ISE to mydomain.local.  But if I use that domain then I can't issue a public cert for the ISE box, because I can't get a public cert for a .local domain.
  My idea was to define the DNS domain as a public domain (abc123.com) but still join it to my internal domain (mydomain.local).  I have found some vauge references to this not being a supported configuration, and even that it doesn't work at all.  Could someone please tell me if this works?  Or better yet, some better/easer way to solve this prolem.
  Thanks!

  Hello John
  Cisco ISE supports integration with a single Active Directory identity source. Cisco ISE uses this Active Directory identity source to join itself to an Active Directory domain. If this Active Directory source has a multidomain forest, trust relationships must exist between its domain and the other domains in order for Cisco ISE to retrieve information from all domains within the forest.
  However, you may create multiple instances for LDAP. Cisco ISE can communicate via LDAP to Active Directory servers in an untrusted domain. The only limitation you would see with LDAP being a database that it doesn't support PEAP MSCHAPv2 ( native microsoft supplicant). However it does suppport EAP-TLS.
  For more information you may go through the below listed link
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_45_multiple_active_directories.pdf