Ldap Vs RDBMS
hi Guys,
can you provide exact difference between ladp vs rdbms.
Thanks,
subbu
Hi,
It is said that LDAP works better with JSP and
servlets than standard databases; and its popularity
is on the way up.
I agree that it is popular, but I can'r agree that it is better than a database, for to agree I must know 'better at what'? LDAP is a non-transactional, atomic write, read optimized hierarchical data store - writing to LDAP can be quite slow. Databases (I'll assume relational for now) are designed to be transactional, are optimized for read, write and update, and can (fairly efficiently) maintain very complex relationships and integrity constraints between data elements.
If I want to build user registry, credentials storage, rights type of data store, LDAP would be more efficient. If I am am building a traditional OLTP type of application (say for an online store) worrying about integrity and the ACID transaction characteristics, then a relational or object database is the way to go.
Many (most these days?) web sites and intranet applications use both LDAP and relational datababases, hopefully leveraging the best qualities of each in the right places.
This is a point, now for a web application that
required doing some transaction, which is better using
a database or LDAP? providing that number of users is
above 1,000,000 users and they already registered in
an LDAP server?Use LDAP for registry, credentials, rights, possibly configuration data, RDB for everything else.
Chuck
Similar Messages
-
LDAP or RDBMS for J2EE Security Configuration
I like to know if LDAP or RDBMS will be good in configuring J2EE applications Security and the reasons for that.
With LDAP, i am creating new groups as new applications come. I can very well do the same in RDBMS. Plus, the advantage of keeping groups in RDBMS give me the ability to associate those group information to any other information in RDBMS.
I do see every company going towards LDAP to store J2EE applications security groups.
I appreciate the advantage of keeping user information in LDAP so that all applications and network can share that. But keeping groups information for each application in LDAP make things impossible to associate those groups to other information in RDBMS.ps. any to the point literature on end-to-end java-based architectures (online or printed)?Maybe you could take a look at the J2EE blueprint resources at http://java.sun.com/blueprints/enterprise/index.html.
-
Hi,
I need some help developing a SSO (Single Sign-On) service used by the system I'm currently developing. I've read several posts on this forum, but none of them addresses this scenario.
Yeah, I'm a true newbie to this technologies and have only read the tutorials about them, but now I need some help with "best practices", sample code, design. I would be most grateful!
Here's the scenario:
1. A user starts the system.
2. User have the choices of going remote or running locally.
3. If remote is choosen the current user should be validated against a LDAP service, reading some attributes telling us if she have access to remote database and what her read/write permissions are.
4. Database user name and database password is extracted from LDAP service and used in system to create a remote connection to the database.
Hope you guys understand! Password and usernames sent across the network have to be encrypted.
PS. I'm not using J2EE, but it would be nice to have a compliant solution :-)
So, what do you guys think?
Kind regards, AndreasHi Andreas,
to do a basic LDAP authentication you can try something like this:
public java.lang.String ldapAuthentication() {
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + THE_LDAP_HOST + ":389/" + THE_LDAP_DOMAIN);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
String principal = (COMMON_NAME.equals("") ? USER_NAME : COMMON_NAME);
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, THE_PASSWORD);
try {
DirContext ctx = new InitialDirContext(env);
return LDAP_AUTH_OK;
} catch (AuthenticationException e){
return LDAP_AUTH_INVALIDCREDENTIALS;
catch (NamingException e){
return LDAP_AUTH_NAMINGEXCEPTION;
}The capitalized words - except the constants in Conext - are the parameters you may change for your specific use.
To connect and Query the LDAP database you should "bind" to the LDAP server with a known username and password and query the Context you have created (ctx in the code above).
For your point #4 i think that you can't extract a password of any user from the LDAP database. It is encrypted.
Try to use kerberos authentication instead and use the ticket you obtain from the kerberos server to authenticate with the RDBMS.
Something about kerberos authentication may be found here
http://forum.java.sun.com/thread.jsp?forum=51&thread=380562&tstart=0&trange=15
Regards,
Andrea Colleoni -
J2ee project: ldap or rdbms for users?
Hi,
I am about to design and implement a java-based product-quality (already have a working proof-of-concept) web service with the following components:
-ejb (session+entity) back end talking to a mysql db
-web client (browser) using servlets (possibly also JSF) to access session ejb.
-j2me personal profile client (using soap to talk to the back end) (PDA client)
While this service is not an online store, i suppose the design and requirements would be somewhat similar: personalized, scalable, secure and reliable. DB queries will be small in size (2-250k, vast majority 2-50k) but frequent. as with many personalized online services, users will have accounts which they will create themselves. Scalability will be important (potentially into several million users, though initially no more than 10,000), so some form of clustering will probably be needed.
Here's where i need some advice:
-should i utilize LDAP to store and access user information (e-mail, address, and encrypted passwords) or should i just these as columns to a table in my DB schema? what would be advantages of each approach?
-where should i store session information? specifically: currently i utilize stateless session beans, so session info is stored:
-in servlet's HttpSession when service is accessed through browser
-in Personal Profile application, when service is accessed via PDA
It seems to me this way i reduce load on the app server as well as network traffic (in PDA's case). Would storing session info in a stateful session bean be any better? Why?
thank you very much,
-nikita
ps. any to the point literature on end-to-end java-based architectures (online or printed)?ps. any to the point literature on end-to-end java-based architectures (online or printed)?Maybe you could take a look at the J2EE blueprint resources at http://java.sun.com/blueprints/enterprise/index.html.
-
HOW TO DO: J2EE declaritive Security without LDAP????
My client doesn't want to store stuff in LDAP, and we already have existing authoriztion infrastruction stored in a DB. How can I my existing security infrastructure in conjuction with J2EE declarative security and iAS (6sp3, Solaris, oracle db, web clients)?
<i>Q: HOW TO DO: J2EE declaritive Security without LDAP?</i>
A: It can't be done with iAS. iAS 6.x expects security information to be in LDAP.
Your only option if they want to use a relational database is either to use some sort of meta directory (replication) to move the data from the relational database, or so sort of LDAP to RDBMS gateway.
David
http://www.amazon.com/exec/obidos/ASIN/076454909X/ -
Difference LDAP & SQL & ORACLE
Hi All
I'm currently working in a messaging environment which
includes LDAP Server and here i want to know the difference
bettween LDAP - SQL - ORACLE.
The Read access is faster in LDAP than write ? is it correct ??
& i think in SQL write access is faster that read acess ?? is it correct??
My Ques..
1) If Any body know difference between LDAP,SQL & ORACLE ?
kindly let me know ??
Thanks in Advance.LDAP is a standard defined at IETF (RFC 4510 and associated)
It is derived from the ISO-ITU standard X.500 and has a hierarchical, object oriented model.
Sun Directory Server implements LDAP.
SQL is a query language to access relational databases.
Oracle is a company which has several products including a relational database, an LDAP server (Oracle OID).
For more details, I would suggest a simple search on the internet for "LDAP vs RDBMs". There are many well written articles available.
Regards,
Ludovic. -
Error while configuring second instance of OIF
Hi,
i am installing OIF in dev environment in clusterred mode. I was able to create one instance successfully, but whille creating second i am getting error.
The parameters of im_config_only.rsp are as below:
[ENGINE]
#DO NOT CHANGE THIS.
Response File Version=1.0.0.0.0
[GENERIC]
#Provide true to create a new weblogic domain. WebLogic Server must already be installed.
CREATE_NEW_DOMAIN=false
#Provide true to extend domain. WebLogic Server must already be installed and the domain must be up and running.
USE_EXISTING_DOMAIN=false
#Provide true to configure components without domain.
NO_DOMAIN=false
#Provide true to expand the clusters in domain. WebLogic Server must already be installed and the domain must be up and running.
EXTEND_CLUSTER=true
#Domain name may only contain alphanumeric characters or the underscore (_) or hyphen (-) characters.
DOMAIN_NAME=IDMDomain
#Provide the complete path of domain home.
DOMAIN_HOME=/users/oif/Oracle/Middleware/user_projects/domains/IDMDomain
#Provide the User Name for WebLogic Domain. The value may only contain alphanumeric characters, or the underscore (_) or hyphen (-) characters.
DOMAIN_ADMINISTRATOR_USERNAME=admin
#Provide the password for WebLogic Domain. Valid passwords are 8 to 30 characters long, must begin with an alphabetic character, use only alphanumeric, underscore (_), dollar ($) or pound (#) characters and include at least one number.
DOMAIN_ADMINISTRATION_PASSWORD=xxxxxxx
#Confirm the WebLogic Domain password.
ADMINISTRATOR_PASSWORD_CONFIRM=xxxxxxx
#Provide the localhost name for Create Domain and machine name on which domain is up and running for Extend Domain and Expand Cluster.
DOMAIN_HOST_NAME=xxxxxx
#Provide the port in which domain is up and running. Required for Extend Domain and Expand Cluster.
DOMAIN_PORT_NO=7001
#Write the complete path to a valid Middleware Home.
AS_HOME_LOCATION=/users/oif/Oracle/Middleware
#Give the complete path to a valid WebLogic Server Home.
WL_HOME=/users/oif/Oracle/Middleware/wlserver_10.3
#Give the name of the Oracle Home directory. The Oracle Home directory name may only contain alphanumeric , hyphen (-) , dot (.) and underscore (_) characters, and it must begin with an alphanumeric character.
ORACLE_HOME=/users/oif/Oracle/Middleware/Oracle_IDM1
#Give the complete path for an Oracle Instance directory to be created. This is the location where the software configuration files and runtime processes will reside.
INSTANCE_HOME=/users/oif/Oracle/Middleware/oif_inst2
#Give a name for Oracle Instance corresponding to the Instance Home. The Oracle Instance name may only contain alphanumeric and underscore (_) characters, it must begin with an alphabetic (a-z or A-Z) character, and must be from 4 to 30 characters in length.
INSTANCE_NAME=oif_inst2
#Give OID if Oracle Internet Directory is selected for configuration.
LIST_OF_COMPONENTS_FOR_SCHEMAS=OID:
#Set this to true if you want the configuration wizard to assign the ports automatically.
AUTOMATIC_PORT_DETECT=true
#Give the location for the file containing the list of static ports if you manually want to assign ports.
STATICPORT INI FILE LOCATION=
#Provide a password for a new account to connect to the Oracle Virtual Directory administrative service, cn=orcladmin. Use 5-30 characters. Use only alphanumerics, underscore (_), dollar ($), or pound (#). At least one number is required.
OVD_ADMIN_PASSWORD=<SECURE VALUE>
#Confirm the password of Oracle Virtual Directory administrative service.
CONFIRM_OVD_ADMIN_PASSWORD=<SECURE VALUE>
#Provide the base, or the leftmost entry, of the virtual directory namespace that Oracle Virtual Directory will use to set its initial Access Control Lists (ACLs). For example, for the namespace dc=mycompany,dc=com, you would enter dc=com.
OVD_LDAPv3_NAME_SPACE=dc=us,dc=oracle,dc=com
#Provide true to enable the HTTP Web Gateway to be protected by SSL. Oracle highly recommends that you use SSL/TLS for Oracle Virtual Directory's administrative gateway service. Disabling SSL/TLS could result in your server administration traffic being monitored and even compromised.
IS_ADMIN_SERVER_OF_OVD_IN_SECURE_MODE=true
#provide true for securing HTTP client connection information. Give true if HTTP Web Gateway is set to true.
IS_HTTP_WEB_GATEWAY_OF_OVD_SECURE=false
#Provide true for Oracle Virtual Directory to be configured.
IS_LDAP_CLIENT_LISTENER_FOR_OVD_SELECTED=false
#Oracle Virtual Directory includes an HTML-based gateway that provides DSML and XSLT-rendered directory reporting. Provide true to enable HTML-based gateway.
IS_HTTP_WEB_GATEWAY_OF_OVD_SELECTED=false
#Specify a new Administrator User Name to connect to the Oracle Virtual Directory administrative service, For example, for the Administrator User Name you would enter cn=orcladmin.
OVD_ADMIN=cn=orcladmin
#Provide true if OID scheme version is 10g.
OID_UPGRADE_FLAG=false
#Provide true to create OID Schema.
CREATE_OID_SCHEMA=false
#Provide the OID schema name.
OID_SCHEMA_NAME=ODS
#Provide true if ODS schema chosen is already being used by an existing OID . Please ensure that the system time on this Identity Management Node is in sync with the time on other Identity Management Nodes that are part of this Oracle Application Server Cluster (Identity Management) configuration. Failure to ensure this may result in unwanted instance failovers, inconsistent operational attributes in directory entries and potential inconsistent behaviour of password state policies.
IS_SECOND_OID_INSTALL=true
#Provide true if RAC database is used.
IS_OID_RACDB_INSTANCE_NAME_SPECIFIED=false
#Provide the DN of the top node for storing component data in the directory. This can be a realm, or the top node of a branch, instead of the top node of the directory.
OID_NAMESPACE=dc=us,dc=oracle,dc=com
#Provide a 5-30 character password for OID server administrator. Use only alphanumerics, underscore (_), dollar ($), or pound (#). At least one number is required.
OID_ADMIN_PASSWORD=<SECURE VALUE>
#Confirm OID Administrator password.
OID_ADMIN_CONFIRM_PASSWORD=<SECURE VALUE>
#Provide Oracle Internet Directory Server user name.
OID_USER=cn=orcladmin
#Provide a 5-30 character password for PKCS12. Use only alphanumerics, underscore (_), dollar ($), or pound (#). At least one number is required.
PKCS12_PASSWORD=xxxx
#Confirm PKCS12 password
PKCS12_PASSWORD_CONFIRM=xxxxx
#The Server ID identifies the Oracle Identity Federation instance. The Server ID must be unique within the domain per logical Oracle Identity Federation instance. Thus, clustered instances acting as a single logical instance will have the same Server ID.
OIF_SERVER_ID=oif_server2
#Provide true for Advanced Configuration of Oracle Identity Federation. The user would be able to specify the Authentication Mechanism, User Data Store, Federation Data Store and the Transient Data Store.
OIF_CONFIGURATION_TYPE_ADVANCED=true
#Provide true for Basic Configuration of Oracle Identity Federation.
OIF_CONFIGURATION_TYPE_BASIC=false
#Provide Authentication Mechanism for Oracle Identity Federation. Valid values are JAAS and LDAP.
OIF_AUTHENTICATION_TYPE=JAAS
#Provide User Data Store type for Oracle Identity Federation. Valid values are NONE,LDAP and RDBMS.
OIF_USER_STORE_TYPE=NONE
#Provide Federation Data Store type for Oracle Identity Federation. Valid values are NONE,LDAP,RDBMS and XML.
OIF_FEDERATION_STORE_TYPE=NONE
#Provide User Session Store type for Oracle Identity Federation. Valid values are MEMORY and RDBMS.
OIF_USER_SESSION_STORE_TYPE=RDBMS
#Provide Message Store type for Oracle Identity Federation. Valid values are MEMORY and RDBMS.
OIF_MESSAGE_STORE_TYPE=RDBMS
#Provide Configuration Store type for Oracle Identity Federation. Valid values are FILE and RDBMS.
OIF_CONFIGURATION_STORE_TYPE=RDBMS
#Provide true if User Data Store type is LDAP.
IS_OIF_USER_STORE_LDAP_TYPE=false
#Provide true if User Data Store type is RDBMS.
IS_OIF_USER_STORE_RDBMS_TYPE=false
#Provide true if Federation Data Store type is LDAP.
IS_OIF_FEDERATION_STORE_LDAP_TYPE=false
#Provide true if Federation Data Store type is RDBMS.
IS_OIF_FEDERATION_STORE_RDBMS_TYPE=false
#Provide true if Oracle Identity Federation Store is of type RDBMS.
IS_OIF_STORE_RDBMS_TYPE=true
#Provide true if Federation Authentication Mechanism is LDAP.
IS_OIF_AUTHENTICATION_LDAP_TYPE=false
#Provide true if Message Store type is RDBMS.
IS_OIF_MESSAGE_STORE_RDBMS_TYPE=true
#Provide true if Configuration Store type is RDBMS.
IS_OIF_CONFIGURATION_STORE_RDBMS_TYPE=true
#Provide true if Federation Data Store type is XML.
IS_OIF_FEDERATION_STORE_XML_TYPE=false
#Provide the full path for the Transient Data Store database host, listen port, and service name , for example, myserver.mycompany.com:1111:mydb1. Separate the path, port, and service name using a colon (:).
TRANSIENT_RDBMS_HOSTNAME=xxxxxx
#Provide the Oracle Identity Federation schema name for Transient Data Store.
TRANSIENT_RDBMS_USER_NAME=ST_OIF
#Provide the password for Transient Data Store schema.
TRANSIENT_RDBMS_PASSWORD=xxxxx
#Provide true if RAC Database is used for Transient Data Store.
IS_OIF_TRANSIENT_STORE_RAC_INSTANCE_SPECIFIED=false
#Provide true if RAC Database with instance name is used for Transient Data Store.
OIF_RACDB_TRANSIENT_STORE_URL_WITH_INSTANCE=false
#Provide the full path for the User Store database host, listen port, and service name , for example, myserver.mycompany.com:1111:mydb1. Separate the path, port, and service name using a colon (:).
USER_RDBMS_HOSTNAME=localhost:1521:orcl.us.oracle.com
#Provide the database user name for User Data Store.
USER_RDBMS_USER_NAME=scott
#Provide the password for User Data Store user.
USER_RDBMS_PASSWORD=<SECURE VALUE>
#Provide Login Table for User Data Store user.
USER_RDBMS_LOGIN_TABLE=EMP
#Provide User ID Attribute for User Data Store.
USER_RDBMS_USER_ID_ATTRIBUTE=ENAME
#Provide User Description Attribute for User Data Store.
USER_RDBMS_USER_DESCRIPTION_ATTRIBUTE=JOB
#Provide true if RAC Database is used for User Data Store.
IS_OIF_USER_STORE_RAC_INSTANCE_SPECIFIED=
#Provide true if RAC Database with instance name is used for User Data Store.
OIF_RACDB_USER_STORE_URL_WITH_INSTANCE=
#Provide the full path for the Federation Data Store database host, listen port, and service name , for example, myserver.mycompany.com:1111:mydb1. Separate the path, port, and service name using a colon (:).
FEDERATION_RDBMS_HOSTNAME=localhost:1521:orcl.us.oracle.com
#Provide the Oracle Identity Federation schema name for Federation Data Store.
FEDERATION_RDBMS_USER_NAME=dev_oif
#Provide the password for Federation Data Store schema.
FEDERATION_RDBMS_PASSWORD=<SECURE VALUE>
#Provide true if RAC Database is used for Federation Data Store.
IS_OIF_FED_STORE_RAC_INSTANCE_SPECIFIED=<SECURE VALUE>
#Provide true if RAC Database with instance name is used for Federation Data Store.
OIF_RACDB_FED_STORE_URL_WITH_INSTANCE=<SECURE VALUE>
[SYSTEM]
[APPLICATIONS]
#Provide true if configuring in a clustered environment.
IS_CLUSTER_CONFIGURATION=true
[RELATIONSHIPS]
#Provide true to configure Oracle Internet Directory.
CONFIGURE_OID_COMPONENT=false
#Provide true to configure Oracle Directory Integration Platform.
CONFIGURE_DIP_COMPONENT=false
#Provide true to configure Oracle Virtual Directory.
CONFIGURE_OVD_COMPONENT=false
#Provide true to configure Oracle Identity Fedration.
CONFIGURE_OIF_COMPONENT=true
#Provide true to configure Oracle Directory Service Manager.
CONFIGURE_ODSM_COMPONENT=false
#Provide true to configure Enterprise Management.
CONFIGURE_EM_COMPONENT=false
#Provide true to configure federation components.
FEDERATION_COMPONENTS_FOR_CONFIGURE=false
#Provide true to configure management components.
MANAGEMENT_COMPONENTS_FOR_CONFIGURE=false
#Provide the list of components selected for configuration separated by colon. Example OID:OVD:DIP:ODSM
SELECTED_COMPONENTS_FOR_CONFIGURATION=OIF
#Enter the full path, listen port, and service name for the database, for example myserver.mycompany.com:1111:mydb1. Separate the path, port, and service name using a colon (:).
OID_DB_INFO=localhost:1521:orcl.us.oracle.com
#Provide the database OID schema name.
OID_DB_USER=ODS
#Provide the database ODSSM schema name
ODSSM_DB_USER=ODSSM
#Provide the ODS schema password.
ODS_PASSWORD=<SECURE VALUE>
#Confirm the ODS Schema password.
CONFIRM_ODS_PASSWORD=<SECURE VALUE>
#Provide the ODSSM schema password.
ODSSM_PASSWORD=<SECURE VALUE>
#Confirm the ODSSM schema password.
CONFIRM_ODSSM_PASSWORD=<SECURE VALUE>
#Provide false if service name is used.
IS_SERVICE_ID_USED=false
#Provide true if RAC database URL with instance name is used.
OID_RACDB_URL_WITH_INSTANCE_NAME=<SECURE VALUE>
#Provide the Administrator password for Oracle Internet Directory.
OID_ADMIN_PASSWORD=<SECURE VALUE>
#Provide true to create a new metadata repository in the database provided by the user. The schema here refers to the ODS schema for OID.
CREATE_NEW_SCHEMA=false
#Provide true if component schema has already been created using Repository Creation Utility (RCU) into an available database. The schema here refers here to the ODS schema for OID.
USE_EXISTING_SCHEMA=true
#Provide the database user name. The user must have SYSDBA user privileges in order to create the metadata repository.
CREATE_DATABASE_USERNAME=
#Provide the database password. The user must have SYSDBA user privileges in order to create the metadata repository.
CREATE_DATABASE_PASSWORD=<SECURE VALUE>
#Provide the LDAP Type for Authentication Mechanism. Valid values are Oracle Internet Directory,Oracle Virtual Directory,Microsoft Active Directory,SunOne and IBM Directory Server
AUTHENTICATION_LDAP_TYPE=Oracle Internet Directory
#Provide the LDAP URL for Authentication Mechanism. Format:ldap://host:port or ldaps://host:port.
AUTHENTICATION_LDAP_TYPE_LDAP_URL=ldap://localhost:3060
#Provide the user name of LDAP server for Authentication Mechanism.
AUTHENTICATION_LDAP_TYPE_LDAP_USER_NAME=cn=orcladmin
#Provide the LDAP server password for Authentication Mechanism.
AUTHENTICATION_LDAP_TYPE_LDAP_PASSWORD=<SECURE VALUE>
#Provide the LDAP Base DN for Authentication Mechanism.
AUTHENTICATION_LDAP_BASE_DN=dc=us,dc=oracle,dc=com
#Provide the LDAP User Credential ID for Authentication Mechanism.
AUTHENTICATION_USER_CREDENTIAL_ID_ATTRIBUTE=uid
#Provide the LDAP User Unique ID for Authentication Mechanism.
AUTHENTICATION_USER_UNIQUE_ID_ATTRIBUTE=uid
#Provide the LDAP Person Object Class for Authentication Mechanism.
AUTHENTICATION_PERSON_OBJECT_CLASS=inetOrgPerson
#Provide the LDAP User Description Attribute for User Data Store.
USER_LDAP_USER_DESCRIPTION_ATTRIBUTE=uid
#Provide the LDAP User ID Attribute for User Data Store.
USER_LDAP_USER_ID_ATTRIBUTE=orclguid
#Provide the LDAP User Unique ID for User Data Store.
USER_LDAP_UNIQUE_ID=<SECURE VALUE>
#Provide the LDAP Person Object Class for User Data Store.
USER_LDAP_PERSON_OBJECT_CLASS=inetOrgPerson
#Provide the LDAP Base DN for User Data Store.
USER_LDAP_BASE_DN=dc=us,dc=oracle,dc=com
#Provide the LDAP Type for User Store. Valid values are Oracle Internet Directory,Oracle Virtual Directory,Microsoft Active Directory,SunOne and IBM Directory Server
USER_LDAP_TYPE=Oracle Internet Directory
#Provide the LDAP URL for User Data Store. Format:ldap://host:port or ldaps://host:port.
USER_LDAP_URL=ldap://localhost:3060
#Provide the user name of LDAP server for Federation Data Store.
USER_LDAP_USER_NAME=cn=orcladmin
#Provide the LDAP server password for User Data Store.
USER_LDAP_PASSWORD=<SECURE VALUE>
#Provide the LDAP User Federation Record Context for Federation Data Store.
FEDERATION_LDAP_USER_RECORD_CONTEXT=
#Provide the LDAP Type for Federation Data Store. Valid values are Oracle Internet Directory,Microsoft Active Directory,SunOne and IBM Directory Server
FEDERATION_LDAP_TYPE=Oracle Internet Directory
#Provide the LDAP URL for Federation Data Store. Format:ldap://host:port or ldaps://host:port.
FEDERATION_LDAP_URL=ldap://localhost:3060
#Provide the LDAP Container Object Class for Federation Data Store.
FEDERATION_LDAP_CONTAINER_OBJECT_CLASS=
#Provide the LDAP Domain Prefix for Federation Data Store. This value is needed only when LDAP type is Microsoft Active Directory.
FEDERATION_LDAP_AD_DOMAIN_PREFIX=
#Provide the user name of LDAP server for Federation Data Store.
FEDERATION_LDAP_USER_NAME=cn=orcladmin
#Provide the LDAP server password for Federation Data Store.
FEDERATION_LDAP_PASSWORD=<SECURE VALUE>
#Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
MYORACLESUPPORT_USERNAME=
#Provide the My Oracle Support Password
MYORACLESUPPORT_PASSWORD=
#Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
DECLINE_SECURITY_UPDATES=true
#Set this to true if My Oracle Support Password is specified
SECURITY_UPDATES_VIA_MYORACLESUPPORT=false
#Provide the Proxy Host
PROXY_HOST=
#Provide the Proxy Port
PROXY_PORT=
#Provide the Proxy Username
PROXY_USER=
#Provide the Proxy Password
PROXY_PWD=
#Provide true if extending the Oracle Identity Federation cluster
EXTEND_OIF_CLUSTER=true
#Provide true if extending the Oracle Directory Service cluster.
EXTEND_ODS_CLUSTER=false
#Provide true if DIP Schema version is 10g.
DIP_UPGRADE_FLAG=false
The error i am getting is :
Checking swap space: must be greater than 500 MB. Actual 8192 MB Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2013-04-16_02-47-54AM. Please wait ...iamoifat-z2> Log: /users/oif/Oracle/oraInventory/logs/install2013-04-16_02-47-54AM.log
Copyright (c) 1982, 2010, Oracle and/or its affiliates. All rights reserved.
Reading response file..
Verifying data......
[VALIDATION] [ERROR]:INST-07270: Specified instance name already exists in the domain
[VALIDATION] [SUGGESTION]:Provide a different value
configuration Failed. Exiting configuration due to data validation failure.
Please help and let me know if i have missed any thing. As i am new to OIF , also let me know if other details are requiredAny one has any idea??/
-
Propagation error when trying to download inventory from server
Hi there,
Has anyone seen the following error when trying to download an inventory from the server.:
Buildfile: C:\bea10.3\user_projects\workspaces\RST\RSTPropagation\21102009\propbuild.xml
import:
BUILD FAILED
C:\bea10.3\user_projects\workspaces\RST\RSTPropagation\21102009\propbuild.xml:39: The propagation servlet returned a failure response: The [Download] operation is halting due to the following failure: null
Additional Information:
The propagation servlet returned the following log information found in [C:\DOCUME~1\myuser\LOCALS~1\Temp\onlineDownload__D21_H11_M8_S11.log]:
INFO (Oct 21, 2009 11:08:11 AM SAST): Verbose logging has been disabled on the server.
INFO (Oct 21, 2009 11:08:11 AM SAST): The propagation servlet is starting the [Download] operation.
INFO (Oct 21, 2009 11:08:11 AM SAST): The modifier [allowMaintenanceModeDisabled] with a value of [true] will be used for this operation.
INFO (Oct 21, 2009 11:08:11 AM SAST): Validating that current user is in the Admin role...SUCCESS
ERROR (Oct 21, 2009 11:08:11 AM SAST): Validating that Maintenance Mode is enabled...FAILURE
ERROR (Oct 21, 2009 11:08:11 AM SAST): Maintenance Mode has not been enabled on the server. With Maintenance Mode disabled it is possible for users to modify the application. This may cause problems for propagation.
WARNING (Oct 21, 2009 11:08:11 AM SAST): Because the modifier [allowMaintenanceModeDisabled] was enabled this validation failure will be ignored and the operation will proceed. However, users will still be able to make modifications to the application, which could lead to missing data and unexpected propagation errors.
WARNING (Oct 21, 2009 11:08:11 AM SAST): The temporary directory on the server used by propagation is [portal/bea10.3/user_projects/domains/RSTDomain/servers/wl_nstf/tmp/_WL_user/RSTEar/7v9j6d/public] with a length of [99] bytes. It is recommended that you shorten this path to avoid path length related failures. See the propagation documentation on how to specify the inventoryWorkingFolder context-param for the propagation servlet.
INFO (Oct 21, 2009 11:08:19 AM SAST): Validating that LDAP and RDBMS security resources are in sync...SUCCESS
INFO (Oct 21, 2009 11:08:19 AM SAST): Writing the inventory file to the servers file system at [{0}].
ERROR (Oct 21, 2009 11:08:23 AM SAST): The [Download] operation is halting due to the following failure: null
Total time: 14 seconds
Please let me know if you have any ideas because "The [Download] operation is halting due to the following failure: null" means nothing to me.
Please note changing the maintenace mode makes no difference.Please enable Verbose Logging on the propagation servlet
http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/prodOps/propToolAdvanced.html#wp1071690
and check the logs on the server, they might give a clue -
Propagation error during upload entitlement process
While applying entitlement we are getting this error
queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031360989> <BEA-000000> <The [Upload] operation is halting due to the following failure: Posted content length of 10682519 exceeds limit of 10485760>**
We are running on WLP 10.3. Any idea why we are getting this error since this used to work previously.
Here is the complete log.
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1250031321516> <BEA-000000> <The environment name has been configured in web.xml as [Production].>
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1250031321517> <BEA-000000> <Verbose logging has been enabled in web.xml.>
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031321594> <BEA-000000> <Verbose logging has been disabled on the server.>
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031321595> <BEA-000000> <The propagation servlet is starting the [Mutex] operation.>
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031321595> <BEA-000000> <The mutex is currently available from the propagation servlet. >
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031321595> <BEA-000000> <The propagation servlet has finished the [Mutex] operation.>
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031321851> <BEA-000000> <Verbose logging has been disabled on the server.>
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031321852> <BEA-000000> <The propagation servlet is starting the [Maintenance Mode] operation.>
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031321949> <BEA-000000> <Maintenance mode has been enabled.>
####<Aug 11, 2009 3:55:21 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031321950> <BEA-000000> <The propagation servlet has finished the [Maintenance Mode] operation.>
####<Aug 11, 2009 3:55:22 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031322171> <BEA-000000> <Verbose logging has been disabled on the server.>
####<Aug 11, 2009 3:55:22 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031322172> <BEA-000000> <The propagation servlet is starting the [Download] operation.>
####<Aug 11, 2009 3:55:22 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031322173> <BEA-000000> <The modifier [allowMaintenanceModeDisabled] with a value of [true] will be used for this operation.>
####<Aug 11, 2009 3:55:22 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031322173> <BEA-000000> <The modifier [allowSecurityOutOfSync] with a value of [true] will be used for this operation.>
####<Aug 11, 2009 3:55:22 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031322187> <BEA-000000> <Validating that current user is in the Admin role...SUCCESS>
####<Aug 11, 2009 3:55:22 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031322188> <BEA-000000> <Validating that Maintenance Mode is enabled...SUCCESS>
####<Aug 11, 2009 3:55:30 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031330866> <BEA-000000> <Validating that LDAP and RDBMS security resources are in sync...SUCCESS>
####<Aug 11, 2009 3:55:30 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031330892> <BEA-000000> <The current export will overwrite any existing data in the directory [local/domains/portal_domain/servers/AdminServer/tmp/_WL_user/PortalEar/omcqtg/public/invSvcTempFolder1562360295].>
####<Aug 11, 2009 3:55:43 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031343259> <BEA-000000> <The user [weblogic] has initiated an export with the Propagation Tool.>
####<Aug 11, 2009 3:55:44 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031344417> <BEA-000000> <Validating the inventory file [local/domains/portal_domain/servers/AdminServer/tmp/_WL_user/PortalEar/omcqtg/public/invSvcTempFile868909347.zip] does not exceed the max inventory size of [4,294,967,296] bytes...SUCCESS>
####<Aug 11, 2009 3:55:44 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031344418> <BEA-000000> <The propagation servlet has finished the [Download] operation.>
####<Aug 11, 2009 3:56:00 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031360989> <BEA-000000> <Verbose logging has been disabled on the server.>
####<Aug 11, 2009 3:56:00 PM PDT> <Info> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031360989> <BEA-000000> <The propagation servlet is starting the [Upload] operation.>
*####<Aug 11, 2009 3:56:00 PM PDT> <Error> <InventoryServices> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1250031360989> <BEA-000000> <The [Upload] operation is halting due to the following failure: Posted content length of 10682519 exceeds limit of 10485760>*
####<Aug 11, 2009 4:00:00 PM PDT> <Info> <Lease> <sfrhvmportalint.prn.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1250031600957> <BEA-403301> <Auto lease timer is still running for lease PortalFrameworkDotFilesLoadedLease&PortalEar&PortalWar.war.>I tried the last two options for Increasing the Default Upload File Size as said in the below site but it does not work out. Any other solutions for avoiding this error
The [Upload] operation is halting due to the following failure: Posted content length of 69302451 exceeds limit of 10485760
http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/prodOps/propToolAdvanced.html#wp1070764 -
P13/Profile data sharing between two WLP instance
We are using WLP 10.3 with oracle as our portal database, we have lot of users in QA and their user profile data stored in one of our WLP-1 instance, now there is need of another WLP instance that we would like to use.
Here is what we did
1. We cloned the database information related to WLP-1 to another database intended for WLP-2
1. We created another WLP domain(WLP-2), and modified the all the data source to point to the 2nd database schema assuming that all the profile data and users will be availble to WLP-2.
Now we are deploying our application to WLP-2 domain, here is what we are getting while deploying, during deployment we do set entitlement information from a XML file(Imported/downloaded from our primary development machine where we do all the build/entitlements setting), not sure if there any other way to clone a WLP domain/ user profile.
Any help on this is much appreciated.
####<Nov 5, 2009 2:44:54 PM PST> <Info> <PortletServer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461094796> <BEA-420653> <[Portal] Deploying the portlet application in webapp [WEB-INF/portlet.xml].>
####<Nov 5, 2009 2:44:55 PM PST> <Info> <ServletContext-/Portal> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461095046> <BEA-000000> <Initializing Spring root WebApplicationContext>
####<Nov 5, 2009 2:45:06 PM PST> <Info> <ServletContext-/prnService> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461106633> <BEA-000000> <Initializing Spring root WebApplicationContext>
####<Nov 5, 2009 2:45:07 PM PST> <Error> <Entitlements> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107820> <BEA-402731> <Attempt to persist entitlements reference document failed. Attempted to ["createResourceRef"] at location ["ResourceRef: resourceRefID 4001 appID 2001 resourceName content Virtual Content Repository PRN Portal Document Repository description capability can_vis_view metaData null providerName XACMLRoleMapperPolicyRef: resourceRefID 4001 roleAppID 2001 resourceAppID 2001 resourceCapability can_vis_view roleID2001 providerName XACMLAuthorizer"] for document [""] failed.
java.sql.SQLException: [BEA][Oracle JDBC Driver][Oracle]ORA-00001: unique constraint (WLP_USER2.PK_ENT_POLICY) violated
at weblogic.jdbc.base.BaseExceptions.createException(Unknown Source)
at weblogic.jdbc.base.BaseExceptions.getException(Unknown Source)
at weblogic.jdbc.oracle.OracleImplStatement.execute(Unknown Source)
at weblogic.jdbc.base.BaseStatement.commonExecute(Unknown Source)
at weblogic.jdbc.base.BaseStatement.executeUpdateInternal(Unknown Source)
at weblogic.jdbc.base.BasePreparedStatement.executeUpdate(Unknown Source)
at weblogic.jdbc.wrapper.PreparedStatement.executeUpdate(PreparedStatement.java:159)
at com.bea.p13n.entitlements.management.internal.RDBMSEntitlementRefDelegate.createPolicyRef(RDBMSEntitlementRefDelegate.java:888)
at com.bea.p13n.entitlements.management.persistence.internal.RDBMSEntitlementRef.createResourceRef(RDBMSEntitlementRef.java:213)
at com.bea.p13n.entitlements.management.internal.RDBMSPolicyRefManager.setPolicyRefItem(RDBMSPolicyRefManager.java:126)
at com.bea.p13n.entitlements.management.internal.RDBMSSecurityPolicyManager.processCreatePolicyRoles(RDBMSSecurityPolicyManager.java:1045)
at com.bea.p13n.entitlements.management.internal.RDBMSSecurityPolicyManager.createSecurityPolicy(RDBMSSecurityPolicyManager.java:143)
at com.bea.p13n.entitlements.management.SecurityPolicyManager.createSecurityPolicy(SecurityPolicyManager.java:87)
at com.bea.content.federated.ContentSecurityHelper.createVisitorSecurityPolicy(ContentSecurityHelper.java:459)
at com.bea.content.manager.internal.ContentUpgradeListener.createDefaultViewPolicy(ContentUpgradeListener.java:204)
at com.bea.content.manager.internal.ContentUpgradeListener.postStartInternal(ContentUpgradeListener.java:95)
at com.bea.content.manager.internal.ContentUpgradeListener.access$000(ContentUpgradeListener.java:51)
at com.bea.content.manager.internal.ContentUpgradeListener$1.run(ContentUpgradeListener.java:69)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at com.bea.content.manager.internal.ContentUpgradeListener.postStart(ContentUpgradeListener.java:65)
at weblogic.application.internal.flow.BaseLifecycleFlow$PostStartAction.run(BaseLifecycleFlow.java:292)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:194)
at weblogic.application.internal.flow.BaseLifecycleFlow.postStart(BaseLifecycleFlow.java:66)
at weblogic.application.internal.flow.TailLifecycleFlow.activate(TailLifecycleFlow.java:33)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:635)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:16)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:162)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:569)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:140)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:106)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:323)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:820)
at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1227)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:436)
at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:163)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:181)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:12)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:67)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
####<Nov 5, 2009 2:45:07 PM PST> <Error> <Entitlements> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107845> <BEA-402731> <Attempt to persist entitlements reference document failed. Attempted to ["createResourceRef"] at location ["ResourceRef: resourceRefID 2002 appID 2002 resourceName content MARKER_POLICY description capability MARKER_CAPABILITY metaData null providerName XACMLRoleMapperPolicyRef: resourceRefID 2002 roleAppID 2002 resourceAppID 2002 resourceCapability MARKER_CAPABILITY roleID2002 providerName XACMLAuthorizer"] for document [""] failed.
java.sql.SQLException: [BEA][Oracle JDBC Driver][Oracle]ORA-00001: unique constraint (WLP_USER2.PK_ENT_POLICY) violated
at weblogic.jdbc.base.BaseExceptions.createException(Unknown Source)
at weblogic.jdbc.base.BaseExceptions.getException(Unknown Source)
at weblogic.jdbc.oracle.OracleImplStatement.execute(Unknown Source)
at weblogic.jdbc.base.BaseStatement.commonExecute(Unknown Source)
at weblogic.jdbc.base.BaseStatement.executeUpdateInternal(Unknown Source)
at weblogic.jdbc.base.BasePreparedStatement.executeUpdate(Unknown Source)
at weblogic.jdbc.wrapper.PreparedStatement.executeUpdate(PreparedStatement.java:159)
at com.bea.p13n.entitlements.management.internal.RDBMSEntitlementRefDelegate.createPolicyRef(RDBMSEntitlementRefDelegate.java:888)
at com.bea.p13n.entitlements.management.persistence.internal.RDBMSEntitlementRef.createResourceRef(RDBMSEntitlementRef.java:213)
at com.bea.p13n.entitlements.management.internal.RDBMSPolicyRefManager.setPolicyRefItem(RDBMSPolicyRefManager.java:126)
at com.bea.p13n.entitlements.management.internal.RDBMSSecurityPolicyManager.processCreatePolicyRoles(RDBMSSecurityPolicyManager.java:1045)
at com.bea.p13n.entitlements.management.internal.RDBMSSecurityPolicyManager.createSecurityPolicy(RDBMSSecurityPolicyManager.java:143)
at com.bea.p13n.entitlements.management.SecurityPolicyManager.createSecurityPolicy(SecurityPolicyManager.java:87)
at com.bea.p13n.delegation.management.DelegationPolicyManager.createDelegationPolicy(DelegationPolicyManager.java:198)
at com.bea.content.federated.ContentSecurityHelper.createDAPolicy(ContentSecurityHelper.java:567)
at com.bea.content.manager.internal.ContentUpgradeListener.createMarkerPolicy(ContentUpgradeListener.java:152)
at com.bea.content.manager.internal.ContentUpgradeListener.postStartInternal(ContentUpgradeListener.java:98)
at com.bea.content.manager.internal.ContentUpgradeListener.access$000(ContentUpgradeListener.java:51)
at com.bea.content.manager.internal.ContentUpgradeListener$1.run(ContentUpgradeListener.java:69)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at com.bea.content.manager.internal.ContentUpgradeListener.postStart(ContentUpgradeListener.java:65)
at weblogic.application.internal.flow.BaseLifecycleFlow$PostStartAction.run(BaseLifecycleFlow.java:292)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:194)
at weblogic.application.internal.flow.BaseLifecycleFlow.postStart(BaseLifecycleFlow.java:66)
at weblogic.application.internal.flow.TailLifecycleFlow.activate(TailLifecycleFlow.java:33)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:635)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:16)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:162)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:569)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:140)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:106)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:323)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:820)
at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1227)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:436)
at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:163)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:181)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:12)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:67)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <Deployer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107851> <BEA-149059> <Module prnService of application PortalEar is transitioning from STATE_ADMIN to STATE_PREPARED on server AdminServer.>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <WlwConfigModule> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107852> <BEA-000000> <deactivate descriptor: WEB-INF/beehive-url-template-config.xml com.bea.wlw.runtime.descriptor.urltemplate.config.UrlTemplateConfigBeanImpl>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <ServletContext-/prnService> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461107884> <BEA-000000> <Closing Spring root WebApplicationContext>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <Deployer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107924> <BEA-149060> <Module prnService of application PortalEar successfully transitioned from STATE_ADMIN to STATE_PREPARED on server AdminServer.>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <Deployer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107924> <BEA-149059> <Module Portal of application PortalEar is transitioning from STATE_ADMIN to STATE_PREPARED on server AdminServer.>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <WlwConfigModule> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107925> <BEA-000000> <deactivate descriptor: WEB-INF/beehive-url-template-config.xml com.bea.wlw.runtime.descriptor.urltemplate.config.UrlTemplateConfigBeanImpl>
####<Nov 5, 2009 2:45:08 PM PST> <Info> <ServletContext-/Portal> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461108016> <BEA-000000> <Closing Spring root WebApplicationContext>
####<Nov 5, 2009 2:45:08 PM PST> <Warning> <JMX> <sfrhvmportalqawl02.prn.com> <AdminServer> <listenerContainer-2> <<WLS Kernel>> <> <> <1257461108941> <BEA-149517> <An attempt was made to unregister an mbean that was already unregistered: weblogic.jms.frontend.FESession@275e1ed>
####<Nov 5, 2009 2:45:08 PM PST> <Info> <Deployer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461108969> <BEA-149060> <Module Portal of application PortalEar successfully transitioned from STATE_ADMIN to STATE_PREPARED on server AdminServer.>No I think it is supported, here is my commit.log which says we can re-use a existing WLP RDBMS with a new WLP domain. I just don't know how to reset, We are not sharing the same db here, we have a copy of original portal schema/db
INFO (Nov 5, 2009 3:22:21 PM PST): Verbose logging has been disabled on the server.
INFO (Nov 5, 2009 3:22:21 PM PST): The propagation servlet is starting the [Commit] operation.
INFO (Nov 5, 2009 3:22:21 PM PST): The modifier [allowMaintenanceModeDisabled] with a value of [true] will be used for this operation.
INFO (Nov 5, 2009 3:22:21 PM PST): The modifier [cm_checkinComment] with a value of [My sample checkin comment.] will be used for this operation.
INFO (Nov 5, 2009 3:22:21 PM PST): The modifier [allowSecurityOutOfSync] with a value of [true] will be used for this operation.
INFO (Nov 5, 2009 3:22:21 PM PST): The modifier [differenceStrategy] with a value of [pessimistic] will be used for this operation.
INFO (Nov 5, 2009 3:22:21 PM PST): Validating that current user is in the Admin role...SUCCESS
INFO (Nov 5, 2009 3:22:21 PM PST): Validating that the admin server is running...SUCCESS
INFO (Nov 5, 2009 3:22:21 PM PST): Validating that Maintenance Mode is enabled...SUCCESS
ERROR (Nov 5, 2009 3:22:23 PM PST): Validating that LDAP and RDBMS security resources are in sync...FAILURE
ERROR (Nov 5, 2009 3:22:23 PM PST): The security policy for resource [everyone PRNUsers PRN Administrator User Group] with capability [Create Update Delete User/Group] is missing in LDAP. If you have reset LDAP or configured a new WLP domain to use a pre-existing WLP RDBMS, then you must reset your RDBMS. Otherwise, insure all available patches have been applied to your installation. *
WARNING (Nov 5, 2009 3:22:23 PM PST): Because the modifier [allowSecurityOutOfSync] was enabled this validation failure will be ignored and the operation will proceed. However, this may cause propagation failures when accessing or modifiying security resources. *
ERROR (Nov 5, 2009 3:22:27 PM PST): Validating that manual elections have been fulfilled on the destination system...FAILURE
WARNING (Nov 5, 2009 3:22:27 PM PST): The following resources need to be updated on the destination application. Propagation does not handle updating these types of resources. They will need to be updated manually.
WARNING (Nov 5, 2009 3:22:27 PM PST): Resource [Application:portalservices:Portal.WebApp:Portal.Library:PRNHome.Portlet], Manual Explanation [This portlet definition is based on a .portlet file. If changes have been made to the .portlet file make sure to move the updated .portlet file to the destination application. If changes to the definition have been made using the Portal Administration Tools then propagation will make the necessary updates.].
WARNING (Nov 5, 2009 3:22:27 PM PST): Resource [Application:portalservices:Portal.WebApp:Portal.Library:campaignmodule.Portlet], Manual Explanation [This portlet definition is based on a .portlet file. If changes have been made to the .portlet file make sure to move the updated .portlet file to the destination application. If changes to the definition have been made using the Portal Administration Tools then propagation will make the necessary updates.].
INFO (Nov 5, 2009 3:22:27 PM PST): The commit operation will attempt to process [117] elections.
INFO (Nov 5, 2009 3:22:30 PM PST): The inventory was committed successfully.
INFO (Nov 5, 2009 3:22:30 PM PST): The propagation servlet has finished the [Commit] operation. -
Use of default XACML with custom role mapper and authorization provider
Hi,
Is it possible to use the default XACML provider for custom role mappers and authorization providers when role information will be provided via an external application ( not an LDAP or RDBMS server )?
My custom providers will be communicating with the external application via an API that accepts user credentials and will return decisions whether the credentials were successfully authenticated as well as returning a list of roles for the authenticated user.
Once the roles and the subject are cached, will the default XACML provider be able to use them to make role mapping and authorization decisions?I see 2 approaches. First, write a custom authenticator that stores the role information in the subject either by creating a custom java.security.Principal that is stored in the Subject or by saving it in PrivateCredentials of the Subject. Then right a custom role mapper that knows how to get the role information from the Subject and return a role Map. The default XACML Authorizer will then work with the role information in the role map.
Second approach is to write a custom role mapper that looks up the role information based on the Subject and returns a role map.
The chosen approach depends on where you're getting the role information from. -
Can I use OIM as a basic EAI tool ?
Hello,
I am in OIM product evaluation phase. I have a very basic question.
OIM is an User Provisioning tool. However, can I also provision other LDAP objects. To clarify further, say I have a custom object called "Entitlement" which stores entitlement definition for our organization. This is an independent object and is not directly tied to User (inetOrgPerson) . Can I provision these entitlement data to another RDBMS thru OIM ?
In other words can I use OIM as a basic EAI (Enterprise App Integration) tools for syncing any data from LDAP to a RDMS ?
Thanks!
KabiYes , you can very well use OIM to sync data between LDAP and RDBMS . OIM comes with lot of OOTB connector which connects to diff targets.
LDAP and RDBMS happened to one of those , so you can easily pull the data from ldap and push to RDBMS or anywhere else
Thanks
Suren -
Hi everyone,
Thanks already for beeing reading this. :)
We have got this problem when trying to obtain the propataion inventory. We are working in WLP 10.3.0.0 and Oracle DB 10.2. The error is as it follows:
The propagation servlet returned a failure response: The [Download] operation is halting due to the following failure: The security policy for resource [PortalSystemDelegator] with capability [delegate_further_manage] is missing in LDAP. If you have reset LDAP or configured a new WLP domain to use a pre-existing WLP RDBMS, then you must reset your RDBMS.
The propagation servlet returned the following log information found in [C:\Users\FRANCI~1\AppData\Local\Temp\onlineDownload__D4_H15_M51_S39.log]:
INFO (Nov 4, 2011 3:53:53 PM CLST): Verbose logging has been disabled on the server.
INFO (Nov 4, 2011 3:53:53 PM CLST): The propagation servlet is starting the [Download] operation.
INFO (Nov 4, 2011 3:53:53 PM CLST): The modifier [allowMaintenanceModeDisabled] with a value of [true] will be used for this operation.
INFO (Nov 4, 2011 3:53:53 PM CLST): Validating that current user is in the Admin role...SUCCESS
INFO (Nov 4, 2011 3:53:53 PM CLST): Validating that Maintenance Mode is enabled...SUCCESS
WARNING (Nov 4, 2011 3:53:53 PM CLST): The temporary directory on the server used by propagation is [/bea/user_projects/domains/domain_mov_9/servers/AdminServer/tmp/_WL_user/PortalMovistarEAR/1ovfo2/public] with a length of [104] bytes. It is recommended that you shorten this path to avoid path length related failures. See the propagation documentation on how to specify the inventoryWorkingFolder context-param for the propagation servlet.
ERROR (Nov 4, 2011 3:53:55 PM CLST): Validating that LDAP and RDBMS security resources are in sync...FAILURE
ERROR (Nov 4, 2011 3:53:55 PM CLST): The security policy for resource [PortalSystemDelegator] with capability [delegate_further_manage] is missing in LDAP. If you have reset LDAP or configured a new WLP domain to use a pre-existing WLP RDBMS, then you must reset your RDBMS. Otherwise, insure all available patches have been applied to your installation.
ERROR (Nov 4, 2011 3:53:55 PM CLST): The [Download] operation is halting due to the following failure: The security policy for resource [PortalSystemDelegator] with capability [delegate_further_manage] is missing in LDAP. If you have reset LDAP or configured a new WLP domain to use a pre-existing WLP RDBMS, then you must reset your RDBMS. Otherwise, insure all available patches have been applied to your installation. The situation is that there is Portal working already (given). We have created this new domain in our development environment and pointed all datasources to a pre-existing database (in fact, this database is a loaded dump from production).
Basically, our conclusion is that the role is in the DB (obviously, for it came within the dump from the production's DB) and it's not in the LDAP.
ANY help will do. Really.
Thanks in advance,
AndresThank you very very much to both of you.
We followed the precedure you pointed out and it provided to be the solution to our troubles. We just didn't follow the last 2 steps for we didn't have any crusial data on the LDAP. We were really stucked on this and now we can go on.
Again, thank you very much.
Whenever you stop by Chile, we will invite you to party / BBQ / or whatever do to thank you for the help,
Best regards,
Andrés -
Turning off FileServlet and SSIServlet
WLS 5.1 + SP5
Linux and Solaris
I have a webapp (servlet 2.2) deployed as a .war archive. All are JSP
files, with JSP <%@ include %> tags to HTML code fragments for header
and footer, and with IMG tags for GIFs and SCRIPT tags for stylesheets.
I have commented out reference to FileServlet in the weblogic.properties
file, and restart WLS. Tested the webapp and webapp seems to function
fairly well without the FileServlet.
The only thing is that WLS cannot serve the default index.html (The one
with all the links to WLS docs, etc.) of WLS, but other than that,
everything seems okay.
I can also run AdminMain.
Are there any ramifications into commenting out FileServlet?
Also, as I undestand, SSIServlet is for .jhtml files, and I am not using
those. Is it okay to comment out SSIServlet from the
weblogic.properties.
TIA,
JohnTo add to what Paul said, WL (like anything) comes with some popular set of
bells and whistles turned on, and defaults set relatively "friendly" from a
developer point of view. When you commercially deploy a web application,
chances are that you don't want it to be developer-friendly to anyone
happening to visit your site. You need to make sure that basically
everything you can turn off is off. Most sites should only accept a handful
of ports, such as HTTP and HTTPS, and that should be done by a dedicated
firewall. Nothing should be outside the firewall or in DMZland unless you
have very good reasons. An ftp server -- assuming it is needed at all --
should be on a separate host, and should ONLY allow anonymous ftp, with no
write access. Don't allow telnet from outside the firewall. Turn off ping
if you can. Get someone to portscan your site. Set up ftp.yoursite.com and
www.yoursite.com and yoursite.com to all be the same IP ... the firewall.
Check CERT ... even Linux and Solaris have known security holes. Actually,
they are the worst, because we all assume that they are the best ;-).
When it comes to WL, clean up the .properties file. Make sure everything
that is getting started and deployed is something you need for your app to
run. No examples. No samples. No extra connection pools. The more you
can remove from the default config, the harder it will be to crack your
site; most cracks are based on "known configs". For example, if I needed
the name of a connection pool, I would guess "demoPool". Read the security
advisories on WL. Make sure that you don't allow writes to your web
application. Make sure you set it up so .class and .xml and .java and .ser
are all unreachable. Try to architect your app to hide all real paths; even
avoid having direct references to .jsp files if you are early enough in
development to architect in that manner.
Look over your code. Anywhere that you have file I/O is a potential hole.
Anywhere that you assume that information coming from the browser is OK is a
potential hole. Most young web apps can be cracked just by changing (a) a
cookie (b) a URL or (c) a hidden field value. (Apparently eTrade has had
such a hole since day one and they are just getting it patched now.)
Any information in a cookie or URL that you don't want the world to read
should be encrypted. Don't send secure information in a cookie or a URL
unless you encrypt it with
super-duper-more-secure-than-128bit-only-private-key encryption. Always
prepend a checksum and then encode it in Base64. Any cookie or URL that
comes in that does not match the checksum, that does not parse correctly
with base64, or decrypt correctly with the private key needs to be discarded
and the session needs to be marked suspect.
Get a second pair of eyes to review your application. You can not close all
the doors, but you can surely close most of them. Log suspicious
activity -- such as an unknown URL, an illegal cookie, invalid data in a
hidden field. Be prepared to develop an IP lockout, or check if your
firewall supports one.
Double-check your authentication scheme. Make sure there are not back doors
in it. Make sure that the administration of the authentication database
(LDAP, NT, RDBMS, whatever) is clean, documented, and not web accessible
(unless perhaps it requires authentication itself over HTTPS).
Good luck,
Cameron Purdy
[email protected]
http://www.tangosol.com
WebLogic Consulting Available
"paul a. bauerschmidt" <[email protected]> wrote in message
news:[email protected]...
SSI stands for ServerSideInclude, which is used in a few different places
around the server. If you can fully test your WebApp without it being
registered, by all means, leave it out. Just watch out because it is used
for more than JHTML.
.paul
"Jesus M. Salvo Jr." wrote:
WLS 5.1 + SP5
Linux and Solaris
I have a webapp (servlet 2.2) deployed as a .war archive. All are JSP
files, with JSP <%@ include %> tags to HTML code fragments for header
and footer, and with IMG tags for GIFs and SCRIPT tags for stylesheets.
I have commented out reference to FileServlet in the weblogic.properties
file, and restart WLS. Tested the webapp and webapp seems to function
fairly well without the FileServlet.
The only thing is that WLS cannot serve the default index.html (The one
with all the links to WLS docs, etc.) of WLS, but other than that,
everything seems okay.
I can also run AdminMain.
Are there any ramifications into commenting out FileServlet?
Also, as I undestand, SSIServlet is for .jhtml files, and I am not using
those. Is it okay to comment out SSIServlet from the
weblogic.properties.
TIA,
John -
Can I use MUSE as a blogging tool?
Can I use MUSE as a blogging solution? Or is Wordpress still the best way to go?
Yes , you can very well use OIM to sync data between LDAP and RDBMS . OIM comes with lot of OOTB connector which connects to diff targets.
LDAP and RDBMS happened to one of those , so you can easily pull the data from ldap and push to RDBMS or anywhere else
Thanks
Suren
Maybe you are looking for
-
Weird playlist/ERROR message/won't sync songs/won't restore!
I just ran out of room on my ipod, and something came up saying do you want to create some playlist? I'm not sure exactly what it said, but it was so I can make more room on it. I went through my library and deleted songs I didn't want anymore and I
-
Upgraded to Elements 11, Can't find all of my brushes
I have some brushes I purchased that I was easily able to load and use in version 9, but now that I've upgraded, several of them don't show up at all when I go to load them - but I KNOW they are there. I can navigate to the presets/brushes in version
-
I have a slide show project which runs about 7:10 minutes. I want to use background music that consists of 2 songs. The first song is 3:11 minutes and the second song is 4:51 minutes. Even when I add transitions and more images, the second song lo
-
Use wireless router with existing network and switch?
I have an existing network using a T1 into a switch; all the computers and the server are connected to the switch. Some distance away, via ethernet cable to the switch, I would like to connect a wireless router, one computer wired to that router, and
-
How to remove black layer around answer form
Hi guys, When i export a filled in user registration form, I get these black layers around my filled in answers. I would like to remove these layers because I need to send these filled in forms back to my clients because they need to sign them.