Logging User access

Similar Messages

• Logging user access with IP..?

  I want oto add some user logging for my site and since it requires authentication I believe most of the heavy lifting has already been completed. I'm hoping someone can give me some direction as to how to incorporate the pieces I need into what I have already existing.
  Currently I believe the following is the php for granting access on my site:
  <?php
  if (!isset($_SESSION)) {
    session_start();
  $MM_authorizedUsers = "";
  $MM_donotCheckaccess = "true";
  // *** Restrict Access To Page: Grant or deny access to this page
  function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;
    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
      // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
      // Parse the strings into arrays.
      $arrUsers = Explode(",", $strUsers);
      $arrGroups = Explode(",", $strGroups);
      if (in_array($UserName, $arrUsers)) {
        $isValid = true;
      // Or, you may restrict access to only certain users based on their username.
      if (in_array($UserGroup, $arrGroups)) {
        $isValid = true;
      if (($strUsers == "") && true) {
        $isValid = true;
    return $isValid;
  $MM_restrictGoTo = "../logon.php";
  if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
  ?>
  I believe some of the pieces I'm missing are the IP address for the user and the sql needed for the INSERT into mySQL which I believe are as follows:
  $ip_address = $_SERVER["REMOTE_ADDR"];
         $sql = "INSERT INTO  user_tracking
                (username, ip_address)
                VALUES ('MM_Username', '$ip_address')";
  mysql_query($sql, $maxdbconn) or die(mysql_error());       'Is this the command for executing the SQL???
  My problem is I'm still green and don't understand the php routine well enough to be able to plug in these pieces and whether I'm missing something else so I'm hoping someone can help shed some light.
  Thanks.
  A JM,

  I found the original page and again I realize that I was missing some original code, I realize it makes it tough to follow - my appologies. I tested this source below and all is back to normal.
  So, back to trying to add the user to the tracking DB.
  I think the pieces I'm missing are as follows- not sure though...????
      //SQL string for user logged in
      $insertSQL = "INSERT INTO user_tracking (username, ip_address) VALUES ('maxadmin', '192.168.1.100')";
      mysql_select_db($database_maxdbconn, $maxdbconn);
      $Result1 = mysql_query($insertSQL, $maxdbconn) or die(mysql_error());
  However, when I add the lines before ( header("Location: " . $MM_redirectLoginSuccess ); )  I get an error message in Dreamweaver, "The Server Behavior panel cannot determine whether "Log In User" or "Log In User" is applied to your page. Please select Edit Server Behaviors and change one of the two behaviors to ensure that each is uniquely identifiable."
  A JM,
  <?php require_once('Connections/maxdbconn.php'); ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  ?>
  <?php
  // *** Validate request to login to this site.
  if (!isset($_SESSION)) {
    session_start();
  $loginFormAction = $_SERVER['PHP_SELF'];
  if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=$_POST['password'];
    $MM_fldUserAuthorization = "";
    $MM_redirectLoginSuccess = "dbpages/claimroot.php";
    $MM_redirectLoginFailed = "failedlogin.html";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_maxdbconn, $maxdbconn);
    $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
      GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $maxdbconn) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
       $loginStrGroup = "";
      //declare two session variables and assign them
      $_SESSION['MM_Username'] = $loginUsername;
      $_SESSION['MM_UserGroup'] = $loginStrGroup;         
      if (isset($_SESSION['PrevUrl']) && false) {
        $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];   
      header("Location: " . $MM_redirectLoginSuccess );
    else {
      header("Location: ". $MM_redirectLoginFailed );
  ?>

• Logging VPN access

  I have an ASA5510 configured for remote access VPN (standard and clientless). It uses LDAP to authenticate against domain controllers in my environment.
  Is there a way to configure syslog to log user access to the VPN (date & time, etc.), without turning on "logging trap informational" and filling up my syslog server with loads of other information (conduits opening, teardowns, etc.)?
  I am syslogging to SolarWinds using udp

  Hi Colin,
  For this, you need to first know what message IDs you want syslog to receive. Say you want to receive the below message id 713059 (tunnel reject -user group-lock check failed) to syslog server...
  logging list TEST message 713059
  logging list TEST message 713070-713080 --> For range of messages
  configure syslog server on ASA and issue the command 'logging trap TEST'.
  Check the below link for more info...
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml
  hth
  MS

• Multiple simutaneously logged in users accessing AFP home directories?

  Hi,
  Many of our problems are described in this guy's blog:
  http://alblue.blogspot.com/2006/08/rantmac-migrating-from-afp-to-nfs.html
  The basic capability we want is to have multiple simultaneously logged in users to have access to their AFP mounted home directory, which is configured in a sane, out-of-the box setup using WGM and Server Admin.
  Multiple user access could take the form of FUS (fast user switching), or simply allowing a user to SSH into a machine that another user is already logged into and expect to be able to manipulate the contents of her home directory.
  From my extensive searches, I have no reason to believe this is currently possible with 10.4 Server and AFP.
  (here's the official word from apple: http://docs.info.apple.com/article.html?artnum=25581)
  I've read that using NFS home directories will work, though.
  I want to believe that Apple has a solution for this by now (it's been almost a year since we first had difficulty), or at least a sanctioned workaround. If Apple doesn't have one, maybe someone else has come up with something clever. I find it hard to believe that more people haven't wanted this capability! (not being able to easily search the discussion boards doesn't help, though...)
  Thanks for your help!
  Adam

  Parallels Issue. Track at http://forum.parallels.com/showthread.php?p=135585

• Missing a User access in the log-on picture

  Lacks a user access to log on picture after start-up in Yosemite. In user administration there has been created two user entries - an administrator and a normal access. The normal access is not visible from the log on picture, and it is only possible to access through the visible user (Adm.) and then switch the user by switching in the upper right corner!!!
  Wish, possible for all users to log on from the boot up image.     (Adm - Normal - Guest access)

  same issue:
  retina MacBookPro mid2012. Clean install of OS X Yosemite 10.10
  I'm randomly missing an account at login screen after reboot.
  Sometimes I can fix it with booting into my initial account 'Kevin' (userid 501) and then changing to different login 'Christina' (userid 502).
  But if I log out from my account, the second account is missing. Same if I do a reboot.. This have me in stitches as I ofcause has the need for privacy from each account.
  Both accounts are set up as admins, guest is deactivated.
  rMBP 16gb sep2012.
  userid 501:
  home directory: /Users/Kevin
  userid 502:
  home directory: /Users/Christina
  apart from that... I have loads of problems with Bluetooth, and hand-off only working 1 way (5s with 8.1) where only iOS -> OS X works, not vice-versa.

• Log the user Access to a Channel

  It's possible to log the access to a channel with the system log facility or a simple file when an user click in the desktop link... the link can be an external URL.
  The log must have the user id and the name of the URL for tracking user action in the desktop.
  It's possible using the Rewriter Rules and Rulesets to perfome this?
  If it's impossible we're the better solution?
  Obsiously it's possible to redirect all the channel link of the desktop in a new servelets o jsp page that provides this functionality and log the access but I think there is not the better solution...
  Thank for the help
  Best Regards
  Fausto

  Hi Fausto,
  Of course there are several cool tricks ;-)
  - Your "JS trick with post " will refresh the page - no good...
  (Also what if you log several channels etc.... )
  - For reporting I actually used "JS hidden image" trick.
  Note: You will loose the browser handle from logging jsp
  - "One Pixel Frame" is good only if you need to have a browser handle.
  For example on click e.g. TabSwitch you can show immediate statistics
  (e.g. how many time user spend with this channel and how much he has to pay!)
  PS: I am actually done with the reporting tool.
  Send me a mail if you wanna see it.
  Cheers,
  Alex :-)

• Audit log of the User access and permissions

  Hi All,
  We need to have the Audit trail of the user access and permission. Meaning Changes to user access rights will be logged.
  This should include:
  Current Access Rights (including Date the access was given),
  Group membership (including Date the access was given),
  Previous Access Rights (including Date the access was given and revoked).
  Can we reuse any out of the box functionality of CQ. Does anybody having any pointer to this?
  Thanks,
  Debasis

  Hi PChamoun,
  At the outset thanks a lot for the clue. I am very new to CQ. Could you please guide me like, what are the API required to track the rep:policy node changes. Even if workflow will be started after any change to rep:policy but how I will be able to get the information of what change happened.
  Thanks,
  Debasis

• ITunes U user access log

  Is there a way to show how many times or how long a user accesses your course?

  Then use Usage Tracking Feature of OBIEE.
  The Oracle BI Server supports the accumulation of usage tracking statistics that can be used in a variety of ways such as database optimization, aggregation strategies, or billing users or departments based on the resources they consume. The Oracle BI Server tracks usage at the detailed query level.
  When you enable usage tracking, statistics for every query are inserted into a database table or are written to a usage tracking log file.
  You can find more details about Usage Tracking in Server Administrator Guide.
  - Madan

• User access log

  Hi,
  Anybody has any idea how to extract the user access history in SAP? It's to be served as the audit log for security purpose.
  regards,
  sianghing

  Hi,
  There are quite a few threads discussing the similar requests.  However, it is not currently supported.  What you can do now is to have a regular alert query running in a fixed internal like an hour to record the active users.  Those records could be saved in a user table for your audit purpose.
  Thanks,
  Gordon

• User access log -Analytics

  hello
  I need to get the user access log in order to know the user who access to the applications analytics OBIEE????

  Then use Usage Tracking Feature of OBIEE.
  The Oracle BI Server supports the accumulation of usage tracking statistics that can be used in a variety of ways such as database optimization, aggregation strategies, or billing users or departments based on the resources they consume. The Oracle BI Server tracks usage at the detailed query level.
  When you enable usage tracking, statistics for every query are inserted into a database table or are written to a usage tracking log file.
  You can find more details about Usage Tracking in Server Administrator Guide.
  - Madan

• User access log from WLC

  I setup wirless network (a WLC-4402 with AP ), I would like to know that if a guest access our network, may I get the notification from syslog?

  How do you have the guest network setup? You have a guest anchor controller or is guest going out your main wlc? Also how is guest users accessing your network?

• Service Desk User access

  Hi Experts,
  I want my service desk users login on Solman and they can update Msg status and ther remarks.
  so what are auth. object needs on there profile, please suggest.
  Can we block users access in such a way , they are not able to do add change on other users issue msg.
  bcoz , if i give access on crm_dno_monitor to any user, he may access and process all issue tickets.
  Thanks
  Andrew

  Andree,
  Actually we provide variants for crm_dno_monitor.
  so they have option of seeing only tickets belonging to themselves only
  For e.g create a variant of crm_dno_monitor by choosing mine and then save it and create a ztcode in se93 for the same.
  assign this tcode for the user menu to the respective role of the user.
  So whn this user logs in and click on the link he sees only mine tickets or tickets belonging to him..he doesnt hav access to crm_dno_monitor.
  Pls assign pts.

• Multiple users accessing same events

  Good Afternoon, i wondered if anyone could assist me. I have described what is going on and have a few questins which i have added in bold.
  We are a school in the UK running three Apple suites with a mixture of iMacs and macbooks.
  The scenario:  We have local users accessing some video footage to create a trailer and i would like to find the best method for this.
  The Problem:  We opted to use local users rather than network users as i believe imported video events are stored locally. Is this correct?
  Based on the previous problem i have created two users, User1 & User2.  If User1 imports the event then User2 cant see this and would like to work on the same event, then they have to import the event again.  Is there anyway that User1 & User 2 could access the same event without doubling it up?
  The problem does change slightly that if i use a networked user, and run iMovie then they can see the events on the local hdd. This only happens on certain machines.  Any ideas why this would happen?
  If anyone can help in anyway it would be much appreciated.
  Thanks

  The Problem:  We opted to use local users rather than network users as i believe imported video events are stored locally. Is this correct?
  Yes, the are stored locally, I don't know if Network users do anything more than authenticate over the network then use the local hard drive anyway. That depends on whether or not your users are setup with Network Home drives or are Mobile users that use the local hard drive instead. You might be able to find out from your SysAdmins whether or not Home folders are on a central server of some kind.
  Network users authenticate and have a network home drives.
  Is there anyway that User1 & User 2 could access the same event without doubling it up?
  It seems like there would be a benefit to using an external Mac HD in this case as the permissions on that folder could easily be ignored. Then any user on that Mac will be able to see the iMovie Projects and Events saved onto that external HD and use them without doubling up the Events folder material. Unfortunately I don't think you can force iMovie to use a different folder for the Movies folder on an internal Hard drive. So an external HD might provide an easy workaround if that's possible. And better yet, it makes it all portable BETWEEN Macs if you need to setup on a different machine for some reason.
  Thanks, thats was what i wanted to know.  Although I dont think the department will be too keep on buying a minimum of 30 external hdd.
  This only happens on certain machines.  Any ideas why this would happen?
  I don't want to blame this on how the machines are configured, but it may be the network users are seeing a Network Home folder in some cases when they are logged in, and in other cases they are seeing the local home folder on the internal Mac HD. I'm just guessing at this point. But it should be consistent across all the machines depending on if the network users is a Network Home user or a Mobile user.
  I have double checked and all users are seeing their network home and no local version.
  I just wondered if myabe an older version of iMovie(09) allowed the users to see all events even as local users or network. - bizarre really

• Problem with users accessing sharepoint 2013 site collection

  I have an unbeliveable problem..
  I have a sp site with several site collections..
  I have around 15 users.. Everybody have access to the root site. Two users do not have access to site collections even though they are in EXACTLY same permission groups like other users who can access those site collections!
  I tried to delete them from all user groups in SP, then delete their user profiles in Central Administration, and delete them from Active Directory. After that I recreated their profiles in Active directory, readded them to Central Administration, and again
  added them to coresponding groups in SharePoint site collections. They again CAN NOT ACCESS site collections.
  What should I do.. This is incredible that 5 users with the same user privileges can access site collections, and 2 can not, even though they are all created in the same way..
  Regards,
  Srdjan

  Hello,
  Have you found a solution for this problem? I have the exact same problem with 2 users accessing a site collection (access denied). I found also this row on uls log:
  Access Denied. Exception: Attempted to perform an unauthorized operation., StackTrace:   at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)     at Microsoft.Office.Project.PWA.PJBaseWebPartPage.OnPreInit(EventArgs
  e)     at System.Web.UI.Page.PerformPreInit()     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest(Boolean
  includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest()     at System.Web.UI.Page.ProcessRequest(HttpContext context)     at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
  at System.Web.HttpApplication.ExecuteStep(IExecutionSt... 6955b79c-c42c-50fc-84f8-2b68f97002ea

• WebLogic 10.3.0 WLI Domain - Microsoft AD administrator user access issue.

  Hi SOA Experts,
  We are facing issue of getting noaccess exception on console (below) when doing datasource testing using Microsoft AD administrator user. The same works fine when testing using WLS embedded LDAP administrator user in WLI domain. In plain WLS 10.3.0 domain (without WLI) with same Microsoft AD configuration they do not see this issue, they are able to successfully test data source using both embedded WLS administrator and Microsoft AD administrator user.
  I enabled security ATN and ATZ debug flags and below is my observation.
  In plain WLS 10.3.0 domain I see that default weblogic administrator user in embedded LDAP is part of administrators group. Microsoft AD administrator user is part of Administrators group from MS AD.
  Whereas in WLI domain I see that default weblogic administrator user is part of Administrators & IntegrationAdministrators groups. In WLI domain Administrators group is again part of IntegrationAdministrators group (below is debug logs).
  Below is Plain WLS Domain Debug log
  ####<Dec 6, 2010 5:20:14 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)
  '> <<WLS Kernel>> <> <> <1291674014123> <BEA-000000> < Subject: 2
  Principal = weblogic.security.principal.WLSUserImpl("weblogic")
  Principal = weblogic.security.principal.WLSGroupImpl("Administrators")
  Below is WLI Domain Debug Log
  <> <1291669863989> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
  ####<Dec 6, 2010 4:11:03 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
  <> <1291669863989> <BEA-000000> < Subject: 3
  Principal = weblogic.security.principal.WLSUserImpl("weblogic")
  Principal = weblogic.security.principal.WLSGroupImpl("Administrators")
  Principal = weblogic.security.principal.WLSGroupImpl("IntegrationAdministrators")
  The issue of Microsoft AD administrator user not able to test datasource in WLI domain seems to be happening because of IntegrationAdministrators group which comes by default with WLI domain (in plain WLS domain we do not have this group). Looks like the datasource which is being created in WLI domain seems to be being treated as WLI resource and user accessing it is being checked if it part of IntegrationAdministrators group. In this case weblogic default administrator user is part of IntegrationAdministrators, for which we do not see issue where as Microsoft AD administrator user which is not part of IntegrationAdministrators seems to be having problem.
  Below is snipper of Microsoft AD administrator user in Debug logs
  ####<Dec 6, 2010 4:13:31 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
  <> <1291670011687> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
  ####<Dec 6, 2010 4:13:31 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
  <> <1291670011687> <BEA-000000> < Subject: 2
  Principal = weblogic.security.principal.WLSUserImpl("MSADAdminUser")
  Principal = weblogic.security.principal.WLSGroupImpl("Administrators")
  Also one more observation about datasource which is created is in plain WLS & WLI domain created datasource resource type is shown as “jdbc” which is expected, but in addition in WLI domain I observe that created datasource resource type is marked as JMX and DS is being considered as application (below), not sure if this has something to do with the issue.
  Below is WLS domain debug log, below you can see that datasource is being treated as JDBC resource which is expected.
  ####<Dec 6, 2010 5:21:03 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1291674063776> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Resource=type=<jdbc>, application=, module=, resourceType=ConnectionPool, resource=testDS, action=reserve>
  Below is WLI domain debug log, below you can see that datasource is being treated as application and it says resource type as JMX
  ####<Dec 6, 2010 4:12:17 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1291669937755> <BEA-000000> < Resource: type=<jmx>, operation=get, application=testDS, mbeanType=weblogic.j2ee.descriptor.wl.JDBCDataSourceBean, target=Name>
  I created user in embedded LDAP in WLI domain with same name as MS AD administrator user and assigned it to Administrators group, that obviously works but is not acceptable solution.
  Below is exception thrown on console when testing datasource using Microsoft AD administrator user.
  weblogic.management.NoAccessRuntimeException: Access not allowed for subject: principals=[MSADAdminUser, Administrators], on Resource weblogic.management.runtime.JDBCDataSourceRuntimeMBean Operation: invoke , Target: testPool at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:205) at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222) at javax.management.remote.rmi.RMIConnectionImpl_1030_WLStub.invoke(Unknown Source) at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978) at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544) at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380) at $Proxy92.testPool(Unknown Source) at com.bea.console.actions.jdbc.datasources.testjdbcdatasource.TestJDBCDataSource.begin(TestJDBCDataSource.java:114) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:870) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306) at
  - BoyelT

  This issue has been resolved.
  The problem of Microsoft active directory administrator user not able to test the datasource in WLI domain is caused because of IntegrationAdministrators group & IntegrationAdmin role which comes in WLI domain. Assigning the Microsoft Administrator group to IntegrationAdmin role from WebLogic console has resolved the issue.
  Below are steps for assigning the MS AD administrator group to IntegrationAdmin role from console in WLI domain.
  ======================================================
  - Login to console and click on "Security Realms" and "myrealm"
  - Go to "Roles and Policies" tab and expand "Global Roles" tree and "Roles" tree view under it.
  - Click on "View Role Conditions" link for "IntegrationAdmin" role.
  - Click on "Add Conditions" button select Group (default) for "Predicate List" drop down box and click Next button.
  - Specify MS AD admin group name for "Group Argument Name" text box and hit on Add button.
  ======================================================
  - BoyelT
  Edited by: BoyelT on Dec 20, 2010 1:36 PM