Login via LDAP using "cn" attribute?

Hi,
I work on an LDAP client implementation, and have hit a potential problem using it with the MAC OS X LDAP server. Our device searches for user objects in the LDAP directory, looking for a match of the "uid" attribute against a login name entred by the user. Well we have a customer who is using a MAC OS X LDAP server and says that he has users configured with multiple uids (which we support) but also with a unique "cn", and that it allows login using any of those. For example a user entry would contain:
dn: uid=joecool,cn=users,dc=xxx,dc=local
cn: jcool
sn: Cool
uid: joecool
uid: jc
And this user supposedly can login as joecool, jc or jcool, even though there is no uid attribute with value jcool.
So my question is, is this the case with MAC OS X LDAP server? Does it (or rather a MAC client using it) allow login with a user name that matches the cn but not a uid?
Message was edited by: Ian Puleston
Message was edited by: Ian Puleston

Hi,
The User Management guide says a fullname and 16 shortnames are permitted. However, the first shortname is used to form the LDAP distinguished name (dn). My LDAP connection lets me search for any user records based on 'cn = login name' where login name is any fullname or shortname. However, authentication only occurs when using the (dn, password) combination.
There are significant problems when any names are duplicated. However the most critical is the first shortname which is stored with the password server file along with user id number. Note that to change the first shortname essentially deletes the user account and creates a new one. According to the manual all of the names full and short are kept in the cn listing inside the user record. This allows looking up the user record by any name (cn). During login the record is looked up, the dn retrieved and combined with the password for authentication.
HTH,
Harry

Similar Messages

  • Kerberos & AFP fails to login via kerberos

    Hi,
    I am unable to login via afp using kerberos. When i used the kadmin.local -q listprincs comand to list the principals the afpserver is listed. When i change the authorization to kerberos. I revice a : "Connection Failed! The User Authentication Method required by this server can't be found." It was working under 10.4.3 is there any changes since.
    PowerMac G5 DP 2.0   Mac OS X (10.4.4)  

    You get this message:
    <blockquote>The server has rejected your login. Please verify that your user name and password are correct. Error Code: 800cccd1 </blockquote>
    And Thunderbird can successfully receive/send on the test account but not on your own account, with the same server/port/SSL settings?
    Other than the possibility that your password is incorrect...
    Does your server require or have you tried entering your login username in this format:
    domain\username
    I don't know whether the following is relevant to your mailbox (server-side issue): [http://support.microsoft.com/kb/949926 Error when you use an IMAP4 client or a POP3 client to log on to a delegate mailbox of Exchange Server 2007: "800cccd1"].

  • Read 'userPassword' attribute via LDAP?

    Hi all,
    Sorry if this question has already been answered...
    I do not have access to a Sun ONE Directory server so I have not been able to answer this question for myself.
    Is it possible to read the 'userPassword' attribute from a Sun ONE Directory Server via LDAP?
    I know that this is not possible for MS AD, and I am guessing this is a standard used by all LDAP Servers.
    Thanks in advance for any help,
    Bryan Galvin

    If the privileges are set properly, you can read the password in the Sun directory. If the password is stored in clear text (not the default) then you will see the password. If it is encrypted then you will see an encrypted password string preceded by the encryption method used, for example:
    userPassword: {SHA}0twDi9KZ2bTTBL1PpYwcFxhWsCu=
    An "old" method of authentication involved hashing the user-supplied password with the same algorithm and comparing it to the entry in the directory. (apologies to those "oldies" still using that method!)

  • How to get the naming attribute of an LDAP using JNDI.?

    Hi,
    How do we fetch the naming attribute of a LDAP using JNDI. Is this possible using JNDI..?
    By default, every LDAP has been set with a naming attribute such as 'uid' or 'cn'. This could be changed according to business needs.
    How to determine this using JNDI.
    Regards,
    Barani

    Are you trying to call the portlet Customization form directly from the browser?

  • Need help in retrieving attributes from LDAP using JNDI

    I am trying to retrieve attributes from LDAP using JNDI, but I'm getting the following error when I try to run my Java program.
    Exception in thread "main" java.lang.NoClassDefFoundError: javax/naming/NamingException
    I have all the jar files in my classpath: j2ee.jar, fscontext.jar and providerutil.jar. The interesting thing is that it gets compiled just fine but gives an error at run-time.
    Could anyone tell me why I'm getting this error? Thanks!
    Here's my code:
    import javax.naming.*;
    import javax.naming.directory.*;
    import java.util.*;
    import java.io.*;
    class Getattr {
    public static void main(String[] args) {     
    // Identify service provider to use     
    Hashtable env = new Hashtable(11);     
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");      
    // user     info
    String userName = "username";     
    String password = "password";          
    // LDAP server specific information     
    String host = "ldaphostname";     
    String port = "portnumber";     
    String basedn = "o=organization,c=country";     
    String userdn = "cn=" + userName + "," + basedn;          
    env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port + "/" + basedn);     
    env.put(Context.SECURITY_PRINCIPAL, userdn);     
    env.put(Context.SECURITY_CREDENTIALS, password);     
    try {          
    System.setErr(new PrintStream(new FileOutputStream(new File("data.txt"))));     
    // Create the initial directory context     
    DirContext ctx = new InitialDirContext(env);          
    // Ask for all attributes of the object      
    Attributes attrs = ctx.getAttributes("cn=" + userName);          
    NamingEnumeration ne = attrs.getAll();                    
    while(ne.hasMore()){                         
    Attribute attr = (Attribute) ne.next();                                   
    if(attr.size() > 1){               
    for(Enumeration e = attr.getAll(); e.hasMoreElements() ;) {                                       
    System.err.println(attr.getID() + ": " + e.nextElement());                     
    } else {
         System.err.println(attr.getID() + ": " + attr.get());
    // Close the context when we're done     
    ctx.close();     
    } catch(javax.naming.NamingException ne) {
         System.err.println("Naming Exception: " + ne);     
    } catch(IOException ioe) {
         System.err.println("IO Exception: " + ioe);     

    That doesn't work either. It seems its not finding the NamingException class in any of the jar files. I don't know why? Any clues?

  • Login Using extended attribute

    I have personnelnumber mapped to accountId in IdM. There is another attribute(samaccountname) stored in IdM. How do I allow users to loging using one of the extended attributes (ie samaccountname) instead of their accountId(ie personnelnumber)
    Any help appreciated.
    Thanks

    Nikhil,
    What I think is that accountId is a special attribute in idm that the login modules would use to provide login functionality against a resource. So, if accountId <--> personnelnumber is already made, a login module cannot be created to allow login using samaccountname.
    A round-about way could be to create another resource (and NOT use for provisioning) with accountId <--> samaccountname mapping and create a login module using this resource.. makes sense? Of course, this still doesn't use the extended attribute value stored in IdM (rather uses the resource attribute value), but I think that is one way out.
    Anyone else has any other ideas?
    Aditya.

  • FAQ: BC-LDAP-USR (Directory Interface for User Management via LDAP )

    Version: 20060317
    Q: Where can i find more information to the BC-LDAP-USR interface ?
    A: Have a look on our ICC webpage in the SDN:
    SAP NetWeaver AS - Directory Interface for User Management via LDAP (BC-LDAP-USR)[1] [original link is broken]
    Q: What costs a arising when we want our product to be certified ?
    A: See also our SDN page under the headline "Price List".
    Q: Is there a link/page for the already certified products for this interface ?
    A: Sure, have a look on our ICC page under the headline "Certified Solutions"
    Q: Who can we ask in case of general question ?
    A: Have a look at our general ICC forum:
    SAP Integration and Certification Center (SAP ICC)
    Of course, if you have urgent requests you can send them also directly to our local ICC's:
    ICC Walldorf in Germany: [email protected]
    ICC Palo Alto in USA: [email protected]
    ICC Bangalore in India: [email protected]
    Q: Who can we ask in case of technical questions ?
    A: This depends on the state of your certification project.
    1.) If the certification contracts have been signed then you can ask in this forum and if this does not solve your question go back to your assigned integration consultant.
    2.) When the certification contracts have not been signed then you can ask questions in this forum.

    I distinguish it using the passwordExpirationTime(or something like that, i don't have code here with me).
    This is possible if after password is expired user has at least one more access.It is a user policy that can be set in the Ldap server.
    If it is possible, user can still login and perform operations.You chan search the passwordExpirationTime attribute and determine if password is expired, and the send a message to the user, telling him to change it.(If only one access is allowed and you change the password with the same application or service then do not close context, else you should not be able to connect again.) Instead, if you use an external script, then the last acces should not give you problems.
    Hope i made myself clear.

  • How to save the login ID as a session attribute ?

    I am using form-based authentication in a web application which is being deployed on a JBoss 3.2.3 server. I am authenticating against an Oracle database by way of a DatabaseServerLoginModule (JAAS).
    I would like to save the user's login ID as a session attribute in order to be able to use it later in the application.
    It's not obvious how you can capture this information and add it to the session, since it seems that the login ID is lost once the authentication is done by j_security_check process.
    Is there some way to tell the servlet container to save the login ID as a session attribute as part of the j_security_check process (something along the lines of "if the authentication succeeds add the login ID as an attribute to the session") ?
    Is there another approach ? What is the accepted "best practice" for doing session initialization after authentication ? For example if a user needs to have several attributes set in their session after login -- how is this handled ? I have done this before with a login servlet which did both the authentication and the session initialization, but when using form-based authentication and j_security_check it's not clear to me how you go from the authentication to the initialization logic.
    Thanks in advance for any suggestions or insight.

    You should already have it... hidden in request.getUserPrincipal().getName()

  • WISM2-Cannot Login via WEB

    Hi everyone
    I cannot login the wism2 with browser.
    But I can use command to login the wism.
    like this:
    VSS-6509#session switch 2 slot 9 processor 1
    The default escape character is Ctrl-^, then x.
    You can also type 'exit' at the remote prompt to end the session
    Trying 172.16.31.2 ... Open
    User:admin
    Password:*********
    (WiSM-slot41-1) >
    notice:Sometimes I can login via the web.The interface and ip address configuration were correct.
    WISM2 log:
    *emWeb: Mar 08 05:20:38.189: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 05:04:38.105: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 04:48:38.032: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 04:32:37.951: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 04:16:37.861: #CLI-3-LOGIN_FAILED: cliutil.c:653 Login failed. User:nouser, Service type:-8. excessive failed login attempts.
    *emWeb: Mar 08 04:16:37.861: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 04:00:37.780: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 03:44:37.708: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 03:28:37.623: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 03:12:37.550: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 02:56:37.482: #CLI-3-LOGIN_FAILED: cliutil.c:653 Login failed. User:nouser, Service type:-8. excessive failed login attempts.
    *emWeb: Mar 08 02:56:37.482: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 02:40:37.396: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 02:24:37.308: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 02:08:37.191: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 01:52:37.103: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 01:36:37.022: #CLI-3-LOGIN_FAILED: cliutil.c:653 Login failed. User:nouser, Service type:-8. excessive failed login attempts.
    *emWeb: Mar 08 01:36:37.022: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 01:20:36.951: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 01:04:36.853: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 characters.
    *emWeb: Mar 08 00:48:35.253: #CLI-3-LOGIN_FAILED: cliutil.c:576 Login failed. User:nouser, Service type:-8. Username/Password length must be between 3 and 24 char

    You have radius setup for managment?  If you have radius setup, make sure you don't have the managmeent check box enabled unless you are using TACACS or Radius for management users.  Seem's like radius if sending a reject back to the WLC.

  • Retrieving user and group information from LDAP using j_securrity_check

    Hi
    I am using j_security_check to authenticate users against LDAP. I have made all necessary configuration for the server to perform LDAP group search as well as mentioned in the WAS documentation of LDAP settings. Now, how can I retrieve the user and the user group info after the j_secuirty_check. Apart from the UserPrincipal object which I can get from the request which just has the user name, is there any other object which will give me the user and user group info by which I need to connect to LDAP using my java code to retrieve these informations?
    Regards
    Deepak

    Hi
    I am using j_security_check to authenticate users
    against LDAP. I have made all necessary configuration
    for the server to perform LDAP group search as well
    as mentioned in the WAS documentation of LDAP
    settings. Now, how can I retrieve the user and the
    user group info after the j_secuirty_check.
    Apart
    from the UserPrincipal object which I can get from
    the request which just has the user name, is there
    any other object which will give me the user and user
    group info by which I need to connect to LDAP using
    my java code to retrieve these informations?Hmm, you don't need the user group info to connect to the LDAP server, right? You would need the user's Id (which you have) and password (which you don't). You could use the LDAP credentials and bind as that to look up the user info via the user id. Or if the server is set up to allow anonymous bind you could do it without credentials. But if all you want is group info then you should be able to call Security.getCurrentSubject().getPrincipals() to get the user principal as well as all groups (this is true in BEA WebLogic at least).
    Good Luck
    Lee

  • OIM LDAP sync default attributes

    Hi,
    i am using LDAP sync to provision user/roles to LDAP (OID).
    I did the experience, that organization cannot be sync'd to ldap using ldap sync.
    Are there a list of all attributes, which will sync between OIM and LDAP (OID)?
    Thanks in advance!

    This bit of XML just tells reconciliation to copy the "o" attribute in LDAP to a user database field usr_ldap_organization. It does not reconcile organizations as such. I hope the below is an accurate summary of handling of LDAP organizations by LDAP sync which will help.
    1) LDAP Synch does not reconcile organization objects into OIM
    2) LDAP Synch does provision organization objects to LDAP (although as pointed out perhaps you can customize something outside LDAP sync using an event handler)
    3) Users reconciled from LDAP to OIM ar eby default placed in one OIM organization based on the the LDAP Sync scheduled job settings, irrespective of their organization in LDAP (although their LDAP organization can be reconciled to an OIM user attribute, perhaps allowing you to do some more work in an event handler)?
    4) Users provisioned from OIM to LDAP use LDAP Container mapping to choose the organisation they are written to in LDAP. This is by default a simple set of attribute based rules, however custom code can be written in a plugin. Not that I found a bug that unfortunately the information that holds an OIM users OIM organization (ACT_KEY) is not made available to this plugin on create.
    As to your further question, you can add other mappings as you require in the MDS files (LDAPUser.xml etc.) to map other attributes, either using supplied utilities to simply add UDFs (as mentioned in a previous post) or for less simple changes by modifying the XML by hand.

  • Retrieve parameters from LDAP using authentication module

    I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
    I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
    OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
    This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
    The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
    If the forwarding is not possible what is the next best alternative ?

    OpenSSO forum is quite silent so I'm back with you guys.
    I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
    The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
    My LDAP looks like this:
    # testuser, pollo.fi
    dn: cn=testuser,dc=pollo,dc=fi
    cn: testuser
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    givenName: Test
    sn: User
    ou: People
    uid: testuser
    mail: [email protected]
    And my datastore configuration:
    LDAP server->localhost:389
    LDAP bind DN->cn=admin,dc=pollo,dc=fi
    LDAP organization DN->dc=pollo,dc=fi
    Attribute name mapping->empty
    LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
    LDAP3 Plugin search scope->scope_sub
    LDAP Users Search Attribute->uid
    LDAP Users Search Filter->(objectclass=inetorgperson)
    LDAP User Object Class->organizationalPerson
    LDAP User Attributes->uid, userpassword
    Create User Attribute Mapping->empty
    Attribute Name of User Status->inetuserstatus
    User Status Active Value->Active
    User Status Inactive Value->inactive
    LDAP Groups Search Attribute->cn
    LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
    LDAP Groups container Naming Attribute->ou
    LDAP Groups Container Value->groups
    LDAP Groups Object Class->top
    LDAP Groups Attributes->cn,description,dn,objectclass
    Attribute Name for Group Membership->empty
    Attribute Name of Unqiue Member->uniqueMember
    Attribute Name of Group Member URL->memberUrl
    LDAP People Container Naming Attribute->ou
    LDAP People Container Value->people
    LDAP Agents Search Attribute->uid
    LDAP Agents Container Naming Attribute->ou
    LDAP Agents Container Value->agents
    LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
    LDAP Agents Object Class->sunIdentityServerDevice,top
    LDAP Agents Attributes->empty
    Identity Types That Can Be Authenticated->Agent,User
    Authentication Naming Attribute->uid
    Persistent Search Base DN->dc=pollo,dc=fi
    Persistent Search Filter->(objectclass=*)
    Persistent Search Maximum Idle Time Before Restart->0
    Should I enable some setting still to get the forwarding going on? Any ideas for debugging?

  • LDAP Using Active Directory failed in BAM

    I tried to configure the LDAP Using Active Directory as described in the BAM installation guide 10.1.3.1.0.
    In appsetting, i gave the server name, username and password used by us. Then i restarted the active data cache and IIS. Then i tried to access the http:\\server\oraclebam. But it is throwing the following error. What shall i do.
    Exception Message The directory service is unavailable
    Stack Trace at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at
    System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at
    System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at
    System.DirectoryServices.DirectorySearcher.FindOne() at
    Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at
    Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at
    Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at
    Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String
    strAssembly, String strApp, String strType, String strMethod, String strParam)
    Debugging Information The directory service is unavailable [ErrorSource="System.DirectoryServices"] Debugging information:
    System.Runtime.InteropServices.COMException (0x8007200F): The directory service is unavailable at
    System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at
    System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean
    findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at
    Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at
    Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at
    Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at
    Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String
    strAssembly, String strApp, String strType, String strMethod, String strParam)

    Hi,
    We are also facing the issue stated in the first thread. We followed everything specified in the LDAP PDF under TechNotes and still not able to access the BAM console successfully.
    The error we get is pasted at the end of this post. The request doesn't even seem to reach our LDAP server (configured in a remote system).
    A couple of clarifications required:
    1. Does our windows logon need to be the same as BAM console logon?
    2. I do not know the LDAP setting for my actual windows logon. But i have retained my same usrId and have configured a user in LDAP with my own organization and other hierarchies. I have configured this userId with the complete hierarchy in BAM login management and have given admin access also to this user. Is this correct?
    An error occurred while processing your request
    Details...
    Exception Message The server is not operational
    Stack Trace at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String strAssembly, String strApp, String strType, String strMethod, String strParam) ...
    Debugging Information The server is not operational [ErrorSource="System.DirectoryServices"] Debugging information: System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String strAssembly, String strApp, String strType, String strMethod, String strParam) ...
    Assembly StartPage
    State Oracle.BAM.StartPage.StartUp
    Event Initialize
    Thanks,
    KM

  • SPNego Login fails while using MacOS 10.4 and Firefox

    Hello,
    we are running an EP6 NW04 SPS 19 on an HP UX. For authentification we
    configured kerberos via spnego. This is working fine for all windows
    clients and the browsers ie6, ie7 and firefox.
    While using Firefox on MacOS X it is not working. We analyzed the error.It is the following
    error message in the trace file:
    Decoding error in parsing of spnego token.
    [EXCEPTION]
    iaik.asn1.CodingException: ASN.1 creation error:SPNego OID expected.
    Found 1.2.840.113554.1.2.2
    As you can see, the mac client is sending the raw kerberos ticket. How
    does the WAS handles this ticket?
    Kind Regards,
    Oliver

    Oliver,
    The SAP SPNEGO login module supports OID 1.3.6.1.5.5.2 only, which is the OID for SPNEGO protocol, and this is why it is called an SPNEGO login module. It does not support other OIDS such as RFC1964 Kerberos V5 (1.2.840.113554.1.2.2) or NTLM (1.3.6.1.4.1.311.2.2.10). If you need to support other OIDS, and not just SPNEGO then you need to use a different login module. I can help you with that if you are interested since my company has a product (comprising a login module which uses Kerberos) which supports SPNEGO as well as other OIDS - it is not 100% SPNEGO based like the login module available from SAP.
    Thanks,
    Tim

  • Problem in connecting to LDAP using JNDI please HELP ME!!!!!!

    hi
    i am trying to connect to the LDAp using the JNDi
    and i am getting the following error i was unable to solve it
    here i am posting my sample slapd.cof file as well as my source program and the error
    # ldbm database definitions
    database        ldbm
    #suffix         "dc=stooges,dc=org"
    suffix          "o=sgstest"
    rootdn          "cn=sgstestAdmin,o=sgstest"
    rootpw          secret3
    directory       /var/lib/ldap/sgstest
    defaultaccess   read
    schemacheck     off
    lastmod         onand my program source code is
    import javax.naming.Context;
    import javax.naming.InitialContext;
    import javax.naming.NamingException;
    import javax.naming.NameAlreadyBoundException;
    import javax.naming.directory.*;
    import java.util.*;
    public class test{
            final static String ldapServerName = "localhost";
            final static String rootdn = "cn=SgstestAdmin,o=sgstest";
            final static String rootpass = "secret3";
            final static String rootContext = "o=sgstest";
            public static void main(String[] args) {
                    Properties env = new Properties();
                    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
                    env.put(Context.SECURITY_AUTHENTICATION,"simple");
                    env.put(Context.PROVIDER_URL,"ldap://"+ldapServerName+"/"+rootContext);
                    env.put(Context.SECURITY_PRINCIPAL,rootdn);
                    env.put(Context.SECURITY_CREDENTIALS,rootpass);
                    try {   // obtain initial directory context using the environment
                            DirContext ctx = new InitialDirContext(env);
                           // now, create the root context, which is just a subcontext
                            // of this initial directory context.
                            Integer i = new Integer( 28420 );
                            System.out.println("Adding " + i + " to directory..." );
                            ctx.bind("cn=myRandomInt",i);
                            i = new Integer( 98765 );
                            System.out.println( "i is now: " + i );
                    } catch (NameAlreadyBoundException nabe) {
                            System.err.println(rootContext + " has already been bound!" );
                    } catch ( Exception e ) {
                            System.err.println( e );
                                                                                                               1,17          Top
    }the error which i am getting is
    Adding 28420 to directory...
    javax.naming.directory.InvalidAttributeIdentifierException:
    [LDAP: error code 17 - javaSerializedData: attribute type undefined]; remaining name 'cn=myRandomInt'any help would be appreciated

    Hi,
    just one question: is your LDAP server configured to support the JAVA object classes and attributes like javaSerializedData? E.g., if you're using openldap, you have to add a line to the slapd.conf configuration file to import the java definitions.

Maybe you are looking for

  • What is the difference between Create shapes or masks from text characters?

    What is the main difference between Create shapes or masks from text characters and why use one over the other, or when is one preferred over the other? I am still fairly new to AE and am trying to better understand this, or can you point me to where

  • After updated to the latest iTunes version, it is unable to connect any of my devices.

    May someone please help me with this issue? I have many important files for school need to be sync to my iPad. Also songs that I love to hear are needed to be synced to my iPod.  Before anyone give me advices, I would like to tell you all what I have

  • EA6500 WAN IP Release Problem

    To all I need to switch back to my old router currently I am using the EA6500 in the GUI of the latest firmware there is no longer a button "Release IP Address" but it has been replaced with "Release and Renew" button this is causing that the IP addr

  • I can not download Mozilla,my computer says retry only...

    I am trying to download Mozilla to my other laptop... It already works on one laptop but not my main unit.. IT WILL NOT DOWNLOAD AT ALL.. Just keeps saying retry..

  • Where is Web server located?

    Dear all, I would like to add some functionality to web pages generated in E-Business Suite module. The problem is I can't find where to put some modified pages or even just find the existing ones! Any ideas? Thanx in advance