Make netatalk on FreeBSD authenticate against OD?

Similar Messages

• Messaging Server authenticate against directory server

  Just wonder how to make messaging server authenticate against directory server? Basically I created users on the directroy server, and would like to let these users to access messaging server?
  Thanks for advice!

  I'm sorry, your question doesn't really make any sense.
  Messaging Server always authenticates to users in a Directory.
  How did you "create users"? That may be the problem. If you don't create the users with the provisioning tools provided with Messaging, then the users don't have the correct object classes and attributes to function as Messaging users.

• Assigning a login module to a single WebDynpro to authenticate against LDAP

  Hi there,
  we are running the J2EE Engine 7.0 within XI on SAP NetWeaver 2004s / Linux x86_64.
  Basically, i want to Authenticate a Java WebDynpro against an LDAP (Active Directory). With the XI Usage installed, I can not customize the UME to authenticate against an LDAP (not supported and not possible).
  Thus, I want to use a custom login module or, if suitable, a standard login module to authenticate against LDAP. I know that all WebDynpro Apps use the default authentication scheme that in turn references the authentication template "ticket".
  1) Can I use a predefined Login Module to authenticate against Active Directory LDAP or do I have to write a custom login module?
  2) Is it possible to assign a login module to a single WebDynpro and how can I do this?
  Thanks a lot in advance,
  Oliver Kalkofen

  > Thus, I want to use a custom login module or, if
  > suitable, a standard login module to authenticate
  > against LDAP.
  We have developed a custom login module which does this. It looks to the user like the BasicPasswordLoginModule provided with SAP, but the userid and password entered has to be a valid accountpassword from the Active Director domain. We use the Kerberos protocol to perform this useridpassword validation, not LDAP. The userid can be just a name, in which case the default domain (realm in Kerberos terminology) or it can be specified as user@REALM in which case a non-default realm can be used to authenticate. Once the authentication is complete, we look in USRACL table to map this Kerberos principal name onto a SAP userid so we can then create an SSO2 ticket.
  If you interested to evaluate, or get a quote for purchasing this, please contact me offline. Of course, you can develop your own if you are happy to do so. I just thought you might be interested to know of an alternative.
  Thanks,
  Tim

• How do you get OS X Lion to authenticate against LDAP?

  Need help getting OpenLDAP to authenticate against LDAP on  Linux server....please help!

  Go to the Users & Groups system preferences, click "Login Options:" and then click "Edit" next to "Network Account Server." Then click the plus button and add your LDAP authentication server. You can also click the Directory Utility button to further refine the settings for your server and the LDAP service.

• How to make direct selection handles visible against pasteboard?

  When I go to transform/resize images inside frames using the direct selection tool, I can't see the handles of the actual image because they are white against a white pasteboard.  I am using InDesign CS5 (ver 7.0.4) on a Mac. I have been using InDesign for a few years and never noticed this was a problem; all of a sudden, the handles seem invisble. I don't remember what the color scheme was before. (Maybe I am losing my mind). Did the colors change with an update? There is an option in preferences to select the color of the pasteboard, but this doesn't seem to have any effect. In the meantime, I can't find the handles to resize/transform images. I can input a percentage for scaling, but this is only useful sometimes. How do I make direct selection handles visible against the pasteboard?

  Not specifically a path. When I select an image in a layout with the selection tool, yes the frame border is the color of the layer. When I select the same image with the direct selection tool to see the full extent of the uncropped image, the border of the image is white with white handles. Since my pasteboard is white, I can't see the image border when it extends off my color layout and onto the pasteboard.

• Can the Design Console authenticate against the OID?

  Can the Design Console authenticate against the OID?
  In my setup the users authenticate against the OID server when logging to OIM Web Console.
  The OID has a plugin that redirects the authentication request to the Microsoft AD server.
  That way the users can login to OIM Web Console using their Microsoft network password.
  A small problem is that I have a handful of users that need to use the Design Console, and when they attempt to login it almost always fails at first.
  It fails because they forget that the password they have to type on the Design Console login screen actually resides within the OIM Server and as time goes by the password becomes different then the one used to login to the Microsoft network.
  So i wondered if it is somehow possible to configure the Design Console to authenticate against my OID server, then it would redirect the authentication request to the Microsoft AD Server and they would not have to bother about what is/was the password stored within the OIM.
  Thanks for any thought on the matter.
  Adriano.

  Design Console always authenticate against the OIM user credentials. I suppose this is due to the factor that this does not behave as an http request over web, so its almost impossible to redirect the login request to some other server(AD/OID etc).
  I also did not find this in the Oracle documentation, so I suppose its not possible. The AD Pass Syncwould work but just installing the AD Pass Sync for a handful of users (accessing design console) would not be recommended as it requires an agent to be installed on AD side. You might need to handle the OIM passwords for such users manually.

• Authenticate against AD then Internal Store with same username?

  I know this sounds easy at first glance but I am having a nightmare of a time finding a way to get this to work.  Our engineers were used to OUR old ACS 3.2 method where an account was either authenticated against the internal user store or Wwindows AD and would like to duplicate this functionality with the our new ACS 5.3 setup.  I fully realize that the two models are not even close to being similar between those two versions but I am being asked anyway.
  Here is the crux of the issue.  If you have a jsmith account in the internal user store with one password, and also a jsmith in AD with a different password then the system cannot seem to handle different accounts with same name when it comes to passwords.
  I have an internal store sequence setup to authenticate against AD then the local data store.  The problem is that if the user puts the password of the internal store user the ACS server sees that the user exists in AD but that password was incorrect and authentication fails.
  Bottom line is that I need some kind of logic that says try to authenticate against AD first with this username and password, and if that fails instead of ending there try to authenticate to the internal store using the given username and password.
  Appreciate any help on this.

  Jagdeep,
  I thought ACS 5.3 allowed you to use the internal database but point the password authentication to AD? However if the user isnt found then we can point to AD by using a identity sequence store?

• New HTMLDB User - Want to authenticate against a database user

  Greetings... I would like to authenticate a user sign-in/logon screen against database users setup in the database. It appears to me that DAD might do this, but I'm a bit fuzzy on how to make it work. I looked in some of the FAQ's here and can't seem to find something that tells me how to do this. I'd be thankful for any help you can give this old DBA who's stepping into HTMLDB Development.
  (Love the product so far by the way!)
  Robert

  Robert - It depends on what your aim is, but one way to do it is to create a new DAD without a username or password in the connect info. This will require users to respond to the basic authentication challenge allowing those who have database accounts to authenticate to your application.
  Regardless of which database account is used to authenticate, keep in mind that all SQL and PL/SQL in the application executes as the schema designated as the application's "owner" or parsing schema, so the identity of the authenticated user with respect to database roles and privileges plays no part unless you actively use the session's USER value in VPD/RLS, for example.
  Scott

• Can you make Kerberos validate a ticket against the server?

  I do not know if what I am describing is possible/feasible - so please forgive my ignorance.
  I am trying to create a Kerberos single sign-on java desktop application (there is on webpage involved, and we does not try to log into other applications from there), using only the functionality built into Java (we are running Java 6.0), and on WIndows XP.
  The point of what we are trying to do is to archive the ability to
  1) Authenticate the user of the program, both for history keeping, but also to keep people who have no business out of our application (we do not explicitly need authorization, as this is taken care of internally in the application)
  2) Avoid any kind of log-in screen (in other words single sign-on, with the sign-on to the Windows user account as the first and only sign on).
  in that prioritized order.
  After having poking around for a while we finally got Kerberos in a semi working state - without any forms of external configuration files. However, the only way I have found to avoid having to deal with the CallbackHandler (which would mean we would need to have the user intervene - invalidating #2) has been to add the cachedTicket option.
  However, when I do so, there does not seem to be made any kind of validation against the server (the realm and KDC information can be freely set to gibberish - and it works even if the account that I do it from has been invalidated). This seems almost (I said almost) seems as unsafe as the "System.getProperty( "user.name" );" we started looking at in the beginning.
  If I have to go through the CallbackHandler then everything is OK (fails if the realm and KDC information is not correct - and likewise when my account has been deactivated, fails on any possible combination of bad password and/or username).
  So my question is: Is there a way to login securely, without having to prompt the user for his windows account and password (perhaps a special configuration). If so, do I need to use a keytab (we would prefer not to, but if that is what it takes....), should I look into authorization as a workaround (if it indeed could as such), using a third party Kerberos system (such as the one from FemiLab), something entirely different - or is what I am describing impossible?
  If needed I would be able to provide code snippets.
  Thank you for your time :)

  Hi,
  I've attached the llb file from the examples folder \LabVIEW\Examples\Comm
  This is a LabVIEW 5.1.1 folder but it should open in Ver 6 OK. But there maybe some links to other example VI.
  Regards
  Ray Farmer
  Regards
  Ray Farmer
  Attachments:
  comm.zip ‏335 KB

• Tax code to make non-editable after GRN against PO

  Dear All,
  I want to make tax code non-editable in PO after GRN is done against the LIne item.
  Are there settings or User exit to do to make tax code non-editable?
  Regards,
  Rakesh

  thanx for reply.
  But the requirement is to make Tax code in PO non-editable after GRN (we don,t have CIN implemented.),
  What happening is after GRn if tax ocde is changed in print preview the total or tax value is showing as per new/changed tax code. Also same tax code picked up in MIRO.
  I want to avoid that.
  Regards,
  Rakesh

• Authenticate against external windowsdb member server

  I would like to know if anyone has been able to get the ACS appliance version to authenticate users against a Windows Member Server not a DC (no AD).

  My bad, sorry.
  When using the appliance you need to use the Remote Agent for Windows, the appliance will then talk to this agent to authenticate users in its SAM or AD database. You need this since the Appliance is not part of any domain, so it needs to pass off the usernames/passwords to a Windows server that can authenticate users.
  You can read about it here:
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm
  Basically install it on the member server and you should be good to go, it will automatically use the local SAM database to check for usernames/passwords. This is actually easier to set up than if you were trying to authenticate to a domain, since there's really nothing for you to do other than install the agent.

• Use of makit chart for multiple values against month

  Hi all,
  here is my test data:
  var testDate = { mycollection : [ {Consumption : 200, Consumption1 : 170, ReadingDateTime: February},
                                   {Consumption : 300, Consumption1 : 170, ReadingDateTime: March},
                                   {Consumption : 200, Consumption1 : 130, ReadingDateTime: April},
                                   {Consumption : 200, Consumption1 : 230, ReadingDateTime: May},
                                   {Consumption : 200, Consumption1 : 270, ReadingDateTime: June},
                                   {Consumption : 200, Consumption1 : 200, ReadingDateTime: July},
  In this consumption is for present year and consumption 1 is for previous year.
  I want to implement both the values against the month using makit column charts:
  var oChartj = new sap.makit.Chart({
       height: "80%",
       width: "100%",
       showRangeSelector :false,
       primaryColorPalette:["#18458D"],
       category : new sap.makit.Category({ column : "month" }),
       values : [new sap.makit.Value({ expression : "consumption"})]
       var jsonModel = new sap.ui.model.json.JSONModel();
        jsonModel.setData(testData);
         oChartj.addColumn(new sap.makit.Column({name:"month", value:"{ReadingDateTime}"}));
        oChartj.addColumn(new sap.makit.Column({name:"consumption", value:"{Consumption}"}));
       oChartj.setModel(jsonModel);
         oChartj.bindRows("/mycollection");
  in this way i am able to print the data as consumption against month, I need to add consumption1 also.
  How to do this?
  Regards,
  Arun

  Hi All,
  I was able to do the same with the help of series property in makit charts.
  series : new sap.makit.Series({ column : "year" }),
  In our test data we need to create the data's based on this value, for example if we are plotting consumption against month then the year should be a differentiating quantity within the test data.
  So that the graph will iterate for that and plot two values for the same month.
  Regards,
  Arun

• Is Windows 2003 member servers still able to authenticate against Windows Server 2012 R2 AD after mirgation?

  Hi,
  We are planning to migrate Windows Server 2008 R2 AD to Windows Server 2012 R2 AD. But we have some Windows 2003 member servers (Running RADIUS for VPN user to authenticate their AD accounts). Does anyone know that existing Windows 2003 member
  servers still able to authenticate on Windows Server 2012 R2 AD after migration and function properly?  Just wanted to make sure Windows Server 2012 AD support Windows 2003 member server.
  Thanks.
  M

  Hi,
  Thanks for your post.
  Is there any Windows server 2003 domain controller in your domian?
  If yes, i think you could refer to this article:
  http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Authenticate Against OID

  I am new to jDeveloper and java.
  I developed an jsp/adf application using jDeveloper 10.1.2 which runs on Oracle 10g application server.
  The application works using the jazn-data.xml to access the db.
  I need to modify the application to hang off an Oracle portal and access the db is obtained after the user logs into the portal using the portal login.
  The user will access the application from logging into an oracle portal.
  I am not the Unix admin, so we assume the OID/SSO is properly configured.
  How can I pass the portal authentication to the jsp application to access the db without having to log in again.
  Reading the Oracle documentation and looking at the Oracle examples did not provide any clues to how to accomplish this.

  Shay
  I have not seen the document you are referring.
  The document appears to contain information I can utilize.
  I will post my progress on authenticating against the OID.
  Thanks

• Cannot get iLOM to authenticate against Active Directory

  I'm hoping it is some sort of configuration mistake, I'll happily take the fall for misconfiguration, if it solves my issue.
  We have a number of different Sun systems we just purchased, and LOVE the iLOM capabilities. Unfortunately, we have not been able to configure the Active Directory authentication properly. We've gotten the RADIUS auth to work, but since it doesn't have any extensible groups, there's no way to cleanly divide folks up. Have read the User's Guide extensively, and tried multiple variations on the LDAP configuration of the Active Directory AdminGroup settings, with no luck.
  I have verified the iLOM unit is reaching the AD server, I have captured communications, but sine it's encrypted, I can't see where the fault lies. The clocks are certainly within 5 minutes of each other, so it's not a kerberos time issue. The 'Trace' level of logging doesn't seem to include much info to me, but here is what is captured:
  2008-07-29 14:26:14     Local0.Warning     10.40.5.7     logmgr: ID = 1366 : Tue Jul 29 14:27:42 2008 : ActDir : Log : minor : (ActDir) module loaded, MOD-VER:Tue Jun 3 07:53:02 CST 2008
  2008-07-29 14:26:14     Local0.Critical     10.40.5.7     logmgr: ID = 1367 : Tue Jul 29 14:27:42 2008 : ActDir : Log : critical : (ActDir) _BindAUser: bind error. -1:-1, Can't contact LDAP server. Check cert-file, network connectivity, local date/time
  2008-07-29 14:26:14     Local0.Critical     10.40.5.7     logmgr: ID = 1368 : Tue Jul 29 14:27:42 2008 : ActDir : Log : critical : (ActDir) _BindAUser: bind error. -1:-1, Can't contact LDAP server. Check cert-file, network connectivity, local date/time
  2008-07-29 14:26:14     Local0.Error     10.40.5.7     logmgr: ID = 1369 : Tue Jul 29 14:27:42 2008 : ActDir : Log : major : (ActDir) ServerUserAuth - Error 0, error binding user to ActiveDirectory server
  2008-07-29 14:26:15     Local0.Error     10.40.5.7     logmgr: ID = 1370 : Tue Jul 29 14:27:42 2008 : ActDir : Log : major : (ActDir) server-authenticate: auth-error idx 0 server x.x.x.x
  2008-07-29 14:26:15     Local0.Critical     10.40.5.7     logmgr: ID = 1371 : Tue Jul 29 14:27:42 2008 : ActDir : Log : critical : (ActDir) authentication status: auth-ERROR
  2008-07-29 14:26:17     Local0.Warning     10.40.5.7     logmgr: ID = 1372 : Tue Jul 29 14:27:45 2008 : Audit : Log : minor : cleverlyc : Open Session : object = /session/type : value = www : error
  We have no certificates, and do not plan on using any (for quite some time). I cannot find any errors, notifications, or other data on the AD server, showing any sort of error/misrepresented credentials etc.
  Any ideas/help?
  Thanks!!

  Looks like this seems to be a common issue as I am having the same issue using current iLOM release.
  SP Firmware Version 2.0.2.10
  SP Firmware Build Number 35249
  SP Firmware Date Wed Jul 23 22:40:58 PDT 2008
  SP Filesystem Version 0.1.14
  Addition information I can provide is when reviewing the security logs on the DC I see no attempt at of any creds being used.
  Edited by: evil_bobster on Sep 22, 2008 10:50 AM