Naming Service in separate LDAP

Hi All,
Can any body pls tell me if it is possible to use a LDAP server as a naming service
rather than the using weblogic's naming service ? If yes, then pls tell me how
it can be done.
TIA,
Sudarson

I click on the '+' sign or use the menu 'create' option but I do not get a screen to enter any information.
I hard coded my tnsnames connection in my application and it work fine.
Thanks for getting back to me with the information and link. I've tried all possible combination without successfully being able to use the 'Naming Service' function.
Fred

Similar Messages

  • DIRECTORY NAMING SERVICE (LDAP)  supported in Oracle 11.5.10

    Hi,
    directory naming service (ldap) can be integrate directly with 11i (11.5.10) for netservices authentication.
    Cheers !

    Please see these docs.
    Oracle Application Server with Oracle E-Business Suite Release 11i FAQ [ID 186981.1]
    Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On [ID 261914.1]
    Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i [ID 233436.1]
    Thanks,
    Hussein

  • Issue Password-less SSH:  Sun OpenDS 2.0 as Naming Service

    We are in the final phase of a proof of concept for Sun OpenDS as the Naming service for an important customer and facing problem with password-less ssh. We narrowed the problem down to password policy specifying a value for password maximum age. SSH succeeds with ?0? (zero) but requires password if the value is different from 0.
    Any help in getting a resolution is greatly appreciated, as this is a road block now.
    The following information is gathered.
    The test is performed from a host thud which is setup as an ldapclient.
    thud 275 ssh thud -i .ssh/thud
    Password:
    Last login: Tue Oct 13 06:57:01 2009 from xxx
    Apparent reason (trimmed):
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying public key: .ssh/thud
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Server accepts key: pkalg ssh-dss blen 434 lastkey 1166d0 hint 0
    debug2: input_userauth_pk_ok: fp 07:15:b3:07:8d:da:b3:c8:34:d0:34:91:60:77:e0:39
    debug3: sign_and_send_pubkey
    debug1: read PEM private key done: type DSA
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup keyboard-interactive
    debug3: remaining preferred: password
    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    Password:
    Corresponding debug info from server (thud):
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: userauth-request for user doejohn service ssh-connection method publickey
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: test whether pkalg/pkblob are acceptable
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 6147/150 (e=0/1)
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: trying public key file /home/doejohn/.ssh/authorized_keys
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: matching key found: file /home/doejohn/.ssh/authorized_keys,
    line 2Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.info] Found matching DSA key: 07:15:b3:07:8d:da:b3:c8:34:d0:34:91:60:77:e0:39
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: restore_uid: 0/1
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: userauth-request for user doejohn service ssh-connection method publickey
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: attempt 2 initial attempt 0 failures 1 initial failures 0
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 6147/150 (e=0/1)
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: trying public key file /home/doejohn/.ssh/authorized_keys
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: matching key found: file /home/doejohn/.ssh/authorized_keys, line 2
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.info] Found matching DSA key: 07:15:b3:07:8d:da:b3:c8:34:d0:34:91:60:77:e0:39
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: restore_uid: 0/1
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: ssh_dss_verify: signature correct
    Oct 13 07:29:36 thud sshd[21187]: [ID 966290 auth.debug] PAM[21187]: pam_start(sshd-pubkey,doejohn,0:179560) - debug = 1
    Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:service)
    Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:user)
    Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:conv)
    Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:rhost)
    Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:tty)
    Oct 13 07:29:36 thud sshd[21187]: [ID 665327 auth.debug] PAM[21187]: pam_acct_mgmt(179560, 0)
    Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_roles.so.1
    Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
    Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_projects.so.1
    Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
    Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_unix_account.so.1
    Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
    Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_ldap.so.1
    Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
    Oct 13 07:29:36 thud sshd[21187]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
    Oct 13 07:29:36 thud sshd[21187]: [ID 267958 auth.debug] pam_unix_account: doejohn: Ignore module
    Oct 13 07:29:36 thud sshd[21187]: [ID 545954 auth.debug] libsldap: more_info is empty, using default values
    Oct 13 07:29:36 thud sshd[21187]: [ID 340006 auth.debug] PAM[21187]: pam_acct_mgmt(179560, 0): error Authentication failed
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.notice] Failed publickey for doejohn from 172.16.1.207 port 44363 ssh2
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: userauth-request for user doejohn service ssh-connection method keyboard-interactive
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: attempt 3 initial attempt 0 failures 3 initial failures 0
    Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: keyboard-interactive devs
    Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:conv)
    Oct 13 07:29:36 thud sshd[21187]: [ID 873394 auth.debug] PAM[21187]: pam_end(179560): status = Authentication failed
    Sending the Account Usability control on the server returns:
    ?The account is not usable?
    solaris-z1 487 # ldapsearch -D 'cn=directory manager' -w xxx -b 'dc=texas,dc=net' -J "accountUsability:true" uid=doejohn
    # Account Usability Response Control
    # The account is not usable
    dn: uid=doejohn,ou=eng,ou=People,dc=texas,dc=net
    uid: doejohn
    shadowLastChange: 14480
    loginShell: /bin/ksh
    userPassword: {CRYPT}GOUlmnz01bJbwcY69Btp2sIRJrLf+5RtAj4oug==
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    objectClass: shadowAccount
    objectClass: IEEPerson
    objectClass: posixAccount
    objectClass: top
    givenName: John
    cn: John Doe
    sn: Doe
    telephoneNumber: ...
    gecos: ...
    homeDirectory: /home/doejohn
    mail: [email protected]
    uidNumber: 6147
    gidNumber: 150
    manager: ...
    For someone with a different password policy (max age is 0) the account is usable.
    Ldapclient is running on a SPARC, Solaris 9 system; the Sun OpenDS 2.0 is running on Solaris 10 Sparc.
    Password-less ssh works as expected when using a system not using LDAP.

    See https://opends.dev.java.net/servlets/ProjectForumMessageView?messageID=31827&forumID=3292.
    Regards,
    Ludovic.

  • Naming Services cannot work well!!!

    Hi,
    I have configured the AM2005Q4 and Policy agent with apache, apache http.conf file is like
    ProxyRequests Off
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
    ProxyPass /hzycportal http://exchange.hzliqun.com:8013/hzycportal
    ProxyPassReverse /hzycportal http://exchange.hzliqun.com:8013/hzycportal
    When I type http://exchange.hzliqun.com:8080/hzycportal in IE, and type the user/password, but it cannot reach at the application system. The agent debug log is like
    2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: HTTP Status = 200 (OK)
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Http::Response::readAndParse(): Reading headers.
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Server: Sun-Java-System-Web-Server/6.1
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Date: Mon, 21 Nov 2005 02:22:18 GMT
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Content-type: text/html
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Connection: close
    2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: Http::Response::readAndParse(): No content length in response.
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 all: Connection::waitForReply(): returns with status success.
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Http::Response::readAndParse(): Completed processing the response with status: success
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <ResponseSet vers="1.0" svcid="com.iplanet.am.naming" reqid="2922">
    <Response><![CDATA[<NamingResponse vers="1.0" reqid="2916">
    <GetNamingProfile>
    <Exception>SessionID ---AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23---is Invalid</Exception>
    </GetNamingProfile>
    </NamingResponse>]]></Response>
    </ResponseSet>
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: NamingService()::parseNamingResponse(): Buffer to be parsed: <NamingResponse vers="1.0" reqid="2916">
    <GetNamingProfile>
    <Exception>SessionID ---AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23---is Invalid</Exception>
    </GetNamingProfile>
    </NamingResponse>
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: NamingService::parseNamingResponse(): Got Exception in XML.
    2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: NamingService::parseNamingResponse() returning with status invalid session.
    2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: NamingService()::getProfile() returning with error code invalid session.
    2005-11-21 10:23:07.578 Info 460:82f3d8 PolicyEngine: am_policy_evaluate: InternalException in Service::update_policy with error message:Naming query failed. and code:18
    2005-11-21 10:23:07.578 Warning 460:82f3d8 PolicyAgent: am_web_is_access_allowed()(http://exchange.hzliqun.com:8080/hzycportal, GET) denying access: status = invalid session
    2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://exchange.hzliqun.com:8080/hzycportal.
    2005-11-21 10:23:07.578 Info 460:82f3d8 PolicyAgent: am_web_is_access_allowed()(http://exchange.hzliqun.com:8080/hzycportal, GET) returning status: invalid session.
    2005-11-21 10:23:07.578 Info 460:82f3d8 PolicyAgent: process_request(): Access check for URL http://exchange.hzliqun.com:8080/hzycportal returned invalid session.
    2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 PolicyAgent: am_web_get_url_to_redirect(): goto URL is http://exchange.hzliqun.com:8080/hzycportal
    2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_get_url_to_redirect: Before invoking find_active_login_server()
    2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: is_server_alive(): Connection timeout set to 2
    2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_get_url_to_redirect: After invoking find_active_login_server()
    2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: process_access_redirect(): get redirect url returned AM_SUCCESS, redirect url [http://sunam1.hzliqun.com:80/amserver/UI/Login?goto=http%3A%2F%2Fexchange.hzliqun.com%3A8080%2Fhzycportal].
    2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: process_access_redirect(): returning web result AM_WEB_RESULT_REDIRECT.
    2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_REDIRECT, data [http://sunam1.hzliqun.com:80/amserver/UI/Login?goto=http%3A%2F%2Fexchange.hzliqun.com%3A8080%2Fhzycportal]
    2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_REDIRECT
    2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: get_request_url(): Host: exchange.hzliqun.com:8080
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: get_request_url(): Port is 8080.
    2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: get_request_url(): Returning request URL http://exchange.hzliqun.com:8080/hzycportal.
    2005-11-21 10:23:07.593 Warning 460:82f3d8 PolicyAgent: get_method_num(): Apache request method number did not match method string. Setting method number to match method string GET.
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: am_web_is_notification(), http://exchange.hzliqun.com:8080/hzycportal is not notification url http://exchange.hzliqun.com:8080/amagent/UpdateAgentCacheServlet?shortcircuit=false.
    2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: find_cookie(): cookie found: header [JSESSIONID=D835480D9BBF3902D562A596CC05E953; iPlanetDirectoryPro=AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%253D%2540AAJTSQACMDE%253D%2523] name [iPlanetDirectoryPro=AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%253D%2540AAJTSQACMDE%253D%2523] val [AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%253D%2540AAJTSQACMDE%253D%2523] val_len [78] next_cookie [NULL]
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: am_web_is_access_allowed(): processing url http://exchange.hzliqun.com:8080/hzycportal.
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: FqdnHandler::isValidFqdnResource() Resource => http://exchange.hzliqun.com:8080/hzycportal, is valid => true
    2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: am_web_is_access_allowed(): client_ip 10.44.202.218 not found in client ip not enforced list
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 AM_POLICY_SERVICE_NAME: am_policy_compare_urls(): compare usePatterns=true returned 3
    2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: in_not_enforced_list: enforcing access control for http://exchange.hzliqun.com:8080/hzycportal
    2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: set_host_ip_in_env_map: map_insert: client_ip=10.44.202.218
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 ServiceEngine: Executing update_policy(AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23, http://exchange.hzliqun.com:8080/hzycportal, GET, 2)
    2005-11-21 10:23:07.593 Debug 460:82f3d8 all: cookieList is not empty
    2005-11-21 10:23:07.593 Debug 460:82f3d8 all: Exit from buildCookieHeader
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="2923">
    <Request><![CDATA[
    <NamingRequest vers="1.0" reqid="2917" sessid="AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23">
    <GetNamingProfile>
    </GetNamingProfile>
    </NamingRequest>]]>
    </Request>
    </RequestSet>
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: BaseService::sendRequest Request line: POST /amserver/namingservice HTTP/1.0
    2005-11-21 10:23:07.593 Debug 460:82f3d8 NamingService: BaseService::sendRequest Cookie and Headers =Host: sunam1.hzliqun.com
    2005-11-21 10:23:07.593 Debug 460:82f3d8 NamingService: BaseService::sendRequest Content-Length =Content-Length: 346
    2005-11-21 10:23:07.593 Debug 460:82f3d8 NamingService: BaseService::sendRequest Header Suffix =Accept: text/xml
    Content-Type: text/xml; charset=UTF-8
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: BaseService::sendRequest(): Total chunks: 7.
    2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: BaseService::sendRequest(): Sent 7 chunks.
    And it will recycle these processes. From the logs, it seems that cannot get correct namingservices. But the agent configuration is correct, and likes these
    # $Id: AMAgent.properties,v 1.86.2.6 2005/10/25 18:14:11 dknab Exp $
    # Copyright ?2002 Sun Microsystems, Inc. All rights reserved.
    # U.S. Government Rights - Commercial software. Government users are
    # subject to the Sun Microsystems, Inc. standard license agreement and
    # applicable provisions of the FAR and its supplements. Use is subject to
    # license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
    # trademarks or registered trademarks of Sun Microsystems, Inc. in the
    # U.S. and other countries.
    # Copyright ?2002 Sun Microsystems, Inc. Tous droits r�serv�s.
    # Droits du gouvernement am�ricain, utlisateurs gouvernmentaux - logiciel
    # commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
    # licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
    # vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl�ments
    # ?celles-ci.
    # Distribu?par des licences qui en restreignent l'utilisation. Sun, Sun
    # Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
    # marques d�pos�es de Sun Microsystems, Inc. aux Etats-Unis et dans
    # d'autres pays.
    # The syntax of this file is that of a standard Java properties file,
    # see the documentation for the java.util.Properties.load method for a
    # complete description. (CAVEAT: The SDK in the parser does not currently
    # support any backslash escapes except for wrapping long lines.)
    # All property names in this file are case-sensitive.
    # NOTE: The value of a property that is specified multiple times is not
    # defined.
    # WARNING: The contents of this file are classified as an UNSTABLE
    # interface by Sun Microsystems, Inc. As such, they are subject to
    # significant, incompatible changes in any future release of the
    # software.
    # The name of the cookie passed between the Sun [TM] ONE Identity Server
    # and the SDK.
    # WARNING: Changing this property without making the corresponding change
    # to the Sun [TM] ONE Identity Server will disable the SDK.
    com.sun.am.cookieName = iPlanetDirectoryPro
    # The URL for the Sun [TM] ONE Identity Server Naming service.
    com.sun.am.namingURL = http://sunam1.hzliqun.com:80/amserver/namingservice http://sunim1.hzliqun.com:80/amserver/namingservice
    # The URL of the login page on the Sun [TM] ONE Identity Server.
    com.sun.am.policy.am.loginURL = http://sunam1.hzliqun.com:80/amserver/UI/Login http://sunim1.hzliqun.com:80/amserver/UI/Login
    #com.sun.am.policy.am.loginURL = http://sunam1.hzliqun.com:80/amserver/gateway http://sunim1.hzliqun.com:80/amserver/gateway
    # By default the agent checks if the Access Manager AUTH server is
    # active before performing the login.
    # This check can be ignored by setting the following property to true.
    # In this case the first server indicated in the loginURL property will
    # be selected, wether it is active or not.
    com.sun.am.ignore_server_check = false
    # Name of the file to use for logging messages.
    com.sun.am.logFile = D:/Apache/sun/Identity_Server/Agents/2.1/debug/apache_8080/amAgent
    # Name of the Sun [TM] ONE Identity Server log file to use for
    # logging messages to Sun [TM] ONE Identity Server.
    # Just the name of the file is needed. The directory of the file
    # is determined by settings configured on the Sun [TM] ONE Identity Server.
    com.sun.am.serverLogFile = amAuthLog.exchange.hzliqun.com.8080
    # Set the logging level for the specified logging categories.
    # The format of the values is
    #     <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
    # The currently used module names are: AuthService, NamingService,
    # PolicyService, SessionService, PolicyEngine, ServiceEngine,
    # Notification, PolicyAgent, RemoteLog and all.
    # The all module can be used to set the logging level for all currently
    # none logging modules. This will also establish the default level for
    # all subsequently created modules.
    # The meaning of the 'Level' value is described below:
    #     0     Disable logging from specified module*
    #     1     Log error messages
    #     2     Log warning and error messages
    #     3     Log info, warning, and error messages
    #     4     Log debug, info, warning, and error messages
    #     5     Like level 4, but with even more debugging messages
    # 128     log url access to log file on IS server.
    # 256     log url access to log file on local machine.
    # If level is omitted, then the logging module will be created with
    # the default logging level, which is the logging level associated with
    # the 'all' module.
    # for level of 128 and 256, you must also specify a logAccessType.
    # *Even if the level is set to zero, some messages may be produced for
    # a module if they are logged with the special level value of 'always'.
    com.sun.am.logLevels = all:5
    # The org, username and password for Agent to login to IS.
    #com.sun.am.policy.am.username = UrlAccessAgent
    com.sun.am.policy.am.username = amAdmin
    com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
    # Name of the directory containing the certificate databases for SSL.
    com.sun.am.sslCertDir = D:/Apache/sun/Identity_Server/Agents/2.1/apache/cert
    # Set this property if the certificate databases in the directory specified
    # by the previous property have a prefix.
    com.sun.am.certDbPrefix =
    # Should agent trust all server certificates when Sun [TM] ONE Identity Server
    # is running SSL?
    # Possible values are true or false.
    com.sun.am.trustServerCerts = true
    # Should the policy SDK use the Sun [TM] ONE Identity Server notification
    # mechanism to maintain the consistency of its internal cache? If the value
    # is false, then a polling mechanism is used to maintain cache consistency.
    # Possible values are true or false.
    com.sun.am.notificationEnabled = true
    # URL to which notification messages should be sent if notification is
    # enabled, see previous property.
    com.sun.am.notificationURL = http://exchange.hzliqun.com:8080/amagent/UpdateAgentCacheServlet?shortcircuit=false
    # Time in milliseconds the agent will wait to receive the
    # response from Access Manager. After the timeout, the connection
    # will be drop.
    # A value of 0 means that the agent will wait until receiving the response.
    # WARNING: Invalid value for this property can result in
    # the resources becoming inaccessible.
    com.sun.am.receive_timeout = 0
    # This property determines whether URL string case sensitivity is
    # obeyed during policy evaluation
    com.sun.am.policy.am.urlComparison.caseIgnore = true
    # This property determines the amount of time (in minutes) an entry
    # remains valid after it has been added to the cache. The default
    # value for this property is 3 minutes.
    com.sun.am.policy.am.cacheEntryLifeTime=3
    # This property allows the user to configure the User Id parameter passed
    # by the session information from the identity server. The value of User
    # Id will be used by the agent to set the value of REMOTE_USER server
    # variable. By default this parameter is set to "UserToken"
    com.sun.am.policy.am.userIdParam=UserToken
    # HTTP Header attributes mode
    # String attribute mode to specify if additional policy response attributes should
    # be introduced into the request. Possible values are:
    # NONE - no additional policy attributes will be introduced.
    # HEADER - additional policy attributes will be introduced into HTTP header.
    # COOKIE - additional policy attributes will be introduced through cookies.
    # If not within these values, it will be considered as NONE.
    com.sun.am.policy.am.ldapattribute.mode=NONE
    # The policy attributes to be added to the HTTP header. The specification is
    # of the format ldap_attribute_name|http_header_name[,...]. ldap_attribute_name
    # is the attribute in data store to be fetched and http_header_name
    # is the name of the header to which the value needs to be assigned.
    # NOTE: In most cases, in a destination application where a "http_header_name"
    # shows up as a request header, it will be prefixed by HTTP_, and all
    # lower case letters will become upper case, and any - will become _;
    # For example, "common-name" would become "HTTP_COMMON_NAME"
    com.sun.am.policy.am.headerAttributes=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
    # The cookie name used in iAS for sticky load balancing
    com.sun.am.policy.am.ias_SLB_cookie_name = GX_jst
    # indicate where a load balancer is used for Sun [TM] ONE Identity Server
    # services.
    # true | false
    com.sun.am.loadBalancer_enable = false
    ####Agent Configuration####
    # this is for product versioning, please do not modify it
    com.sun.am.policy.agents.version=2.1
    # Set the url access logging level. the choices are
    # LOG_NONE - do not log user access to url
    # LOG_DENY - log url access that was denied.
    # LOG_ALLOW - log url access that was allowed.
    # LOG_BOTH - log url access that was allowed or denied.
    com.sun.am.policy.agents.logAccessType = LOG_DENY
    # Agent prefix
    com.sun.am.policy.agents.agenturiprefix = http://exchange.hzliqun.com:8080/amagent
    # Locale setting.
    com.sun.am.policy.agents.locale = en_US
    # The unique identifier for this agent instance.
    com.sun.am.policy.agents.instanceName = unused
    # Do SSO only
    # Boolean attribute to indicate whether the agent will just enforce user
    # authentication (SSO) without enforcing policies (authorization)
    com.sun.am.policy.agents.do_sso_only = false
    # The URL of the access denied page. If no value is specified, then
    # the agent will return an HTTP status of 403 (Forbidden).
    com.sun.am.policy.agents.accessDeniedURL =
    # This property allows the user to configure the URL Redirect parameter
    # for different auth modules. By default this parameter is set to "goto"
    com.sun.am.policy.agents.urlRedirectParam=goto
    # Default FQDN is the fully qualified hostname that the users should use
    # in order to access resources on this web server instance. This is a
    # required configuration value without which the Web server may not
    # startup correctly.
    # The primary purpose of specifying this property is to ensure that if
    # the users try to access protected resources on this web server
    # instance without specifying the FQDN in the browser URL, the Agent
    # can take corrective action and redirect the user to the URL that
    # contains the correct FQDN.
    # This property is set during the agent installation and need not be
    # modified unless absolutely necessary to accommodate deployment
    # requirements.
    # WARNING: Invalid value for this property can result in the Web Server
    # becoming unusable or the resources becoming inaccessible.
    # See also: com.sun.am.policy.agents.fqdnMap
    com.sun.am.policy.agents.fqdnDefault = exchange.hzliqun.com
    # The FQDN Map is a simple map that enables the Agent to take corrective
    # action in the case where the users may have typed in an incorrect URL
    # such as by specifying partial hostname or using an IP address to
    # access protected resources. It redirects the browser to the URL
    # with fully qualified domain name so that cookies related to the domain
    # are received by the agents.
    # The format for this property is:
    # com.sun.am.policy.agents.fqdnMap = [invalid_hostname|valid_hostname][,...]
    # This property can also be used so that the agents use the name specified
    # in this map instead of the web server's actual name. This can be
    # accomplished by doing the following.
    # Say you want your server to be addressed as xyz.hostname.com whereas the
    # actual name of the server is abc.hostname.com. The browsers only knows
    # xyz.hostname.com and you have specified polices using xyz.hostname.com at
    # the Identity Server policy console, in this file set the mapping as
    # com.sun.am.policy.agents.fqdnMap = valid|xyz.hostname.com
    # WARNING: Invalid value for this property can result in the Web Server
    # becoming unusable or the resources becoming inaccessible.
    com.sun.am.policy.agents.fqdnMap =
    # Cookie Reset
    # This property must be set to true, if this agent needs to
    # reset cookies in the response before redirecting to
    # Identity Server for Authentication.
    # By default this is set to false.
    # Example : com.sun.am.policy.agents.cookie_reset_enabled=true
    com.sun.am.policy.agents.cookie_reset_enabled=false
    # This property gives the comma separated list of Cookies, that
    # need to be included in the Redirect Response to Identity Server.
    # This property is used only if the Cookie Reset feature is enabled.
    # The Cookie details need to be specified in the following Format
    # name[=value][;Domain=value]
    # If "Domain" is not specified, then the default agent domain is
    # used to set the Cookie.
    # Example : com.sun.am.policy.agents.cookie_reset_list=LtpaToken,
    # token=value;Domain=subdomain.domain.com
    com.sun.am.policy.agents.cookie_reset_list=
    # This property gives the space separated list of domains in
    # which cookies have to be set in a CDSSO scenario. This property
    # is used only if CDSSO is enabled.
    # If this property is left blank then the fully qualified cookie
    # domain for the agent server will be used for setting the cookie
    # domain. In such case it is a host cookie instead of a domain cookie.
    # Example : com.sun.am.policy.agents.cookieDomainList=.sun.com .iplanet.com
    com.sun.am.policy.agents.cookieDomainList=
    # user id returned if accessing global allow page and not authenticated
    com.sun.am.policy.agents.unauthenticatedUser=anonymous
    # Enable/Disable REMOTE_USER processing for anonymous users
    # true | false
    com.sun.am.policy.agents.anonRemoteUserEnabled=false
    # Not enforced list is the list of URLs for which no authentication is
    # required. Wildcards can be used to define a pattern of URLs.
    # The URLs specified may not contain any query parameters.
    # Each service have their own not enforced list. The service name is suffixed
    # after "# com.sun.am.policy.agents.notenforcedList." to specify a list
    # for a particular service. SPACE is the separator between the URL.
    # com.sun.am.policy.agents.notenforcedList = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
    # Boolean attribute to indicate whether the above list is a not enforced list
    # or an enforced list; When the value is true, the list means enforced list,
    # or in other words, the whole web site is open/accessible without
    # authentication except for those URLs in the list.
    com.sun.am.policy.agents.reverse_the_meaning_of_notenforcedList = false
    # Not enforced client IP address list is a list of client IP addresses.
    # No authentication and authorization are required for the requests coming
    # from these client IP addresses. The IP address must be in the form of
    # eg: 192.168.12.2 1.1.1.1
    com.sun.am.policy.agents.notenforced_client_IP_address_list =
    # Enable POST data preservation; By default it is set to false
    com.sun.am.policy.agents.is_postdatapreserve_enabled = false
    # POST data preservation : POST cache entry lifetime in minutes,
    # After the specified interval, the entry will be dropped
    com.sun.am.policy.agents.postcacheentrylifetime = 10
    # Cross-Domain Single Sign On URL
    # Is CDSSO enabled.
    com.sun.am.policy.agents.cdsso-enabled=false
    # This is the URL the user will be redirected to for authentication
    # in a CDSSO Scenario.
    com.sun.am.policy.agents.cdcservletURL = http://sunam1.hzliqun.com:80/amserver/cdcservlet
    # Enable/Disable client IP address validation. This validate
    # will check if the subsequent browser requests come from the
    # same ip address that the SSO token is initially issued against
    com.sun.am.policy.agents.client_ip_validation_enable = false
    # Whether to decode the session cookie before sending it to IS.
    # Set to true if the cookie value is URL encoded, false otherwise.
    # For example, cookie values from browsers are URL encoded, and
    # some containers always returns the cookie URL encoded.
    com.sun.am.cookieEncoded = false
    # Below properties are used to define cookie prefix and cookie max age
    com.sun.am.policy.am.ldapattribute.cookiePrefix = HTTP_
    com.sun.am.policy.am.ldapattribute.cookieMaxAge = 300
    # Logout URL - application's Logout URL.
    # This URL is not enforced by policy.
    # if set, agent will intercept this URL and destroy the user's session,
    # if any. The application's logout URL will be allowed whether or not
    # the session destroy is successful.
    com.sun.am.policy.agents.logout.url=
    # Any cookies to be reset upon logout in the same format as cookie_reset_list
    com.sun.am.policy.agents.logout.cookie_reset_list =
    # Below property is reserved for future use. Please do not change the value.
    # By default, when a policy decision for a resource is needed,
    # agent gets and caches the policy decision of the resource and
    # all resource from the root of the resource down, from the Identity Server.
    # For example, if the resource is http://host/a/b/c, the the root of the
    # resource is http://host/. This is because more resources from the
    # same path are likely to be accessed subsequently.
    # However this may take a long time the first time if there
    # are many many policies defined under the root resource.
    # To have agent get and cache the policy decision for the resource only,
    # set the following property to false.
    com.sun.am.policy.am.fetchFromRootResource = true
    # Whether to get the client's hostname through DNS reverse lookup for use
    # in policy evaluation.
    # It is true by default, if the property does not exist or if it is
    # any value other than false.
    com.sun.am.policy.agents.getClientHostname = true
    # The following property is to enable native encoding of
    # ldap header attributes forwarded by agents. If set to true
    # agent will encode the ldap header value in the default
    # encoding of OS locale. If set to false ldap header values
    # will be encoded in UTF-8
    com.sun.am.policy.agents.convertMbyteEnabled = false
    #When the not enforced list or policy has a wildcard '*' character, agent
    #strips the path info from the request URI and uses the resulting request
    #URI to check against the not enforced list or policy instead of the entire
    #request URI, in order to prevent someone from getting access to any URI by
    #simply appending the matching pattern in the policy or not enforced list.
    #For example, if the not enforced list has the value http://host/*.gif,
    #stripping the path info from the request URI will prevent someone from
    #getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
    #However when a web server (for exmample apache) is configured to be a reverse
    #proxy server for a J2EE application server, path info is interpreted in a different
    #manner since it maps to a resource on the proxy instead of the app server.
    #This prevents the not enforced list or policy from being applied to part of
    #the URI below the app serverpath if there is a wildcard character. For example,
    #if the not enforced list has value http://host/webapp/servcontext/* and the
    #request URL is http://host/webapp/servcontext/example.jsp the path info
    #is /servcontext/example.jsp and the resulting request URL with path info stripped
    #is http://host/webapp, which will not match the not enforced list. By setting the
    #following property to true, the path info will not be stripped from the request URL
    #even if there is a wild character in the not enforced list or policy.
    #Be aware though that if this is set to true there should be nothing following the
    #wildcard character '*' in the not enforced list or policy, or the
    #security loophole described above may occur.
    com.sun.am.ignore_path_info = false
    # Override the request url given by the web server with
    # the protocol, host or port of the agent's uri specified in
    # the com.sun.am.policy.agents.agenturiprefix property.
    # These may be needed if the agent is sitting behind a ssl off-loader,
    # load balancer, or proxy, and either the protocol (HTTP scheme),
    # hostname, or port of the machine in front of agent which users go through
    # is different from the agent's protocol, host or port.
    com.sun.am.policy.agents.overrideProtocol =
    com.sun.am.policy.agents.overrideHost =
    com.sun.am.policy.agents.overridePort =
    # Override the notification url in the same way as other request urls.
    # Set this to true if any one of the override properties above is t

    if you can add more details in your question, that'll be better.
    in my case, i initially had pix515e with v6.1 on it, and cannot get a dialtone because my sip phone (ata186) is not registered on my proxy. but when i changed my pix to v6.2, it worked just fine. i didn't put any access-list though, as fixup does it for me already.

  • Remote Authentication Naming Service Not Found

    Hey everybody,
    I found this thread:
    http://swforum.sun.com/jive/thread.jspa?threadID=54004
    That thread mentions (or implies) there is something different that must be accomplished when performing remote authentications vs local authentications but never actually states what is different.
    Anyhow, I am attempting to perform a remote authentication, and am running into problems. I have taken the code listed in the above thread and modified it for my usage, with a few modifications. However, I keep getting this error:
    [#|2006-02-13T15:50:56.321-0500|INFO|sun-appserver-pe8.1_02|javax.enterprise.system.stream.out|_ThreadID=25;|ERROR: updateNamingTable : Naming Service is not available.
    |#]
    [#|2006-02-13T15:50:56.332-0500|WARNING|sun-appserver-pe8.1_02|javax.enterprise.system.stream.err|_ThreadID=25;|
    com.sun.identity.authentication.spi.AuthLoginException(1):null
    com.sun.identity.authentication.spi.AuthLoginException(2):null
    com.sun.identity.authentication.spi.AuthLoginException: Failed to create new Authentication Context: Naming Service is not available.
            at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1310)
            at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1261)
            at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:178)
            at infrastructure.SessionBean1.login(SessionBean1.java:224)
            at infrastructure.login.button1_action(login.java:267)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at ...When I connect to the service via http://myserver.mydomain.tld/amserver/namingservice I recieve a message that looks like:
    Webtop 2.5 Platform Low Level request servletWhich indicates it is running properly. I also am using the AMConfig.properties that is running on the server to pull my values and my code (listed below) prints out all the values it reads. I am using the base dn for the orgname as indicated in various documentation.
    My code looks like:
        public boolean login(String username, String password) {
            try {
                ResourceBundle resources = ResourceBundle.getBundle("AMConfig");
                String orgname = null;
                Properties props = new Properties();
                Enumeration keyEnum = resources.getKeys();
                while ( keyEnum.hasMoreElements() ) {
                    String key = (String) keyEnum.nextElement();
                    String value = (String) resources.getString(key);
                    props.setProperty(key, value);
                    if ( key.equalsIgnoreCase("com.iplanet.am.defaultOrg") ) {
                        orgname = value;
                    this.getFacesContext().addMessage(null, new FacesMessage(key + " = " + value));
                SystemProperties.initializeProperties(props);
                // Authenticate the user and obtain SSO Token
                AuthContext lc = null;
                lc = new AuthContext(orgname);
                lc.login();
                while (lc.hasMoreRequirements()) {
                    Callback[] callbacks = lc.getRequirements();
                    for (int i = 0; i < callbacks.length; i++) {
                        if (callbacks[i] instanceof NameCallback) {
                            NameCallback nc = (NameCallback) callbacks;
    nc.setName(username);
    } else if (callbacks[i] instanceof PasswordCallback) {
    PasswordCallback pc = (PasswordCallback) callbacks[i];
    pc.setPassword(password.toCharArray());
    } else {
    log("Unknown Callback: " + callbacks[i]);
    return false;
    lc.submitRequirements(callbacks);
    if (lc.getStatus() != AuthContext.Status.SUCCESS) {
    log("Invalid credentials");
    return false;
    // Obtain the SSO Token
    token = lc.getSSOToken();
    log("SSOToken: " + token.getTokenID());
    log("User DN: " +
    token.getPrincipal().getName());
    // Obtain AMUser object
    db = new AMStoreConnection(token);
    user = db.getUser(token.getPrincipal().getName());
    // Get the attributes and display them
    log("Attributes: " + user.getAttributes());
    } catch (Exception e) {
    this.getFacesContext().addMessage(null, new FacesMessage("An exception occurred, unable to login.", e.getMessage()));
    e.printStackTrace();
    return false;
    Any ideas?
    Thanks!
    Joshua Preston.

    The most common reason for this error is improper
    communication with your LDAP server . Is your DS
    setup correctly and are you able to authenticate
    using amadmin ?Yes, our DS is setup correctly and I am able to authenticate using amadmin.

  • JNDI Naming services

    Im currently working on some code and Im really in need of a naming service, preferably one with a service provider for JNDI. In essence what Im looking for is a very basic name server, although knowing little about the suject at this point Im thinking that ldap, nis are really not well suited to my needs as my key goal is mapping names to references( under dynamic contexts), which Ive allready half implemented. As things are getting more complex and what Ive implemented of rather poor design, Im starting to feel like Im going to have a rough month or two ahead of me!! I dont want to re-invent the wheel and I know in my heart someone has allready coded the software I need!!! Unfortunately My search has been fruitless. Id greatly appreciate it if someone can steer me in the right direction. In the meantime I think Ill be pulling my hair out trying to figure out how to code the software I need.... Sorry for not fully explaining what Im after, if not enough info just let me know and Ill try to provide more detail.............

    Hi Prisco,
    You can go very well fo JNDI. And you can use Netscape or Iplanet Directory server as LDAP server.
    Please Download the Directory Server from this URL.
    http://www.iplanet.com/downloads/download/2087.html
    Also here with I am giving you a simple Authentication program, which makes use of JNDI and Netscape Directory server. If you follow these steps, you will get a good idea about JNDI.
    DESCRIPTION:
    I am trying to use LDAP to control access to a HTML page. I want an authentication
    box to pop up, allowing the user to authenticate to the HTML page through a LDAP server.
    If they succesfully authenticate, I need to check their username against a list
    of valid usernames that's stored in a database, then give access to the page
    based on that list. How can I implement this solution?
    SOLUTION:
    The best way is to use Basic Authentication solution with JNDI and LDAP server,
    Netscape Directory server(for example) with a simple servlet program. Java Naming
    and Directory Interface (JNDI) API is standardized, and enable to use different
    directory services such as Netscape Directory server. LDAP server can be used
    for storing some common data's used in the sample solution.
    It can be done through a servlet to check the user and its password which is
    stored in the LDAP server.
    In order to demonstrate a sample solution, I will use the Netscape Directory
    Server 4.13 as the LDAP server, which is loaded my own LDIF file with customized
    attributes. The basic authentication algorithm will be used in this sample
    solution.
    The following steps are to implement this sample solution:
    1. Creating our own LDAP data Interchange format (LDIF) file.
    2. Loading(Import) the Ldif file in Netscape Directory Server.
    3. Creation of user schema files for customized attributes.
    4. Load the user schema files in the Netscape Directory Server.
    5. Restart the Directory Server
    6. A simple servlet program for basic authentication.
    7. A sample HTML file is given last, used in servlet program.
    Here are the detail description of the above steps:
    STEP 1: Creating our own LDAP data Interchange format (LDIF) file:
    Here is the LDIF (LDAP data Interchange format) file is a text based format used to work
    on LDAP data, with both our application and end users.
    Through this LDIF file, I am having an attribute "customerid: timb" for which I will
    be preparing the authentication, which will have its own password
    "userpassword: bakrudeen", through which it can be maintained in a common place.
    Here again in the same LDIF file, other information related to the "customerid: timb"
    such as common name "cn: Tim Briggs", sur name "sn: Briggs" etc are maintained.
    The data in LDAP is organized in a tree, called a Directory Information tree(DIT).
    Each leaf in DIT is called an entry. The first entry in DIT is called the root entry.
    Here is a sample LDIF File which is used in our sample solution:-
    Here the DIT is maintained in such a way data is organized in LDAP, is fairly simple. In this
    sample we store all of our entries in a common root o=fedup.com, with the following branches
    Customers - Customer Entries with " customer id: timb" , userpassword: bakrudeen, and other
    information related to this customer is kept in a common place.
    dn: uid=timb,ou=Customers,o=fedup.com
    changetype:add
    objectclass: customer
    objectclass: inetorgperson
    objectclass: organizationalPerson
    objectclass: person
    objectclass: top
    cn: Tim Briggs
    uid: timb
    givenname: Tim
    customerid: timb
    sn: Briggs
    facsimiletelephonenumber: 4101
    telephonenumber: 4145
    creatorsname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
    createtimestamp: 20000501084001Z
    aci: (target="ldap:///uid=timb,ou=Customers,o=fedup.com")(targetattr="*")(version 3.0; acl "unknown"; allow (all)(userdn = "ldap:///anyone");)
    ou: Customers
    mail:
    userpassword: bakrudeen
    modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
    modifytimestamp: 20000605084001Z
    STEP 2: Loading(Import) the Ldif file in Netscape Directory Server:-
    Once after creating the above sample LDIF File, it should be added in Netscape Directory Server.
    It should be imported in order to add the neccessary atributes in the Netscape Directory server,
    so that we can make use of the Common data.
    Steps for Importing the LDIF file in the Directory Server:-
    1) Create an instance of the Directory Server.
    2) Bind it to the different port with different organizational unit
    (Here in this program, it is 1124).
    3) Press the Configuration from the menu.
    4) Then select import from the Console menu.
    5) Choose the LDIF file you are going to import.
    6) There also you have to provide a file for rejected entries, ie it will list all the entries
    which is not added while loading.
    STEP 3: Creation of our own USER SCHEMA Files:-
    It is necessary for adding the attributes which are not defined in the
    Netscape directory server. In the above, customerid which is defined in ldif
    file is not existing in the directory server.
    Here is the Schema file for attributes:(ie for defining for eg customer id).
    The name of the file is slapd.user_at.conf:-
    attribute customerid customerid-oid cis single
    attribute packageid packageid-oid cis single
    attribute receivedate receivedate-oid cis single
    attribute shipdate shipdate-oid cis single
    attribute shipperid shipperid-oid dn single
    attribute receiveid receiveid-oid dn single
    #Java Attributes
    # Schema for storing java objects and java object references
    attribute javaClassName 1.3.6.1.4.1.42.2.27.4.1.1 ces single
    attribute javaCodebase 1.3.6.1.4.1.42.2.27.4.1.6 ces
    attribute javaSerializedData 1.3.6.1.4.1.42.2.27.4.1.7 bin single
    attribute javaRemoteLocation 1.3.6.1.4.1.42.2.27.4.1.8 ces single
    attribute javaFactory 1.3.6.1.4.1.42.2.27.4.1.4 ces single
    attribute javaReferenceAddress 1.3.6.1.4.1.42.2.27.4.1.3 ces
    Here is Schema file for your own object classes:-
    The name of the file is Slapd.user_oc.conf:-
    In the similar way as above there are no "customer" class in the object classes
    defined in the LDAP, so we will have to create our own "customer" Object class.
    Also it extends inetOrgPerson to add some new attributes such as "customerid".
    The object class of an entry specifies what attributes are required and what
    attributes are allowed in a particular entry.
    Also for eg, Package classes in the object class is created.
    Here is the sample file for creating the above:-
    objectclass package
    oid package-oid
    superior top
    requires
    packageid,
    receiveid,
    shipdate,
    shipperid
    allows
    description,
    ou,
    receivedate
    objectclass customer
    oid customer-oid
    superior inetorgperson
    requires
    customerid
    allows
    c
    #JAVA Schema
    # Schema for storing java objects and java object references
    objectclass javaContainer
    oid 1.3.6.1.4.1.42.2.27.4.2.1
    superior top
    requires
    cn
    objectclass javaObject
    oid 1.3.6.1.4.1.42.2.27.4.2.4
    superior top
    requires
    javaClassName
    allows
    javaCodebase
    objectclass javaSerializedObject
    oid 1.3.6.1.4.1.42.2.27.4.2.5
    superior javaObject
    requires
    javaSerializedData
    objectclass javaRemoteObject
    oid 1.3.6.1.4.1.42.2.27.4.2.6
    superior javaObject
    requires
    javaRemoteLocation
    objectclass javaNamingReference
    oid 1.3.6.1.4.1.42.2.27.4.2.7
    superior javaObject
    requires
    javaReferenceAddress,
    javaFactory
    STEP 4: Loading the USER SCHEMA files in Directory Server:-
    All the attributes created above should be added to the corresponding directory server,
    in order to make it as a common attribute.
    Steps for adding the User Schema files to the Directory Server:-
    1. Copy the above user schema files to the appropriate instance of Netscape Directory Server
    created above so that the existing LDIF file which is used in the Netscape directory
    server is not appended or overwritten.
    2. For eg, put it in "NetscapeServer/slapd-HostName/config" to replace the empty
    files "slapd.user_at.conf" and "slapd.user_oc.conf" by default.
    3. Then restart the Directory Server.
    STEP 5: Simple Servlet Program for BASIC AUTHENTICATION.
    Here is the simple servlet program for Basic Authentication:-
    Here the way the LDAP authentication works is by attempting to the server with a
    DN and a password. No user in their right mind will remember their DN, so we use
    some other attribute such as user-id. Then we search in the LDAP server to find
    an entry that contains the attribute. Here we are maintaining SUBTREE_SCOPE using
    JNDI, which starts its search starting from the base entry, and searches
    everything below it including the base entry. Also I am maintaining Global
    variables for LDAP setting.
    // Importing the necessary Packages
    import java.io.*;
    import java.util.*;
    import javax.servlet.*;
    import javax.servlet.http.*;
    import javax.naming.*;
    import javax.naming.directory.*;
    public class AuthServ extends HttpServlet {
    // Here are our global variables of our LDAP Settings.
    public static String MY_CUSTOMER_BASE = "ou=Customers,o=fedup.com";
    public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
    public static int MY_PORT = 1124;
    public static String MY_HOST = "ldap://sundts1.india.sun.com:" + MY_PORT;
    public static String MY_MGR = "cn=Directory Manager";
    public static String MY_PWD = "password";
    public static String MY_SEARCHBASE = "o=fedup.com";
    Hashtable env = new Hashtable();
    // Using the Get Method of Servlet
    public void doGet(HttpServletRequest req, HttpServletResponse res)
    throws ServletException, IOException {
    res.setContentType("text/html");
    // To Check to See if there is any data in the "Authorization" Http header from the browser.
    // If not it will prompt for username and password.
    String auth = req.getHeader("Authorization");
    // Do we allow the user
    if (!allowedUser(auth) ) {
    // Not Allowed, so report unauthorized
    res.setStatus(res.SC_UNAUTHORIZED);
    res.setHeader("WWW-Authenticate", "BASIC realm=\"users\"");
    // User is allowed in
    else
    // Using SSI to include and display the content of a Simple HTML Page
    RequestDispatcher rd= this.getServletContext().getRequestDispatcher("/auth.html");
    rd.include(req,res);
    // This method checks to see whether the user exist in the LDAP database.
    protected boolean allowedUser(String auth) throws IOException {
    Hashtable env = new Hashtable();
    boolean status = false;
    try {
    // No Authorization
    if (auth == null) return false;
    // Basic Authentication is Handled, Other possibilities are MD5 hash or SSL Certificates.
    if (!auth.toUpperCase().startsWith("BASIC ")) {
    return false; //only do BASIC
    // Get encoded user and password, comes after BASIC
    String userpassEncoded = auth.substring(6);
    // Decode it, using any base 64 decoder
    sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
    String userpassDecoded = new String(dec.decodeBuffer(userpassEncoded));
    StringTokenizer st = new StringTokenizer(userpassDecoded,":");
    String customerid = st.nextToken();
    String pwd = st.nextToken();
    Please Note:
    LDAP Authentication works by attempting to bind to the server with a DN and a password.
    No user will remember their DN so we use some other attribute such as user-id.
    Then we search in the LDAP server to find an entry in the LDAP server to find an entry
    that contains the attribute.
    For a Secure System, we should use an attribute that will be unique per entry such as
    uid, in our case the "customerid" attribute.
    // Prepare for context
    env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
    env.put(Context.PROVIDER_URL, MY_HOST);
    // Get a reference to a directory context
    DirContext ctx = new InitialDirContext(env);
    // Specify the scope of the search
    SearchControls constraints = new SearchControls();
    constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
    // Perform the actual search
    // We give it a searchbase, a filter and the constraints
    // containing the scope of the search
    NamingEnumeration results =
    ctx.search(MY_CUSTOMER_BASE, "(customerid=" + customerid + ")", constraints);
    String dn = null;
    If it does not throw an exception,
    then it is considered to be an Successful Authentication
    // Now step through the search results
    while (results != null && results.hasMore()) {
    SearchResult sr = (SearchResult) results.next();
    dn = sr.getName() + "," + MY_CUSTOMER_BASE;
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, dn);
    env.put(Context.SECURITY_CREDENTIALS, pwd);
    try {
    DirContext ctx2 = new InitialDirContext(env);
    status = true;
    } catch (AuthenticationException e) {
    log(e.toString());
    } catch (NamingException x) {
    log(x.toString());
    return status;
    STEP 6: Simple HTML file used in Servlet Program:-
    Here is the Simple HTML File we are including in RequestDispatcher of the above program:-
    <html>
    <head>
    <title> Authorisation</title>
    </head>
    <body>
    <h1> Your Authorisation is Successful </h1>
    </body>
    </html>
    I hope this will help you.
    Thanks
    Bakrudeen

  • How to configure Apache/Portal to service 2 separate groups of  users

    Before someone say this is a Portal issue - please read on.
    I would like to know how to configure Portal to service 2 separate groups of * Internet * users (A and B) all within the same installation so that when a user enters www.aaa.com or www.bbb.com that user is directed to a public page for that group only.
    Currently, when a user of either group enters www.aaa.com or www.bbb.com they arrive at the same public page where they can click on a link and goto their respective private pages (SSO Protected) after logging in.
    My installation facts
    infra - host1.mycompany.com
    portal - host2.mycompany.com (www.aaa.com and www.bbb.com are pointing to this host)
    j2ee - host3.mycompany.com
    I have configured web-cache to listen on port 80 and direct all requests to host2.mycompany.com:7778.
    I used RedirectMatch within host2 httpd.conf to redirect any request to the portal public page.
    I wondering if it is possible to read the "IP NAME" and do a RedirectMatch on it. In other words when a request come into the Apache listener - is it seeing an IP address request or an IP name ie "www.aaa.com". Because if it is - then there may be some way to redirect based upon that. My assumption is the "http://www.aaa.com" cannot be read by RedirectMatch - only the portion after "http://www.aaa.com/mypage" ie "mypage.
    Any help is appreciated!
    Bill G...

    I don't think the issue is one of Apache (not even sure it's one of named virtual hosts since you want both sites to serve the same content). The issue is one of having multiple .local names point to the same machine.
    I don't know this can be done without your own DNS server running in the network.

  • Cos Naming & WLS Naming Service problem in distributed Tuxedo application

    Hi,
    we have been starting our investigation into using the distributed application feature of Tuxedo (multiple machines running under 1 Tuxedo domain which make up the entire Tuxedo Application).
    when trying to access WLS EJB object references from Tuxedo, we hit a road block.
    we have been using the standard method of searching through Cos Naming for a bind context which refers to WLS Naming Service. (this method is documented online and in dev2dev samples) Under non distributed application setup (1 Tux domain with 1 machine as in all examples), everything works fine and I can see into 1 WLS server's JNDI tree. But when in distributed application setup where we want to have two (for example) machines and we also want two WLS managed server with each running on their own machine, it seems that there are some unexpected problems:
    1. - only one set of GWADM/GWTDOMAIN is running
    - each WLS managed server has its own WTC server
    - each WTC server has its own LOCAL ACCESS POINTs
    - each WTC server uses the single REMOTE ACCESS POINT
    (since only one GWTDOMAIN is running in this scenario)
    --> problem: only one of the managed server's JNDI tree can be traversed into, and only one of the WTC link works for Cos Naming -> WLS Naming Service resolution
    2. - each machine is running their set of GWADM/GWTDOMAIN
    - in dmconfig, two local Tux domain-ids are defined, for the
    two groups of GW
    - WTC server setup is identical to above; except
    each of the WTC is pointing to separate REMOTE ACCESS POINTs
    - when DOMAINID in ubbconfig is not defined, the same Cos Naming to WLS Naming Service search fails.
    - when DOMAINID in ubbconfig is defined, the same Cos naming to WLS Naming Service search fails with an CORBA:INTERNAL error.
    Does anyone know how to get Cos Naming -> WLS Naming Service working properly under a distributed Tuxedo application setup and also with multiple sets of GWADM/GWTDOMAIN?
    Thanks.
    Edited by a_tam at 04/17/2008 11:34 AM

    Hi,
    we have been starting our investigation into using the distributed application feature of Tuxedo (multiple machines running under 1 Tuxedo domain which make up the entire Tuxedo Application).
    when trying to access WLS EJB object references from Tuxedo, we hit a road block.
    we have been using the standard method of searching through Cos Naming for a bind context which refers to WLS Naming Service. (this method is documented online and in dev2dev samples) Under non distributed application setup (1 Tux domain with 1 machine as in all examples), everything works fine and I can see into 1 WLS server's JNDI tree. But when in distributed application setup where we want to have two (for example) machines and we also want two WLS managed server with each running on their own machine, it seems that there are some unexpected problems:
    1. - only one set of GWADM/GWTDOMAIN is running
    - each WLS managed server has its own WTC server
    - each WTC server has its own LOCAL ACCESS POINTs
    - each WTC server uses the single REMOTE ACCESS POINT
    (since only one GWTDOMAIN is running in this scenario)
    --> problem: only one of the managed server's JNDI tree can be traversed into, and only one of the WTC link works for Cos Naming -> WLS Naming Service resolution
    2. - each machine is running their set of GWADM/GWTDOMAIN
    - in dmconfig, two local Tux domain-ids are defined, for the
    two groups of GW
    - WTC server setup is identical to above; except
    each of the WTC is pointing to separate REMOTE ACCESS POINTs
    - when DOMAINID in ubbconfig is not defined, the same Cos Naming to WLS Naming Service search fails.
    - when DOMAINID in ubbconfig is defined, the same Cos naming to WLS Naming Service search fails with an CORBA:INTERNAL error.
    Does anyone know how to get Cos Naming -> WLS Naming Service working properly under a distributed Tuxedo application setup and also with multiple sets of GWADM/GWTDOMAIN?
    Thanks.
    Edited by a_tam at 04/17/2008 11:34 AM

  • Ldap service providers vs ldap servers

    Are these terms equivalent?
    I am having the hardest time trying to getting jndi setup.
    What is the default naming service fro j2ee?
    I know that the jdk comes with a few service providers,
    and I am assuming that service providers means just
    the interface not the actual server. So then the question
    is which ldap server to use.
    I am just trying to learn JMS. First experience with j2ee.
    So far it hasn't been that good. :-)
    Mike

    I apologize for the unclear first post. Desperate I guess. :-) No, more
    like tired and fed up...
    I dumped ldap for now. Downloaded ActiveMQ. They had reasonable
    instructions. Well they had instructions that nearly worked when followed. I was able to fill in a couple minor gaps. Up to now I'd follow instructions and get nowhere.
    In the jndi.properties file for ActiveMQ, they had properties for
    designating the JNDI names for the connection factories,
    topics, and queues. Is this standard or just ActiveMQ? How do
    others do this?
    Mike

  • Which naming service should I use? DNS NIS NIS+????

    DNS? NIS? NIS+?
    Which one should I opt for. We already use DNS in our demilitarized zone, but the corporation uses /etc/hosts. What would be the best naming service of all the ones available in your opinion. Bear in mind I recently heard that NIS has many security vulnerabilities.
    Many Thanks
    Charles

    DNS is probably the easiest to setup on clients.
    You might also consider using LDAP but this is going to take some work to plan out the LDAP domain and implement it.

  • Stub and Naming Service

    While registering a remote object with a naming service, for example, Naming.rebind("MyService", remoteobj),the stub gets registered and that stub is sent by a registry to a client in response to Naming.lookup(""MyService). Then client becomes able to call method remotely. I tried a example in which I did not bind a remote object and I had a stub on client. And at client I created an object of stub class and invoked a remote method but it did not work. Why it is necessary to have a remote object bound to registry at server, because it ultimately binds stub and that stub is sent by a call (Naming.lookup("MyService")). To me the only requirement is to have a stub at client side to make remote calls. Is there any additional information sent by a registry to a client in addition to sending a stub in a rsponse to callNaming.lookup("MYService") which isneeded at client for calling remote method on stub. Another point is that Stub needs to know the IP address and port no. to be able to talk to listening service on remote jvm for execution of methods there, but when I decompiled the stub, I did not find anything like that. I would be thankfull to you if you provide me a clear picture of what I have asked for.
    Thanks in advance

    Since you have no clue what remote procedure calls are all about, I would suggest you take the tutorial on RMI. This should answer all your questions.
    Additionally, you should also take a lesson in using separate paragraphs when writing.

  • Distributed application: Networked Shared Variables, Named Services (Raw TCP/IP) or Other?

    Happy New Year NI forums! 
    I am working on a project involving mobile interacting robots. In the future it is likely the application's components may need to run on different PCs (Targets). Note: at this point in time all the components are seperate but all running on the localhost machine. Thinking towards the future I want to pick the 'best' architecture to allow all these components (VIs performing various functions) in multiple locations. For example, several VIs on the Robots, VIs on serveral PCs. 
    I am  currently aware of using Server/Client TCP/IP using named services. My mock up works well, but is it time efficient (my time coding) I wonder.. ?  
    Whereas I am aware of networked shared variables which handle connections and all the parsing for the underlying tcp/ip communication. But will this be difficult the manage? I am unsure if I can associate shared variables with a VI similar to named services. I suppose I could pro grammatically create the variable upon initialization of the server component - and the client could just search the list of avaiaible variables to connect too. Downside this would require DSC module. 
    As you can see, I am rather unsure. Any advice would be great!
    Kind Regards,
    James  
    Kind Regards
    James Hillman
    Applications Engineer 2008 to 2009 National Instruments UK & Ireland
    Loughborough University UK - 2006 to 2011
    Remember Kudos those who help!

    Hi Jason,
    Thanks for your reply. I hope your enjoying NI UK as much as I did.. fun times!
    I have seen the link you posted a few times before. But today, I took a better look at it.
    My issue is I need several multi-client severs, i.e. many servers which allow multiple clients to connect to them.
    Now the STM does have an example of this - STM mutli-client Example - Server.vi (used with the STM mutli-client.vi)
    However, when a make copies of these code (to have my second server) - it refuses to run. As in , it just stops itself.
    I DID change the port number, on the lister aspect of the server code. But I Am unsure what else I would need to change to get this setup to work?
    One thought I had was, the FIFOs all having the same name - this probably isn't a good idea between servers.
    Any suggestions would be grateful!
    *please could you provide me email support
    Kind Regards,
    James Hillman  
    Kind Regards
    James Hillman
    Applications Engineer 2008 to 2009 National Instruments UK & Ireland
    Loughborough University UK - 2006 to 2011
    Remember Kudos those who help!

  • Error getting the server-side naming service functionality

    Hi all,
    we are currently setting up the CTS+ activity based transport scenario. Everything seems to be working fine, however, we have to import each transport twice...
    Before I go into detail in the error we get I will first describe our landscape. All the configuration we did was done in debate with SAP.
    We use the SAP Solution manager (ehp1 SP 4) as the CTS+ server as recommended by SAP and have an NWDI system of which we only use the components DTR and CBS (since CMS is not used anymore in the activity based transport). We have defined three logical ports/RFCs. CTSCONFIG points to the NWDI system. CTSDEPLOY is running on the java stack of the solution manager and is only used for portal content (=epa) transports. CTSDEPLOY_DI is pointing to the NWDI system and is used for all NWDI (=dip) changes. The NWDI is running ehp1 SP3.
    In STMS I defined all the non-abap systems (and configured them to use CTSDEPLOY_DI) and created the following transport route:
    upload system (IMP) -> DEV -> ACC -> QAS -> PRD
    I first attached the used dependencies in a transport request (SAP_BUILDT, EP_BUILDT, etc) these imported just fine. Then I did the SCA files which contain our custom code. I extracted these from the assemble step on our current NWDI system which will be removed as soon as we switch to the new CTS+ environment.
    When we import the transport into the runtime systems then we see the DTR and CBS be filled sucesfully for this specific system. However, the transport request itself always fails with errorcode 12 and the error is:
    Error during export service registration: Error getting the server-side naming service functionality during getInitialContext opera
    tion. com.sap.engine.services.jndi.persistent.exceptions.NamingException: Error getting the server-side naming service functionality during getInitialContext operation.
    Error in execution of Web services CTSDEPLOY_DI , exception is cx_cts_file_import_failed
    File import canceled
    When we then reimport the same transport it will go the second time fine. This is no problem during the setup but will not be workable when we go live ofcourse. Is there anyone who had this issue before as well and have a solution for it?
    Kind Regards,
    Nico van der Linden...

    Hello Nico,
    I would need the java trace files to get more info on this issue, but you can start troubleshooting this error with these notes:
    #1172252: CTS+, 'attach file': Troubleshooting Guide;
    #1003674: Enhancement for non-ABAP systems in CTS;
    #1155884: CTS+, configuration 'close coupling': Troubleshooting guide;
    Pay special attention to parameter  NON_ABAP_WBO_CLIENT, whether it's correctly set on your CTS+ system(s).
    Note #1003674 is a must for any CTS+ systems to work properly, as well as having an updated version of the transport programs (tp and R3trans).
    Lastly, note #1155884 goes through some JCoException exceptions that commonly take place during CTS+ transports. But again, you need to check the underlying trace files to find the root cause of your issue.
    I hope this information helps.
    Best regards,
    Tomas Black

  • JApplet communication with CORBA naming service

    I have an applet that needs to resolve/bind to object in the CORBA naming service (we are using Orbix2000). The applet is able to establish a socket connection to the host that is running the naming service; however it cannot find the naming service. I have done extensive research on the web (followed the tutorials from the Sun site) and google to no avail. Can anyone shed some light? We have successfully used Orbix2000 with Java apps. This is the first access via an applet.
    thanks,
    kat
    This is the exception I get when running it from NS4.7 browser:
    Initializing the ORB CORBA exception: java.lang.NullPointerException java.lang.NullPointerException      at com.iona.corba.art.artimpl.ORBDelegate.resolve_initial_references(ORBDelegate.java:835)      at com.iona.corba.art.artimpl.ORBImpl.resolve_initial_references(ORBImpl.java:203)      at CSGConsole.init(CSGConsole.java:139)      at sun.applet.AppletPanel.run(Unknown Source)      at java.lang.Thread.run(Unknown Source)
    This is the applet code snippet
    import CLMOperator.*;     // package contains the CORBA client stubs
    import org.omg.CosNaming.*;     
    import org.omg.CosNaming.NamingContextPackage.*;
    import org.omg.CORBA.*;     
         // Create and initialize the CORBA ORB
    System.setProperty("org.omg.CORBA.ORBClass","com.iona.corba.art.artimpl.ORBImpl");
         System.setProperty("org.omg.CORBA.ORBSingletonClass","com.iona.corba.art.artimpl.ORBSingleton");
         String[] args = { "-ORBInitRef", "NameService=corbaloc:iiop:sea03s20.ds.boeing.com:3075/NameService" };
         System.out.println( "Initializing the ORB" );
    //      ORB orb = ORB.init(this, args);
         Properties props = new Properties();
         props.put("org.omg.CORBA.ORBInitialHost", "sea03s20.ds.boeing.com");     
         props.put("org.omg.CORBA.ORBInitialPort", "3075");     
         ORB orb = ORB.init(this, props);
         // Get the root naming context
         org.omg.CORBA.Object objRef = orb.resolve_initial_references("NameService");
         NamingContext ncRef = NamingContextHelper.narrow( objRef );
         // Resolve the object reference in naming
         NameComponent nc = new NameComponent("CLMOperator", "");
         NameComponent path[] = { nc };
         CLMOperator.CLMOper clmOper = CLMOperator.CLMOperHelper.narrow(ncRef.resolve(path));
         // Call the CLMOperator server object and invoke on the method
         clmOper.Notify(1, 'A');
    catch(Exception e) {
         System.out.println("CORBA exception: " + e);
         e.printStackTrace(System.out);

    Kat:
    I ran into a similar problem. I was wondering if it had anything to do with a security policy between the applet and CORBA, i.e., apllet using the NamingService. To test this, I built a another CORBA Java Client (character interface, not applet) and it works fine. The applet must require something else, like setting a security policy. I sent a query off to someone who manages the Java environment. If I get an answer, I'll post it here.
    bfin

  • How to get the naming attribute of an LDAP using JNDI.?

    Hi,
    How do we fetch the naming attribute of a LDAP using JNDI. Is this possible using JNDI..?
    By default, every LDAP has been set with a naming attribute such as 'uid' or 'cn'. This could be changed according to business needs.
    How to determine this using JNDI.
    Regards,
    Barani

    Are you trying to call the portlet Customization form directly from the browser?

Maybe you are looking for

  • Webdynpro activation - ABAP/JAVA

    Hi , I activated the components neccessary for ABAP Webdynpro in SICF. But still when i click show/hide layout preview, its saying NO VENDOR SPECIFIED I am able create a view,component..and other things..but only when i clik to create elements inside

  • Setting the Size of a Column in a JTable

    Hi there, does anybody knows a way how to set the size of a specified column in a JTable without changinge the size of the other columns? thx anyway Errraddicator

  • HT203167 Hi there. I downloaded an audiobook for the first time and I seriously can't find it anywhere!!! Please could you help

    Hi all. I decided to purchase Lee Evans Audiobook last night! I'm new to this kind of thing this was my first! The problem being is that I cannot find it anywhere, let alone listen to it!!! When I go in to ITunes and select the audiobook it states th

  • Not enough Memory (RAM)

    I have a PC windows 7 home premium, and I have the latest adobe updated version 2014 when I open the adobe photoshop and I start working on it, for example I want to use the brush tool with big size, or I want to do "image resize" from 400x600 pixel

  • I've lost my ipod

    Now I've gone and lost my ipod somewhere i have the serial number but i cant use icloud because i have win. XP with service pack 3 plz some one help soon