Off and On LDAP User Authenticaton
Before I get started describing my issue, I would like to warn everyone that I am new to solaris administration and solaris in general. So please pardon me if I mispeak or don't initially provide enough information.
I am having trouble with LDAP user authentication. I am using ldapclient to perform the mapping of user information from our Win2k3 Domain Controllers (running SFU) to our Solaris 10 box. When I configure the system initiallty everything works fine. For example, I can run:
getent passwd <AD_username>
and get all the attributes that SFU provides and login via SSH with valid AD credentails. However, for some reason after a period of time (not sure if it is a fixed period of time or vvariable) LDAP authentication will stop working, denying everyone with valid AD credentials. I have tried looking in almost every log file I can think of (/var/adm/messages, /var/ldap/cache_mgr) and there are no error messages from ldapclient. Similarly on the domain controllers I do not see any failed security audits nor any failed ldap requests.
Any ideas on what could be causing this sort of behavior?
If it helps I followed the following guide when configuring AD Integration:
http://blog.scottlowe.org/2007/04/25/solaris-10-ad-integration-version-3/
Listed below is my ldap_client_file (sensative information removed):
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= <my_dc>
NS_LDAP_SEARCH_BASEDN= dc=<my_domain>,dc=<extension>
NS_LDAP_AUTH= simple
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:dc=<my_domain>,dc=<extension>?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:dc=<my_domain>,dc=<extension>?sub
NS_LDAP_ATTRIBUTEMAP= shadow:uid=msSFU30Name
NS_LDAP_ATTRIBUTEMAP= shadow:userpassword=msSFU30Password
NS_LDAP_ATTRIBUTEMAP= shadow:shadowflag=msSFU30ShadowFlag
NS_LDAP_ATTRIBUTEMAP= passwd:loginshell=msSFU30LoginShell
NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=msSFU30HomeDirectory
NS_LDAP_ATTRIBUTEMAP= passwd:uid=msSFU30Name
NS_LDAP_ATTRIBUTEMAP= passwd:uidnumber=msSFU30UidNumber
NS_LDAP_ATTRIBUTEMAP= passwd:gidnumber=msSFU30GidNumber
NS_LDAP_ATTRIBUTEMAP= passwd:gecos=displayName
NS_LDAP_ATTRIBUTEMAP= group:gidnumber=msSFU30GidNumber
NS_LDAP_ATTRIBUTEMAP= group:memberuid=msSFU30UidNumber
NS_LDAP_ATTRIBUTEMAP= group:userpassword=msSFU30Password
NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=user
NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=user
NS_LDAP_OBJECTCLASSMAP= group:posixGroup=group
Here is the information that is present in /var/adm/messages:
Jan 24 15:22:53 shiva.cs.uwec.edu sshd[9533]: [ID 800047 auth.crit] monitor fata
l: login_init_entry: Cannot find user "thompstd"
Jan 24 15:22:53 shiva.cs.uwec.edu sshd[9536]: [ID 800047 auth.crit] fatal: Monit
or not responding
Jan 24 15:25:43 shiva.cs.uwec.edu statd[280]: [ID 766906 daemon.warning] statd:
cannot talk to statd at sgs2.uwec.edu, RPC: Timed out(5)
Jan 24 15:25:47 shiva.cs.uwec.edu sshd[9508]: [ID 800047 auth.crit] monitor fata
l: login_init_entry: Cannot find user "butallmj"
Jan 24 15:25:47 shiva.cs.uwec.edu sshd[9511]: [ID 800047 auth.crit] fatal: Monit
or not responding
Jan 24 15:25:58 shiva.cs.uwec.edu statd[280]: [ID 766906 daemon.warning] statd:
cannot talk to statd at sgs2.uwec.edu, RPC: Timed out(5)
Jan 24 15:26:13 shiva.cs.uwec.edu statd[280]: [ID 766906 daemon.warning] statd:
cannot talk to statd at sgs1.uwec.edu, RPC: Timed out(5)
Jan 24 15:26:28 shiva.cs.uwec.edu last message repeated 1 timeThe statd warnings continue on and we see the two users (thompstd, butallmj) failing to authenticate. Right before the authentication errors I see the following:
Jan 24 14:42:56 shiva.cs.uwec.edu ebus: [ID 521012 kern.info] su1 at ebus1: offs
et 2,40
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] su1 is /ebus@1f
,464000/serial@2,40
Jan 24 14:42:56 shiva.cs.uwec.edu ebus: [ID 521012 kern.info] epic0 at ebus1: of
fset 3,0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] epic0 is /ebus@
1f,464000/env-monitor@3,0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: f
ssnap0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] fssnap0 is /pse
udo/fssnap@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: r
amdisk1024
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] ramdisk1024 is
/pseudo/ramdisk@1024
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: w
inlock0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] winlock0 is /ps
eudo/winlock@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: d
evinfo0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] devinfo0 is /ps
eudo/devinfo@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: l
lc10
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] llc10 is /pseud
o/llc1@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: p
m0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] pm0 is /pseudo/
pm@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: t
od0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] tod0 is /pseudo
/tod@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: l
ofi0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] lofi0 is /pseud
o/lofi@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: f
cp0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] fcp0 is /pseudo
/fcp@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: f
csm0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] fcsm0 is /pseud
o/fcsm@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: r
sm0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] rsm0 is /pseudo
/rsm@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: t
rapstat0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] trapstat0 is /p
seudo/trapstat@0
Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: r
mcadm0
Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] rmcadm0 is /pse
udo/rmcadm@0
Jan 24 14:42:56 shiva.cs.uwec.edu mac: [ID 543131 kern.info] NOTICE: bge2/0 regi
stered
Jan 24 14:42:56 shiva.cs.uwec.edu mac: [ID 543131 kern.info] NOTICE: bge3/0 regi
stered
Jan 24 14:42:57 shiva.cs.uwec.edu scsi: [ID 193665 kern.info] sd3 at mpt0: targe
t 1 lun 0
Jan 24 14:42:57 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] sd3 is /pci@1e,
Similar Messages
-
THere are two users on pc. One is logged off, however when I try to launch iTunes, The message pops up another user logged on, ask user to log off and try again. What do I do?
Re-start the computer.
-
Messaging server and external LDAP user store
Is it possible to have an external LDAP application store all user information and then have the messaging server authenticate against it and create a mail profile in it's own LDAP instance, similar to the way portal handles LDAP users? If not, what is the best way to store user information outside of the mail server instance? Create an LDAP instance and extend the schema to support the mail classes and then use replication to push the users into the mail servers directory instance?
Correct, extending the schema on the master directory server and replicating down to the messaging server ldap instance the user info is the way to go.
This way you do not have to maintain two different sets of user data.
-Chris -
What's the problem of my ipad?
Have you tried a reset to see if that will start the iPad?
Reset the iPad by holding down on the sleep and home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider if it appears on the screen - let go of the buttons. Let the iPad start up. -
External LDAP user only has search priviledge in UCM
After I have configed external LDAP successfully in weblogic console, I can see all user from external LDAP. And external LDAP user can login UCM successfully, but these users only has search priviledge. I want external LDAP user has Admin priviledge as weblogic(Default in embed LDAP). How to solve it. Any help will be appreciated greatly! Otherwise, I refer to Oracle's ducument,
51.1.14 LDAP Users Not Receiving Some Administrator Privileges
UCM inspects for the group "Administrators" on each user's login to grant UCM roles. If a user should have access to the UCM admin server, the UCM server requires that the user be a member in a group named "Administrators."
How to add external LDAP user to the group of Administrators.Hi ,
You can use Credential Maps to be achieve the requirement:
Steps for the same are :
1. Login to UCM - Administration - Credential Maps .
2. Create the map name and the following mapping :
<ldap role> , admin
3. Save the changes
4. Navigate to <domain_home>/ucm/cs/data/providers/jpsuserprovider/provider.hda
add the following variable there :
ProviderCredentialsMap=<map name created in step 2>
5. Save the changes and restart ucm server .
After that login with the user who has the ldap role that is mapped in stpe 2 , this user will have the ucm admin role .
Hope this helps .
Thanks
Srinath -
My account, log off, and "Welcome First Name, Last Name
I plan on taking out the top bar and putting the search, my account, log off, and the end user's name in the header portlet. How do I get this info? I tried the tag helper route, but I don't see them as an option. For the search feature, I'm most interested in knowing how to get the array of values in the dropdown box. "Everywhere, etc"
Thanks,
ClintDavid - That's exactly what I am doing. We understand it's not a recommended customization, but a necessary one. Yes, it is a new DLL (CoxPlumtreeTopBarView) and yes, we listed it in the CustomActivitySpaces.xml - We followed the instructions in the "UI Customization Quickstart: View Replacement" article pretty much to the T. In copying and pasting the original code, we did keep the same mvc name (publicconstString STR_MVC_CLASS_NAME = "PTTopBar";)
There are certain pieces of the article that didn't really gel with me - For example, we were told it's not necessary to create the new class library withinportal50.sln, that it would be easier and better to maintain custom classes outside of this project. Is it necessary to add a reference to my custom DLL within the portalpages project? If so, does that mean we would need to then rebuild the portal50 solution and re-deploy the updated DLLs to the portal server? See, we are developing locally and copying the DLLs to the webapp\portal\bin directory on the portal server. I do not have a full portal install on my local machine. (Note, when I did add the reference/build the project/re-deployed the dlls from my machine to the portal server, it caused .NET errors...)
Below is my code - everything after this is exactly the same as in the original class. While you're at it, can you please let me know which of these namespaces I really need to be using?
using System;using com.plumtree.portalpages.browsing.login;using com.plumtree.portalpages.browsing.myportal;using com.plumtree.portalpages.browsing.portalsettings;using com.plumtree.portalpages.browsing.settings;using com.plumtree.portalpages.browsing.search.advanced;using com.plumtree.portalpages.browsing.search.network;using com.plumtree.portalpages.common.mediator;using com.plumtree.portalpages.common.plugnav;using com.plumtree.portaluiinfrastructure.compoundlist;using com.plumtree.portaluiinfrastructure.search;using com.plumtree.server;using com.plumtree.uiinfrastructure.activityspace;using com.plumtree.uiinfrastructure.constants;using com.plumtree.uiinfrastructure.editor;using com.plumtree.uiinfrastructure.htmlconstructs;using com.plumtree.uiinfrastructure.login;using com.plumtree.uiinfrastructure.statichelpers;using com.plumtree.debug;using com.plumtree.openfoundation.util;using com.plumtree.openfoundation.web;using com.plumtree.xpshared.htmlconstructs;using com.plumtree.xpshared.htmlelements;using com.plumtree.portalpages.common.uiparts;
namespace com.plumtree.portalpages.common.uiparts{ /// <summary> /// This is the View for the Topbar (above the banner) /// </summary> /// <author>RobertZ</author> /// public class CoxPlumtreeTopBarView : IView { public CoxPlumtreeTopBarView() : base() { } public const String STR_MVC_CLASS_NAME = "PTTopBar"; protected const String m_actionDivName = "navactions"; protected const String m_editacctDivName = "editacct"; private AActivitySpace m_asOwner; private NavigationModel m_model; public virtual Object Create() { return new CoxPlumtreeTopBarView(); }//...same as original class (PlumtreeTopBarView)
Thanks,
Sarah -
Configure Groups to LDAP Users
Hi,
We have configured LDAP for authentication of users. We would like to associate set of users to groups.
Can we create custom groups and associate LDAP users to those groups in Weblogic server ?
Or is it the only way we need to create groups in LDAP and associate users to those groups?
Thanks,
SatyaSatya, if u have a user in ur LDAP, you cant make a user from ur LDAP be a member of a Group in WLS.
What you can do it modify the Global Roles so that the user has the same previledge as a user belonging to the group in WLS.
Follow the steps below
1. Go to "myrealm"
2. Click the tab "Roles and Policies"
3. Click the tab "Realm Roles"
4. Expand the link "Global Roles"
5. Click the link "View Role Conditions" coressponding to the name "Admin". Enter the panel "Edit Global Role"
6. Click the button "Add Conditions"
7. Select "Predicate List" as "user"
8. Click the button "Next"
9. Enter my username (ldapuser) in LDAP to the field "User Argument Name:"
10. Click the button "Add"
11. Click the button "Finish"
12. Back to the page "Edit Global Role"
13. Here I can see
User :ldapuser
Or
Group : Administrators
14. Click the button "Save"
15. Restart the server
ldapuser will have the same previledge as a user belonging to Administrator group.. -
Problem with Afaria and LDAP user authentication in Android device
Hi all,
I have a server with Afaria 7 (SP4, hotfix3) installed. In this Afaria there is a tenant (system) without LDAP/AD integration working correctly. I need to have other tenant with LDAP integration in which the users must be authenticated.
I know that for iOS devices is necessary reinstall the iphoneserver selecting "Afaria Server managed authentication" but at first I want to make run the Android devices. For this reason I don't do this yet.
I follow the next steps:
1-Create a new tenant
2- Configure LDAP integration
3-Create a inventory policy with authentication required
4-Create a static group associated to the inventory policy
5-Create a enrolment policy associated to the static group.
When I launch the Afaria agent on the device, the user/password parameters are required. After fill the user/password parameters, the device connect to the server and then is show the message "user or password incorrects".
I have seen the log and seem the problem is that Afaria can't authenticate this user.
I validate that Afaria can "see" the LDAP users creating a user group that contains this user(JimenM99)
The problem is autentication, because if I remove "autentication required" of the inventory policy, the device enrol correctly.
Could you please help to solve this problem?
Thanks in advance.Hi all,
I have a server with Afaria 7 (SP4, hotfix3) installed. In this Afaria there is a tenant (system) without LDAP/AD integration working correctly. I need to have other tenant with LDAP integration in which the users must be authenticated.
I know that for iOS devices is necessary reinstall the iphoneserver selecting "Afaria Server managed authentication" but at first I want to make run the Android devices. For this reason I don't do this yet.
I follow the next steps:
1-Create a new tenant
2- Configure LDAP integration
3-Create a inventory policy with authentication required
4-Create a static group associated to the inventory policy
5-Create a enrolment policy associated to the static group.
When I launch the Afaria agent on the device, the user/password parameters are required. After fill the user/password parameters, the device connect to the server and then is show the message "user or password incorrects".
I have seen the log and seem the problem is that Afaria can't authenticate this user.
I validate that Afaria can "see" the LDAP users creating a user group that contains this user(JimenM99)
The problem is autentication, because if I remove "autentication required" of the inventory policy, the device enrol correctly.
Could you please help to solve this problem?
Thanks in advance. -
Essbase 9.3.1 and problem with LDAP users
Essbase 9.3.1 users externalized to Shared Services. Windows boxes. LDAP users set in Shared users. Provisioned with Essbase rights (administration and speciific cube access). Then in EAS have refreshed security from Shared Services. LDAP users show up now in EAS.
However when attempting to connect through excel add-in or through EAS or through Financial reports to any Essbase app receving and error message that "login fails due to invalid credentials".
Users setup in Shared services as Native Users are able to access Essbase apps.
any ideas?It came down to a Novell E Directory LDAP setting. ID Attribute. We had it set to CN (based on a recommendation by a LDAP resource, although the default is GUID and GUID is recommended by the documentation).
Turns out that Essbase when authenticating the LDAP user was forcing it back to GUID and causing some sort of mismatch.
Setting the ID Attribute in the LDAP Configuration back to GUID resolved the issue. -
"User" Library in the FontBook is "Off" and I cannot enable it. Help!
Few weeks ago I decided to speed up my new Mac little bit by turning all fonts in the "User" Library "Off". Yesterday I needed some fonts which are in the User library, so I opened FontBook and tried to enable "User" library, but I could not. I cannot enable it anymore. I can click on "Enable "User"", but nothing changes. It remains with the "Off" label, and shows no fonts in it, while in reality there are 50 fonts there (~/Library/Fonts). Any ideas how to enable it again? Please help. Thanks in advance!
Guntis Bukalders:
Unless you have a good reason for having FileVault turned on, I suggest you turn it off. I can cause a lot of grief i get a bit too much on our HDD. It utilizes your HDD space for a sparse image approximately the size of your Users Folder.
Is there a reason why you wanted it turned Font Book off?
I enabling User in the Edit menu doesn't do it try this. Shut down your computer completely. Then try starting up in Safe Mode, log in, empty Trash, retart computer and log in normally. Open Font Book and try enabling user again.
Good luck.
cornelius
Message was edited by: cornelius -
Hi,
<p>
I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:
</p>
<i>com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.
</i>
<p>
It seems that this needs to be setup. How do I do this?
</p>
<p>
Some general notes on LDAP:
</p><p>
I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.
</p><p>
Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.
</p><p>
It would be interesting to read what Bea and other developer think about this.
</p><p>
Kind regards,
<p>
Kai
</p>Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178) -
How to get Request object and LDAP user
Hi All,
How to get Request object, coz i want to see the out put of this code
IUser myUser = request.getUser();
String uid=myUser.getUid();
I want to get only LDAP user from the server, for that i am having code but i think this code is returning me all user from the server.
com.sap.security.api.IUser user = null;
try {
IUserFactory userFactory = UMFactory.getUserFactory();
IUserSearchFilter searchFilter = userFactory.getUserSearchFilter();
ISearchResult searchResult = userFactory.searchUsers(searchFilter);
int count = 0;
List list = new ArrayList();
while (searchResult.hasNext()) {
count++;
String uniqueid = (String) searchResult.next();
user = userFactory.getUser(uniqueid);
list.add(user.getUniqueName());
This code is giving me all user from the server LDAP and as well as portal user.
But i want only LDAP.
Please help me out. It's urgent.
Regards,
DeepakHi
use the following code
//Request
IWDRequest = WDProtocolAdapter.getProtocolAdapter().getRequestObject();
//User
IWDClientUser = WDClientUser.getCurrentUser();
Regards
Ayyapparaj -
How to use DS 5.2 to create LDAP user ID and password to Login to Sun ONE I
Hi all,
I have just install Sun One Web server 6.1, Sun One Directory 5.2 and Sun One Instant Messaging 6.1 together on Win2K advance server. And I have successful launch Sun� ONE Instant Messenger.
But I can not know, how to create LDAP user ID and password to Login to Sun ONE Instant Messenger???
Could anyone help me to solve this problem?
I'm looking forward to receive your reply soon.
ThanksHi Tuo,
I think you better ask this in the forum where the ACS experts are, since this does not seem to be a problem on the ASA side.
hth
Herbert -
LDAP user and group configuration in ADF application
Hi All,
I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
I am using JDeveloper 11.1.1.5.
Thanking you all in advance.
Mukesh.I have below changes in files
1] In jps-config.xml
-- Added identity store and selected it from drop down in Security Context tab.
2] In weblogic-application.xml
In Security tab --> Role assignment mapped valid-users to principle name.
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>DERDev</principal-name>
</security-role-assignment>
</security>
3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
4] Added security role "DERDev" along with the default/automatically added role "valid users"
<security-role>
<role-name>DERDev</role-name>
</security-role>
Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
Mukesh -
LDAPSYNC Reconn Job: LDAP User Create and Update Reconciliation
OIM 11.1.1.5.4 (BP4) libOVD, trusted data source oid 11.1.1.5.0
I have the reconn job working " LDAP User Create and Update FULL Reconciliation"
But the incremental job not working "LDAP User Create and Update Reconciliation"
No errors found in the oim server logs
the msg found with the indication of the execution of the job.
Has anyone been successful with the job "LDAP User Create and Update Reconciliation"
[2012-10-21T08:09:03.922-04:00] [oim_server1] [NOTIFICATION] [IAM-1020005] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-2] [userId: oiminternal] [ecid: 0000Je3Cacy3n3WjLxuHOA1GWyFa000002,0] [APP: oim#11.1.1.3.0] Job Listener, Job was executed QuartzJobListener.jobWasExecuted Description null FullName DEFAULT.LDAP User Create and Update Reconciliation Name LDAP User Create and Update Reconciliation
TIA
gadbahas any one had that worked, for the incremental job of ldapsync recon ?
Maybe you are looking for
-
How do I convert a PDF to word? My account's not recognized.
How do I convert an adobe doc to word, please?
-
How can I open all the application
I dont know what happen in my ipod .. I can't open all the applications.. what can I do for this problem?
-
I have this massage every time close ps cc Could not save Preferences because the file is locked, you do not have necessary access permissions, or another program is using the file. Use the 'Get Info' command in the Finder to ensure the file is unloc
-
3750 IOS 15.0(2)SE4 tacacs when issuing tacacs-server host X.X.X.X I receive "the cli will be deprecated soon" please advise
-
Moved house and TM only goes back to move date
We moved out temporarily to restore our home in Nov 09- I have had TM working backing up my Mac Pro to an external drive for a year or so. The MP wasn't used for a while work was going on. I was actually working from another machine, a Book. I discon