OID and Authenticated Users

Similar Messages

• Getting list of domain names on NT, and authenticating user

  Hello, I want to make an class that will check the user login name and password on a NT domain, the class will show a screen with 2 fields, username and password, and a combobox, with all domain names, on this screen the user will type his username and password and choose a domain to login to, the class will then check if he can login to that domain.
  Currently the problem I have is that I couldn�t find a way to get a list of domain names.
  And after I get that list, what is the best way to authenticate the user ?
  Thanks a lot in advance for any help.

  hi,
  you can ask for username, password by running this code:
  String auth = httpRequest.getHeader("Authorization");
  if (auth == null)
  httpResponse.setStatus(httpResponse.SC_UNAUTHORIZED);
  httpResponse.setHeader("WWW-Authenticate", "NTLM");
  httpResponse.flushBuffer();
  return;
  if (auth.startsWith("NTLM "))
  byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
  int off = 0, length, offset;
  if (msg[8] == 1)
  byte z = 0;
  byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P',
  z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z,
  (byte)1, (byte)130, z, z,z, (byte)2, (byte)2,
  (byte)2, z, z, z, z, z, z, z, z, z, z, z, z};
  httpResponse.setHeader("WWW-Authenticate", "NTLM " +
  new sun.misc.BASE64Encoder().encodeBuffer(msg1));
  httpResponse.sendError(httpResponse.SC_UNAUTHORIZED);
  return;
  else if (msg[8] == 3)
  off = 30;
  length = msg[off+17]*256 + msg[off+16];
  offset = msg[off+19]*256 + msg[off+18];
  String remoteHost = new String(msg, offset, length);
  length = msg[off+1]*256 + msg[off];
  offset = msg[off+3]*256 + msg[off+2];
  String domain = new String(msg, offset, length);
  length = msg[off+9]*256 + msg[off+8];
  offset = msg[off+11]*256 + msg[off+10];
  String username = new String(msg, offset, length);
  You can put this code in youe servlet or in a filter.
  I am also strucked with similar problem.
  With this code i am getting the window to enter loginId/password but i am not able to authenticate it.
  If you have found any solution to authenticate the user please help me.
  i am really strucked.
  thanks in advance
  Pamjoshua

• Row Level Security in OBIEE using OID as authentication Mechanism

  Hi OBIEE Gurus,
  I am trying to implement Row Level Security in OBIEE . Currently I have setup OBIEE to have OID do the user authentication.
  I want to implement RLS by doing the following :
  1. Have Security Groups defined in OID and assign users with group membership.
  2. Import these Security Groups into OBIEE metadata
  3. Apply filters to these Security Groups
  4. Run Answers requests to see if RLS works or not
  Please let me know if this approach works. If this is not the right way or most efficient way to do this, please let me know if there is any document I can follow to accomplish this.
  Appreciate your help.
  Edited by: drakesh on Sep 26, 2008 7:09 AM

  Follow the steps in the following link to set up OID and Row level security:
  http://www.rittmanmead.com/2007/05/21/using-initialization-blocks-with-ldap-and-database-queries-to-control-authentication-and-authorization/
  Instructions for the link above:
  1.In place of Edit Data Source as database you have to select LDAP,define the groups and default initializer as filter expression.
  2.A more simpler approach ,is to create the groups explicitely using the Security Manager in BI Administrator, add filters to those groups, and assign users to those groups.
  Otherwise follow Matt's view
  Thanks,
  Amrita

• Everyone Group vs. Authenticated Users Group

  Two questions.....
  1.) What is the difference between the "Everyone" group and the "Authenticated Users" group.
  2) We are starting to use some new BI content (NW04s) in our federated portal and have found that we have to grant permissions to "Authenticated Users" instead of the "Everyone" group. Any ideas why?
  Regards,
  Diane

  Diane,
  The following asnwer is not a SAP answer but I did a quick check on our system and:
  1. the difference between the group Everyone and Authenticated users is exactly 1 user assignment.. I looked further and see that it has to do with the J2EE_GUEST user. this user is member of the group Everyone but NOT of the group Authenticated users.
  2. Can not give you a sure anser on this question but maybe it has to do with security that this is needed?!?!\
  Hopfully another SDN community member can fill me in here...
  Good luck and Kind Regards,
  Benjamin Houttuin

• PCD Business Objects Permissions for Authenticated users

  Hi All,
  I am working on SRM7.0 Business package installed on Portal NW7.01.
  I wanted to understand Which permissions should i provide to "Business Objects" PCD Folder for Authenticated users.
  Should it be Administrator "None" and End User "ON"
  Or Should it be Administrator "Read" and End User "ON"
  Regards,
  Ashish Shah

  Hi Sandeep,
  I was wondering what is the need of assigning permissions to "Everyone" Group and "Authenticated Users"
  2. Group: Everyone(built in group)
  Administrator:Read
  Enduser:checked
  3. Group:: Authenticated Users(built in group)
  Administrator:Read
  Enduser:checked.
  If i am not using Anonymous users , should i only assign this permission?
  Group:: Authenticated Users(built in group)
  Administrator:Read
  Enduser:checked.
  Regards,
  Ashish Shah

• SSO and Form 10g, Setting RAD of OID for DB users identified externally

  Please Help!
  Current environment:
  - All users were created with identified externally in Database (OPS$)
  - SSO was setup correctly according to OID admin guide Ch 43 and SSO admin guide ch 8 for App10g. (user login orasso without seeing basic auth/sso login form)
  - DB parameters:
  remote_os_authent=TRUE
  os_authent_prefix=' '
  issues:
  - set ssoDynamicResourceCreate = true
  When user hit the form link, i.e. http://host:port/forms90/f90servlet?config=test&form=appwelcome
  it redirects to http://host:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateResourceInfo?...
  where it shows Resource Name TEST and prompts username/password/database
  when user inputs window logon /password/database value (same as in form6i)
  it returns ORA-01017: invalid username/password; logon denied.
  - set ssoDynamicResourceCreate = false
  manually set RAD for the end user (I am not sure if I am doing this correctly):
  Name = test
  TYPE = oracledb
  username = (blank)
  password = (blank)
  datebase = prod
  When enduser hits the form link, it returns ORA-01017.... same errors.
  Any ideas how to trouble shoot and configure RAD for users with OPS$ auth?
  thank you in advance!
  Kan

  Thank you for your input!
  This is how our current production is setup that users use os authent (OPS$) to access forms/reports 6i. I'm just trying to migrate it to app10g environment.
  I did configure SSO with WNA, it works fine. Any users can access NON-DB connected forms/reports. Only when forms/reports require DB conn, users who
  have db password can access them with one click. But users identified externally will keep seeing Oracle Logon and Ora-01017 after authent into MidTier.
  Setup RAI with one real db user account is not ideal since there are 1000+ OS authent users who have different database roles. Turn off the OPS$ and setup dummy password for 1000+ users may be the last solution.
  v/r
  Kan

• Workspace Credential Conflict between Logged-in User and the Authenticated User

  Hi there,
  I am running LiveCycle ES Update1 SP2 with Process Management component on WIN/JBoss/SQL Server 2005.
  I have been encountering user credential conflicts from time to time, but it has not been consistent and the problem manifested in various ways, such as:
  - problem when logging in with error "An error occurred retrieving tasks." on the login screen
  - user logs in successfully but is showing somebody else queue(s) with his/her own queue with no task in there
  - fails to claim task from group queue.
  The stacktrace from the server.log file I collected from a production system shows the exception below.
  Has anybody else encountered the similar problem?
  It looks to me that it doesn't log out cleanly and some kind of caching is done on the authenticated session and is not cleaned up properly on user logout.
  2009-07-10 15:05:13,955 ERROR [com.adobe.workspace.AssemblerUtility] ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
  2009-07-10 15:05:13,955 INFO  [STDOUT] [LCDS] [ERROR] Exception when invoking service 'remoting-service': flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
    incomingMessage: Flex Message (flex.messaging.messages.RemotingMessage)
      operation = submitWithData
      clientId = F3D2CDD0-330F-F00B-C710-5AF3F7CB4138
      destination = task-actions
      messageId = 7E385A6B-E4E6-3A81-CD6A-630DF4FAE5BB
      timestamp = 1247202313955
      timeToLive = 0
      body = null
      hdr(DSEndpoint) = workspace-polling-amf
      hdr(DSId) = F3C38977-171B-7BED-3B16-F3A5FE419479
    Exception: flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
      at com.adobe.workspace.AssemblerUtility.createMessageException(AssemblerUtility.java:369)
      at com.adobe.workspace.AssemblerUtility.checkParameters(AssemblerUtility.java:561)
      at com.adobe.workspace.tasks.TaskActions.callSubmitService(TaskActions.java:788)
      at com.adobe.workspace.tasks.TaskActions.submitWithData(TaskActions.java:773)
      at sun.reflect.GeneratedMethodAccessor941.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at flex.messaging.services.remoting.adapters.JavaAdapter.invoke(JavaAdapter.java:421)
      at flex.messaging.services.RemotingService.serviceMessage(RemotingService.java:183)
      at flex.messaging.MessageBroker.routeMessageToService(MessageBroker.java:1495)
      at flex.messaging.endpoints.AbstractEndpoint.serviceMessage(AbstractEndpoint.java:882)
      at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:121)
      at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
      at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
      at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
      at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:146)
      at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:278)
      at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:315)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:252)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at com.adobe.workspace.events.RemoteEventClientLifeCycle.doFilter(RemoteEventClientLifeCycle .java:138)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:159)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11P rotocol.java:744)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)
  Kendy

  I am having the same server issue and i cant get hold of SP3 to fix it. can anyone tell me how to fix this problem or provided a link where i can get SP3 from? Ive spent most of the day on the phone to Adobe Support and they have been unable to provide me with a link to the service pack.

• Security attributes, qfp and un-authenticated users

  Hi,
  I have some observations regarding security attributes, query filter plugins and un-authenticated users that I would like your comments on.
  I am developing a custom crawler, a will be using OID for authentication. Not all users will be authenticated (hence they should only have access to content considered public). Authorization is done by the document source (using the option "ACLs controlled by the source").
  I am quite sure that I have read somewhere that not adding a security attribute for a certain document leads to the document being treated as public.
  Observations:
  A) Query filter plugins will only be called for authenticated users
  B) At crawl-time, not adding a defined security attribute leads to the document not being indexed
  Observation B means that my security attribute has to be added for every document (for the public documents populated with a value representing public access). Observation A means that the query filter will not be invoked for un-authenticated users (hence, they won't see any of the indexed documents, since all have security attributes).
  Question:
  How should I ensure that the documents considered public are available for unauthenticated users?
  Regards,
  Rune

  Hi all,
  I seem to have had inaccurate logging , so my assumption A is false.
  Then I have a simple workaround (add a special security attribute value for public documents), and you can forget about my question.
  regards,
  Rune

• OID error authenticating orcladmin user

  Hi,
  I am in the process of switching the OID instance I am using on my local machine to a remote machine. Essentially I want to use the OID instance running on that remote machine.
  I have specified the host and port, but when I try and add the username and password in step 2 (cn=orcladmin) I get the following error :
  javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
  Error authenticating user. [LDAP: error code 49 - Invalid Credentials]
  I know my username and password are correct as I can connect to the OID instance using the Oracle Directory Manager.
  Does anyone have any ideas what I need to do to resolve this ?
  Thanks,

  This is strange as orcladmin usually already has administrative privileges after installation (Both cn=orcladmin and cn=orcladmin,cn=users,dc=whatever domain).
  You may check this on the oidadmin, here on my environment, cn=orcladmin,cn=Users,dc=..domain.. is member of the group cn=IAS & User Mgmt Application Admins,cn=Groups,cn=OracleContext,dc=..domain..., and this group is inside the group cn=iASAdmins,cn=Groups,cn=OracleContext (This one is in the root context, not inside the domain tree). But all this is setup automatically during installation, you shouldnt be needing to change it, there is no reference to this stuff on the documentation that I am aware of.
  Post a reference to what manual or note are you following.
  Regards,
  Luis

• OID and Solaris/Unix system authentication

  Does anyone have any experiences with using OID as a SSO solution for unix system authentication/authorization. I'm looking at using pam_ldap, but didn't know if Oracle had an alternate suggested implementation? Any help/pointers are appreciated.
  Thanks,
  --Mark                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  Figured out that you need to run the following to have the DB subscribe to a policy in OID:
  sa_policy_admin.policy_subscribe('POLICY_NAME');
  this adds the dn of the DB to the uniquemember attribute of the POLICY_NAME entry in OID. Once I did this, I could add the policy to DB objects.
  I also discovered that when you create a profile in OID, the olsadmintool documentation is not corrrect. When you create the minimum write label, do NOT include any compartments or groups in the definition. The only valid item in this label is LEVEL. Once I recreated my profiles with a valid min write label, everything seems to work ok.
  I am having issues with updating a Profile definition in OID and seeing the corresponding update reflected in the DB SA$PROFILES and SA$USER* tables.

• Setup OID authenticated users for DB user globally identified users.

  I keep reading that you can setup Globally Identified users in Oracle database that
  are authenticated by OID. But it does not seem to work and I cannot find explicit
  directions for setting this up. I assume there must be some OID/SSO site
  configuration I am not aware of.
  We have an AS 10g app, a DB 9.2, and Forms 10g application. I created an OID
  user, Created a Globally Identified User in DB, but when I log into SSO, setup my
  RAD with password "doesnotmatter", then the database login comes up with
  invalid Username/Password.
  Whats not right?
  We have to use OID to get Case Sensitive Passwords and we can get it to login
  to a normal user account with a valid matching password. However, passwords
  must be expired every 30-90 days and the change in OID during login does not
  go through to the DB account. OID does care but I can't have DB accounts sitting
  around with passwords that never expire and OID can't change them. I'd rather
  have DB accounts that cannot be logged into.
  Any else sucessfully implemented OID and Globally Identified DB users or found a
  way to change DB Password after login/change password to OID?

  Have you configured enterprise user security for your database? If not, that would be the first step to take.
  The credentials stored in the RAD must match the SSO/OID user's credentials. There is no automatic way of doing that, so the user (or admin) has to set this up.
  So, the steps to follow are:
  1. Configure DB for EUS.
  2. Create OID user. Assuming you have mapped the shared schema to the users container, there is not need to create a DB user (for the OID user).
  3. If you want a one-to-one mapping, then you need to create a map the schema to the OID user (using Enterprise Security Manager).
  4. Create the RAD and add the SSO user's credentials.
  5. Test the above steps by accessing the Form using the RAD.
  Sanjay
  I keep reading that you can setup Globally Identified
  users in Oracle database that
  are authenticated by OID. But it does not seem to
  work and I cannot find explicit
  directions for setting this up. I assume there must
  be some OID/SSO site
  configuration I am not aware of.
  We have an AS 10g app, a DB 9.2, and Forms 10g
  application. I created an OID
  user, Created a Globally Identified User in DB, but
  when I log into SSO, setup my
  RAD with password "doesnotmatter", then the database
  login comes up with
  invalid Username/Password.
  Whats not right?
  We have to use OID to get Case Sensitive Passwords
  and we can get it to login
  to a normal user account with a valid matching
  password. However, passwords
  must be expired every 30-90 days and the change in
  OID during login does not
  go through to the DB account. OID does care but I
  can't have DB accounts sitting
  around with passwords that never expire and OID can't
  change them. I'd rather
  have DB accounts that cannot be logged into.
  Any else sucessfully implemented OID and Globally
  Identified DB users or found a
  way to change DB Password after login/change password
  to OID?

• How to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically?

  Sharepoint 2013 online/office 365.
  I am creating site collection programmatically using sharepoint Auto hosted app.
  Now i want to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically after site collection creation.
  Is it possible through code? If yes please let me know how to do it?
  Najitha Sidhik

  For SharePoint 2013 Online, check below links:
  http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/manage-sharing-with-external-users-HA102849862.aspx
  http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx
  https://www.nothingbutsharepoint.com/sites/eusp/Pages/SharePoint-Online-2013-Sharing-with-External-Users.aspx
  http://blogs.office.com/2013/11/21/sharepoint-online-improves-external-sharing/
  Please ensure that you mark a question as Answered once you receive a satisfactory response.

• EA2 - Cannot connect LDAP-authenticated users in 10.1 and 10.2, OK in 9.2

  First, the relevant versions and such:
  SQL Developer 1.5.0.52.03 (aka EA2)
  Oracle client 10.2.0.1
  Oracle database 9.2.0.6, 9.2.0.7, 10.1.0.5, 10.2.0.2, 10.2.0.3.
  Hosts: Linux x86, Solaris
  Most of the users in my databases are set up as global users (i.e. authenticated via LDAP). I've found that in 9.2.0.6 and 9.2.0.7, I can make connections of the basic type for global users as well as database-authenticated users.
  In any 10g database I've tried (see the versions above), database-authenticated users work fine, but for connections with the global users in the same databases I receive ora-01017. I've tried both basic connections and advanced connections, supplying a thin JDBC string, with the same result. I have verified that the password is correct. The pattern persists across server OSs (Linux and Solaris).
  I cannot make TNS connections at all, but that seems to require an 11g client and has been documented in an enhancement request separately.
  If anyone has advice on this I would be happy to hear it. Thanks.

  I should probably add that I am able to make successful connections via sqlplus and other tools (SQL Navigator) with the users that fail to connect in SQL Developer.

• Need MBAM 2.5 Helpdesk and selfservice sites to open for authenticated users with no password prompt

  I Need MBAM 2.5 Helpdesk and self service sites to open for authenticated users with no password prompt. I just cant seem to get this to work. The account used in the application pool has its SPN registered and delegation set. I can use that account to login
  to the sites but am prompted for a password. That said anyone I add into the helpdesk users group cannot negotiate the sites. Only the account I have set in the application pool can. I want domain authenticated users that have been added to the MBAM Help Desk
  Users group to negotiate the site with NO password challenge at all.
  tconners

  This generally means that your SPN is not set up correctly.  Let's say the web server you installed the SSP on is lance.contoso.com and your app pool creds are corp\lance.  You should set an SPN similar to setspn -s http/lance.contoso.com
  corp\lance.  In your browser, you should now be able to access the SSP without prompts.  However, if you still get prompted, generally that means that your local intranet zone in IE does not have an entry for *.contoso.com.  Since you are entering
  an FQDN in your browser, IE interprets the "." to mean "on the internet" which breaks Kerberos authentication.  By adding *.contoso.com to your local intranet zone, you are telling it that lance.contoso.com is on the intranet, so use
  Kerberos.
  I can confirm, that I have exact configuration and I always get the password promt for the very first time. We have 2 server (1xIIS and 1xSQL) infrastructure in production with SPN set like it should and I get the password prompt.

• OID External Authentication Plug-in and OVD

  Hello, ppl.
  I have success installed AD, OVD(11g), OID(10g), and BI Publisher with SSO (10g).
  When i synchronize AD -> OID, and use External Auth Plug-in, synchronized users can success login to BI Publisher.
  When i synchronize AD -> OID through OVD, and use External Auth Plug-in which look in the AD, synchronized users can success login to BI Publisher.
  But when i synchronize AD -> OID through OVD, and switch External Auth Plug-in from AD to OVD, synchronize users can not login to BI Publisher.
  How can i use External Auth Plug-in with OVD, did any one have solution?
  In the future, OVD can contains multiple forests from AD's, now AD have one forest(dc).
  Help :)
  Thanks.
  Jeff.

  I write custom plug-in for OVD.
  When user bind, then log write...
  OVD bind command's
  1) ldapbind -h <OVD_HOST> -p 6501 -D "[email protected]" -w Oracle10g
  ldap_bind: Invalid credentials
  2) ldapbind -h <OVD_HOST> -p 6501 -D "cn=smith,cn=users,dc=domain,dc=local" -w Oracle10g
  bind successful
  3) ldapbind -h <OVD_HOST> -p 6501 -D "cn=smith,cn=users,dc=domain,dc=local" -w Oracle10g2
  ldap_bind: Invalid credentials
  AD bind command's
  1) ldapbind -h <AD_HOST> -p 389 -D "[email protected]" -w Oracle10g
  bind successful
  2) ldapbind -h <AD_HOST> -p 389 -D "cn=smith,cn=users,dc=domain,dc=local" -w Oracle10g
  bind successful
  In my log file for OVD bind command's, just second and third command written.
  Did any one know, why first command not binded and why not logged?
  public void bind(Chain chain, Credentials creds, DirectoryString dn, BinarySyntax password, Bool result) throws DirectoryException, ChainException {
  //pre bind
  try {
  chain.nextBind(creds, dn, password, result);
  } catch (DirectoryException e) {
  try {
  FileWriter out = new FileWriter("c://mylogs//bind_error.txt");
  out.write("bind: " + dn.toString());
  out.close();
  } catch (IOException ioe) {
  ioe.printStackTrace();
  //post bind
  try {
  FileWriter out = new FileWriter("c://mylogs//bind.txt");
  out.write("bind: " + dn.toString());
  out.close();
  } catch (IOException ioe) {
  ioe.printStackTrace();
  ...