Oracle.ldap.util and secure connections
Greetings,
I am connecting to our corporate LDAP (Sun One) server to retrieve Users so as to produce lists of names, etc. In development, the connection was not secure, however in production it is. I need some advice on what the method to use would be for handling the secure connection.
It looks like I am unable to get the RootOracleContext object from which to getSubscriber(). Please help!
And happy holidays!
Thanks, Ginni
Bump
Similar Messages
-
Need info regarding Oracle UCM Accounts and Security Groups behaviour
Need information regarding Oracle UCM Accounts and Security Groups behaviour.
Oracle UCM version: 11.1.1.5.0
Steps:
1. Log in with "weblogic" user and created a content with id "content1"
2. Applied "@acc1(R)" and "TestGroup1" to the cotent created in step 1
3. Log out
4. Log in as "acc1user1", the user is not able to see the "content1"
5. Log out
6. Log in as "role1user1", the user is not able to see the "content1"
Account and Group information:
1. User "acc1user1" is part of "@acc1(R)"
2. User "role1user1" is part of "role1(R)" and is mapped to "TestGroup1" in UCM
Expected:
Both "acc1user1" and "role1user1" should be able to see "content1" as they have at least Read permission.
Please help me understand why the users are not able to see the content.ACLs, like Accounts, are optional security setting which may add on some extra functionality to mandatory security groups. Likewise, the resulting permission is taken as an intersection of SG and ACLs.
But in the second part the number of set of users is huge (approx say 600)I don't get this completely. Does this mean that those "sets of users" (users who see the same data) are distinct and that there is 600 of such groups?
If you read thoroughly the manual I sent earlier, there is a recommendation that there should be maximum 50 security groups, and you should use accounts, should this number be exceeded. This means you could have all the documents in one security group (and have one common role with Read permission), but combine it with accounts. ACLs are not a good choice here - their performance and manageability is much worse than of accounts. ACLs are primarily used if you expect security settings to change during the lifetime (e.g. a project manager adds temporarily rights to access an item to another user, and revokes it when the user finishes his or her work).
Note that accounts as well as permissions of users within accounts can also be mapped externally (from LDAP/AD) and it usually follows some kind of org chart.
I'd feel more comfortable not to speak about users, security groups, roles, etc., but about some real-life objects and scenarios. -
Oracle.ldap.util - Add User to Group
Hi,
I am using the Subscriber to create a new User in the OID.
( User usr = subscriber.createUser(.....) )
Also I am getting a reference to the main group of the application.
Group appPublic = subscriber.getGroup(getCtx(), Util.IDTYPE_SIMPLE,"APP_PUBLIC" ,null);
Now I need to make the User "usr"member of the Group appPublic.
Can anyone help me find out how to do this?
I have read the User a Group API Reference but I can't find how to do this.
Any help would be really appreciated.I have solved this problem using the metalink Note:277775.1
------- cut here -------
import oracle.ldap.util.*;
import oracle.ldap.util.jndi.*;
import javax.naming.NamingException;
import javax.naming.directory.*;
import java.io.*;
import java.util.*;
public class AddUserToGroup
final static String ldapServerName = "mlc2.acme.org";
final static String ldapServerPort = "3060";
final static String rootdn = "cn=orcladmin";
final static String rootpass = "welcome1";
final static String user_name = "cn=john.doe,cn=users,dc=acme,dc=org";
final static String group_name = "cn=mynewgroup,dc=acme,dc=org";
public static void main(String argv[]) throws NamingException
// Create the connectin to the ldap server
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx(ldapServerName,
ldapServerPort,
rootdn,
rootpass);
// Add the user to the group
try {
Group mygroup = new Group(Util.IDTYPE_DN,group_name);;
mygroup.addUniquemember(ctx, user_name);
catch (UtilException e) {
e.printStackTrace();
------- end cut -------- -
List,
What are the possible values for "scope" in oracle.ldap.util.Util.getEntryDetails(DirContext ctx, String base, String filter, int scope, String[] attrList)? Are there any constants?
Thanks in advance.
Leandro.I found it out...
0 - SCOPE_BASE
1 - SCOPE_ONELEVEL
2 - SCOPE_SUBTREE
Thanks any way.
Leandro.
Ps.: I didn't understand why this numbers aren't constants in the Util class. (Or why they aren't in the doc) -
ODISRVREG - oracle.ldap.util.schema.ODISchemaException
Hello,
I configured a AD2OID integration. The bootstrapping is successful.
I have problems with the configuration of the periodically import. I configured the profil "ActiveChgImp" successfull.
But the registration failed:
odisrvreg -D cn=orcladmin -w p -h ad.domain.de -p 3060
->oracle.ldap.util.schema.ODISchemaException
No entry in log files.
Source: Microsoft Active Directory
Dest: OID - 10.1.2.1.0 on Red Hat Enterprise Linux AS release 3 (Taroon Update 8)
Any ideas?
regards,
LarsHope you can help me with the following,
Do you know the name of the attribute that contains the current time in the Novel Directory Service?
Thx in advance for your help -
I have received a retransfer file and if I try to open it I get the error message detailed above.
Have used it before with no problems.
Times have changed.
Older versions of SSL has been found to have some problems that have been patched (several different times) with Apple Security Updates. Unless wetransfer has kept up and patched these vulnerabilities, you may not be able to establish a secure connection with them (due to their software being out-if-date). -
UPD, Black Screen, and Securing connection
Hello All,
I have configured a Server 2012 R2 RDS setup. I have the RDCB's in HA and have allowed access to the collection (Pooled Desktop) via the RDWA server. All of the connections come from Windows 8.1 to windows 8.1 stations in the pool. UPD's are configured and
hosted on a share on a secondary server. Most of the time everything works correctly; however, when I do have issues it is one of the following 3.
1. The user logs in and gets a temporary profile. The cause is that the UPD is locked from the last log on. There is no way to remove the lock without restarting the UPD server; however, this causes every now log on to get a temp profile until the server
is back on line.
2. The user logs into the system and instead of the desktop are presented with a black screen and a mouse pointer. I found a reference to this being linked to the loading of the UPD as well but I have not been able to prove this yet. (http://jjstellato.blogspot.ca/2014/06/are-you-thinking-of-using-user-profile.html)
3. The last issue is when a user clicks the collection icon on the RDWA page it starts to load the rdp connection and it gets stuck at securing connection. It will just sit a securing connection forever. I am using a wildcard certificate for this setup that
we have purchased.
All of these issue are intermittent and usually hard to reproduce on a consistent basis, so if anyone has any ideas on any of these please let me know.
Thanks,
ScottHi Scott,
For temporary profile issue you can delete the registry key once and then check the result as per bow article.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfileImagePath: Find specified user name and delete it and restart to verify the result.
RDS 2012: Profile Disks and Temp Profiles
As you have purchase wildcard certificate, but please check that the certificate is placed under local computer/Personal store folder and also place under “Trusted root certificate” check the box “Allow the Certificate to be added to the Trusted Root Certification
Authorities store on the destination computers. Please go through this article for certificate related case.
- Configuring RDS 2012 Certificates and SSO
- Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Safari and secure connection issues
Today I started receiving errors when I try to log-in to secure web sites such as e-mail or password protected sites like "My eBay". Before I can get to the log-in page I get a drop down screen reading
Safari can’t open the page “https://login.yahoo.com/config/login_verify2?.partner=sbc&.done=http%3a//sbc.yah oo.com/” because it couldn’t establish a secure connection to the server “login.yahoo.com”.
It has now spread to iTunes and I cannot purchase songs.
I have run keychain first aid in the Access keychain program.
I downloaded the latest security update a couple of days ago. Wondering if it screwed up anything. anybody got any ideas?hey there pease check the article below
http://docs.info.apple.com/article.html?artnum=106211
basically it tells you to check date and time -
RFC, IDOC and secure connection
Hello
Does RFC/IDOC support secure connection like HTTPS?
How the data can be encrypted?Hi,
As Moorthy Quoted RFC will help you,
This will be help you for encrypying the data.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2cce390-0201-0010-5a9f-cca08c75b6ea
/people/kathirvel.balakrishnan2/blog/2006/06/13/sap-php-together-a-simple-base64-encoding-and-decoding
Encrypting data
Regards
Agasthuri Doss -
JEditorPane and Secure Connection failed
Hello,
I have created a simple application that shows the resulting HTML page from a URL connection using JEditorPane. This works fine except when I try to connect to a URL that needs a user name and password.
Using a straing URL connection I am able to connect but when I try to use the JEditorPane there is no method, as far as I know to get the connection and pass it to the EditorPane to use. I have tried the following :
context is with in a class that Extends the JEditorPane:
setContentType("text/html");
InputStream is = getSecureInputStream(username,password,tmpStr); // returns an input stream from
// a URL connection
HTMLDocument doc = (HTMLDocument)getDocument();
this.read(is,doc); // try to get the JEditorPane to
// read from the input stream
I get the following error:
error:Must insert new content into body element-
java.lang.RuntimeException: Must insert new content into body element-
at javax.swing.text.html.HTMLDocument$HTMLReader.generateEndsSpecsForMidInsert(HTMLDocument.java:1878)
at javax.swing.text.html.HTMLDocument$HTMLReader.<init>(HTMLDocument.java:1854)
at javax.swing.text.html.HTMLDocument$HTMLReader.<init>(HTMLDocument.java:1729)
at javax.swing.text.html.HTMLDocument$HTMLReader.<init>(HTMLDocument.java:1724)
at javax.swing.text.html.HTMLDocument.getReader(HTMLDocument.java:125)
at javax.swing.text.html.HTMLEditorKit.read(HTMLEditorKit.java:228)
at javax.swing.JEditorPane.read(JEditorPane.java:504)
at javax.swing.JEditorPane.read(JEditorPane.java:478)
at com.UrlChecker.EditorPane._$10273(EditorPane.java:98)
Thank youi can't find how to fix in the See Secure Connection Failed page, that's why i post my question.someone helps me pls!!!
-
I am unable to get SSL or Secure LDAP connection to work.
These are my settings for Directory-service:
name: TEST
description: TEST
login-prefix: TEST
type: GenericLdap
last-sync: (no value)
last-sync-error: The server is not operational.
users: (no value)
groups: (no value)
Connection settings
host: ldap.xon-ionx.****.se
port: 636
top-directory: ou=USER_CONTAINER,o=ROOT
binding-type: Secure
synchronization-account: cn=ZAV_User,ou=external,o=ROOT
password: ********
Schema settings
user-filter: (objectClass=inetOrgPerson)
user-class: inetOrgPerson
user-login-name: cn
user-first-name:
user-last-name:
user-full-name: cn
group-filter: (objectClass=groupOfNames)
group-class: groupOfNames
group-name: cn
group-description: description
group-members: member
Message from server is not saying much: Not synchronized (error: The server is not operational.)
Debug log output as follows:
05-07-2013 08:47:09.9960 - Critical - 0x0C5C: Directory service TEST could not be completely synced. Connection settings: host ldap.xon-ionx.****.se, port 636, top ou=USER_CONTAINER,o=ROOT, user cn=ZAV_User,ou=external,o=ROOT, type Secure, ufilter (objectClass=inetOrgPerson), uclass inetOrgPerson, uuname cn, ufname , ulname , uflname cn, gfilter (objectClass=groupOfNames), gclass groupOfNames, gdescription description, gmembership member
The server is not operational.
at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll ()
at Spoon.Server.Common.Data.Library.DirectoryService. _SyncNode(LibraryDataContext dc, DirectoryServiceNode dsn, Dictionary`2 dictUsers, Dictionary`2 dictGroups, Dictionary`2 dictUsersToInclude, Dictionary`2 dictGroupsToInclude, Int32& iUsersAdded, Int32& iGroupsAdded)
at Spoon.Server.Common.Data.Library.DirectoryService. Sync()
/MathiasDo other binding options function as expected (Simple, Anonymous)? I'm also working on setting up a test environment to try and reproduce this. If I find something that can help, I'll update the thread.
The support team could open a proper ticket with Spoon about this, but it requires that you open an SR first. -
ICommand utility and security best practice
Hi All,
I configured the Icommand configuration fle "BAMICommandConfig.xml" with default username and password and restarted the BAM server. I am using the weblogic administrator user as the default ICommand user. The password is clearly displayed in the BAMICommandConfig.xml. I use Icommand to import/export reports/data objects/EMS etc.
Is it possible to enhance the security by not displaying the password in the BAMICommandConfig.xml or some other best security practice.
ThanksAfter configurating WLS_HOME/user_projects/domains/base_domain/config/fmwconfig/servers/bam_server1/applications/oracle-bam_11.1.1/config/BAMICommandConfig.xml with username and password.
E.g.:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BAMICommand>
<ADCServerPort>9001</ADCServerPort>
<Communication_Protocol>t3</Communication_Protocol>
<SensorFactory>oracle.bam.common.statistics.noop.SensorFactoryImpl</SensorFactory>
<GenericSatelliteChannelName>invm:topic/oracle.bam.messaging.systemobjectnotification</GenericSatelliteChannelName>
<ICommand_Default_User_Name>weblogic</ICommand_Default_User_Name>
<ICommand_Default_Password>weblogic123</ICommand_Default_Password>
</BAMICommand>
The first time that the you execute ICommand sucessfully, the password in tag ICommand_Default_Password is encrypted automatically. -
Oracle 64-bit and database connectivity toolkit
Hello- I am attempting to connect to an Oracle database by interfacing the databse connectivity toolkit with the Oracle 10.2.0.3 64-bit that my customer uses. I am running LV13 32-bit on their machine. I am unable to connect to the database. Are there any known issues with this type of setup?
There's some discussion about an unsupported method to use the Database Connectivity Toolkit with 64-bit Windows here: http://forums.ni.com/t5/LabVIEW-Idea-Exchange/64-bit-Database-Toolkit/idi-p/2170088
That may help with the problem you're seeing. Something else to consider is the manual (page 1-2):
The Microsoft ODBC driver for Oracle and the Microsoft OLE DB
Provider for Oracle do not support BLOB (binary) data types. You
cannot use Oracle with the Database Connectivity Toolkit for binary
data with these drivers. Instead, use the OLE DB Provider and ODBC
driver that Oracle provides. Refer to the Oracle Web site at
www.oracle.com for more information about the OLE DB Provider
and the ODBC driver that Oracle provides
Jeff B.
Applications Engineer
National Instruments -
Hi all
My MacBook has quite literally in the last few minutes developed an issue which I thought was long dead. It won't connect to secure sites. I couldn't even post this message using Safari as I couldn't log in!
Has anyone had this on Tiger? Fixed it? Really could do without this problem!Well guys
After rebooting 4 times but making no changes of any kind... it's now accessing secure sites, although very slowly. At the moment this computer appears to be going through some kind of episode, simple things aren't working properly or going very slowly.
For example, Apple+w to close a windows on everything... bar a finder window lol
I'm beginning to think the unthinkable... a reinstall of OS X! Behaviour appears to be more erratic over the last few hours after I ran a software update and installed a fair bit updates as it hasn't been updated in a while.
Oh well. -
About applets and secure connection
Hello. I've read some threads but I can't understand a thing about applets and SSL.
I've a signed applet. This applets is embedded with applet tag in a jsp page.
The applet works as a file uploader.
With signing, the applet can access to the user file system without problem, open a connection with the server and upload files.
Now, If I want to use HttpsUrlConnection instead of the standard http connection, what certificate does the applet use for handshake? Does the applet automatically use the same certificate used for signing?
Thank youHello. I've read some threads but I can't understand a thing about applets and SSL.
I've a signed applet. This applets is embedded with applet tag in a jsp page.
The applet works as a file uploader.
With signing, the applet can access to the user file system without problem, open a connection with the server and upload files.
Now, If I want to use HttpsUrlConnection instead of the standard http connection, what certificate does the applet use for handshake? Does the applet automatically use the same certificate used for signing?
Thank you
Maybe you are looking for
-
Hi all. I need some help. I have recently installed a new Hard Drive in my Macbook and have re-installed Snow Leopard. Since doing so there have been a few things that haven't been quite the same. 1) Certain buttons decided they didnt want to work an
-
Using insert command in NVL function
How can we use insert command in a NVL function exapmle : INSERT INTO employee VALUES ( (NVL ( (SELECT emp_id FROM employee WHERE emp_name LIKE 'Test'), (insert into employee values((select max(emp_id)+1 from employee),'Test'))))); I mean i will chec
-
Changing to tap to click without a mouse
my track pad recently stopped responding to clicking, it still makes the clicking noise and feels fine but my MacBook pro does not respond. I am currently without a mouse... I opened system preferences and the track pad options using keyboard shortcu
-
RFC Lookup - BAPI-TABLE Parameters problem
Hello All, I had a scenario where i need to export parameters and am supposed to get import parameters from BAPI between source and target structures. like - source --> BAPI execution = result --> target We had succeeded in getting those but the only
-
How to calculate spacing & depth/stack with this kind of image slider.
Hello, Does anyone can give me a jump start on how to setup calculations to create this kind of carousel? I followed some tutorials about carousels but they all move in eliptical way. The carousel that i have to make does not have to move in eliptica