Oracle.ldap.util and secure connections

Similar Messages

• Need info regarding Oracle UCM Accounts and Security Groups behaviour

  Need information regarding Oracle UCM Accounts and Security Groups behaviour.
  Oracle UCM version: 11.1.1.5.0
  Steps:
  1. Log in with "weblogic" user and created a content with id "content1"
  2. Applied "@acc1(R)" and "TestGroup1" to the cotent created in step 1
  3. Log out
  4. Log in as "acc1user1", the user is not able to see the "content1"
  5. Log out
  6. Log in as "role1user1", the user is not able to see the "content1"
  Account and Group information:
  1. User "acc1user1" is part of "@acc1(R)"
  2. User "role1user1" is part of "role1(R)" and is mapped to "TestGroup1" in UCM
  Expected:
  Both "acc1user1" and "role1user1" should be able to see "content1" as they have at least Read permission.
  Please help me understand why the users are not able to see the content.

  ACLs, like Accounts, are optional security setting which may add on some extra functionality to mandatory security groups. Likewise, the resulting permission is taken as an intersection of SG and ACLs.
  But in the second part the number of set of users is huge (approx say 600)I don't get this completely. Does this mean that those "sets of users" (users who see the same data) are distinct and that there is 600 of such groups?
  If you read thoroughly the manual I sent earlier, there is a recommendation that there should be maximum 50 security groups, and you should use accounts, should this number be exceeded. This means you could have all the documents in one security group (and have one common role with Read permission), but combine it with accounts. ACLs are not a good choice here - their performance and manageability is much worse than of accounts. ACLs are primarily used if you expect security settings to change during the lifetime (e.g. a project manager adds temporarily rights to access an item to another user, and revokes it when the user finishes his or her work).
  Note that accounts as well as permissions of users within accounts can also be mapped externally (from LDAP/AD) and it usually follows some kind of org chart.
  I'd feel more comfortable not to speak about users, security groups, roles, etc., but about some real-life objects and scenarios.

• Oracle.ldap.util - Add User to Group

  Hi,
  I am using the Subscriber to create a new User in the OID.
  ( User usr = subscriber.createUser(.....) )
  Also I am getting a reference to the main group of the application.
  Group appPublic = subscriber.getGroup(getCtx(), Util.IDTYPE_SIMPLE,"APP_PUBLIC" ,null);
  Now I need to make the User "usr"member of the Group appPublic.
  Can anyone help me find out how to do this?
  I have read the User a Group API Reference but I can't find how to do this.
  Any help would be really appreciated.

  I have solved this problem using the metalink Note:277775.1
  ------- cut here -------
  import oracle.ldap.util.*;
  import oracle.ldap.util.jndi.*;
  import javax.naming.NamingException;
  import javax.naming.directory.*;
  import java.io.*;
  import java.util.*;
  public class AddUserToGroup
  final static String ldapServerName = "mlc2.acme.org";
  final static String ldapServerPort = "3060";
  final static String rootdn = "cn=orcladmin";
  final static String rootpass = "welcome1";
  final static String user_name = "cn=john.doe,cn=users,dc=acme,dc=org";
  final static String group_name = "cn=mynewgroup,dc=acme,dc=org";
  public static void main(String argv[]) throws NamingException
  // Create the connectin to the ldap server
  InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx(ldapServerName,
  ldapServerPort,
  rootdn,
  rootpass);
  // Add the user to the group
  try {
  Group mygroup = new Group(Util.IDTYPE_DN,group_name);;
  mygroup.addUniquemember(ctx, user_name);
  catch (UtilException e) {
  e.printStackTrace();
  ------- end cut --------

• Question about "int scope" parameter in oracle.ldap.util.Util.getEntryDetails()

  List,
  What are the possible values for "scope" in oracle.ldap.util.Util.getEntryDetails(DirContext ctx, String base, String filter, int scope, String[] attrList)? Are there any constants?
  Thanks in advance.
  Leandro.

  I found it out...
  0 - SCOPE_BASE
  1 - SCOPE_ONELEVEL
  2 - SCOPE_SUBTREE
  Thanks any way.
  Leandro.
  Ps.: I didn't understand why this numbers aren't constants in the Util class. (Or why they aren't in the doc)

• ODISRVREG - oracle.ldap.util.schema.ODISchemaException

  Hello,
  I configured a AD2OID integration. The bootstrapping is successful.
  I have problems with the configuration of the periodically import. I configured the profil "ActiveChgImp" successfull.
  But the registration failed:
  odisrvreg -D cn=orcladmin -w p -h ad.domain.de -p 3060
  ->oracle.ldap.util.schema.ODISchemaException
  No entry in log files.
  Source: Microsoft Active Directory
  Dest: OID - 10.1.2.1.0 on Red Hat Enterprise Linux AS release 3 (Taroon Update 8)
  Any ideas?
  regards,
  Lars

  Hope you can help me with the following,
  Do you know the name of the attribute that contains the current time in the Novel Directory Service?
  Thx in advance for your help

• I'm getting 'an ssl error has occurred and secure connection can not be made' I have upgraded to the latest OX version, but no joy in downloading a wetransfer file

  I have received a retransfer file and if I try to open it I get the error message detailed above.

  Have used it before with no problems.
  Times have changed.
  Older versions of SSL has been found to have some problems that have been patched (several different times) with Apple Security Updates. Unless wetransfer has kept up and patched these vulnerabilities, you may not be able to establish a secure connection with them (due to their software being out-if-date).

• UPD, Black Screen, and Securing connection

  Hello All,
  I have configured a Server 2012 R2 RDS setup. I have the RDCB's in HA and have allowed access to the collection (Pooled Desktop) via the RDWA server. All of the connections come from Windows 8.1 to windows 8.1 stations in the pool. UPD's are configured and
  hosted on a share on a secondary server. Most of the time everything works correctly; however, when I do have issues it is one of the following 3.
  1. The user logs in and gets a temporary profile. The cause is that the UPD is locked from the last log on. There is no way to remove the lock without restarting the UPD server; however, this causes every now log on to get a temp profile until the server
  is back on line.
  2. The user logs into the system and instead of the desktop are presented with a black screen and a mouse pointer. I found a reference to this being linked to the loading of the UPD as well but I have not been able to prove this yet. (http://jjstellato.blogspot.ca/2014/06/are-you-thinking-of-using-user-profile.html)
  3. The last issue is when a user clicks the collection icon on the RDWA page it starts to load the rdp connection and it gets stuck at securing connection. It will just sit a securing connection forever. I am using a wildcard certificate for this setup that
  we have purchased. 
  All of these issue are intermittent and usually hard to reproduce on a consistent basis, so if anyone has any ideas on any of these please let me know.
  Thanks,
  Scott 

  Hi Scott,
  For temporary profile issue you can delete the registry key once and then check the result as per bow article.
  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  ProfileImagePath: Find specified user name and delete it and restart to verify the result.
  RDS 2012: Profile Disks and Temp Profiles
  As you have purchase wildcard certificate, but please check that the certificate is placed under local computer/Personal store folder and also place under “Trusted root certificate” check the box “Allow the Certificate to be added to the Trusted Root Certification
  Authorities store on the destination computers. Please go through this article for certificate related case.
  - Configuring RDS 2012 Certificates and SSO
  - Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Safari and secure connection issues

  Today I started receiving errors when I try to log-in to secure web sites such as e-mail or password protected sites like "My eBay". Before I can get to the log-in page I get a drop down screen reading
  Safari can’t open the page “https://login.yahoo.com/config/login_verify2?.partner=sbc&.done=http%3a//sbc.yah oo.com/” because it couldn’t establish a secure connection to the server “login.yahoo.com”.
  It has now spread to iTunes and I cannot purchase songs.
  I have run keychain first aid in the Access keychain program.
  I downloaded the latest security update a couple of days ago. Wondering if it screwed up anything. anybody got any ideas?

  hey there pease check the article below
  http://docs.info.apple.com/article.html?artnum=106211
  basically it tells you to check date and time

• RFC, IDOC and secure connection

  Hello
  Does RFC/IDOC support secure connection like HTTPS?
  How the data can be encrypted?

  Hi,
  As Moorthy  Quoted  RFC will help you,
  This will be help you for encrypying the data.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2cce390-0201-0010-5a9f-cca08c75b6ea
  /people/kathirvel.balakrishnan2/blog/2006/06/13/sap-php-together-a-simple-base64-encoding-and-decoding
  Encrypting data
  Regards
  Agasthuri Doss

• JEditorPane and Secure Connection failed

  Hello,
  I have created a simple application that shows the resulting HTML page from a URL connection using JEditorPane. This works fine except when I try to connect to a URL that needs a user name and password.
  Using a straing URL connection I am able to connect but when I try to use the JEditorPane there is no method, as far as I know to get the connection and pass it to the EditorPane to use. I have tried the following :
  context is with in a class that Extends the JEditorPane:
  setContentType("text/html");
  InputStream is = getSecureInputStream(username,password,tmpStr); // returns an input stream from
  // a URL connection
  HTMLDocument doc = (HTMLDocument)getDocument();
  this.read(is,doc); // try to get the JEditorPane to
  // read from the input stream
  I get the following error:
  error:Must insert new content into body element-
  java.lang.RuntimeException: Must insert new content into body element-
  at javax.swing.text.html.HTMLDocument$HTMLReader.generateEndsSpecsForMidInsert(HTMLDocument.java:1878)
  at javax.swing.text.html.HTMLDocument$HTMLReader.<init>(HTMLDocument.java:1854)
  at javax.swing.text.html.HTMLDocument$HTMLReader.<init>(HTMLDocument.java:1729)
  at javax.swing.text.html.HTMLDocument$HTMLReader.<init>(HTMLDocument.java:1724)
  at javax.swing.text.html.HTMLDocument.getReader(HTMLDocument.java:125)
  at javax.swing.text.html.HTMLEditorKit.read(HTMLEditorKit.java:228)
  at javax.swing.JEditorPane.read(JEditorPane.java:504)
  at javax.swing.JEditorPane.read(JEditorPane.java:478)
  at com.UrlChecker.EditorPane._$10273(EditorPane.java:98)
  Thank you

  i can't find how to fix in the See Secure Connection Failed page, that's why i post my question.someone helps me pls!!!

• LDAP SSL and Secure

  I am unable to get SSL or Secure LDAP connection to work.
  These are my settings for Directory-service:
  name: TEST
  description: TEST
  login-prefix: TEST
  type: GenericLdap
  last-sync: (no value)
  last-sync-error: The server is not operational.
  users: (no value)
  groups: (no value)
  Connection settings
  host: ldap.xon-ionx.****.se
  port: 636
  top-directory: ou=USER_CONTAINER,o=ROOT
  binding-type: Secure
  synchronization-account: cn=ZAV_User,ou=external,o=ROOT
  password: ********
  Schema settings
  user-filter: (objectClass=inetOrgPerson)
  user-class: inetOrgPerson
  user-login-name: cn
  user-first-name:
  user-last-name:
  user-full-name: cn
  group-filter: (objectClass=groupOfNames)
  group-class: groupOfNames
  group-name: cn
  group-description: description
  group-members: member
  Message from server is not saying much: Not synchronized (error: The server is not operational.)
  Debug log output as follows:
  05-07-2013 08:47:09.9960 - Critical - 0x0C5C: Directory service TEST could not be completely synced. Connection settings: host ldap.xon-ionx.****.se, port 636, top ou=USER_CONTAINER,o=ROOT, user cn=ZAV_User,ou=external,o=ROOT, type Secure, ufilter (objectClass=inetOrgPerson), uclass inetOrgPerson, uuname cn, ufname , ulname , uflname cn, gfilter (objectClass=groupOfNames), gclass groupOfNames, gdescription description, gmembership member
  The server is not operational.
  at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
  at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
  at System.DirectoryServices.DirectorySearcher.FindAll ()
  at Spoon.Server.Common.Data.Library.DirectoryService. _SyncNode(LibraryDataContext dc, DirectoryServiceNode dsn, Dictionary`2 dictUsers, Dictionary`2 dictGroups, Dictionary`2 dictUsersToInclude, Dictionary`2 dictGroupsToInclude, Int32& iUsersAdded, Int32& iGroupsAdded)
  at Spoon.Server.Common.Data.Library.DirectoryService. Sync()
  /Mathias

  Do other binding options function as expected (Simple, Anonymous)? I'm also working on setting up a test environment to try and reproduce this. If I find something that can help, I'll update the thread.
  The support team could open a proper ticket with Spoon about this, but it requires that you open an SR first.

• ICommand utility and security best practice

  Hi All,
  I configured the Icommand configuration fle "BAMICommandConfig.xml" with default username and password and restarted the BAM server. I am using the weblogic administrator user as the default ICommand user. The password is clearly displayed in the BAMICommandConfig.xml. I use Icommand to import/export reports/data objects/EMS etc.
  Is it possible to enhance the security by not displaying the password in the BAMICommandConfig.xml or some other best security practice.
  Thanks

  After configurating WLS_HOME/user_projects/domains/base_domain/config/fmwconfig/servers/bam_server1/applications/oracle-bam_11.1.1/config/BAMICommandConfig.xml with username and password.
  E.g.:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <BAMICommand>
  <ADCServerPort>9001</ADCServerPort>
  <Communication_Protocol>t3</Communication_Protocol>
  <SensorFactory>oracle.bam.common.statistics.noop.SensorFactoryImpl</SensorFactory>
  <GenericSatelliteChannelName>invm:topic/oracle.bam.messaging.systemobjectnotification</GenericSatelliteChannelName>
  <ICommand_Default_User_Name>weblogic</ICommand_Default_User_Name>
  <ICommand_Default_Password>weblogic123</ICommand_Default_Password>
  </BAMICommand>
  The first time that the you execute ICommand sucessfully, the password in tag ICommand_Default_Password is encrypted automatically.

• Oracle 64-bit and database connectivity toolkit

  Hello- I am attempting to connect to an Oracle database by interfacing the databse connectivity toolkit with the Oracle 10.2.0.3 64-bit that my customer uses. I am running LV13 32-bit on their machine. I am unable to connect to the database. Are there any known issues with this type of setup? 

  There's some discussion about an unsupported method to use the Database Connectivity Toolkit with 64-bit Windows here: http://forums.ni.com/t5/LabVIEW-Idea-Exchange/64-bit-Database-Toolkit/idi-p/2170088
  That may help with the problem you're seeing.  Something else to consider is the manual (page 1-2):
  The Microsoft ODBC driver for Oracle and the Microsoft OLE DB
  Provider for Oracle do not support BLOB (binary) data types. You
  cannot use Oracle with the Database Connectivity Toolkit for binary
  data with these drivers. Instead, use the OLE DB Provider and ODBC
  driver that Oracle provides. Refer to the Oracle Web site at
  www.oracle.com for more information about the OLE DB Provider
  and the ODBC driver that Oracle provides
  Jeff B.
  Applications Engineer
  National Instruments

• Safari and secure connections

  Hi all
  My MacBook has quite literally in the last few minutes developed an issue which I thought was long dead. It won't connect to secure sites. I couldn't even post this message using Safari as I couldn't log in!
  Has anyone had this on Tiger? Fixed it? Really could do without this problem!

  Well guys
  After rebooting 4 times but making no changes of any kind... it's now accessing secure sites, although very slowly. At the moment this computer appears to be going through some kind of episode, simple things aren't working properly or going very slowly.
  For example, Apple+w to close a windows on everything... bar a finder window lol
  I'm beginning to think the unthinkable... a reinstall of OS X! Behaviour appears to be more erratic over the last few hours after I ran a software update and installed a fair bit updates as it hasn't been updated in a while.
  Oh well.

• About applets and secure connection

  Hello. I've read some threads but I can't understand a thing about applets and SSL.
  I've a signed applet. This applets is embedded with applet tag in a jsp page.
  The applet works as a file uploader.
  With signing, the applet can access to the user file system without problem, open a connection with the server and upload files.
  Now, If I want to use HttpsUrlConnection instead of the standard http connection, what certificate does the applet use for handshake? Does the applet automatically use the same certificate used for signing?
  Thank you

  Hello. I've read some threads but I can't understand a thing about applets and SSL.
  I've a signed applet. This applets is embedded with applet tag in a jsp page.
  The applet works as a file uploader.
  With signing, the applet can access to the user file system without problem, open a connection with the server and upload files.
  Now, If I want to use HttpsUrlConnection instead of the standard http connection, what certificate does the applet use for handshake? Does the applet automatically use the same certificate used for signing?
  Thank you