Portal and Netscape LDAP server integration
Hi,
I am trying to integrate Netscape LDAP server (6.0) with portal server 7, but
having lots of trouble doing that.
I've followed the instructions in the developer guide and completed the following
steps:
1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServer in config.xml
and modified the entries to fit my environment.
2. Deployed ldapprofile.jar and customized the env variables.
After these two steps, nothing happened. Then I did the third step:
3. added a iPlanet Authenticator to the realm CompatibilityRealm, which is my
default realm for the server.
However, after step 3, I wasn't able to boot weblogic server. Please note I have
create two users, system and weblogic in my LDAP server.
I copied the stack trace below. Any suggestions will be greatly appreciated.
Weiguo
C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java" -hotspot
-Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
-Dweblogic.Name=portalDemoServer
-Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
weblogic.Server
<Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting boot identity
from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
Starting WebLogic Server...
<Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loading configuration
C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configuration data
was found on server portalDemoServer for realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Security initializing
using realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Server failed
during initialization. Exception:java.lang.SecurityException: Authentication for
user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied at
weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
<Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342> <Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Thanks a lot Scott. I followed your instructions and got it working to a certain
degree. I am pretty happy about the results.
There are still a few issues:
1. I had to create groups and users in my directory server in order to boot up
and logon to the server. This is expected, but is it possible to export these
user/group settings from the embedded LDAP server so that I can import them into
my directory server? Currently, the only way is manual and it's error prone. A
lot of trial and error has to happen to get there.
2. It seems that using Netscape LDAP server only allows read-only access. This
means we have to create new users/groups outside of the portal server and one
other side effect is self-registration is impossible, unless we use custom security
providers. Is this assessment correct? Since LDAP integration is so important,
wouldn't it be nice if BEA have that built-in and all we need to do is to switch
to and configure it?
3. I got duplicate users and groups in compatibility security. Obviously, one
set is from my LDAP server and the other is from the embedded one. I tried to
remove to embedded LDAP authenticator, but the duplicates are still there. How
can I get rid of the duplicates - I only want the ones from my LDAP server?
Thanks again Scott.
Weiguo
Scott Dunbar <[email protected]> wrote:
Weiguo,
WLP 7.0 uses a compatibility realm only and will not work with the
custom realm that you created for the Netscape directory server.
Configuring an LDAP compatibility realm isn't too bad and its
configuration is much like 4.0. However, it can be hard to configure
initially from the console. One way is to shut your server down and
modify config.xml directly - but make sure you make a backup copy first!
Then add something like:
<CachingRealm BasicRealm="myRealm" CacheCaseSensitive="true"
Name="wlcsCachingRealm"/>
<CustomRealm
ConfigurationData="user.filter=(&(uid=%u)(objectclass=person));
user.dn=ou=people,dc=beasys,dc=com;
server.principal=uid=dirmanager,ou=people,dc=beasys,dc=com;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.host=somehost.beasys.com;
group.dn=ou=groups,dc=beasys,dc=com"
Name="myRealm" Password="your_password_here"
RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
will enable your LDAP server. After this is setup it will be much
easier to configure via the console. Obviously you'll need to update
the parameters above for your configuration.
Weiguo Wang wrote:
Hi,
I am trying to integrate Netscape LDAP server (6.0) with portal server7, but
having lots of trouble doing that.
I've followed the instructions in the developer guide and completedthe following
steps:
1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServerin config.xml
and modified the entries to fit my environment.
2. Deployed ldapprofile.jar and customized the env variables.
After these two steps, nothing happened. Then I did the third step:
3. added a iPlanet Authenticator to the realm CompatibilityRealm, whichis my
default realm for the server.
However, after step 3, I wasn't able to boot weblogic server. Pleasenote I have
create two users, system and weblogic in my LDAP server.
I copied the stack trace below. Any suggestions will be greatly appreciated.
Weiguo
C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java"-hotspot
-Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
-Dweblogic.Name=portalDemoServer
-Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
weblogic.Server
<Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting bootidentity
from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
Starting WebLogic Server...
<Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loadingconfiguration
C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configurationdata
was found on server portalDemoServer for realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Securityinitializing
using realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Serverfailed
during initialization. Exception:java.lang.SecurityException: Authenticationfor
user weblogic denied
java.lang.SecurityException: Authentication for user weblogic deniedat
weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
<Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342><Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
scott dunbar bea systems,
inc.
[email protected] boulder, co
303 998 2125 usa
Similar Messages
-
Steps for portal and Microsoft LDAP server integration
Hi,
Could any one guide me steps for portal and Microsoft LDAP server integration. Need it urgently.
Thanks in advance.
Regards,
NirajPlease don't cross post in multiple forums..
-
How can a Visual Basic Application be used to read a Netscape LDAP server?
I would Like to know if Visual Basic (ON AN NT WORKSTATION) can be used to access a Netscape LDAP Server (ON UNIX). And If so, will any API calls be necessary? Is there any documentation on using Visual Basic with LDAP?
Hi Ryan,
yes you can use VB with the nsldap32v30.dll or nsldap32v30.dll. You can get this from the iplanet page . The dll is inside the LDAP C SDK. Then, there's a 3 or 4 year old vb sdk with the declarations of the LDAP functions; but this seems not to be available in the web.
Please send me a mail, I'll send you the doc and a sample vb prog.
remove the nospam.
[email protected] -
An unexpected exception has been detected + Netscape ldap server V6
Hi,
An unexpected exception has been detected during running an application on Netscape ldap server V6. Actually some extended operation is done on ldap server but after some request server crashes and error reported is :
(psdk) xdspa1 JPSDKAgent.cc 143 ERROR Child error: Received unknown command: 'nexpected Signal : 11 occurred at PC=0xC1F19F40
Function=_shlInit
Library=/opt/java1.4/jre/lib/PA_RISC/server/libjvm.sl
Current Java thread:
"main" prio=7 tid=4000eca8 nid=1 lwp_id=7064320 runnable [0x77ff2000..0x77ff1ec0]
at com.tertio.tome.Tome.MwLogErr_Write0(Native Method)
at com.tertio.tome.Tome.error(Tome.java:171)
at com.tertio.provident.sdk.SdkBase.error(SdkBase.java:214)
- locked <71802780> (a java.lang.Object)
at com.h3g.provisioningagent.xds.agent.XDSProvisioningAgent.error(XDSProvisioningAgent.java:444)
at com.tertio.provident.sdk.ProvisioningAgentLink.handleEptReceived(ProvisioningAgentLink.java:166)
at com.tertio.provident.sdk.ProvisioningAgentLink.handleMessage(ProvisioningAgentLink.java:100)
at com.tertio.provident.sdk.SdkBase.mainLoop(SdkBase.java:180)
at com.tertio.provident.sdk.SdkBase.main(SdkBase.java:47)
Dynamic libraries:
/opt/java1.4/bin/PA_RISC/java
text:0x00001000-0x00011b8c data:0x40001000-0x40002ee0
/opt/java1.4/jre/lib/PA_RISC/server/libjvm.sl
text:0xc1800000-0xc22d8000 data:0x77e12000-0x77fcd000
/usr/lib/libpthread.1
text:0xc0030000-0xc0047000 data:0x77dea000-0x77ded000
/usr/lib/libm.2
text:0xc0090000-0xc00b6000 data:0x77ded000-0x77df3000
/usr/lib/librt.2
text:0xc00b8000-0xc00bc000 data:0x77df3000-0x77df4000
/usr/lib/libcl.2
text:0xc03c0000-0xc04a8000 data:0x77df7000-0x77e05000
/usr/lib/libisamstub.1
text:0xc002f000-0xc0030000 data:0x77df4000-0x77df5000
/usr/lib/libCsup.2
text:0xc0310000-0xc032c000 data:0x77e05000-0x77e08000
/usr/lib/libc.2
text:0xc0100000-0xc024e000 data:0x77fd2000-0x77fe5000
/usr/lib/libdld.2
text:0xc0006000-0xc0009000 data:0x77fcd000-0x77fce000
/opt/graphics/OpenGL/lib/libogltls.sl
text:0xc0004000-0xc0006000 data:0x77fe9000-0x77fea000
/opt/java1.4/jre/lib/PA_RISC/native_threads/libhpi.sl
text:0xc0500000-0xc0513000 data:0x77de7000-0x77de8000
/opt/java1.4/jre/lib/PA_RISC/libverify.sl
text:0xc0520000-0xc0530000 data:0x77d65000-0x77d66000
/opt/java1.4/jre/lib/PA_RISC/libjava.sl
text:0xc0530000-0xc055b000 data:0x77d63000-0x77d65000
/opt/java1.4/jre/lib/PA_RISC/libzip.sl
text:0xc0560000-0xc0574000 data:0x77d5f000-0x77d61000
/home/sandeepk/h3guk/live/prov/lib/libjtome.sl
text:0xc06a5000-0xc06a8000 data:0x77c66000-0x77c67000
/home/sandeepk/h3guk/live/prov/lib/libtome.sl
text:0xc0890000-0xc08c0000 data:0x77c4f000-0x77c65000
/home/sandeepk/h3guk/live/prov/lib/libtome_ev.sl
text:0xc066e000-0xc0670000 data:0x77c65000-0x77c66000
/opt/java1.4/jre/lib/PA_RISC/libnet.sl
text:0xc08c0000-0xc08d1000 data:0x77c4e000-0x77c4f000
/usr/lib/libnm.sl
text:0xc28f4000-0xc28fb000 data:0x77c4d000-0x77c4e000
/usr/lib/libnss_dns.1
text:0xc00bc000-0x'
Please help in this regard ASAP. Awaiting your suggestions/ further information.
Regards,
SandeepI'm not sure we can do anything to help you. It looks like some problem wit Oracle?
We're dedicated to Messaging Server in this forum. I doubt anybody knows much about Java or Oracle, here. You might try the right forum. -
Differences between SunONE, iPlanet and Netscape Directory Server
What are the differences between SunONE, iPlanet and Netscape Directory Server?
When I go to docs.sun.com - Products Categories, I saw that they've documentation regarding with SunONE, iPlanet, Netscape Directory Server listed under Directory Server.
I know that they're all different directory server, but is it one newer than other? If I'm not wrong, I assumed that Netscape transformed into iPlanet, and then from iPlanet, it transformed to SunONE. If that is the case, is that mean that all of it's console and how it works should be very similar?
Thanks!That is exactly what I thought.
so when people refer SunONE Directory Server 5.1, then that's mean iPlanet Directory Server 5.1, right?
Because I'm looking at Solaris 9's specification and it mentioned that it bundled with SunONE Directory Server 5.1.
Thanks for answering my question! :) -
Portal 7 and embedded LDAP server
I searched for this on support but nothing much came up on Portal 7, so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported by the
embedded LDAP server that comes with WLS? Can I convert sooner or later?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
embedded LDAP?
Thanks,
SteveTure,
Can use LDAP for UUP without using it for authentication/authorization? If so,
how, or at least can you kindly point to a document that descrips how?
Thanks
Ture Hoefner <[email protected]> wrote:
Hello Steve,
I think you may be confusing the LDAP v2 specification with the WLS
6.x, 7.x
V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
with the
LDAP v2 spec. It is just version 2 of the LdapRealm (
http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
Portal
doesn't really care which LDAP server you are using (and it works with
both the
original LdapRealm and the V2 LdapRealm).
When using Portal with LDAP, there are three things you can use it
for:
1) authentication/authorization, using WLS security framework, and/or
2) read-only Unified User Profile (UUP) via LdapPropertyManager in
ldapprofile.jar to get user properties from LDAP, and/or
3) read/write UUP via your own custom EntityPropertyManager to get/set
user
properties from LDAP.
If you are using LDAP for authentication/authorization, then just follow
instructions from WLS for configuring it. Your Portal app is a J2EE
app that
will use this service from your WLS app server.
If you are using LDAP for a UUP then it doesn't really matter which LDAP
server
you use, as long as it really follows the LDAP spec. Portal just uses
JNDI to
search for attributes in the LDAP server and provides them to you as
user
properties.
Steve Lewis wrote:
I searched for this on support but nothing much came up on Portal 7,so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported bythe
embedded LDAP server that comes with WLS? Can I convert sooner orlater?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
embedded LDAP?
Thanks,
Steve--
Ture Hoefner
BEA Systems, Inc.
4001 Discovery Drive
Suite 340
Boulder, CO 80303
www.bea.com -
SAP HR to LDAP Server Integration
Dear Experts,
We are trying to integrate HR data from SAP ECC to an LDAP server using the built in LDAP connector settings in ECC.
It is working well with the exception that the KEY field from HR is being populated into one of the spare fields on Activie Directory. Is there anyway to prevent this. It is required in the LDAP Mapping synchronization but is not required in LDAP server.
We have tried the various combinations of import and export parameters but nothing works.
Many thanks in advance.
MarkHello Mark,
Check this link
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/06187a32-0a01-0010-709b-e664a61eab08?QuickLink=index&overridelayout=true
Also have a look at OSS notes
- 718383 - NetWeaver: Supported UME Data Sources and Change.
- 352295 - Microsoft Windows Single Sign-On options
regards, -
Storing Portal Roles in LDAP server
Hi,
I want to use an LDAP server for user authentication to my portal. The documents I got from help.sap.com says about keeping an LDAP server for storing normal user attributes and the portal db for storing roles. Is there any way to store thr portal roles also in the LDAP server and retreive them for authentication. Please help
Thanks,
RanjithHi Ranjith,
There is no way to store the roles in the LDAP. They are kept in the portal DB. Also, portal roles aren't used for authentication like roles are in R/3. They are used mainly for determining what a user can see in the portal.
The authentication in the portal is based on the user id and password. when you log on to the portal. You will be assigned a role(s) for what you can see in the portal. The actual authentication to application come from the back end systems. For example, even if you have a portal role that lets you have access to a transaction in R/3, if you don't have the back end authorization you won't be able to get at the data.
I hope this helps
John -
Server side redirect with 4.5.1 and Netscape Enterprise Server
Is it possible to have a servlet running under WL 4.5.1 to perform a server
side redirect ala CGI?
Here's my config:
web server: Netscape Enterprise Server 3.6 on solaris, with weblogic
plugin
servlet runner: WL 4.5.1 on different host from ES.
Here's what I want to happen:
1) HTTP GET from browser to enterprise server
2) forwarded by plugin to servlet
3) servlet logs some activity to an application log file, and sends a
server side redirect to enterprise server
4) Enterprise server returns the file identified by the rediect directly
to the client.
This is possible with enterprise server and CGI, because the ES CGI code
checks the return stream from the CGI program for "Location: <some url>". If
it see's that, it tries to locally resolve that URL as the client had asked
directly for that URL. I think this would only be possible with WL if the WL
NSAPI plug in supported a server side redirect feature. Anyone know status
of that? Or might ES support something like this depending on the order of
the objects in obj.conf?
Here's what I've tried in the servlet:
res.setHeader("Location:", location);
res.setContentType("magnus-internal/redirect");
res.setStatus(302);
This just sends an HTTP tempoary new location to the client for a client
side redirect. Client side redirect is not desirable because it doubles the
HTTP traffic.
Another option would be to read the file I want to redirect to from inside
the servlet and return it from the servlet, but that is not desirable
because I want to have ES serve the file - thats it's job, it caches, less
network traffic (between our servers), etc.
Server side redirect is very useful feature and not that uncommon for web
applications, so if WL does not support it now, I will probably put in a new
feature request.
Thanks for your help
Mark Johnson.
Why not just use the proxy servlet to redirect to your netscape server? That
does it on the server side!
-russell
Mark Johnson wrote:
> I belive that sendRedirect performs a client side rediret, not a server
> side redirect.
>
> Guy Tal <[email protected]> wrote in message
> news:[email protected]...
> > public void doGet(HttpServletRequest req, HttpServletResponse res) ...
> > ...
> > res.sendRedirect("http://destination");
> > ...
> >
> > Guy
> >
> > Mark Johnson <[email protected]> wrote:
> >
> > > Is it possible to have a servlet running under WL 4.5.1 to perform a
> server
> > > side redirect ala CGI?
> >
> > > Here's my config:
> > > web server: Netscape Enterprise Server 3.6 on solaris, with weblogic
> > > plugin
> > > servlet runner: WL 4.5.1 on different host from ES.
> >
> > > Here's what I want to happen:
> > > 1) HTTP GET from browser to enterprise server
> > > 2) forwarded by plugin to servlet
> > > 3) servlet logs some activity to an application log file, and sends
> a
> > > server side redirect to enterprise server
> > > 4) Enterprise server returns the file identified by the rediect
> directly
> > > to the client.
> >
> > > This is possible with enterprise server and CGI, because the ES CGI code
> > > checks the return stream from the CGI program for "Location: <some
> url>". If
> > > it see's that, it tries to locally resolve that URL as the client had
> asked
> > > directly for that URL. I think this would only be possible with WL if
> the WL
> > > NSAPI plug in supported a server side redirect feature. Anyone know
> status
> > > of that? Or might ES support something like this depending on the order
> of
> > > the objects in obj.conf?
> >
> > > Here's what I've tried in the servlet:
> > > res.setHeader("Location:", location);
> > > res.setContentType("magnus-internal/redirect");
> > > res.setStatus(302);
> >
> > > This just sends an HTTP tempoary new location to the client for a client
> > > side redirect. Client side redirect is not desirable because it doubles
> the
> > > HTTP traffic.
> >
> > > Another option would be to read the file I want to redirect to from
> inside
> > > the servlet and return it from the servlet, but that is not desirable
> > > because I want to have ES serve the file - thats it's job, it caches,
> less
> > > network traffic (between our servers), etc.
> >
> > > Server side redirect is very useful feature and not that uncommon for
> web
> > > applications, so if WL does not support it now, I will probably put in a
> new
> > > feature request.
> >
> >
> > > Thanks for your help
> >
> > > Mark Johnson.
> >
> >
> >
> >
> >
> >
> >
> >
Russell Castagnaro
Chief Mentor
SyncTank Solutions
http://www.synctank.com
Earth is the cradle of mankind; one does not remain in the cradle forever
-Tsiolkovsky
-
Rc.local script to bind and add ldap server
Greetings All,
For the past few years, I've used the script below to bind and add authentication servers to my client machines. The process is simple enough, copy the rc.local script (ref'd below) to /etc/ as root and reboot the client. The problem now, is I don't know if this will work in 10.6. As I read this script, I realized there have been enough changes in location of files and file names between 10.5 and 10.6 that this script isn't going to work.
My question to you guys is this: Is anyone else taking care of their binding/auth services in a similar manner? If so, would you mind sharing the script you're using?
Thanks,
-dave
Here's mine:
#!/bin/sh
# WARNING -- REMEMBER TO UNCOMMENT THE SELF-DELETING LINE!
#Site and/or District-specific Variables
#Local Admin in Image
LOCADMIN="tech" # Local admin user in your image
LOCPASSWD="techpwd" # Local admin password in your image
#Open Directory
ODSITESERVER="odr1.mydomain.edu" # FQDN of the Open Directory Server
ODADMIN="diradmin" # Directory Admin for Open Directory
ODPASSWD="diradminpwd" #Password for OD Directory Admin
### DO NOT EDIT BELOW THIS LINE!
OSMAJORVER=`sw_vers | grep ProductVersion | awk '{print $2}' | cut -c 1-4`
ENETADDRESS=`ifconfig en0 | grep ether | awk '{print $2}'`
#Give the network time to come online
logger "Sleeping 30 seconds"
sleep 30
#Set Date and Time
case $OSMAJORVER in
10.3) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.4) date > /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
10.5) date > /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
/usr/sbin/systemsetup -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
date >> /Library/Logs/binder.log 2>&1 ;;
esac
#Set Bonjour and Computer Names
# logger "Setting Bonjour and Computer Names"
# SERIALNUMBER=`ioreg -l |grep IOPlatformSerialNumber | awk '{print $4}' | cut -d \" -f 2`
# SECONDOCTET=`ifconfig -a | grep inet | grep -v inet6 | awk '{print $2}' | grep ^10\. | head -n 1 | awk 'BEGIN {FS="."}; { printf "%03d", $2 }'`
# COMPUTERID="A""$SECONDOCTET""$SERIALNUMBER"
# logger "Computer name is $COMPUTERID"
# scutil --set LocalHostName "$COMPUTERID"
# scutil --set ComputerName "$COMPUTERID"
# sleep 3
#Set the Open Directory Server we are binding to based on the second octet of the IP address received from the DHCP lease
# case $SECONDOCTET in
# 002|005|047|110|112|115|119|121|123|128|133|153|241|247|250|251|253) ODSITESERVER="a941wgm.austinisd.org" ; RING="A1N";;
# 009|045|046|052|053|107|109|117|131|132|138|144|151|154|155|179) ODSITESERVER="a117wgm.austinisd.org" ; RING="B1N";;
# 004|006|010|048|055|056|102|106|118|129|141|149|152|157|159|161|163|164|165|178 |189|244|249) ODSITESERVER="a006wgm.austinisd.org" ; RING="C1N";;
# 003|012|015|044|051|105|108|111|116|122|124|125|126|127|139|142|145|150|245) ODSITESERVER="a044wgm.austinisd.org" ; RING="D1N";;
# 007|043|049|058|103|104|114|140|146|160|162|168|171|174|175|176|185|190|246|101 ) ODSITESERVER="a007wgm.austinisd.org" ; RING="B1S";;
# 101) ODSITESERVER="a007wgm.austinisd.org" ; RING="B2S";;
# 008|013|017|054|059|061|120|130|136|147|156|166|172|173|182|184) ODSITESERVER="a008wgm.austinisd.org" ; RING="C1S";;
# 057|060|113|143|148|158|170|180|181|183|248) ODSITESERVER="a008wgm.austinisd.org" ; RING="C2S";;
# *) ODSITESERVER="a000wgm.austinisd.org" ; RING="A0N";;
# esac
#Remove Existing Directory Services Config
logger "Removing existing DS Config"
rm -R /Library/Preferences/DirectoryService/ActiveDirectory*
rm -R /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig*
rm -R /Library/Preferences/DirectoryService/SearchNode*
rm -R /Library/Preferences/DirectoryService/ContactsNode*
rm -R /Library/Preferences/edu.mit.*
rm -R /etc/krb5.keytab
#Enable and disable appropriate plugins
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.4) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
10.5) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1 ;;
esac
#Copy in updated ldap.conf file for Leopard machines, which disables the verification of SSL certs used for LDAP Authentication
case $OSMAJORVER in
10.5) cp /etc/ldap.conf-leopard /etc/openldap/ldap.conf ;;
esac
#Kill Directory Services and respawn to return to DS Defaults
logger "Respawning DS"
killall -9 DirectoryService
#Running "id" triggers a DS Respawn
id "$LOCADMIN" >> /Library/Logs/binder.log 2>&1
sleep 3
#Fix SearchNode plist
case $OSMAJORVER in
10.3) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
10.4) logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
sleep 3 ;;
esac
#Configure LDAPv3 Plugin -- fix with site-specific data
logger "Configuring LDAPv3 Plugin"
case $OSMAJORVER in
10.4) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
10.5) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
esac
sleep 3
#Make sure we init DS and confirm connectivity to each LDAP directory
logger "Checking OD Node Connectivity"
date >> /Library/Logs/binder.log
echo "Checking OD Node Connectivity" >> /Library/Logs/binder.log
dscl localhost -list /LDAPv3/$ODSITESERVER/Groups >> /Library/Logs/binder.log 2>&1
#Configure Search Path
logger "Configuring Search Nodes"
date >> /Library/Logs/binder.log
echo "Configuring Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
case $OSMAJORVER in
10.3) defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/LDAPv3/$ODSITESERVER"
killall -9 DirectoryService ;;
10.4) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
10.5) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
esac
date >> /Library/Logs/binder.log
echo "Confirming Search Nodes" >> /Library/Logs/binder.log
dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
#Remove any stale computer records from Open Directory
logger "Removing stale computer records from OD"
dscl /LDAPv3/"$ODSITESERVER" -search Computers ENetAddress "$ENETADDRESS" | awk 'BEGIN {FS="\t\t"}; { print $1 }' | while read COMPNAME
do
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -delete Computers/"$COMPNAME" >> /Library/Logs/binder.log 2>&1
done
#Add computer record to Open Directory
logger "Adding new Computer Record to OD"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/`scutil --get LocalHostName` ENetAddress "$ENETADDRESS" >> /Library/Logs/binder.log 2>&1
#Add to designated computer list - this is ONLY for 10.4 server. This will need to be replaced for 10.5 server.
COMPUTERGROUP="Unprovisioned" # Computer List
logger "Adding to Computer List: $COMPUTERLIST"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/"$COMPUTERID" ENetAddress "$ENETADDRESS"
dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -append ComputerLists/"$COMPUTERGROUP" Computers "$COMPUTERID"
#Refresh the MCX Cache
logger "Refeshing the MCX Cache"
case $OSMAJORVER in
10.3) /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
10.4) /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher -f >> /Library/Logs/binder.log 2>&1
/System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
esac
#Disable automatic login on the client
defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin -bool TRUE
#Enable login hooks on the client
case $OSMAJORVER in
10.4|10.5) defaults write /var/root/Library/Preferences/com.apple.loginwindow EnableMCXLoginScripts -bool true
defaults write /var/root/Library/Preferences/com.apple.loginwindow MCXScriptTrust Anonymous ;;
esac
#Enable Directory Services Status by default on loginwindow
# case $OSMAJORVER in
# 10.4|10.5) defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus ;;
#esac
#Modify the binder log so that only admin viewers may access the file
chmod u=rw,go= /Library/Logs/binder.log
sleep 5
#killall loginwindow
sleep 5
#Comment the lines below, until shutdown if you do not want the script to replace itself with a 30 second delay on startup to ensure the client receives a DHCP lease before loginwindow appears
case $OSMAJORVER in
10.3|10.4) echo sleep 30 > /etc/rc.local ;;
*) srm /etc/rc.local ;;
esac
shutdown -r now
#Exit
exit 0The first thing I would verify is if you can connect and traverse your Active Directory/Domain Controller using Softerra's free ldap browser.
1. Softerra ldap browser link
http://download.softerra.com/files/ldapbrowser26.msi
Put in the IP/hostname of the domain controller, use the same BASE DN, and user credentials that you used on the IronPort appliance.
I would highly recommend that you create a separate account for the IronPort. (i.e. ironportldap). Do this so that you don't have to worry about accidentially resetting the password and then forgetting to update the IronPort appliance.
2. Once you've verified that you can connect and see your tree, use the same settings from Softerra ldap browser and put them in the IronPort ldap interface.
Try this for your Accept query string
(|(mail={a})(proxyAddresses=smtp:{a}))
3. If it still fails, enable the ldap debug log if you haven't already and paste in the error.
We are trying to add an LDAP Server Profile but everytime we try to test the Accept Query we get an
"Error - Error: configuration error" message.
We are using AD, top of the tree for base DN. dc=domain, dc=local.
We tried communicating with 2 different servers via telnet on ports 389, 3268, both are open.
Tried port 389 and 3268, no SSL, Anynomous and User Password authentication methods.
The error left us clueless since we followed the instructions on the user manual.
For the accept query we tried this query string: (proxyAddresses=smtp:{a})
Any ideas or pointers to what could be causing this are very appriciated.
Thanks.
Ed. -
Mail.app and Netscape Messaging Server v3.6
We are trying to track down performance issues with Mail.app in both Tiger and Panther. Issues include how long it takes to download large attachments (PDFs upwards of 10MB), how long it takes to synchronize and cache, and other things that appear in Mail's activity window and never go away. Downloading large attachments puts a large CPU load on our mail server. We are looking at all variables -- switches, network configs, local client settings, etc. We are on a switched network with a mix of Gig and 100BT to the desktops. But my question here is: What might be the advantage of upgrading to a newer mail server? Our Netscape 3.6 software is very old, but the Sun hardware it lives on had a CPU upgrade last year. Even though the IMAP protocol itself has been pretty stable for years, would we find newer platforms more efficient with modern needs such as large attachments and inboxes that receive dozens of messages a day?
Wow, this is dusting off the cobwebs. NS 3.X has a different format for mail message, the IMAP data is contained in the first 400 bytes (or so) of the message file. So sending them through the deliver program is not an option, unless you strip the bytes off.
When you ran upgrade on an individual user, did you first remove the 4.15 mailbox with mboxutil -d? -
CRM 5.0 and microsoft exchange server integration
Hi,
I'm facing problem in setting up email integration in SAP CRM.
What I woul like to achieve is that an email sent to the call center should be see the email in this way:
from: customer email
to: [email protected]
The exchange server responsible says that it is not possible to do this but exchange has to change the "to" domain before sending the email and so the call center agent should see in the inbox an email like this:
from: customer email
to: [email protected]
Is it right? Any hint?
Can you help me?
Thanks in advance.
RobertoHello Roberto,
E-Mail rerouting is possible with an Exchange server. We use an adress [email protected] provided from the Exchangeserver. The mail is then forwarded to [email protected] to be retrieved by our CRM System for further processing. Please ask your Exchange admin again. I think he has to get wome more information about configuration possibilities.
Regards
Gregor -
Prime and ACS View Server Integration
Can anyone point me in the right direction for a good doc on implenting Prime (1.3) with an ACS View Server (5.1)?
Hello,
I went throuh your query and found certain steps which may help you out in solving your query.
Configuring ACS View Servers
To facilitate communication between Prime Infrastructure and the ACS View Server and to access the ACS View Server tab, you must add a view server with credentials.
Note Prime Infrastructure only supports ACS View Server 5.1 or later.
To configure the ACS View Server Credentials, follow these steps:
Step 1 Choose Design > External Management > ACS View Servers.
Step 2 Enter the port number of the ACS View Server you are adding. (Some ACS View Servers do not allow you to change the port on which HTTPS runs.)
Step 3 Enter the password that was established on the ACS View Server. Confirm the password.
Step 4 Specify the time in seconds after which the authentication request times out and a retransmission is attempted by the controller.
Step 5 Specify the number of retries to be attempted.
Step 6 Click Save.
Configuring TFTP or FTP Servers
Step 1 Choose Design > External Management > TFTP/FTP Servers.
Step 2 From the Select a command drop-down list, choose Add TFTP/FTP Server.
Step 3 From the Server Type drop-down list, choose TFTP, FTP, or Both.
Step 4 Enter a TFTP/FTP server name. This is a user-defined name for the server.
Step 5 Enter the IP address of the TFTP/FTP server.
Step 6 Click Save.
Next Steps
Now that you have completed the basic setup steps, you might want to do the following tasks:
Table 2-3 Next Steps after Completing Setup Tasks
Task
GUI Path
Documentation Reference
Set up additional users
Administration > Users, Roles & AAA, then click Users
Controlling User Access
Add additional virtual domains
Administration > Virtual Domains
Setting Up Virtual Domains
Refine your sites
Design > Site Map Design
Designing Sites
Create additional port groups and change existing port groups
Design > Port Grouping
Changing Port Groups
Start monitoring and responding to alarms
Operate > Alarms & Events
Monitoring Alarms -
CRM and Microsoft Project Server Integration
Hello,
Can anyone explain what solutions are available that can help in integrating SAP CRM with Microsoft Project Server? Is there any documentation available on this? Thanks.Hello Roberto,
E-Mail rerouting is possible with an Exchange server. We use an adress [email protected] provided from the Exchangeserver. The mail is then forwarded to [email protected] to be retrieved by our CRM System for further processing. Please ask your Exchange admin again. I think he has to get wome more information about configuration possibilities.
Regards
Gregor -
Hi All,
All i need is to write a script in UCCX premium with below requirement.
We do offer services to our customers through the IVR, the aim is to ask the Customer to register with our company, and then will be allowed to use the services from us. We want to ask the customer for second level of authentication when he is on our IVR in terms that we will send him the activation code on his registered mobile number and verification of Voice Signature by Voice Biometric System. Then he will be prompted for the services. In addition, once he has logged in then he can order new services for which we will record him request in the Database and then send him an SMS Notifications.
Is this possible in the scripting?Hi,
First customer calls in to the trigger, their will be a menu to select the language (English,Arabic,French,bla). After the language selection,
customer will be prompted to login using their credentials (press 1),
and if you are new user register your detail (Press 2).
If customer press 1 , then there will a menu mentioning some company services, and customer can order those services by using his account. After successful order, sms gateway sends a notification to customer's mobile number.
If the customer press 2 , then the registration process starts , after successful registration in the database we query the details and then send the activation code to customer's mobile number. Using the activation code he should be able to activate his account and select the services.
Finally, this IVR should play only in the office hours. Non-working hours there will be different prompt.
Hope you are clear about this call flow. If you have any queries please let me know.
Thanks in advance
Regards
Kajen
Maybe you are looking for
-
Unable to view data in Physical layer of RPD
I have OBIEE installed on my local machine using Oracle 10g as the database installed on a remote machine. I am able to create the DSN and test the connection pool on my local machine. The Call interface is OCI 10g in the connection pool. I am able t
-
Anyone have any idea why some logs are not produced even though all jobs are set to the default class with logging ? I have not given any details so far, this is just a general enquiry to see if any one else has experienced this.
-
"Image Capture" not available on my Mac
I have a Macbook Pro OS X Mavericks 10.9.5, the mid-2014 model. I don't have image capture on my mac but i have iPhoto, how do I download it?
-
CRL and delta CRL generation schedule not fixed (CS 2008 R2 and CS 2003 R2)
CRL and delta CRL is generated daily at the same time in test environment (sometimes offset may be about 1 minute). Delta CRL generation statistics (effective date) in production environment : 2014.07.12 23:01 2014.07.14 00:00 2014.07.15 00:43 2014.0
-
Programatically determine if Shared Features installed for VBA
Sometimes users/customers report my Visio application fails with error 438. This usually is the result of a Visio installation where the Office Shared Features do not have VBA enabled/installed. Is there a way my application installer/setup can deter