Requires LDAP authentication on the click of a link

Similar Messages

• Database Table and LDAP Authentication in the same repository?

  I'm wondering if it's possible to authenticate through database tables for some users and LDAP for other users. I can configure each one separately but I'm curious if anyone has ever successfully done both in the same repository.
  Thanks,
  -Matt

  Another thing to try is this. I don't have an LDAP server here but it worked for me without LDAP. I think it should also work with LDAP as it is the same idea. I don't think there is a way to have a conditional Init Blocks. Also you can't have two init blocks setting the same variable (USER in our case). But what you can do is to have two Init Blocks, one for LDAP authentication and the other one for table authentication. So you could have this scenario:
  1) LDAP "authentication" init block sets custom variable LDAP_USER
  2) Table "authentication" init block sets custom variable TABLE_USER
  3) Final authentication init block (the real one) sets USER variable using something like this:
  SELECT CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
  ELSE ':TABLE_USER'
  END
  FROM DUAL
  WHERE CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
  ELSE ':TABLE_USER'
  END = ':USER'
  Note how I use the CASE statement both to return the user value I want the USER variable to be set and also in the WHERE clause to make sure no rows are returned in case authentication fails (which should return no rows to denote a failed authentication). Obviously you need to set the init block dependancies correctly. I did a quick test with users coming from two separate Oracle tables in 2 init biocks and it worked fine for me. Give it a try and let me know how it goes.

• Why we use the LDAP Authentication over the DB authentication?

  Hi All,
  Why we use the LDAP Authentication over the DB authentication?
  Any specific region is for that?
  When we use LDAP do we need DB authentication again or it will be optional?
  In same case in ADSI do the DB authentication is optional or compulsory .
  Thanks in advance
  Tusar

  LDAP / AD authentication is useful if you already use it in your organisation and you'll find that most orgs have some form of user authentication already in place.
  Do users in your company have to log into to their machines every morning? If so, why not use those credentials to control access to Siebel? It's a way of providing a single directory of employee authentication information available across applications, keeping maintenance and change costs down.
  When you use LDAP authentication, you specify an AD object that contains a set of DB authentication details so that the component can access the Siebel database. In Siebel 8, you can directly specify those details in the security profile. As such, you only then have to maintain a single set of DB specific authentication details: much easier to manage. You can always switch back to DB authentication if you want to, but you'd have to go through all users accounts and create them with the same login and password specified in AD.

• WebEngine: how to capture the click on a link?

  I need some insight into the inner workings of WebEngine: listeners seem to stop firing under certain conditions.
  Problem description:
  In my application I have to open certain urls in a new tab or in a different pane. Following jsmith's proposal in a different thread (Re: How to cancel page loading in WebView? I do the following:
  - Based on the location of the link clicked, I decide if it has to be opened in place, in a new tab, or in a sort of popup pane (similar to a sheet window in MacOS/X as a fake modal dialog attached to the top of the window).
  - To achieve this, I implement a locationProperty listener using "locationProperty().addListener".
  - Inside the listener I use "getLoadWorker().cancel()" to stop the current engine from loading the url ...
  - ... and load that url in a new tab or the popup pane.
  This works fine, but when I return from the other tab or close the popup pane, the location property listener won't fire any more.
  The same applies if I cancel in a stateProperty change listener.
  Workaround:
  As a workaround I can refresh the page using "getEngine().reload()" in a "Platform.runLater" thread, but the flickering is really ugly.
  Analysis:
  It looks as if the cancel comes too late. The first opportunity to capture the click on a link seems to be "getLoadWorker().stateProperty()" where "Worker.State" is "SCHEDULED"; after that fires the listener on "locationProperty()". In either case "getLoadWorker().cancel()" seems to invalidate the listeners.
  I have experimented with another development platform which also uses Webkit. There it's possible to truely cancel out before a link is loaded. So it should be possible in JavaFX as well...
  Question:
  Does somebody know how I can capture the click on a link without redeveloping the web application (which I can't)?
  Cheers,
  Thomas

  If, after calling getLoadWorker().cancel(), you no longer receive location change notifications upon further clicks on links, it looks like a bug. Feel free to file an issue with Jira.
  However, it is probably too fragile to rely on the location property and the cancel method in your case, due to asynchronous nature of page loads.
  Look at the WebEngine.createPopupHandler property. The popup handler will only be called if the page decides that a new window needs to be created, so it may not be able to help you fully solve your problem, but it may be worth a try.
  Otherwise, consider the approach suggested by irond13. Install DOM event listeners on link objects (<a> tags) and do whatever you want in response to click events. You can do it solely in Java, see Re: Controlling what happens when a user clicks on a hyperlink in a WebView and Re: Communicate from WebView to JavaFX scene for details and example.
  Finally, if you do think a more direct callback on WebEngine is a necessity, consider extending http://javafx-jira.kenai.com/browse/RT-17073 or filing a new feature request.

• TS4002 I'm getting an error message when I try the click on a link in an email. No associated application could be found. How do I fix this problem?

  I'm getting an error message when I try the click on a link in an email. No associated application could be found. How do I fix this problem?

  Is this a one-off or a general problem? If a one-off, is it a link to a web page or something else? If not a web page, try control-clicking on it and choosing to download the linked file. This will at least access the file though it might be to something you don't have an application to open with. If you do this, what sort of file do you get? - select it and hit command-i to get information on it.

• LDAP Authentication Listing the users

  Hi,
  Iam new to OBIEE. I have LDAP authentication added to my repository.Please let me know how i can get the list of users in LDAP on to my OBIEE Presentation Catalog and Users so that I can classify them into various groups and add security feature.

  If your user groups are held in LDAP you can pull them in as part of the authentication block my mapping the attribute to the GROUP variable.
  Basic principle of using those groups and how the RPD interacts with presentation catalogue is explained well here :
  http://obieeblog.wordpress.com/category/obiee/obiee-security/

• Ldap authentication not working for Solaris 8 host - Help!

  Greetings folks,
  I just recently migrated a host to use LDAP authentication. The only difference between this host and the rest of the hosts in the environment that I've converted to use LDAP is that this one is running Solaris 8.
  Here's the steps I took to migrate it (though, I used the same steps for another Sol8 host in another environment and it works fine):
  ldapclient -P stg -d mydomain.com -D cn=proxyagent,ou=profile,dc=mydomain,dc=com -w secret 192.168.1.69
  My /etc/nsswitch.conf looks like this:
  passwd: files ldap
  group: files ldap
  My /etc/pam.conf looks like this:
  login auth requisite pam_authtok_get.so.1
  login auth required pam_dhkeys.so.1
  login auth sufficient pam_unix_auth.so.1
  login auth required pam_ldap.so.1
  sshd auth requisite pam_authtok_get.so.1
  sshd auth sufficient pam_unix_auth.so.1
  sshd auth required pam_ldap.so.1
  other auth requisite pam_authtok_get.so.1
  other auth required pam_dhkeys.so.1
  other auth sufficient pam_unix_auth.so.1
  other auth required pam_ldap.so.1
  passwd auth sufficient pam_passwd_auth.so.1
  passwd auth required pam_ldap.so.1
  I've also cleared out the local user accounts for my human users, so there aren't any more passwd or shadow entries (yes, I ran pwconv). I also cleaned out the /etc/group entries for the same users. The machine appears to be configured properly, because I can run various DS commands that indicate this:
  hostname# getent passwd user1
  user1::1001:1001:User 1:/opt/home/user1:/bin/bash
  hostname# ldaplist -l passwd user1
  dn: uid=user1,ou=people,dc=mydomain,dc=com
  shadowFlag: 0
  userPassword: {crypt}(removed)
  uid: user1
  objectClass: posixAccount
  objectClass: shadowAccount
  objectClass: account
  objectClass: top
  cn: user1
  uidNumber: 1001
  gidNumber: 1001
  gecos: User 1
  homeDirectory: /opt/home/user1
  loginShell: /bin/bash
  However, in the end, actual logins to this host fail via ssh. Snooping the traffic reveals that all the right info is being handed back to the client, including the crypt'ed password hash, uid, etc. just like I see with other hosts that work.
  Any ideas?
  Thanks!
  Patrick

  I assume you have applied lastest kernel patch and 108993 to this Solaris8 machine, and its nss_ldap.so.1 and pam_ldap.so.1 are the same as the other Solaris8 LDAP clients that are working for ssh via LDAP auth.
  1) Please replace "objectClass: account" with "objectClass: person", I know SUN ONE DS5.2 likes "person".
  2) Did you test and verify telnet/ftp/su working? but SSH not working?
  3) If telnet/ftp/su all worked, and SSH (SUN-SSH or OpenSSH), make sure you have "UsePAM yes" in sshd_config and restart sshd.
  4) It is not a must I think but normally I will add "shadow: files ldap" to /etc/nsswitch.conf, restart nscd after that.
  5) Whenever ldapclient command is run and ldap_cachemgr is restarted, I usually also restart nscd and sshd after that, if not testing result may not be accurate as nscd is still remembering OLD stuffs cached which could be very misleading.
  6) You may use "ssh -v userid@localhost" to watch the SSH communications, on top of your usual "snoop"ing of network packets.
  7) Use the sample pam.conf that is meant for pam_ldap from Solaris 10 system admin guide with all the pam_unix_cred.so.1 lines commented out. This works for me, there is no sshd defintions as it will follow "other".
  http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
  Gary

• Set a default LDAP domain if the user does not specify one during logon

  We are using LDAP authentication. We have setup the repository to have 3 LDAP servers, with the following domain identifiers: PUBLIC, AGENT, CORPORATE. We would like to default the domain to PUBLIC for external users, so they do not need to provide a domain. AGENT and CORPORATE users would still specifiy the domain. Is there a way to do this? I've tried setting the USER variable in an init block using the following sql.
  Init block 1 - populates the USER session variable to prepend with PUBLIC if not specified
  select (CASE WHEN substr(':USER',1,instr(':USER','/')-1) is NULL then 'PUBLIC/'||':USER'
  ELSE ':USER'
  END)
  from dual
  Init block 2 - LDAP authentication - populates the EMAIL and UID session variables
  mail = EMAIL
  uid = UID
  Because I've defined the USER variable in the previous init block, I can't return the uid into the USER variable. This caused it to think that authentication was successful, and it allows you to login with valid LDAP users, but it will take any password you provide.
  ideas?

  Yes, I have done that. I have removed all other init blocks, and now have just the two. Init block 1 - set the value of the USER_TEMP variable, and init block 2 - the authentication init block. The authentication init block is marked as required for authentication, and the other init block must precede it. It is still allowing a user to login successfully under PUBLIC, when they are not a public user. If I explicitly login as PUBLIC/<user> it fails, as I would expect. But when I login as <user> it is successful. Which is not correct. I've checked in Answers that the variable USER_TEMP is being set to PUBLIC/<user>. So, I'm still confused as to why the LDAP init block is allowing it to go through.
  Edited by: user10603068 on Jun 9, 2010 7:26 AM

• Cisco support LDAP Authentication - Multiple Domains

  Hi,
  I want to change the LDAP authentication as the multiple domains and my Windows AD environment is the child trust, that mean the root DC is the "abc.com", which have the two child DCs, e.g. "us.abc.com ", "uk.abc.com"
  Is it possible I just changed the LDAP auth. with user search space as the root DC is fine?
  OR
  I must use the "userPrincipalName" ?

  But it had the collision SAMAccountName, that would have the same account name between the us.abc.com and uk.abc.com. 
  If I changed the "userPrincipalName" LDAP sync to CM, how about the Jabber login?

• LDAP Authentication / User-Role in a database (Weblogic Security)

  Hi,
  I would like to configure the Authentication with an LDAP Server (LDAP Authenticator) and the mapping between users and roles in an external database.
  I saw the following post, http://biemond.blogspot.com/2008/12/using-database-tables-as-authentication.html.
  According to the previous post, I created an LDAP Authenticator (trying to use embedded LDAP) and a SQL Authenticator.
  The problem is that it doesn't uses LDAP Authentication, it only uses SQL Authentication.
  I'm looking for a solution where password would remain in the LDAP Server and the username/role mapping would be in the database tables.
  Consider I'm using WLS 10.3 and JDeveloper 11g.
  Any suggestions?
  Thanks in advance,
  Olga

  Hi,
  Check following forum thread.
  Re: custome role maper example
  Regards,
  Kal

• XI 3.1 Client Tools and LDAP Authentication

  I have Business Objects XI 3.1 SP2 installed.  For the web clients (InfoView) single sign on and LDAP authentication are working correctly.  However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
  [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
  Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?

  Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
  Take a look at note 1272536 (http://service.sap.com/notes)
  Regards,
  Stratos

• LDAP Authentication "Network Accounts Unavailable" on 10.8

  Hello,
  We've been successfully authenticating against our LDAP servers on our 10.6.8 machines without any problems. I've setup a test machine running 10.8 to see if we will have any issues when it comes time to upgrade our lab OSs. I setup our LDAP authentication on the machine as per our usual methods. I get the "Green Light" in the Users/Groups preferences pane that our LDAP server is found. I can search through our LDAP users in the Directory Editor and I can access LDAP user accounts through terminal.
  My problem is at the login screen it tells me "Network Accounts Unavailable". This seems contradictory as when I'm logged into a local account, I can access our LDAP server. It seems to work everywhere except at the login screen.
  I've tried this openLDAP fix: http://iwatts.blogspot.ca/2012/01/osx-1072-openldap-authentication.html
  No luck.
  Any ideas?

  I see the same problem as a result of having the same UID number for both my local account and my LDAP account although the account names are different.  It appears that upon providing the correct login/password  to the LDAP server, 10.8 looks at the returned UID , identifies it as the same as a local UID and then rejects the login. 
  A security measure I want to work around but perhaps there is a better way of accessing both my local and LDAP accounts but keeping it as easy as it would be if both accounts had the same UID.

• Configuring LDAP authentication

  I've configured my weblogic 6.0 server to use LDAP authentication. The LDAP server
  is NDS.
  Using the wl console, I can see users and groups from the LDAP server.
  I then added security constraints to my war file (in web.xml and weblogic.xml
  (see attached)
  When I try and access my web from the browser, I get challenged and the userid/pwd
  is not accepted and eventually fails.
  How do I figure out what is going wrong ? There are no diagnostics :(
  Regards,
  Mike
  [security_constraints.txt]

  Adding wls60sp1_ldap.zip to the classpath made no difference at all.
  How do I figure out what is goping on ?
  The access logs on the LDAP server suggest that part is working but the authentication
  still fails.
  "Ilango Maragathavannan" <[email protected]> wrote:
  >
  Veena,
  It is available in the download center in the site as an upgrade
  patch.
  Ilango
  "veena" <[email protected]> wrote:
  hi Ilango,
  I have wl6.0 sp1. and I cannot find the jar that you are talkingabout.
  I also downloaded the sp1 from bea and installed it and tried to find
  the
  jar file, but did not find any. Could you send it to me or post itattached
  to this post.
  Can anyone from bea point me to a document containing all the jars
  that
  are supposed to exist in you bea lib directory.
  Thanks for your help.
  Veena.
  "Ilango Maragathavannan" <[email protected]> wrote in message
  news:3af85c30$[email protected]..
  Check if you have the file wls60sp1_ldap.jar in the classpath in thestartup script.
  This file comes with the service pack 1
  Ilango
  "Mike Westaway" <[email protected]> wrote:
  I've configured my weblogic 6.0 server to use LDAP authentication.
  The
  LDAP server
  is NDS.
  Using the wl console, I can see users and groups from the LDAP server.
  I then added security constraints to my war file (in web.xml andweblogic.xml
  (see attached)
  When I try and access my web from the browser, I get challenged andthe
  userid/pwd
  is not accepted and eventually fails.
  How do I figure out what is going wrong ? There are no diagnostics:(
  Regards,
  Mike

• Problem in LDAP Authentication

  Hi All,
  Iam new in LDAP.I developed a web application using Form Based Authentication. I deployed the web application in Weblogic R3 Application Server. I want my web application to authenticate using LDAP Users. I configured LDAP V3 in weblogic server. I am getting LDAP users as "orcladmin" and "PUBLIC" through LDAP Authenticator in the console. But when iam authenticating using "orcladmin" in web application, i am unable to authenticate. I defined the principal name "orcladmin" in weblogic.xml. Can any solve my problem or suggest me any link regarding how to design the webapplication to authenticate using LDAP Users or Any tutorial to learn LDAP and use it in the web application. Thanks in Advance for the help.

  If you are using ADF Security, you must do the mapping in the jazn-data.xml by "creating" OCS_PORTAL_USERS role in jazn-data realm, and mapping it to application role CN.
  You should also have something like this in web.xml
  <security-constraint>
          <web-resource-collection>
              <web-resource-name>adfAuthentication</web-resource-name>
              <url-pattern>/adfAuthentication</url-pattern>
          </web-resource-collection>
          <auth-constraint>
              <role-name>valid-users</role-name>
          </auth-constraint>
      </security-constraint>
      <security-role>
          <role-name>valid-users</role-name>
      </security-role>
  {code}
  - and in weblogic.xml
  {code:xml}
  <security-role-assignment>
      <role-name>valid-users</role-name>
      <principal-name>users</principal-name>
    </security-role-assignment>
  {code}
  And, regarding creating users in OID, check out the  [Java API for Oracle Internet Directory|http://lbdwww.epfl.ch/f/teaching/courses/oracle9i/network.920/a96577/oid_java.htm], and search the forums for 'create user in OID' or something similar, you could find some info.
  Pedja                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Unsetting LDAP authentication.

  After ssolocal.sql script is applied to db to unset LDAP authentication, received the following error:
  Error:
  Authentication failed. Please try again. (WWC-41419)

  This indicates that the password you entered was wrong. Please note that the passwords you are using in LDAP mode do not get synchronized to the Login Server for local authentication, so what is on the Login Server would have been the original passwords assigned in Local mode.