Restricting access using groups pulled from OID Authenticator

Similar Messages

• Restricting access by group

  I have a vpn set up on my PIX with two vpngroups - one for my wireless employees and one for my wireless visitors. I have a visitor account set up in my radius server that is used for authentication to the visitor group. Both groups are set for authentication via radius. My problem is that I do not want a visitor to be able to use that account to authenticate using the wireless employee profile. Is there a way that if I can configure my radius server to put the visitor account in a group - that I can restrict access on the pix when someone tries to log on from this group? Help - any suggestions on how to handle this issue will be greatly appreciated!

  This is possible I guess. Heres are a couple of white paper which could have some info.
  Network Access Restrictions White Paper
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml
  Securing ACS Running on Microsoft Windows Platforms
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00800887d8.shtml

• How can we retrieve the Group name from oid?

  Hi:
  In following request object, we can get all the user related information from oid except group name where a particular user belongs to.
  For instance user id, first name, last name and email etc but we could not get the group name.
  PortletRenderRequest pReq = (PortletRenderRequest)
  request.getAttribute(HttpCommonConstants.PORTLET_RENDER_REQUEST);
  pReq.getUser()……
  Please advice, how I we get the hold of group name from orcldefaultprofilegroup (oid)?
  I would really appreciate your reply.
  Thank you.
  - Ali Raza.

  I am not sure about the PDK API to get the group name. But using LDAP API its easy to get the User Group.
  If you find the answer to get the group name using PDK API, Please update in forum. It will really help others.
  --Balaji S                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

• Restrict access using PHP

  Hi,
  I created a PHP/MySQL site useing Dreamweaver CS3. I created a set of pages that display, add and edit manes in a database, this is working fine. When I add Restrict Access to the pages every time I go to a new page I am taken back to the login page. Is there a way to fix this problem?
  Thanks,
  Bob

  Hi,
  After logging in I am sent to the correct restricted access page, that part works. From that page when I try to go to another restricted access page I am sent back to the login page, I login again and I go to that page. Every time I try to go to another restricted access page after login I get sent back to the login page
  Thanks
  Bob

• Dynamic Group pull from static group

  We've been restructuring our distribution groups to utilize dynamic groups for some areas.  We're finding this minimizes the amount of confusion and management we have to perform on the groups.
  What I'd like to know is if it is possible to create a dynamic group that pulls from a static group.  An example, we have a static group made up of all members of a specific group.  What I'd like to accomplish, is to create a dynamic group that
  would pull from members from this group based on their Job Title.  Example: Static Group members with Title Partner

  According to this document, MemberOf is a filterable property.  You're welcome to give it a try.
  https://technet.microsoft.com/en-us/library/bb738157(v=exchg.150).aspx
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Groups vanish from OID when a new middle tier is installed for Portal - URGENT

  gurus,
  we had the following portal environment -
  1. database tier (sun box #1) - oracle 9i database
  2. middle tier (sun box #2) - oracles 9iAS portal Release 2 with webcache option
  now, we installed 9iAS on a third box (sun box#3) so we can have multiple apache servers.
  after the install was done i logged into the portal to do a health check but, found that all the groups were missing.
  i had following groups before bringing in sun box#3 -
  GRP_ADMIN
  GRP_BASE_USER and many others.
  after the installation of third server i lost all the groups. it looks like the groups vanished away from the OID. i found the following -
  Owner.Table Groups exist ?
  (Y / N)
  PORTAL.WWSEC_GROUP$ Y
  ORASSO.WWSEC_GROUP$ N
  could anyone reply on this pls ... its very critical cause all the user privileges has been lost due to this.
  thanx a bunch.

  Hi,
  Just to close off this thread, I got this portal installation working. I think what made it work was adding an additional 512MB of memory to the machine in addition to the original 640MB.
  Jim

• How can I restrict access to cloud storage from Creative Cloud? We don't want our users putting files outside the organization.

  We need to restrict our users from storing files outside the organization. How can we restrict this capability?

  They have Cs6, however I need to have my own copy, and the highest I can go with my system is CS5, maybe even 5.5. I've a small budget, and most copies are being sold for massive amounts because they're like collector items. I've seen the ones actually affordable within my range from sellers that arent trustworthy, or they're updates which I can't use. I had Cs2, but with updates to operating systems they stopped working. Thank you for your kind assistance.

• User/group overview from OID

  Hello,
  I am wondering if there is some/method available to produce a tree overview of all groups and users which are administered in OID. I have an Oracle Portal environment and I need to be able to specifiy a list of all users and groups they are in.
  Ofcourse I can just do a ldapsearch, but I wonder if anybody knows if there are tools to do this. Preferreable I'd like to export to XML.
  Thanks in advance,
  Albert

  Try this configuration guide for group assignment RADIUS server:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063b318.html#wp1543772

• Applied for freedom 7/1, Chase used credit pull from 6/6?

  Ok so I applied for freedom 7/1, denied for various reasons, understood. I received denial letter today outlining EX score decision based on was 656 calculated as of 06/06. As of 07/01, my experian was over 700 after paying off massive balances. I called recon back stating the same but they only blamed it on EX which can not be true. I assume that is because I have an existing slate card, similar to Amex with the one month lag. The senior analyst offered another hp due to my claim, but I declined as it may very well be the same June report.
  I'm ok with being denied, but being denied for a report that is not even up to date does not sit right with me, especially when I'm hit with a July HP. Thoughts or suggestions?

  trant3 wrote:
  Ok so I applied for freedom 7/1, denied for various reasons, understood. I received denial letter today outlining EX score decision based on was 656 calculated as of 06/06. As of 07/01, my experian was over 700 after paying off massive balances. I called recon back stating the same but they only blamed it on EX which can not be true. I assume that is because I have an existing slate card, similar to Amex with the one month lag. The senior analyst offered another hp due to my claim, but I declined as it may very well be the same June report.
  I'm ok with being denied, but being denied for a report that is not even up to date does not sit right with me, especially when I'm hit with a July HP. Thoughts or suggestions?Wait 90 days and reapply if you really want it. Perhaps wait until the bonus is $200 again.

• Restrict access to particular websites in OS X Server 10.3

  Hi!
  Is there any way to restrict access to particular websites from the MAC OS X 10.3 server directly?
  Thanks!

  Restrict in what way?
  Limit access to specific client IP addresses?
  Require a username/password to access content?
  The former can be done, but requires manual tweaking of the config file (and may block subsequent editing via Server Admin).
  For the latter, use Server Admin -> (server) -> Web -> Sites -> (site) -> Realms to define a realm, then specify the users that can access the directory.
  Note that latter doesn't prevent someone sniffing the network to gain credentials to view the content - for that you need to couple the site with SSL encryption.

• Restricting access of site collection admin

  I have a group of three people in the site collection administrators group.  How do I restrict access to certain content from this group?  These are technology people and we have confidential finance and HR material that they are not authorized to see.  It seems no matter what the security is set at, these people can still see the content.  Please help.

  Hi Milissa,
  An old post, however for reference of anyone finding it, this can now be solved in SharePoint 2010 and SharePoint 2013.
  There is a security module that blocks site collection administrators from viewing sensitive content. More information is available here: https://www.berkeleyit.com/enterprise-security-services-platform-for-sharepoint/
  [At the time of writing] The second video on the right shows this functionality.
  Hope this helps,
  Scott

• ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

  Hi All,
  I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
  The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
  There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
  The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
  I can only do an all or nothing scenario.
  It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
  Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
  Scenario 2 would be an ideal longer term solution.
  Any thoughts, ideas or assitance would be greatly appreciated.
  Cheers

  This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
  assert(function()
     if ( (type(aaa.ldap.distinguishedName) == "string") and
          (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
  then
         return true
     end
     return false
  end)()
  from the debug dap you can see what Users relates to;
  DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
  My admin account fails to get me in to the same profile:
  DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
  Thanks
  Andrew

• How to pull groups from more than one OU using weblogic "All Groups Filter" from AD.

  Hi,
  Please help me for pulling groups from more than one OU using weblogic "All Groups Filter" from AD.
  AD structure is:
  c001639domain.local
         ||
         ||
      OU=Security_Groups
                    ||
                    ||
                    >> OU=CORP_ECM---> n number of group
                    >> OU=CORP_hodata--> n number of group
                    >> OU=CORP_citrix--> n number of group
                    >> OU=CORP_driver --> n number of group
                    >> OU=CORP_temp --> n number of group
  Requirement is i want to filter groups from OU=CORP_ECM and OU=CORP_hodata.
  Thanks,
  Jagan.

  I used below option but its not working getting zero groups.
  (&(objectClass=group)(|(ou=CORP_ECM,dc=Domain,dc=com)(ou=CORP_hodata,dc=c001639domain,dc=local)))

• Problem with Restrict Access to Page with access level using ASP

  I'm using Dreamweaver CS3 with ASP-VBScript and an Access
  database. The pages were created from scratch for this project,
  using those tools all the way through.
  I've created a login page, an admin homepage, and add, edit,
  and list records pages for three tables. The login page uses the
  Server Behavior "Log in User", all other pages use the Server
  Behavior "Restrict Access to Page". All of these are based on an
  Access Level.
  Login seems to work correctly, and redirects to the admin
  homepage. From the admin homepage, I can open any other page as
  expected, and they initially display correctly. On the add and edit
  pages, however,
  submitting the form often results in getting logged out, but
  not always.
  Once this happens, I can log back in, but other problems will
  sometimes occur during that second login session. Sometimes,
  logouts will occur on pages that worked fine during the first login
  session. Sometimes, another session variable that I've setup
  manually will change when it shouldn't...as if there were two
  values stored for my session variable, and reloading the page
  changes to the other value.
  This
  post seems closest to my experience, but it doesn't look like
  there was really an answer beyond "I had to fight with it for a bit
  to get it to work":
  I suspected that there is some problem with session settings
  on the server. We have an almost identical tool on the same server
  that was developed with an older version of DW that works more
  reliably; it sometimes has problems with the initial login, but
  never has a problem after that.
  Has anyone experienced problems like this? Any suggestions
  for what to check? I'm really pulling my hair out since it's so
  unreliable...the kind of problem that goes away when you try to
  show someone and comes back when they leave.

  Hello,
  I was thinking that all I would need would be the username, although username and paswsword would be more secure.  There are about 50 users and no groups or levels.  They are all equal ... same level.
  The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held.  I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
  I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
  Any assistance greatly appreciated.
  thanks.

• Restrict Access to Page Using a password.php Instead of Server Behavior

  I previously used "log in" and "restrict access to page" server behaviors for my client portal when I only had one client. I had my username and password stored in mySQL database. I recently have gained more clients that all needed to be redirected to their own customized landing page when logged in. Because of this, I used a password.php to store the usernames and passwords and to redirect to different pages. Now, I am wondering how I can restrict access to these pages (i.e. someone won't be able to access the pages by typing the url) since I will not be connecting to a database anymore.

  I'm also confused by your statements.
  >Now, I am wondering how I can restrict access to these pages
  >(i.e.  someone won't be able to access the pages by typing the url)
  >since I  will not be connecting to a database anymore.
  It doesn't matter where you store the credentials - database or php file - the techniques for restricting access will be similar. I really don't understand why you moved away from the database when you got more clients. The more data you need to manage, the more reason to store it in a database.
  After logging in, most sites direct users to the same page, yet pull user specific data from the database. If for some reason you can't do this and need to built individual pages for each client, then store the 'landing' page for the client in the php file or database. Restrict access to each page by comparing the logged in name with an allowed login name. Or a more dynamic approach would be to dynamically pass the page name to a database query that validates that it's ok for the logged in user to access.
  Also, these questions are more appropriate for the app dev forum.