Role in Portal6.1/Identity Server 6.0

I created a role in Identity Server, and assigned myself to the role. When I browse my entry in the LDAP, I do not see any nsRole attribues , nor do I see the role definition. This also applies to the roles that came installed with IS such as People Admin, Top-Level Admin Role. If I create a group in the Identity Server, the group shows up fine in the LDAP. Is there something wrong with the configuration?

I think I know why it is not showing up now. Because the nsRole attributes are virtual attributes, they are computed and not stored in the entry so an ldapsearch will not return any result. But if I use the directory server console, they do show up. My next question is that if I want to put hundreds or thousands of users in a role, and since Identity Server does not support Filtered Role, I would have to write a script to add the users to the role using command line. is this correct?

Similar Messages

  • Role Delegation in Identity Server 5.1

    Have anyone try to set two adminitrators in Identity Server 5.1 say Admin-A & Admin-B so that Admin-A can only add/del Role-A to all user and Admin-B can only add/del Role-B to all user?
    Moreover, is it possible that users created by Admin-A can only remove by Admin-A and users created by Admin-B can only remove by Admin-B given that all users is in the same people container?
    Thanks,
    Clive Chan

    Yes it is possible to setup a delegation model like that ..
    This documentation should have been added to that identity server unfortunately it had been left out.
    Anyway the same documentation is provided in the link below ..
    http://docs.sun.com/source/816-6359-10/dadmadm.html#26847
    Note: this documentation is for portal server but portal server uses identity server as its infrastructure and is actually a service that sits on the identity server ..
    HTH ..

  • Identity Server - orcladmin access rights

    Hi,
    I have created the identity server which points to the directory server and have marked orcladmin as the master administrator. When I login into the Identity Server using the orcladmin user and try to create users, the message Insufficient Access Rights is displayed in red. Any idea why this might be happening.
    TIA
    Rgds..VJ

    Thanks..Working now
    Just one basic question - Are these workflows configured as per the role given e.g. create user basic profile is tagged to the identity administrator role ? So can we configure only a predefined set of workflows which automatically get mapped to the roles available ?
    Tks...VJ

  • Java docs for identity server API's(API specification)

    Hi all,
    1) I want to conect to the identity server from a remote machine
    2) create a new user under some tree in dir server and
    3) then assign a role to him.
    For the same i was trying to see what are the API's provided,where can i get the api docs for identity server.Please help
    TIA
    Rohith

    javadocs are in the javadocs.jar file which I think is in /IS_ROOT/SUNWam/export
    Steve

  • Protect ad odument using identity server

    How can i protect a *.html that it is deploy in the application server using the identity server?
    I mean if you got a html en /sp1/hoja.html and you want to ask for the auth to see the person who wants to access it, what can i do?
    I must only create a policy in the identity or i must install a police agent web o j2ee.

    To secure a resource that has been deployed to the application server (let say as an EAR file) you need to do the following:
    - define the secured resources in your web.xml file
    - define the authentication method in your web.xml file
    - in the sun-application.xml file link the role to a group that represents a group in Ldap for example

  • RBAC with Identity Server

    Right now I'm writing my final thesis.
    I have developed a model for role-based access control and now I'm conducting a short evaulation of Identity Server to see how well it handles my model.
    It's obvious Identity Server is highly expandable to suit the most needs anyone can have, BUT with some/much effort in developing plug-ins.
    Have I missed something here? Where do I configure which rights a role has got?
    Does anyone know of any documents describing RBAC with Identity Server or is RBAC just a nice buzz-word for the White papers?
    best regards,
    Peter

    Two ways to enforce the permissions:
    Policy Agents
    ssoToken Properties
    from:
    http://docs.sun.com/source/816-6774-10/prog_sso.html#wp36428
    A policy agent polices the web container on which a protected resource lives by enforcing a user�s assigned policies. They are an integral part of the cross-domain SSO functionality. Two types of policy agents are supported by Identity Server: the web agent and the J2EE/Java agent. The web agent enforces URL-based policy while the J2EE/Java agent enforces J2EE-based security and policy. Both types are available for installation separately from Identity Server and can be downloaded. Additional information can be found in the Sun ONE Identity Server Web Policy Agents Guide and J2EE Policy Agents Guide . General information on the Policy Service can be found in Chapter 7, "Policy Service," of this manual:
    http://docs.sun.com/source/816-6774-10/prog_policy.html#wp27085
    ssoToken Property
    Access the session object called ssoToken that contains Role and Service for the logged in user.
    from
    http://docs.sun.com/source/816-6774-10/prog_sso.html#wp36428
    /* get the sso token from http request */
    SSOToken ssoToken = SSOTokenManager.getInstance().createSSOToken(request);
    String appValue = ssoToken.getProperty(appPropertyName);
    more:
    http://docs.sun.com/source/816-6774-10/prog_intro.html#wp19687
    david.

  • Custom Authentication Module on Identity Server

    Hi,
    I have a custom authentication module which I am trying to access through the policy agent.
    I have set the following property in AMAgent.properties file
    com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
    My login module code is something like this:
    package com.iplanet.am.samples.authentication.providers;
    import java.util.*;
    import javax.security.auth.Subject;
    import javax.security.auth.callback.Callback;
    import javax.security.auth.callback.NameCallback;
    import javax.security.auth.callback.PasswordCallback;
    import javax.security.auth.login.LoginException;
    import com.sun.identity.authentication.spi.AMLoginModule;
    import com.sun.identity.authentication.spi.AuthLoginException;
    import java.rmi.RemoteException;
    import java.io.FileInputStream;
    import java.util.Properties;
    public class LoginModule1 extends AMLoginModule
    private String userName;
    private String userTokenId;
    private HashMap usersMap;
    private java.security.Principal userPrincipal = null;
    public LoginModule1() throws LoginException
    public void init(Subject subject, Map sharedState, Map options)
              System.out.println("LoginModule1 initialization");
              usersMap = new HashMap();
              ResourceBundle bundle = ResourceBundle.getBundle("users");
              Enumeration users = bundle.getKeys();
              while (users.hasMoreElements())
                   String user = (String)users.nextElement();
                   String password = bundle.getString(user.trim());
                   usersMap.put(user, password);
    public int process(Callback[] callbacks, int state) throws AuthLoginException
              int currentState = state;
              if (currentState == 1)
                   userName = ((NameCallback) callbacks[0]).getName().trim();
                   char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
                   String passwdString = new String (passwd);
                   if (userName.equals(""))
                        throw new AuthLoginException("names must not be empty");
                   if (userName.equals("testuser") && passwdString.equals("testuser"))
                        userTokenId = userName;
                        return -1;
                   if (usersMap.containsKey(userName))
                        if (usersMap.get(userName).equals(new String(passwd)))
                             userTokenId = userName;
                             return -1;
                   return 0;
         public java.security.Principal getPrincipal()
              if (userPrincipal != null)
                   return userPrincipal;
              else
              if (userTokenId != null)
                   userPrincipal = new SamplePrincipal("testuser");
                   return userPrincipal;
              else
                   return null;
    So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
    2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
    2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
    2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
    2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
    2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
    2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
    2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
    2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
    2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
    2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
    2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
    The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
    Thanks
    Srinivas

    Does the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
    I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
    I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
    so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why.

  • Is Distributed Transaction Coordinator services of the application role are required by SQL Server 2012 for clustering and support of SharePoint 2013.

    All I want to know is if Distributed Transaction Coordinator services of the application role are required by SQL Server 2012 for clustering and support of SharePoint 2013.
    I have been planning and deploying my companies first Windows Server 2012/SQL Server 2012 Always On cluster and Always On Availability Groups Multi-Subnet cluster and instances for SharePoint 2013, and I will be brutally honest, the documentation on either
    the MSDN and TechNet leave alot to be desired. Continually finding links in the documentation will take me from a Windows 2012 reference to a page talking about Windows Server 2008 or R2, The differences of which there are so many when it comes to configurations,
    settings, roles, services when working with SQL Server 2012. I have been confused, frustrated, screaming mad, with all the misdirection in this documentation.  The documentation takes me windows 2008 R2 which is different than 2012!
    Tired and trying to pick myself up off the floor!
    Greg
    Gman

    In general, DTC is not required for SQL 2012.  But, since you are asking specifically about SharePoint, it would be better to ask in a SharePoint forum.  They would be more likely to know those situations where FTC might be needed by SharePoint. 
    .:|:.:|:. tim

  • Getting error in starting identity server and access server in OAM

    Hi all,
    Am new to OAM . now am try to do sso for two different resources . i completed installations but now the error is the while starting the identity server the error is "*oracle access manager identity server services on local computer started and then stopped .some services stop automatically if they have no work to do , for example, the performance logs and alters service* ". and while starting access server the error is "*could not start the oracle access manager access server service on local computer. error 1067: the process terminated unexpectedly* " any one please give me solution for this error

    Hi Pokuri,
    Perhaps the Identity Server's oblog.log file has some helpful information in it. One possibility: is the ldap server that the Identity Server uses up and running (and visible on the network)?
    Regards,
    Colin

  • Integrating portal/identity server with netegrity siteminder?

    Has anyone integrated identity server/portal server with Netegrity Siteminder for single sign on?
    Both products seem to support SAML and the Liberty Alliance project. Can a new auth module in the identity server just exchange the appropriate messages to create a single sign on token in netegrity and then validate the token on each request?

    We are running Identity Server 6.1 on Solaris.
    The logs are in /var/opt/SUNWam/debug/
    The most useful one is amAuth. You might also want to look at amAuthInternal, amSession, amAuthLDAP, and amAuthContext.
    If you are seeing these, checkout AMConfig.properties (in /opt/SUNWam/lib). It should have the log level set to warning or message for you to get all these logs. Here's the setting from my AMConfig.properties:
    com.iplanet.services.debug.level=warningPS Sorry for the unix paths, but hopefully they map closely to the windows directories.

  • Identity Server has not been configured for this new user/group suffix

    Hi all
    I am having a problem trying to configure the Directory Server (5.2) for Messaging Server.
    My configuration is as follows:
    SJES Q12005
    Server 1 - Directory Server 5.2
    Server 1 - Access Manager (formerly Identity Server)
    Server 1 - Web Server 6.1
    I have successfully installed the above and can login to Access Manager.
    I next installed Calendar & Messengar Server on "Server 1". Upon running "comm_dssetup.pl" from /opt/SUNWcomds/sbin, I get the following error:
    "Identity Server has not been configured for this new user/group suffix"
    Copy and paste of what I entered:
    bash-2.05# perl comm_dssetup.pl
    Welcome to the Directory Server preparation tool for
    Sun Java(tm) System communication services.
    (Version 6.3 Revision 1.0)
    This tool prepares your directory server for use by the
    communications services which include Messaging, Calendar and their components.
    The logfile is /var/tmp/dssetup_20050830165940.log.
    Do you want to continue [y]:
    Please enter the full path to the directory where the Sun ONE
    Directory Server was installed.
    Directory server root [var/opt/mps/serverroot] : /opt/mps/serverroot
    Please select a directory server instance from the following list:
    [1] slapd-sunldap
    Which instance do you want [1]:
    Please enter the directory manager DN [cn=Directory Manager]: cn=DirMan
    Password:
    Detected DS version 5.2
    Will this directory server be used for users/groups [Yes]:
    Please enter the Users/Groups base suffix [dc=samplecompany-dev,dc=co,dc=uk] : ou=infrastructure,o=sampletown,dc=samplecompany-dev,dc=co,dc=uk
    There are 3 possible schema types:
    1 - schema 1 for systems with iMS 5.x data
    1.5 - schema 2 compatibility for systems with iMS 5.x data
    that has been converted with commdirmig
    2 - schema 2 native for systems using Identity Server
    Please enter the Schema Type (1, 1.5, 2) [1]: 2
    Identity Server has not been configured for this new user/group suffix
    You can opt to continue, but you will not be able to use
    features that depend on Identity Server
    Are you sure you want this schema type? [n]:
    I have entered my user group suffix exactly as specified during the Access Manager install (hence I am able to login as "amadmin").
    Looking at the LDAP logs to try and figure out whats going wrong I see its not getting hits on all searches it is performing:
    [30/Aug/2005:16:41:18 +0100] conn=299 op=159 msgId=161 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
    dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(obj
    ectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscape
    Resource)(objectClass=domain))" attrs="dn"
    [30/Aug/2005:16:41:18 +0100] conn=299 op=159 msgId=161 - RESULT err=4 tag=101 nentries=1 etime=0
    [30/Aug/2005:16:41:18 +0100] conn=299 op=160 msgId=162 - ABANDON targetop=NOTFOUND msgid=161
    [30/Aug/2005:16:41:18 +0100] conn=299 op=161 msgId=163 - SRCH base="ou=people,ou=infrastructure,o=northampton,dc=dataforce-de
    v,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(objec
    tClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscapeRe
    source)(objectClass=domain))" attrs="dn"
    [30/Aug/2005:16:41:18 +0100] conn=299 op=161 msgId=163 - RESULT err=0 tag=101 nentries=0 etime=0
    [30/Aug/2005:16:41:18 +0100] conn=299 op=162 msgId=164 - SRCH base="ou=clientdata,ou=infrastructure,o=northampton,dc=dataforc
    e-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(o
    bjectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netsca
    peResource)(objectClass=domain))" attrs="dn"
    [30/Aug/2005:16:41:18 +0100] conn=299 op=162 msgId=164 - RESULT err=0 tag=101 nentries=1 etime=0
    [30/Aug/2005:16:41:18 +0100] conn=299 op=163 msgId=165 - ABANDON targetop=NOTFOUND msgid=164
    [30/Aug/2005:16:41:20 +0100] conn=299 op=164 msgId=166 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
    dev,dc=co,dc=uk" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates ref aci"
    [30/Aug/2005:16:41:20 +0100] conn=299 op=164 msgId=166 - RESULT err=0 tag=101 nentries=41 etime=0
    [30/Aug/2005:16:41:28 +0100] conn=299 op=165 msgId=167 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
    dev,dc=co,dc=uk" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates ref aci"
    [30/Aug/2005:16:41:28 +0100] conn=299 op=165 msgId=167 - RESULT err=0 tag=101 nentries=1 etime=0
    [30/Aug/2005:16:41:28 +0100] conn=299 op=166 msgId=168 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
    dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(obj
    ectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscape
    Resource)(objectClass=domain))" attrs="objectClass numSubordinates ref aci"
    [30/Aug/2005:16:41:29 +0100] conn=299 op=166 msgId=168 - RESULT err=0 tag=101 nentries=41 etime=1
    [30/Aug/2005:16:41:29 +0100] conn=299 op=167 msgId=169 - SRCH base="ou=iplanetamauthservice,ou=services,ou=infrastructure,o=n
    orthampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectC
    lass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServ
    er)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
    [30/Aug/2005:16:41:29 +0100] conn=299 op=167 msgId=169 - RESULT err=0 tag=101 nentries=1 etime=0
    [30/Aug/2005:16:41:29 +0100] conn=299 op=168 msgId=170 - ABANDON targetop=NOTFOUND msgid=169
    [30/Aug/2005:16:41:29 +0100] conn=299 op=169 msgId=171 - SRCH base="ou=iplanetamauthldapservice,ou=services,ou=infrastructure
    ,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(obj
    ectClass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscape
    Server)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
    [30/Aug/2005:16:41:29 +0100] conn=299 op=169 msgId=171 - RESULT err=0 tag=101 nentries=1 etime=0
    [30/Aug/2005:16:41:29 +0100] conn=299 op=170 msgId=172 - ABANDON targetop=NOTFOUND msgid=171
    [30/Aug/2005:16:41:29 +0100] conn=299 op=171 msgId=173 - SRCH base="ou=iplanetampolicyconfigservice,ou=services,ou=infrastruc
    ture,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)
    (objectClass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=nets
    capeServer)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
    [30/Aug/2005:16:41:29 +0100] conn=299 op=171 msgId=173 - RESULT err=0 tag=101 nentries=1 etime=0
    [30/Aug/2005:16:41:29 +0100] conn=299 op=172 msgId=174 - ABANDON targetop=NOTFOUND msgid=173
    [30/Aug/2005:16:41:29 +0100] conn=299 op=173 msgId=175 - SRCH base="ou=iplanetamauthenticationdomainconfigservice,ou=services
    ,ou=infrastructure,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(
    --More--(83%)
    The list goes on.
    Can anyone give me any pointers?
    Thanks

    Hi
    Thanks for your reply!
    I did mis-type, my mistake - sorry about that.
    If I dont over-ride the default it works, I've pretty much got the whole setup working now but I'm not particularly over the moon about the way the ldap tree is setup, I'd like finer granuality as we are going to attempt to get syncronization working with AD.
    I have an idea about how I'd like to set up our Mail/Calendar/LDAP infrastructure the 2nd time around (I'm just testing at the mo) - so I might have a question or two for you if you dont mind taking a look when you have a minute?
    Thanks Jay

  • Integrating Messaging Server and Identity Server

    I've got JES 2004Q2, and I'm trying to install the various components on different workstations to prove that a) the software works, and b) it's a viable alternative to Exchange (so please please help me get it working!)
    The problem I have is getting Messenger Server and Directory Server talking properly so that I can create users and then log in as those users. After days of frustrating searching for solutions to this problem (and also find people who have successfully done this), I decided to install the components onto one server.
    And it worked. Installing Messaging Server, Identity Server, Web Server (contained for Identity Server), Directory Server, and Admin Server all on the same box, configuring them all to use the same directory server for UG and preferences, running the various configuration tools that come with the software, and it all works together fine. Using "./commadmin domain modify .... -S mail", I get "OK". I can add users with the "-S mail" option, log in as those users, and send emails between those users. So this tells me that the software does work, albeit on one box.
    When I try to separate the services out to separate boxes, they don't seem to integrate properly. I thought that maybe the order in which you configured applications made a difference (ie. configuring Identity Server after Messenger Server means IS will pick up on the changes made to the directory by MS, and enable it). I also tried to see if using the same options directory server from different boxes helped, but nothing. I've even tried patching them using 116568-52 and 116585-10 but no luck.
    Therefore, I've found that installing all servers on one box works, but installing them on separate boxes doesn't (despite using the same directory servers). My conclusion in this is that one of two things must be the case:
    a) there's something in the install that has to be changed to reflect the fact that the services are running on different boxes
    b) the install of the services adds files to the system somewhere which other packages in JES pick up on (hence the reason why installing everything on one box works), and this isn't documented anywhere
    Unfortunately, the output of commadmin when it fails isn't that helpful (nothing against the developers, however it doesn't really help in the fault finding process). I do believe however that the problem is with Identity Server and its configuration, rather than Messaging Server.
    Here's some (possibly) useful info:
    kipling# ./imsimta version
    Sun Java(tm) System Messaging Server 6.1 HotFix 0.01 (built Jun 24 2004)
    libimta.so 6.1 HotFix 0.01 (built 12:52:04, Jun 24 2004)
    SunOS kipling 5.8 Generic_117350-02 sun4u sparc SUNW,Sun-Blade-1500
    kipling#
    (on UG server)
    # ./commadmin domain modify -D admin -w <password> -d uwe.ac.uk -n uwe.ac.uk -S mail -H kipling.uwe.ac.uk
    FAIL
    Unable to set attribute(s)
    (some verbose mode output)
    [Debug]: Contacting : http://bronte.uwe.ac.uk:10080/commcli/TaskManager
    [Debug]: To servlet: task=ModifyDomain&objecttype=Domain&domain=uwe.ac.uk&add_services=mail&add_preferredmailhost=kipling.uwe.ac.uk
    [Debug]: RECV: FAIL
    [Debug]: RECV: Unable to set attribute(s)
    [Debug]: CLITask: status returned =FAIL
    FAIL
    Unable to set attribute(s)
    [Debug]: DBG: doOne returned code=6
    [Debug]: Contacting : http://bronte.uwe.ac.uk:10080/commcli/logout
    [Debug]: Logout ...
    [Debug]: RECV: SSOToken id AQIC5wM2LY4SfcyW5hbVBGXqCdsYYDjVarSFRMd6HIxsGho=@AAJTSQACMDE=#
    [Debug]: RECV: destroyed
    Root suffix: dc=uwe,dc=ac,dc=uk (all "o=" references have been dropped)
    All services have their own local options directory server.
    Can anyone give me any suggestions? If I log a support call with Sun, what is the likely resolution time? My ultimate goal is to get the whole suite running together, then install Portal server. Once that's working, download the connectors for Outlook and get it all working with Outlook. As I said at the start, we're hoping to show this is a viable alternative to Exchange (certainly for the backend) so any help will be greatly appreciated!
    Iain

    slo_chewie wrote:
    Does the email recipient address change when the email is sent to gmail i.e. does an email sent to [email protected] become [email protected]?
    We've got google for domains setup, so users would retain a @domain.com address regardless if there mailbox was hosted on the internal server or hosted at google.You can make use of the mailRoutingAddress: user attribute and source routing to get the desired behaviour e.g.
    => Set the following value to the LDAP entry of the user who is hosted on the gmail server. The "[email protected]" address should match the users mail: address:
    mailRoutingAddress: @gmail.com:[email protected]=> Ensure the following option has been tcp_local channel in your imta.cnf file. This option strips off the "@gmail.com" value of the recipient address before sending the email to the gmail.com servers.
    dequeue_removerouteMake sure you run "./imsimta cnbuild;./imsimta restart" after modifying the imta.cnf file.
    Regards,
    Shane.

  • Security solution with Identity server for SOX compliance

    Hi all,
    Has anybody used Identity Server as security solution to achieve SOX compliance? i want to know general view, opinions , experiance of ppl while implementing such solution.
    Just a little background of SOX: It is Created by US Congress in the wake of corporate scandals like Enron in 2001 and 2002.it is an attempts to tighten controls over corporate financial reporting and transparency.
    I am basically interested in implementing security solutions using Identity server for SOX compliance. Section 404 of this act deals with internal controls, which essentially requires organizations to provide following facilities -
    1. User Identification, authorization and access
    2. User control of user accounts
    3. Central identification and access rights/permissions management
    4. Violation and security activity report
    Has anybody developed such solution? What are your general experiance, problems , issues etc? Please share your view....

    Just too quick to draw conclusion: See below FAQ
    If you are not in the same AS container, let me know. Jerry
    Copy from J2EE agent FAQ
    Question - Is it possible to install a J2EE 2.1agent and Identity Server on the same instance of the application server ?
    Installing the IS60SP1/IS61 server and J2EE 2.1 policy agent on the sameninstance of Application server is not a supported configuration. We do support the 21 J2EE agent and IS installed on different instances of the application server. So, users can install theJ2EE 2.1 agent on a one instance of the application server and install IS on a different instance of the apps server.

  • Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

    Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
    Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
    2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
    e in ap_table
    2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
    y (com.sun.am.policy.agents.accessDeniedURL) specified
    2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
    d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
    nied (20)
    2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
    d access to http://xx.xx.xx.net:8080/.
    2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
    s denied to testuser1
    We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
    Any suggestions would be of great help.
    Thanks,
    Sunil.

    From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
    information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.ibm.crypto.provider.IBMJCE
    security.provider.3=com.ibm.jsse.IBMJSSEProvider
    security.provider.4=com.ibm.security.cert.IBMCertPath
    security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
    Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

  • OAM Identity Server user search is very slow after upgrading to 10.1.4.2

    We recently upgraded Identity-Server from 7.0.4 to 10.1.4.2 + BP10. The new webpass (version 10.1.4.2) is on iPlanet webserver, which does not have any bundled patch available. After this upgrade, we found the user search is very slow. It is taking double the time compare to version 7.0.4. The search performance for NetPoint admin users is fine.
    The new version is connecting to the same LDAP (Sun 5.2) as the old one. The 7.0.4 version was well tuned (like Ldap connections, caching, etc) for the performance. The migration suppose to carryover those performance configuration to the new version. Is there any new parameter (related to performance) I should look for in version 10 ? Anybody have faced these issues after migration and found a fix for it ?
    Thanks!
    Kabi

    More in this thread - Re: OAM- "You do not have sufficient access rights" message with Master Adm
    -Vinod

Maybe you are looking for

  • Updating iTunes with error message "this application has failed to start because MSVCR80.dll was not found"?

    After updating iTunes, has anyone got the message "this application has failed to start because MSVCR80.dll was not found. Re-installing the application may fix this problem." message and "iTunes was not installed correctly. Please re-install iTunes.

  • Windows 8.1 Modem Problem

    Hello, I just made an update to Window 8.1 with my Think Pad Twis. But now my modem for mobile internet isn't recognize anymore. I've tried to install the drivers manually but failed. Are ther special drivers for W8.1? Thinkpad Twist 2 Windows 8.1 Pr

  • Can I use my iMac Screen as an external screen for my PC laptop

    Can I use my iMac screen as an external screen for my PC laptop ?

  • Outgoing mail off-line

    My mail has been working perfectly until this morning when my email would not send and I kept getting a message requesting my password. This message kept reappearing. My mail sat in outbox and would not send. On checking mail preferences I noticed it

  • WiFi won't even search for networks.

    This problem is only with my iPhone on 5.0.1 (and previously 5.0), not with my iPad. My iPhone will connect to WiFi initially, but will often just switch back to 3G and say WiFi "Not Connected". This is random, but I found it happens a lot when I try