Setting ACL for Directory??

There are only servlet ACL settings in the weblogic.properties,
But how can I set directory ACL with weblogic server like in
Apache or other webservers, can my file named .htaccess work?
Thanks for help!

There are only servlet ACL settings in the weblogic.properties,
But how can I set directory ACL with weblogic server like in
Apache or other webservers, can my file named .htaccess work?
Thanks for help!

Similar Messages

  • Can't set ACL for JSPs

    Hi,
              we are trying to set define ACL for weblogic security for JSP
              and could't manage to do it. In the online documentation there
              are examples for servlets but not for html or jsp files.
              How have to be defined the ACLs for jsp and html files ?
              Thanks in advance.
              GRIDSYSTEMS Bartolome Real Planells
              

    See http://www.weblogic.com/docs51/admindocs/properties.html#urlacl for
              details on setting ACLs on URLs...
              Bartolome Real Planells wrote:
              > Hi,
              >
              > we are trying to set define ACL for weblogic security for JSP
              > and could't manage to do it. In the online documentation there
              > are examples for servlets but not for html or jsp files.
              >
              > How have to be defined the ACLs for jsp and html files ?
              >
              > Thanks in advance.
              >
              > -------------------------------------------------------------------
              > GRIDSYSTEMS Bartolome Real Planells
              

  • Query: Setting ACL for Roles and Programmatic Approach

    Hi All
    I'm trying to setup ACL for Roles on WCC(11.1.1.8) server by following the blog https://blogs.oracle.com/kyle/entry/access_control_lists_for_roles using Framework folder and have few queries
    Query 1:
    Created new folder and associate enterprise roles under Role access list
    1. Created a new folder 'MyFolder' with Security group 'Secure', owner 'weblogic'.
    2. Assigned Role 'Deployers' under Role Access List with RW permissions.
    3. In Admin console, associated user 'jcooper' with 'Deployers' group and 'jausten' with no group.
    4. Logged in using 'jcooper' and able to assess 'Myfolder'.
    5. Logged in using 'jausten' and also able to assess 'MyFolder'
    Observation
    Since user 'jausten' is not associated with 'Deployers' group, how can 'jausten' assess the folder? Am I missing some configurations here. Please let me know setup steps to achieve this functionality in desired manner.
    Query 2:
    Created a prototype using RIDC to create a folder programmatically and assigning RAL to the created folder
            DataBinder requestData = client.createBinder();
            requestData.putLocal("IdcService", "FLD_CREATE_FOLDER");
           requestData.putLocal("fParentGUID", getFolderGUID("/"));
            requestData.putLocal("fFolderName", "TestFolder");
            requestData.putLocal("xClbraRoleList", ":Deployers(RW)");
            ServiceResponse  updateResponse = client.sendRequest(connectionContext, requestData);
    Observation
    Folder got created successfully, but 'Deployers' Role not assigned under Role access list.
    Query 3:
    Created a prototype using RIDC to assign enterprise roles to the existing folder
            DataBinder requestData = client.createBinder();
            requestData.putLocal("IdcService", "FLD_EDIT_FOLDER");
            requestData.putLocal("fFolderGUID", getFolderGUID("/TestFolder"));
            requestData.putLocal("path", "/TestFolder");
            requestData.putLocal("xClbraRoleList", ":Deployers(RW)");
            ServiceResponse  updateResponse = client.sendRequest(connectionContext, requestData);
    Observation
    Role got associated with folder under Metadata section, whereas folder information section does not contain the reference of updated role e.g. Edit Folder Information section on WCC UI not showing the added role, whereas Edit Metadata values section of UI showing this role.
    Please suggest what I'm missing in configuration/code and appropriate way to achieve the functionality.
    Thanks.

    Thanks Jonathan!!
    Query 2 and 3 answered by this setting and it worked fine.
    Could you please also assist on Q.1
    Query 1:
    Created new folder and associate enterprise roles under Role access list
    1. Created a new folder 'MyFolder' with Security group 'Secure', owner 'weblogic'.
    2. Assigned Role 'Deployers' under Role Access List with RW permissions.
    3. In Admin console, associated user 'jcooper' with 'Deployers' group and 'jausten' with no group.
    4. Logged in using 'jcooper' and able to assess 'Myfolder'.
    5. Logged in using 'jausten' and also able to assess 'MyFolder'
    Observation
    Since user 'jausten' is not associated with 'Deployers' group, how can 'jausten' access the folder?
    Am I missing some config?

  • Help with ACL and directory permission

    I have the following ACL for directory xyz. I have granted access to xyz for user user1, however user1 still cannot get into the directory. What is missing?
    # file: xyz
    # owner: owner1
    # group: nogroup
    user::rwx
    user:user1:rw-         #effective:rw-
    group::---             #effective:---
    mask:rw-
    other:---
    default:user::rwx
    default:group::---
    default:mask:---
    default:other:---Also what is the difference between the default and common ACL?
    Thanks

    user1 still cannot access directory xyz... something else missing? Thanks.
    # file: xyz
    # owner: owner1
    # group: nogroup
    user::rwx
    user:user1:rw-         #effective:rw-
    group::---             #effective:---
    mask:rw-
    other:---
    default:user::rwx
    default:group::---
    default:mask:rwx
    default:other:---

  • Help with setting up active directory domain controller/DNS - need this for Clustering

    Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
    I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
    When I look at my server manager AD DS complain about DNS:
    NASE-2012-234    4015    Error    Microsoft-Windows-DNS-Server-Service    DNS Server    1/14/2014 12:54:06 AM
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
    When I click on DNS this is the error:
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
    Output of DCDiag -v is below.
    PS C:\Users\Administrator> dcdiag -v
    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       * Verifying that the local machine NASE-2012-234, is a Directory Server.
       Home Server = NASE-2012-234
       * Connecting to directory service on server NASE-2012-234.
       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
    ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
    e,DC=com
       Getting ISTG and options for the site
       * Identifying all servers.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
    SDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
    N=Configuration,DC=lab,DC=nase,DC=com
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.
       * Found 1 DC(s). Testing 1 of them.
       Done gathering initial info.
    Doing initial required tests
       Testing server: Default-First-Site-Name\NASE-2012-234
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
             Check the DNS server, DHCP, server name, etc.
             Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
             ......................... NASE-2012-234 failed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\NASE-2012-234
          Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
          Test omitted by user request: Advertising
          Test omitted by user request: CheckSecurityError
          Test omitted by user request: CutoffServers
          Test omitted by user request: FrsEvent
          Test omitted by user request: DFSREvent
          Test omitted by user request: SysVolCheck
          Test omitted by user request: KccEvent
          Test omitted by user request: KnowsOfRoleHolders
          Test omitted by user request: MachineAccount
          Test omitted by user request: NCSecDesc
          Test omitted by user request: NetLogons
          Test omitted by user request: ObjectsReplicated
          Test omitted by user request: OutboundSecureChannels
          Test omitted by user request: Replications
          Test omitted by user request: RidManager
          Test omitted by user request: Services
          Test omitted by user request: SystemLog
          Test omitted by user request: Topology
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: VerifyReferences
          Test omitted by user request: VerifyReplicas
          Test omitted by user request: DNS
          Test omitted by user request: DNS
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : lab
          Starting test: CheckSDRefDom
             ......................... lab passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... lab passed test CrossRefValidation
       Running enterprise tests on : lab.nasecom
          Test omitted by user request: DNS
          Test omitted by user request: DNS
          Starting test: LocatorCheck
             GC Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             PDC Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             Time Server Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             KDC Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             ......................... lab.nase.com passed test LocatorCheck
          Starting test: Intersite
             Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
             provided.
             ......................... lab.nasecom passed test Intersite
    PS C:\Users\Administrator>

    http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions.  You might want to post your question there.
    .:|:.:|:. tim

  • Pre-populate adapter for setting the Active Directory OU for a user

    Hi All
    I created a pre-populate adapter that set the Active Directory OU for a user...
    In the end the status of the resource is still showing "provisioning"..
    It must be "Provsioned"..did I miss something ?
    The logs speak as below :-
    08:01:12,678 INFO [STDOUT] Running Create User
    08:01:12,678 INFO [STDOUT] Before appending Root Context:OU=Human Resources,
    08:01:12,678 INFO [STDOUT] tcUtilLDAPController.java : hierString : OU=Human Resources,dc=mydomain,dc=com
    08:01:13,553 ERROR [ACTIVEDIRECTORYCONTROLLER] Problem creating object: javax.naming.OperationNotSupportedException: [LD
    AP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
    ]; remaining name 'cn=ASYMONDS'
    08:03:18,756 INFO [[xlWebApp]] action: LogonAction: User 'XELSYSADM' logged on in session 8116CBC0FA1481D06A207A1941B9
    E096
    08:22:31,256 ERROR [WEBAPP] Class/Method: ProvisionedResourcesForUserAction/confirmEnableSelection encounter some proble
    ms: No checkbox was checked.

    Just verify the OU value is correctly populated , first try doing the provisioning by manually giving OU and everything .
    Is it successful ?
    Then we can check if something wrong going with pre pop.
    Thanks
    Suren

  • How to set the working directory for reports in linux

    Hi All,
    Can you anyone help me to set the working directory for oracle application server 10g reports? I am using RHEL4 and AS10g. Actually i want to run my reports from my define
    working directory. How can I do this?
    Thanks in advance
    Arif

    Hi,
    your rep_srv.conf should look like something like
    +<?xml version = '1.0' encoding = 'ISO-8859-1'?>+
    +<!DOCTYPE server PUBLIC "-//Oracle Corp.//DTD Reports Server Configuration //EN" "file:D:\oracle\FRHome_1/reports/dtd/rwserverconf.dtd">+
    +<server version="10.1.2.0.2">+
    +<!--Please do not change the id for reports engine.-->+
    +<!--The class specifies below is subclass of _EngineClassImplBase and implements EngineInterface.-->+
    +<cache class="oracle.reports.cache.RWCache">+
    +<property name="cacheSize" value="50"/>+
    +<!--property name="cacheDir" value="your cache directory"-->+
    +<!--property name="maxCacheFileNumber" value="max number of cache files"-->+
    +<!--property name="ignoreParameters" value="parameter names to be ignored in constructing cache key, separated by comma ','"-->+
    +</cache>+
    +<engine id="rwEng" class="oracle.reports.engine.EngineImpl" initEngine="1" maxEngine="3" minEngine="0" engLife="50" maxIdle="30" callbackTimeOut="90000" jvmOptions="-Xmx512M -Xss512K">+
    +<!--property name="sourceDir" value="your reports source directory"/-->+
    +<!--property name="tempDir" value="your reports temp directory"/-->+
    +<!--property name="keepConnection" value="yes"/-->+
    +</engine>+
    +...+
    some more definitions
    +..+
    +<!--pluginParam name="proxy" type="file">proxyinfo.xml</pluginParam-->+
    +<pluginParam name="xmlpds" type="file">xmlpds.conf</pluginParam>+
    +<pluginParam name="jdbcpds" type="file">jdbcpds.conf</pluginParam>+
    +<pluginParam name="textpds" type="file">textpds.conf</pluginParam>+
    *<environment id="APP1">*
    *+<envVariable name="REPORTS_PATH" value="/application1/reports"/>+*
    *+</environment>+*
    *+<environment id="APP2">+*
    *+<envVariable name="REPORTS_PATH" value="/application2/reports"/>+*
    +</environment>+
    +</server>+
    The environment ids you can choose yourself and you have to put them in there yourself too (here I put two environments for two different applications "1" and "2").
    If you call a report from Forms, then you have to code something like
    ADD_PARAMETER(p_list,'ENVID',TEXT_PARAMETER,'APP1');
    Details depend on how you call your reports, my example is for using a parameter list and calling a report out of application1
    Hope that helps.
    Volker

  • Setting of attachment directory for axis

    Hi,
    I'm working on web services using axis 1.2.1. In the application that we are developing we are sending attachments. Axis has got a parameter in server-config.wsdd for setting the attachment directory. But the problem is it is only taking the absolute path. I want to give a relative path relative to the context of my web application. If we do not specify the parameter in wsdd file it still creates attachments directory in the WEB-INF folder.
    My question is that is it possible to give a relative path as value for the parameter attachments.directory in the serverconfig.wsdd. If not possible atleast avoid the axis of creating directory on its own so that we can control the attachment directory creation from our application.
    Any help in this regard would be of great help
    Thanks

    it seems the Increment setting can do that

  • Listing user's ACLs for an entire given directory?

    My client has a goofy request I'm trying to solve: Listing the ACLs for a given user for an entire directory, ie., all children, ie., subfolders and files. Essentially, they want to see the same thing the "effective permission inspector" tells you for a given user, but for their entire drive on the server, not just a single file.
    This functionality doesn't seem to jump right out in any of the apps., specifically Workgroup Manager. I've poked a little into lookupd and CLIX, but I don't think I've found anything there. Surfing hasn't brought me anything either. My thought is I'd have to write a script accessing lookupd or le (ie., ls -le, but for an entire tree).
    Anyone have any clues, code, links, or ideas?
    – TG

    Solved by looking at the http error logs. It showed a, for lack of better terms, longer path name to the user home dir. I changed the httpd.conf file, adding the longer path. Works great now.

  • Setting Additional Document Directory in Sunone 6.1 SP1

    Tried to run a testfile (index.htm) from an additional document directory in 6.1 SP1 on W2K (local), but it doesn't show up. What am I missing, doing wrong or forget?
    Additional Document DIrectory setting:
    Prefix: /test
    Directory: c:/websites/test
    in vsclass2.obj.conf (made a 2nd virtual class which is working for several sites) is written:
    NameTrans fn="pfx2dir" from="/test" dir="c:/websites/test"
    But I get this by using : http://hostname/test
    Not Found
    The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it.
    Has it something to do with an ACL setting? If so, how do I control or config this?
    Thanks for any assistance,
    Ren�

    Hi Dustin,
    I think you posted this to the wrong newsgroup :-)
    In WLS 6.1, document roots are Web Application specific. Unless you explicitly
    change it, the default Web Application (the one that you get when you type in
    the http://localhost:7001 URL), the document root is a folder under your domain's
    application directory named "DefaultWebApp_{name-of-your-server}". Where {name-of-your-server}
    is whatever value you assigned to the -Dweblogic.Name property, on the command
    line you started WLS with. Refer to the WLS 6.1 documentation for instructions
    on how to change this to a different Web Application. Here are a couple of links
    that will provide you with some insight into this:
    http://edocs.bea.com/wls/docs61/webapp/basics.html#136976
    http://edocs.bea.com/wls/docs61/adminguide/web_server.html#113228
    Regards,
    Mike Wooten
    "Dustin N. Jenkins" <[email protected]> wrote:
    I have recently migrated from WebLogic 5.1 to WebLogic 6.1, on Windows
    2000
    running jdk 1.3.1. My Document Root settings (weblogic.httpd.documentRoot)
    from WebLogic 5.1 in my weblogic.properties file did not carry over to
    WebLogic 6.1, so does anybody know how to set the Document Root in WebLogic
    6.1? Or is there an equivalent to it now?
    Thanks in advance,
    Dustin N. Jenkins

  • IPv6 ACLs for ZBFW with changing IPv6 prefix?

    Hi all
    Is there a trick to keep IPv6 ACLs for ZBFW working when the IPv6 prefix will change ?
    Background:
    6RD based residential internet access.
    Provider has a /28 6RD-Prefix, and will append the whole 32bits of the DHCP assigned public IPv4 address, leaving a /60 to use at home. Inside should be subnet 0, DMZ should be subnet 1 from that /60.
    A few of my DMZ IPv6 hosts should be reachable from the outside world on specific udp/tcp ports, without having to open the whole DMZ subnet towards the IPv6 internet.
    No big deal, one would think...
    zone security Z-INTERNET
     description * the outside world *
    zone security Z-DMZ
    zone security Z-OUTSIDE
    zone-pair security ZP-OUTSIDE-TO-DMZ source Z-OUTSIDE destination Z-DMZ
     service-policy type inspect PMAP-INBOUND-TRAFFIC
    policy-map type inspect PMAP-INBOUND-TRAFFIC
     class type inspect CMAP-IN-TRACE-TRAFFIC
      pass
     class type inspect CMAP-IN-INSPECT-TRAFFIC
      inspect 
     class class-default
      drop log
    class-map type inspect match-any CMAP-IN-TRACE-TRAFFIC
     match access-group name ACLv6-ICMP-UNREACH   <-- some ICMP listed in this ACL, irrelevant here
    class-map type inspect match-any CMAP-IN-INSPECT-TRAFFIC
     match access-group name ACLv6-INBOUND-TRAFFIC 
    Now.. what would I put into ACLv6-INBOUND-TRAFFIC? Manually setting...
    ipv6 access-list ACLv6-INBOUND-TRAFFIC
     sequence 10 permit tcp any host <MYcurrent6RDPREFIX>1::<$MYHOSTID> eq http
    ... works well, until MY6currentRDPREFIX becomes MYnew6RDPREFIX. It does so seldomly, but it does, especially after outages.
    For adressing (and re-adressing) the DMZ interface, "ipv6 general prefix MY6RDPREFIX 6rd tunnel6" helps a lot and it works pretty well.
    However, one cannot seem to make use of "ipv6 general prefix" in an ipv6 ACL, neither as source nor destination (and neither when defining a stateful DHCPv6 server, for that matter).
    router6rd(config-ipv6-acl)#permit ip any ?
      X:X:X:X::X/<0-128>  IPv6 destination prefix x:x::y/<z>
      any                 Any destination prefix
      host                A single destination host
    router6rd(config-ipv6-acl)#
    D'oh. What now?
    I do know that scanning the whole /64 would take aeons to complete, but I would like to use predetermined addresses with SLAAC and stateless DHCPv6 (with the help of http://man7.org/linux/man-pages/man8/ip-token.8.html).
    Opening the entire subnet makes me cringe, even more since these hosts are bound to be in some public DNS as well. For that matter, it becomes largely irrelevant if the Host-ID comes from ip-token, EUI-64, RFC7217 or privacy extensions (allright, the latter wouldn't quite apply here, I know.)
    Am I caught in the "IPv6 is like IPv4 but with longer addresses" trap? Should I just do away with my wish to have only the given DMZ servers reachable, and open up the entire subnet? 
    Or: Is there a completely different way of doing ZBFW things in IPv6 that I didn't think of?
    thanks for your thoughts and ideas.
    Marc

    Hi all
    Is there a trick to keep IPv6 ACLs for ZBFW working when the IPv6 prefix will change ?
    Background:
    6RD based residential internet access.
    Provider has a /28 6RD-Prefix, and will append the whole 32bits of the DHCP assigned public IPv4 address, leaving a /60 to use at home. Inside should be subnet 0, DMZ should be subnet 1 from that /60.
    A few of my DMZ IPv6 hosts should be reachable from the outside world on specific udp/tcp ports, without having to open the whole DMZ subnet towards the IPv6 internet.
    No big deal, one would think...
    zone security Z-INTERNET
     description * the outside world *
    zone security Z-DMZ
    zone security Z-OUTSIDE
    zone-pair security ZP-OUTSIDE-TO-DMZ source Z-OUTSIDE destination Z-DMZ
     service-policy type inspect PMAP-INBOUND-TRAFFIC
    policy-map type inspect PMAP-INBOUND-TRAFFIC
     class type inspect CMAP-IN-TRACE-TRAFFIC
      pass
     class type inspect CMAP-IN-INSPECT-TRAFFIC
      inspect 
     class class-default
      drop log
    class-map type inspect match-any CMAP-IN-TRACE-TRAFFIC
     match access-group name ACLv6-ICMP-UNREACH   <-- some ICMP listed in this ACL, irrelevant here
    class-map type inspect match-any CMAP-IN-INSPECT-TRAFFIC
     match access-group name ACLv6-INBOUND-TRAFFIC 
    Now.. what would I put into ACLv6-INBOUND-TRAFFIC? Manually setting...
    ipv6 access-list ACLv6-INBOUND-TRAFFIC
     sequence 10 permit tcp any host <MYcurrent6RDPREFIX>1::<$MYHOSTID> eq http
    ... works well, until MY6currentRDPREFIX becomes MYnew6RDPREFIX. It does so seldomly, but it does, especially after outages.
    For adressing (and re-adressing) the DMZ interface, "ipv6 general prefix MY6RDPREFIX 6rd tunnel6" helps a lot and it works pretty well.
    However, one cannot seem to make use of "ipv6 general prefix" in an ipv6 ACL, neither as source nor destination (and neither when defining a stateful DHCPv6 server, for that matter).
    router6rd(config-ipv6-acl)#permit ip any ?
      X:X:X:X::X/<0-128>  IPv6 destination prefix x:x::y/<z>
      any                 Any destination prefix
      host                A single destination host
    router6rd(config-ipv6-acl)#
    D'oh. What now?
    I do know that scanning the whole /64 would take aeons to complete, but I would like to use predetermined addresses with SLAAC and stateless DHCPv6 (with the help of http://man7.org/linux/man-pages/man8/ip-token.8.html).
    Opening the entire subnet makes me cringe, even more since these hosts are bound to be in some public DNS as well. For that matter, it becomes largely irrelevant if the Host-ID comes from ip-token, EUI-64, RFC7217 or privacy extensions (allright, the latter wouldn't quite apply here, I know.)
    Am I caught in the "IPv6 is like IPv4 but with longer addresses" trap? Should I just do away with my wish to have only the given DMZ servers reachable, and open up the entire subnet? 
    Or: Is there a completely different way of doing ZBFW things in IPv6 that I didn't think of?
    thanks for your thoughts and ideas.
    Marc

  • I install IDES 4.7 in VMware, Why "unable to set time for file...."

    system     Windows2003
    database   Oracle 9
    disk space : C(50G)D(80G)E(40G)
    "Copying file C:/DOCUME1/ADMINI1/LOCALS~1/Temp/SAPinst/bootstrap_keydb.1.xml to: C:/SAPinst ORACLE SAPINST.
    INFO 2014-01-26 16:22:47
    Copying file C:/DOCUME1/ADMINI1/LOCALS~1/Temp/SAPinst/bootstrap_keydb.xml to: C:/SAPinst ORACLE SAPINST.
    INFO 2014-01-26 16:22:47
    Copying file C:/DOCUME1/ADMINI1/LOCALS~1/Temp/SAPinst/CONTROL.DTD to: C:/SAPinst ORACLE SAPINST.
    ERROR 2014-01-26 16:22:47
    FSL-02010  Unable to set time for file C:/SAPinst ORACLE SAPINST/CONTROL.DTD.
    ERROR 2014-01-26 16:22:47
    FJS-00012  Error when executing script."
    who can help me ..please.....

    Hello Matthew,
    You should also change your temp directory to something woth no spaces, something like C:\temp.
    Sapisnt sometimes has problems with the spaces in the temp path, and the Universal Installer nearly always
    has a problem with this.
    Regards,
    David

  • Problem creating Network ACL for a ROLE in Oracle 11gR2

    According to Oracle Documentation when you create a new Network ACL you can add privileges to a user or role.  I need to create a new ACL for the UTL_SMTP package for a specific role, but when I granted it the users who have that role are still getting the "ORA-24247: network access denied by access control list (ACL)" error when they try to send an email.  If I grant the ACL privilege to the same users directly it works fine.  Is there any step I'm missing?  This is the test I have made on my Solaris 10 - Oracle 11gR2 (11.2.0.3) Standard Edition server:
    SQL*Plus: Release 11.2.0.1.0 Production on Wed Aug 21 09:31:52 2013
    Copyright (c) 1982, 2010, Oracle.  All rights reserved.
    SQL> CONNECT system/******@testdb
    Connected.
    SQL> SET LINES 1000
    SQL> SELECT * FROM v$version;
    BANNER
    Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
    PL/SQL Release 11.2.0.3.0 - Production
    CORE    11.2.0.3.0      Production
    TNS for Solaris: Version 11.2.0.3.0 - Production
    NLSRTL Version 11.2.0.3.0 - Production
    SQL> COLUMN host FORMAT A20
    SQL> COLUMN lower_port FORMAT 99999
    SQL> COLUMN upper_port FORMAT 99999
    SQL> COLUMN acl FORMAT A40
    SQL> COLUMN acl FORMAT A40
    SQL> COLUMN principal FORMAT A15
    SQL> COLUMN privilege FORMAT A10
    SQL> COLUMN is_grant FORMAT A8
    SQL> COLUMN status FORMAT A10
    SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
    no rows selected
    SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
    no rows selected
    SQL> CREATE USER testacl IDENTIFIED BY testacl;
    User created.
    SQL> GRANT CONNECT TO testacl;
    Grant succeeded.
    SQL>
    SQL> BEGIN
      2     dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL',true,'connect');
      3     dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
      4     commit;
      5  END;
      6  /
    PL/SQL procedure successfully completed.
    SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
    HOST                 LOWER_PORT UPPER_PORT ACL
    localhost                    25         25 /sys/acls/test_smtp.xml
    SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
    ACL                                      PRINCIPAL       PRIVILEGE  IS_GRANT
    /sys/acls/test_smtp.xml                  TESTACL         connect    true
    After creating this ACL I test it like this:
    SQL> CONNECT testacl/testacl@testdb
    Connected.
    SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
    HOST                 LOWER_PORT UPPER_PORT PRIVILEGE  STATUS
    localhost                    25         25 connect    GRANTED
    SQL> DECLARE
      2     c utl_smtp.connection;
      3  BEGIN
      4     c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
      5     utl_smtp.helo(c, 'localhost');
      6     utl_smtp.mail(c, 'Oracle11.2');
      7     utl_smtp.rcpt(c, '[email protected]');
      8     utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
      9     utl_smtp.quit(c);
    10  END;
    11  /
    PL/SQL procedure successfully completed.
    SQL>
    This works fine and I receive the email correctly.  Now if I try to do the same thing for a role:
    SQL> CONNECT system/******@testdb
    Connected.
    SQL> BEGIN
      2     dbms_network_acl_admin.drop_acl('test_smtp.xml');
      3     commit;
      4  END;
      5  /
    PL/SQL procedure successfully completed.
    SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
    no rows selected
    SQL> CREATE ROLE testacl_role;
    Role created.
    SQL> GRANT testacl_role TO testacl;
    Grant succeeded.
    SQL> ALTER USER testacl DEFAULT ROLE ALL;
    User altered.
    SQL>
    SQL> BEGIN
      2     dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL_ROLE',true,'connect');
      3     dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
      4     commit;
      5  END;
      6  /
    PL/SQL procedure successfully completed.
    SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
    HOST                 LOWER_PORT UPPER_PORT ACL
    localhost                    25         25 /sys/acls/test_smtp.xml
    SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
    ACL                                      PRINCIPAL       PRIVILEGE  IS_GRANT
    /sys/acls/test_smtp.xml                  TESTACL_ROLE    connect    true
    SQL>
    And now I test it again with the same user:
    SQL> CONNECT testacl/testacl@testdb
    Connected.
    SQL>
    SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
    no rows selected
    SQL> DECLARE
      2     c utl_smtp.connection;
      3  BEGIN
      4     c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
      5     utl_smtp.helo(c, 'localhost');
      6     utl_smtp.mail(c, 'Oracle11.2');
      7     utl_smtp.rcpt(c, '[email protected]');
      8     utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
      9     utl_smtp.quit(c);
    10  END;
    11  /
    DECLARE
    ERROR at line 1:
    ORA-24247: network access denied by access control list (ACL)
    ORA-06512: at "SYS.UTL_TCP", line 17
    ORA-06512: at "SYS.UTL_TCP", line 267
    ORA-06512: at "SYS.UTL_SMTP", line 161
    ORA-06512: at "SYS.UTL_SMTP", line 197
    ORA-06512: at line 4
    SQL>
    I'm aware that role privileges doesn't apply inside procedures, functions or packages by default, but this is an anonymous block so it should use the active roles for the user.  I also tried adding a "dbms_session.set_role('TESTACL_ROLE');" at the beggining of the anonymous PL/SQL block but I got the same access error.
    Thanks in advance for any help you can give to me on this question, it would be very hard to grant the ACL to all the individual users as they are more than 1000, and we create more regularly.

    Thanks for your quick reply... I don't have a problem creating the basic ACL with the privileges granted for a user.  The problem appears when I try to create an ACL with privileges for a ROLE.  You can see here http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_networkacl_adm.htm#BABIGEGG than the official Oracle documentation states that you can assign the ACL principal to be a user or role:
    Parameter
    Description
    acl
    Name of the ACL. Relative path will be relative to "/sys/acls".
    description
    Description attribute in the ACL
    principal
    Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
    My issue is that when I try to create the ACL for a role it doesn't work.
    Have you ever created an ACL for a role? if so please send me an example or let me know which step I might be missing.  Cheers.

  • Set Desname for PDF using Oracle Applications

    We are running Oracle Applications 11i, 8i database on a Unix box and use windows 2000, internet explorer, acrobat 6.0 to run, and view the reports.
    I just finished redesigning a Oracle report to output to PDF instead of printing on a preprinted form.
    The user has requested that the output file (Report) be saved to a specific directory on a server that is on the windows platform.
    The report is being run from the concurrent manager inside of Oracle Applications, which seems to be over writing my desname that is specified in my report (rdf). Our current workaround is that the user opens the file in acrobat and save it to the desired directory, which they have to set manually for each session.
    Is there a way to run a report on UNIX and output the report to a windows directory?
    Thanks in advance...

    There is a better workaround than opening an saving on desktop...I have never tried this but have an idea...that would work 100%.
    The standard configuration of apps 11i is that the output file is placed in $APPLCSF/out and its on the Unix Box...but if u have apps running on NT environemnt then just share the file system of $APPLCSF with the desktop...Pretty simple....
    If apps is running on Unix then u need to install software like Samba on Unix so that the desktop will be able to share the file system of unix on desktop....
    Try it out...
    Best of luck

  • Cpio syntax in 10g Release 1 (10.1.0.3) Patch Set 1 for AIX-Based Systems

    Oracle® Database Patch Set Notes
    10g Release 1 (10.1.0.3) Patch Set 1 for AIX-Based Systems
    Download and Extract the Installation Software
    To download and extract the patch set installation software:
    1. Download the p3761843_10103_AIX64-5L.zip patch set installation archive to a directory that is not the Oracle home directory or under the Oracle home directory.
    2. Enter the following commands to unzip and extract the installation files:
    $ unzip p3761843_10103_AIX64-5L.zip
    $ cpio –idcv p3761843_10103_AIX64-5L.cpio
    Of course cpio -i is expecting a standard input, so there a missing <
    cpio –idcv < p3761843_10103_AIX64-5L.cpio
    Best Regards
    Laurent Schneider

    Hi Laurent,
    Apologies for the delay responding to your feedback.
    The Document to which you refer does not appear to be listed on the pages my group maintains at: http://www.oracle.com/technology/documentation/index.html
    We are not actually part of the OTN group.
    Therefore, please try the Members Feedback forum instead at: Community Feedback (No Product Questions)
    Thanks and regards,
    Les

Maybe you are looking for

  • Voice Memos Playlist Not Syncing

    I've tried all sorts of things, but I can't seem to get my voice memos playlist to sync to itunes. My workaround has been to make a new smart playlist, and have it add all files that contain "iPhone" but I would rather have it work as it used to. Any

  • Problems linking Intel MKL in LabWindows

    I would like to use the Intel Math Kernel Libraries (MKL) in LabWindows.  However, I keep getting a linker error (undefined symbol when I try to call an MKL function).  The functions I want are the FFT libraries (DFTI).  I included the "mkl.h" and "m

  • Pre-configured smart forms

    Hello I am trying to find out where I could download pre-configured smart forms for sales order confirmations? We are in a 4.7 system. I searched service.sap.com and could not find the download. Thanks. Jack

  • Error code; no HUD

    There was an error code in downloading the update for CS6 ....U44MIP7 Also, in  filter - render - lighting  ...there is no HUD point, so the light point cannot be moved around the photo.

  • [solved] can't build haskell-hsx

    just exits with: /usr/bin/ld: cannot find -lHScpphs-1.11-ghc6.12.3 any ideas? EDIT: apparently this only happens when building with makepkg.. running it through clyde worked fine Last edited by chris-kun (2011-02-20 03:33:38)