Setting up LDAP for HP ALM 12

Dear All, We are trying to setup hp ALM 12 version in our environment, wherein we are trying to implement user import through LDAP but we have no handson experience on this, looking for detailed steps to initiate this Requesting you to post your valuable comments Regards, Manju Ramalingam

Similar Messages

Setting up LDAP for authentication to portal:default property set named "ldap

Hi
I am trying to implement the LDAP authentication to WebLogic Portal .Iam went
thru the docmentation ( http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
mentions using the default property set named "ldap" and deploying ldapprofile.jar.My
quenstion is:
-Is there a way to look into the property using EBCC
- Apart from deploying,configuring the ldapprofile.jar,do I have to do any additional
steps in order to make my portal(say,stockportal) authenticate users from LDAP?
-If a create my own portal,should I create a similar "ldap" property set?If so,how.
Any suggestions/help is appreciated.Thanks
- Mike

Thanks Dave.
"David Anderson" <[email protected]> wrote:
You should be able to view the property set for LDAP through the EBCC
if you
have the propertysetws.jar installed in your Portal domain. This provides
the ability for the EBCC to retrieve property set information from your
server.
Dave
"mike" <[email protected]> wrote in message
news:[email protected]...
Hi Adrian
Thank you for the pointers.Much appreciate it.However,one questionstill
persists.
What is the significance of the property set "ldap" mentioned in the
document(http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).Where
does this property set feature vis-a-vis setting up LDAP securityrealm;does it
mater prior to/after the setting up as mentioned in the document pointeryou just
gave .
Is it sufficinet that i follow the procedure to set up the LDAP oris
there more
to post setting,like creating a property set (similar to "ldap" orcloning
it)
apaprt frpom deploying ldapprofile.jar.
Thanks.
- Mike
"Adrian Fletcher" <[email protected]> wrote:
Mike,
The documentation that covers LDAP authentication is listed under
Weblogic
Server rather than Weblogic Portal.
See Configuring the LDAP Security Realm in Managing Security
(http://e-docs.bea.com/wls/docs61////adminguide/cnfgsec.html#1071872)
Also take a look at the FAQ - Why can't I boot WebLogic Server whenusing
the LDAP Security Realm?
(http://e-docs.bea.com/wls/docs61//faq/security.html#25833)
Hope this helps,
Sincerely,
Adrian.
Adrian Fletcher.
Senior Software Engineer,
BEA Systems, Inc.
Boulder, CO.
email: [email protected]
"mike" <[email protected]> wrote in message
news:[email protected]...
Hi
I am trying to implement the LDAP authentication to WebLogic Portal.Iam
went
thru the docmentation
http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
mentions using the default property set named "ldap" and deployingldapprofile.jar.My
quenstion is:
-Is there a way to look into the property using EBCC
- Apart from deploying,configuring the ldapprofile.jar,do I have
to
do any
additional
steps in order to make my portal(say,stockportal) authenticate usersfrom
LDAP?
-If a create my own portal,should I create a similar "ldap" propertyset?If so,how.
Any suggestions/help is appreciated.Thanks
- Mike

Setting the LDAP for HP OfficeJet Pro 8610

Having problems with the scan to email. don't know if this is the problem. I keep getting the a message about the IP address and not connect to the server, sometimes it work sometimes it do not. I want to set up the LDAP, but I do not know the information to put in. I click on the button to find settings I get a error.

Hi @caseqtr, and welcome to the HP Forums!
I don't know about recovering your password for the Embedded Web Server, but you can restore the network defaults on the printer to reset the password. Resetting the network defaults of course means you will need to reconfigure the wireless settings, but that is simply enough.
To restore network defaults, touch the right side of the touch scree and drag your finger to the left to scroll over to the second page of the home menu, then select Setup. In the Setup menu, choose The Network Setup, and navigate to Restore Network Defaults.
Please let me know if this resolves the issue, or if you require additional assistance. Thanks.
Please click the Thumbs up icon below to thank me for responding.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution.
Sunshyn2005 - I work on behalf of HP

Running netca in silene mode to set up ldap for using OID

Hi,
I'm not sure if this is the right forum for this posting....
Our customer is in the process of automating the installation of their Oracle environment including the database, app server, and OID.
I'm in the process of looking into how a .rsp file would be configured to configure ldap and the OID directory server running NETCA in silent mode.
I'm a little confused about how this would be done because the only thing I've been able to see so far is adding LDAP to the NAMING_METHODS parameter in the rsp file.
Does anyone know how the other information (ie: Directory type, Directory service info, Oracle context, etc.) would be specified?
Thanks very much in advance,
Beth
Message was edited by:
brumpf

Hi,
Thanks so much for the feedback. But I finally found what I was looking for in the Oracle Database Net Services reference.
The parameters for the response file are:
DIRECTORY_SERVER_TYPE=oid
DIRECTORY_SERVERS=<host:port[<ssl port>]
DEFAULT_ADMIN_CONTEXT="DN for the server"
It was right in front of me the whole time and I didn't see it.... ugh!
Thanks again!
Beth
Message was edited by:
brumpf

How to set expiry date for a mail account?

Hi there, i'm new in Messaging Server, need help here on how to set an expiry date to a specific mail user since the mail user will be just a temporary mail user. Instead of deleting manually, is there any smarter way of doing it?

Directory Server can be set to exipre a password, indeed. That will prevent the user from logging in, when it happens. There will be no warning, or anything like that.
The account will still be on the server, and the mailbox will still contain mail. It will still receive mail.
If you want to turn an account off, you will have to make some arrangement outside Messaging Server for automating it.
You can use any kind of program you like to set the ldap attribute "mailuserstatus" to "inactive", or even "deleted" as you wish.
You can use java, "c", or any other programming tools you like. Messaging Server and Directory Server aren't written in Java, anyway.

Pam.conf does not use ldap for password length check when changing passwd

I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
I have dsee 6.0 installed on a solaris 10 server (client).
I have a solaris 9 server (server) set up to use ldap authentication.
bash-2.05# cat /var/ldap/ldap_client_file
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= X, Y
NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= tls_profile
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
NS_LDAP_BIND_TIME= 10
bash-2.05# cat /var/ldap/ldap_client_cred
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
bash-2.05# cat /etc/nsswitch.conf
# /etc/nsswitch.ldap:
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
# consult /etc "files" only if ldap is down.
hosts: files dns
ipnodes: files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: ldap [NOTFOUND=return] files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: ldap
automount: files ldap
aliases: files ldap
# for efficient getservbyname() avoid ldap
services: files ldap
sendmailvars: files
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
bash-2.05# cat /etc/pam.conf
#ident "@(#)pam.conf 1.20 02/01/23 SMI"
# Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# PAM configuration
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
# Authentication management
# login service (explicit because of pam_dial_auth)
login auth requisite pam_authtok_get.so.1 debug
login auth required pam_dhkeys.so.1 debug
login auth required pam_dial_auth.so.1 debug
login auth binding pam_unix_auth.so.1 server_policy debug
login auth required pam_ldap.so.1 use_first_pass debug
# rlogin service (explicit because of pam_rhost_auth)
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1 use_first_pass
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
# PPP service (explicit because of pam_dial_auth)
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1 use_first_pass
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
other auth requisite pam_authtok_get.so.1 debug
other auth required pam_dhkeys.so.1 debug
other auth binding pam_unix_auth.so.1 server_policy debug
other auth required pam_ldap.so.1 use_first_pass debug
# passwd command (explicit because of a different authentication module)
passwd auth binding pam_passwd_auth.so.1 server_policy debug
passwd auth required pam_ldap.so.1 use_first_pass debug
# cron service (explicit because of non-usage of pam_roles.so.1)
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
other account requisite pam_roles.so.1 debug
other account required pam_projects.so.1 debug
other account binding pam_unix_account.so.1 server_policy debug
other account required pam_ldap.so.1 no_pass debug
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
other session required pam_unix_session.so.1
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
other password required pam_dhkeys.so.1 debug
other password requisite pam_authtok_get.so.1 debug
other password requisite pam_authtok_check.so.1 debug
other password required pam_authtok_store.so.1 server_policy debug
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
bash-2.05$ passwd
passwd: Changing password for VV
Enter existing login password:
New Password:
passwd: Password too short - must be at least 8 characters.
Please try again
May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
I am using the default policy on the directory server which states a minimum password length of 6 characters.
server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
pwd-accept-hashed-pwd-enabled : N/A
pwd-check-enabled : off
pwd-compat-mode : DS6-mode
pwd-expire-no-warning-enabled : on
pwd-expire-warning-delay : 1d
pwd-failure-count-interval : 10m
pwd-grace-login-limit : disabled
pwd-keep-last-auth-time-enabled : off
pwd-lockout-duration : disabled
pwd-lockout-enabled : off
pwd-lockout-repl-priority-enabled : on
pwd-max-age : disabled
pwd-max-failure-count : 3
pwd-max-history-count : disabled
pwd-min-age : disabled
pwd-min-length : 6
pwd-mod-gen-length : 6
pwd-must-change-enabled : off
pwd-root-dn-bypass-enabled : off
pwd-safe-modify-enabled : off
pwd-storage-scheme : CRYPT
pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
pwd-strong-check-enabled : off
pwd-strong-check-require-charset : lower
pwd-strong-check-require-charset : upper
pwd-strong-check-require-charset : digit
pwd-strong-check-require-charset : special
pwd-supported-storage-scheme : CRYPT
pwd-supported-storage-scheme : SHA
pwd-supported-storage-scheme : SSHA
pwd-supported-storage-scheme : NS-MTA-MD5
pwd-supported-storage-scheme : CLEAR
pwd-user-change-enabled : off
Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
. It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
Edited by: ericduggan on Sep 8, 2008 5:30 AM

you can try passwd -r ldap for changing the ldap passwds...

Cannot set up certs for trusted CAs going from 1.4.2_03 to 1.4.2_13

Getting a wierd issue with "Cannot set up certs for trusted CAs" This works if we are using anything less then 1.4.2_07, but the minute we install 1.4.2_07 or 13 as the case may be we get the following Exception:
log9: java.lang.ExceptionInInitializerError
log9: at javax.crypto.Cipher.a(DashoA12275)
log9: at javax.crypto.Cipher.getInstance(DashoA12275)
log9: at com.gm.gwm.common.util.AesUtil.encrypt(AesUtil.java:31)
log9: at com.gm.gwm.common.data.OfflineAuthenticatorDao.updatePassword(OfflineAuthenticatorDao.java:645)
log9: at com.gm.gwm.common.service.OfflineAuthenticatorService.updatePassword(OfflineAuthenticatorService.java:141)
log9: at main.jspService(_main.java:156)
log9: at oracle.jsp.runtime.HttpJsp.service(HttpJsp.java:119)
log9: at oracle.lite.web.JupServlet.service(Unknown Source)
log9: at oracle.lite.web.JspRunner.service(Unknown Source)
log9: at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
log9: at oracle.lite.web.JupServlet.service(Unknown Source)
log9: at oracle.lite.web.MimeServletHandler.handle(Unknown Source)
log9: at oracle.lite.web.JupApplication.handle(Unknown Source)
log9: at oracle.lite.web.JupApplication.service(Unknown Source)
log9: at oracle.lite.web.JupHandler.handle(Unknown Source)
log9: at oracle.lite.web.HTTPServer.process(Unknown Source)
log9: at oracle.lite.web.HTTPServer.handleRequest(Unknown Source)
log9: at oracle.lite.web.JupServer.handle(Unknown Source)
log9: at oracle.lite.web.SocketListener.process(Unknown Source)
log9: at oracle.lite.web.ClientListener.process(Unknown Source)
log9: at oracle.lite.web.SocketListener$ReqHandler.run(Unknown Source)
log9: Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
log9: at javax.crypto.SunJCE_b.<clinit>(DashoA12275)
log9: ... 21 more
log9: Caused by: java.lang.IllegalStateException: Already connected
log9: at java.net.URLConnection.setUseCaches(Unknown Source)
log9: at sun.net.www.protocol.jar.JarURLConnection.setUseCaches(Unknown Source)
log9: at javax.crypto.SunJCE_d.a(DashoA12275)
log9: at javax.crypto.SunJCE_b.g(DashoA12275)
log9: at javax.crypto.SunJCE_b.f(DashoA12275)
log9: at javax.crypto.SunJCE_t.run(DashoA12275)
log9: at java.security.AccessController.doPrivileged(Native Method)
Not sure what we are doing wrong.
    public static String encrypt(String value) throws AesException {
          try {
               SecretKeySpec secKeySpec = new SecretKeySpec(fromHexString(encyptKey), algorithm);
               Provider provider = new SunJCE();
              Security.addProvider(provider);
            Cipher cipher = Cipher.getInstance(algorithm, provider);
               cipher.init(Cipher.ENCRYPT_MODE, secKeySpec);
               byte[] encryptedBytes = cipher.doFinal(value.getBytes());
               return toHexString(encryptedBytes);
          } catch (Exception e) {
               throw new AesException(e);
     }

I added that late just in case, for some strange reason, the provider wasn't getting picked up.
Here is the list of available providers:
log9: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore
; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
log9: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
log9: SUN's provider for RSA signatures
log9: SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
log9: Sun (Kerberos v5)
log9: java.lang.ExceptionInInitializerError
The minute I rollback to an older JVM this works.

How to set Portal Theme for WDA iView different from user's Theme

Hi Experts!
I have dual-stack system: ABAP server + Java. I have WDA application in ABAP server and I deployed it to NW Portal via iView (using template).
There are two themes customized:
1: Standard - to be used for all iviews except WDA iviews. This theme is set as default for user.
2.: WDA theme - to be used for some WDA iviews IRRESPECTIVELY what them is set in personalization settings of the user.
So my question is:
Can I somehow set the Portal Theme to be used for specific iView no matter what Theme user has selected in his personalization?
Or if its not possible, can I set some specific Theme for WDA application?
So taks is to overcome settings for default portal theme for user and replace it with different theme. Is this possible?
Thanks in advance.

Are you using an LDAP as your UME, or are the user records from from R/3 ?
Apparently (Ive never done it) you used to be able to force a default language by editing this file (back in the EP5 days):
<J2EE root>\WEB-INF\portal\system\properties\prtDefault.properties
Look at the following lines :
This is the default language to be used when none is specified
request.defaultlanguage=en
request.defaultcountry=us
If you prefer to have the same language for all users no matter their user locale, change the lines to this :
This is the default language to be used when none is specified
request.mandatorylanguage=en
request.mandatorycountry=us
I hope this works out for you

WLC connect LDAP for Authentication, but could not connect to server

Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
Service Port - Not connected
Distrubution port include:
     Management Interface - in AP Management VLAN - 30
     Student AP interface - in Student VLAN - 20
     Staff AP interface - in Staff VLAN - 10
AD is in Staff VLAN - 10
WLC LDAP Server setting
Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
User Attribute: sAMAccountName
User Object Type: Person
Debug aaa all enable message
*LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
*LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
WLC GUI Log:
*LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
*LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
*LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
LDP Message of LDAP BaseDN:
Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
4> objectClass: top; person; organizationalPerson; user;
1> cn: Frankie F. Yeung;
1> sn: Yeung;
1> givenName: Frankie;
1> initials: F;
1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
1> instanceType: 0x4 = ( IT_WRITE );
1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
1> displayName: Frankie F. Yeung;
1> uSNCreated: 3850555;
1> uSNChanged: 3850571;
1> name: Frankie F. Yeung;
1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
1> badPwdCount: 0;
1> codePage: 0;
1> countryCode: 0;
1> badPasswordTime: 0;
1> lastLogoff: 0;
1> lastLogon: 0;
1> pwdLastSet: <ldp error <0x0>: cannot format time field;
1> primaryGroupID: 513;
1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
1> accountExpires: <ldp error <0x0>: cannot format time field;
1> logonCount: 0;
1> sAMAccountName: fckyeung;
1> sAMAccountType: 805306368;
1> userPrincipalName: [email protected];
1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
Hope I can resolve this problem ASAP, thanks!

Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
But you can do LDAP for web authentication, that has no eap methods.
Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD.

Secure LDAP for GWIA Address book

I've setup the GWIA 7.0.3 May 2009 code set and configured for Secure LDAP.
I'm using the same *.b64 and *.key files we use for all our POA and MTAs.
I cannot get the Novell LDAP address book to connect to 636.
Is there a document I can use to help me figure this out.
I can revert to 389 but that port is not open through the firewall.
Mike

POP and IMAP both work on secure port
>>>
From: jgrubbs<[email protected]>
To:novell.support.groupwise.7x.gwia
Date: 9/9/2009 6:36 PM
Subject: Re: Secure LDAP for GWIA Address book
Does POP3 work on the secure port?-- Jeff Grubbs
Novell Technical Support Engineer II
[email protected]-------------------------jgrubbs's Profile: http://forums.novell.com/member.php?userid=41638View this thread: http://forums.novell.com/showthread.php?t=385674

Using Dynamic Groups in Ldap for Accounts and Roles

Does anyone currently use dynamic groups in LDAP for accounts and roles? I have set up a dynamic group in ldap (we are using OID Oracle internet Directory 10.1.2.0) , ldapsearch returns the correct list of unique names, but the account does not appear on my profile page when I log in to UCM (10.1.3). I cannot find any documentation so I'm asking myself if it is supported .....

Thanks tim ... will check, but Oracle are saying :
Oracle Universal Content Management - Version: 7.5.1
Information in this document applies to any platform.
Product: Content Server
Version: 6.0
Goal
Can the Content Server's LDAP provider support, or can it be configured to support, dynamic LDAP groups?
Solution
The Content Server by itself is unable to process dynamic LDAP groups since the filter that is used cannot read dynamic groups. However, dynamic groups can still work in the Content Server if the permissions for the queried user are generated on the LDAP server side. For example: Novell and Active Directory both have this functionality.
to which I have replied you suport 3rd party ldaps, but not your own? Shurely shome mishtake ..... if ldap search works in a seamless way, surely provider should too ....
Billy, you may well be right, just got a cashflow problem over here !

Setting up LDAP realm with WLI 7

Any pointer to Step by step instruction on to how to set up LDAP realm for Access Control with Weblogic integration 7

Pramit Basu <[email protected]> wrote:
Any pointer to Step by step instruction on to how to set up LDAP realm
for Access Control with Weblogic integration 7In order to use LDAP realm with WLI 7.0, you need to do the following steps:
1) In WebLogic server level, you need to create a Caching Realm and a LDAP realm.
First, please backup your original config.xml file. Then, you can start configure
the realms. You can do this by modifying the config.xml file, or through WLS console.
After you have done this, your config.xml file should contain the following:
<LDAPRealm AuthProtocol="none"
Credential="{3DES}rYiW/DkUxq4UPwR0XLbM9w=="
GroupDN="o=beasys.com,ou=Groups" GroupIsContext="false"
GroupNameAttribute="cn" GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://jpengdesk:389"
Name="LDAPRealmForNetscapeDirectoryServer" Principal="cn=admin"
UserAuthentication="bind" UserDN="o=beasys.com,ou=People"
UserNameAttribute="uid" UserPasswordAttribute="userpassword"/>
--- You can also do this in Console. Please make sure the "UserDN" and "GroupDN"
values are correct according to the groups and users stored on your LDAP server.
In my example here, "beasys.com" is my root entry, and I have all the users created
underneath of OU "People", and I have all the groups created in OU "Groups".
<CachingRealm BasicRealm="LDAPRealmForNetscapeDirectoryServer" Name="MyCaching
Realm"/>
--- You can do this in console by clicking on "Caching Realms", then click on
the link of "Configure a new Caching Realm". Name it as "MyCaching Realm", and
select "LDAPRealmForNetscapeDirectoryServer" as the BasicRealm.
<Realm CachingRealm="MyCaching Realm" FileRealm="myFileRealm" Name="myRealm"/>
--- you can do this in console by clicking on "Compatibility Security", then click
on the "Filerealm" tab, then, in the "Caching Realm" field, select MyCaching Realm"
from the pull down comb box.
Please make sure all the names are related. See above example, the value in blue
color should match, and the value in red color should match too.
Please see the attached config.xml file for reference.
2) Create the users in LDAP server. In my example, I simply created 3 users underneath
of OU “People”, they are:
weblogic
wlisystem
admin
“weblogic” is the user I used as my system administrator user, which
I used to boot my WLS server and access my WLS console.
“wlisystem” and “admin” are the users created for WLI
component.
3) Create 11 groups in LDAP server. In my example, as I mentioned above, I create
all these groups underneath of OU “Groups”. These groups are:
ConfigureComponents
Administrators
wlpiUsers
MonitorInstance
ExecuteTemplate
CreateTemplate
UpdateTemplate
DeleteTemplate
AdminsterUser
ConfigureSystem
wlpiAdministrators
Also, add the users created in step 2 into all of these groups.
4) Clean up the fileRealm.properties file.
Backup your original fileRealm.properties file. Then, remove all the entries starting
with “user.xxx” and “group.xxx”, only leave those entries
starting with “acl.xxx”.
Please see the attached “fileRealm.properties” file for reference.
5) Restart your WLI server. Verify the users and groups you defined in LDAP server
are displayed in WLS console correctly. You can see the user and group information
in “Compatibility Security” à “Users”, and “Compatibility
Security” à “Groups” respectively.
6) Start your studio to design a simple Workflow. When you login, the authentication
of your username and password is against the LDAP server, since you don’t
have any user entries in your fiel realm any more.
7) Start your Worklist to execute the workflow. Also, When you login, the authentication
of your username and password is against the LDAP server, since you don’t
have any user entries in your fiel realm any more.
Once you execute the workflow, you can verify that workflow instance in Studio.
You can monitor the instance, and delete the instance.

Has anyone encounter this "unable to set node credentials for /LDAPv3"?

Install and updated the Macmini server to 10.6.5. It working fine until try to access the Server Preferences and error message "unable to set node credentials for /LDAPv3/127.0.0.1 with the record name **." Looking at the logs and has servermgr_accounts got error 5203 trying to auth to local LDAP node. Has anyone found solution for this problem?
Thanks
Luis

Thank you for responding. This is what we are using in a small company a Cisco Switcher, and don't have a router.
If you're getting connections off of the network out to the Internet, then yes, there is a router involved. Somewhere.
MacMini server I have an IP address of 169.254.xxx.xx, before IP address was 192.254.xxx.xx.
That IP address implies that the box isn't getting an IP address from a DHCP server; that's the self-assigned block. (Officially, these addresses are in the Automatic Private Address Configuration Automatic Private IP Addressing (APIPA) IANA reserved range.)
Which implies that at least two problems lurk.
Mac OS X Server must have a static IP address. Not DHCP-assigned dynamic addresses.
And a DHCP server isn't answering the IP address requests. (Well, not unless the DHCP server is passing out addresses in the self-assigned block, and that wouldn't likely be considered best-practice. More likely an IP address from a DHCP address pool allocated within a subnet somewhere in the 10.0.0.0/8 or 172.16.0.0/12 or (less desirably) 192.168.0.0/16 private blocks.
The Firewall is not turned on. Its purpose is for guest to access files, without deleting or modifying it.
When you're debugging problems, simplify. Divide the problem. With network services, test the lowest levels of the stack. Then work your way up the stack; toward higher-level services and mechanisms. Then add more parts and pieces, and DHCP and related.
IP hosts operating at 169.254.0.0/16 addresses (for longer than it takes to get an IP address from DHCP) usually implies that the network configuration is invalid or the DHCP server is not working.
I did not expect that Open Directory would be a big problem.
If DNS services or IP routing is misconfigured, then the whole rest of the stack will be unstable at best. The configuration order (and debugging order) involves functional IP networking and hardware, first and foremost. Then having functional DNS. Then Open Directory and then Kerberos. Then the rest of the stack.

Problems setting up ldap on solaris 10.

when trying to set up LDAP on Solaris 10 I am asked for an LDAP profile and the address of the ldap server. I know the address of the LDAP server but what is the profile, and how do I set it up with active directory?

Hi,
The profile defines how the client will interact with the server. On a Solaris server, you set this file up with the /usr/lib/ldap/idsconfig command. On the client, you use ldapclient init -a profileName=xyz -a domainName=your.domain <server.ip.adderss.here:portno> portno not necessary if you are using port 389 on server. I'm not sure how you duplicate the functionality of that file from a Windows server. Maybe if you look at man page on idsconfig, it may help identify what needs to be done on Windows server to create a profile the Solaris client can use. I went to MS TechNet and searched for "ldap server for solaris client" A lot of hits. Hope this helps.
John

Mavericks Server, separate OU in LDAP for Teachers, Students

We are a school using Mavericks Server 10.9.4: 1 Master, 4 Replicas, 7 facilities, 1700 Users. OD manages our LDAP user database. We need to put teachers/staff into a separate OU in LDAP from the students. Reason is we use WebHelpDesk and CASPER, which also reference LDAP for their User Data and we can't have Student Accounts in those applications. I don't have the first idea where to start. Any help is MUCH appreciated.

Hi,
the form alone will only help you with IDM just like you experienced. The reason is that in LDAP and AD what you are trying to do is not an update but a rename in IDMs terminology.
So what you have to do is:
Find out that the user has to move and move him in IDM in the form. Put a field in your form like issueRename and set it to true.
Clone your updateUser workflow and add a new activity issueRename. In the provisioning activity insert a new transition to issueRename if user.issueRename equals true.
The new activity checks out a rename view modifies it and checks it back in to then continue where the provisioning activity would have gone if you had not inserted the rename step.
To figure out how to manipulate the view to reach your goal use the bpe on a user with AD and LDAP and check out his rename view. Modify it, save it and check if it worked. When you got it working do the same what you did in bpe interactivly with a script action between renameView checkout and checkin.
Regards,
Patrick

Setting up LDAP for HP ALM 12

Similar Messages

Maybe you are looking for