To Create an encrypted DB and LDAP

Hi,
For an ER I am working on, I need to setup an encrypted LDAP/DB with a proper keystore file and password. Is there any documentation on how and where to find this?

I just found this article right after I posted.    Insecure Encrypted Disk Image?

Similar Messages

  • How can I create new user in such that its entries are stored both in profile server and ldap?

     

    Portal only creates a user profile locally within its native ldap server. Two ways you can approach this is to either write a custom auth module that creates a user in the ldap server at the same time or handle it through replication.

  • I create an encrypted file on my mac and it always opens without the password.  Wh,y?

    I have tried several times to create an encrypted file on my iMac, following the procedure Apple lists, using Disk Utility.  Each time, the file opens without requiring a password. Hence, there is no security.  What am I doing wrong?

    Apparently, you missed this salient part:
    If you select “Remember password in my keychain,” anyone with access to your computer may be able to open the disk image without entering the password.

  • Server 2012 CDP PKI Setup on Subordinate CA - Active Directory Certificate Services could not create an encryption certificate

    Hi,
    When I check pkiview.msc on my 2012 Subordinate CA I get the error shown in the first picture below. I'm also getting errors similar to below in the event log:
    "Active Directory Certificate Services could not create an encryption certificate.  Requested by contoso\admin1.  The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)."
    I'm assisting in setting up a 2 tier PKI infrastructure using Windows 2012. The root CA looks good, but we're getting errors on the subordinate. The server was working, but we discovered that the server would only issue certificates with a maximum of a 1
    year expiry date - obviously no good, so we decided to run through the following commands on the root CA (as recommended byhttp://www.techieshelp.com/subordinate-ca-increase-certificate-validity/)
    certutil -setreg ca\ValidityPeriodunits "Years"
    certutil -setreg ca\ValidityPeriod "5"
    restarted AD certificate services on the root and subordinate CA.Then did the following on the subordinate CA:
    1.On the Subordinate CA create a new CA request by right clicking the server in ADCS and select New Request.
    2.Supplied the original request file from the subordinate CA (I couldn't find a way of generating a new request file)
    3.Issued the certificate using the Root CA.
    4.On the Subordinate CA ADCS installed new CA cert.
    However, I keep on getting CDP or AIA errors on my subordinate CA.Also I'm missing a CDP field value when I look at the certificate listed in the personal and trusted certification authority store on my subordinate CA.
    In addition, when I look at my CDP locations in Certificate Authority, I see a lot of CDPs, but I'm not sure if I need them all - I suspect I could just get away with LDAP, the C:\windows path and a single http:// path.
    I've tried renewing the existing certificate and CRL on my subordinate CA, but that didn't work either.
    Please advise.
    Thanks

    Ok, the process to renew the subordinate CA is incorrect. Once the registry setting to change the validity period was made on the root CA, the root CA ADCS service needs to be restarted. That is the only time those keys are read. Then:
    1) On the subordinate CA, open the CA tool, right click the CA and select Renew CA Certificate. You can use the same key, no need to create a new one. It will create a NEW certificate request file
    2) Copy that to the Root CA and submit like you would have done during the initial install
    3) Approve the request and export the issued certificate
    4) On the subordinate CA, in the CA tool, right click the CA and choose Install CA Certificate.
    You can not reuse request files.
    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years.

  • Unable to create an encrypted disk image in Lion

    disk utility gives the error Unable to create "Volume.dmg." (error - 60008) when creating an encrypted disk image. I am using the following steps:
        1.    Open disk utility
        2.    Select the disk (internal or external) to create the image on
        3.    Select File>New>Blank Disk Image…
        4.    Save As: 'Volume'
        5.    Name: Volume
        6.    Size: 50GB
        7.    Format: Mac OS Extended (Journaled)
        8.    Encryption: 128-bit AES encryption
        9.    Image Format: read/write disk image
        10.    Click the Create button
        11.    Password dialog appears
        12.    When I enter a password the dialog closes after entering only a few characters i.e. before I've finished typing, and the following error message displays:
    Unable to create "Volume.dmg." (error - 60008)
    I have previously, successfully, created encrypted disk images in Snow Leopard, and I don't know why I can't in Lion
    Does anyone have any ideas?

    Thanks for this Thomas.
    I've tried naming the image differently, but still received the error, I did however try different permutations for the password.
    The error seems to happen if I use a purely numerical password string and occurs on input of the 10th numerical character, if I start with numerical character but use an alpha before the 9th number I can continue and create a password, and I can create a password  if I start with an alpha and switch to numerals after the first alpha character, purely alphabetical passwords are fine too.
    It seems that Lion doesn't like purely numerical passwords greater than 9 characters, whereas Snow Leopard wasn't so fussy. Seems it's a bit of a bug.
    Thanks for your help

  • Unable to create an encrypted disk image with Disk Utility

    Hi:
    With our upgrade to Lion a few weeks ago, we're now unable to create an encrypted disk image of any type using Disk Utility any more. This problem occurs on 3 different machines, and is reproducible whether one is using an internal HD or an external FW HD. We can successfully create nonencrypted disk images.
    This is a duplicate post with all the details here: https://discussions.apple.com/message/18469359#18469359
    We haven't had any luck with a solution trying various permissions fixes as helpfully suggested by other readers in response to the error message # (-60008 error), so I'm hoping that someone else has run across a solution from the encrypted disk image perspective and that this tag line will generate some help.
    Thank you!

    Save As: 01 (on Desktop)
    Name: 01
    Size: 100 MB
    Format: Mac OS Encrypted (Journaled)
    Encryption: 256-bit AES
    Partitions: Single partition- Apple Partition Map
    Image Format: read/write disk image
    At the password window that pops up I enter: 1234567890
    This says password strength is "Weak"
    All works fine
    Then I repeated this using:
    Save As: 02 (on Desktop)
    Name: 02
    Size: 100 MB
    Format: Mac OS Encypted (Journaled)
    Encryption: 256-bit AES
    Partitions: Single partition- Apple Partition Map
    Image Format: read/write disk image
    At the password window that pops up I enter: 1234567890 and when I start to enter the next "1" I get the "Unable to create "02.dmg." (error -60008)
    OS 10.7.4
    Disk Utility Version 12.1.1 (353)

  • Creating an Encrypted Disk Image on an External (USB) Drive

    I have an external 600 GB drive (2x 300 GB SATA 3.5" disks in a Thecus N2050 RAID0 external enclosure connected to iMac by USB2) onto which I would like to backup a large amount of data (500 GB).
    I store this external drive away from my home (in the office) and since I cannot guarantee physically locking away the drive I would like to logically lock the drive by placing all the backup data into an encrypted disk image created on that volume.
    I have tried creating an encrypted disk image on my USB volume in Disk Utility (Apple's instructions here) but I experience a number of issues not documented in the Apple article:
    1) I am not presented with a drop-down option for the size of the disk image.
    2) When I go ahead and try to creat the image I am told that the creation was impossible "file or folder does not exist".
    Is it possible to create disk images on USB volumes (I cannot create such a large disk image on my iMac HDD as I do not have sufficient space).
    thanks in advance
    Raf

    I realised that in Disk Utility you must not have any of your mounted drives highlighted in the left hand pane.

  • How to create a stored procedure and use it in Crystal reports

    Hi All,
    Can anyone explain me how to create a stored procedure and use that stored procedure in Crystal reports. As I have few doubts in this process, It would be great if you can explain me with a small stored proc example.
    Thanks in advance.

    If you are using MSSQL SERVER then try creating a stored procedure like this
    create proc Name
    select * from Table
    by executing this in sql query analyzer will create a stored procedure that returns all the data from Table
    here is the syntax to create SP
    Syntax
    CREATE PROC [ EDURE ] procedure_name [ ; number ]
        [ { @parameter data_type }
            [ VARYING ] [ = default ] [ OUTPUT ]
        ] [ ,...n ]
    [ WITH
        { RECOMPILE | ENCRYPTION | RECOMPILE , ENCRYPTION } ]
    [ FOR REPLICATION ]
    AS sql_statement [ ...n ]
    Now Create new report and create new connection to your database and select stored procedure and add it to the report that shows all the columns and you can place the required fields in the report and refresh the report.
    Regards,
    Raghavendra
    Edited by: Raghavendra Gadhamsetty on Jun 11, 2009 1:45 AM

  • Create a new DB and conn / as sysdba ORA-01031

    Im try to create a new DB and:
    ex[oracle@srv-orcl 9.2.0]$ export ORACLE_SID=testerms
    [oracle@srv-orcl 9.2.0]$ sqlplus /nolog
    SQL*Plus: Release 9.2.0.4.0 - Production on Tue Feb 26 15:33:49 2008
    Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
    SQL> conn / as sysdba
    ERROR:
    ORA-01031: insufficient privileges
    SQL>
    Someone can help me?
    Tks,
    Elber

    [oracle@srv-orcl admin]$ ls -l $ORACLE_HOME
    total 176
    drwxr-xr-x 10 oracle oinstall 4096 Nov 27 21:32 Apache
    drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:32 assistants
    drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:32 BC4J
    drwxr-xr-x 2 oracle oinstall 4096 Feb 25 13:17 bin
    drwxr-xr-x 10 oracle oinstall 4096 Nov 27 21:33 ctx
    drwxr-xr-x 2 oracle oinstall 4096 Feb 26 15:50 dbs
    drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:30 demo
    drwxr-xr-x 10 oracle oinstall 4096 Nov 27 21:32 ds
    drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:37 install
    drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:38 inventory
    drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:34 javavm
    drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:27 jdbc
    drwxr-xr-x 9 oracle oinstall 4096 Nov 27 21:30 jdk
    drwxr-xr-x 2 oracle oinstall 4096 Nov 27 21:34 jlib
    lrwxrwxrwx 1 oracle oinstall 25 Nov 27 21:29 JRE -> /u01/app/oracle/jre/1.4.2
    drwxr-xr-x 6 oracle oinstall 4096 Nov 27 21:31 jsp
    drwxr-xr-x 16 oracle oinstall 4096 Nov 27 21:34 ldap
    drwxr-xr-x 3 oracle oinstall 4096 Feb 25 13:17 lib
    drwxr-xr-x 3 oracle oinstall 4096 Feb 25 13:26 lib32
    drwxr-xr-x 4 oracle oinstall 4096 Nov 27 21:35 md
    drwxrwxrwx 14 oracle oinstall 4096 Nov 27 21:37 network
    drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:31 oci
    drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:29 ocommon
    drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:29 ocs4j
    drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:27 oracm
    drwxr-xr-x 4 oracle oinstall 4096 Nov 27 21:27 oracore
    drwxr-xr-x 13 oracle oinstall 4096 Nov 27 21:32 ord
    drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:35 otrace
    drwxr-xr-x 4 oracle oinstall 4096 Nov 27 21:32 owm
    drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:28 pfs
    drwxr-xr-x 9 oracle oinstall 4096 Nov 27 21:35 plsql
    drwxr-xr-x 9 oracle oinstall 4096 Nov 27 21:30 precomp
    drwxr-xr-x 15 oracle oinstall 4096 Nov 27 21:35 rdbms
    drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:28 relnotes
    -rwxr-xr-x 1 oracle oinstall 5873 Nov 27 21:37 root.sh
    -rw-r--r-- 1 oracle oinstall 0 Feb 26 2004 root.sh.old
    drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:30 slax
    drwxr-xr-x 7 oracle oinstall 4096 Nov 27 21:33 soap
    drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:31 sqlj
    drwxr-xr-x 9 oracle oinstall 4096 Nov 27 21:35 sqlplus
    drwxr-xr-x 4 oracle oinstall 4096 Nov 27 21:27 srvm
    drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:33 syndication
    drwxr-xr-x 10 oracle oinstall 4096 Nov 27 21:35 ultrasearch
    drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:32 wwg
    drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:31 xdk
    [oracle@srv-orcl admin]$
    ############################################################

  • BI PUBLISHER AND LDAP-- Can not see Admin tab

    I have setup BI Publisher with LDAP. Created all XMLP_* groups in LDAP and created user Administrator in LDAP as a member of XMLP_* groups. However, when I login to BI Publisher, I can not see Admin tab. I have reads all posts on this site, but nothing helpful. Any help... Thanks

    check this url, I think this help.
    http://oraclebizint.wordpress.com/2007/11/06/oracle-bi-publisher-and-bi-ee-invisible-admin-tab/
    thanks.

  • WLC and LDAP Groups

    Is there any way on an LDAP server to create an LDAP group that can be tied to the WLC for LDAP authentication.  I have this url that explains local authentication and LDAP...  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml .  That helps with local authentication but one thing I don't see is any guidance on how to create a group in a DC to communicate with anything on WLC.  Any ideas?

    You are right. You need a radius server overall that integrates with AD and do AD-to-radius group mapping. This way authentication is allowed/denied from radius, not WLC itself.
    If the user can get a radius server to achieve this that will be great (especially if the user is using 802.1x/EAP authenticaion). If not, what I described about OU mapping is the only solution to get the users classified as per what I understood from users requirements.
    The user is not only limited to Microsoft RADIUS (IAS or NPS). However, any radius server that supports AD group mapping can be used. with cisco ACS for example this is supported as well. I am not sure if this is also supported with open-source radius (openRadius for example). But if it is then openRadius can also be used.

  • Authenticating against both RDBMS and LDAP in WL6.0

    Hi,
    We are designing a webapp that will be accessible to both internal and
    external users. For internal users, we would like to authenticate via LDAP;
    for external users we would like to use RDBMS. In WL5.1, this looked to be
    possible with the DelegatingRealm, however this has been removed in WL6.0.
    Two questions:
    1) Why was it removed?
    2) How can we get this functionality in WL6.0?
    Thanks much for your help,
    -jt

    We are currently deployed on WL5.1 with a similar situation as you and in
    the process of migrating to WL6. We are Authenticating against LDAP and
    Authorizing against RDBMS. But I can't see how you could tell it to go
    one way for certain users and another for other users.
    The delegatingrealm in WL5 was intended to split the responsibility of
    Authenticating to one source and Authorization to another. To make this
    work for your Application of splitting internal and external users
    security, I suppose you can do it if you can somehow pass the information
    to the Security Realm the type of the user that is logging in. Maybe you
    can make this code a part of the userid such as ext_uersID or int_userID.
    Doing this will allow you to filter the where the users are coming from
    and Direct them to the appropriate security realm.
    As far as WL6 goes, the Delegating realm class is no longer available
    since the security model for WL6 is different from WL5. But you can take
    a look at what they did with the RDBMSrealm example and use that. This is
    what we did to make our Security work in WL6. However, you can no longer
    store ACLs in the RDBMS realm in WL6.
    Hopes this helps.
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    You will need to create a Custom Realm which delegates to both your RDBMS
    and LDAP perhaps using the Weblogic supplied RDBMS and LDAP realms
    "Jonathan Thompson" <[email protected]> wrote in message
    news:3accf1a3$[email protected]..
    Hi,
    We are designing a webapp that will be accessible to both internal and
    external users. For internal users, we would like to authenticate viaLDAP;
    for external users we would like to use RDBMS. In WL5.1, this looked tobe
    possible with the DelegatingRealm, however this has been removed in WL6.0.
    >
    Two questions:
    1) Why was it removed?
    2) How can we get this functionality in WL6.0?
    Thanks much for your help,
    -jt
    [att1.html]

  • HT201269 I have encrypted back up of my iphone on my laptop, forgotten the encryption key. want to delete the old backup, remove encryption option and resynch with my iPhone in none encrypted. Have deleted the old back up but can't get ride of the encrypt

    have an encrypted copy of my iPhone back up on my laptop. forgotten the access code. I have deleted the back up and want to remove the encryption option and resynch with my iphone none encrypted, what are my options other than removing iTune from my laptop and reloading it

    1) You asked "Does she need to reconnect to that itunes/computer and if so what do we need to do to remove this folder of pics from her ipod?" Yes, you have to connect the iPod to that computer and go to the Photos pane for the iPod in iTunes and uncheck sync photos and the click on synce/apply. In the future do not check sync photos.
    iOS and iPod: Syncing photos using iTunes
    2)
    Create a NEW account for using these instructions. Make sure you follow the instructions. Many do not and if you do not you will not get the None option. You must use an email address that you have not used with Apple before.
    Creating an iTunes Store, App Store, iBookstore, and Mac App Store account without a credit card
    Then on the iPod go to
    - Settings>Messages>Send and receive and sign out your ID and sign into hers. Make sure that only her ID email address is listed.
    - Settings>FaceTime sign out of your ID and sign into hers. Make sure that under You can be reached at only her ID email address is listed
    - Settings>iCloud and sign out and sign in with hers
    Contnue to use the commpn ID/account for Settings>iTunes and App stores.

  • Encrypted root and swap and hibernation

    Hey
    I've got this setup and working, but I'm looking to tidy the config up.
    I had encryption set up using luks containers as per the wiki, using a key file for the root parition and a new key for the swap. Obviously this is no good for hibernation, and I need to use the same key for the swap all the time. Following the cryptsetup instructions on the wiki is no good either because swap is unlocked far too late in the boot process.
    So, I created a new container for swap using the same key as my root parition and added a line to the encrypt hook script to unlock swap if unlocking root was successful. Made sure encrypt was before resume in mkinitcpio.conf, and resume before file system, altered /etc/fstab to mount /dev/mapper/swap during boot, and added resume=/dev/mapper/swap to grub.conf
    So during hibernation the memory is saved to the encypted swap /dev/mapper/root, and because swap is unlocked at the same time as root, early in the boot process then resum is able to restore memory from the encrypted swap.
    So my question, is there a way to have swap unlocked at the same time as root without having to hack and butcher the encrypt hook script.
    Last edited by phildg (2007-12-06 14:34:13)

    Without hacking the encrypt hook, you'll only be able to unlock one volume at the same time. Afaik the device mapper asks for a password for each encrypted partition, and using one for all won't work, you have to repeat the process for each partition, whereas the encrypt hook only seems to be able to handle one partition. You can hack it, but I haven't done that (yet), it's already quite messy you have to hack the hook file to make it apply to non-root partitions.

  • Security using both rpd users and ldap

    Hi,
    I need 5 dummy users in rpd. I dont want to give them adminstrator previleges because they are not allowed to see everything in my dashboards. My authentication works using an LDAP server, is there any way I can let these dummy users login along with those in the LDAP server??

    I dont think it is possible to use both BI server default authentication and LDAP. You can always have multiple LDAP servers to authenticate. You can request for 5 service accounts to be created in the LDAP for OBIEE, and assign the privileges accordingly so they will see only required dashboards.
    Please award points if helpful,
    Thanks,
    -Amith.

Maybe you are looking for