To Create an encrypted DB and LDAP
Hi,
For an ER I am working on, I need to setup an encrypted LDAP/DB with a proper keystore file and password. Is there any documentation on how and where to find this?
I just found this article right after I posted. Insecure Encrypted Disk Image?
Similar Messages
-
How can I create new user in such that its entries are stored both in profile server and ldap?
Portal only creates a user profile locally within its native ldap server. Two ways you can approach this is to either write a custom auth module that creates a user in the ldap server at the same time or handle it through replication.
-
I have tried several times to create an encrypted file on my iMac, following the procedure Apple lists, using Disk Utility. Each time, the file opens without requiring a password. Hence, there is no security. What am I doing wrong?
Apparently, you missed this salient part:
If you select “Remember password in my keychain,” anyone with access to your computer may be able to open the disk image without entering the password. -
Hi,
When I check pkiview.msc on my 2012 Subordinate CA I get the error shown in the first picture below. I'm also getting errors similar to below in the event log:
"Active Directory Certificate Services could not create an encryption certificate. Requested by contoso\admin1. The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)."
I'm assisting in setting up a 2 tier PKI infrastructure using Windows 2012. The root CA looks good, but we're getting errors on the subordinate. The server was working, but we discovered that the server would only issue certificates with a maximum of a 1
year expiry date - obviously no good, so we decided to run through the following commands on the root CA (as recommended byhttp://www.techieshelp.com/subordinate-ca-increase-certificate-validity/)
certutil -setreg ca\ValidityPeriodunits "Years"
certutil -setreg ca\ValidityPeriod "5"
restarted AD certificate services on the root and subordinate CA.Then did the following on the subordinate CA:
1.On the Subordinate CA create a new CA request by right clicking the server in ADCS and select New Request.
2.Supplied the original request file from the subordinate CA (I couldn't find a way of generating a new request file)
3.Issued the certificate using the Root CA.
4.On the Subordinate CA ADCS installed new CA cert.
However, I keep on getting CDP or AIA errors on my subordinate CA.Also I'm missing a CDP field value when I look at the certificate listed in the personal and trusted certification authority store on my subordinate CA.
In addition, when I look at my CDP locations in Certificate Authority, I see a lot of CDPs, but I'm not sure if I need them all - I suspect I could just get away with LDAP, the C:\windows path and a single http:// path.
I've tried renewing the existing certificate and CRL on my subordinate CA, but that didn't work either.
Please advise.
ThanksOk, the process to renew the subordinate CA is incorrect. Once the registry setting to change the validity period was made on the root CA, the root CA ADCS service needs to be restarted. That is the only time those keys are read. Then:
1) On the subordinate CA, open the CA tool, right click the CA and select Renew CA Certificate. You can use the same key, no need to create a new one. It will create a NEW certificate request file
2) Copy that to the Root CA and submit like you would have done during the initial install
3) Approve the request and export the issued certificate
4) On the subordinate CA, in the CA tool, right click the CA and choose Install CA Certificate.
You can not reuse request files.
Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. -
Unable to create an encrypted disk image in Lion
disk utility gives the error Unable to create "Volume.dmg." (error - 60008) when creating an encrypted disk image. I am using the following steps:
1. Open disk utility
2. Select the disk (internal or external) to create the image on
3. Select File>New>Blank Disk Image…
4. Save As: 'Volume'
5. Name: Volume
6. Size: 50GB
7. Format: Mac OS Extended (Journaled)
8. Encryption: 128-bit AES encryption
9. Image Format: read/write disk image
10. Click the Create button
11. Password dialog appears
12. When I enter a password the dialog closes after entering only a few characters i.e. before I've finished typing, and the following error message displays:
Unable to create "Volume.dmg." (error - 60008)
I have previously, successfully, created encrypted disk images in Snow Leopard, and I don't know why I can't in Lion
Does anyone have any ideas?Thanks for this Thomas.
I've tried naming the image differently, but still received the error, I did however try different permutations for the password.
The error seems to happen if I use a purely numerical password string and occurs on input of the 10th numerical character, if I start with numerical character but use an alpha before the 9th number I can continue and create a password, and I can create a password if I start with an alpha and switch to numerals after the first alpha character, purely alphabetical passwords are fine too.
It seems that Lion doesn't like purely numerical passwords greater than 9 characters, whereas Snow Leopard wasn't so fussy. Seems it's a bit of a bug.
Thanks for your help -
Unable to create an encrypted disk image with Disk Utility
Hi:
With our upgrade to Lion a few weeks ago, we're now unable to create an encrypted disk image of any type using Disk Utility any more. This problem occurs on 3 different machines, and is reproducible whether one is using an internal HD or an external FW HD. We can successfully create nonencrypted disk images.
This is a duplicate post with all the details here: https://discussions.apple.com/message/18469359#18469359
We haven't had any luck with a solution trying various permissions fixes as helpfully suggested by other readers in response to the error message # (-60008 error), so I'm hoping that someone else has run across a solution from the encrypted disk image perspective and that this tag line will generate some help.
Thank you!Save As: 01 (on Desktop)
Name: 01
Size: 100 MB
Format: Mac OS Encrypted (Journaled)
Encryption: 256-bit AES
Partitions: Single partition- Apple Partition Map
Image Format: read/write disk image
At the password window that pops up I enter: 1234567890
This says password strength is "Weak"
All works fine
Then I repeated this using:
Save As: 02 (on Desktop)
Name: 02
Size: 100 MB
Format: Mac OS Encypted (Journaled)
Encryption: 256-bit AES
Partitions: Single partition- Apple Partition Map
Image Format: read/write disk image
At the password window that pops up I enter: 1234567890 and when I start to enter the next "1" I get the "Unable to create "02.dmg." (error -60008)
OS 10.7.4
Disk Utility Version 12.1.1 (353) -
Creating an Encrypted Disk Image on an External (USB) Drive
I have an external 600 GB drive (2x 300 GB SATA 3.5" disks in a Thecus N2050 RAID0 external enclosure connected to iMac by USB2) onto which I would like to backup a large amount of data (500 GB).
I store this external drive away from my home (in the office) and since I cannot guarantee physically locking away the drive I would like to logically lock the drive by placing all the backup data into an encrypted disk image created on that volume.
I have tried creating an encrypted disk image on my USB volume in Disk Utility (Apple's instructions here) but I experience a number of issues not documented in the Apple article:
1) I am not presented with a drop-down option for the size of the disk image.
2) When I go ahead and try to creat the image I am told that the creation was impossible "file or folder does not exist".
Is it possible to create disk images on USB volumes (I cannot create such a large disk image on my iMac HDD as I do not have sufficient space).
thanks in advance
RafI realised that in Disk Utility you must not have any of your mounted drives highlighted in the left hand pane.
-
How to create a stored procedure and use it in Crystal reports
Hi All,
Can anyone explain me how to create a stored procedure and use that stored procedure in Crystal reports. As I have few doubts in this process, It would be great if you can explain me with a small stored proc example.
Thanks in advance.If you are using MSSQL SERVER then try creating a stored procedure like this
create proc Name
select * from Table
by executing this in sql query analyzer will create a stored procedure that returns all the data from Table
here is the syntax to create SP
Syntax
CREATE PROC [ EDURE ] procedure_name [ ; number ]
[ { @parameter data_type }
[ VARYING ] [ = default ] [ OUTPUT ]
] [ ,...n ]
[ WITH
{ RECOMPILE | ENCRYPTION | RECOMPILE , ENCRYPTION } ]
[ FOR REPLICATION ]
AS sql_statement [ ...n ]
Now Create new report and create new connection to your database and select stored procedure and add it to the report that shows all the columns and you can place the required fields in the report and refresh the report.
Regards,
Raghavendra
Edited by: Raghavendra Gadhamsetty on Jun 11, 2009 1:45 AM -
Create a new DB and conn / as sysdba ORA-01031
Im try to create a new DB and:
ex[oracle@srv-orcl 9.2.0]$ export ORACLE_SID=testerms
[oracle@srv-orcl 9.2.0]$ sqlplus /nolog
SQL*Plus: Release 9.2.0.4.0 - Production on Tue Feb 26 15:33:49 2008
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
SQL> conn / as sysdba
ERROR:
ORA-01031: insufficient privileges
SQL>
Someone can help me?
Tks,
Elber[oracle@srv-orcl admin]$ ls -l $ORACLE_HOME
total 176
drwxr-xr-x 10 oracle oinstall 4096 Nov 27 21:32 Apache
drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:32 assistants
drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:32 BC4J
drwxr-xr-x 2 oracle oinstall 4096 Feb 25 13:17 bin
drwxr-xr-x 10 oracle oinstall 4096 Nov 27 21:33 ctx
drwxr-xr-x 2 oracle oinstall 4096 Feb 26 15:50 dbs
drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:30 demo
drwxr-xr-x 10 oracle oinstall 4096 Nov 27 21:32 ds
drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:37 install
drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:38 inventory
drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:34 javavm
drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:27 jdbc
drwxr-xr-x 9 oracle oinstall 4096 Nov 27 21:30 jdk
drwxr-xr-x 2 oracle oinstall 4096 Nov 27 21:34 jlib
lrwxrwxrwx 1 oracle oinstall 25 Nov 27 21:29 JRE -> /u01/app/oracle/jre/1.4.2
drwxr-xr-x 6 oracle oinstall 4096 Nov 27 21:31 jsp
drwxr-xr-x 16 oracle oinstall 4096 Nov 27 21:34 ldap
drwxr-xr-x 3 oracle oinstall 4096 Feb 25 13:17 lib
drwxr-xr-x 3 oracle oinstall 4096 Feb 25 13:26 lib32
drwxr-xr-x 4 oracle oinstall 4096 Nov 27 21:35 md
drwxrwxrwx 14 oracle oinstall 4096 Nov 27 21:37 network
drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:31 oci
drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:29 ocommon
drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:29 ocs4j
drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:27 oracm
drwxr-xr-x 4 oracle oinstall 4096 Nov 27 21:27 oracore
drwxr-xr-x 13 oracle oinstall 4096 Nov 27 21:32 ord
drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:35 otrace
drwxr-xr-x 4 oracle oinstall 4096 Nov 27 21:32 owm
drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:28 pfs
drwxr-xr-x 9 oracle oinstall 4096 Nov 27 21:35 plsql
drwxr-xr-x 9 oracle oinstall 4096 Nov 27 21:30 precomp
drwxr-xr-x 15 oracle oinstall 4096 Nov 27 21:35 rdbms
drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:28 relnotes
-rwxr-xr-x 1 oracle oinstall 5873 Nov 27 21:37 root.sh
-rw-r--r-- 1 oracle oinstall 0 Feb 26 2004 root.sh.old
drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:30 slax
drwxr-xr-x 7 oracle oinstall 4096 Nov 27 21:33 soap
drwxr-xr-x 5 oracle oinstall 4096 Nov 27 21:31 sqlj
drwxr-xr-x 9 oracle oinstall 4096 Nov 27 21:35 sqlplus
drwxr-xr-x 4 oracle oinstall 4096 Nov 27 21:27 srvm
drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:33 syndication
drwxr-xr-x 10 oracle oinstall 4096 Nov 27 21:35 ultrasearch
drwxr-xr-x 3 oracle oinstall 4096 Nov 27 21:32 wwg
drwxr-xr-x 8 oracle oinstall 4096 Nov 27 21:31 xdk
[oracle@srv-orcl admin]$
############################################################ -
BI PUBLISHER AND LDAP-- Can not see Admin tab
I have setup BI Publisher with LDAP. Created all XMLP_* groups in LDAP and created user Administrator in LDAP as a member of XMLP_* groups. However, when I login to BI Publisher, I can not see Admin tab. I have reads all posts on this site, but nothing helpful. Any help... Thanks
check this url, I think this help.
http://oraclebizint.wordpress.com/2007/11/06/oracle-bi-publisher-and-bi-ee-invisible-admin-tab/
thanks. -
Is there any way on an LDAP server to create an LDAP group that can be tied to the WLC for LDAP authentication. I have this url that explains local authentication and LDAP... http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml . That helps with local authentication but one thing I don't see is any guidance on how to create a group in a DC to communicate with anything on WLC. Any ideas?
You are right. You need a radius server overall that integrates with AD and do AD-to-radius group mapping. This way authentication is allowed/denied from radius, not WLC itself.
If the user can get a radius server to achieve this that will be great (especially if the user is using 802.1x/EAP authenticaion). If not, what I described about OU mapping is the only solution to get the users classified as per what I understood from users requirements.
The user is not only limited to Microsoft RADIUS (IAS or NPS). However, any radius server that supports AD group mapping can be used. with cisco ACS for example this is supported as well. I am not sure if this is also supported with open-source radius (openRadius for example). But if it is then openRadius can also be used. -
Authenticating against both RDBMS and LDAP in WL6.0
Hi,
We are designing a webapp that will be accessible to both internal and
external users. For internal users, we would like to authenticate via LDAP;
for external users we would like to use RDBMS. In WL5.1, this looked to be
possible with the DelegatingRealm, however this has been removed in WL6.0.
Two questions:
1) Why was it removed?
2) How can we get this functionality in WL6.0?
Thanks much for your help,
-jtWe are currently deployed on WL5.1 with a similar situation as you and in
the process of migrating to WL6. We are Authenticating against LDAP and
Authorizing against RDBMS. But I can't see how you could tell it to go
one way for certain users and another for other users.
The delegatingrealm in WL5 was intended to split the responsibility of
Authenticating to one source and Authorization to another. To make this
work for your Application of splitting internal and external users
security, I suppose you can do it if you can somehow pass the information
to the Security Realm the type of the user that is logging in. Maybe you
can make this code a part of the userid such as ext_uersID or int_userID.
Doing this will allow you to filter the where the users are coming from
and Direct them to the appropriate security realm.
As far as WL6 goes, the Delegating realm class is no longer available
since the security model for WL6 is different from WL5. But you can take
a look at what they did with the RDBMSrealm example and use that. This is
what we did to make our Security work in WL6. However, you can no longer
store ACLs in the RDBMS realm in WL6.
Hopes this helps.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
You will need to create a Custom Realm which delegates to both your RDBMS
and LDAP perhaps using the Weblogic supplied RDBMS and LDAP realms
"Jonathan Thompson" <[email protected]> wrote in message
news:3accf1a3$[email protected]..
Hi,
We are designing a webapp that will be accessible to both internal and
external users. For internal users, we would like to authenticate viaLDAP;
for external users we would like to use RDBMS. In WL5.1, this looked tobe
possible with the DelegatingRealm, however this has been removed in WL6.0.
>
Two questions:
1) Why was it removed?
2) How can we get this functionality in WL6.0?
Thanks much for your help,
-jt
[att1.html] -
have an encrypted copy of my iPhone back up on my laptop. forgotten the access code. I have deleted the back up and want to remove the encryption option and resynch with my iphone none encrypted, what are my options other than removing iTune from my laptop and reloading it
1) You asked "Does she need to reconnect to that itunes/computer and if so what do we need to do to remove this folder of pics from her ipod?" Yes, you have to connect the iPod to that computer and go to the Photos pane for the iPod in iTunes and uncheck sync photos and the click on synce/apply. In the future do not check sync photos.
iOS and iPod: Syncing photos using iTunes
2)
Create a NEW account for using these instructions. Make sure you follow the instructions. Many do not and if you do not you will not get the None option. You must use an email address that you have not used with Apple before.
Creating an iTunes Store, App Store, iBookstore, and Mac App Store account without a credit card
Then on the iPod go to
- Settings>Messages>Send and receive and sign out your ID and sign into hers. Make sure that only her ID email address is listed.
- Settings>FaceTime sign out of your ID and sign into hers. Make sure that under You can be reached at only her ID email address is listed
- Settings>iCloud and sign out and sign in with hers
Contnue to use the commpn ID/account for Settings>iTunes and App stores. -
Encrypted root and swap and hibernation
Hey
I've got this setup and working, but I'm looking to tidy the config up.
I had encryption set up using luks containers as per the wiki, using a key file for the root parition and a new key for the swap. Obviously this is no good for hibernation, and I need to use the same key for the swap all the time. Following the cryptsetup instructions on the wiki is no good either because swap is unlocked far too late in the boot process.
So, I created a new container for swap using the same key as my root parition and added a line to the encrypt hook script to unlock swap if unlocking root was successful. Made sure encrypt was before resume in mkinitcpio.conf, and resume before file system, altered /etc/fstab to mount /dev/mapper/swap during boot, and added resume=/dev/mapper/swap to grub.conf
So during hibernation the memory is saved to the encypted swap /dev/mapper/root, and because swap is unlocked at the same time as root, early in the boot process then resum is able to restore memory from the encrypted swap.
So my question, is there a way to have swap unlocked at the same time as root without having to hack and butcher the encrypt hook script.
Last edited by phildg (2007-12-06 14:34:13)Without hacking the encrypt hook, you'll only be able to unlock one volume at the same time. Afaik the device mapper asks for a password for each encrypted partition, and using one for all won't work, you have to repeat the process for each partition, whereas the encrypt hook only seems to be able to handle one partition. You can hack it, but I haven't done that (yet), it's already quite messy you have to hack the hook file to make it apply to non-root partitions.
-
Security using both rpd users and ldap
Hi,
I need 5 dummy users in rpd. I dont want to give them adminstrator previleges because they are not allowed to see everything in my dashboards. My authentication works using an LDAP server, is there any way I can let these dummy users login along with those in the LDAP server??I dont think it is possible to use both BI server default authentication and LDAP. You can always have multiple LDAP servers to authenticate. You can request for 5 service accounts to be created in the LDAP for OBIEE, and assign the privileges accordingly so they will see only required dashboards.
Please award points if helpful,
Thanks,
-Amith.
Maybe you are looking for
-
Access table directly from database in BO 4.0 WebI Report without using Universe
Can i use the table avilable in database directly to make BO 4.0 WebI Report without create any universe. I realy appeiciate your help. Thank you in advance.
-
"Disk could not be read from or written to" error
Is it dead? When syncing to my 30Gig ipod, I received the error as noted in the subject line "Attempting to copy to the disk "" failed. The disk could not be read from or written to". After updating the USB port and reinstalling the the software, I r
-
Hello, I use MAC AIR OSX 10.6.8 and have Adobe CS2, that I was using 2 years ago on my older computer. I stopped using it because it would close down in the middle of work. Now I would like to reinstall it on the MacAir but I can not get it working.
-
Erratic behaviour of Concurrent Managers
We have PCP configured on 2 node EBS. We have recently started seeing that our FNDSM on node 2 stops working and also couple of other managers got deativated. When we try to start them manually they won't start. The only thing we do is to bounce appl
-
Hardware requirement For ECC6.0
Hi Everbody, could u please help in providing hardware requirements for ECC6.0(IDES) for sandbox server.Like O/s(32bit or 64bit),processor,Harddisk,RAM with regards, eswar.