Use Open Directory for intranet web acces

Similar Messages

• EMC Isilon cannot use Open Directory for SMB authentication

  Hi All,
  I have a EMC Isilon as a NAS and OS X server 10.6.8 with OD enabled. I have tried to integrate OD with Isilon as LDAP server for authentication. The Isilon can query the user from OD. But we got a strange problem. We can log into Isilon via ftp, http, nfs and ssh but not for SMB. Does anyone got this problem before?

  Did you ever resolve this issue?

• When I upload my images to the web they are not as vibrant. I am using the Save for the Web feature.

  When I upload my images to the wed they are not as vibrant. I am using the Save for the web feature and my sRGB is checked. I dont know what else to do. HELP!

  We really need to see what you're seeing.
  Can you post links to before and after?

• Use single realm for multiple web applciation in sharepoint 2013 and adfs 2.0

  Use single realm for multiple web applciation in sharepoint 2013 and adfs 2.0
  Please help!!

  I dont think you can do this, because you have to name/url of the web application in realm. You have to add new realm for each web application.here is script to add another realm.
  Add-PSSnapin "Microsoft.SharePoint.PowerShell"
  $sts = Get-SPTrustedIdentityTokenIssuer | where {$_.Name -eq "ADFS2.0"}
  $uri = new-object System.Uri("http://url/")
  $sts.ProviderRealms.Add($uri, "urn:sharepoint:Name")
  $sts.Update();
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Opening Safari for Mac Web Archives in Safari for Windows???

  I need to open Safari for Mac Web Archives (saved html web pages on a Mac) on my Windows PC at work. Does anyone know how I can accomplish this? The original Web Pages are no longer available and the data in the Archives is the only set left.
  I've tried opening the files with Safari for Windows but that doesn't work. I've also tried renaming the web archives from file.webarchive to file.html and that doesn't work either.
  Does anyone out there have any suggestions for accomplishing this task??? Thanks in advance for your help!
  YV

  If you can move your archives to a Mac I think you can convert them to folders with Webarchive Folderizer and then move back to your pc:
  http://www.versiontracker.com/dyn/moreinfo/macosx/29095

• How to use remote directory for external table

  Hi Folks,
  I have 2 Oracle 11GR2 64 bit database installed on Win 2008 server as prod1 and prod2.
  I have one directory created on prod1 server as EXT_TAB_DIR using the path as D:\OrsDWtest_dir .
  I want to use this directory in Prod2 server and use external table using this remote directory.
  I am able to access the Prod1 directory from Prod2 machine and also i have created Network map drive as Z drive pointing to that prod1 D:\OrsDWtest_dir directory. Also i checked read and Write permissions are there . I am able to create the external table but when i try to fetch the data i m getting below error ..
  ORA-29913: error in executing ODCIEXTTABLEOPEN callout
  ORA-29400: data cartridge error
  KUP-04040: file IOMM_20121213_060736.csv in EXT_TAB_DIR not found
  now my doubt is this possible ? Can we use remote directory for External table ? or is there is there any alternative way to achieve same ?
  Thanks & Regards,
  Vikash Jain(DBA)

  could you confirm the name and the existence of this file "IOMM_20121213_060736.csv" ?
  same error like:
  http://www.oracle-base.com/articles/9i/external-tables-9i.php
  if the load files have not been saved in the appropriate directory the following result will be displayed.
  SQL> SELECT *
    2  FROM   countries_ext
    3  ORDER BY country_name;
  SELECT *
  ERROR at line 1:
  ORA-29913: error in executing ODCIEXTTABLEOPEN callout
  ORA-29400: data cartridge error
  KUP-04040: file Countries1.txt in EXT_TABLES not found
  ORA-06512: at "SYS.ORACLE_LOADER", line 14
  ORA-06512: at line 1Edited by: Fran on 10-ene-2013 23:32

• My macMini has only a 1.5 GHz Intel Solo Core and is now unable to do things like Turbo Tax. I use it mainly for email, web browsing, bill paying, banking. Should my next purchase be a notebook, laptop, mini or iPad?

  My macMini has only a 1.5 GHz Intel Solo Core and is now unable to do things like Turbo Tax. I use it mainly for email, web browsing, bill paying, banking. Should my next purchase be a notebook, laptop, mini or iPad?

  Desktop: Mac Mini dual-core i5 (or quad i7 if you can afford it, it might seem overpowered but it will last you longer. Upgrade to 16GB RAM if you want to future proof that side of the machine. Don't buy from Apple, install it yourself).
  Laptop: MacBook Pro 13' if you don't need portability, or MacBook Air 11' if you do (as RRFS has said).
  A notebook and a laptop are the same thing.

• Using Open Directory as a Shared Address Book?

  Is there an elegant way to use Open Directory as a means of creating 'contacts' and their standard information without creating user account on OS X Server?

  Have a look here:
  http://www.addressbookserver.com/j2anywhere/index.jsp

• Use Open Directory on Mac OS X Server for Airport authentication?

  Is it possible to set up an Airport Extreme network so that only people with user names and passwords in the Open Directory on my Mac OS X Server can access it?
  I'm picturing a scenario where users would be prompted for the same user name and password they use for other network services when they attempt to join the wireless network.
  Our Airport Extreme access point is connected to the second Ethernet port on an original-model XServe that's running Mac OS X Server 10.3.9 (soon to be upgraded to 10.4.x).

  Is it possible to set up an Airport Extreme network
  so that only people with user names and passwords in
  the Open Directory on my Mac OS X Server can access
  it?
  I'm picturing a scenario where users would be
  prompted for the same user name and password they use
  for other network services when they attempt to join
  the wireless network.
  Our Airport Extreme access point is connected to the
  second Ethernet port on an original-model XServe
  that's running Mac OS X Server 10.3.9 (soon to be
  upgraded to 10.4.x).
  What you seem to be describing, is WPA2/Enterprise level security. This would require you to run some type of Radius Server on your XServe, and you would simply duplicate the name & password they use on the XServe on the Radius Server. BTW, this is considered one of the most secure methods of running a wireless network in the corporate world.
  You will however, have to research Radius & it's requirements, as I have not yet implemented that on my own system. HTH.
  Regards,
  Albert
  G4 QuickSilver01 OWC 1.47Ghz CPU 1.5GB RAM 740GB HDD   Mac OS X (10.4.3)   17" Aluminum PowerBook G4 1.33Ghz CPU 1.5GB RAM 80GB HD

• How to set permissions IN Open Directory USING Open Directory groups?

  Hi all,
  Apologies if I've missed this but have been searching for two days trying to figure out how to delegate permissions within the OD to a number of different OD groups and i can't seem to find any way to do this either at the command line or with WGM.
  Examples: an OD group containing those who will manage the full directory need to have permissions on all containers, child objects, and their attributes in the directory. For this one in particular I seem to be able to nest a group in the default Admin group, but this isn't really what i'm after. I need to create OD groups with the ability only to manipulate objects of class apple-computer and similarly, apple-user (really all inetOrgPerson objects). In a nutshell: how do i set permissions on specific attributes or object classes using OD groups?
  thanks for any pointers...
  -andrew

  I think i just answered my own question: Open Directory is OpenLDAP. slapd is all i need.

• Using Identity Management for Securing Web Services

  My goal is to associate my services with an Oracle Internet Directory. I made some attempts to set up SAML authentication for the web services, but it didn't have the right outcome.
  (My identity management server and OID is up and running and I have successfully made authentication modules for other web applications)
  Here is what I did:
  1. I wrote a simple java file, used jdeveloper tools to create and deploy it as a web service to OC4J. I associated an identity management server with this service through OC4J web tools as security provider.
  2. I made a data control for the web service and put it in an ADF application . (client)
  3. I deployed the client project(2) to OC4J.
  I could use the web service through the page.
  Then
  I secured the webservice to expect SAML for authentication.
  Surprisingly, the client could still communicate with the webservice, Why? Shouldn't it have rejected the request because of the problem in SAML token? (The proxy and the data control were not secured, and didn't provide any SAML tokens)
  4.
  I added login page to my client project (through ADF security wizard). It used idenity management for authentication successfully. login process completes and web service data control is displayed.
  5. I want the authentication information to be propagated through the page so that the web service receives the data and uses Identity Management.
  I know I should add <property name="oracle.security.wss.propagate.identity" value ="true"/>
  to one of the configuration files, but don't know where exactly.
  Best Regards,
  Farbod

  It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
  The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
  Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
  If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
  Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
  You can enforce rules at your network layer to allow access to the App server only from Gateway.
  When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
  The next BPEL developer in your project may not be aware of Security extensions
  Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
  Thanks
  Ram

• Memory Leak and 100% CPU in slapd process when using Open Directory OS X 10.8.5

  Has anyone seen the slapd (LDAP daemon from OpenLDAP which OS X Server uses) run away when running Open Directory? We've tried disabling replication but it doesn't seem to matter. The slapd process will start up and take up about 400MB and then at night will consume all the available memory and crashing the server.
  Any thoughts? Any benefit in upgrading to Mavericks' Server app?
  Thanks,
  John

  @Strontium90
  Found this in opendirectory.log which seems to just show ldap requests starting to slow down.
  2013-12-06 09:54:19.736670 PST - State information (some requests have been active for extended period):
            Sessions: {
                2839 -- opendirectoryd:
                            Session ID: CBAE3152-1A3B-4C7E-89D6-2F836C28F5BA
                            Refs: singleton
                            Type: Default
                            Target: localhost
            Nodes: {
                2839 -- opendirectoryd:
                            Node ID: CC6FC6C3-AD02-4068-9E8F-8FDC228F4C48
                            Nodename: /Search
                            Session ID: <Default>
                            Refs: 3
                            Internal Use: X
                2816 -- automount:
                            Node ID: 8FC03A24-46F2-4DAA-A0EC-3FF98B458FB4
                            Nodename: /Search
                            Session ID: <Default>
                            Refs: 2
                277 -- SystemUIServer:
                            Node ID: FFF97865-2FBE-474A-BD53-43A35DA09D3A
                            Nodename: /Search
                            Session ID: <Default>
                            Refs: 3
                            Internal Use: X
            Requests: {
                2816 -- automount:
                            Nodename: /Search
                            Refs: 5
                            Active Time: 65170959
                            Type: ODNodeCopySubnodeNames
                            Current Module: search
                            Node ID: 8FC03A24-46F2-4DAA-A0EC-3FF98B458FB4
                            Request ID: 5
                2839 -- opendirectoryd:
                            Nodename: /Search
                            Refs: 5
                            Active Time: 65971987
                            Type: ODQueryCreateWithNode
                            Current Module: search
                            Node ID: CC6FC6C3-AD02-4068-9E8F-8FDC228F4C48
                            Request ID: 4
                277 -- SystemUIServer:
                            Current Module: SystemCache
                            Type: getpwuid
                            Request ID: 10
                            Refs: 4
                            Active Time: 13397955
                            Nodename: /Search
                            Parent Request: 10
                            Refs: 5
                            Active Time: 11041999
                            Type: ODQueryCreateWithNode
                            Current Module: search
                            Request ID: 12
                            Node ID: FFF97865-2FBE-474A-BD53-43A35DA09D3A
                68 -- coreservicesd:
                            Current Module: SystemCache
                            Type: getpwuid
                            Request ID: 8
                            Refs: 3
                            Active Time: 13484131
                2832 -- sshd:
                            Current Module: SystemCache
                            Type: getpwnam
                            Request ID: 9
                            Refs: 3
                            Active Time: 13483916
                640 -- SystemUIServer:
                            Current Module: SystemCache
                            Type: getpwuid
                            Request ID: 7
                            Refs: 3
                            Active Time: 13522530
  2013-12-06 09:54:19.737704 PST - requesting spindump generation
  In slapd.log around the same time:
  Dec  6 06:55:23 dms-out-01.int.payoff.com slapd[118]: conn=-1 op=0: attribute "entryCSN" index delete failure
  Dec  6 06:58:25 dms-out-01.int.payoff.com slapd[118]: connection_read(46): no connection!
  Dec  6 07:00:23 dms-out-01.int.payoff.com slapd[118]: connection_read(48): no connection!
  Dec  6 07:27:34 dms-out-01.int.payoff.com slapd[118]: connection_read(47): no connection!
  Dec  6 07:56:30 dms-out-01.int.payoff.com slapd[118]: connection_read(47): no connection!
  Dec  6 08:10:24 dms-out-01.int.payoff.com slapd[118]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Dec  6 08:10:24 dms-out-01.int.payoff.com slapd[118]: conn=-1 op=0: attribute "entryCSN" index delete failure
  Dec  6 08:10:25 dms-out-01.int.payoff.com slapd[118]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Dec  6 08:10:25 dms-out-01.int.payoff.com slapd[118]: conn=-1 op=0: attribute "entryCSN" index delete failure
  Dec  6 08:18:29 dms-out-01.int.payoff.com slapd[118]: connection_input: conn=12372 deferring operation: binding
  Dec  6 08:18:55 dms-out-01.int.payoff.com slapd[118]: connection_input: conn=12373 deferring operation: binding
  Dec  6 08:19:50 dms-out-01.int.payoff.com slapd[118]: connection_read(53): no connection!
  Dec  6 08:27:16 dms-out-01.int.payoff.com slapd[118]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Dec  6 08:27:16 dms-out-01.int.payoff.com slapd[118]: conn=-1 op=0: attribute "entryCSN" index delete failure
  Dec  6 09:08:00 dms-out-01.int.payoff.com slapd[118]: connection_input: conn=12871 deferring operation: binding
  Dec  6 09:16:10 dms-out-01.int.payoff.com slapd[118]: connection_input: conn=12871 deferring operation: pending operations
  The deadlock from what I can tell is a more of a warning from OpenLDAP, but it is a common pattern and occurring every few minutes.
  Not much useful in slapconfig.log.
  Any insights? Thanks so much.
  ~john

• Do I need Open Directory for multiple email addresses for Calendar users?

  Hey all,
  I have a single mac mini which I use simply as a calendar server for +/- 20 users. One day I might use Profile Manager to manage their iOS devices too. On the initial installation, we enabled Open Directory, although I'm not sure that it's required, and we have no plans re using it to manage network logins etc aside from existing calendaring.
  I'm working through a migration from a Lion Server.app install to Mavericks, and due to some data corruption issues, we'll probably just rebuild the server and reimport the users calendars.
  On my existing Lion Server installation, I can still use workgroup manager to assign multiple email addresses to calendar users, so that when a user invites another user to a calendar event using any of their email addresses (we have several variations), the invitation still gets pushed to the correct calendar user.
  On Mavericks, without installing Open Directory, it seems I can't do this (I've downloaded Workgroup Manager for Mavericks, but it obviously can't connect to a local open directory). If Open Directory is optional, I'd rather not install it, to avoid overhead and complexity, but I still need a way to manage these multiple email addresses (aliases doesn't cut it).
  Any ideas / suggestions?
  Thanks,
  D

  For Calendar server to send actual email invitations to an attendee, two things must happen:
  First, you need to configure Server.app > Calendar > Enable invitations by email.  Enabling that will bring up a wizard dialog that will step you through the IMAP and SMTP account settings.  The default values in that wizard will tell Calendar server to use the local Mail server (which you then would have to configure to use the appropriate SMTP relay, etc.).  Or you can change the wizard settings to refer to an external IMAP and SMTP server.  It is wise to use a dedicated IMAP account for Calendar server's use -- don't go using someone's personal IMAP account because there might be some "undesirable interactions", let's say.  If you need help configuring this for, say, a Gmail account, I can help with that.
  Second, the email address for the attendee must *not* be known to Calendar server, i.e. it should *not* be in the Directory.  As you probably found out, if Calendar server sees that the attendee has an email address that is in the Directory, the attendee is considered to be "local" and the invitation will be delivered directly to the attendee's calendar client.  If you simply leave those other email variations out of the Directory, Calendar server will consider that attendee "remote" and will send an actual email with a special attachment that calendar clients can understand. 
  Hope that helps.

• Generating WSDL using Integration Directory (Tools-Define Web Service)

  Hi,
  I have tested the "Define Web Service" tool in Integration Directory - some question;
  1) It's a little bit frustrating to change the URL after clicking the "Propose URL" button - is it possible to configure somewhere the right URL
  http://<srv>:<port>/XISOAPAdapter/MessageServlet?channel=<party>:<service>:<cchannel>
  2) The generated WSDL is not according to the basic profile for WSDLs - wrong encoding="ISO-8859-1" - supposed to be "UTF-8"|"UTF-16" - is it possible to configure how the WSDL is generated?
  I'm not sure, but I think there is a issue related to the type of binding for a binding.
  3) A web service can consists of several methods - is there a tool for generating a WSDL for several interfaces?
  It's "boring" to manually copy-paste from several generated WSDLs to one main WSDL for a web service
  Anyway, by using XMLSpy and SoapScope, everything works just fine

  a single data type will refer to multiple data types data.
  You can refer one Data type in other Data Type but it wont be available under a  different root node.....the root node will the the DT name under which you are referring the other DTs......you can do this by:
  DT --> Give the appropriate name to a node --> While selecting the Type for this node select Data types --> select the DT from the list available....for this you should first include all the schemas in IR i.e. you should first create individual DTs by importing the schema (DT --> XSD --> Import Data Type Definition from File)
  You have a huge list of schemas!
  Regards,
  Abhishek.

• Autherntication using Open Directory and NO home folder

  We are looking to set up an Open Directory on a Snow Leopard server in our medium sized company - we would like to use it for Single Sign On authentication but do not want to create home folders on the server. All we want OD to do is authenticate
  We have been able to authenticate using OD bound and unbound but both need home folders. Is there a way to have no home holder and still authenticate?
  thanks

  What I did was in WGM select a user account. Then select the Home tab. Click the + button to add a home folder. In the sheet that drops down, in the bottom box put /Users/username. Leave the other boxes blank. This will create a home folder locally on whatever machine the user logs into.