User authentication against LDAP - Non-AD

Similar Messages

• Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out)

  Hi,
  I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
  Error is enclosed & here is the port configuration.
  Port Configuration.
  interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30
  Please help.

  The error message means that Active Directory server Reject the authentication attempt
  as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
  Event Logs why did the user account got locked.
  Under Even Viewers, You can find it out
  Regards
  Minakshi (Do rate the helpful posts)

• Cisco ISE Failure: 24408 User authentication against Active Directory failed since user has entered the wrong password

  Hi,
  Since we implemented Cisco ISE we receive the following failure on several Notebooks:
  Authentication failed : 24408 User authentication against Active Directory failed since user has entered the wrong password
  This happens 2 or 3 times per Day. So basically the authentications are working. But when the failure appears, the connection is lost for a short time.
  The Clients are using PEAP(EAP-MSCHAPv2) for Authentication. We've got a Cisco Wireless Environment (WLC 5508).
  Why is this happening?
  Thanks,
  Marc

  The possible causes of this error message are:
  1.] If the end user entered an incorrect username.
  2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.
  3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.
  In your cases, the 3rd option seems to be the most closest one.
  Jatin Katyal
  - Do rate helpful posts -

• Solaris 10 Ldap Client user authentication against edirectory

  Hello,
  We have moved some of our oracle databases from linux to solaris 10 u7, I need to setup secure ldap authentication for the users against a linux based eDirectory server. Can some one point me in the right direction of good documentation or a good explaination on what i need and how to go about this.
  I have spent the last couple of days reading about pam, nsswitch.ldap nsswitch.conf and certificates now I need to pull all this information into a usable format.
  Thanks
  ukgreenman

  I have a similar question.
  Did you have a solution ?
  thanks

• Non-domain user authentication against SSAS on Active/Passive Cluster

  Hello,
  We have an Active/Passive SQL Server setup (DB1 & DB2 Servers) connected to a cluster for SQL & SSAS.  I have a web server not on the same domain that I am trying to authenticate with SSAS.  This works OK if I set the website to impersonate
  myUser and I add local account myUser as an Admin on SSAS for the active server (DB1).  But when this fails over to DB2 then it fails to authenticate.  SSAS won't allow us to add myUser as an admin for local accounts on both DB1 & DB2 as it errors
  adding the second one.  Could anyone advise how such a scenario should be approached?
  We have tried creating a domain user too which DB1 & DB2 can of course both share but I don't think the web server can impersonate this with being not part of the domain.
  Thanks.

  Hi Jcorker,
  According to your description, you need to access the SQL Serve Analysis Services database which is configured as cluster for SQL & SSAS from another domain, right?
  In SSAS we can use the solution below achieve the requirement.
  1.Create new domain account and impersonate the web site with that.
  2.Create local user account on the analysis service with same exact username/password as like domain account created in the previous step.
  However, you cannot create a local account with the same name on both servers. I have tested it on my local environemnt, we can create the same local account with the same name on both servers. In your scenario, if DB1 and DB2 on different server, you can
  create a local account with the same name on both servers. Please post the detail errors, so that we can make further analysis.
  Besides, SSAS only allows users of the same domain or trusted domains and it does not allow users from any domain except from these two. You can configure the trust relationship between the domains.
  http://technet.microsoft.com/en-us/library/cc961481.aspx
  Regards,
  Charlie Liao
  If you have any feedback on our support, please click
  here.
  Charlie Liao
  TechNet Community Support

• User authentication on LDAP with JSP/Servlet

  Please help! What I need is a small Java Servlet or JSP that I can run from a web server that will allow users type in their username and password. The JSP will then authenticate the user (by trying to log onto the LDAP server as that user) and if successful will offer them the chance to change their password. If they do it will then communicate with the LDAP server as that user and change their password.
  The LDAP server I am using is the Sun(TM) ONE 5.1 directory server.

  You can use jsp's and servlets.
  Have a .jsp (i.e. login.jsp) that has 2 fields username / password and a submit button i.e.
  <form method="post" action="/servlet/LoginServlet">
  <input type="text" size="15" name="username" value="">
  <input type="password" size="15" name="password" value="">
  <input type="submit" name="Submit" value="Authenticate">
  </form>In your servlet (i.e. LoginServlet) is where you retrieve the username / password by doing something like:
  public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String username = request.getParameter("username");
    String password = request.getParameter("password"); 
  }You would now do your LDAP authentication. see http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html
  Depending on whether the authentication was successful or not you would redirect the user to an error page or to the next .jsp (i.e changePassword.jsp) where they can change their password.

• User Authentication against NT Domain

  Hi Expert
  I want to code a program which ask for my user id and password and then
  authenticate it from my NT domain, mean verigy that am I a valid user or not ? If yes then is my password correct ?
  Any one who can give me some help to start ? I believe it can be done but I don't know how and what are the functions and libraries available to do so.
  Any help will be appreciated.
  Thanks
  -- Kashif Ahmed
  [email protected]

  Create an intial context to the Directory Server using Basic Authentication. You will have to pass the username and password (which for ADS is userPrincipalName or domain\username). As long as you do not get an AuthenticationException then your user is "Authenticated". Just remember the security implications, the password is sent in plain text.

• Authentication against both LDAP and BI repository

  I have a lot of user who are authenticated against LDAP. I need add few users who aren't exist in LDAP. I can create user in BI repository and if this user is in an Administrator group he is able to log in. But if this user isn't in an Administrator group he get error "Succesfull execution of intitializtion block LDAP is required". Is there any way how to authenticate users agains both LDAP and BI repository?

  Hi,
  why dont you create a group in ldap and add the correspondng users to that group.
  You can configure the LDAP server with that group and try...
  Hope it works...
  Regards
  Venkat

• Authenticating against both RDBMS and LDAP in WL6.0

  Hi,
  We are designing a webapp that will be accessible to both internal and
  external users. For internal users, we would like to authenticate via LDAP;
  for external users we would like to use RDBMS. In WL5.1, this looked to be
  possible with the DelegatingRealm, however this has been removed in WL6.0.
  Two questions:
  1) Why was it removed?
  2) How can we get this functionality in WL6.0?
  Thanks much for your help,
  -jt

  We are currently deployed on WL5.1 with a similar situation as you and in
  the process of migrating to WL6. We are Authenticating against LDAP and
  Authorizing against RDBMS. But I can't see how you could tell it to go
  one way for certain users and another for other users.
  The delegatingrealm in WL5 was intended to split the responsibility of
  Authenticating to one source and Authorization to another. To make this
  work for your Application of splitting internal and external users
  security, I suppose you can do it if you can somehow pass the information
  to the Security Realm the type of the user that is logging in. Maybe you
  can make this code a part of the userid such as ext_uersID or int_userID.
  Doing this will allow you to filter the where the users are coming from
  and Direct them to the appropriate security realm.
  As far as WL6 goes, the Delegating realm class is no longer available
  since the security model for WL6 is different from WL5. But you can take
  a look at what they did with the RDBMSrealm example and use that. This is
  what we did to make our Security work in WL6. However, you can no longer
  store ACLs in the RDBMS realm in WL6.
  Hopes this helps.
  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  You will need to create a Custom Realm which delegates to both your RDBMS
  and LDAP perhaps using the Weblogic supplied RDBMS and LDAP realms
  "Jonathan Thompson" <[email protected]> wrote in message
  news:3accf1a3$[email protected]..
  Hi,
  We are designing a webapp that will be accessible to both internal and
  external users. For internal users, we would like to authenticate viaLDAP;
  for external users we would like to use RDBMS. In WL5.1, this looked tobe
  possible with the DelegatingRealm, however this has been removed in WL6.0.
  >
  Two questions:
  1) Why was it removed?
  2) How can we get this functionality in WL6.0?
  Thanks much for your help,
  -jt
  [att1.html]

• Best way to disable a user from authing against ldap?

  We have a need to be able to disable users in out ldap server (Sun-ONE-Directory/5.2_Patch_2 B2004.107.0034).
  We are using msging and cal server together with Access manager and Comms express.
  Setting the inetUserStatus to inactive stops users logging into the comms express etc but we are now having a few remote services that are authenticating against ldap by binding as the user. This works regardless so disabled users can login to certain things.
  Whats the recommended way of temporarily disabling an account? We can't just change the password as we would need to restore it when the account it reenabled. Is there something easy to prevent the user binding? (something easy to undo again!).
  Cheers,
  Darren

  I found that if I use JNDI to set nsaccountlock to true, it does disable the user from authorizing. However, it also makes the Custom Editor unable to re-activate that user. You can press the "Activate" button, and it will tell you the user has been activated, but if you check the nsaccountlock, it will still be set to true. However, one can still use Generic Editor to delete the nsaccount lock to re-activate the user.
  In order for the Custom Editor to be able to reactivate the user, the user must be in the nsManagedDisabledRole. If you add the "cn=nsmanageddisabledrole,<larger context>" to the users nsroledn attribute, then the ldap automatically sets the nsaccountlock value to true.
  And if you later delete the nsaccountlock value, the ldap will automatically remove the nsManagedDisabledRole from the user's nsRoleDn.
  Tricky stuff,
  Christa

• ACS 5.1---AD Authentication VS LDAP

  Any help on this subject would be great
  I can manage to get my account logging into the cisco switch throught the Active Directory setup in external Idenity stores but not my LDAP setup here are some logs from the successful log in and unsuccessful log in with ldap.
  AD-SETUP
  Selected Identity Store - AD1
  Current Identity Store does not support the authentication method; Skipping it.
  TACACS+ will use the password prompt from global TACACS+ configuration.
  Returned TACACS+ Authentication Reply
  Received TACACS+ Authentication CONTINUE Request
  Using previously selected Access Service
  Identity Policy was evaluated before; Identity Sequence continuing
  Authenticating user against Active Directory
  User's Groups retrieval from Active Directory succeeded
  User authentication against Active Directory succeeded
  Authentication Passed
  Access Policy
  Access Service:
  Default Device Admin
  Identity Store:
  AD1
  Selected Shell Profile:
  Privilege Mode
  Active Directory Domain:
  Blah.com
  Identity Group:
  Access Service Selection Matched Rule :
  Rule-2
  Identity Policy Matched Rule:
  Default
  Selected Identity Stores:
  AD1
  Query Identity Stores:
  Selected Query Identity Stores:
  Group Mapping Policy Matched Rule:
  Authorization Policy Matched Rule:
  Rule-1
  The only issue with this setup is that i can only add the domain example blah.com and i get massive latency occuring since the authentication process goes over state to other domain controllers instead of the local ones.
  I can tell from the AAA STATUS in monitoring DASHBOARD cause the Latency is around 8000ms, and the slow log in on the switch.
  LDAP-SETUP
  In my LDAP setup i point a primary and secondary hostname closer to home to avoid latency i do a bind test which returns successful on both hosts. Setup my directory Orgainzation Tab and do a test configuration get a return of Group > 100 Subject >100.
  I reset my indenities stores to LDAP instead of AD and try again, but for some reason i get error 22056 subject not found! i just can't work this out here are the details
  Matched rule
  Selected Access Service - Default Device Admin
  Evaluating Identity Policy
  Matched Default Rule
  Selected Identity Store -
  Current Identity Store does not support the authentication method; Skipping it.
  TACACS+ will use the password prompt from global TACACS+ configuration.
  Returned TACACS+ Authentication Reply
  Received TACACS+ Authentication CONTINUE Request
  Using previously selected Access Service
  Identity Policy was evaluated before; Identity Sequence continuing
  Sending request to primary LDAP server
  Authenticating user against LDAP Server
  User search ended with an error
  Primary server failover. Switching to secondary server
  Sending request to secondary LDAP server
  Authenticating user against LDAP Server
  User not found in LDAP Server
  Subject not found in the applicable identity store(s).
  The advanced option that is configured for an unknown user is used.
  The 'Reject' advanced option is configured in case of a failed authentication request.
  Returned TACACS+ Authentication Reply
  Is there any ideas what i can try so it can find my account like the AD structure did? ideas please?
  cheers

  Hi JG,
  Thanks for replying to my post, I am currently using Softerra LDAP adminsitrator software to verify the base DN structure. I now run the test configuration button and i get a return of 1 Group and 1 subject which is correct for the settings i have choosen.
  So LDAP is now seeing my group and seeing my AD user but i still have the same problem when trying to log into my network device. The user is not found?
  can you help with anything else i might need to check JG this is driving me and everyone else in the office up the wall   let me know if you would like some screenshots.
  Regards
  Ed 

• Oracle Database Authentication against Microsoft Active Directory

  Hello
  Does anyone know if it is possible or can point me in the right direction of some documentation that discuss Oracle database user authentication against and Enterprise Directory Service, in my cases MS AD?
  My environment consists of Oracle RDBMS 10.2.0.3 on Linux Red Hat AS 4. Our users connect in from Window clients. I would like to know if there is a way to autheticate users from Windows to the database using LDAP based (AD) authentication. In oters words how do I configure authentication to be done for "identified globally accounts"? I know that the identified by globally accounts require the use of the CN which I have done, but it seems like there is some piece missing. Perhaps an Oracle schema or modification to Active Directory??
  So my questions are
  1. Is it possible to authenticate users against AD without the implementation of OID?
  2. Is there documentation someone has or can point me to that outlines the required steps?
  3. Anything I should know?
  I appreciate any help. The documentation I have found so far doesn't seem to be what I need... So I am looking for some advice.
  Thanks.

  Sure, two methods to auth from Oracle DB to MSAD:
  OID and OVD
  I am working on our own proof of concept configuring EUS connect to OVD with an MSAD as auth at the moment. OVD basically is presenting the database with OracleSchema and OracleContext info. And when you connect via netca (ldap.ora), you assign it as OID directory authentication type.
  Here's an OVD manual on Integrating with EUS (chapter 7 is for MSAD)http://www.oracle.com/technology/products/id_mgmt/ovds/pdf/e10286.pdf
  And this would be what the EUS config should look like:
  http://www.oracle.com/technology/deploy/security/database-security/howtos/eus-how-to.html
  If you've done everything in the first doc...
  Hope this answers your questions.

• Git authentication against proxies

  Hello there:
  Maybe this is not the right place to post this, but, maybe here more interested people will hear of it.
  My situation is this, i found myself behind a proxy trying to make git clone over http protocol, and i wasn't able to do it. My proxy use digest authentiction, and git software doesn't manage http proxy with auth, so i downloaded the code of git (course after i got tired of searching google) and start reading to patch it.
  After a few looks and some advice from my fellow developers i managed to do so, then i made a patch and i thougt about make a PKGBUILD and submit a package to aur, then after reading all the guidelines (aur guildelines, bug report guidelines) i decide the right thing to do was not to upload a package to aur.
  So i submitted the patch to the git's maintainers and now i'll posted here fpor someone else looking for it.
  --- git-1.6.6/http.c 2009-12-23 19:00:22.000000000 -0500
  +++ git-1.6.6/http.c 2010-01-19 11:59:17.000000000 -0500
  @@ -33,6 +33,10 @@
  static long curl_low_speed_time = -1;
  static int curl_ftp_no_epsv;
  static const char *curl_http_proxy;
  +static const char *curl_http_proxy_auth;
  +static const char *curl_http_proxy_user;
  +static const char *curl_http_proxy_pass;
  +
  static char *user_name, *user_pass;
  #if LIBCURL_VERSION_NUM >= 0x071700
  @@ -174,6 +178,15 @@
  if (!strcmp("http.proxy", var))
  return git_config_string(&curl_http_proxy, var, value);
  + if (!strcmp("http.proxy-auth", var))
  + return git_config_string(&curl_http_proxy_auth, var, value);
  +
  + if (!strcmp("http.proxy-user", var))
  + return git_config_string(&curl_http_proxy_user, var, value);
  +
  + if (!strcmp("http.proxy-pass", var))
  + return git_config_string(&curl_http_proxy_pass, var, value);
  +
  if (!strcmp("http.postbuffer", var)) {
  http_post_buffer = git_config_int(var, value);
  if (http_post_buffer < LARGE_PACKET_MAX)
  @@ -267,8 +280,32 @@
  curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
  if (curl_http_proxy)
  + {
  curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
  + if(curl_http_proxy_user && curl_http_proxy_pass)
  + {
  + char* c;
  + c = xstrdup(curl_http_proxy_user);
  + strcpy(c, curl_http_proxy_user);
  + strcat(c, ":");
  + strcat(c, curl_http_proxy_pass);
  + c[strlen(curl_http_proxy_user) + strlen(curl_http_proxy_pass) + 1] = 0;
  + curl_easy_setopt(result, CURLOPT_PROXYUSERPWD, c);
  + free(c);
  + }
  + if(curl_http_proxy_auth)
  + {
  + if(!strcmp(curl_http_proxy_auth, "digest"))
  + curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_DIGEST);
  + else if(!strcmp(curl_http_proxy_auth, "basic"))
  + curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
  + else if(!strcmp(curl_http_proxy_auth, "ntlm"))
  + curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
  + }
  +
  + }
  +
  return result;
  @@ -430,6 +467,21 @@
  curl_http_proxy = NULL;
  + if (curl_http_proxy_auth) {
  + free((void *)curl_http_proxy_auth);
  + curl_http_proxy_auth = NULL;
  + }
  +
  + if (curl_http_proxy_user) {
  + free((void *)curl_http_proxy_user);
  + curl_http_proxy_user = NULL;
  + }
  +
  + if (curl_http_proxy_pass) {
  + free((void *)curl_http_proxy_pass);
  + curl_http_proxy_pass = NULL;
  + }
  +
  if (ssl_cert_password != NULL) {
  memset(ssl_cert_password, 0, strlen(ssl_cert_password));
  free(ssl_cert_password);
  Any suggestion, would be appreciated.

  Ni Nicolaj,
  why? Because the security team is requesting this. If some went out of the office just for a coffee and leave his PC open everyone is able to connect to any system. If there is needed a re-authentication against LDAP this becomes secure and only an open session with one R/3 can be used.
  The re-authentication against LDAP because in this case the user has ONE password: windows password. No need to remember 20 passwords on 20 systems. And it is not possible to syncronize the password from LDAP to ABAP user store.
  So if the user is successful re-authenticated the portal will use the SAPLogonTicket.
  The question is how to implement this re-authentication for example the portal login itself?
  And yes, ITS with PAS is using LDAP - this we want to have also for the connection from the portal to R/3.
  Best regards,
  Michael

• ACS 5.1 Authentication against AD problem

  I have a pair of ACS 5.1 virtual appliances in a master/slave configuration, running build 5.1.0.44.  We have it configured to authenticate TACACS against Active Directory, but have run into a problem with the account of one my colleagues.  His account password recently expired and since changing it he is no longer able to authenticate on devices pointing to the master ACS server, but has no issue with devices pointing to the slave ACS server.  Several other users have changed their passwords in AD and have not encountered this problem.
  ACS View shows the following error in the TACACS+ authentication log:  "24421 Change password against Active Directory failed since it is disabled in configuration".  The account we use to connect to active directory does not have permission to send password changes, so I have disabled changing passwords in the AD identity store configuration.  As a test, I enabled password changing and instead saw this error:  "24407 User authentication against AD failed since user is required to change his password". 
  I've had him change passwords numerous times, try different SSH clients, and different PCs.  I also had him lock his account out, and then try logging on and instead was presented with this error: "24415 User authentication against AD failed since user's account is locked out".  So it seems that ACS is correctly querying AD but seems to be caching the fact that his account has expired.
  The only difference between the two ACS servers are that they are querying different AD servers.  I've gotten our AD team to reset his password, check that his account is not locked on a particular AD server, and that replication is functioning.  I've also restarted the services and cold started the ACS virtual machine to no effect.  I have yet to try clearing the AD configuration and re-entering it.
  show logging application acs reveals the following:
  ActiveDirectoryClient,19/10/2011,08:46:25:307,WARN ,3032882080,cntx=0000253027,sesn=ciscoacslc/108180474/33226,user=parrishg,[ActiveDirectoryClient::isLRPC_ConnectionError] Retryable error 6 (LRPC failed) received. Tr
  ying to reconnect.,ActiveDirectoryClient.cpp:2429
  ActiveDirectoryClient,19/10/2011,08:46:25:311,WARN ,3032882080,cntx=0000253027,sesn=ciscoacslc/108180474/33226,user=parrishg,[ActiveDirectoryClient::plainTextAuthenticate] PAP authentication for user: parrishg has fai
  led due to error: 16:Password expired,ActiveDirectoryClient.cpp:994
  ActiveDirectoryClient,19/10/2011,08:49:27:468,WARN ,3031829408,cntx=0000253057,sesn=ciscoacslc/108180474/33228,user=parrishg,[ActiveDirectoryClient::isLRPC_ConnectionError] Retryable error 6 (LRPC failed) received. Tr
  ying to reconnect.,ActiveDirectoryClient.cpp:2429
  ActiveDirectoryClient,19/10/2011,08:49:27:475,WARN ,3031829408,cntx=0000253057,sesn=ciscoacslc/108180474/33228,user=parrishg,[ActiveDirectoryClient::plainTextAuthenticate] PAP authentication for user: parrishg has fai
  led due to error: 16:Password expired,ActiveDirectoryClient.cpp:994
  ActiveDirectoryIDStore,19/10/2011,08:49:27:475,ERROR,3031829408,cntx=0000253057,sesn=ciscoacslc/108180474/33228,user=parrishg,ActiveDirectoryIDStore::onPlainAuthenticateAndQueryEvent - User password expired but change
  password configuration is disabled - authentication failed,ActiveDirectoryIDStore.cpp:525
  I am aware that I can upgrade to 5.1.0.44.6 and intend to do so (although CSCsr81297 concerns me as we make extensive use of AD for authentication), but I don't know that there is any guarantee that this will fix it.
  Any ideas on what might be the cause, and how I can fix this?
  Thanks!

  Hello,
  It is complicated to explain this rule but hopelly you will understand.
  I suggest you to do an identity store sequence that will point to the AD and RSA. this is like the user unknow policy in ACS 4.x
  Once this is done you can create 2 authorization policies 1 based on RSA authentication and another based on AD authentication.
  To give you a better clear example is there any difference between AD and RSA authentication? Do they have the same rights? Please detail what you need to configure besides AD and RSA simultanuos authentication.
  Regards,
  Sebastian Aguirre

• Can any one suggest a correct way for simple user authentication

  Hello,
  I want to know how to do simple user authentication in LDAP(
  iPlanet Directory Server ) thru Weblogic. A web application configured
  in Weblogic and I want to authorize a user.
  I found there are number of ways thru which authentication is taken
  place. please suggest a simple/basic way.
  with regards,
  Gokul.

  Hello Gokula,
  I think that Sunnynani has provided a complete information in one of your
  other post.
  Ludovic.
  Developer Relations Engineer
  BEA Support
  "Gokula Krishnan" <[email protected]> a écrit dans le message news:
  [email protected]..
  Hello,
  I want to know how to do simple user authentication in LDAP(
  iPlanet Directory Server ) thru Weblogic. A web application configured
  in Weblogic and I want to authorize a user.
  I found there are number of ways thru which authentication is taken
  place. please suggest a simple/basic way.
  with regards,
  Gokul.