Using Active MQ with ES2 Turnkey

Similar Messages

• Oracle 9i/10G DB authentication using Active Directory (with out OID)

  Hello All,
  We want to use a Single-Password authentication scheme using the Active
  Directory as the primary source for userId/Password.
  We don't want to use the Active Directory and OID bridge.
  As we have many databases and would like to configure all Databases to use Active
  Directory for Authentication. Our goal is to have single id/password across all
  the databases and any user should be able to login from any computer using their
  windows id/password, note that we don't want to use the OSAuthentication.
  We have read the documents provided by oracle for authentication using Active
  Directory, we were able to create Oracle Schema in Active Directory and were
  also able to register a DB with Active Directory and then created user as global
  user in Oracle Database and provided the DN of the user. When we tried
  authenticate with all this setup it comes back and says invalid ID/Password !!!
  And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
  Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
  Envoirnment:
  Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
  Operating System: Windows 2000/ Windows 2000 Server
  Constraint: We don't want to user OID ( as we don't have license for this
  product ! )

  I have a thread started similar to your request.
  OS Authenication on Windows
  Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
  SHOW PARAMETER OS_AUTHENT_PREFIX;
  SHOW PARAMETER REMOTE_OS_AUTHENT;
  CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
  GRANT CREATE SESSION TO OPS$SOMEUSER;
  For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
  CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
  I really wish Oracle or somebody created a guide or book on how to do this.

• How to send a picture to excel using active X with Labview

  I would like to create a report in excel that would have a picture and various information about each picture, but I don't see a property for sending a picture to excel. Is it possible?

  Darrenb,
  I am sorry if I wan not verry clear on this answer. Here is a screen shot on how this is implemented in the Report Genration Toolkit for Microsoft Office. I would suggest purchasing this Toolkit as an add-on for LabVIEW as it has this functionality already built in for both Microsoft Excel and Microsoft Word.
  Randy Hoskin
  Applications Engineer
  National Instruments
  http://www.ni.com/ask
  Attachments:
  ExcelPicture.gif ‏12 KB

• Active sync with Active Directory.  activeSync.password

  AD - OS - Win2k3
  IDM -6.0SP1
  I am using active sync with Active Directory.
  Form for Active Sync make with Wizard Active Sync.
  Make user in AD with correct password.Excecute StartActiveSync.
  User not make in Lighthouse.
  In log file appears the following:
  <WavesetResult>
  <ResultItem type='error' status='error'>
  <ResultError throwable='com.waveset.exception.PolicyViolation'>
  <Message id='PL_POLICY_VIOLATION_HEADER'>
  <String>password</String>
  <String>Lighthouse User</String>
  </Message>
  <Message id='PL_STRING_MIN_CHARACTERS'>
  <String>4</String>
  </Message>
  <StackTrace>com.waveset.exception.PolicyViolation: Policy Violation (password on Lighthouse User):
  Must contain at least 4 valid characters.
       at com.waveset.policy.StringQualityPolicy.check(StringQualityPolicy.java:1090)
       at com.waveset.provision.PolicyProcessor.checkPolicy(PolicyProcessor.java:716)
       at com.waveset.provision.PolicyProcessor.checkLighthousePasswordPolicy(PolicyProcessor.java:651)
       at com.waveset.provision.PolicyProcessor.checkPasswordPolicies(PolicyProcessor.java:574)
       at com.waveset.provision.PolicyProcessor.checkAccountPolicies(PolicyProcessor.java:232)
       at com.waveset.provision.Provisioner.checkPolicies(Provisioner.java:1102)
       at com.waveset.view.UserViewer.checkPolicies(UserViewer.java:1559)
       at com.waveset.view.UserViewer.checkPoliciesAndConstraints(UserViewer.java:1415)
       at com.waveset.view.UserViewer.checkinView(UserViewer.java:1159)
       at com.waveset.object.ViewMaster.checkinView(ViewMaster.java:725)
       at com.waveset.sync.IAPIUserImpl.submitCreate(IAPIUserImpl.java:559)
       at com.waveset.sync.IAPIUserImpl.submit(IAPIUserImpl.java:657)
       at com.waveset.adapter.ADSIResourceAdapter.processUpdates(ADSIResourceAdapter.java:1419)
       at com.waveset.adapter.ADSIResourceAdapter.getAndProcessChanges(ADSIResourceAdapter.java:1456)
       at com.waveset.adapter.ADSIResourceAdapter.poll(ADSIResourceAdapter.java:1546)
       at com.waveset.adapter.SARunner.doRealWork(SARunner.java:268)
       at com.waveset.task.Executor.execute(Executor.java:159)
       at com.waveset.task.TaskThread.run(TaskThread.java:119)
  </StackTrace>
  </ResultError>
  </ResultItem>
  </WavesetResult>
  2006-11-09T13:19:07.904+0500: lastname: Bogdanov9, accountId: Bogdanov9, objectGUID: <GUID=fb4016ebb4851b43af59763d6094932d>, isDisabled: false, identity: cn=Alexey L. Bogdanov9,ou=Users,ou=Test,dc=aut,dc=tst, uSNChanged: 78587, firstname: Alexey, AccountLocked: false, fullname: Alexey L. Bogdanov9, Initials: L
  Policy Violation (password on Lighthouse User):
  Must contain at least 4 valid characters.
  But, when i use sample active sync form from ...sample/forms/ActiveDirectoryActiveSyncForm user make in Ligthhouse with password change12345.
  Logicaly, from this code:
  <Field name='waveset.password'>
  <Comments>
  Make up a password for accounts that are being
  created. This makes it a constant
  </Comments>
  <Disable>
            <neq>
            <ref>feedOp</ref>
                 <s>create</s>
            </neq>
       </Disable>
  <Expansion>
  <cond>
            <notnull>
                 <ref>activeSync.password</ref>
            </notnull>
  <ref>activeSync.password</ref>
  <s>change12345</s>
  </cond>
  </Expansion>
  </Field>
  I think password from AD not put in to activeSync.
  Why?
  With MBR
  Bogdanov Alexey.

  --I think password from AD not put in to activeSync.
  --Why?
  You cannot change the user's password from the activeSync RA. The password is encrypted in Active Directory and you can't decrypt it.
  You can read the Idm Resources Reference - Active Directory. There's a table with all the supported fields; the userPassword field is write-only.
  If you want to take the AD password and send it to IDM, you want to use Password Sync.
  Good luck

• Active Sync with Active Directory

  I am using active sync with Active Directory, but When I excecute the synchronization, it does not work, in log file appears the following:
  00.037-0500: Polling
  2006-11-01T18:35:00.053-0500: Looking for updates with filter: (objectCategory=person)(uSNChanged>=62506)
  2006-11-01T18:35:00.506-0500: Missing uSNChanged for user user1. Skipping
  2006-11-01T18:35:00.506-0500: Missing uSNChanged for user mike2. Skipping
  2006-11-01T18:35:00.506-0500: Missing uSNChanged for user little5. Skipping
  2006-11-01T18:35:00.506-0500: Missing uSNChanged for user george. Skipping
  2006-11-01T18:35:00.724-0500: Looking for deletes with filter: (uSNChanged>=62506)
  2006-11-01T18:35:00.740-0500: Missing uSNChanged for user CN=maria \0ADEL:7924c26d-9f1f-40a8-af4d-120e191aa84e,CN=Deleted Objects,DC=xxx,DC=com. Skipping
  2006-11-01T18:35:00.740-0500: Poll complete.
  I am using IDM 6.0 sp1

  Did you add the uSNChanged attribute to your schema mapping (name it "uSNChanged" on both the IDM and resource side of the mapping)?
  - Robin

• Using iChat Server with Windows clients in an integrated Active Directory/Open Directory environment

  A co-worker (Super Brent) and I were working on using iChat as an internal IM server after having used Openfire for a couple days. The reason for switching was basically that we had a Mac Mini Server that was available so we decided to take this on.
  First problem: Knowing whether or not Kerberos was needed for AD/OD integration. We spent a ton of time on this, not knowing a huge amount about AD and with our server administrator on courses, we just kept poking at it and removed Kerberos.
  For the AD/OD integration, we first bound the Mac Mini to our Active Directory server. We shut off LDAPv3 support as we only wanted to use the AD functionality. Additionally, we ensured that the search policy in Directory Utility only used Active Directory. Then we created an Open Directory master in the Open Directory service. We enabled a self-signed certificate and trusted it locally. After creating the iChat service, ensure that you use the self-signed SSL Certificate and set authentication to Standard. (no kerberos).
  Second problem: Once this was complete, we started to test clients out. We were unable to successfully login using our AD credentials using Spark IM and Pandium IM. After trying nearly 100 different variations of server configs, we decided to try a new client. I installed Miranda IM on my Windows XP machine and tried a few different setups. It turned out that the magic potion was to make sure that the "resource" field was set to "Home" and use SSL for encryption. This resource setting was the deal breaker for the other IM clients as many of them such as Spark and Pandium do not have this as a login option.
  We ended up using Pidgin IM as the Windows client of choice as it did have the resource variable and it's interface was the best suited for our environment and users.
  I hope this helps someone out there as we spent days looking all over the internet trying to figure this out.
  Cheers,
  Frenchy and Super Brent

  Hi,
  iChat Server is not something that I know a great deal about.
  I tend to point people to the OS  X Server Communities and to look out for posts by Tim Harris.
  Thanks for taking the time to post this.
  9:58 PM      Friday; February 10, 2012
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
    iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• My iphone has before used a apple id for icloud then accedently my device has upadated with itunes then now its activation locked with apple id but my apple id doesnt work what i do

  my iphone has before used a apple id for icloud then accedently my device has upadated with itunes then now its activation locked with apple id but my apple id doesnt work what i do
  my apple id =[email protected]

  You need the original owner to remove the device from his or her account. There is no workaround.
  Activation Lock

• Adobe Activation error I bought a used CS2 application with serial numbers: it loads fine and works, but I cannot activate it and it will run out in 26 days. I bought it on ebat for 40 dollars. I am willing to pay a royalty fee. In 2006, or so, I bought a

  Adobe Activation error I bought a used CS2 application with serial numbers: it loads fine and works, but I cannot activate it and it will run out in 26 days. I bought it on ebat for 40 dollars. I am willing to pay a royalty fee. In 2006, or so, I bought a student version of CS2 at the College bookstore legally and registered it and it is still running on my 2002 eMac, but my Mac cannot communicate with my wireless printer I just got. So I looked for a copy of CS2 to put on my second hand IBM PC.

  Error: Activation Server Unavailable | CS2, Acrobat 7, Audition 3

• How can I use Active Print on my Ipad and print to my usb connected HP officejet 6110 all in one

  I was previously able to use Active Print on my Ipod to print to my usb connected HP officejet 6110 all in one.  Now, however, with my Ipad version 2 I can no longer get this to work.  Can anyone help?  Thanks.

  Hi,
  HP do not provide any USB connection solution for iOS.
  As Active Print is a 3rd party application which provide this functionality, i believe you may find a better help within Active Print support as they more familier with their application requirement and functionality:
  http://www.activeprint.net/support/
  Regards,
  Shlomi
  Say thanks by clicking the Kudos thumb up in the post.
  If my post resolve your problem please mark it as an Accepted Solution

• How do I use Active Sync to view SharePoint Lists (Contacts and Calendars) on a Mobile Phone?

  We are attempting to use SharePoint 2010 in combination with Exchange 2010 to implement shared calendars and contact lists throughout our organization.  We are able to connect the lists to Outlook 2010, but have been unsuccessful in viewing
  the calendars and contact lists from our mobile phones.  How do we use Active Sync to view SharePoint Lists (Contacts and Calendars) on a Mobile Phone?
  In trying to answer this question, we have come across a few different possibilities, all of them falling just short of a long term solution for us.  After doing research, we found that Active Sync will only show the default folders of the account.  To
  solve this, we downloaded an Add-In for Outlook (CodeTwo FolderSync) to synchronize folders and synchronized our SharePoint list with a new Contact list in the default folder.  The issue we came across with this method is that the Add-In we are using
  is not capable of automatic synchronization.  There is a button and it must be clicked after every update is made, which is not ideal for our solution.  We then went to the company (CodeTwo) and found server side software (Exchange Sync) that they
  offer which will automatically synchronize the folders.  After installing that on the Exchange Server, we now are running into the issue of not being able to locate the SharePoint lists on the Exchange Server.
  Does anyone happen to know how we can get to the SharePoint lists from the Exchange Server?  Has anyone else been able to use shared contacts lists and calendars from SharePoint on their mobile phones using Active Sync?  If so, are we in the right
  direction with what we have found so far?
  Thanks,
  Brad

  You cannot use ActiveSync for that, but there are SharePoint clients for the iPhone. Windows Mobile 7 natively supports SharePoint with SharePoint Workspace Mobile, part of Microsoft Office Mobile. Android and BlackBerry might also have some apps.
  Use Microsoft SharePoint Workspace Mobile
  http://www.microsoft.com/windowsphone/en-us/howto/wp7/office/use-office-sharepoint-workspace-mobile.aspx
  iPhone SharePoint Apps Shootout
  http://www.codeproject.com/KB/iPhone/iPhoneSharePointApps.aspx 
  Comparing SharePoint iPhone Apps
  http://blog.praecipio.com/2010/11/02/comparing-sharepoint-iphone-apps/
  MCTS: Messaging | MCSE: S+M

• How do I activate a used iPhone 3 with no SIM card for use as an ipod touch?

  How do I activate a used iPhone 3G with no SIM card for use like an iPod Touch? It was apparently on AT&T previously and I have another iPhone 3 that is active on AT&T if that is helpful. Thanks!

  Copied from the link provided.
  Follow these steps to use your iPhone without a wireless service plan:
  Insert the SIM card from your new, activated iPhone or one that was previously used to activate the original iPhone.
  Connect the iPhone to iTunes on a computer connected to the Internet.
  Once iTunes activates the device, you're free to use the iPhone as if it were an iPod touch.

• I'm trying to use kerberos V5 with ActiveDirectory but get an error

  I'm trying to use kerberos V5 with ActiveDirectory im using simple code from previuos posts but
  when i try with correct username/password i get :
  Authentication attempt failedjavax.security.auth.login.LoginException: Message stream modified (41)
  when i try incorrect username/pass i get :
  Pre-authentication information was invalid (24)
  Debug info is :
  Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  Kerberos username [naiden]: naiden
  Kerberos password for naiden:      naiden
            [Krb5LoginModule] user entered username: naiden
  Acquire TGT using AS Exchange
            [Krb5LoginModule] authentication failed
  Pre-authentication information was invalid (24)
  Authentication attempt failedjavax.security.auth.login.LoginException: Java code is :
  import javax.naming.*;
  import javax.naming.directory.*;
  import javax.security.auth.login.*;
  import javax.security.auth.Subject;
  import com.sun.security.auth.callback.TextCallbackHandler;
  import java.util.Hashtable;
  * Demonstrates how to create an initial context to an LDAP server
  * using "GSSAPI" SASL authentication (Kerberos v5).
  * Requires J2SE 1.4, or JNDI 1.2 with ldapbp.jar, JAAS, JCE, an RFC 2853
  * compliant implementation of J-GSS and a Kerberos v5 implementation.
  * Jaas.conf
  * racfldap.GssExample {com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true doNotPrompt=true; };
  * 'qop' is a comma separated list of tokens, each of which is one of
  * auth, auth-int, or auth-conf. If none is supplied, the default is 'auth'.
  class KerberosExample {
  public static void main(String[] args) {
  java.util.Properties p = new java.util.Properties(System.getProperties());
  p.setProperty("java.security.krb5.realm", "ISY");
  p.setProperty("java.security.krb5.kdc", "192.168.0.101");
  p.setProperty("java.security.auth.login.config", "C:\\jaas.conf");
  System.setProperties(p);
  // 1. Log in (to Kerberos)
  LoginContext lc = null;
  try {
  lc = new LoginContext("ISY",
  new TextCallbackHandler());
  // Attempt authentication
  lc.login();
  } catch (LoginException le) {
  System.err.println("Authentication attempt failed" + le);
  System.exit(-1);
  // 2. Perform JNDI work as logged in subject
  Subject.doAs(lc.getSubject(), new LDAPAction(args));
  // 3. Perform LDAP Action
  * The application must supply a PrivilegedAction that is to be run
  * inside a Subject.doAs() or Subject.doAsPrivileged().
  class LDAPAction implements java.security.PrivilegedAction {
  private String[] args;
  private static String[] sAttrIDs;
  private static String sUserAccount = new String("Administrator");
  public LDAPAction(String[] origArgs) {
  this.args = (String[])origArgs.clone();
  public Object run() {
  performLDAPOperation(args);
  return null;
  private static void performLDAPOperation(String[] args) {
  // Set up environment for creating initial context
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  // Must use fully qualified hostname
  env.put(Context.PROVIDER_URL, "ldap://192.168.0.101:389/DC=isy,DC=local");
  // Request the use of the "GSSAPI" SASL mechanism
  // Authenticate by using already established Kerberos credentials
  env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
  env.put("javax.security.sasl.server.authentication", "true");
  try {
  /* Create initial context */
  DirContext ctx = new InitialDirContext(env);
  /* Get the attributes requested */
  Attributes aAnswer =ctx.getAttributes( "CN="+ sUserAccount + ",CN=Users,DC=isy,DC=local");
  NamingEnumeration enumUserInfo = aAnswer.getAll();
  while(enumUserInfo.hasMoreElements()) {
  System.out.println(enumUserInfo.nextElement().toString());
  // Close the context when we're done
  ctx.close();
  } catch (NamingException e) {
  e.printStackTrace();
  }JAAS conf file is :
  ISY {
       com.sun.security.auth.module.Krb5LoginModule required
  debug=true;
  };krb5.ini file is :
  # Kerberos 5 Configuration File
  # All available options are specified in the Kerberos System Administrator's Guide.  Very
  # few are used here.
  # Determines which Kerberos realm a machine should be in, given its domain name.  This is
  # especially important when obtaining AFS tokens - in afsdcell.ini in the Windows directory
  # there should be an entry for your AFS cell name, followed by a list of IP addresses, and,
  # after a # symbol, the name of the server corresponding to each IP address.
  [libdefaults]
       default_realm = ISY
  [domain_realm]
       .isy.local = ISY
       isy.local = ISY
  # Specifies all the server information for each realm.
  #[realms]
       ISY=
            kdc = 192.168.0.101
            admin_server = 192.168.0.101
            default_domain = ISY
       }

  Now it works
  i will try to explain how i do this :
  step 1 )
  fallow this guide http://www.cit.cornell.edu/computer/system/win2000/kerberos/
  and configure AD to use kerberos and to heve Kerberos REALM
  step 2 ) try windows login to the new realm to be sure that it works ADD trusted realm if needed.
  step 3 ) create jaas.conf file for example in c:\
  it looks like this :
  ISY {
       com.sun.security.auth.module.Krb5LoginModule required
  debug=true;
  };step 4)
  ( dont forget to make mappings which are explained in step 1 ) go to Active Directory users make sure from View to check Advanced Features Right click on the user go to mappings in secound tab kerberos mapping add USERNAME@KERBEROSreaLm for example [email protected]
  step 5)
  copy+paste this code and HIT RUN :)
  import java.util.Hashtable;
  import javax.naming.Context;
  import javax.naming.NamingEnumeration;
  import javax.naming.NamingException;
  import javax.naming.directory.Attributes;
  import javax.naming.directory.DirContext;
  import javax.naming.directory.InitialDirContext;
  import javax.naming.directory.SearchControls;
  import javax.naming.directory.SearchResult;
  import javax.security.auth.Subject;
  import javax.security.auth.login.LoginContext;
  import javax.security.auth.login.LoginException;
  import com.sun.security.auth.callback.TextCallbackHandler;
  public class Main {
      public static void main(String[] args) {
      java.util.Properties p = new java.util.Properties(System.getProperties());
      p.setProperty("java.security.krb5.realm", "ISY.LOCAL");
      p.setProperty("java.security.krb5.kdc", "192.168.0.101");
      p.setProperty("java.security.auth.login.config", "C:\\jaas.conf");
      System.setProperties(p);
      // 1. Log in (to Kerberos)
      LoginContext lc = null;
      try {
              lc = new LoginContext("ISY", new TextCallbackHandler());
      // Attempt authentication
      lc.login();
      } catch (LoginException le) {
      System.err.println("Authentication attempt failed" + le);
      System.exit(-1);
      // 2. Perform JNDI work as logged in subject
      Subject.doAs(lc.getSubject(), new LDAPAction(args));
      // 3. Perform LDAP Action
      * The application must supply a PrivilegedAction that is to be run
      * inside a Subject.doAs() or Subject.doAsPrivileged().
      class LDAPAction implements java.security.PrivilegedAction {
      private String[] args;
      private static String[] sAttrIDs;
      private static String sUserAccount = new String("Administrator");
      public LDAPAction(String[] origArgs) {
      this.args = origArgs.clone();
      public Object run() {
      performLDAPOperation(args);
      return null;
      private static void performLDAPOperation(String[] args) {
      // Set up environment for creating initial context
      Hashtable env = new Hashtable(11);
      env.put(Context.INITIAL_CONTEXT_FACTORY,
      "com.sun.jndi.ldap.LdapCtxFactory");
      // Must use fully qualified hostname
      env.put(Context.PROVIDER_URL, "ldap://192.168.0.101:389");
      // Request the use of the "GSSAPI" SASL mechanism
      // Authenticate by using already established Kerberos credentials
      env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
  //    env.put("javax.security.sasl.server.authentication", "true");
      try {
      /* Create initial context */
      DirContext ctx = new InitialDirContext(env);
      /* Get the attributes requested */
      //Create the search controls        
      SearchControls searchCtls = new SearchControls();
      //Specify the attributes to return
      String returnedAtts[]={"sn","givenName","mail"};
      searchCtls.setReturningAttributes(returnedAtts);
      //Specify the search scope
      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
      //specify the LDAP search filter
      String searchFilter = "(&(objectClass=user)(mail=*))";
      //Specify the Base for the search
      String searchBase = "DC=isy,DC=local";
      //initialize counter to total the results
      int totalResults = 0;
      // Search for objects using the filter
      NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
      //Loop through the search results
      while (answer.hasMoreElements()) {
              SearchResult sr = (SearchResult)answer.next();
          totalResults++;
          System.out.println(">>>" + sr.getName());
          // Print out some of the attributes, catch the exception if the attributes have no values
          Attributes attrs = sr.getAttributes();
          if (attrs != null) {
              try {
              System.out.println("   surname: " + attrs.get("sn").get());
              System.out.println("   firstname: " + attrs.get("givenName").get());
              System.out.println("   mail: " + attrs.get("mail").get());
              catch (NullPointerException e)    {
              System.err.println("Error listing attributes: " + e);
      System.out.println("RABOTIII");
          System.out.println("Total results: " + totalResults);
      ctx.close();
      } catch (NamingException e) {
      e.printStackTrace();
  }It will ask for username and password
  type for example : [email protected] for username
  and password : TheSecretPassword
  where ISY.LOCAL is the name of kerberos realm.
  p.s. it is not good idea to use Administrator as login :)
  Edited by: JOKe on Sep 14, 2007 2:23 PM

• How to use Oracle partitioning with JPA @OneToOne reference?

  Hi!
  A little bit late in the project we have realized that we need to use Oracle partitioning both for performance and admin of the data. (Partitioning by range (month) and after a year we will move the oldest month of data to an archive db)
  We have an object model with an main/root entity "Trans" with @OneToMany and @OneToOne relationships.
  How do we use Oracle partitioning on the @OneToOne relationships?
  (We'd rather not change the model as we already have millions of rows in the db.)
  On the main entity "Trans" we use: partition by range (month) on a date column.
  And on all @OneToMany we use: partition by reference (as they have a primary-foreign key relationship).
  But for the @OneToOne key for the referenced object, the key is placed in the main/source object as the example below:
  @Entity
  public class Employee {
  @Id
  @Column(name="EMP_ID")
  private long id;
  @OneToOne(fetch=FetchType.LAZY)
  @JoinColumn(name="ADDRESS_ID")
  private Address address;
  EMPLOYEE (table)
  EMP_ID FIRSTNAME LASTNAME SALARY ADDRESS_ID
  1 Bob Way 50000 6
  2 Sarah Smith 60000 7
  ADDRESS (table)
  ADDRESS_ID STREET CITY PROVINCE COUNTRY P_CODE
  6 17 Bank St Ottawa ON Canada K2H7Z5
  7 22 Main St Toronto ON Canada     L5H2D5
  From the Oracle documentation: "Reference partitioning allows the partitioning of two tables related to one another by referential constraints. The partitioning key is resolved through an existing parent-child relationship, enforced by enabled and active primary key and foreign key constraints."
  How can we use "partition by reference" on @OneToOne relationsships or are there other solutions?
  Thanks for any advice.
  /Mats

  Crospost! How to use Oracle partitioning with JPA @OneToOne reference?

• HT1338 Purchased a used macbook pro with Mountain Lion. My old Mac runs Snow Leopard is backed up to Time machine. How do I register the operating system to me and how do I use Time Machine to move my files to the new used computer?

  Purchased a used macbook pro with Mountain Lion. My old Mac runs Snow Leopard is backed up to Time machine. How do I register the operating system to me and how do I use Time Machine to move my files to the new used computer?

  If you look at the User Tips tab, you will find a write up on just this subject:
  https://discussions.apple.com/docs/DOC-4053
  The subject of buying/selling a Mac is quite complicated.  Here is a guide to the steps involved. It is from the Seller's point of view, but easily read the other way too:
  SELLING A MAC A
  Internet Recovery, and Transferability of OS & iLife Apps
  Selling an Old Mac:
  • When selling an old Mac, the only OS that is legally transferable is the one that came preinstalled when the Mac was new. Selling a Mac with an upgraded OS isn't doing the new owner any favors. Attempting to do so will only result in headaches since the upgraded OS can't be registered by the new owner. If a clean install becomes necessary, they won't be able to do so and will be forced to install the original OS via Internet Recovery. Best to simply erase the drive and revert back to the original OS prior to selling any Mac.
  • Additionally, upgrading the OS on a Mac you intend to sell means that you are leaving personally identifiable information on the Mac since the only way to upgrade the OS involves using your own AppleID to download the upgrade from the App Store. So there will be traces of your info and user account left behind. Again, best to erase the drive and revert to the original OS via Internet Recovery.
  Internet Recovery:
  • In the event that the OS has been upgraded to a newer version (i.e. Lion to Mountain Lion), Internet Recovery will offer the version of the OS that originally came with the Mac. So while booting to the Recovery Disk will show Mountain Lion as available for reinstall since that is the current version running, Internet Recovery, on the other hand, will only show Lion available since that was the OS shipped with that particular Mac.
  • Though the Mac came with a particular version of Mac OS X, it appears that, when Internet Recovery is invoked, the most recent update of that version may be applied. (i.e. if the Mac originally came with 10.7.3, Internet Recovery may install a more recent update like 10.7.5)
  iLife Apps:
  • When the App Store is launched for the first time it will report that the iLife apps are available for the user to Accept under the Purchases section. The user will be required to enter their AppleID during the Acceptance process. From that point on the iLife apps will be tied to the AppleID used to Accept them. The user will be allowed to download the apps to other Macs they own if they wish using the same AppleID used to Accept them.
  • Once Accepted on the new Mac, the iLife apps can not be transferred to any future owner when the Mac is sold. Attempting to use an AppleID after the apps have already been accepted using a different AppleID will result in the App Store reporting "These apps were already assigned to another Apple ID".
  • It appears, however, that the iLife Apps do not automatically go to the first owner of the Mac. It's quite possible that the original owner, either by choice or neglect, never Accepted the iLife apps in the App Store. As a result, a future owner of the Mac may be able to successfully Accept the apps and retain them for themselves using their own AppleID. Bottom Line: Whoever Accepts the iLife apps first gets to keep them.
  SELLING A MAC B
  Follow these instructions step by step to prepare a Mac for sale:
  Step One - Back up your data:
  A. If you have any Virtual PCs shut them down. They cannot be in their "fast saved" state. They must be shut down from inside Windows.
  B. Clone to an external drive using using Carbon Copy Cloner.
  1. Open Carbon Copy Cloner.
  2. Select the Source volume from the Select a source drop down menu on the left side.
  3. Select the Destination volume from the Select a destination drop down menu on the right
  side.
  4. Click on the Clone button. If you are prompted about creating a clone of the Recovery HD be
  sure to opt for that.
  Destination means a freshly erased external backup drive. Source means the internal
  startup drive. 
  Step Two - Prepare the machine for the new buyer:
  1. De-authorize the computer in iTunes! De-authorize both iTunes and Audible accounts.
  2, Remove any Open Firmware passwords or Firmware passwords.
  3. Turn the brightness full up and volume nearly so.
  4. Turn off File Vault, if enabled.
  5. Disable iCloud, if enabled: See.What to do with iCloud before selling your computer
  Step Three - Install a fresh OS:
  A. Snow Leopard and earlier versions of OS X
  1. Insert the original OS X install CD/DVD that came with your computer.
  2. Restart the computer while holding down the C key to boot from the CD/DVD.
  3. Select Disk Utility from the Utilities menu; repartition and reformat the internal hard drive.
  Optionally, click on the Security button and set the Zero Data option to one-pass.
  4. Install OS X.
  5. Upon completion DO NOT restart the computer.
  6. Shutdown the computer.
  B. Lion and Mountain Lion (if pre-installed on the computer at purchase*)
  Note: You will need an active Internet connection. I suggest using Ethernet if possible because
  it is three times faster than wireless.
  1. Restart the computer while holding down the COMMAND and R keys until the Mac OS X
  Utilities window appears.
  2. Select Disk Utility from the Mac OS X Utilities window and click on the Continue button. 
  3. After DU loads select your startup volume (usually Macintosh HD) from the left side list. Click
  on the Erase tab in the DU main window.
  4. Set the format type to Mac OS Extended (Journaled.) Optionally, click on the Security button
  and set the Zero Data option to one-pass.
  5. Click on the Erase button and wait until the process has completed.
  6. Quit DU and return to the Mac OS X Utilities window.
  7. Select Reinstall Lion/Mountain Lion and click on the Install button.
  8. Upon completion shutdown the computer.
  *If your computer came with Lion or Mountain Lion pre-installed then you are entitled to transfer your license once. If you purchased Lion or Mountain Lion from the App Store then you cannot transfer your license to another party. In the case of the latter you should install the original version of OS X that came with your computer. You need to repartition the hard drive as well as reformat it; this will assure that the Recovery HD partition is removed. See Step Three above. You may verify these requirements by reviewing your OS X Software License.

• Client Certificate Mapping authentication using Active Directory across trusted forests

  Hi,
  We currently have a setup where the on-premises environment and the cloud environment are based on two separate forests linked by a 1-way trust, i.e., the exist in the on-premises AD and the 1-way trust allows them to use their
  credentials to login to a cloud domain joined server. This works fine with the Windows authentication.
  We are now looking at implementing a 2-Factor authentication using Certificate. The PKI infrastructure exists in the On-Premises Forest. The users are able to successfully login to on-premise servers configured with "AD CLient Certificate
  Mapping".
  However, we are unable to achieve the same functionality on the cloud domain joined servers. I would like to know
  1. Is this possible?
  2. If yes, what do we need to do to make this work.
  Just to clarify, we are able to authenticate using certificates by enabling anonymous authentication. However, we are unable to do the same after turning on "Client Certificate Mapping authentication using Active Directory"

  1. Yes!
  2. Before answering this I need to know if your are trying to perform a smart card logon on a desktop/console or if you just want to use certificate based authentication in an application like using a web application with client certificate requirements
  and mapping?
  /Hasain
  We will eventually need it for smartcard logon on to desktop/console. However, at present, I am trying to use this for certificate based authentication on a web application.
  To simulate the scenario, I setup up two separate forests and established a trust between them.
  I then setup a Windows PKI in one of the forests and issued a client certificate to a user.
  I then setup a web server in both the forests and configured them for anonymous authentication with Client SSL requirement configured.
  I setup a test ASP page to capture the Login Info on both the servers.
  With the client and the server in the same forest, I got the following results
  Login Info
  LOGON_USER: CORP\ASmith
  AUTH_USER: CORP\ASmith
  AUTH_TYPE: SSL/PCT
  With the client in the domain with the PKI and the server in the other Forest, I got the following response
  Login Info
  LOGON_USER:
  AUTH_USER:
  AUTH_TYPE: 
  I tried the configuration with the Anonymous Authentication turned off and the AD CLient Certificate mapping turned on.
  With the client and the server in the same forest, I am able to login to the default page. However, with the server in a trusted forest, I get the following error.
  401 - Unauthorized: Access is denied due to invalid credentials.
  You do not have permission to view this directory or page using the credentials that you supplied