Using smc to manage users in a different container or suffix

Similar Messages

• Howto monitor a DPS wihtout using the proxy manager user by ldapsearch

  Hi,
  I want to provide some monitoring scripts to our monitoring team, but don't want to give them the Proxy manager user credentials to bind to the cn=monitor tree.
  I was wondering if there is some kind of work-around for this.
  I tried to create a datasource that references localhost, but that doesn't seem to work ... Or I'm failing to do so.
  Anyone get a clue ?
  DPS v6.3.1
  regards,
  Vincent

  Assuming that your middle tier is using a connection pool (the norm), the problem is that there is no relationship between a particular user's logical session and a physical database session. Each page the user hits in the application, for example, is potentially going to use a different connection from the connection pool and thus a different database session. And different users may be using the same database session just before and just after your user.
  In general, when you have this sort of architecture, you need to have instrumentation built into the middle tier application in order to get anything useful done, at least to the point that the middle tier can enable and disable tracing when it gets a connection from the pool for a particular logical user session. Otherwise, you could enable tracing for the entire database, which is going to be a significant overhead, and try to comb through dozens of trace files to figure out what sessions were related to your particular user, which is at a minimum likely to be a substantial undertaking.
  Justin

• Email profile uses Device Enrollment Manager user?

  Hello,
  I have an iOS device that was enrolled via the Apple Device Enrollment Program, using a Device Enrollment Manager account, and I have since deployed an email profile configuration policy to it.  After it received the policy now the account
  of the Device Enrollment Manager is locked in as the user in the email profile.  Is that normal behavior?  I thought that enrolling a device using a user who is a member of the Device Enrollment Management group would leave the device open for another
  user?
  Thanks!

  Hello, I was looking through TechNet a little more about this and unless I'm reading this wrong, which is certainly possible, it seems to suggest that you should be able to access company data as the end user using CYOD enrollment or a device enrollment
  manager enrollment scenario:
  User affiliation – Specifies how devices are enrolled.
  Prompt for user affinity – The device can be affiliated with a user during initial setup and could then be permitted to access company data and email as that user. This mode supports a number of scenarios:
  Corporate-owned personal device – “Choose Your Own Device” (CYOD) Similar to privately owned or personal devices but the administrator has certain privileges including permission to wipe, reset, administer, and unenroll the device. The
  device’s user can install apps and has most other permissions for device use where not blocked by management policy.
  Device enrollment manager account – The device is enrolled using a special Intune administrator account. It can be managed as a private account, but only a user who knows the enrollment manager credentials can install apps, wipe, reset,
  administer, and unenroll the device. For information about enrolling a device shared by many users through a common account, see
  Enroll corporate-owned devices with the Device Enrollment Manager in Microsoft Intune.
  No user affinity – The device is user-less. Use this affiliation for devices that perform tasks without accessing local user data. Apps requiring user affiliation are disabled or won’t work.
  With this in mind, since accessing corporate data as the user is supported with CYOD and device enrollment manager, I can't imagine that the intention of the device enrollment managers (DEM) group was designed so when a device is enrolled with a DEM
  user that only data for that DEM user is available, right?  That just wouldn't make sense.  Also, if enrolling a device using a DEM user account is only for devices that don't need access to corporate data, then what's the difference between enrolling
  a device using a DEM user, or enrolling a device with "No user affinity"?  Also, when I've enrolled a device using a DEM account, I was later easily able to install apps with no prompt for DEM credentials, TechNet seems to imply that credentials
  are needed for functions like that.  Shouldn't something have asked me for permission to install an app?

• Using owa_cookie to manage user browser sessions

  Hi,
  I need to build a check in my HTMLDB application that rejects user from logging in multiple times.
  There have been several threads and discussions regarding the concept of "active" user session, and from what I gather, in general there is no way to capture the action of closing the browser by simply hitting the close button in IE. (Please correct me if I'm wrong)
  I am wondering if it is possible to use a session cookie to do this? Since a session cookie is automatically removed on closing the browser, can you build an application level process (fired upon authentication) that checks for cookie existence, and rejects login if there is already a cookie (ie. if there is another browser window open)?
  I have tried this by having an application level process similar to this:
  DECLARE
  return_cookie owa_cookie.cookie;
  current_session_num PLS_INTEGER;
  BEGIN
  return_cookie := owa_cookie.get('test');
  current_session_num := return_cookie.vals(1);
  IF current_session_num = 1 THEN
  /* CODE TO REJECT LOGIN */
  END IF;
  EXCEPTION
  WHEN no_data_found THEN
  owa_util.mime_header('text/html', FALSE);
  owa_cookie.send (name => 'test'
  ,value => 1
  owa_util.http_header_close();
  But it doesn't seem to work, it always goes to the exception block no matter how many browser windows I have open.
  Any thoughts?
  Thanks,
  Ivan

  Ivan,
  Is there a reason you are putting this cookie code in an application level process rather than in the authentication scheme? Scott Spadafore will correct me if I'm wrong, but I fairly certain that that's where you want to put any authentication related logic.
  Sergio

• SMC - "The management domain file...does not exist"

  Hi All,
  Just a quickie to see if anyone has seen this and has any pointers to getting out of it...
  Solaris 10 u5 x86. Machine has got SRSS4.0 running on it, the only other modification is CUPS is running in favour of the Solaris lp stuff (got instructions for this off a BigAdmin article).
  Anyways, I use SMC to manipulate user/group stuff on the local machine. SMC launches just fine, and I can gather System Information, view logs, disk configuration, processes etc. However, when attempting to do any user/group/role stuff management, I authentication with root role, click on the relevant panel, and get this:
  "The management server cannot perform the operation requested.
  If this problem persists, refer to the Log Viewer for additional information and contact your Sun Microsystems support provider.
  The actual error reported was:
  The management domain file:/shadowfire/127 does not exist or cannot be managed on server shadowfire."
  The behaviour is consistent. Gee, it was running fine before, AFAIK...
  Any pointers to what may have come unstuck gratefully appreciated, as always :)
  Dave

  I came across the same problem late July almost same day - on a brand new M4000 server with Solaris 10. I use an X-windows client to connect in and open Common Desktop Environment as "root". Then when I invoke SMC it works for everything except trying to open User Maintenance - then I get the error above.
  I came across something quite by accident whilst I was being advised to make edits to /etc/hosts (which I dont think made a difference anyway so I wont mention them)
  If I use my X-Windows client and open Common Desktop Environment as an ordinary user (say "joe") - then invoke SMC from the menu - when asked by the SMC utility to provide a logon then (as you would) enter the root username and password, guess what ! - I could open the User Maintenance icon without the error appearing and make changes and save them.
  Funny how a less privileged user than root invoking CDE seems to provide a basis to get the option to work! I still get the error by using CDE as root
  Wanna Try it?

• SSO and how to Managing User Roles/Privileges with Forms using Oracle db

  We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
  In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
  Questions:
  -- Do we have to create users/passwords in both OID and application database?
  -- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
  Any advice and/or direction would be greatly appreciated.
  Thank you,
  Mika
  Edited by: user11846198 on Sep 1, 2009 1:41 PM
  Edited by: user11846198 on Sep 1, 2009 1:53 PM

  Yes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
  Greetings.

• I need your help with a decision to use iPhoto.  I have been a PC user since the mid 1980's and more recently have used ACDSee to manage my photo images and Photoshop to edit them.  I have used ProShow Gold to create slideshows.  I am comfortable with my

  I need your help with a decision to use iPhoto.  I have been a PC user since the mid 1980’s and more recently have used ACDSee to manage my photo images and Photoshop to edit them.  I have used ProShow Gold to create slideshows.  I am comfortable with my own folder and file naming conventions. I currently have over 23,000 images of which around 60% are scans going back 75 years.  Since I keep a copy of the originals, the storage requirements for over 46,000 images is huge.  180GB plus.
  I now have a Macbook Pro and will add an iMac when the new models arrive.  For my photos, I want to stay with Photoshop which also gives me the Bridge.  The only obvious reason to use iPhoto is to take advantage of Faces and the link to iMovie to make slideshows.  What am I missing and is using iPhoto worth the effort?
  If I choose to use iPhoto, I am not certain whether I need to load the originals and the edited versions. I suspect that just the latter is sufficient.  If I set PhotoShop as my external editor, I presume that iPhoto will keep track of all changes moving forward.  However, over 23,000 images in iPhoto makes me twitchy and they are appear hidden within iPhoto.  In the past, I have experienced syncing problems with, and database errors in, large databases.  If I break up the images into a number of projects, I loose the value of Faces reaching back over time.
  Some guidance and insight would be appreciated.  I have a number of Faces questions which I will save for later. 

  Bridge and Photoshop is a common file-based management system. (Not sure why you'd have used ACDSEE as well as Bridge.) In any event, it's on the way out. You won't be using it in 5 years time.
  Up to this the lack of processing power on your computer left no choice but to organise this way. But file based organisation is as sensible as organising a Shoe Warehouse based on the colour of the boxes. It's also ultimately data-destructive.
  Modern systems are Database driven. Files are managed, Images imported, virtual versions, lossless processing and unlimited editing are the way forward.
  For a Photographer Photoshop is overkill. It's an enormously powerful app, a staple of the Graphic Designers' trade. A Photographer uses maybe 15% to 20% of its capability.
  Apps like iPhoto, Lightroom, Aperture are the way forward - for photographers. There's the 20% of Photoshop that shooters actually use, coupled with management and lossless processing. Pop over to the Aperture or Lightroom forums (on the Adobe site) and one comment shows up over and over again... "Since I started using Aperture/ Lightroom I hardly ever use Photoshop any more..." and if there is a job that these apps can do, then the (much) cheaper Elements will do it.
  The change is not easy though, especially if you have a long-standing and well thought out filing system of your own. The first thing I would strongly advise is that you experiment before making any decisions. So I would create a Library, import 300 or 400 shots and play. You might as well do this in iPhoto to begin with - though if you’re a serious hobbyist or a Pro then you'll find yourself looking further afield pretty soon. iPhoto is good for the family snapper, taking shots at birthdays and sharing them with friends and family.
  Next: If you're going to successfully use these apps you need to make a leap: Your files are not your Photos.
  The illustration I use is as follows: In my iTunes Library I have a file called 'Let_it_Be_The_Beatles.mp3'. So what is that, exactly? It's not the song. The Beatles never wrote an mp3. They wrote a tune and lyrics. They recorded it and a copy of that recording is stored in the mp3 file. So the file is just a container for the recording. That container is designed in a specific way attuned to the characteristics and requirements of the data. Hence, mp3.
  Similarly, that Jpeg is not your photo, it's a container designed to hold that kind of data. iPhoto is all about the data and not about the container. So, regardless of where you choose to store the file, iPhoto will manage the photo, edit the photo, add metadata to the Photo but never touch the file. If you choose to export - unless you specifically choose to export the original - iPhoto will export the Photo into a new container - a new file containing the photo.
  When you process an image in iPhoto the file is never touched, instead your decisions are recorded in the database. When you view the image then the Master is presented with these decisions applied to it. That's why it's lossless. You can also have multiple versions and waste no disk space because they are all just listings in the database.
  These apps replace the Finder (File Browser) for managing your Photos. They become the Go-To app for anything to do with your photos. They replace Bridge too as they become a front-end for Photoshop.
  So, want to use a photo for something - Export it. Choose the format, size and quality you want and there it is. If you're emailing, uploading to websites then these apps have a "good enough for most things" version called the Preview - this will be missing some metadata.
  So it's a big change from a file-based to Photo-based management, from editing files to processing Photos and it's worth thinking it through before you decide.

• How can I use Windows IAS to validate WLC management users?

  I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.
  I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.
  The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
  Event Type: Information
  Event Source: IAS
  Event Category: None
  Event ID: 1
  Date:  09/02/2011
  Time:  11:06:06
  User:  N/A
  Computer: UK01DC07
  Description:
  User xxxxxx was granted access.
  Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxx
  NAS-IP-Address = 10.10.45.210
  NAS-Identifier = UK03NM01
  Client-Friendly-Name = UK03NM01
  Client-IP-Address = 10.10.45.210
  Calling-Station-Identifier = <not present>
  NAS-Port-Type = <not present>
  NAS-Port = <not present>
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = UK03NM01 - login
  Authentication-Type = PAP
  EAP-Type = <undetermined>
  But, the WLC log shows:
  *Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
  The WLC just returns the login screen
  Any thoughts?
  Thanks in advance
  Richard

  Event viewer shows :
  Event Type: Information
  Event Source: IAS
  Event Category: None
  Event ID: 1
  Date:  10/02/2011
  Time:  08:49:39
  User:  N/A
  Computer: UK01DC07
  Description:
  User xxxxxxxx was granted access.
  Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx
  NAS-IP-Address = 10.10.45.210
  NAS-Identifier = UK03NM01
  Client-Friendly-Name = UK03NM01
  Client-IP-Address = 10.10.45.210
  Calling-Station-Identifier =
  NAS-Port-Type =
  NAS-Port =
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server =
  Policy-Name = UK03NM01 - login
  Authentication-Type = PAP
  EAP-Type =
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  Data:
  0000: 00 00 00 00               ....   
  and IAS log shows:
  "UK01DC07","IAS",02/10/2011,08:49:39,1,"xxxxxxxx","TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,"UK03NM01","10.10.45.210",,0,"10.10.45.210","UK03NM01",,,,,,7,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
  "UK01DC07","IAS",02/10/2011,08:49:39,2,,"TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,,,,0,"10.10.45.210","UK03NM01",,,,,,2,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
  It appears to me that IAS checks and passes the username/password as being valid but this response is ignored by the WLC
  Richard

• Can 2 different users with 2 different Iphones use the same itunes to backup each phone separately? if not how can I have a backup for 2 different iphones on the same laptop?

  can 2 different users with 2 different Iphones use the same itune program to backup each phone separately? if not how can I have a backup for 2 different iphones on the same laptop?

  Here is your answer:
  http://support.apple.com/kb/HT1495

• How can you use iMessage between 3 iPads with 3 different users but only one Apple ID?

  how can you use iMessage between 3 iPads with 3 different users but only one Apple ID?

  No you do not need separate Apple ID's in order to use 3 devices with one Apple ID. I use 4 devices to Message and FaceTime and all use the same Apple ID. You do need to add additional email addresses for the other devices.
  Look at this very informative video for the instructions.
  http://macmost.com/setting-up-multiple-ios-devices-for-messages-and-facetime.htm l

• Why can't two different users use Itunes on the same computer with different log ins

  Why can't two different users use Itunes on the same computer with different log ins

  Pmorgan5672 wrote:
  Why can't two different users use Itunes on the same computer with different log ins
  They can, but not at the same time.
  If one user left iTunes running, and another user tries to use iTunes from a different Windows user ID, that second user will get an error message.  If they really want to use iTunes, they either have to beg the first user to log in and close iTunes, or else they have to restart the computer.
  If you are asking the technical reason why, it is something about context switching.

• How to use "User Events" in different parts of an application

  Hi,
  "You programmatically can create and name your own events, called user events, to carry user-defined data. Like queues and notifiers, user events allow different parts of an application to communicate asynchronously. You can handle both user interface and programmatically generated user events in the same Event structure."
  What you read was part of labview 7.1 user manual ( Chapter 9 - pg.12 ). I've some problems with the underlined sentence. I hope someone can help me.
  When using Queues, the programmer may use a named queue everywhere in the application. there is no need to wire queue reference among VIs or using global variables to store queue reference. the name of the queue will be all that you need. I wonder if it is also possible with a event refnum that is the output of "Register for Event" node. As far as I've tested. the answer is Negative! I tried to copy-paste refnum in front panels and using the same name. but there is no connection between event refnums.
  LV User manual claims that user events can be used like queues, but it doesn't seem so.
  Does anybody have an idea?
  Best Regards.

  I didn't look at Damien Gray's presentation recently, but if I remember it correctly, it is on a much higher level than what I meant, because it refers to LARGE application. This is a very simple one.
  Using a functional global is not problematic CPU-wise, nor memory wise (unless you get into really big data structures, like hundreds of MBs), so you shouldn't be afraid to use it. I'm also not sure why you're afraid of the loop. The loop is only there to "hold" the USR. It only runs once. If you want, you can replace it with a for loop that runs once. I've recently learned that apparently, you can also get rid of the loop and use a local variable (look at the example called XY chart) instead of a USR. I don't think a local variable should have any more impact than a USR, but that needs to be tested. It can definitely be more convenient for some VIs where you don't have to wire the SR through the entire VI.
  Anyway, you will need to have an "obtain ref" VI which will hold a 1D array of names and a corresponding array of refs. Then, you search the array for the name, and if it finds the name, it extracts the correct reference. You will also need a way to input references and names into the array and possibly a way to empty the array. You may need to have 2 levels - the inner VI will be the LV2 VI and the parent will be the obtain ref\fill array\close VI. You will need some error handling as well - what happens if you search for a name and it can't be found and so on...
  Hope this helps.
  Try to take over the world!

• Use emails and adress book from a different user

  I bought a new Imac and start using it.
  Then when I tryed to restore the back up that I have on my other macbook, that I did on Time Machine, it went to a different user.
  Now I have 2 users.
  There are 2 apps that I can not use with me new user (Things and Email-direct) and can not acess mail and adress book from the other.
  I have already install everything on my new account. What should I do to use the email and adress from my different user account?

  No problem except for a minor nuisance when it's time to update the apps.  Depending on how you do it, you might need to log out and back in again but, in any case, you must have both passwords.
  The iTunes library can hold purchases made with multiple Apple IDs as can the iPod.

• Using user exit. ( LVMPTZZ, LVKMPFZ1). used in Credit Management

  Hi
  How to find  using user exit. ( LVMPTZZ, LVKMPFZ1). used in Credit Management .
  Plz provide path
  Regards
  Rohit

  Hi,
  You can find exits through transactions# SMOD & CMOD also.
  Regards
  Chandra

• JES Access Manager User Creation for Messanger

  Hi Everyone
  I installed JES 2005 Q4 on Solaris 10 x86 with schema 2 and Access Manager 7. The Directory Tree is as follows:
  Sol1.nucleussoftware.com:389
  dc=nucleussoftware,dc=com (34 acis)
  DSAME Users
  Internet
  People
  Groups
  Client Data
  services
  nucleussoftware.com
  People
  Groups
  o=Netscape Root (3 acis)
  cn=Schema (6 acis)
  cn=monitor (5 acis)
  cn=config (4 acis)
  Organization DN when I ran "configutil" after running comm_dssetup.pl, was specified o=nucleussoftware,dc=nucleussoftware,dc=com
  This is fresh installation and not any migration.
  Now I create user from Access Manager, http://sol1.nucleussoftware.com/amserver
  There are two organizations 1. Nucleussoftware and 2. Nucleussoftware->nucleussoftware.com
  So I have two locations to create users in People.
  When I create user from Access Manager and try to login into WebMail, I get Login Failed.
  But when I open "startconsole" or "mpsconsole" and open Messaging Server Console and in new user's property, Account Attribute, I mark the check box, and now try to login into WebMail, I get error message, "Mailbox is on a different server".
  I am missing one attribute that I used to get with schema 1 on iPlanet 5.2 for any user, Mail Server Address.
  Please tell me the exact method of creating a user for Messaging.
  Regards
  Amit Bist

  Access Manager was never intended to create working mail users. The Delegated Admin package is provided as part of JES, and that's what it is for, to manage users and groups. There's both a web interface, and a command-line interface, "commadmin"
  Or, you can examine the ldap entries for the automatically created accounts, and duplicate that. Messaging doesn't really care how the ldap entries get done, just so that they are done correctly.