LCC and LDAP
Hello
Is it possible to integrate companies to lower COSTS and LDAP?
There may be samples of it?
Thank you in advance,
Kioshin10
Hello and sorry for the delay.
It is possible to integrate companies low-cost with LDAP, but we do not have a concrete example of how to do it. You must use external authentication API and we have a few examples of how to create a valid authentication given a username token and a unique id.
Basically, it is the case:
-your client authenticates in your LDAP system on your back-end server (via a HTML form or a Flash application that interacts with your server).
-Once authenticated, you take a 'unique identifier' your LDAP "record" (the uid, gid/uid or possibly unique name but I wouldn't recommend that) and the user name and use it to generate a token for a specific session authentication in a room.
-and then send you the token to your Flash/Flex client or to start a Flash/Flex client that will connect to the specified room and authenticate with this token.
In general, ACC does not require strict integration with your authentication system. Log into your system and then generate a signed token that tells companies to lower COSTS that the user 'exploit' this token is a valid user who was allowed access to a specific room.
Anyway, please check the documentation and samples for external authentication and if you have any specific questions, or you enter the implementation details and need more help, feel free to ask here.
Tags: Adobe LiveCycle
Similar Questions
-
AnyConnect user using the user certificate authentication and LDAP authentication
Hello
I'm trying to implement the Anyconnect VPN for my office. Now, I want the user to authenticate the user certificate based (which is install user local system are we) CN value and LDAP authentication. A help how to achieve this requirement. We install Certificate ROOT and INTERMEDIATE Godaddy and even already installed ASA. Also, we have the user certificate installed on each system user to authenticate the user.
Any help please.
Hi subhasisdutta,
This link will certainly help you with the configuration:
http://www.Cisco.com/c/en/us/support/docs/security/AnyConnect-secure-mob...
Hope this info helps!
Note If you help!
-JP-
-
Cisco VCS and LDAP for authentication of users
I have a question about setting up LDAP for authentication of the user on the VCS. I want to have redundancy in my LDAP link. I believe that this is possible by setting a FULL domain name to the address of the LDAP server, then selecting a type of SRV resolution. What I'm not clear on is what the value for the server address would be if I used actually as SRV type of resolution. I should also add that I am looking to use TLS
To clarify, if my AD domain name is myad.netcraftsmen.net. I have set the field as server address:
myad.netcraftsmen.NET: assuming that VCS properly interrogate the DNS for the _service._proto correct parameters?
or would I need to create an SRV record to that effect and set the field server address with the address (including the fields of _service._proto)
or I need to specify one of the SRV records formats used by MS AD areas (there are several).
If the latter, then what SRV record for TLS. I don't see records with port 389 (non-secure).
My intuition tells me that this is probably the first option, but I could be far away.
Anyway, thanks in advance for any input.
Kind regards
Bill
Hi William,.
I just checked it on a X6.1 VCS, and it seems that VCS searches SRV _ldap._tcp.domain (where 'domain' has been entered as the server address), both when the encryption is set to 'None' and 'TLS '.
Hope this helps,
Andreas
-
Hello
I configured a WLC to integrate with LDAP, it works fine when I use only one Active Directory server, but I have other users in the other Active Directory server. When I turn on both servers and some users try to log in with the second server WLC triggered for a little while it is impossible to set up the equipment nor the telnet that during that time, and users may not be authenticated more, I have to disable the server and then activate just one of them in the order users can connect again. I also saw this behavior when more than 4 users try to connect to the same access point at a time.
Anyone know why this is happening and how to avoid it?
Thank you very much for your help
Yes, it leads me to believe that your RADIUS is not configured correctly. I should make it clearer, but in order to make 802.1 x, you must have an IAS or ACS that extends from your ad (or LDAP, I suppose, but I am not sure that it is supported). You can't just point your controller to your ad, it does not work.
-
Here's my situation:
I try to connect a user through the 4402 wireless using an LDAP server for the SECURE network. VLAN for secure network is 102.
Security, LDAP (port 389) is authenticated and not anonymous.
Local wireless networks, (profile name) SECURE, no security layer 2, layer 3 is none, web strategy & authentication are checked. AAA Server LDAP Server tab listed under server 1 and only LDAP is listed under "used for authentication of the order.
Access point has a DHCP address, but the wireless still happens as without IP address limited connectivity.
Switch proCurve connected to the 4402 a 111 (native), 112 (SECURE) and 131 (GUEST) to shared resources. 112 & 131 do not exist on all other ports.Any help would be appreciated.StuStuart,
This looks like a DHCP problem. What VLAN is the WLAN in? I want to make sure you say sure is 102, but then later about 112 and 131. That provides DHCP for the WIFI network? What do you see when you rang a client of debugging < client="" mac="" addres=""> ?
-
Hello
I have two CAM HA and two CASES in HA.
I set up LDAP search to create role assignment rule.
In this configuration is only a windows server to find the properties of the user.
There is a problem when this servers Windows is out of service. There are configurations of attenuation when the server isn't here.
Thanks to you all.
The search server configs State LDAP use LDAP authentication provider. LDAP authentication provider says that you can have multiple entries in the unique field
LDAP
You can add LDAP authentication servers redundancy by recording several LDAP URL in the URL field of the server, separated by a space, for example:
LDAP://ldap1. ABC.com ldap://ldap2.abc.com ldap://ldap3.abc.com
-
MOVI with Mix AD and LDAP authentication?
Hi all
Is it possible to configure VCS for authentication in mode mix MOVI.
I have a situation in which some MOVI users are not in the ad.
Now I woul like authenticate this MOVI via the local ldap on the highway-VCS database.
Because I put all subarea them and area on the VCS-E with "verify the credentials" and authenticate the user MOVI via AD, works fine, no problem, but now I have the problem with the no user AD Movi.
Anbody has any idea?
any input appreciated.
Best regards
Georg
Hi, George,
It is possible but you need to use 2 separate VCS - C to do, where VCS - 1 c is attached to the AD domain and configured for NTLM for Video Movi/Jabber authentication requests for commissioning, and where the other VCS - C is configured to use the authentication of local/LDAP database for Video Movi/Jabber provisioning requests.
In addition, you need to create two separate records in MSD Provisioning directory, where a single folder houses users of the AD and the other folder is home users not AD.
Finally, you must configure the server setting internal on video Movi/Jabber, so that the AD users get their configuration in the VCS - C service which is configured for NTLM, while users non AD get their provisioning for the non - NTLM VCS - C configuration.
Now, if you bring a VCS-E in the mixture, so that the two AD and no AD users will be connecting via VCS-E, this will get a lot more complicated, since you would have to somehow ensure that provisioning a user AD request gets by proxy via NTLM - activated VCS - c while queries for configuration of users not AD get by proxy through the non - NTLM VCS - C. This could be done with smart search rules, but that requires that you have a URI scheme for your users to provisioning, which allows you to determine whether or not a request for service comes from a user AD.
In summary, it is possible, but it adds a significant administrative burden and would probably complicate troubleshooting a bit if it is still necessary and I strongly suggest you try instead of getting all the user provisioning in AD if possible.
Concerning
Andreas
-
authentication of remote access, vpn and ldap
I have a test environment with 2 hours fireval 5505: the first firewall is remote access VPN server and the Interior of this firewall is a network of domain with a domain controller, DNS server and a workstation. DHCP is disabled and the PC have a static address.outside of the VPN server is attached outside the other ASA 5505 firewall. on the inside of the firewall, there is a workstation.the workstation would be to connect via vpn for remote access on the domain network. I have configured the VPN server for remote access through a wizard and his
configuration is the following
Result of the command: "show running-config"
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
domain-name dri.local
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.13.74.5 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.30.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name dri.local
access-list inside_nat0_outbound extended permit ip any 192.168.50.0 255.255.255.240
access-list outside_access_in extended permit tcp 192.168.50.0 255.255.255.240 10.13.74.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.50.1-192.168.50.10 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.30.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record vpnldap
network-acl inside_nat0_outbound
aaa-server vpn protocol ldap
aaa-server vpn (inside) host 10.13.74.20
ldap-base-dn DC=DRI,DC=LOCAL
ldap-group-base-dn cn=test,cn=users,dc=dri,dc=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn cn=test,cn=users,dc=dri,dc=local
server-type microsoft
http server enable
http 10.13.74.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 10.13.74.9-10.13.74.40 inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy drivpn internal
group-policy drivpn attributes
dns-server value 10.13.74.20 10.8.2.5
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value dri.local
tunnel-group drivpn type remote-access
tunnel-group drivpn general-attributes
address-pool vpnpool
authentication-server-group vpn
default-group-policy drivpn
tunnel-group drivpn ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:1fc23fb20a74f208b3cde5711633ad3d
: end
When I tried to workstation on the internal part of the second firewall (no remote access vpn server) to connect to the vpn, everything is ok. I used the cisco vpn client, but I can't ping domain controller, workstation, I can't use the shared folder on them. Why?
Please help me
Thank you
Thanks for letting me know! Can you please give the station "answered"? Thank you!
-
12 c and LDAP for RAD formulas
Hello
I have problem with 12 c and OID (11.1.1.7) forms.
Usually, we stored all the connections of the db for forms in OID. I'm trying to configure forms to get the db connection but without a bit of luck.
Safety forms, there are 4 options:
(1) administration of OPSS forms resources
(2) administration of LDAP forms resources
(3) associations of Runtime LDAP forms
(4) migration of resources
In option 3), I managed to connect with the OID forms, but in the other three options 1, 2 and 4, I 'is not a valid connection. Correct entry of LDAP credentials to continue. »
I checked the credentials for sleep and the port of oid, everything is OK.
Anyone?
Concerning
Matthew
It is confirmed by the Oracle we have a bug here:
Bug 22336350 : CANNOT CREATE the RAD FOR FORMS 12 c WITH IDENTITY OID AS STORE
Concerning
-
vCenter 5.5 and LDAP authentication
Hello
I'm new on using vCenter and had a quick question about LDAP authentication. I installed vCenter as a device on my ESXI server and it seems to work fine, but when I connect the web client to vCenter I have no single sign on options to enable LDAP authentication
So I did some research and a few posts mentioned that I had to enable SINGLE sign-on, so I have it configured as embedded will be fine then another message mentioned that I needed set up AD authentication on the vCenter server and ensure that the host to vcenter name was in the area...
So I want to only LDAP authentication, I don't want to join my VMs to the domain. So am I missing something?
Thank you
To be able to configure SSO, connect on the Web Client using the [email protected] account. With this account, you will be able to add your AD/LDAP as an identity Source and configure the permissions on the objects of the vCenter Server inventory...
André
-
vCSA 5.5 integration of ads and LDAP
Can anyone throw any light on the process of connection that occurs when the vCSA performs and searching LDAP against a domain please? I'm working on a problem where the vCSA is unable to carry a link to the W2k8 Domain Controller LDAP. The unit joined the domain without problem create the necessary DNS entries and the AD computer account, and add the field in identity Sources works very well. The problem arises when we try to list the users/groups in the field with the 'customer MLD exception' error.
Having come off all the 'usual suspects' such as the connectivity of network/DNS, I have reduced the question until the actual LDAP connection between the field and the vCSA. Annoyingly, I have three environments, both work very well, we didn't. I need to be successful in what is causing the problem, so need to understand the process that is happening under the hood.
I figured it would be tied to the GPO setting to 'Require the signature' queries LDAP for controller of domain, but put even that in a work environment does not cause research to break.
Just to update on this, it seems that one of the environments 'work' really 'did not work"in that group policy (domain controller: LDAP signing) was not actually implemented correctly.
If you get the LDM client exception error when listing the users in the domain and using the vCSA, check group above policy (as it applied to your domain controllers).
-
Developer SQL and LDAP name resolution
We have a database service configured in LDAP (OID) to resolve one of the two sites, depending on whether it is running on the main server or standby. The connection details are in this format:
(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST=prodserver.company.com) (PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST=drserver.company.com) (PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = db.company.com)))
When sqlplus or TOAD withdraws this LDAP connection string, they connect correctly, try the second server as expected. When SQL Developer does this (connection defined as a type of LDAP connection) this works if the database is running in prodserver, but not drserver. During a recent exercise of DR failed to connect in SQL Developer with "ORA-12514: TNS listener doesn't know of service requested in connect descriptor."
In the Details pane of the connection of the properties of the connection, it seems that SQL Developer is the analysis on the first host of the connection string it receives from the LDAP and use it, never try the site of DR. My solution is to use a TNS connection type and put all of the string above in the login field. It's not ideal, because I'm ignoring LDAP, but it does not have this problem.
I'm interprets the behavior of SQL Develoepr correctly, and this sound, as does a bug (I'm under 3.2.20.09)?
Hi Brian,.
Recorded a bug:
Bug 17373236 - LDAP - does NOT REACH the FAILOVER/LOADBALANCED ADDRESS SECOND
You can work around this by using advanced url syntax:
You can use URLs advanced to use the syntax
http://download.Oracle.com/docs/CD/B28359_01/Java.111/b31224/URLs.htm#CHDBICFA
JDBC: thin: 7777/sales @ldap://ldap.acme.com, cn = OracleContext, dc = com
There is no thickness/OIC syntax as well (an old post - requires the installation of the additional oracle client)
JDBC:Oracle:OCI:username/password@CN=NAME_to_lookup,CN=OracleContext,DC=us,DC=Oracle,DC=com
-Turloch
Team SQLDeveloper
-
Hello
I'm about to start a new project, which will use the low-COST companies, and I am deciding what SDK should I use between 4.1 Flex and Flex 4.5. If I take the ACC for Flash Player 10.1 library (the last stable), is there a problem knowledge or incompatibilities if I use the most recent Flex 4.5, or is it better to use the older but more stable Flex 4.1?
Thanks a lot for your help!
Hi Oliver,.
I've been using 4.5 with 10.1 SDK, and I did not face any questions. 4.1 & 4.5 work fine with LCC
Thank you
Arun
-
Hello
Can I style components supply with CSS or itemrenderers should be used?
Thank you in advance,
Kioshin10
Hello
You can use both depending on your needs. All components of the CCA are written in AS3, and you can still use itemrenderers or CSS.
We used both for creating applications by using low-COST airlines. Even in the LCC code, you will find itemrenderers used in the list.
Similarly, if you want to set styles, you can use the CSS files and use it in your project.
Hope that clarifies things
Concerning
Hironmay Basu
-
How to retrieve AD and LDAP account of the person (about efficiency) accounts
Hi all
I was wondering if there is a more elegant way to search for a person and then their subsequent announcement and accounts LDAP in a script. Here is an example of my work and maybe an expert could chime with a better / more a recommended method.
Thank you
Dim dbPerson As ISingleDbObject
Dim LDAPAccount As ISingleDbObject
Dim ADSAccount As ISingleDbObject
Dim colPersons As IColDbObject
Dim colADSAccount As IColDbObject
Dim colLDAPAccount As IColDbObject
Dim UID_Person As String
colPersons = Connection.CreateCol ("Person")
colPersons.Prototype.PutValue ("CentralAccount", UCase (accessid))
colPersons.Load)
UID_Person = colPersons (0). GetValue ("UID_Person"). String
dbPerson = Connection.CreateSingle ("person", UID_Person)
'create the db LDAP object.
colLDAPAccount = Connection.CreateCol ("LDAPAccount")
colLDAPAccount.Prototype.PutValue ("UID_Person", UID_Person)
colLDAPAccount.Load)
LDAPAccount = colLDAPAccount (0). Create()
«create the db object ADS»
colADSAccount = Connection.CreateCol ("ADSAccount")
colADSAccount.Prototype.PutValue ("UID_Person", UID_Person)
colADSAccount.Load)
ADSAccount = colADSAccount (0). Create()
Hi Daueric,
You could probably clean it up a little bit but probably not much. To be more precise, I would like to know what you're passing in this script.
Some thoughts: I'm guessing your passing the central account as accessID. Can you pass the UID instead?
You use collections where it is not necessary. For example, when getting the UID of the central account you create a collection and use value and select the first item in the collection. Instead, you could get the UID directly:
Var f As ISqlFormatter = Connection.SqlFormatter
Dim UID As String = Connection.GetSingleProperty ("person", "UID_Person", _
f.Comparison ("CentralAccount", accessid, ValType.String, CompareOperator.Equal))Similarly, you expect a user to have several AD accounts? If not, you must use CreateSingle (now that you have the user ID of the person) and pass a GetSingleProperty for UID such as:
Var ADO as ISingleDbObject = Connection.CreateSingle ("ADSAccount" _
Connection.GetSingleProperty ("ADSAccount", "UID_ADSAccount" _
f.Comparison ("UID_Person", UID, ValType.String, CompareOperator.Equal)))Ditto for LDAP.
If you can be more specific on what spend you and what your goals are, I might be able to help more.
-Aaron
Maybe you are looking for
-
site of Kohl declined, can not read it.works on another browser
A week ago site kohl shrunk in size, unreadable.on internet browser explorer, the size is normal, I prefer to use mozilla firefox browser.how can solve this problem, I'm not high-tech thank you.
-
I brought the mouse and it has a deadline that will kill me. It happens under autocad with the middlebutton. Is there a solution? or I can take money back guarantee?
-
Windows Mail error "this language is no longer available for the control of the sale.
Original title: where is the dialog box options spelling? When I try to use the Windows Mail spelling checker, I get the message: This language is no longer available for the control of the sale.Please select another in the dialog box options spellin
-
Vista SP2 after installing Spooler SubSystem App stopped working and was closed
After installing Vista SP 1 and 2 my printers no longer work. the message that I get when the computer is "Spooler SubSystem App stopped working and was closed. A problem with the application to stop functioning properly. Windows will notify you if a
-
Hi, my Norton security has blocked several attack here on my computer.
I had several attempts to attack on my computer, my security system informs me, and when I ask for more details it gives me the IP numbers, where do I inform microsoft on these IP numbers so they can be traced. For the last two days, I had about 20 a