Management user for WLC via LDAP Possible?
Hi guys, just like the title suggests
Correct me if wrong Im:
The two GANYMEDE + and RADIUS can be used to access right management WLC?
Well how about you for LDAP? (In fact my answer to this is 'not possible', but I just want you to)
so is LDAP for managing the access to WLC supported?
If you look at the options when adding a RADIUS or radius server on a WLC is a checkbox for managing it to the admins to log on to each server radius or Ganymede, it has no option to do this with LDAP. When an administrator connects to a WLC using radius or Ganymede wil server sends a specific response saying that the admin can do (read only, read/write), LDAP does not as far as I know do that.
Hope this helps
Tags: Cisco Wireless
Similar Questions
-
Get the email of the user via LDAP
I would like to send an email via APEX whenever a request is rejected. I want to send to the user who made the request through the system. This user has been authenticated via LDAP (Active Directory) in another application, when he sent this request. Therefore, his e-mail address is located in the sound profile AD with that it authenticates. All applications are listed in a report in another application (which uses the same LDAP authentication scheme) where they can be reviewed, rejected or accepted. When the user clicks the button refuse, it updates the status of the query in the database and sends an e-mail message to a hardcoded email address. I want to send to the user who made the request.
Is it possible to use this LDAP session (because I'm connected to the application via LDAP, I take for granted that there must be an LDAP session valid in use), or what I need to connect to the server again? If it's the latter, then how can I do? I can't hard-code just my own credentials of the service, that would be nuts.
I thought I could use a script like this and call it in a process page, but I know I'm missing something.
Any ideas?create or replace function Get_Mail(p_user in varchar2) return varchar2 is l_attrs dbms_ldap.string_collection; l_message dbms_ldap.MESSAGE; l_entry dbms_ldap.MESSAGE; l_vals dbms_ldap.string_collection; l_user varchar2(256); l_user2 varchar2(256); l_mail varchar2(256); l_ldap_server varchar2(256) := '****'; l_domain varchar2(256) := '****'; l_ldap_port number := 389; l_retval pls_integer; l_session dbms_ldap.session; l_username varchar2(256) := NULL; l_password varchar2(256) := NULL; begin dbms_ldap.use_exception := TRUE; l_user2 := p_user||'@'||l_domain; l_user := l_username||'@'||l_domain; l_session := dbms_ldap.init (l_ldap_server, l_ldap_port); l_retval := dbms_ldap.simple_bind_s (l_session, l_user, l_password); l_attrs(1) := 'email'; l_retval := dbms_ldap.search_s (ld => l_session, base => '****', scope => dbms_ldap.scope_subtree, filter =>'&(userPrincipalName='|| l_user2 || ')(objectClass=user)', attrs => l_attrs, attronly => 0, res => l_message); l_entry := dbms_ldap.first_entry (ld => l_session, msg => l_message); l_vals := dbms_ldap.get_values (ld => l_session, ldapentry => l_entry, attr => l_attrs(1)); l_mail := l_vals(1); return l_mail; exception when others then begin dbms_output.put_line (' Erreur #' || TO_CHAR (SQLCODE)); dbms_output.put_line (' Message: ' || SQLERRM); l_mail := NULL; return l_mail; end; end Get_Mail;
Best regards
MathieuI found the solution, thanks to the work of John Edward Scott and Scott Spendolini "Pro Oracle Application Express". So, for those who are interested:
I created two types:
create or replace type ty_ldap_query as object( dn varchar2(200), attribute_name varchar2(100), attribute_value varchar2(100));
create or replace type tbl_ty_ldap_query as table of ty_ldap_query;
Next, I created the LDAPQuery routine:
create or replace function LDAPQuery( p_host in varchar2, p_port in varchar2, p_user in varchar2, p_password in varchar2, p_dn_base in varchar2, p_filter in varchar2, p_attributes in varchar2) return tbl_ty_ldap_query PIPELINED is v_result tbl_ty_ldap_query := tbl_ty_ldap_query(ty_ldap_query(NULL, NULL, NULL)); retval PLS_INTEGER; v_session DBMS_LDAP.SESSION; v_attrs DBMS_LDAP.string_collection; v_message DBMS_LDAP.MESSAGE; v_entry DBMS_LDAP.MESSAGE; v_dn VARCHAR2 (256); v_attr_name VARCHAR2 (256); v_ber_elmt DBMS_LDAP.ber_element; v_vals DBMS_LDAP.string_collection; b_first BOOLEAN := TRUE; v_dn_identifier VARCHAR2(200); v_attributes apex_application_global.vc_arr2; BEGIN retval := -1; DBMS_LDAP.use_exception := TRUE; v_session := DBMS_LDAP.init (p_host, p_port); retval := DBMS_LDAP.simple_bind_s (v_session, p_user, p_password); v_attributes := apex_util.STRING_TO_TABLE(p_attributes, ','); for i in (v_attributes.first)..(v_attributes.last) loop v_attrs(i) := v_attributes(i); end loop; retval := DBMS_LDAP.search_s (v_session, p_dn_base, DBMS_LDAP.scope_subtree, p_Filter, v_attrs, 0, v_message); retval := DBMS_LDAP.count_entries (v_session, v_message); v_entry := DBMS_LDAP.first_entry (v_session, v_message); WHILE v_entry IS NOT NULL LOOP v_attr_name := DBMS_LDAP.first_attribute (v_session, v_entry, v_ber_elmt); WHILE v_attr_name IS NOT NULL LOOP v_vals := DBMS_LDAP.get_values(v_session, v_entry, v_attr_name); IF v_vals.COUNT > 0 THEN FOR i IN v_vals.FIRST .. v_vals.LAST LOOP v_dn_identifier := dbms_ldap.GET_DN(v_session, v_entry); pipe row (ty_ldap_query(v_dn_identifier, v_attr_name, v_vals(i))); END LOOP; END IF; v_attr_name := DBMS_LDAP.next_attribute (v_session, v_entry, v_ber_elmt); END LOOP; v_entry := DBMS_LDAP.next_entry(v_session, v_entry); END LOOP; retval := DBMS_LDAP.unbind_s(v_session); END LDAPQuery;
And I asked it in this way:
select attribute_value from table(LDAPQuery('
', ' ', ' ', ' ', ' ', '&(!(logonCount=0)(objectClass=User)(sAMAccountName= ))', 'mail')) In the book he said I could do it (instead of using LDAP filters):
where dn = 'CN=jes,CN=Users,DC=domain,DC=localdomain'
But it wouldn't work for some reason any. In any case, it's working now.
Best regards
Mathieu -
Is it possible to configure the same user for 500 systems that run under XP & Win7?
Hello
About 500 systems are run under Windows XP & Windows7, is it possible to use the same user for all 500 systems?
Hi SupportRI,
Windows Live family safety is no longer manages the accounts of children using Windows Live ID Windows Live ID on behalf of the child is essentially used for the feature of managing contacts (restrictions on the use of Hotmail and Messenger). Currently, parental control can manage Windows users; However, if you have already configured a Windows Live ID account before the update, it will be always available. You can see the thread below for more information.
Where is the function of the safety Contact family management?
If you intend to use Windows Live Family Safety for all users of 500 to restrict the Internet connection, please note that parental control does not restrict the Internet and Web sites. You also have the option in the list of content filtering Web to apply the rules to all users under the Family Safety.
For more information on how you can install Windows Live Family Safety, please visit the link below.
Protect your kids with parental controls
Thank you!
-
For some pages only possible user permissions?
I have a customer that is interested in British Colombia, but I need to know if they can assign permissions change user for certain pages to certain users? For example lets say they have pages A B C D E F and they want Tom to be able to edit A B & C but not D E F and they need Sally to be able to change D E & F, but not B & C. Is this possible with BC?
Hello
The option is to use and to define a "workflow" for 'content approval' on every page.
Site settings-> manage workflows
"You can attach a workflow approval process to a web page or a model. When approval is attached to a web page or the model, all changes must be approved by users prior to the system before they go live. "To focus a workflow on an item, click the"More Options"link and choose a workflow."
Responsible for the site-> pages-> more options
I hope this helps!
-Sidney
-
The Task Manager XP for a user account.
How can I Manager tasks for a user reenble? Windows XP SP3.
DisableTaskMgrHKCUDefault range value data typeREG_DWORD 0 | 1 0DescriptionPrevents users from start Manager (Taskmgr.exe) tasks.This entry stores the group policy setting disable the Task Manager.Group Policy adds this entry to the registry with a value of 1 when youenable the policy. If you disable the policy or not configured valueGroup Policy deletes the entry from the registry and the system behaves likeIf the value is 0.Meaning of the value0 (or not in registry) the policy is disabled or not configured. Users canRun the Task Manager.1 users cannot run the Task Manager. If a user tries to start the task, one Managererror message indicating that a policy that prohibits the display.Task Manager lets users start and stop programs; monitor the performance oftheir computers; view and monitor all programs running on their computers,including services system; find the executable names of programs; and changethe priority of the process in which programs run.--..--"jisgwani" wrote in message news: 3d72d3a7-f6f1-4a4b-a940-7ab5b49a2756...> How can I reenble Manager of the tasks for a user? Windows XP SP3.> -
access vCOps and import users or groups from LDAP
Hello guys,.
I have a few Questions concerning the access of standard and custom of the vcops dashboards.
Do we not have to provide access to all users and groups in vcenter as shown in image 1 to give access to these groups and users for standard and custom dashboards?
How does the Protocol LDAP works in custom dashboard? How the custom dashboard can authenticate users accessing personalized dashboards?
Thank you
VK
Hi, VK,.
Access to vSphere UI is managed via vCenter credentials. Users need the vCenter Operations Manager user permission to access the user interface of vSphere.
The custom user interface does not use the credentials of vCenter. You can import the AD credentials via the LDAP protocol and set vC Ops to auto sync with your LDAP server.
-
Access to multiple repositories served via HTTP SVN. Authentication is done via LDAP. Firefox is able to save passwords for pop up dialog boxes provided by the SVN server for authentication. Periodically, I change my password for LDAP in Active Directory. When I access the SVN rest once again, I have change the password is entered in the dialog box, but Firefox do not ask me to update. Earlier (FF 3.x), Firefox asked me to update the password in the stored passwords. With FF 7.0.1 it does not prompt me for that and retains the old password.
Original description:
Let's say that I kept the password for some sites. As time goes by, I change the password on this site. Now, the next time I connect, password manager offers to enter my old information. I type in my password and enter the site. Earlier (FF 3.x), Firefox asked me to update the password in the stored passwords. With FF 7.0.1 it does not prompt me for that and retains the old password.
OK, I feel like a fool. Turns out that the HTTP Server was in the list of exceptions, but under his own 192.168.X.X IP address rather than the hostname of our SVN server resolved internally. I missed which I was looking for the host name. Once I removed the IP address of the exceptions list entry, the problem has been resolved.
-
How do to transfer pdf stored in my generation iBook app for mac via airdrop ipad4
How do to transfer pdf stored in my generation iBook app for mac via airdrop ipad4
Hey k_ahlad,
It is not possible to share a PDF in iBooks using airdrop. You can, however, send a PDF by email from your iPad. See this help page - read a PDF - iPad User Guide
Specifically -.
Send a PDF file. With the document PDF is open, press on , and then select send.
Thank you for using communities of Apple Support.
Calculation of the happy.
-
About WLC 4402 LDAP client authentication
Hello
I'm install a WLC 4402, the client wants to authenticate users with the LDAP and what he expected to use current users in AD, however
I just read some documents as reference 'Local EAP authentication server on the Wireless LAN Controller with EAPFAST and LDAP
Configuration example"and «Web authentication via LDAP on LAN Protocol wireless controllers (WLCs) example Configuration»Require both the then to define a new OU and define a new user and select anonymous feature of Bind.
My question is, should I add all current on AD users on the new ORGANIZATIONAL unit in order to be authenticated as a wireless client?
I hope that someone of you can clear my doubt
Kind regards
Note that LDAP with AD requires no methods EAP-mschapv2. If you can't do PEAP-mschapv2 with AD as LDAP backend. EAP-FAST EAP-FAST (GTC) and no EAP-FAST (mschapv2). It is a limitation due to the way in which AD works in LDAP mode.
The anonymous bind is not required at all, that it is to be like this in the example. Usually, anonymous bind is not allowed by default on the current version of windows server.
You are not forced to push all the users in an OU. Simply give a search base DN to the WLC where the WLC can reach all customers on AD. If all your users organizational units are at the root of your domain, you will need to give "DC = domain, DC = com" as base DN and it means that each search will arrive on your entire ad, which isn't super effective. That's all.
Nicolas
-
Hi all:
I wonder if it is possible to assign a static IP address to a VPN user. Authentication is done via LDAP, and I saw on the LDAP server, there is an area where you can configure an IP address, is it possible to read it and assign to user ASA or it must be configured on ASA?
Thank you very much
Francisco
Yes, it is possible.
Here is an example of configuration:
Hope that helps.
-
Hello
I'm trying to configure the Management Pack for vCloud Director (Cloud Management Marketplace |) Solution Exchange) and I seem to be having trouble with the simplest thing. I have the Solution installed and configured for most, but for some reason usually reach out and join the vCD server, or have a kind of authentication problems. When I test the map with appropriate powers (local and LDAP in vCD), I get the error:
Cannot establish a connection on the target system. Logon failed! using Host = < FQDN > User = < adminuser > @System
The adapter puts the @System after him, or is this something so simple, that I'm more thinking than he. I'd be happy to post any kind of newspapers if needed, let me know what you need.
Thanks a ton!
You HAVE to put @system, as it should work with or without. the base public REST API URL is assigned within vCloud Director? See the manual page, installation 28...
Have you checked for ports Firewall open between the machine virtual analytical and vCloud Director host?
-
Management user per device license install.
If my organization creates a company account to manage users I'll be able to limit what the Admin users can see in the administration console? Scenario, I have a site that will have 6 computers under license by Adobe CC licensed 'per unit '. On this site, there will be a technician who will carry out the installation, so their account must have sufficient privileges. However, I need to limit the tech to have access or being able to see all other licenses that have been purchased in the past. Is this possible?
I'm sorry that the feature is not there.
Admins on the team account have the same rights except for billing which is limited to only the main Administrator information.
-
Toshiba E-Studio printer - want to manage user impression in HIGH-LEVEL
Hello
I have several Toshiba E-Studio printers and I want to manage user impression in HIGH-LEVEL (my users are in Active Directory in Windows 2003)
I tried but I can not connect department code with users of the AD and I keep getting my printed documents as invalid.
I hope someone here will know how to solve this problemThank you
I have fear of m in this forum you will not find the printer experts.
Most of the users here in this community are common for laptop / tablet or multimedia enthusiasts.But I found this page of Toshiba's interactive training manuals.
http://business.Toshiba.com/USA/support/training/index.html
These tutorials can help you learn how to perform various functions to your device e-STUDIO userIt might be useful for you.
-
How to run the Manager user interface programmatically
I am looking for a method to run programmatically (from Labview), the Manager user interface, and then to connect it.
Is there an API from .net to who?
Thank you
Note: I developed for earlier versions of VeriStand, a high-level application that manages projects of test benches and their versions. I want to update with the new manager of the user VeriStand interface.
It is not a .NET API to control UI Manager, but there are some command line utilities, you can use to launch the user interface Manager, open a specific project, specify the IP address of the gateway to use and connect automatically.
Try the following command line arguments:
/nivsprj 'c:\project.nivsprj' Gateway localhost / connect They are documented in the online profile of Stimulus help editor.
-
Can I add an another logon user, for the finger swipe SimplePass 2012?
Can I add an another logon user, for the finger swipe SimplePass 2012? I have an account, connect you with SimplePass 2012, but my wife does not work! I want so she is able to use my computer, but, to do so, she had have it me slide all the time! But, if it had its own log-in, it could slip into her own! If possible, very well! If not, then not much!
SimplePass is a HP product, not a Windows utility. I recommend that you check the faq from HP.
Maybe you are looking for
-
I have two copies of the Installer.app?
I have two copies of the Installer.app? When checking my monitor of activity because of the slowness, I have two applications installer which seem to be hogging cpu and memory. Can I safely remove a... do something corrupt that they are constantly r
-
Download El Capitan for older hardware?
I have a couple of mid/late 2007 MacBook Pro and an iMac of mid-2007. All are running Mavericks (10.9). This material is not eligible for macOS/Sierra. I would like to install El Capitan on each of them, but I can't find it anywhere. What should I do
-
How can I fix a folder that does not open
I have a subfolder that I need to be able to enter. Very important contact info. Help
-
I am frustrated because I know that the iPhone can connect to any Apple TV via Bluetooth to "auto set-up" but when it comes to linking in general, apple specifically denies this functionality to users. I would use this feature because I use my Apple
-
Re: Memory video Tecra A11 - 10 d
Hi all I have a Tecra A11 - 10 d and in windows it show that my graphics card uses the 1200 MB of RAM as shared video memory. I didn't need as much memory for my graphics card, I think 256 MB is enough tacking into account that the onboard card has 6