OEDQ integration with Active Directory - disable SSL
Hi mates,
I just installed OEDQ (latest version) on a Unix machine (deployed on WebLogic Server 10.3.6) but I have a few concerns:
- SSL communications -> is mandatory? I mean, I tried to expose dndirector via a Server Web Apache OHS admin page. I am able to access the page from admin in raw mode, but every time I try to access a specific feature (dashboard, user management, server configuration, etc.) I am redirected to https://< web-server-hostname >: < wls-server-ssl-port > / dndirector, if this is not what I expect. What's wrong? Moreover, if SSL is required, is there a way to expose the console via apache (avoiding any redirect)?
- OEDQ with Active Directory -> documentation- OEDQ integration with Active Directory - covers just Single Sign-on configuration (on the two Windows/Unix os). What about a simple configuration pointing to an external ldap? The documentation States the following statement:
It is also possible to configure OEDQ to work with servers of different directory for authentication of users and the identification of the user. For more information on the alternative configurations, "see"contact us" "
So, how can I achieve this?
Pointers?
Thanks in advance,
Marco
Marco
Here is an example configuration that can be used to integrate with AD. Create a folder called Security in your Disqualification configuration directory, and save the file in this folder as login.properties. There are a few supporinting of documentation online this process in aid of the Disqualification.
Here is the file, I'll add a few notes below:
realms = internal, adgss = false ad.realm = EXAMPLE.COMad.auth = ldapad.auth.bindmethod = digest-md5ad.auth.binddn = search: sAMAccountNamead.ldap.server = dc.example.comad.ldap.auth = simplead.ldap.user = [email protected] = testad.ldap.profile = adsldapad.ldap.prof.defaultusergroup = testgroupad.ldap.prof.useprimarygroup = false
The kingdoms line indicates that the 'internal' (Disqualification internal users such as dnadmin) Kingdom and the Kingdom of AD should be used. Once you are satisfied with the integration of ads you can remove the internal domain and use AD exclusively. The domain property sets the name of the field AD - here I used EXAMPLE.COM.
The server property sets the DNS name of the AD server. If omitted, it is looked up in the DNS.
The lines of the user and pw are used to connect to AD Disqualification.
The defaultusergroup line is the name of a LDAP group that contains all users who will use the Disqualification. The default value for this is domain users that contains usually much too many users.
Once it is setup and working, you can go to Setup user Disqualification and see a link to external groups that attach ad with Disqualification groups groups to assign permissions to users.
I hope this helps.
Richard
Tags: Fusion Middleware
Similar Questions
-
Integration with Active Directory OraHome92?
Let me first say that I have absolutely zero knowledge of all Oracle products, I don't know if I'm posting in the right forum, but I'm here, if I need to ask another forum please let me know.
Question:
We are Microsoft System administrators. We have a client that is running a very old application to the database on a Windows 2003 server. Currently they use a new database (Oracle, not), but the oracle database must accessible for research in history.The application works very well.
We plan to migrate the domain existing (Active Directory) to a couple of servers R2 2012.
The 2003 with oracle server is also a domain controller, and we do not want in our field of 2012R2 2003 domain controllers.
Our question is can demote us this domain controller and Orahome92 will work after the demotion?
Server 2003 is not the FSMO, the FSMO is a Windows Server 2008.
In other words, how Orahome92 integrates with Active Directory? Or isn't there any Active Directory integration and may us just demote the server and leave it to run as a member of the domain server?
Maybe you need more information about oracle, all I can say that the following services are running:
OracleMTSRecoveryService
OracleOraHome92TNListenerOracleServiceORCL
Oracle installed, but NOT running services:
OracleOraHome92Agent
OracleOraHome92ClientCache
OracleOraHome92HTTPServerOracleOraHome92PAgingServer
OracleOraHome92SNMPPeerEncapsulator
OracleOraHome92SNMPPeerMasterAgent
I hope sombody can give treatment of this or point us in the right direction.
I would not be protected by an export created like this. It is not a full export, is an export of the only pattern and you may need more than that if it is necessary to rebuild the database. In addition, it is not a coherent export which may make it unnecessary. I was running export something like this:
exp.exe System/sys@oracle_w3 complete file=d:\directory\\file.dmp = compliance = y
You may think it's all pretty awkward. The problem is that it is generally considered bad practice to install Oracle on a domain controller, unless you install as a member of the domain administrators group. I guess just like you do not have that, you can be able to downgrade the machine without affecting the database. But I don't really know, Windows security is a mystery to me.
-
ESX - integration with Active Directory: Kerberos?
Hi all
We set up the integration of ads for SSH on ESX 3.5 U3 accounts.
esxcfg-auth - enablead works very well:
esxcfg-auth - enablead - addomain = our.domain.com - addc = our.domain.com
For some reason, there was already an additional line in the configuration script: esxcfg-auth - enablekrb5
esxcfg-auth--enablekrb5--krb5realm=our.domain.com--krb5kdc=our.domain.com--krb5adminserver=our.domain.com
Things go awry as soon as the last command entered.
When you add a local account with this powershell command, we get this error:
New-VMHostAccount: 12/05/2009-10:17:11 new-VMHostAccount 52976ebb - 2 d 24
-f493-9aa3-bca7894ef581 a general error has occurred: passwd: Authenticate
mishandling symbolic ion
The local account is created, but the equivalent of Active Directory gets locked out, after several of these events:
Failed prior authentication
User name: USER-TEST
ID: DOMAIN\TEST-USER
Service name: kadmin/changepw
Pre-authentication type: 0x0
Error code: 0 x 19
Customer's address: 10.10.120.16
Now, I have two questions for you:
1 - does anyone how to solve the problem of blocking
2 East - -enablekrb5 necessary? What gives me extra in addition to enablead-
Thanks for your help!
Kind regards
Harold
enablekrb5 is not necessary. The enablead will set up your kerberos configuration to talk to ad. the krb5 option is used when you use a KDC that does not have active directory. In addition, when you create an account on the side ESX, it's pretty much an account without password. At least no password in UNIX file perspective shadow. Authentication works by checking the files local to the user name (since the announcement does not serve for the Pb of the user, only authentication), then check the password in the local files, which do not have a password, so failure, and continuing to the announcement through kerberos, for a successful verification. If you try to create an account with a password on the ESX system, then this is the problem. You don't need to put it, in fact, it must be without password, so without posting, the user can connect to the system via ssh not effectively or console.
-KjB
VMware vExpert
-
Integration with Active Directory or SSO OID?
We seek in our options of single sign-on integration with OBIEE Oracle EBS 11.5.10 on top. Currently we have MS Active Directory and Oracle Internet Directory with our users synchronized upward in both.
Can anyone recommend which is better for the OBIEE LDAP/SSO integration and provide the pros and cons of each? Thanks in advancePTRAN2,
If you have any OID then use with AD, you also an external table if you want to be able to define groups, CheminPortail etc. Groups and users can currently be imported, ad, only authenticated against it. It works fine but OID should be admin much more straightforward.
Ed
-
Passwords enable ISE device Administration (ACS) integrating with Active Directory
I'm working on a standalone application ISE and running into a problem where the password to enable for a device is not shoot properly. I have the original connection related AD and I policy conditions/results/sets all as they should be working. My test run is a 2960 S. I tried to set up ' group aaa authentication enable default
Activate ', but the only way I could do a login enabled with which was if the user has configured locally in ISE identity management > identity > users. Is there something that I missed that tie will enable passwords for a group active directory as I work for the initial logon? I see just a mistake with your failure to enable aaa authentication enable. You must specify the Group of Ganymede.
Right now, I don't have access to my lab with ISE.
Here's my config for switches used with ACS.
AAA authentication login GANYMEDE-SRV Group Ganymede + local
local authentication AAA Console connection
Group AAA dot1x default authentication RADIUS
AAA authorization exec GANYMEDE-SRV Group Ganymede + local
AAA authorization commands 15 GANYMEDE-SRV Group Ganymede + local
Group AAA authorization network default RADIUS
AAA accounting exec GANYMEDE-SRV arrhythmic group Ganymede +.
orders accounting AAA 15 GANYMEDE-SRV arrhythmic group Ganymede +.If you give me all out maybe we can understand why your GANYMEDE ISE works do not with the AD. I see no reason except a misconfiguration or another issue.
Just to go to the mode, you need more aaa authentication command activate by default enable. This activation mode is pushed to the user if he gets the privilege 15. Your problem should be on the profile or politics. With the approval journal, we can see whether or not ISE pushes politics and why?
-
ESX 4.1 integration with Active Directory
So what this 'buy' you? I joined my ESX servers to my domain. I was able to add a domain administrator directly connecting to a host and then connected successfully account. Something beyond to give permissions of domain directly on a host users? Am I missing some other features?
Thanks in advance
Something beyond to give permissions of domain directly on a host users? Am I missing some other features?
Then... Hmm... NOPE! That's all!
vCenter takes care of this for you... so you don't even have it.
-
BI Publisher with Active Directory - slow connection
Hello, I was wondering if anyone had to set up BI Publisher with Active directory. We are on 11.1.1.1.7 OBIEE - integrated with Active Directory. It takes about 40-50 seconds to connect on:
http://bnrbidevapp1.es.gwu.edu:9704 / xmlpserver
We have a different BEEP workigng insanance, they are also connected to the same ad and the connection is instant. What I can adjust? Checked memory and RAM on the system, doubled the RAM, so its double the system that has instant access. What else can I check? Thank you!
This followed and it is resolved:
-
4.2 ACS Cisco with Active Directory integration
Hello
I m new in the administration of the ACS, we have recently implemented on ACS version 4.2 Server
to manage all the authorization of users in our network.
We are in an environment with at least one Active Directory server, group, and users.
Now, I m just able to create a new user in ACS and work with the switch of the customer, do I have to do, is to integrate my 4.2 ACS with Active Directory.
to work with the user and group that a registry in my ad.
Can someon help me please?
Hello
If you use windows server for CE 4.2 Installing you just need to do this the domain member server.
-
Integration of Active Directory (AD)
Hi all
Let me know is there any related document on the integration of Active Directory with the AAU.
If anyone with details of doc, please share with me.
Kind regards
Vijay THey Vijay.
the guide of security management and access by the user for the content server available on the website of the documentation.see you soon,
Sicard -
Version of Cisco ACS 5.1.0.44.3 integrate with active directory Microsoft windows 2012 R2 server?
Unfortunately, it does not support R2 2012
5.1 ACS supports all editions of:
Windows Active Directory (AD) 2000
Windows AD 2003
Windows AD 2003 R2
Windows AD 2008
Windows AD 2012 R2 is supported after ACS 5.5 patch 1 and following.
Please find below the steps to go from 5.1 to 5.5 hotfix 1:
STEP FILE COMMAND Apply the 5.1 patch 6 5-1-0-44 - 6.tar.gpg ACS patch install repository 5-1-0-44 - 6.tar.gpg ftp_repository_name Apply 5.3 ACS_5.3.0.40.tar.gz application upgrade ACS_5.3.0.40.tar.gz ftp_repository_name Apply the patch 5.3 8 5-3-0-40 - 8.tar.gpg ACS patch install repository 5-3-0-40 - 8.tar.gpg ftp_repository_name Apply the sharp Patch Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg ACS patch installs Pointed-PreUpgrade -CSCum04132- 5-3-0 - 40.tar.gpg repository ftp_repository_name Apply 5.5 ACS_5.5.0.46.tar.gz application upgrade ACS_5.5.0.46.tar.gz ftp_repository_name Apply the patch 5.5 1 5-5-0-46 - 1.tar.gpg ACS patch install repository 5-5-0-46 - 1.tar.gpg ftp_repository_name Best regards ~ jousset
-
Autenticateing Oracle with Active Directory database
I installed Oracle database 11.2.0.3.0 on Windows 2008 Server R2 64 bit. The company uses Microsoft Active Directory and I need to set up access to the Oracle database for users that are stored in Active Directory. Do I need another product in addition to the database to do? If so, what version of the product would need?To bind the user to Oracle database for users that are stored in Active Directory, and you must create the Oracle schema objects and an Oracle context.
You can see the chapter on "Requirements for using Oracle with Active Directory database"
http://docs.Oracle.com/CD/B28359_01/win.111/b32010/active_dir.htm#CDECHCBC -
Robo 9 plays nice with Active DIrectory?
Hello, just try to make a business case for RoboHelp 9 and 9 RoboServer and trying to find any info on how it integrates with Active Directory. Can use info in AD to manage localized content or require a maintenance of a separate user database to control access to the help output?
Thank you
This has been answered on the forum HATT.
http://groups.Yahoo.com/group/Hatt/message/78026
Also consider using dynamic centred on the user content if you want different users to see different areas of assistance.
See www.grainge.org for creating tips and RoboHelp
-
Advanced Security with Active directory
Hello guys,.
should I ASO the license if I use an external authentication and the clients are connecting with the credentials of MS Active directory? Thank you!
Gytis
Guys,
Here you go: "network encryption (network encryption native and SSL/TLS) and strong authentication (Kerberos, PKI and RADIUS) services are no longer part of the Oracle Advanced security features and are available in all editions under license of all the supported versions of the Oracle database."
http://docs.Oracle.com/database/121/DBLIC/options.htm#DBLIC143
Looks like that ASO is no longer necessary.
PS. though even the documentation is for Oracle 12 c local support confirmed that this also applies to earlier versions.
Gytis
-
IOM with Active Directory password synchronization
Hello people:
On the Active Directory Connector:
It is possible that the user name and password to access the Oracle Identity Manager is the same when configure you the application to Active Directory and with the same key to access my workstation
Thank youThere are two things:
Movement of IOM to AD password: can be done easily on port 636 (SSL) with AD user management connector
Password AD to IOM movement: need of the IOM AD password sync connector. Available on OTN. -
Problem with Active Directory and the NAC
Hello.
Please I need help.
I have my server with the "Active Directory SSO" began, but when a user tries to connect to the network with its credentials in Active Directory, the PC agent say that 'Invalid username and password.
My server is tuned by the 8910 port.
I conectivity with CBS and active directory.
kpass command runs successfully.
Thks.
Jorge,
If the service is running, then you must put emphasis on the communication client/AD and see where the break occurs.
Can you ensure that the unauthenticated role, you have all the required TCP/UDP ports open, and ICMP and IP FRAGMENTS to all your domain controllers?
HTH,
Faisal
--
If you find this article useful, please note so that others can easily find the answer
Maybe you are looking for
-
I have tried everything I can think and suggested in your base of knowledge, but FF does not open. I downgraded to a version earlier, but which did not help so I uninstalled everything and did a clean reinstall of the 7.0.1. I restarted at every stag
-
El Capitan case of useful things, adds unnecessary things
Just complain of El Capitan - none of the new features have proved useful to me, and you actively broke up several useful things. More precisely: -Mail no longer allows me to choose which email address I'll send emails from. How do you think it is
-
64-bit Vista download driver need for dell A920 printer
I have a 64 bit Vista system and you can not find the drivers for a Dell A920 while a print, scan, copy. Not very experienced in the present. Please help if possible.
-
I had problems with this range extender for several days now, and it's very frustrating. I have a router Sagemcom F@st 2864 (connection Hub) with Bell Canada. The diffuse Router 2.4 GHz with Auto B/G/N, channel 11, 20 Mhz bandwidth, be able to pass 1