Search Results

Search found 739 results on 30 pages for 'billc cn'.

Page 2/30 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Using R to Analyze G1GC Log Files

    - by user12620111
    Using R to Analyze G1GC Log Files body, td { font-family: sans-serif; background-color: white; font-size: 12px; margin: 8px; } tt, code, pre { font-family: 'DejaVu Sans Mono', 'Droid Sans Mono', 'Lucida Console', Consolas, Monaco, monospace; } h1 { font-size:2.2em; } h2 { font-size:1.8em; } h3 { font-size:1.4em; } h4 { font-size:1.0em; } h5 { font-size:0.9em; } h6 { font-size:0.8em; } a:visited { color: rgb(50%, 0%, 50%); } pre { margin-top: 0; max-width: 95%; border: 1px solid #ccc; white-space: pre-wrap; } pre code { display: block; padding: 0.5em; } code.r, code.cpp { background-color: #F8F8F8; } table, td, th { border: none; } blockquote { color:#666666; margin:0; padding-left: 1em; border-left: 0.5em #EEE solid; } hr { height: 0px; border-bottom: none; border-top-width: thin; border-top-style: dotted; border-top-color: #999999; } @media print { * { background: transparent !important; color: black !important; filter:none !important; -ms-filter: none !important; } body { font-size:12pt; max-width:100%; } a, a:visited { text-decoration: underline; } hr { visibility: hidden; page-break-before: always; } pre, blockquote { padding-right: 1em; page-break-inside: avoid; } tr, img { page-break-inside: avoid; } img { max-width: 100% !important; } @page :left { margin: 15mm 20mm 15mm 10mm; } @page :right { margin: 15mm 10mm 15mm 20mm; } p, h2, h3 { orphans: 3; widows: 3; } h2, h3 { page-break-after: avoid; } } pre .operator, pre .paren { color: rgb(104, 118, 135) } pre .literal { color: rgb(88, 72, 246) } pre .number { color: rgb(0, 0, 205); } pre .comment { color: rgb(76, 136, 107); } pre .keyword { color: rgb(0, 0, 255); } pre .identifier { color: rgb(0, 0, 0); } pre .string { color: rgb(3, 106, 7); } var hljs=new function(){function m(p){return p.replace(/&/gm,"&").replace(/"}while(y.length||w.length){var v=u().splice(0,1)[0];z+=m(x.substr(q,v.offset-q));q=v.offset;if(v.event=="start"){z+=t(v.node);s.push(v.node)}else{if(v.event=="stop"){var p,r=s.length;do{r--;p=s[r];z+=("")}while(p!=v.node);s.splice(r,1);while(r'+M[0]+""}else{r+=M[0]}O=P.lR.lastIndex;M=P.lR.exec(L)}return r+L.substr(O,L.length-O)}function J(L,M){if(M.sL&&e[M.sL]){var r=d(M.sL,L);x+=r.keyword_count;return r.value}else{return F(L,M)}}function I(M,r){var L=M.cN?'':"";if(M.rB){y+=L;M.buffer=""}else{if(M.eB){y+=m(r)+L;M.buffer=""}else{y+=L;M.buffer=r}}D.push(M);A+=M.r}function G(N,M,Q){var R=D[D.length-1];if(Q){y+=J(R.buffer+N,R);return false}var P=q(M,R);if(P){y+=J(R.buffer+N,R);I(P,M);return P.rB}var L=v(D.length-1,M);if(L){var O=R.cN?"":"";if(R.rE){y+=J(R.buffer+N,R)+O}else{if(R.eE){y+=J(R.buffer+N,R)+O+m(M)}else{y+=J(R.buffer+N+M,R)+O}}while(L1){O=D[D.length-2].cN?"":"";y+=O;L--;D.length--}var r=D[D.length-1];D.length--;D[D.length-1].buffer="";if(r.starts){I(r.starts,"")}return R.rE}if(w(M,R)){throw"Illegal"}}var E=e[B];var D=[E.dM];var A=0;var x=0;var y="";try{var s,u=0;E.dM.buffer="";do{s=p(C,u);var t=G(s[0],s[1],s[2]);u+=s[0].length;if(!t){u+=s[1].length}}while(!s[2]);if(D.length1){throw"Illegal"}return{r:A,keyword_count:x,value:y}}catch(H){if(H=="Illegal"){return{r:0,keyword_count:0,value:m(C)}}else{throw H}}}function g(t){var p={keyword_count:0,r:0,value:m(t)};var r=p;for(var q in e){if(!e.hasOwnProperty(q)){continue}var s=d(q,t);s.language=q;if(s.keyword_count+s.rr.keyword_count+r.r){r=s}if(s.keyword_count+s.rp.keyword_count+p.r){r=p;p=s}}if(r.language){p.second_best=r}return p}function i(r,q,p){if(q){r=r.replace(/^((]+|\t)+)/gm,function(t,w,v,u){return w.replace(/\t/g,q)})}if(p){r=r.replace(/\n/g,"")}return r}function n(t,w,r){var x=h(t,r);var v=a(t);var y,s;if(v){y=d(v,x)}else{return}var q=c(t);if(q.length){s=document.createElement("pre");s.innerHTML=y.value;y.value=k(q,c(s),x)}y.value=i(y.value,w,r);var u=t.className;if(!u.match("(\\s|^)(language-)?"+v+"(\\s|$)")){u=u?(u+" "+v):v}if(/MSIE [678]/.test(navigator.userAgent)&&t.tagName=="CODE"&&t.parentNode.tagName=="PRE"){s=t.parentNode;var p=document.createElement("div");p.innerHTML=""+y.value+"";t=p.firstChild.firstChild;p.firstChild.cN=s.cN;s.parentNode.replaceChild(p.firstChild,s)}else{t.innerHTML=y.value}t.className=u;t.result={language:v,kw:y.keyword_count,re:y.r};if(y.second_best){t.second_best={language:y.second_best.language,kw:y.second_best.keyword_count,re:y.second_best.r}}}function o(){if(o.called){return}o.called=true;var r=document.getElementsByTagName("pre");for(var p=0;p|=||=||=|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~";this.ER="(?![\\s\\S])";this.BE={b:"\\\\.",r:0};this.ASM={cN:"string",b:"'",e:"'",i:"\\n",c:[this.BE],r:0};this.QSM={cN:"string",b:'"',e:'"',i:"\\n",c:[this.BE],r:0};this.CLCM={cN:"comment",b:"//",e:"$"};this.CBLCLM={cN:"comment",b:"/\\*",e:"\\*/"};this.HCM={cN:"comment",b:"#",e:"$"};this.NM={cN:"number",b:this.NR,r:0};this.CNM={cN:"number",b:this.CNR,r:0};this.BNM={cN:"number",b:this.BNR,r:0};this.inherit=function(r,s){var p={};for(var q in r){p[q]=r[q]}if(s){for(var q in s){p[q]=s[q]}}return p}}();hljs.LANGUAGES.cpp=function(){var a={keyword:{"false":1,"int":1,"float":1,"while":1,"private":1,"char":1,"catch":1,"export":1,virtual:1,operator:2,sizeof:2,dynamic_cast:2,typedef:2,const_cast:2,"const":1,struct:1,"for":1,static_cast:2,union:1,namespace:1,unsigned:1,"long":1,"throw":1,"volatile":2,"static":1,"protected":1,bool:1,template:1,mutable:1,"if":1,"public":1,friend:2,"do":1,"return":1,"goto":1,auto:1,"void":2,"enum":1,"else":1,"break":1,"new":1,extern:1,using:1,"true":1,"class":1,asm:1,"case":1,typeid:1,"short":1,reinterpret_cast:2,"default":1,"double":1,register:1,explicit:1,signed:1,typename:1,"try":1,"this":1,"switch":1,"continue":1,wchar_t:1,inline:1,"delete":1,alignof:1,char16_t:1,char32_t:1,constexpr:1,decltype:1,noexcept:1,nullptr:1,static_assert:1,thread_local:1,restrict:1,_Bool:1,complex:1},built_in:{std:1,string:1,cin:1,cout:1,cerr:1,clog:1,stringstream:1,istringstream:1,ostringstream:1,auto_ptr:1,deque:1,list:1,queue:1,stack:1,vector:1,map:1,set:1,bitset:1,multiset:1,multimap:1,unordered_set:1,unordered_map:1,unordered_multiset:1,unordered_multimap:1,array:1,shared_ptr:1}};return{dM:{k:a,i:"",k:a,r:10,c:["self"]}]}}}();hljs.LANGUAGES.r={dM:{c:[hljs.HCM,{cN:"number",b:"\\b0[xX][0-9a-fA-F]+[Li]?\\b",e:hljs.IMMEDIATE_RE,r:0},{cN:"number",b:"\\b\\d+(?:[eE][+\\-]?\\d*)?L\\b",e:hljs.IMMEDIATE_RE,r:0},{cN:"number",b:"\\b\\d+\\.(?!\\d)(?:i\\b)?",e:hljs.IMMEDIATE_RE,r:1},{cN:"number",b:"\\b\\d+(?:\\.\\d*)?(?:[eE][+\\-]?\\d*)?i?\\b",e:hljs.IMMEDIATE_RE,r:0},{cN:"number",b:"\\.\\d+(?:[eE][+\\-]?\\d*)?i?\\b",e:hljs.IMMEDIATE_RE,r:1},{cN:"keyword",b:"(?:tryCatch|library|setGeneric|setGroupGeneric)\\b",e:hljs.IMMEDIATE_RE,r:10},{cN:"keyword",b:"\\.\\.\\.",e:hljs.IMMEDIATE_RE,r:10},{cN:"keyword",b:"\\.\\.\\d+(?![\\w.])",e:hljs.IMMEDIATE_RE,r:10},{cN:"keyword",b:"\\b(?:function)",e:hljs.IMMEDIATE_RE,r:2},{cN:"keyword",b:"(?:if|in|break|next|repeat|else|for|return|switch|while|try|stop|warning|require|attach|detach|source|setMethod|setClass)\\b",e:hljs.IMMEDIATE_RE,r:1},{cN:"literal",b:"(?:NA|NA_integer_|NA_real_|NA_character_|NA_complex_)\\b",e:hljs.IMMEDIATE_RE,r:10},{cN:"literal",b:"(?:NULL|TRUE|FALSE|T|F|Inf|NaN)\\b",e:hljs.IMMEDIATE_RE,r:1},{cN:"identifier",b:"[a-zA-Z.][a-zA-Z0-9._]*\\b",e:hljs.IMMEDIATE_RE,r:0},{cN:"operator",b:"|=||   Using R to Analyze G1GC Log Files   Using R to Analyze G1GC Log Files Introduction Working in Oracle Platform Integration gives an engineer opportunities to work on a wide array of technologies. My team’s goal is to make Oracle applications run best on the Solaris/SPARC platform. When looking for bottlenecks in a modern applications, one needs to be aware of not only how the CPUs and operating system are executing, but also network, storage, and in some cases, the Java Virtual Machine. I was recently presented with about 1.5 GB of Java Garbage First Garbage Collector log file data. If you’re not familiar with the subject, you might want to review Garbage First Garbage Collector Tuning by Monica Beckwith. The customer had been running Java HotSpot 1.6.0_31 to host a web application server. I was told that the Solaris/SPARC server was running a Java process launched using a commmand line that included the following flags: -d64 -Xms9g -Xmx9g -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:InitiatingHeapOccupancyPercent=80 -XX:PermSize=256m -XX:MaxPermSize=256m -XX:+PrintGC -XX:+PrintGCTimeStamps -XX:+PrintHeapAtGC -XX:+PrintGCDateStamps -XX:+PrintFlagsFinal -XX:+DisableExplicitGC -XX:+UnlockExperimentalVMOptions -XX:ParallelGCThreads=8 Several sources on the internet indicate that if I were to print out the 1.5 GB of log files, it would require enough paper to fill the bed of a pick up truck. Of course, it would be fruitless to try to scan the log files by hand. Tools will be required to summarize the contents of the log files. Others have encountered large Java garbage collection log files. There are existing tools to analyze the log files: IBM’s GC toolkit The chewiebug GCViewer gchisto HPjmeter Instead of using one of the other tools listed, I decide to parse the log files with standard Unix tools, and analyze the data with R. Data Cleansing The log files arrived in two different formats. I guess that the difference is that one set of log files was generated using a more verbose option, maybe -XX:+PrintHeapAtGC, and the other set of log files was generated without that option. Format 1 In some of the log files, the log files with the less verbose format, a single trace, i.e. the report of a singe garbage collection event, looks like this: {Heap before GC invocations=12280 (full 61): garbage-first heap total 9437184K, used 7499918K [0xfffffffd00000000, 0xffffffff40000000, 0xffffffff40000000) region size 4096K, 1 young (4096K), 0 survivors (0K) compacting perm gen total 262144K, used 144077K [0xffffffff40000000, 0xffffffff50000000, 0xffffffff50000000) the space 262144K, 54% used [0xffffffff40000000, 0xffffffff48cb3758, 0xffffffff48cb3800, 0xffffffff50000000) No shared spaces configured. 2014-05-14T07:24:00.988-0700: 60586.353: [GC pause (young) 7324M->7320M(9216M), 0.1567265 secs] Heap after GC invocations=12281 (full 61): garbage-first heap total 9437184K, used 7496533K [0xfffffffd00000000, 0xffffffff40000000, 0xffffffff40000000) region size 4096K, 0 young (0K), 0 survivors (0K) compacting perm gen total 262144K, used 144077K [0xffffffff40000000, 0xffffffff50000000, 0xffffffff50000000) the space 262144K, 54% used [0xffffffff40000000, 0xffffffff48cb3758, 0xffffffff48cb3800, 0xffffffff50000000) No shared spaces configured. } A simple grep can be used to extract a summary: $ grep "\[ GC pause (young" g1gc.log 2014-05-13T13:24:35.091-0700: 3.109: [GC pause (young) 20M->5029K(9216M), 0.0146328 secs] 2014-05-13T13:24:35.440-0700: 3.459: [GC pause (young) 9125K->6077K(9216M), 0.0086723 secs] 2014-05-13T13:24:37.581-0700: 5.599: [GC pause (young) 25M->8470K(9216M), 0.0203820 secs] 2014-05-13T13:24:42.686-0700: 10.704: [GC pause (young) 44M->15M(9216M), 0.0288848 secs] 2014-05-13T13:24:48.941-0700: 16.958: [GC pause (young) 51M->20M(9216M), 0.0491244 secs] 2014-05-13T13:24:56.049-0700: 24.066: [GC pause (young) 92M->26M(9216M), 0.0525368 secs] 2014-05-13T13:25:34.368-0700: 62.383: [GC pause (young) 602M->68M(9216M), 0.1721173 secs] But that format wasn't easily read into R, so I needed to be a bit more tricky. I used the following Unix command to create a summary file that was easy for R to read. $ echo "SecondsSinceLaunch BeforeSize AfterSize TotalSize RealTime" $ grep "\[GC pause (young" g1gc.log | grep -v mark | sed -e 's/[A-SU-z\(\),]/ /g' -e 's/->/ /' -e 's/: / /g' | more SecondsSinceLaunch BeforeSize AfterSize TotalSize RealTime 2014-05-13T13:24:35.091-0700 3.109 20 5029 9216 0.0146328 2014-05-13T13:24:35.440-0700 3.459 9125 6077 9216 0.0086723 2014-05-13T13:24:37.581-0700 5.599 25 8470 9216 0.0203820 2014-05-13T13:24:42.686-0700 10.704 44 15 9216 0.0288848 2014-05-13T13:24:48.941-0700 16.958 51 20 9216 0.0491244 2014-05-13T13:24:56.049-0700 24.066 92 26 9216 0.0525368 2014-05-13T13:25:34.368-0700 62.383 602 68 9216 0.1721173 Format 2 In some of the log files, the log files with the more verbose format, a single trace, i.e. the report of a singe garbage collection event, was more complicated than Format 1. Here is a text file with an example of a single G1GC trace in the second format. As you can see, it is quite complicated. It is nice that there is so much information available, but the level of detail can be overwhelming. I wrote this awk script (download) to summarize each trace on a single line. #!/usr/bin/env awk -f BEGIN { printf("SecondsSinceLaunch IncrementalCount FullCount UserTime SysTime RealTime BeforeSize AfterSize TotalSize\n") } ###################### # Save count data from lines that are at the start of each G1GC trace. # Each trace starts out like this: # {Heap before GC invocations=14 (full 0): # garbage-first heap total 9437184K, used 325496K [0xfffffffd00000000, 0xffffffff40000000, 0xffffffff40000000) ###################### /{Heap.*full/{ gsub ( "\\)" , "" ); nf=split($0,a,"="); split(a[2],b," "); getline; if ( match($0, "first") ) { G1GC=1; IncrementalCount=b[1]; FullCount=substr( b[3], 1, length(b[3])-1 ); } else { G1GC=0; } } ###################### # Pull out time stamps that are in lines with this format: # 2014-05-12T14:02:06.025-0700: 94.312: [GC pause (young), 0.08870154 secs] ###################### /GC pause/ { DateTime=$1; SecondsSinceLaunch=substr($2, 1, length($2)-1); } ###################### # Heap sizes are in lines that look like this: # [ 4842M->4838M(9216M)] ###################### /\[ .*]$/ { gsub ( "\\[" , "" ); gsub ( "\ \]" , "" ); gsub ( "->" , " " ); gsub ( "\\( " , " " ); gsub ( "\ \)" , " " ); split($0,a," "); if ( split(a[1],b,"M") > 1 ) {BeforeSize=b[1]*1024;} if ( split(a[1],b,"K") > 1 ) {BeforeSize=b[1];} if ( split(a[2],b,"M") > 1 ) {AfterSize=b[1]*1024;} if ( split(a[2],b,"K") > 1 ) {AfterSize=b[1];} if ( split(a[3],b,"M") > 1 ) {TotalSize=b[1]*1024;} if ( split(a[3],b,"K") > 1 ) {TotalSize=b[1];} } ###################### # Emit an output line when you find input that looks like this: # [Times: user=1.41 sys=0.08, real=0.24 secs] ###################### /\[Times/ { if (G1GC==1) { gsub ( "," , "" ); split($2,a,"="); UserTime=a[2]; split($3,a,"="); SysTime=a[2]; split($4,a,"="); RealTime=a[2]; print DateTime,SecondsSinceLaunch,IncrementalCount,FullCount,UserTime,SysTime,RealTime,BeforeSize,AfterSize,TotalSize; G1GC=0; } } The resulting summary is about 25X smaller that the original file, but still difficult for a human to digest. SecondsSinceLaunch IncrementalCount FullCount UserTime SysTime RealTime BeforeSize AfterSize TotalSize ... 2014-05-12T18:36:34.669-0700: 3985.744 561 0 0.57 0.06 0.16 1724416 1720320 9437184 2014-05-12T18:36:34.839-0700: 3985.914 562 0 0.51 0.06 0.19 1724416 1720320 9437184 2014-05-12T18:36:35.069-0700: 3986.144 563 0 0.60 0.04 0.27 1724416 1721344 9437184 2014-05-12T18:36:35.354-0700: 3986.429 564 0 0.33 0.04 0.09 1725440 1722368 9437184 2014-05-12T18:36:35.545-0700: 3986.620 565 0 0.58 0.04 0.17 1726464 1722368 9437184 2014-05-12T18:36:35.726-0700: 3986.801 566 0 0.43 0.05 0.12 1726464 1722368 9437184 2014-05-12T18:36:35.856-0700: 3986.930 567 0 0.30 0.04 0.07 1726464 1723392 9437184 2014-05-12T18:36:35.947-0700: 3987.023 568 0 0.61 0.04 0.26 1727488 1723392 9437184 2014-05-12T18:36:36.228-0700: 3987.302 569 0 0.46 0.04 0.16 1731584 1724416 9437184 Reading the Data into R Once the GC log data had been cleansed, either by processing the first format with the shell script, or by processing the second format with the awk script, it was easy to read the data into R. g1gc.df = read.csv("summary.txt", row.names = NULL, stringsAsFactors=FALSE,sep="") str(g1gc.df) ## 'data.frame': 8307 obs. of 10 variables: ## $ row.names : chr "2014-05-12T14:00:32.868-0700:" "2014-05-12T14:00:33.179-0700:" "2014-05-12T14:00:33.677-0700:" "2014-05-12T14:00:35.538-0700:" ... ## $ SecondsSinceLaunch: num 1.16 1.47 1.97 3.83 6.1 ... ## $ IncrementalCount : int 0 1 2 3 4 5 6 7 8 9 ... ## $ FullCount : int 0 0 0 0 0 0 0 0 0 0 ... ## $ UserTime : num 0.11 0.05 0.04 0.21 0.08 0.26 0.31 0.33 0.34 0.56 ... ## $ SysTime : num 0.04 0.01 0.01 0.05 0.01 0.06 0.07 0.06 0.07 0.09 ... ## $ RealTime : num 0.02 0.02 0.01 0.04 0.02 0.04 0.05 0.04 0.04 0.06 ... ## $ BeforeSize : int 8192 5496 5768 22528 24576 43008 34816 53248 55296 93184 ... ## $ AfterSize : int 1400 1672 2557 4907 7072 14336 16384 18432 19456 21504 ... ## $ TotalSize : int 9437184 9437184 9437184 9437184 9437184 9437184 9437184 9437184 9437184 9437184 ... head(g1gc.df) ## row.names SecondsSinceLaunch IncrementalCount ## 1 2014-05-12T14:00:32.868-0700: 1.161 0 ## 2 2014-05-12T14:00:33.179-0700: 1.472 1 ## 3 2014-05-12T14:00:33.677-0700: 1.969 2 ## 4 2014-05-12T14:00:35.538-0700: 3.830 3 ## 5 2014-05-12T14:00:37.811-0700: 6.103 4 ## 6 2014-05-12T14:00:41.428-0700: 9.720 5 ## FullCount UserTime SysTime RealTime BeforeSize AfterSize TotalSize ## 1 0 0.11 0.04 0.02 8192 1400 9437184 ## 2 0 0.05 0.01 0.02 5496 1672 9437184 ## 3 0 0.04 0.01 0.01 5768 2557 9437184 ## 4 0 0.21 0.05 0.04 22528 4907 9437184 ## 5 0 0.08 0.01 0.02 24576 7072 9437184 ## 6 0 0.26 0.06 0.04 43008 14336 9437184 Basic Statistics Once the data has been read into R, simple statistics are very easy to generate. All of the numbers from high school statistics are available via simple commands. For example, generate a summary of every column: summary(g1gc.df) ## row.names SecondsSinceLaunch IncrementalCount FullCount ## Length:8307 Min. : 1 Min. : 0 Min. : 0.0 ## Class :character 1st Qu.: 9977 1st Qu.:2048 1st Qu.: 0.0 ## Mode :character Median :12855 Median :4136 Median : 12.0 ## Mean :12527 Mean :4156 Mean : 31.6 ## 3rd Qu.:15758 3rd Qu.:6262 3rd Qu.: 61.0 ## Max. :55484 Max. :8391 Max. :113.0 ## UserTime SysTime RealTime BeforeSize ## Min. :0.040 Min. :0.0000 Min. : 0.0 Min. : 5476 ## 1st Qu.:0.470 1st Qu.:0.0300 1st Qu.: 0.1 1st Qu.:5137920 ## Median :0.620 Median :0.0300 Median : 0.1 Median :6574080 ## Mean :0.751 Mean :0.0355 Mean : 0.3 Mean :5841855 ## 3rd Qu.:0.920 3rd Qu.:0.0400 3rd Qu.: 0.2 3rd Qu.:7084032 ## Max. :3.370 Max. :1.5600 Max. :488.1 Max. :8696832 ## AfterSize TotalSize ## Min. : 1380 Min. :9437184 ## 1st Qu.:5002752 1st Qu.:9437184 ## Median :6559744 Median :9437184 ## Mean :5785454 Mean :9437184 ## 3rd Qu.:7054336 3rd Qu.:9437184 ## Max. :8482816 Max. :9437184 Q: What is the total amount of User CPU time spent in garbage collection? sum(g1gc.df$UserTime) ## [1] 6236 As you can see, less than two hours of CPU time was spent in garbage collection. Is that too much? To find the percentage of time spent in garbage collection, divide the number above by total_elapsed_time*CPU_count. In this case, there are a lot of CPU’s and it turns out the the overall amount of CPU time spent in garbage collection isn’t a problem when viewed in isolation. When calculating rates, i.e. events per unit time, you need to ask yourself if the rate is homogenous across the time period in the log file. Does the log file include spikes of high activity that should be separately analyzed? Averaging in data from nights and weekends with data from business hours may alias problems. If you have a reason to suspect that the garbage collection rates include peaks and valleys that need independent analysis, see the “Time Series” section, below. Q: How much garbage is collected on each pass? The amount of heap space that is recovered per GC pass is surprisingly low: At least one collection didn’t recover any data. (“Min.=0”) 25% of the passes recovered 3MB or less. (“1st Qu.=3072”) Half of the GC passes recovered 4MB or less. (“Median=4096”) The average amount recovered was 56MB. (“Mean=56390”) 75% of the passes recovered 36MB or less. (“3rd Qu.=36860”) At least one pass recovered 2GB. (“Max.=2121000”) g1gc.df$Delta = g1gc.df$BeforeSize - g1gc.df$AfterSize summary(g1gc.df$Delta) ## Min. 1st Qu. Median Mean 3rd Qu. Max. ## 0 3070 4100 56400 36900 2120000 Q: What is the maximum User CPU time for a single collection? The worst garbage collection (“Max.”) is many standard deviations away from the mean. The data appears to be right skewed. summary(g1gc.df$UserTime) ## Min. 1st Qu. Median Mean 3rd Qu. Max. ## 0.040 0.470 0.620 0.751 0.920 3.370 sd(g1gc.df$UserTime) ## [1] 0.3966 Basic Graphics Once the data is in R, it is trivial to plot the data with formats including dot plots, line charts, bar charts (simple, stacked, grouped), pie charts, boxplots, scatter plots histograms, and kernel density plots. Histogram of User CPU Time per Collection I don't think that this graph requires any explanation. hist(g1gc.df$UserTime, main="User CPU Time per Collection", xlab="Seconds", ylab="Frequency") Box plot to identify outliers When the initial data is viewed with a box plot, you can see the one crazy outlier in the real time per GC. Save this data point for future analysis and drop the outlier so that it’s not throwing off our statistics. Now the box plot shows many outliers, which will be examined later, using times series analysis. Notice that the scale of the x-axis changes drastically once the crazy outlier is removed. par(mfrow=c(2,1)) boxplot(g1gc.df$UserTime,g1gc.df$SysTime,g1gc.df$RealTime, main="Box Plot of Time per GC\n(dominated by a crazy outlier)", names=c("usr","sys","elapsed"), xlab="Seconds per GC", ylab="Time (Seconds)", horizontal = TRUE, outcol="red") crazy.outlier.df=g1gc.df[g1gc.df$RealTime > 400,] g1gc.df=g1gc.df[g1gc.df$RealTime < 400,] boxplot(g1gc.df$UserTime,g1gc.df$SysTime,g1gc.df$RealTime, main="Box Plot of Time per GC\n(crazy outlier excluded)", names=c("usr","sys","elapsed"), xlab="Seconds per GC", ylab="Time (Seconds)", horizontal = TRUE, outcol="red") box(which = "outer", lty = "solid") Here is the crazy outlier for future analysis: crazy.outlier.df ## row.names SecondsSinceLaunch IncrementalCount ## 8233 2014-05-12T23:15:43.903-0700: 20741 8316 ## FullCount UserTime SysTime RealTime BeforeSize AfterSize TotalSize ## 8233 112 0.55 0.42 488.1 8381440 8235008 9437184 ## Delta ## 8233 146432 R Time Series Data To analyze the garbage collection as a time series, I’ll use Z’s Ordered Observations (zoo). “zoo is the creator for an S3 class of indexed totally ordered observations which includes irregular time series.” require(zoo) ## Loading required package: zoo ## ## Attaching package: 'zoo' ## ## The following objects are masked from 'package:base': ## ## as.Date, as.Date.numeric head(g1gc.df[,1]) ## [1] "2014-05-12T14:00:32.868-0700:" "2014-05-12T14:00:33.179-0700:" ## [3] "2014-05-12T14:00:33.677-0700:" "2014-05-12T14:00:35.538-0700:" ## [5] "2014-05-12T14:00:37.811-0700:" "2014-05-12T14:00:41.428-0700:" options("digits.secs"=3) times=as.POSIXct( g1gc.df[,1], format="%Y-%m-%dT%H:%M:%OS%z:") g1gc.z = zoo(g1gc.df[,-c(1)], order.by=times) head(g1gc.z) ## SecondsSinceLaunch IncrementalCount FullCount ## 2014-05-12 17:00:32.868 1.161 0 0 ## 2014-05-12 17:00:33.178 1.472 1 0 ## 2014-05-12 17:00:33.677 1.969 2 0 ## 2014-05-12 17:00:35.538 3.830 3 0 ## 2014-05-12 17:00:37.811 6.103 4 0 ## 2014-05-12 17:00:41.427 9.720 5 0 ## UserTime SysTime RealTime BeforeSize AfterSize ## 2014-05-12 17:00:32.868 0.11 0.04 0.02 8192 1400 ## 2014-05-12 17:00:33.178 0.05 0.01 0.02 5496 1672 ## 2014-05-12 17:00:33.677 0.04 0.01 0.01 5768 2557 ## 2014-05-12 17:00:35.538 0.21 0.05 0.04 22528 4907 ## 2014-05-12 17:00:37.811 0.08 0.01 0.02 24576 7072 ## 2014-05-12 17:00:41.427 0.26 0.06 0.04 43008 14336 ## TotalSize Delta ## 2014-05-12 17:00:32.868 9437184 6792 ## 2014-05-12 17:00:33.178 9437184 3824 ## 2014-05-12 17:00:33.677 9437184 3211 ## 2014-05-12 17:00:35.538 9437184 17621 ## 2014-05-12 17:00:37.811 9437184 17504 ## 2014-05-12 17:00:41.427 9437184 28672 Example of Two Benchmark Runs in One Log File The data in the following graph is from a different log file, not the one of primary interest to this article. I’m including this image because it is an example of idle periods followed by busy periods. It would be uninteresting to average the rate of garbage collection over the entire log file period. More interesting would be the rate of garbage collect in the two busy periods. Are they the same or different? Your production data may be similar, for example, bursts when employees return from lunch and idle times on weekend evenings, etc. Once the data is in an R Time Series, you can analyze isolated time windows. Clipping the Time Series data Flashing back to our test case… Viewing the data as a time series is interesting. You can see that the work intensive time period is between 9:00 PM and 3:00 AM. Lets clip the data to the interesting period:     par(mfrow=c(2,1)) plot(g1gc.z$UserTime, type="h", main="User Time per GC\nTime: Complete Log File", xlab="Time of Day", ylab="CPU Seconds per GC", col="#1b9e77") clipped.g1gc.z=window(g1gc.z, start=as.POSIXct("2014-05-12 21:00:00"), end=as.POSIXct("2014-05-13 03:00:00")) plot(clipped.g1gc.z$UserTime, type="h", main="User Time per GC\nTime: Limited to Benchmark Execution", xlab="Time of Day", ylab="CPU Seconds per GC", col="#1b9e77") box(which = "outer", lty = "solid") Cumulative Incremental and Full GC count Here is the cumulative incremental and full GC count. When the line is very steep, it indicates that the GCs are repeating very quickly. Notice that the scale on the Y axis is different for full vs. incremental. plot(clipped.g1gc.z[,c(2:3)], main="Cumulative Incremental and Full GC count", xlab="Time of Day", col="#1b9e77") GC Analysis of Benchmark Execution using Time Series data In the following series of 3 graphs: The “After Size” show the amount of heap space in use after each garbage collection. Many Java objects are still referenced, i.e. alive, during each garbage collection. This may indicate that the application has a memory leak, or may indicate that the application has a very large memory footprint. Typically, an application's memory footprint plateau's in the early stage of execution. One would expect this graph to have a flat top. The steep decline in the heap space may indicate that the application crashed after 2:00. The second graph shows that the outliers in real execution time, discussed above, occur near 2:00. when the Java heap seems to be quite full. The third graph shows that Full GCs are infrequent during the first few hours of execution. The rate of Full GC's, (the slope of the cummulative Full GC line), changes near midnight.   plot(clipped.g1gc.z[,c("AfterSize","RealTime","FullCount")], xlab="Time of Day", col=c("#1b9e77","red","#1b9e77")) GC Analysis of heap recovered Each GC trace includes the amount of heap space in use before and after the individual GC event. During garbage coolection, unreferenced objects are identified, the space holding the unreferenced objects is freed, and thus, the difference in before and after usage indicates how much space has been freed. The following box plot and bar chart both demonstrate the same point - the amount of heap space freed per garbage colloection is surprisingly low. par(mfrow=c(2,1)) boxplot(as.vector(clipped.g1gc.z$Delta), main="Amount of Heap Recovered per GC Pass", xlab="Size in KB", horizontal = TRUE, col="red") hist(as.vector(clipped.g1gc.z$Delta), main="Amount of Heap Recovered per GC Pass", xlab="Size in KB", breaks=100, col="red") box(which = "outer", lty = "solid") This graph is the most interesting. The dark blue area shows how much heap is occupied by referenced Java objects. This represents memory that holds live data. The red fringe at the top shows how much data was recovered after each garbage collection. barplot(clipped.g1gc.z[,c("AfterSize","Delta")], col=c("#7570b3","#e7298a"), xlab="Time of Day", border=NA) legend("topleft", c("Live Objects","Heap Recovered on GC"), fill=c("#7570b3","#e7298a")) box(which = "outer", lty = "solid") When I discuss the data in the log files with the customer, I will ask for an explaination for the large amount of referenced data resident in the Java heap. There are two are posibilities: There is a memory leak and the amount of space required to hold referenced objects will continue to grow, limited only by the maximum heap size. After the maximum heap size is reached, the JVM will throw an “Out of Memory” exception every time that the application tries to allocate a new object. If this is the case, the aplication needs to be debugged to identify why old objects are referenced when they are no longer needed. The application has a legitimate requirement to keep a large amount of data in memory. The customer may want to further increase the maximum heap size. Another possible solution would be to partition the application across multiple cluster nodes, where each node has responsibility for managing a unique subset of the data. Conclusion In conclusion, R is a very powerful tool for the analysis of Java garbage collection log files. The primary difficulty is data cleansing so that information can be read into an R data frame. Once the data has been read into R, a rich set of tools may be used for thorough evaluation.

    Read the article

  • IPsec tunnel to Android device not created even though there is an IKE SA

    - by Quentin Swain
    I'm trying to configure a VPN tunnel between an Android device running 4.1 and a Fedora 17 Linux box running strongSwan 5.0. The device reports that it is connected and strongSwan statusall returns that there is an IKE SA, but doesn't display a tunnel. I used the instructions for iOS in the wiki to generate certificates and configure strongSwan. Since Android uses a modified version of racoon this should work and since the connection is partly established I think I am on the right track. I don't see any errors about not being able to create the tunnel. This is the configuration for the strongSwan connection conn android2 keyexchange=ikev1 authby=xauthrsasig xauth=server left=96.244.142.28 leftsubnet=0.0.0.0/0 leftfirewall=yes leftcert=serverCert.pem right=%any rightsubnet=10.0.0.0/24 rightsourceip=10.0.0.2 rightcert=clientCert.pem ike=aes256-sha1-modp1024 auto=add This is the output of strongswan statusall Status of IKE charon daemon (strongSwan 5.0.0, Linux 3.3.4-5.fc17.x86_64, x86_64): uptime: 20 minutes, since Oct 31 10:27:31 2012 malloc: sbrk 270336, mmap 0, used 198144, free 72192 worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 7 loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic Virtual IP pools (size/online/offline): android-hybrid: 1/0/0 android2: 1/1/0 Listening IP addresses: 96.244.142.28 Connections: android-hybrid: %any...%any IKEv1 android-hybrid: local: [C=CH, O=strongSwan, CN=vpn.strongswan.org] uses public key authentication android-hybrid: cert: "C=CH, O=strongSwan, CN=vpn.strongswan.org" android-hybrid: remote: [%any] uses XAuth authentication: any android-hybrid: child: dynamic === dynamic TUNNEL android2: 96.244.142.28...%any IKEv1 android2: local: [C=CH, O=strongSwan, CN=vpn.strongswan.org] uses public key authentication android2: cert: "C=CH, O=strongSwan, CN=vpn.strongswan.org" android2: remote: [C=CH, O=strongSwan, CN=client] uses public key authentication android2: cert: "C=CH, O=strongSwan, CN=client" android2: remote: [%any] uses XAuth authentication: any android2: child: 0.0.0.0/0 === 10.0.0.0/24 TUNNEL Security Associations (1 up, 0 connecting): android2[3]: ESTABLISHED 10 seconds ago, 96.244.142.28[C=CH, O=strongSwan, CN=vpn.strongswan.org]...208.54.35.241[C=CH, O=strongSwan, CN=client] android2[3]: Remote XAuth identity: android android2[3]: IKEv1 SPIs: 4151e371ad46b20d_i 59a56390d74792d2_r*, public key reauthentication in 56 minutes android2[3]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 The output of ip -s xfrm policy src ::/0 dst ::/0 uid 0 socket in action allow index 3851 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:29:08 use - src ::/0 dst ::/0 uid 0 socket out action allow index 3844 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:29:08 use - src ::/0 dst ::/0 uid 0 socket in action allow index 3835 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:29:08 use - src ::/0 dst ::/0 uid 0 socket out action allow index 3828 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:29:08 use - src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket in action allow index 3819 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:29:08 use 2012-10-31 13:29:39 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket out action allow index 3812 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:29:08 use 2012-10-31 13:29:22 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket in action allow index 3803 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:29:08 use 2012-10-31 13:29:20 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket out action allow index 3796 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:29:08 use 2012-10-31 13:29:20 So a xfrm policy isn't being created for the connection, even though there is an SA between device and strongswan. Executing ip -s xfrm policy on the android device results in the following output: src 0.0.0.0/0 dst 10.0.0.2/32 uid 0 dir in action allow index 40 priority 2147483648 share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:42:08 use - tmpl src 96.244.142.28 dst 25.239.33.30 proto esp spi 0x00000000(0) reqid 0(0x00000000) mode tunnel level required share any enc-mask 00000000 auth-mask 00000000 comp-mask 00000000 src 10.0.0.2/32 dst 0.0.0.0/0 uid 0 dir out action allow index 33 priority 2147483648 share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:42:08 use - tmpl src 25.239.33.30 dst 96.244.142.28 proto esp spi 0x00000000(0) reqid 0(0x00000000) mode tunnel level required share any enc-mask 00000000 auth-mask 00000000 comp-mask 00000000 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 dir 4 action allow index 28 priority 0 share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:42:04 use 2012-10-31 13:42:08 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 dir 3 action allow index 19 priority 0 share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:42:04 use 2012-10-31 13:42:08 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 dir 4 action allow index 12 priority 0 share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:42:04 use 2012-10-31 13:42:06 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 dir 3 action allow index 3 priority 0 share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2012-10-31 13:42:04 use 2012-10-31 13:42:07 Logs from charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.0, Linux 3.3.4-5.fc17.x86_64, x86_64) 00[KNL] listening on interfaces: 00[KNL] em1 00[KNL] 96.244.142.28 00[KNL] fe80::224:e8ff:fed2:18b2 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts' 00[CFG] loaded ca certificate "C=CH, O=strongSwan, CN=strongSwan CA" from '/etc/strongswan/ipsec.d/cacerts/caCert.pem' 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts' 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts' 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts' 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls' 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets' 00[CFG] loaded RSA private key from '/etc/strongswan/ipsec.d/private/clientKey.pem' 00[CFG] loaded IKE secret for %any 00[CFG] loaded EAP secret for android 00[CFG] loaded EAP secret for android 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic 08[NET] waiting for data on sockets 16[LIB] created thread 16 [15338] 16[JOB] started worker thread 16 11[CFG] received stroke: add connection 'android-hybrid' 11[CFG] conn android-hybrid 11[CFG] left=%any 11[CFG] leftsubnet=(null) 11[CFG] leftsourceip=(null) 11[CFG] leftauth=pubkey 11[CFG] leftauth2=(null) 11[CFG] leftid=(null) 11[CFG] leftid2=(null) 11[CFG] leftrsakey=(null) 11[CFG] leftcert=serverCert.pem 11[CFG] leftcert2=(null) 11[CFG] leftca=(null) 11[CFG] leftca2=(null) 11[CFG] leftgroups=(null) 11[CFG] leftupdown=ipsec _updown iptables 11[CFG] right=%any 11[CFG] rightsubnet=(null) 11[CFG] rightsourceip=96.244.142.3 11[CFG] rightauth=xauth 11[CFG] rightauth2=(null) 11[CFG] rightid=%any 11[CFG] rightid2=(null) 11[CFG] rightrsakey=(null) 11[CFG] rightcert=(null) 11[CFG] rightcert2=(null) 11[CFG] rightca=(null) 11[CFG] rightca2=(null) 11[CFG] rightgroups=(null) 11[CFG] rightupdown=(null) 11[CFG] eap_identity=(null) 11[CFG] aaa_identity=(null) 11[CFG] xauth_identity=(null) 11[CFG] ike=aes256-sha1-modp1024 11[CFG] esp=aes128-sha1-modp2048,3des-sha1-modp1536 11[CFG] dpddelay=30 11[CFG] dpdtimeout=150 11[CFG] dpdaction=0 11[CFG] closeaction=0 11[CFG] mediation=no 11[CFG] mediated_by=(null) 11[CFG] me_peerid=(null) 11[CFG] keyexchange=ikev1 11[KNL] getting interface name for %any 11[KNL] %any is not a local address 11[KNL] getting interface name for %any 11[KNL] %any is not a local address 11[CFG] left nor right host is our side, assuming left=local 11[CFG] loaded certificate "C=CH, O=strongSwan, CN=vpn.strongswan.org" from 'serverCert.pem' 11[CFG] id '%any' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=vpn.strongswan.org' 11[CFG] added configuration 'android-hybrid' 11[CFG] adding virtual IP address pool 'android-hybrid': 96.244.142.3/32 13[CFG] received stroke: add connection 'android2' 13[CFG] conn android2 13[CFG] left=96.244.142.28 13[CFG] leftsubnet=0.0.0.0/0 13[CFG] leftsourceip=(null) 13[CFG] leftauth=pubkey 13[CFG] leftauth2=(null) 13[CFG] leftid=(null) 13[CFG] leftid2=(null) 13[CFG] leftrsakey=(null) 13[CFG] leftcert=serverCert.pem 13[CFG] leftcert2=(null) 13[CFG] leftca=(null) 13[CFG] leftca2=(null) 13[CFG] leftgroups=(null) 13[CFG] leftupdown=ipsec _updown iptables 13[CFG] right=%any 13[CFG] rightsubnet=10.0.0.0/24 13[CFG] rightsourceip=10.0.0.2 13[CFG] rightauth=pubkey 13[CFG] rightauth2=xauth 13[CFG] rightid=(null) 13[CFG] rightid2=(null) 13[CFG] rightrsakey=(null) 13[CFG] rightcert=clientCert.pem 13[CFG] rightcert2=(null) 13[CFG] rightca=(null) 13[CFG] rightca2=(null) 13[CFG] rightgroups=(null) 13[CFG] rightupdown=(null) 13[CFG] eap_identity=(null) 13[CFG] aaa_identity=(null) 13[CFG] xauth_identity=(null) 13[CFG] ike=aes256-sha1-modp1024 13[CFG] esp=aes128-sha1-modp2048,3des-sha1-modp1536 13[CFG] dpddelay=30 13[CFG] dpdtimeout=150 13[CFG] dpdaction=0 13[CFG] closeaction=0 13[CFG] mediation=no 13[CFG] mediated_by=(null) 13[CFG] me_peerid=(null) 13[CFG] keyexchange=ikev0 13[KNL] getting interface name for %any 13[KNL] %any is not a local address 13[KNL] getting interface name for 96.244.142.28 13[KNL] 96.244.142.28 is on interface em1 13[CFG] loaded certificate "C=CH, O=strongSwan, CN=vpn.strongswan.org" from 'serverCert.pem' 13[CFG] id '96.244.142.28' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=vpn.strongswan.org' 13[CFG] loaded certificate "C=CH, O=strongSwan, CN=client" from 'clientCert.pem' 13[CFG] id '%any' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=client' 13[CFG] added configuration 'android2' 13[CFG] adding virtual IP address pool 'android2': 10.0.0.2/32 08[NET] received packet: from 208.54.35.241[32235] to 96.244.142.28[500] 15[CFG] looking for an ike config for 96.244.142.28...208.54.35.241 15[CFG] candidate: %any...%any, prio 2 15[CFG] candidate: 96.244.142.28...%any, prio 5 15[CFG] found matching ike config: 96.244.142.28...%any with prio 5 01[JOB] next event in 29s 999ms, waiting 15[IKE] received NAT-T (RFC 3947) vendor ID 15[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID 15[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID 15[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID 15[IKE] received XAuth vendor ID 15[IKE] received Cisco Unity vendor ID 15[IKE] received DPD vendor ID 15[IKE] 208.54.35.241 is initiating a Main Mode IKE_SA 15[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING 15[CFG] selecting proposal: 15[CFG] proposal matches 15[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024 15[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160 15[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 15[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235] 04[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235] 15[MGR] checkin IKE_SA (unnamed)[1] 15[MGR] check-in of IKE_SA successful. 08[NET] received packet: from 208.54.35.241[32235] to 96.244.142.28[500] 08[NET] waiting for data on sockets 07[MGR] checkout IKE_SA by message 07[MGR] IKE_SA (unnamed)[1] successfully checked out 07[NET] received packet: from 208.54.35.241[32235] to 96.244.142.28[500] 07[LIB] size of DH secret exponent: 1023 bits 07[IKE] remote host is behind NAT 07[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA" 07[ENC] generating NAT_D_V1 payload finished 07[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235] 07[MGR] checkin IKE_SA (unnamed)[1] 07[MGR] check-in of IKE_SA successful. 04[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235] 08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] 10[IKE] ignoring certificate request without data 10[IKE] received end entity cert "C=CH, O=strongSwan, CN=client" 10[CFG] looking for XAuthInitRSA peer configs matching 96.244.142.28...208.54.35.241[C=CH, O=strongSwan, CN=client] 10[CFG] candidate "android-hybrid", match: 1/1/2/2 (me/other/ike/version) 10[CFG] candidate "android2", match: 1/20/5/1 (me/other/ike/version) 10[CFG] selected peer config "android2" 10[CFG] certificate "C=CH, O=strongSwan, CN=client" key: 2048 bit RSA 10[CFG] using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan CA" 10[CFG] checking certificate status of "C=CH, O=strongSwan, CN=client" 10[CFG] ocsp check skipped, no ocsp found 10[CFG] certificate status is not available 10[CFG] certificate "C=CH, O=strongSwan, CN=strongSwan CA" key: 2048 bit RSA 10[CFG] reached self-signed root ca with a path length of 0 10[CFG] using trusted certificate "C=CH, O=strongSwan, CN=client" 10[IKE] authentication of 'C=CH, O=strongSwan, CN=client' with RSA successful 10[ENC] added payload of type ID_V1 to message 10[ENC] added payload of type SIGNATURE_V1 to message 10[IKE] authentication of 'C=CH, O=strongSwan, CN=vpn.strongswan.org' (myself) successful 10[IKE] queueing XAUTH task 10[IKE] sending end entity cert "C=CH, O=strongSwan, CN=vpn.strongswan.org" 10[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595] 04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595] 10[IKE] activating new tasks 10[IKE] activating XAUTH task 10[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595] 04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595] 01[JOB] next event in 3s 999ms, waiting 10[MGR] checkin IKE_SA android2[1] 10[MGR] check-in of IKE_SA successful. 08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] 08[NET] waiting for data on sockets 12[MGR] checkout IKE_SA by message 12[MGR] IKE_SA android2[1] successfully checked out 12[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] 12[MGR] checkin IKE_SA android2[1] 12[MGR] check-in of IKE_SA successful. 08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] 16[MGR] checkout IKE_SA by message 16[MGR] IKE_SA android2[1] successfully checked out 16[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] 08[NET] waiting for data on sockets 16[IKE] XAuth authentication of 'android' successful 16[IKE] reinitiating already active tasks 16[IKE] XAUTH task 16[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595] 04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595] 16[MGR] checkin IKE_SA android2[1] 01[JOB] next event in 3s 907ms, waiting 16[MGR] check-in of IKE_SA successful. 08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] 09[MGR] checkout IKE_SA by message 09[MGR] IKE_SA android2[1] successfully checked out 09[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] .8rS 09[IKE] IKE_SA android2[1] established between 96.244.142.28[C=CH, O=strongSwan, CN=vpn.strongswan.org]...208.54.35.241[C=CH, O=strongSwan, CN=client] 09[IKE] IKE_SA android2[1] state change: CONNECTING => ESTABLISHED 09[IKE] scheduling reauthentication in 3409s 09[IKE] maximum IKE_SA lifetime 3589s 09[IKE] activating new tasks 09[IKE] nothing to initiate 09[MGR] checkin IKE_SA android2[1] 09[MGR] check-in of IKE_SA successful. 09[MGR] checkout IKE_SA 09[MGR] IKE_SA android2[1] successfully checked out 09[MGR] checkin IKE_SA android2[1] 09[MGR] check-in of IKE_SA successful. 01[JOB] next event in 3s 854ms, waiting 08[NET] waiting for data on sockets 08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] 14[MGR] checkout IKE_SA by message 14[MGR] IKE_SA android2[1] successfully checked out 14[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] 14[IKE] processing INTERNAL_IP4_ADDRESS attribute 14[IKE] processing INTERNAL_IP4_NETMASK attribute 14[IKE] processing INTERNAL_IP4_DNS attribute 14[IKE] processing INTERNAL_IP4_NBNS attribute 14[IKE] processing UNITY_BANNER attribute 14[IKE] processing UNITY_DEF_DOMAIN attribute 14[IKE] processing UNITY_SPLITDNS_NAME attribute 14[IKE] processing UNITY_SPLIT_INCLUDE attribute 14[IKE] processing UNITY_LOCAL_LAN attribute 14[IKE] processing APPLICATION_VERSION attribute 14[IKE] peer requested virtual IP %any 14[CFG] assigning new lease to 'android' 14[IKE] assigning virtual IP 10.0.0.2 to peer 'android' 14[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595] 14[MGR] checkin IKE_SA android2[1] 14[MGR] check-in of IKE_SA successful. 04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595] 08[NET] waiting for data on sockets 01[JOB] got event, queuing job for execution 01[JOB] next event in 91ms, waiting 13[MGR] checkout IKE_SA 13[MGR] IKE_SA android2[1] successfully checked out 13[MGR] checkin IKE_SA android2[1] 13[MGR] check-in of IKE_SA successful. 01[JOB] got event, queuing job for execution 01[JOB] next event in 24s 136ms, waiting 15[MGR] checkout IKE_SA 15[MGR] IKE_SA android2[1] successfully checked out 15[MGR] checkin IKE_SA android2[1] 15[MGR] check-in of IKE_SA successful.

    Read the article

  • IMAPSync Migration to Exchange 2010 SP1: Exchange drops connections while checking for existence of folders

    - by Benjamin Priestman
    I'm migrating from ZImbra Collaboration Suite to Exchange 2010 SP1. I'm testing IMAPSync as a possible migration tool and have hit a problem with the IMAP server in Exchange 2010. For each account it migrates, IMAPSync loops through the list of folders in the source mailbox and tests for the existence of each one in the destination mailbox. It then goes on to create those folders that do not exist and copy over the messages. It's the intial testing for the existence of the folders that is giving me a problem. The response given by the Exchange server when the folder does not yet exist is given as an error: "R=""16 NO IMAPSyncTest/8 doesn't exist."" After ten of these errors have been issued in succession, the Exchange server appears to stop responding to the IMAP session. Enabling protocol logging for IMAP confirms that the 10th request for a non-existant folder is the last request to be logged on the server. IMAPSync carries on merrily without seeming to realise its connection has gone and thus fails to create any folders. I've logged this with the tool's creator. Does anyone have any idea why Exchange is stopping responding to the connections though? The behaviour looks rather like throttling, although the 'ten strikes and you're out' trigger does not seem to correspond to any of the triggers on the ThrottlingPolicies. Just to check, I've tried creating a new ThrottlingPolicy, turned everything that I think might be relevant up to 11 and applied it to the my test mailbox. Policy settings are listed below, along with IMAP settings. Everything else should be pretty much as default. Throttling Policy RunspaceId : afa3159c-32a6-4906-986f-8adfbe50868b IsDefault : False AnonymousMaxConcurrency : 1 AnonymousPercentTimeInAD : AnonymousPercentTimeInCAS : AnonymousPercentTimeInMailboxRPC : EASMaxConcurrency : 10 EASPercentTimeInAD : EASPercentTimeInCAS : EASPercentTimeInMailboxRPC : EASMaxDevices : 10 EASMaxDeviceDeletesPerMonth : EWSMaxConcurrency : 10 EWSPercentTimeInAD : 50 EWSPercentTimeInCAS : 90 EWSPercentTimeInMailboxRPC : 60 EWSMaxSubscriptions : 5000 EWSFastSearchTimeoutInSeconds : 60 EWSFindCountLimit : 1000 IMAPMaxConcurrency : 1000 IMAPPercentTimeInAD : 400 IMAPPercentTimeInCAS : 400 IMAPPercentTimeInMailboxRPC : 400 OWAMaxConcurrency : 5 OWAPercentTimeInAD : 30 OWAPercentTimeInCAS : 150 OWAPercentTimeInMailboxRPC : 150 POPMaxConcurrency : 20 POPPercentTimeInAD : POPPercentTimeInCAS : POPPercentTimeInMailboxRPC : PowerShellMaxConcurrency : 18 PowerShellMaxTenantConcurrency : PowerShellMaxCmdlets : PowerShellMaxCmdletsTimePeriod : ExchangeMaxCmdlets : PowerShellMaxCmdletQueueDepth : PowerShellMaxDestructiveCmdlets : PowerShellMaxDestructiveCmdletsTimePeriod : RCAMaxConcurrency : 1000 RCAPercentTimeInAD : 400 RCAPercentTimeInCAS : 400 RCAPercentTimeInMailboxRPC : 400 CPAMaxConcurrency : 20 CPAPercentTimeInCAS : 205 CPAPercentTimeInMailboxRPC : 200 MessageRateLimit : RecipientRateLimit : ForwardeeLimit : CPUStartPercent : 75 AdminDisplayName : ExchangeVersion : 0.10 (14.0.100.0) Name : TestMigrationThrottling DistinguishedName : CN=TestMigrationThrottling,CN=Global Settings,CN=Our Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=cimex,DC=com Identity : TestMigrationThrottling Guid : 240049b3-2023-4df1-8edc-fbfc1fc80b87 ObjectCategory : domain.com/Configuration/Schema/ms-Exch-Throttling-Policy ObjectClass : {top, msExchGenericPolicy, msExchThrottlingPolicy} WhenChanged : 21/04/2011 18:48:19 WhenCreated : 21/04/2011 18:07:20 WhenChangedUTC : 21/04/2011 17:48:19 WhenCreatedUTC : 21/04/2011 17:07:20 OrganizationId : OriginatingServer : a-domain-controller IsValid : True IMAPSettings RunspaceId : afa3159c-32a6-4906-986f-8adfbe50868b ProtocolName : IMAP4 Name : 1 MaxCommandSize : 10240 ShowHiddenFoldersEnabled : False UnencryptedOrTLSBindings : {192.168.x.x:143} SSLBindings : {192.168.x.x:993} InternalConnectionSettings : {mail.office.domain.com:143:TLS, mail.office.domain.com:993:SSL} ExternalConnectionSettings : {mail.office.domain.com:143:TLS, mail.office.domain.com:993:SSL} X509CertificateName : mail.domain.com Banner : The Microsoft Exchange IMAP4 service is ready. LoginType : SecureLogin AuthenticatedConnectionTimeout : 00:30:00 PreAuthenticatedConnectionTimeout : 00:01:00 MaxConnections : 2147483647 MaxConnectionFromSingleIP : 2147483647 MaxConnectionsPerUser : 16 MessageRetrievalMimeFormat : BestBodyFormat ProxyTargetPort : 143 CalendarItemRetrievalOption : iCalendar OwaServerUrl : EnableExactRFC822Size : False LiveIdBasicAuthReplacement : False SuppressReadReceipt : False ProtocolLogEnabled : True EnforceCertificateErrors : False LogFileLocation : C:\Program Files\Microsoft\Exchange Server\V14\Logging\Imap4 LogFileRollOverSettings : Daily LogPerFileSizeQuota : 0 B (0 bytes) ExtendedProtectionPolicy : None EnableGSSAPIAndNTLMAuth : True Server : CMX-OFFICE-EX01 AdminDisplayName : ExchangeVersion : 0.10 (14.0.100.0) DistinguishedName : CN=1,CN=IMAP4,CN=Protocols,CN=EXCHANGE01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Our COmpany,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com Identity : EXCHANGE01\1 Guid : 48f9dc37-74c2-4fb0-a042-641f863f45f2 ObjectCategory : domain.com/Configuration/Schema/ms-Exch-Protocol-Cfg-IMAP-Server ObjectClass : {top, protocolCfg, protocolCfgIMAP, protocolCfgIMAPServer} WhenChanged : 21/04/2011 17:03:39 WhenCreated : 15/04/2011 13:51:58 WhenChangedUTC : 21/04/2011 16:03:39 WhenCreatedUTC : 15/04/2011 12:51:58 OrganizationId : OriginatingServer : a-domain-server IsValid : True

    Read the article

  • Error HRESULT E_FAIL when creating Exchange mailbox (CDOEXM.IMailboxStore.CreateMailbox)

    - by Matt
    I am trying to automate the process of creating an Exchange Mailbox for AD users and am running into an issue. When calling the CreateMailbox method I am receiving the error "Error HRESULT E_FAIL has been returned from a call to a COM component". I have installed and referenced the Exchange Management Tools and am using impersonation for permissions. Here is the code: ActiveDs.IADsUser adUser = (ActiveDs.IADsUser)user.NativeObject; adUser.AccountDisabled = !Active; user.CommitChanges(); //Set Password user.Invoke("SetPassword", Password); user.CommitChanges(); //Create Mailbox IMailboxStore mailbox; mailbox = (IMailboxStore)adUser; mailbox.CreateMailbox("LDAP://CN=StandardUsers,CN=StandardUsers,CN=InformationStore,CN=xxxxx," + "CN=Servers,CN=First Administrative Group,CN=Administrative Groups," + "CN=xxxxx Main,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=xxxxx,DC=com"); user.CommitChanges();

    Read the article

  • Nginx and client certificates from hierarchical OpenSSL-based certification authorities

    - by Fmy Oen
    I'm trying to set up root certification authority, subordinate certification authority and to generate the client certificates signed by any of this CA that nginx 0.7.67 on Debian Squeeze will accept. My problem is that root CA signed client certificate works fine while subordinate CA signed one results in "400 Bad Request. The SSL certificate error". Step 1: nginx virtual host configuration: server { server_name test.local; access_log /var/log/nginx/test.access.log; listen 443 default ssl; keepalive_timeout 70; ssl_protocols SSLv3 TLSv1; ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_client_certificate /etc/nginx/ssl/client.pem; ssl_verify_client on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; location / { proxy_pass http://testsite.local/; } } Step 2: PKI infrastructure organization for both root and subordinate CA (based on this article): # mkdir ~/pki && cd ~/pki # mkdir rootCA subCA # cp -v /etc/ssl/openssl.cnf rootCA/ # cd rootCA/ # mkdir certs private crl newcerts; touch serial; echo 01 > serial; touch index.txt; touch crlnumber; echo 01 > crlnumber # cp -Rvp * ../subCA/ Almost no changes was made to rootCA/openssl.cnf: [ CA_default ] dir = . # Where everything is kept ... certificate = $dir/certs/rootca.crt # The CA certificate ... private_key = $dir/private/rootca.key # The private key and to subCA/openssl.cnf: [ CA_default ] dir = . # Where everything is kept ... certificate = $dir/certs/subca.crt # The CA certificate ... private_key = $dir/private/subca.key # The private key Step 3: Self-signed root CA certificate generation: # openssl genrsa -out ./private/rootca.key -des3 2048 # openssl req -x509 -new -key ./private/rootca.key -out certs/rootca.crt -config openssl.cnf Enter pass phrase for ./private/rootca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:rootca Email Address []: Step 4: Subordinate CA certificate generation: # cd ../subCA # openssl genrsa -out ./private/subca.key -des3 2048 # openssl req -new -key ./private/subca.key -out subca.csr -config openssl.cnf Enter pass phrase for ./private/subca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:subca Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Step 5: Subordinate CA certificate signing by root CA certificate: # cd ../rootCA/ # openssl ca -in ../subCA/subca.csr -extensions v3_ca -config openssl.cnf Using configuration from openssl.cnf Enter pass phrase for ./private/rootca.key: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Feb 4 10:49:43 2013 GMT Not After : Feb 4 10:49:43 2014 GMT Subject: countryName = AU stateOrProvinceName = Some-State organizationName = Internet Widgits Pty Ltd commonName = subca X509v3 extensions: X509v3 Subject Key Identifier: C9:E2:AC:31:53:81:86:3F:CD:F8:3D:47:10:FC:E5:8E:C2:DA:A9:20 X509v3 Authority Key Identifier: keyid:E9:50:E6:BF:57:03:EA:6E:8F:21:23:86:BB:44:3D:9F:8F:4A:8B:F2 DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca serial:9F:FB:56:66:8D:D3:8F:11 X509v3 Basic Constraints: CA:TRUE Certificate is to be certified until Feb 4 10:49:43 2014 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y ... # cd ../subCA/ # cp -v ../rootCA/newcerts/01.pem certs/subca.crt Step 6: Server certificate generation and signing by root CA (for nginx virtual host): # cd ../rootCA # openssl genrsa -out ./private/server.key -des3 2048 # openssl req -new -key ./private/server.key -out server.csr -config openssl.cnf Enter pass phrase for ./private/server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:test.local Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in server.csr -out certs/server.crt -config openssl.cnf Step 7: Client #1 certificate generation and signing by root CA: # openssl genrsa -out ./private/client1.key -des3 2048 # openssl req -new -key ./private/client1.key -out client1.csr -config openssl.cnf Enter pass phrase for ./private/client1.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Client #1 Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in client1.csr -out certs/client1.crt -config openssl.cnf Step 8: Client #1 certificate converting to PKCS12 format: # openssl pkcs12 -export -out certs/client1.p12 -inkey private/client1.key -in certs/client1.crt -certfile certs/rootca.crt Step 9: Client #2 certificate generation and signing by subordinate CA: # cd ../subCA/ # openssl genrsa -out ./private/client2.key -des3 2048 # openssl req -new -key ./private/client2.key -out client2.csr -config openssl.cnf Enter pass phrase for ./private/client2.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Client #2 Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in client2.csr -out certs/client2.crt -config openssl.cnf Step 10: Client #2 certificate converting to PKCS12 format: # openssl pkcs12 -export -out certs/client2.p12 -inkey private/client2.key -in certs/client2.crt -certfile certs/subca.crt Step 11: Passing server certificate and private key to nginx (performed with OS superuser privileges): # cd ../rootCA/ # cp -v certs/server.crt /etc/nginx/ssl/ # cp -v private/server.key /etc/nginx/ssl/ Step 12: Passing root and subordinate CA certificates to nginx (performed with OS superuser privileges): # cat certs/rootca.crt > /etc/nginx/ssl/client.pem # cat ../subCA/certs/subca.crt >> /etc/nginx/ssl/client.pem client.pem file look like this: # cat /etc/nginx/ssl/client.pem -----BEGIN CERTIFICATE----- MIID6TCCAtGgAwIBAgIJAJ/7VmaN048RMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnJvb3RjYTAeFw0xMzAyMDQxMDM1NTda ... -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) ... -----BEGIN CERTIFICATE----- MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ dHkgTHRkMQ8wDQYDVQQDEwZyb290Y2EwHhcNMTMwMjA0MTA0OTQzWhcNMTQwMjA0 ... -----END CERTIFICATE----- It looks like everything is working fine: # service nginx reload # Reloading nginx configuration: Enter PEM pass phrase: # nginx. # Step 13: Installing *.p12 certificates in browser (Firefox in my case) gives the problem I've mentioned above. Client #1 = 200 OK, Client #2 = 400 Bad request/The SSL certificate error. Any ideas what should I do? Update 1: Results of SSL connection test attempts: # openssl s_client -connect test.local:443 -CAfile ~/pki/rootCA/certs/rootca.crt -cert ~/pki/rootCA/certs/client1.crt -key ~/pki/rootCA/private/client1.key -showcerts Enter pass phrase for tmp/testcert/client1.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test.local verify return:1 --- Certificate chain 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=test.local i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca -----BEGIN CERTIFICATE----- MIIDpjCCAo6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ dHkgTHRkMQ8wDQYDVQQDEwZyb290Y2EwHhcNMTMwMjA0MTEwNjAzWhcNMTQwMjA0 ... -----END CERTIFICATE----- 1 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca -----BEGIN CERTIFICATE----- MIID6TCCAtGgAwIBAgIJAJ/7VmaN048RMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnJvb3RjYTAeFw0xMzAyMDQxMDM1NTda ... -----END CERTIFICATE----- --- Server certificate subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=test.local issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca --- Acceptable client certificate CA names /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca --- SSL handshake has read 3395 bytes and written 2779 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 15BFC2029691262542FAE95A48078305E76EEE7D586400F8C4F7C516B0F9D967 Session-ID-ctx: Master-Key: 23246CF166E8F3900793F0A2561879E5DB07291F32E99591BA1CF53E6229491FEAE6858BFC9AACAF271D9C3706F139C7 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket: 0000 - c2 5e 1d d2 b5 6d 40 23-b2 40 89 e4 35 75 70 07 .^...m@#[email protected]. 0010 - 1b bb 2b e6 e0 b5 ab 10-10 bf 46 6e aa 67 7f 58 ..+.......Fn.g.X 0020 - cf 0e 65 a4 67 5a 15 ba-aa 93 4e dd 3d 6e 73 4c ..e.gZ....N.=nsL 0030 - c5 56 f6 06 24 0f 48 e6-38 36 de f1 b5 31 c5 86 .V..$.H.86...1.. ... 0440 - 4c 53 39 e3 92 84 d2 d0-e5 e2 f5 8a 6a a8 86 b1 LS9.........j... Compression: 1 (zlib compression) Start Time: 1359989684 Timeout : 300 (sec) Verify return code: 0 (ok) --- Everything seems fine with Client #2 and root CA certificate but request returns 400 Bad Request error: # openssl s_client -connect test.local:443 -CAfile ~/pki/rootCA/certs/rootca.crt -cert ~/pki/subCA/certs/client2.crt -key ~/pki/subCA/private/client2.key -showcerts Enter pass phrase for tmp/testcert/client2.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test.local verify return:1 ... Compression: 1 (zlib compression) Start Time: 1359989989 Timeout : 300 (sec) Verify return code: 0 (ok) --- GET / HTTP/1.0 HTTP/1.1 400 Bad Request Server: nginx/0.7.67 Date: Mon, 04 Feb 2013 15:00:43 GMT Content-Type: text/html Content-Length: 231 Connection: close <html> <head><title>400 The SSL certificate error</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The SSL certificate error</center> <hr><center>nginx/0.7.67</center> </body> </html> closed Verification fails with Client #2 certificate and subordinate CA certificate: # openssl s_client -connect test.local:443 -CAfile ~/pki/subCA/certs/subca.crt -cert ~/pki/subCA/certs/client2.crt -key ~/pki/subCA/private/client2.key -showcerts Enter pass phrase for tmp/testcert/client2.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify error:num=19:self signed certificate in certificate chain verify return:0 ... Compression: 1 (zlib compression) Start Time: 1359990354 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- GET / HTTP/1.0 HTTP/1.1 400 Bad Request ... Still getting 400 Bad Request error with concatenated CA certificates and Client #2 (but still everything ok with Client #1): # cat certs/rootca.crt ../subCA/certs/subca.crt > certs/concatenatedca.crt # openssl s_client -connect test.local:443 -CAfile ~/pki/rootCA/certs/concatenatedca.crt -cert ~/pki/subCA/certs/client2.crt -key ~/pki/subCA/private/client2.key -showcerts Enter pass phrase for tmp/testcert/client2.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test.local verify return:1 --- ... Compression: 1 (zlib compression) Start Time: 1359990772 Timeout : 300 (sec) Verify return code: 0 (ok) --- GET / HTTP/1.0 HTTP/1.1 400 Bad Request ... Update 2: I've managed to recompile nginx with enabled debug. Here is the part of successfull conection by Client #1 track: 2013/02/05 14:08:23 [debug] 38701#0: *119 accept: <MY IP ADDRESS> fd:3 2013/02/05 14:08:23 [debug] 38701#0: *119 event timer add: 3: 60000:2856497512 2013/02/05 14:08:23 [debug] 38701#0: *119 kevent set event: 3: ft:-1 fl:0025 2013/02/05 14:08:23 [debug] 38701#0: *119 malloc: 28805200:660 2013/02/05 14:08:23 [debug] 38701#0: *119 malloc: 28834400:1024 2013/02/05 14:08:23 [debug] 38701#0: *119 posix_memalign: 28860000:4096 @16 2013/02/05 14:08:23 [debug] 38701#0: *119 http check ssl handshake 2013/02/05 14:08:23 [debug] 38701#0: *119 https ssl handshake: 0x16 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL server name: "test.local" 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_do_handshake: -1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_get_error: 2 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL handshake handler: 0 2013/02/05 14:08:23 [debug] 38701#0: *119 verify:1, error:0, depth:1, subject:"/C=AU /ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 14:08:23 [debug] 38701#0: *119 verify:1, error:0, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Client #1",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_do_handshake: 1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL: TLSv1, cipher: "AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1" 2013/02/05 14:08:23 [debug] 38701#0: *119 http process request line 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: -1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_get_error: 2 2013/02/05 14:08:23 [debug] 38701#0: *119 http process request line 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: 1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: 524 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: -1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_get_error: 2 2013/02/05 14:08:23 [debug] 38701#0: *119 http request line: "GET / HTTP/1.1" And here is the part of unsuccessfull conection by Client #2 track: 2013/02/05 13:51:34 [debug] 38701#0: *112 accept: <MY_IP_ADDRESS> fd:3 2013/02/05 13:51:34 [debug] 38701#0: *112 event timer add: 3: 60000:2855488975 2013/02/05 13:51:34 [debug] 38701#0: *112 kevent set event: 3: ft:-1 fl:0025 2013/02/05 13:51:34 [debug] 38701#0: *112 malloc: 28805200:660 2013/02/05 13:51:34 [debug] 38701#0: *112 malloc: 28834400:1024 2013/02/05 13:51:34 [debug] 38701#0: *112 posix_memalign: 28860000:4096 @16 2013/02/05 13:51:34 [debug] 38701#0: *112 http check ssl handshake 2013/02/05 13:51:34 [debug] 38701#0: *112 https ssl handshake: 0x16 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL server name: "test.local" 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_do_handshake: -1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_get_error: 2 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL handshake handler: 0 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_do_handshake: -1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_get_error: 2 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL handshake handler: 0 2013/02/05 13:51:34 [debug] 38701#0: *112 verify:0, error:20, depth:1, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 13:51:34 [debug] 38701#0: *112 verify:0, error:27, depth:1, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 13:51:34 [debug] 38701#0: *112 verify:1, error:27, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Client #2",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca" 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_do_handshake: 1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL: TLSv1, cipher: "AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1" 2013/02/05 13:51:34 [debug] 38701#0: *112 http process request line 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_read: 1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_read: 524 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_read: -1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_get_error: 2 2013/02/05 13:51:34 [debug] 38701#0: *112 http request line: "GET / HTTP/1.1" So I'm getting OpenSSL error #20 and then #27. According to verify documentation: 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found. 27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted the root CA is not marked as trusted for the specified purpose.

    Read the article

  • SEO for Country & Language Specific content.

    - by kecebongsoft
    Currently I am creating a website which has a common topic for an article, but it's going to be different content for each country, and also, each of that content will be provided in several languages. And this mechanism exists in most of the parts in the website. For example, I have an article about tax. This article has to be different for each country, for example china. And tax content for china should be written in china AND english language (for non china-speaker). What is the best URL pattern to handle this? What I've been thinking is, using a sub folder (/country-code/language-code/) such as: www.example.com/cn/cn/tax www.example.com/cn/en/tax Or using top level domain such as: www.example.cn/cn/tax www.example.cn/en/tax Or subdomain such as cn.example.com/cn/tax cn.example.com/en/tax I think I will not prefer the last option since I might need to use subdomain for other purpose. Which left only subfolder and TLDN. I've read some articles saying that TLDN is good for localized content (language-specific content), but in my case, my TLDN will also has english contents (for non local speaker) which is specific only to that particular country (also the purpose of this is to let people from other country easily search it through google). What is the best pattern to pick and why?.

    Read the article

  • LDAP :Failed to find add in mandatory or optional attribute list

    - by Manju Prabhu
    I am trying to import an ldif file which has following content- DN: cn=myUser,cn=Users,dc=us,dc=oracle,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgperson objectclass: orcluser objectclass: orcluserV2 cn: myUser givenname: myUser mail: myUser orclsamaccountname: myUser sn: myUser uid: myUser userpassword:: somepassword dn: cn=Administrator,cn=Groups,dc=us,dc=oracle,dc=com objectclass: person changetype: modify add: uniquemember uniquemember: cn=myUser,cn=Users,dc=us,dc=oracle,dc=com When I do this, LDAP throws follwing error javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find add in mandatory or optional attribute list.]; remaining name 'cn=Administrator,cn=Groups,dc=us,dc=oracle,dc=com' The user gets imported, but it is not added to the group(Group exists). What am i missing ?

    Read the article

  • ActiveDirectory - LDAP query for objectCategory unexpected results

    - by FinalizedFrustration
    AD is at 2003 functional level, some of our DC's are running Windows Server 2003, some are 2008, some are 2008 R2. When using the following query: (objectCategory=user) I do not expect to see any result where the objectCategory attribute is equal to 'CN=Person,CN=Schema,CN=Configuration,DC=Contoso' I expect only objects where the objectCategory attribute is equal to 'CN=User,CN=Schema,CN=Configuration,DC=Contoso' However, the query does indeed return all objects with the objectCategory attribute equal to 'CN=Person,CN=Schema,CN=Configuration,DC=Contoso' My question then is this: Why do I see the search results that I do? Does AD actively translate queries that include (objectCategory=user) to (objectCategory=Person)? I have looked at the schema definitions for both the Person and the User class, but I cannot see any reason for the query results as I am experiencing them. I know that the User class is a subclass of the organizationalPerson class, which is a subclass of Person, but I can't see an attribute value that would explain this translation.

    Read the article

  • Finding a person in the forest

    - by PointsToShare
    © 2011 By: Dov Trietsch. All rights reserved finding a person in the forest or Limiting the AD result in SharePoint People Picker There are times when we need to limit the SharePoint audience of certain farms or servers or site collections to a particular audience. One of my experiences involved limiting access to US citizens, another to a particular location. Now, most of us – your humble servant included – are not Active Directory experts – but we must be able to handle the “audience restrictions” as required. So here is how it’s done in a nutshell. Important note. Not all could be done in PowerShell (at least not yet)! There are no Windows PowerShell commands to configure People Picker. The stsadm command is: stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv ADQuery –url http://somethingOrOther Note the long-hyphenated property name. Now to filling the ADQuery.   LDAP Query in a nutshell Syntax LDAP is no older than SQL and an LDAP query is actually a query against the LDAP Database. LDAP attributes are the equivalent of Database columns, so why do we have to learn a new query language? Beats me! But we must, so here it is. The syntax of an LDAP query string is made of individual statements with relational operators including: = Equal <= Lower than or equal >= Greater than or equal… and memberOf – a group membership. ! Not * Wildcard Equal and memberOf are the most commonly used. Checking for absence uses the ! – not and the * - wildcard Example: (SN=Grant) All whose last name – SurName – is Grant Example: (!(SN=Grant)) All except Grant Example: (!(SN=*)) all where there is no SurName i.e SurName is absent (probably Rappers). Example: (CN=MyGroup) Common Name is MyGroup.  Example: (GN=J*) all the Given Names that start with J (JJ, Jane, Jon, John, etc.) The cryptic SN, CN, GN, etc. are attributes and more about them later All the queries are enclosed in parentheses (Query). Complex queries are comprised of sets that are in AND or OR conditions. AND is denoted by the ampersand (&) and the OR is denoted by the vertical pipe (|). The general syntax is that of the Prefix polish notation where the operand precedes the variables. E.g +ab is the sum of a and b. In an LDAP query (&(A)(B)) will garner the objects for which both A and B are true. In an LDAP query (&(A)(B)(C)) will garner the objects for which A, B and C are true. There’s no limit to the number of conditions. In an LDAP query (|(A)(B)) will garner the objects for which either A or B are true. In an LDAP query (|(A)(B)(C)) will garner the objects for which at least one of A, B and C is true. There’s no limit to the number of conditions. More complex queries have both types of conditions and the parentheses determine the order of operations. Attributes Now let’s get into the SN, CN, GN, and other attributes of the query SN – is the SurName (last name) GN – is the Given Name (first name) CN – is the Common Name, usually GN followed by SN OU – is an Organization Unit such as division, department etc. DC – is a Domain Content in the AD forest l – lower case ‘L’ stands for location. Jerusalem anybody? Or Katmandu. UPN – User Principal Name, is usually the first part of an email address. By nature it is unique in the forest. Most systems set the UPN to be the first initial followed by the SN of the person involved. Some limit the total to 8 characters. If we have many ‘jsmith’ we have to somehow distinguish them from each other. DN – is the distinguished name – a name unique to AD forest in which it lives. Usually it’s a CN with some domain or group distinguishers. DN is important in conjunction with the memberOf relation. Groups have stricter requirement. Each group has to have a unique name - its CN and it has to be unique regardless of its place. See more below. All of the attributes are case insensitive. CN, cn, Cn, and cN are identical. objectCategory is an element that requires special consideration. AD contains many different object like computers, printers, and of course people and groups. In the queries below, we’re limiting our search to people (person). Putting it altogether Let’s get a list of all the Johns in the SPAdmin group of the Jerusalem that local domain. (&(objectCategory=person)(memberOf=cn=SPAdmin,ou=Jerusalem,dc=local)) The memberOf=cn=SPAdmin uses the cn (Common Name) of the SPAdmin group. This is how the memberOf relation is used. ‘SPAdmin’ is actually the DN of the group. Also the memberOf relation does not allow wild cards (*) in the group name. Also, you are limited to at most one ‘OU’ entry. Let’s add Marvin Minsky to the search above. |(&(objectCategory=person)(memberOf=cn=SPAdmin,ou=Jerusalem,dc=local))(CN=Marvin Minsky) Here I added the or pipeline at the beginning of the query and put the CN requirement for Minsky at the end. Note that if Marvin was already in the prior result, he’s not going to be listed twice. One last note: You may see a dryer but more complete list of attributes rules and examples in: http://www.tek-tips.com/faqs.cfm?fid=5667 And finally (thus negating the claim that my previous note was last), to the best of my knowledge there are 3 more ways to limit the audience. One is to use the peoplepicker-searchadcustomfilter property using the same ADQuery. This works only in SP1 and above. The second is to limit the search to users within this particular site collection – the property name is peoplepicker-onlysearchwithinsitecollection and the value is yes (-pv yes) And the third is –pn peoplepicker-serviceaccountdirectorypaths –pv “OU=ou1,DC=dc1…..” Again you are limited to at most one ‘OU’ phrase – no OU=ou1,OU=ou2… And now the real end. The main property discussed in this sprawling and seemingly endless monogram – peoplepicker-searchadcustomquery - is the most general way of getting the job done. Here are a few examples of command lines that worked and some that didn’t. Can you see why? C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (Title=David) Operation completed successfully. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (!Title=David) Operation completed successfully. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (OU=OURealName,OU=OUMid,OU=OUTop,DC=TopDC,DC=MidDC,DC=BottomDC) Command line error. Too many OUs C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (OU=OURealName) Operation completed successfully. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (DC=TopDC,DC=MidDC,DC=BottomDC) Operation completed successfully. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN>stsa dm -o setproperty -url http://somethingOrOther -pn peoplepicker-searchadcustomfi lter -pv (OU=OURealName,DC=TopDC,DC=MidDC,DC=BottomDC) Operation completed successfully.   That’s all folks!

    Read the article

  • Openldap, groups, admin groups, etc

    - by Juan Diego
    We have a samba server as PDC with OpenLDAP. So far everything is working, even windows 7 can log on to the Domain. Here is the tricky part. We have many departments, each department has it's own IT guys, and these IT guy should be able to create users in their department and change any info of the users in their department. My Idea was to create 2 groups for each department, For example: Department1 and Admins Department1. Admins Deparment1 has "write" priviledges for members of group Department dn: ou=People,dc=mydomain,dc=com,dc=ec objectClass: top objectClass: organizationalUnit ou: People dn: cn=Admins,ou=Group,dc=mydomain,dc=com,dc=ec objectClass: groupOfNames objectClass: top cn: Admins dn: cn=Admins Department1,cn=Admins,ou=Group,dc=mydomain,dc=com,dc=ec objectClass: groupOfNames objectClass: top cn: Admins Department1 member: uid=jdc,ou=People,dc=mydomain,dc=com,dc=ec structuralObjectClass: groupOfNames I dont know if you should make Department1 as part of Domain Users dn: cn=Deparment1,cn=Domain Users,ou=Group,dc=mydomain,dc=com,dc=ec objectClass: groupOfNames objectClass: top cn: Deparment1 member: uid=user1,ou=People,dc=mydomain,dc=com,dc=ec Or just create the deparments like this. dn: cn=Deparment1,ou=Group,dc=mydomain,dc=com,dc=ec objectClass: groupOfNames objectClass: top cn: Deparment1 member: uid=user1,ou=People,dc=mydomain,dc=com,dc=ec I seems that when you use smbldap tools bydefault the users are part of Domain Users even if you dont have them as part of Domain Users in the memberUid attribute, when I use finger they showup as part of the Domain Users group. I dont want the Departments Admins to be Domain Admins because they have power over all the users, unless I am mistaken. I also have trouble with the ACLs. I was trying to create an acl for members of this Admins group, I was trying with this search, but didnt work ldapsearch -x "(&(objectClass=organizationalPerson)(member=cn=Admins Department1,ou=Group,dc=mydomain,dc=com,dc=ec))" I am open to suggestions.

    Read the article

  • OpenLDAP 2.4.23 - Debian 6.0 - Import schema - Insufficient access (50)

    - by Yosifov
    Good day to everybody. I'm trying to add a new schema inside OpenLDAP. But getting an error: ldap_add: Insufficient access (50) root@ldap:/# ldapadd -c -x -D cn=admin,dc=domain,dc=com -W -f /tmp/test.d/cn\=config/cn\=schema/cn\=\{5\}microsoft.ldif root@ldap:/# cat /tmp/test.d/cn\=config/cn\=schema/cn\=\{5\}microsoft.ldif dn: cn=microsoft,cn=schema,cn=config objectClass: olcSchemaConfig cn: microsoft olcAttributeTypes: {0}( 1.2.840.113556.1.4.302 NAME 'sAMAccountType' DESC 'Fss ssully qualified name of distinguished Java class or interface' SYNTAX 1.3.6. 1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {1}( 1.2.840.113556.1.4.146 NAME 'objectSid' DESC 'Fssssull y qualified name of distinguished Java class or interfaced' SYNTAX 1.3.6.1.4. 1.1466.115.121.1.40 SINGLE-VALUE ) olcAttributeTypes: {2}( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' DESC 'Fds sssully qualified name of distinguished Java class or interfaced' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: {3}( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTA X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {4}( 1.2.840.113556.1.2.102 NAME 'memberOf' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.12 SINGLE-VALUE ) olcAttributeTypes: {5}( 1.2.840.113556.1.4.98 NAME 'primaryGroupID' SYNTAX 1.3 .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcObjectClasses: {0}( 1.2.840.113556.1.5.6 NAME 'securityPrincipal' DESC 'Cso ntainer for a Java object' SUP top AUXILIARY MUST ( objectSid $ sAMAccountNam e ) MAY ( primaryGroupToken $ memberOf $ primaryGroupID ) ) I also tried to add the schema by phpldapadmin, but gain the same error. I'm using the admin user which is specified by default from the begging of the slpad installation. How may I add permissions to this user ? Best wishes

    Read the article

  • SELECT..CASE - Refactor T-SQL

    - by Nev_Rahd
    Hello Can I refactor the below SQL CASE statements into single for each case ? SELECT CASE RDV.DOMAIN_CODE WHEN 'L' THEN CN.FAMILY_NAME ELSE NULL END AS [LEGAL_FAMILY_NAME], CASE RDV.DOMAIN_CODE WHEN 'L' THEN CN.GIVEN_NAME ELSE NULL END AS [LEGAL_GIVEN_NAME], CASE RDV.DOMAIN_CODE WHEN 'L' THEN CN.MIDDLE_NAMES ELSE NULL END AS [LEGAL_MIDDLE_NAMES], CASE RDV.DOMAIN_CODE WHEN 'L' THEN CN.NAME_TITLE ELSE NULL END AS [LEGAL_NAME_TITLE], CASE RDV.DOMAIN_CODE WHEN 'P' THEN CN.FAMILY_NAME ELSE NULL END AS [PREFERRED_FAMILY_NAME], CASE RDV.DOMAIN_CODE WHEN 'P' THEN CN.GIVEN_NAME ELSE NULL END AS [PREFERRED_GIVEN_NAME], CASE RDV.DOMAIN_CODE WHEN 'P' THEN CN.MIDDLE_NAMES ELSE NULL END AS [PREFERRED_MIDDLE_NAMES], CASE RDV.DOMAIN_CODE WHEN 'P' THEN CN.NAME_TITLE ELSE NULL END AS [PREFERRED_NAME_TITLE] FROM dbo.CLIENT_NAME CN JOIN dbo.REFERENCE_DOMAIN_VALUE RDV ON CN.NAME_TYPE_CODE = RDV.DOMAIN_CODE AND RDV.REFERENCE_DOMAIN_ID = '7966'

    Read the article

  • How do I configure Reverse Group Membership Maintenance on an openldap server? (memberOf)

    - by emills
    I am currently working on integrating LDAP authentication into a system and I would like to restrict access based on LDAP group. The only way to do this is via a search filter and therefore I believe my only option to be the use of the "memberOf" attribute in my search filter. It is my understanding that the "memberOf" attribute is an operational attribute which can be created by the server for me anytime a new "member" attribute is created for any "groupOfNames" entry on the server. My main goal is to be able to add a "member" attribute to an existing "groupOfNames" entry and have a matching "memberOf" attribute be added to the DN I provide. What I have managed to achieve so far: I'm still pretty new to LDAP administration but based on what I found in the openldap admin's guide, it looks like Reverse Group Membership Maintence aka "memberof overlay" would achieve exactly the effect I am looking for. My server is currently running a package installation (slapd on ubuntu) of openldap 2.4.15 which uses "cn=config" style runtime configuration. Most of the examples I have found still reference the older "slapd.conf" method of static configuration and I have tried my best to adapt the configurations to the new directory based model. I have added the following entries to enable the memberof overlay module: Enable the module with olcModuleLoad cn=config/cn\=module\{0\}.ldif dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}memberof.la structuralObjectClass: olcModuleList entryUUID: a410ce98-3fdf-102e-82cf-59ccb6b4d60d creatorsName: cn=config createTimestamp: 20090927183056Z entryCSN: 20091009174548.503911Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20091009174548Z Enabled the overlay for the database and allowed it to use it's default settings (groupOfNames,member,memberOf,etc) cn=config/olcDatabase={1}hdb/olcOverlay\=\{0\}memberof dn: olcOverlay={0}memberof objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {0}memberof structuralObjectClass: olcMemberOf entryUUID: 6d599084-490c-102e-80f6-f1a5d50be388 creatorsName: cn=admin,cn=config createTimestamp: 20091009104412Z olcMemberOfRefInt: TRUE entryCSN: 20091009173500.139380Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20091009173500Z My current result: By using the above configuration, I am able to add a NEW "groupOfNames" with any number of "member" entries and have all the involved DNs updated with a "memberOf" attribute. This is part of the behavior I would expect. While I believe the following should have been accomplished with the memberof overlay, I still do not know how to do the following and I would gladly welcome any advice: Add a "member" attribute to an EXISTING "groupOfNames" and have a corresponding "memberOf" attribute be created automatically. Remove a "member" attribute and have the corresponding "memberOf" attribute" be removed automatically.

    Read the article

  • domain is pointing to default static page on server but settings look correct

    - by Cues
    I have edited my apache vhost file in /etc/apache2/sites-enabled to add the following: <VirtualHost *:80> ServerName www.mysite.cn ServerAlias mysite.cn *.mysite.cn DocumentRoot /home/user/static/mysite/cn </VirtualHost> It still points to the default site on the server when i browse to mysite.cn but when i enter anything along the lines of ww3.mysite.cn it point to the new correct document root any clues of what the problem could be as i am lost.

    Read the article

  • String manipulation in C#

    - by SmartestVEGA
    I have the following text, I need to extract the exception name and the continuing sentence from the file, but the file has continuous sentences without a space. ??????>????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????B????!48#$%&'+-/0123????5679<=@ >?CA???????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ????????????????RootEntry?????????F?|?`???__nameid_version10?????????|?`???|?`??__substg10_00020102????????????__substg1 0_00030102????????????????????????????????????????????????????????????????????????????????????????????????!????#$??????? ?????????????????+????/????12????456789<=>?@ABCDEFGHIJKLMNOP????RS????UV????????????Z[????????^_????????bc????????fghijk lmnopqrstuv????????yz?????????????????????????F?F??????????IPMNoteaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]Applicatio nmes__substg10_00040102????????????????__substg10_10060102????__substg10_10140102????????__substg10_10150102???????????? __substg10_001A001F????__substg10_0037001F?????????????__substg10_003B0102????$__substg10_003D001F????????????????sageSM TPBVAPPLICATION@mazarVOICECOM??@??B??+/??/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORT_OperationsSupport?+????n?T?bvap plication@mazarvoicecomSMTPbvapplication@mazarvoicecom__substg10_003F0102????P__substg10_0040001F????????????$__substg10 _00410102?????__substg10_0042001F????????????<bvapplication@mazarvoicecom??@??B??+/??/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERA TIONSSUPPORT_OperationsSupportEX/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORTEX/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATION SSUPPORTSMTPbvapplication@mazarvoicecom__substg10_00430102????P__substg10_0044001F????????????$__substg10_00510102????7_ _substg10_00520102????????????7__substg10_0064001F????__substg10_0065001F????????????<__substg10_0070001F?????__substg10 _00710102????????????aws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]Applicationmessage??E????????A??H???EX/O=ad/OU=ad/CN=RE CIPIENTS/CN=_OPERATIONSSUPPORTEX__substg10_0075001F????__substg10_0076001F????????????f__substg10_0077001F????__substg10 _0078001F????????????f/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORT?+????n?T?bvapplication@mazarvoicecomSMTPbvapplicat ion@mazarvoicecombvapplication@mazarvoicecomSMTPBVAPPLICATION@mazarVOICECOMSMTP__substg10_007D001F?????__substg10_0C1901 02????????????"?__substg10_0C1A001F&????%<__substg10_0C1D0102????????????&$MicrosoftMailInternetHeadersVersion20Received fromdalmailadsolutionscom[17216977]byblrexchadsolutionscomwithMicrosoftSMTPSVC6037903959Sat20Feb2010213019+0530Receivedf rombarracudaadcom[1721682]bydalmailadsolutionscomwithMicrosoftSMTPSVC6037903959Sat20Feb2010100012-0600X-ASG-Debug-ID1266 681611-1c039f4d0001-azmk4tReceivedfromna3sys009aog114obsmtpcomna3sys009aog114obsmtpcom[74125149211]bybarracudaadcomwithS MTPidoe0BsQlWiwvBTxEofor<_OperationsSupport@adcom>Sat20Feb2010100011-0600CSTX-Barracuda-Envelope-Frombvapplication@mazar voicecomReceivedfromsource[241551448]byna3sys009aob114postinicom[7412514812]withSMTPIDDSNKS4AHC703Mnh+uM8i9u1uucP76tMiGb r6@postinicomSat20Feb2010080012PSTReceivedfrompsmtpcom74125149120byAUSBDCaustinmazarvoicecom100023withMicrosoftSMTPServe rid821760Sat20Feb2010095958-0600Receivedfromsource[723214889]usingTLSv1byna3sys009amx236postinicom[7412514810]withSMTPSa t20Feb2010080009PSTReceivedfromaws-build-systemawsaws-build-system[172200110]byc0mailmazarvoicecom8138/8138withESMTPido1 KG08md020220for<dev-log4j@mazarvoicecom>Sat20Feb2010100008-0600Receivedfromaws-stg-c5-feeds9awsaws-stg-c5-feeds9aws[1020 969139]byaws-build-systemawsPostfixwithESMTPid6D6A864294for<dev-log4j@mazarvoicecom>Sat20Feb2010100008-0600CSTReceivedfr omaws-stg-c5-feeds9awslocalhost[127001]byaws-stg-c5-feeds9awsPostfixwithESMTPid548C1801ABfor<dev-log4j@mazarvoicecom>Sat 20Feb2010100008-0600CSTDateSat20Feb2010100008-0600From<bvapplication@mazarvoicecom>To<dev-log4j@mazarvoicecom>Message-ID <644663928511266681608162JavaMailtomcat@aws-stg-c5-feeds9aws>X-ASG-Orig-Subjaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender] ApplicationmessageSubjectaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]ApplicationmessageMIME-Version10Content-Typemultipa rt/mixedboundary="----=_Part_51_8002724931266681608155"X-pstn-neptune0/0/000/0X-pstn-levelsS4081870/9990000CV999000FC955 390LC955390R959108P959108M970282C986951X-Auto-Response-SuppressDROOFAutoReplyX-Barracuda-Connectna3sys009aog114obsmtpcom [74125149211]X-Barracuda-Start-Time1266681611X-Barracuda-URLhttp//17216828000/cgi-mod/markcgiX-Virus-Scannedbybsmtpdatad comX-Barracuda-Spam-Score001X-Barracuda-Spam-StatusNoSCORE=001usingglobalscoresofTAG_LEVEL=35QUARANTINE_LEVEL=10000KILL_ LEVEL=90tests=BSF_SC0_SA_TO_FROM_DOMAIN_MATCHNO_REAL_NAMEX-Barracuda-Spam-ReportCodeversion32rulesversion32223024Rulebre akdownbelowptsrulenamedescription----------------------------------------------------------------------------000NO_REAL_ NAMEFromdoesnotincludearealname001BSF_SC0_SA_TO_FROM_DOMAIN_MATCHSenderDomainMatchesRecipientDomainReturn-Pathbvapplicat ion@mazarvoicecomX-OriginalArrivalTime20Feb20101600120277UTCFILETIME=[C8AD525001CAB245]------=_Part_51_80027249312666816 08155Content-Typetext/plaincharset="us-ascii"Content-Transfer-Encoding7bit------=_Part_51_8002724931266681608155--__subs tg10_0C1E001F!????'__substg10_0C1F001F????????????<__substg10_0E02001F$????????__substg10_0E03001F????????????????bvappl ication@mazarvoicecomdev-log4j@mazarvoicecomaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]Applicationmessage00000002BLREXC H/O=ad/OU=ad/cn=Recipients/cn=_OperationsSupportMicrosoftExchangeServer__substg10_0E04001F#%????4__substg10_0E1D001F???? ?????????__substg10_0E28001F"????-?__substg10_0E29001F????????????0?00000002BLREXCH/O=ad/OU=ad/cn=Recipients/cn=_Operati onsSupportMicrosoftExchangeServerZxLZFu#O?rcpg125?2CtexA???????PV?U?%Qch??set2?%?3F?03???05"`cP3d36P?0?2-?100a8WARNA?ghi b?a?utJD@BCExce0iR???SQLHEr`r???S??!a8?????ERROR??OZ?%?rpd?%?URL="jdbcmysql//?stg-c5-m?13306@/bv2?a%0o@?nn?t=t?r__substg 10_1000001F'????"?#__substg10_10090102????????????3^__substg10_1035001F????Q?__substg10_10F3001F????????????T?02-2010000 8WARNorghibernateutilJDBCExceptionReporterSQLError0SQLState0800102-20100008ERRORorghibernateutilJDBCExceptionReporterSQL exceptionraisedforJDBCURL="jdbcmysql//stg-c5-dbmst13306/bv2?autoReconnect=true&useUnicode=true&characterEncoding=utf-8"! MESSAGEServerconnectionfailureduringtransactionDuetounderlyingexception'javanetSocketExceptionjavanetConnectExceptionCon nectiontimedout'BEGINNESTEDEXCEPTIONjavanetSocketExceptionMESSAGEjavanetConnectExceptionConnectiontimedoutSTACKTRACEjava netSocketExceptionjavanetConnectExceptionConnectiontimedoutatcommysqljdbcStandardSocketFactoryconnectStandardSocketFacto ryjava156atcommysqljdbcMysqlIO<init>MysqlIOjava284atcommysqljdbcConnectioncreateNewIOConnectionjava2672atcommysqljdbcCon nection<init>Connectionjava1474atcommysqljdbcNonRegisteringDriverconnectNonRegisteringDriverjava266atorgapachecommonsdbc pDriverConnectionFactorycreateConnectionDriverConnectionFactoryjava37atorgapachecommonsdbcpPoolableConnectionFactorymake ObjectPoolableConnectionFactoryjava291atorgapachecommonspoolimplGenericObjectPoolborrowObjectGenericObjectPooljava771ato rgapachecommonsdbcpPoolingDataSourcegetConnectionPoolingDataSourcejava95atorgapachecommonsdbcpBasicDataSourcegetConnecti onBasicDataSourcejava548atsunreflectGeneratedMethodAccessor530invokeUnknownSourceatsunreflectDelegatingMethodAccessorImp linvokeDelegatingMethodAccessorImpljava25atjavalangreflectMethodinvokeMethodjava597atorgspringframeworkaopsupportAopUtil sinvokeJoinpointUsingReflectionAopUtilsjava310atorgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpointR eflectiveMethodInvocationjava182atorgspringframeworkaopframeworkReflectiveMethodInvocationproceedReflectiveMethodInvocat ionjava149atorgspringframeworkaopframeworkadapterThrowsAdviceInterceptorinvokeThrowsAdviceInterceptorjava126atorgspringf rameworkaopframeworkReflectiveMethodInvocationproceedReflectiveMethodInvocationjava171atorgspringframeworkaopframeworkJd kDynamicAopProxyinvokeJdkDynamicAopProxyjava204at$Proxy20getConnectionUnknownSourceatorgspringframeworkormhibernate3Loca lDataSourceConnectionProvidergetConnectionLocalDataSourceConnectionProviderjava82atorghibernatejdbcConnectionManageropen ConnectionConnectionManagerjava417atorghibernatejdbcConnectionManagergetConnectionConnectionManagerjava144atorghibernate jdbcAbstractBatcherprepareQueryStatementAbstractBatcherjava105atorghibernateloaderLoaderprepareQueryStatementLoaderjava1 561atorghibernateloaderLoaderdoQueryLoaderjava661atorghibernateloaderLoaderdoQueryAndInitializeNonLazyCollectionsLoaderj ava224atorghibernateloaderLoaderdoListLoaderjava2145atorghibernateloaderLoaderlistIgnoreQueryCacheLoaderjava2029atorghib ernateloaderLoaderlistLoaderjava2024atorghibernateloadercriteriaCriteriaLoaderlistCriteriaLoaderjava94atorghibernateimpl SessionImpllistSessionImpljava1533atorghibernateimplCriteriaImpllistCriteriaImpljava283atorgspringframeworkormhibernate3 HibernateTemplate$36doInHibernateHibernateTemplatejava1061atorgspringframeworkormhibernate3HibernateTemplatedoExecuteHib ernateTemplatejava419atorgspringframeworkormhibernate3HibernateTemplateexecuteWithNativeSessionHibernateTemplatejava374a torgspringframeworkormhibernate3HibernateTemplatefindByCriteriaHibernateTemplatejava1051atorgspringframeworkormhibernate 3HibernateTemplatefindByCriteriaHibernateTemplatejava1044atcommazarvoiceccadaohibernateModelDAOHibernatefindModelDAOHibe rnatejava189atcommazarvoiceccadaohibernateAbstractCriteriaDAOHibernatefindAbstractCriteriaDAOHibernatejava113atcommazarv oiceccaloggingserviceimplLoggingConfigurationServiceImplupdateFiltersLoggingConfigurationServiceImpljava104atcommazarvoi ceccaloggingserviceimplLoggingConfigurationServiceImplupdateLoggingConfigurationLoggingConfigurationServiceImpljava95atc ommazarvoiceccaloggingserviceimplLoggingConfigurationServiceImpl$1runLoggingConfigurationServiceImpljava69ENDNESTEDEXCEP TIONAttemptedreconnect3timesGivingupP&uU??$???En??g=%0f-8"!?ESSAGE?!`av?+?'?fp?@dqp0?q-?DP1??oun?ly1?''!`'java?+?tSock?% ?!`4wP+?5i6?'??%@?`t'"?"?BEGIEN/0TED!X?%?PTIO9?9?4%?"?/'67/89??ACKTRB?/??<?5???@?9%??$?0mcD?o?3D?F-??y+?JoKsD1?56H?I?Mr@ ?<?it>P?M?284N/I?GXK?o$??@S?Qt6??Q?STP?UN14?7Q?I?N"g??aD/?K?\?]?U??N$Ra??%Iq`??!p]?GXKG?T?GXb?M37`O?a_bcPo??ld??KF?D?Obj Li??f<291g?hO`?fpPG?qc?k?k??!!wk?p??M?77noiH]R$??aD?p%?gd?sv?M?95toubcB>a?wOd?|?M?54?8Z?s3flP?p?$?dMhp?Ac%??5?ppnvoD??kn ?r0?}d???HDelP?g$?a?|Ip????????Qtz^D`p?W?t7???%?9g/$asp?1rPa?w?k{??ob??pbA?0?U%Ab@??Jo?`??tU?p@??e???f?P?????????/??tI?? c?!2Q?}?????M?8V~?o????????D??d?/???49?o???aL?0]?Thr!sAdv??e???%?????o??uM?V@????????????]tO?O?_Jdk?Dy$?m???P`^xK?????mv 0Z?$????w??????I??$?3L??l}GX??????w?????M??O?$\S?Mpaw?]??0??d???M?4????/?Ow??Z&Z???J@A?b?-?|?t{?]???%??eQPK?!??????M?0z_ $k????]???????????M????????do?3??`??{????A3??P?1i?zT?LazyP?l??s??22???????L]??Z????????w?Ig????C{???????????????]?]"D0C? U?J???y???$kp?`??????M????????_Qu???o?H$?T???Q?$?Q??????????%??`%?r?%0?????????o'WP??hN?!/???_y?g??o???3pdB???U??5????!? ?%??Wrb??a-?????K???bP????M???AO#?"??P?_???&/'??&6?????1~O-Q??pg\??qs`??pt???5#F1`g}???P?5???p??!0F?0?!???67?$?2?3?4?6?9 ?8'???DA?oz?<??=?>?C7?$1?P?0B?C??c?M?ENDNESTEOEXCEPTUNN?M?At3???d?]?3???`b@G]?w?p?4}Tp<644663928511266681608162JavaMailt omcat@aws-stg-c5-feeds9aws>aws-stg-c5-feeds9aws%3A[mazarvoiceSMTPAppender]ApplicationmessageEMLt<????G???k???__substg10_ 300B0102+-????W__substg10_3FF8001F????????????X<__substg10_3FF901020????Y?__substg10_3FFA001F????????????\<bvapplication @mazarvoicecom?+????n?T?bvapplication@mazarvoicecomSMTPbvapplication@mazarvoicecombvapplication@mazarvoicecom?+????n?T?b vapplication@mazarvoicecomSMTPbvapplication@mazarvoicecom__substg10_3FFB0102/2????]?__substg10_8000001F????????????`2__s ubstg10_8001001F14????a?__substg10_80020102????????????d2MicrosoftExchangeServer00000002BLREXCH/O=ad/OU=ad/cn=Recipients /cn=_OperationsSupportMAPI//00000002/00000000@00?z?`??@00?z?`????J>???j4y?f??6__properties_version10035????e?__recip_ver sion10_#00000000????????9?|?`???|?`??__substg10_0FF60102????????????w__substg10_0FFF010268????x?&67?@9??E??$??P?@&A??B>C P?D&Q7?R7?de>p?q?uvhwxh}???>$?>@?+??E?????#^?5???????0????o??????>??????>???????@@@@v@y@?4???2?=???+????n?T?dev-log4j@ma zarvoicecomSMTPdev-log4j@mazarvoicecomdev-log4j@mazarvoicecomSMTPdev-log4j@mazarvoicecomSMTPDEV-LOG4J@mazarVOICECOMdev-l og4j@mazarvoicecom__substg10_3001001F????????????{2__substg10_3002001F7????|__substg10_3003001F????????????}2__substg10_ 300B0102<????~__substg10_3A20001F????=????2__properties_version100?????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????040040?4@??0 I need to extract the following keywords: ConnectException, javanetConnectException and any exception as well as its exception type.

    Read the article

  • Regex for continues sentence

    - by SmartestVEGA
    I have the following text, I need to extract the exception name and the continuing sentence from the file, but the file has continuous sentences without a space. ??????>????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????B????!48#$%&'+-/0123????5679<=@ >?CA???????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ????????????????RootEntry?????????F?|?`???__nameid_version10?????????|?`???|?`??__substg10_00020102????????????__substg1 0_00030102????????????????????????????????????????????????????????????????????????????????????????????????!????#$??????? ?????????????????+????/????12????456789<=>?@ABCDEFGHIJKLMNOP????RS????UV????????????Z[????????^_????????bc????????fghijk lmnopqrstuv????????yz?????????????????????????F?F??????????IPMNoteaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]Applicatio nmes__substg10_00040102????????????????__substg10_10060102????__substg10_10140102????????__substg10_10150102???????????? __substg10_001A001F????__substg10_0037001F?????????????__substg10_003B0102????$__substg10_003D001F????????????????sageSM TPBVAPPLICATION@mazarVOICECOM??@??B??+/??/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORT_OperationsSupport?+????n?T?bvap plication@mazarvoicecomSMTPbvapplication@mazarvoicecom__substg10_003F0102????P__substg10_0040001F????????????$__substg10 _00410102?????__substg10_0042001F????????????<bvapplication@mazarvoicecom??@??B??+/??/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERA TIONSSUPPORT_OperationsSupportEX/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORTEX/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATION SSUPPORTSMTPbvapplication@mazarvoicecom__substg10_00430102????P__substg10_0044001F????????????$__substg10_00510102????7_ _substg10_00520102????????????7__substg10_0064001F????__substg10_0065001F????????????<__substg10_0070001F?????__substg10 _00710102????????????aws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]Applicationmessage??E????????A??H???EX/O=ad/OU=ad/CN=RE CIPIENTS/CN=_OPERATIONSSUPPORTEX__substg10_0075001F????__substg10_0076001F????????????f__substg10_0077001F????__substg10 _0078001F????????????f/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORT?+????n?T?bvapplication@mazarvoicecomSMTPbvapplicat ion@mazarvoicecombvapplication@mazarvoicecomSMTPBVAPPLICATION@mazarVOICECOMSMTP__substg10_007D001F?????__substg10_0C1901 02????????????"?__substg10_0C1A001F&????%<__substg10_0C1D0102????????????&$MicrosoftMailInternetHeadersVersion20Received fromdalmailadsolutionscom[17216977]byblrexchadsolutionscomwithMicrosoftSMTPSVC6037903959Sat20Feb2010213019+0530Receivedf rombarracudaadcom[1721682]bydalmailadsolutionscomwithMicrosoftSMTPSVC6037903959Sat20Feb2010100012-0600X-ASG-Debug-ID1266 681611-1c039f4d0001-azmk4tReceivedfromna3sys009aog114obsmtpcomna3sys009aog114obsmtpcom[74125149211]bybarracudaadcomwithS MTPidoe0BsQlWiwvBTxEofor<_OperationsSupport@adcom>Sat20Feb2010100011-0600CSTX-Barracuda-Envelope-Frombvapplication@mazar voicecomReceivedfromsource[241551448]byna3sys009aob114postinicom[7412514812]withSMTPIDDSNKS4AHC703Mnh+uM8i9u1uucP76tMiGb r6@postinicomSat20Feb2010080012PSTReceivedfrompsmtpcom74125149120byAUSBDCaustinmazarvoicecom100023withMicrosoftSMTPServe rid821760Sat20Feb2010095958-0600Receivedfromsource[723214889]usingTLSv1byna3sys009amx236postinicom[7412514810]withSMTPSa t20Feb2010080009PSTReceivedfromaws-build-systemawsaws-build-system[172200110]byc0mailmazarvoicecom8138/8138withESMTPido1 KG08md020220for<dev-log4j@mazarvoicecom>Sat20Feb2010100008-0600Receivedfromaws-stg-c5-feeds9awsaws-stg-c5-feeds9aws[1020 969139]byaws-build-systemawsPostfixwithESMTPid6D6A864294for<dev-log4j@mazarvoicecom>Sat20Feb2010100008-0600CSTReceivedfr omaws-stg-c5-feeds9awslocalhost[127001]byaws-stg-c5-feeds9awsPostfixwithESMTPid548C1801ABfor<dev-log4j@mazarvoicecom>Sat 20Feb2010100008-0600CSTDateSat20Feb2010100008-0600From<bvapplication@mazarvoicecom>To<dev-log4j@mazarvoicecom>Message-ID <644663928511266681608162JavaMailtomcat@aws-stg-c5-feeds9aws>X-ASG-Orig-Subjaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender] ApplicationmessageSubjectaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]ApplicationmessageMIME-Version10Content-Typemultipa rt/mixedboundary="----=_Part_51_8002724931266681608155"X-pstn-neptune0/0/000/0X-pstn-levelsS4081870/9990000CV999000FC955 390LC955390R959108P959108M970282C986951X-Auto-Response-SuppressDROOFAutoReplyX-Barracuda-Connectna3sys009aog114obsmtpcom [74125149211]X-Barracuda-Start-Time1266681611X-Barracuda-URLhttp//17216828000/cgi-mod/markcgiX-Virus-Scannedbybsmtpdatad comX-Barracuda-Spam-Score001X-Barracuda-Spam-StatusNoSCORE=001usingglobalscoresofTAG_LEVEL=35QUARANTINE_LEVEL=10000KILL_ LEVEL=90tests=BSF_SC0_SA_TO_FROM_DOMAIN_MATCHNO_REAL_NAMEX-Barracuda-Spam-ReportCodeversion32rulesversion32223024Rulebre akdownbelowptsrulenamedescription----------------------------------------------------------------------------000NO_REAL_ NAMEFromdoesnotincludearealname001BSF_SC0_SA_TO_FROM_DOMAIN_MATCHSenderDomainMatchesRecipientDomainReturn-Pathbvapplicat ion@mazarvoicecomX-OriginalArrivalTime20Feb20101600120277UTCFILETIME=[C8AD525001CAB245]------=_Part_51_80027249312666816 08155Content-Typetext/plaincharset="us-ascii"Content-Transfer-Encoding7bit------=_Part_51_8002724931266681608155--__subs tg10_0C1E001F!????'__substg10_0C1F001F????????????<__substg10_0E02001F$????????__substg10_0E03001F????????????????bvappl ication@mazarvoicecomdev-log4j@mazarvoicecomaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]Applicationmessage00000002BLREXC H/O=ad/OU=ad/cn=Recipients/cn=_OperationsSupportMicrosoftExchangeServer__substg10_0E04001F#%????4__substg10_0E1D001F???? ?????????__substg10_0E28001F"????-?__substg10_0E29001F????????????0?00000002BLREXCH/O=ad/OU=ad/cn=Recipients/cn=_Operati onsSupportMicrosoftExchangeServerZxLZFu#O?rcpg125?2CtexA???????PV?U?%Qch??set2?%?3F?03???05"`cP3d36P?0?2-?100a8WARNA?ghi b?a?utJD@BCExce0iR???SQLHEr`r???S??!a8?????ERROR??OZ?%?rpd?%?URL="jdbcmysql//?stg-c5-m?13306@/bv2?a%0o@?nn?t=t?r__substg 10_1000001F'????"?#__substg10_10090102????????????3^__substg10_1035001F????Q?__substg10_10F3001F????????????T?02-2010000 8WARNorghibernateutilJDBCExceptionReporterSQLError0SQLState0800102-20100008ERRORorghibernateutilJDBCExceptionReporterSQL exceptionraisedforJDBCURL="jdbcmysql//stg-c5-dbmst13306/bv2?autoReconnect=true&useUnicode=true&characterEncoding=utf-8"! MESSAGEServerconnectionfailureduringtransactionDuetounderlyingexception'javanetSocketExceptionjavanetConnectExceptionCon nectiontimedout'BEGINNESTEDEXCEPTIONjavanetSocketExceptionMESSAGEjavanetConnectExceptionConnectiontimedoutSTACKTRACEjava netSocketExceptionjavanetConnectExceptionConnectiontimedoutatcommysqljdbcStandardSocketFactoryconnectStandardSocketFacto ryjava156atcommysqljdbcMysqlIO<init>MysqlIOjava284atcommysqljdbcConnectioncreateNewIOConnectionjava2672atcommysqljdbcCon nection<init>Connectionjava1474atcommysqljdbcNonRegisteringDriverconnectNonRegisteringDriverjava266atorgapachecommonsdbc pDriverConnectionFactorycreateConnectionDriverConnectionFactoryjava37atorgapachecommonsdbcpPoolableConnectionFactorymake ObjectPoolableConnectionFactoryjava291atorgapachecommonspoolimplGenericObjectPoolborrowObjectGenericObjectPooljava771ato rgapachecommonsdbcpPoolingDataSourcegetConnectionPoolingDataSourcejava95atorgapachecommonsdbcpBasicDataSourcegetConnecti onBasicDataSourcejava548atsunreflectGeneratedMethodAccessor530invokeUnknownSourceatsunreflectDelegatingMethodAccessorImp linvokeDelegatingMethodAccessorImpljava25atjavalangreflectMethodinvokeMethodjava597atorgspringframeworkaopsupportAopUtil sinvokeJoinpointUsingReflectionAopUtilsjava310atorgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpointR eflectiveMethodInvocationjava182atorgspringframeworkaopframeworkReflectiveMethodInvocationproceedReflectiveMethodInvocat ionjava149atorgspringframeworkaopframeworkadapterThrowsAdviceInterceptorinvokeThrowsAdviceInterceptorjava126atorgspringf rameworkaopframeworkReflectiveMethodInvocationproceedReflectiveMethodInvocationjava171atorgspringframeworkaopframeworkJd kDynamicAopProxyinvokeJdkDynamicAopProxyjava204at$Proxy20getConnectionUnknownSourceatorgspringframeworkormhibernate3Loca lDataSourceConnectionProvidergetConnectionLocalDataSourceConnectionProviderjava82atorghibernatejdbcConnectionManageropen ConnectionConnectionManagerjava417atorghibernatejdbcConnectionManagergetConnectionConnectionManagerjava144atorghibernate jdbcAbstractBatcherprepareQueryStatementAbstractBatcherjava105atorghibernateloaderLoaderprepareQueryStatementLoaderjava1 561atorghibernateloaderLoaderdoQueryLoaderjava661atorghibernateloaderLoaderdoQueryAndInitializeNonLazyCollectionsLoaderj ava224atorghibernateloaderLoaderdoListLoaderjava2145atorghibernateloaderLoaderlistIgnoreQueryCacheLoaderjava2029atorghib ernateloaderLoaderlistLoaderjava2024atorghibernateloadercriteriaCriteriaLoaderlistCriteriaLoaderjava94atorghibernateimpl SessionImpllistSessionImpljava1533atorghibernateimplCriteriaImpllistCriteriaImpljava283atorgspringframeworkormhibernate3 HibernateTemplate$36doInHibernateHibernateTemplatejava1061atorgspringframeworkormhibernate3HibernateTemplatedoExecuteHib ernateTemplatejava419atorgspringframeworkormhibernate3HibernateTemplateexecuteWithNativeSessionHibernateTemplatejava374a torgspringframeworkormhibernate3HibernateTemplatefindByCriteriaHibernateTemplatejava1051atorgspringframeworkormhibernate 3HibernateTemplatefindByCriteriaHibernateTemplatejava1044atcommazarvoiceccadaohibernateModelDAOHibernatefindModelDAOHibe rnatejava189atcommazarvoiceccadaohibernateAbstractCriteriaDAOHibernatefindAbstractCriteriaDAOHibernatejava113atcommazarv oiceccaloggingserviceimplLoggingConfigurationServiceImplupdateFiltersLoggingConfigurationServiceImpljava104atcommazarvoi ceccaloggingserviceimplLoggingConfigurationServiceImplupdateLoggingConfigurationLoggingConfigurationServiceImpljava95atc ommazarvoiceccaloggingserviceimplLoggingConfigurationServiceImpl$1runLoggingConfigurationServiceImpljava69ENDNESTEDEXCEP TIONAttemptedreconnect3timesGivingupP&uU??$???En??g=%0f-8"!?ESSAGE?!`av?+?'?fp?@dqp0?q-?DP1??oun?ly1?''!`'java?+?tSock?% ?!`4wP+?5i6?'??%@?`t'"?"?BEGIEN/0TED!X?%?PTIO9?9?4%?"?/'67/89??ACKTRB?/??<?5???@?9%??$?0mcD?o?3D?F-??y+?JoKsD1?56H?I?Mr@ ?<?it>P?M?284N/I?GXK?o$??@S?Qt6??Q?STP?UN14?7Q?I?N"g??aD/?K?\?]?U??N$Ra??%Iq`??!p]?GXKG?T?GXb?M37`O?a_bcPo??ld??KF?D?Obj Li??f<291g?hO`?fpPG?qc?k?k??!!wk?p??M?77noiH]R$??aD?p%?gd?sv?M?95toubcB>a?wOd?|?M?54?8Z?s3flP?p?$?dMhp?Ac%??5?ppnvoD??kn ?r0?}d???HDelP?g$?a?|Ip????????Qtz^D`p?W?t7???%?9g/$asp?1rPa?w?k{??ob??pbA?0?U%Ab@??Jo?`??tU?p@??e???f?P?????????/??tI?? c?!2Q?}?????M?8V~?o????????D??d?/???49?o???aL?0]?Thr!sAdv??e???%?????o??uM?V@????????????]tO?O?_Jdk?Dy$?m???P`^xK?????mv 0Z?$????w??????I??$?3L??l}GX??????w?????M??O?$\S?Mpaw?]??0??d???M?4????/?Ow??Z&Z???J@A?b?-?|?t{?]???%??eQPK?!??????M?0z_ $k????]???????????M????????do?3??`??{????A3??P?1i?zT?LazyP?l??s??22???????L]??Z????????w?Ig????C{???????????????]?]"D0C? U?J???y???$kp?`??????M????????_Qu???o?H$?T???Q?$?Q??????????%??`%?r?%0?????????o'WP??hN?!/???_y?g??o???3pdB???U??5????!? ?%??Wrb??a-?????K???bP????M???AO#?"??P?_???&/'??&6?????1~O-Q??pg\??qs`??pt???5#F1`g}???P?5???p??!0F?0?!???67?$?2?3?4?6?9 ?8'???DA?oz?<??=?>?C7?$1?P?0B?C??c?M?ENDNESTEOEXCEPTUNN?M?At3???d?]?3???`b@G]?w?p?4}Tp<644663928511266681608162JavaMailt omcat@aws-stg-c5-feeds9aws>aws-stg-c5-feeds9aws%3A[mazarvoiceSMTPAppender]ApplicationmessageEMLt<????G???k???__substg10_ 300B0102+-????W__substg10_3FF8001F????????????X<__substg10_3FF901020????Y?__substg10_3FFA001F????????????\<bvapplication @mazarvoicecom?+????n?T?bvapplication@mazarvoicecomSMTPbvapplication@mazarvoicecombvapplication@mazarvoicecom?+????n?T?b vapplication@mazarvoicecomSMTPbvapplication@mazarvoicecom__substg10_3FFB0102/2????]?__substg10_8000001F????????????`2__s ubstg10_8001001F14????a?__substg10_80020102????????????d2MicrosoftExchangeServer00000002BLREXCH/O=ad/OU=ad/cn=Recipients /cn=_OperationsSupportMAPI//00000002/00000000@00?z?`??@00?z?`????J>???j4y?f??6__properties_version10035????e?__recip_ver sion10_#00000000????????9?|?`???|?`??__substg10_0FF60102????????????w__substg10_0FFF010268????x?&67?@9??E??$??P?@&A??B>C P?D&Q7?R7?de>p?q?uvhwxh}???>$?>@?+??E?????#^?5???????0????o??????>??????>???????@@@@v@y@?4???2?=???+????n?T?dev-log4j@ma zarvoicecomSMTPdev-log4j@mazarvoicecomdev-log4j@mazarvoicecomSMTPdev-log4j@mazarvoicecomSMTPDEV-LOG4J@mazarVOICECOMdev-l og4j@mazarvoicecom__substg10_3001001F????????????{2__substg10_3002001F7????|__substg10_3003001F????????????}2__substg10_ 300B0102<????~__substg10_3A20001F????=????2__properties_version100?????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????040040?4@??0 I need to extract the following keywords: ConnectException, javanetConnectException and any exception as well as its exception type. Please help me in writing a regex for this?

    Read the article

  • String manipulation in C# ( Brainstroming ;-) )

    - by SmartestVEGA
    I have the following text , i need to extract the exception name and the continuing sentence from the file... but the file has continues sentence without a space. ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????B????!48#$%&'+-/0123????5679<=@?CA????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????RootEntry?????????F?|????__nameid_version10?????????|????|???__substg10_00020102????????????__substg10_00030102????????????????????????????????????????????????????????????????????????????????????????????????!????#$????????????????????????+????/????12????456789<=>?@ABCDEFGHIJKLMNOP????RS????UV????????????Z[????????^_????????bc????????fghijklmnopqrstuv????????yz?????????????????????????F?F??????????IPMNoteaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]Applicationmes__substg10_00040102????????????????__substg10_10060102????__substg10_10140102????????__substg10_10150102????????????__substg10_001A001F????__substg10_0037001F?????????????__substg10_003B0102????$__substg10_003D001F????????????????sageSMTPBVAPPLICATION@mazarVOICECOM??@??B??+/??/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORT_OperationsSupport?+????n?T?bvapplication@mazarvoicecomSMTPbvapplication@mazarvoicecom__substg10_003F0102????P__substg10_0040001F????????????$__substg10_00410102?????__substg10_0042001F????????????<bvapplication@mazarvoicecom??@??B??+/??/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORT_OperationsSupportEX/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORTEX/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORTSMTPbvapplication@mazarvoicecom__substg10_00430102????P__substg10_0044001F????????????$__substg10_00510102????7__substg10_00520102????????????7__substg10_0064001F????__substg10_0065001F????????????<__substg10_0070001F?????__substg10_00710102????????????aws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]Applicationmessage??E????????A??H???EX/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORTEX__substg10_0075001F????__substg10_0076001F????????????f__substg10_0077001F????__substg10_0078001F????????????f/O=ad/OU=ad/CN=RECIPIENTS/CN=_OPERATIONSSUPPORT?+????n?T?bvapplication@mazarvoicecomSMTPbvapplication@mazarvoicecombvapplication@mazarvoicecomSMTPBVAPPLICATION@mazarVOICECOMSMTP__substg10_007D001F?????__substg10_0C190102????????????"?__substg10_0C1A001F&????%<__substg10_0C1D0102????????????&$MicrosoftMailInternetHeadersVersion20Receivedfromdalmailadsolutionscom[17216977]byblrexchadsolutionscomwithMicrosoftSMTPSVC6037903959Sat20Feb2010213019+0530Receivedfrombarracudaadcom[1721682]bydalmailadsolutionscomwithMicrosoftSMTPSVC6037903959Sat20Feb2010100012-0600X-ASG-Debug-ID1266681611-1c039f4d0001-azmk4tReceivedfromna3sys009aog114obsmtpcomna3sys009aog114obsmtpcom[74125149211]bybarracudaadcomwithSMTPidoe0BsQlWiwvBTxEofor<_OperationsSupport@adcom>Sat20Feb2010100011-0600CSTX-Barracuda-Envelope-Frombvapplication@mazarvoicecomReceivedfromsource[241551448]byna3sys009aob114postinicom[7412514812]withSMTPIDDSNKS4AHC703Mnh+uM8i9u1uucP76tMiGbr6@postinicomSat20Feb2010080012PSTReceivedfrompsmtpcom74125149120byAUSBDCaustinmazarvoicecom100023withMicrosoftSMTPServerid821760Sat20Feb2010095958-0600Receivedfromsource[723214889]usingTLSv1byna3sys009amx236postinicom[7412514810]withSMTPSat20Feb2010080009PSTReceivedfromaws-build-systemawsaws-build-system[172200110]byc0mailmazarvoicecom8138/8138withESMTPido1KG08md020220for<dev-log4j@mazarvoicecom>Sat20Feb2010100008-0600Receivedfromaws-stg-c5-feeds9awsaws-stg-c5-feeds9aws[1020969139]byaws-build-systemawsPostfixwithESMTPid6D6A864294for<dev-log4j@mazarvoicecom>Sat20Feb2010100008-0600CSTReceivedfromaws-stg-c5-feeds9awslocalhost[127001]byaws-stg-c5-feeds9awsPostfixwithESMTPid548C1801ABfor<dev-log4j@mazarvoicecom>Sat20Feb2010100008-0600CSTDateSat20Feb2010100008-0600From<bvapplication@mazarvoicecom>To<dev-log4j@mazarvoicecom>Message-ID<644663928511266681608162JavaMailtomcat@aws-stg-c5-feeds9aws>X-ASG-Orig-Subjaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]ApplicationmessageSubjectaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]ApplicationmessageMIME-Version10Content-Typemultipart/mixedboundary="----=_Part_51_8002724931266681608155"X-pstn-neptune0/0/000/0X-pstn-levelsS4081870/9990000CV999000FC955390LC955390R959108P959108M970282C986951X-Auto-Response-SuppressDROOFAutoReplyX-Barracuda-Connectna3sys009aog114obsmtpcom[74125149211]X-Barracuda-Start-Time1266681611X-Barracuda-URLhttp//17216828000/cgi-mod/markcgiX-Virus-ScannedbybsmtpdatadcomX-Barracuda-Spam-Score001X-Barracuda-Spam-StatusNoSCORE=001usingglobalscoresofTAG_LEVEL=35QUARANTINE_LEVEL=10000KILL_LEVEL=90tests=BSF_SC0_SA_TO_FROM_DOMAIN_MATCHNO_REAL_NAMEX-Barracuda-Spam-ReportCodeversion32rulesversion32223024Rulebreakdownbelowptsrulenamedescription----------------------------------------------------------------------------000NO_REAL_NAMEFromdoesnotincludearealname001BSF_SC0_SA_TO_FROM_DOMAIN_MATCHSenderDomainMatchesRecipientDomainReturn-Pathbvapplication@mazarvoicecomX-OriginalArrivalTime20Feb20101600120277UTCFILETIME=[C8AD525001CAB245]------=_Part_51_8002724931266681608155Content-Typetext/plaincharset="us-ascii"Content-Transfer-Encoding7bit------=_Part_51_8002724931266681608155--__substg10_0C1E001F!????'__substg10_0C1F001F????????????<__substg10_0E02001F$????????__substg10_0E03001F????????????????bvapplication@mazarvoicecomdev-log4j@mazarvoicecomaws-stg-c5-feeds9aws[mazarvoiceSMTPAppender]Applicationmessage00000002BLREXCH/O=ad/OU=ad/cn=Recipients/cn=_OperationsSupportMicrosoftExchangeServer__substg10_0E04001F#%????4__substg10_0E1D001F?????????????__substg10_0E28001F"????-?__substg10_0E29001F????????????0?00000002BLREXCH/O=ad/OU=ad/cn=Recipients/cn=_OperationsSupportMicrosoftExchangeServerZxLZFu#O?rcpg125?2CtexA???????PV?U?%Qch??set2?%?3F?03???05"cP3d36P?0?2-?100a8WARNA?ghib?a?utJD@BCExce0iR???SQLHErr???S??!a8?????ERROR??OZ?%?rpd?%?URL="jdbcmysql//?stg-c5-m?13306@/bv2?a%0o@?nn?t=t?r__substg10_1000001F'????"?#__substg10_10090102????????????3^__substg10_1035001F????Q?__substg10_10F3001F????????????T?02-20100008WARNorghibernateutilJDBCExceptionReporterSQLError0SQLState0800102-20100008ERRORorghibernateutilJDBCExceptionReporterSQLexceptionraisedforJDBCURL="jdbcmysql//stg-c5-dbmst13306/bv2?autoReconnect=true&useUnicode=true&characterEncoding=utf-8"!MESSAGEServerconnectionfailureduringtransactionDuetounderlyingexception'javanetSocketExceptionjavanetConnectExceptionConnectiontimedout'BEGINNESTEDEXCEPTIONjavanetSocketExceptionMESSAGEjavanetConnectExceptionConnectiontimedoutSTACKTRACEjavanetSocketExceptionjavanetConnectExceptionConnectiontimedoutatcommysqljdbcStandardSocketFactoryconnectStandardSocketFactoryjava156atcommysqljdbcMysqlIO<init>MysqlIOjava284atcommysqljdbcConnectioncreateNewIOConnectionjava2672atcommysqljdbcConnection<init>Connectionjava1474atcommysqljdbcNonRegisteringDriverconnectNonRegisteringDriverjava266atorgapachecommonsdbcpDriverConnectionFactorycreateConnectionDriverConnectionFactoryjava37atorgapachecommonsdbcpPoolableConnectionFactorymakeObjectPoolableConnectionFactoryjava291atorgapachecommonspoolimplGenericObjectPoolborrowObjectGenericObjectPooljava771atorgapachecommonsdbcpPoolingDataSourcegetConnectionPoolingDataSourcejava95atorgapachecommonsdbcpBasicDataSourcegetConnectionBasicDataSourcejava548atsunreflectGeneratedMethodAccessor530invokeUnknownSourceatsunreflectDelegatingMethodAccessorImplinvokeDelegatingMethodAccessorImpljava25atjavalangreflectMethodinvokeMethodjava597atorgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflectionAopUtilsjava310atorgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpointReflectiveMethodInvocationjava182atorgspringframeworkaopframeworkReflectiveMethodInvocationproceedReflectiveMethodInvocationjava149atorgspringframeworkaopframeworkadapterThrowsAdviceInterceptorinvokeThrowsAdviceInterceptorjava126atorgspringframeworkaopframeworkReflectiveMethodInvocationproceedReflectiveMethodInvocationjava171atorgspringframeworkaopframeworkJdkDynamicAopProxyinvokeJdkDynamicAopProxyjava204at$Proxy20getConnectionUnknownSourceatorgspringframeworkormhibernate3LocalDataSourceConnectionProvidergetConnectionLocalDataSourceConnectionProviderjava82atorghibernatejdbcConnectionManageropenConnectionConnectionManagerjava417atorghibernatejdbcConnectionManagergetConnectionConnectionManagerjava144atorghibernatejdbcAbstractBatcherprepareQueryStatementAbstractBatcherjava105atorghibernateloaderLoaderprepareQueryStatementLoaderjava1561atorghibernateloaderLoaderdoQueryLoaderjava661atorghibernateloaderLoaderdoQueryAndInitializeNonLazyCollectionsLoaderjava224atorghibernateloaderLoaderdoListLoaderjava2145atorghibernateloaderLoaderlistIgnoreQueryCacheLoaderjava2029atorghibernateloaderLoaderlistLoaderjava2024atorghibernateloadercriteriaCriteriaLoaderlistCriteriaLoaderjava94atorghibernateimplSessionImpllistSessionImpljava1533atorghibernateimplCriteriaImpllistCriteriaImpljava283atorgspringframeworkormhibernate3HibernateTemplate$36doInHibernateHibernateTemplatejava1061atorgspringframeworkormhibernate3HibernateTemplatedoExecuteHibernateTemplatejava419atorgspringframeworkormhibernate3HibernateTemplateexecuteWithNativeSessionHibernateTemplatejava374atorgspringframeworkormhibernate3HibernateTemplatefindByCriteriaHibernateTemplatejava1051atorgspringframeworkormhibernate3HibernateTemplatefindByCriteriaHibernateTemplatejava1044atcommazarvoiceccadaohibernateModelDAOHibernatefindModelDAOHibernatejava189atcommazarvoiceccadaohibernateAbstractCriteriaDAOHibernatefindAbstractCriteriaDAOHibernatejava113atcommazarvoiceccaloggingserviceimplLoggingConfigurationServiceImplupdateFiltersLoggingConfigurationServiceImpljava104atcommazarvoiceccaloggingserviceimplLoggingConfigurationServiceImplupdateLoggingConfigurationLoggingConfigurationServiceImpljava95atcommazarvoiceccaloggingserviceimplLoggingConfigurationServiceImpl$1runLoggingConfigurationServiceImpljava69ENDNESTEDEXCEPTIONAttemptedreconnect3timesGivingupP&uU??$???En??g=%0f-8"!?ESSAGE?!av?+?'?fp?@dqp0?q-?DP1??oun?ly1?''!'java?+?tSock?%?!4wP+?5i6?'??%@?t'"?"?BEGIEN/0TED!X?%?PTIO9?9?4%?"?/'67/89??ACKTRB?/??<?5???@?9%??$?0mcD?o?3D?F-??y+?JoKsD1?56H?I?Mr@?<?it>P?M?284N/I?GXK?o$??@S?Qt6??Q?STP?UN14?7Q?I?N"g??aD/?K?\?]?U??N$Ra??%Iq??!p]?GXKG?T?GXb?M37O?a_bcPo??ld??KF?D?ObjLi??f<291g?hO?fpPG?qc?k?k??!!wk?p??M?77noiH]R$??aD?p%?gd?sv?M?95toubcBa?wOd?|?M?54?8Z?s3flP?p?$?dMhp?Ac%??5?ppnvoD??kn?r0?}d???HDelP?g$?a?|Ip????????Qtz^Dp?W?t7???%?9g/$asp?1rPa?w?k{??ob??pbA?0?U%Ab@??Jo???tU?p@??e???f?P?????????/??tI??c?!2Q?}?????M?8V~?o????????D??d?/???49?o???aL?0]?Thr!sAdv??e???%?????o??uM?V@????????????]tO?O?_Jdk?Dy$?m???P^xK?????mv0Z?$????w??????I??$?3L??l}GX??????w?????M??O?$\S?Mpaw?]??0??d???M?4????/?Ow??Z&Z???J@A?b?-?|?t{?]???%??eQPK?!??????M?0z_$k????]???????????M????????do?3????{????A3??P?1i?zT?LazyP?l??s??22???????L]??Z????????w?Ig????C{???????????????]?]"D0C?U?J???y???$kp???????M????????_Qu???o?H$?T???Q?$?Q??????????%??%?r?%0?????????o'WP??hN?!/???y?g??o???3pdB???U??5????!??%??Wrb??a-?????K???bP????M???AO#?"??P????&/'??&6?????1~O-Q??pg\??qs??pt???5#F1g}???P?5???p??!0F?0?!???67?$?2?3?4?6?9?8'???DA?oz??C7?$1?P?0B?C??c?M?ENDNESTEOEXCEPTUNN?M?At3???d?]?3???b@G]?w?p?4}Tp<644663928511266681608162JavaMailtomcat@aws-stg-c5-feeds9aws>aws-stg-c5-feeds9aws%3A[mazarvoiceSMTPAppender]ApplicationmessageEMLt<????G???k???__substg10_300B0102+-????W__substg10_3FF8001F????????????X<__substg10_3FF901020????Y?__substg10_3FFA001F????????????\<bvapplication@mazarvoicecom?+????n?T?bvapplication@mazarvoicecomSMTPbvapplication@mazarvoicecombvapplication@mazarvoicecom?+????n?T?bvapplication@mazarvoicecomSMTPbvapplication@mazarvoicecom__substg10_3FFB0102/2????]?__substg10_8000001F????????????2__substg10_8001001F14????a?__substg10_80020102????????????d2MicrosoftExchangeServer00000002BLREXCH/O=ad/OU=ad/cn=Recipients/cn=OperationsSupportMAPI//00000002/00000000@00?z???@00?z?????J???j4y?f??6_properties_version10035????e?__recip_version10_#00000000????????9?|????|???__substg10_0FF60102????????????w__substg10_0FFF010268????x?&67?@9??E??$??P?@&A??BCP?D&Q7?R7?dep?q?uvhwxh}???$?@?+??E?????#^?5???????0????o???????????????????@@@@v@y@?4???2?=???+????n?T?dev-log4j@mazarvoicecomSMTPdev-log4j@mazarvoicecomdev-log4j@mazarvoicecomSMTPdev-log4j@mazarvoicecomSMTPDEV-LOG4J@mazarVOICECOMdev-log4j@mazarvoicecom__substg10_3001001F????????????{2__substg10_3002001F7????|__substg10_3003001F????????????}2__substg10_300B0102 For eg: the following text has so many exception keywords but i need to extract those keywords like ConnectException javanetConnectException so on ... like whatever exception in the text and the next continuing sentence.. ConnectException: Connection timed out javanetConnectException : Connection timed out

    Read the article

  • Ubuntu 10.04 (Lucid) OpenLDAP invalid credentials issue

    - by gmuller
    This won't be a question, but a solution to an infuriating problem on Ubuntu 10.04. If you tried to deploy an LDAP server using this distro following the tutorials below, you'll be on serious trouble. Tutorials: https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html https://help.ubuntu.com/9.10/serverguide/C/samba-ldap.html The error first appear, on the line: "ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb olcAccess" It simply won't allow admin to access the "cn=config", thus you won't be able to deploy the LDAP server correctly. After almost a week searching for a solution, I've found this page: https://bugs.launchpad.net/ubuntu-docs/+bug/333733 On comment #5, the solution is presented. Quoting the author: when you get to the setting up ACL part you all of a sudden need to use a cn=admin,cn=config, that doesn't exist creating a config.ldif with dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,cn=config dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: secret dn: olcDatabase={0}config,cn=config changetype: modify delete: olcAccess and adding it with ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif It's unacceptable that a Linux distribution, popular like Ubuntu, have such ridiculous bug. Hope it helps everyone!

    Read the article

  • Apache Config: RSA server certificate CommonName (CN) ... NOT match server name!?

    - by mmattax
    I'm getting this in error_log when I start Apache: [Tue Mar 09 14:57:02 2010] [notice] mod_python: Creating 4 session mutexes based on 300 max processes and 0 max threads. [Tue Mar 09 14:57:02 2010] [warn] RSA server certificate CommonName (CN) `*.foo.com' does NOT match server name!? [Tue Mar 09 14:57:02 2010] [warn] RSA server certificate CommonName (CN) `www.bar.com' does NOT match server name!? [Tue Mar 09 14:57:02 2010] [notice] Apache configured -- resuming normal operations Child processes then seem to seg fault: [Tue Mar 09 14:57:32 2010] [notice] child pid 3425 exit signal Segmentation fault (11) [Tue Mar 09 14:57:35 2010] [notice] child pid 3433 exit signal Segmentation fault (11) [Tue Mar 09 14:57:36 2010] [notice] child pid 3437 exit signal Segmentation fault (11) Server is RHEL, what's going on and what do I need to do to fix this? EDIT As requested, the dump from httpd -M: Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) auth_basic_module (shared) auth_digest_module (shared) authn_file_module (shared) authn_alias_module (shared) authn_anon_module (shared) authn_default_module (shared) authz_host_module (shared) authz_user_module (shared) authz_owner_module (shared) authz_groupfile_module (shared) authz_default_module (shared) include_module (shared) log_config_module (shared) logio_module (shared) env_module (shared) ext_filter_module (shared) mime_magic_module (shared) expires_module (shared) deflate_module (shared) headers_module (shared) usertrack_module (shared) setenvif_module (shared) mime_module (shared) status_module (shared) autoindex_module (shared) info_module (shared) vhost_alias_module (shared) negotiation_module (shared) dir_module (shared) actions_module (shared) speling_module (shared) userdir_module (shared) alias_module (shared) rewrite_module (shared) cache_module (shared) disk_cache_module (shared) file_cache_module (shared) mem_cache_module (shared) cgi_module (shared) perl_module (shared) php5_module (shared) python_module (shared) ssl_module (shared) Syntax OK

    Read the article

  • Apache Config: RSA server certificate CommonName (CN) ... NOT match server name?

    - by mmattax
    I'm getting this in error_log when I start Apache: [Tue Mar 09 14:57:02 2010] [notice] mod_python: Creating 4 session mutexes based on 300 max processes and 0 max threads. [Tue Mar 09 14:57:02 2010] [warn] RSA server certificate CommonName (CN) `*.foo.com' does NOT match server name!? [Tue Mar 09 14:57:02 2010] [warn] RSA server certificate CommonName (CN) `www.bar.com' does NOT match server name!? [Tue Mar 09 14:57:02 2010] [notice] Apache configured -- resuming normal operations Child processes then seem to seg fault: [Tue Mar 09 14:57:32 2010] [notice] child pid 3425 exit signal Segmentation fault (11) [Tue Mar 09 14:57:35 2010] [notice] child pid 3433 exit signal Segmentation fault (11) [Tue Mar 09 14:57:36 2010] [notice] child pid 3437 exit signal Segmentation fault (11) Server is RHEL, what's going on and what do I need to do to fix this? EDIT As requested, the dump from httpd -M: Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) auth_basic_module (shared) auth_digest_module (shared) authn_file_module (shared) authn_alias_module (shared) authn_anon_module (shared) authn_default_module (shared) authz_host_module (shared) authz_user_module (shared) authz_owner_module (shared) authz_groupfile_module (shared) authz_default_module (shared) include_module (shared) log_config_module (shared) logio_module (shared) env_module (shared) ext_filter_module (shared) mime_magic_module (shared) expires_module (shared) deflate_module (shared) headers_module (shared) usertrack_module (shared) setenvif_module (shared) mime_module (shared) status_module (shared) autoindex_module (shared) info_module (shared) vhost_alias_module (shared) negotiation_module (shared) dir_module (shared) actions_module (shared) speling_module (shared) userdir_module (shared) alias_module (shared) rewrite_module (shared) cache_module (shared) disk_cache_module (shared) file_cache_module (shared) mem_cache_module (shared) cgi_module (shared) perl_module (shared) php5_module (shared) python_module (shared) ssl_module (shared) Syntax OK

    Read the article

  • How to Convert a PFX Certificate into a JKS Certificate to configure it on WebLogic

    - by adejuanc
    To convert a pfx cert file to a jks file, please follow these instructions: 1. Set up the environment for the domain, by executing the setDomainEnv.sh script, typically located at $DOMAIN_HOME/bin. $ . ./setDomainEnv.sh 2. Use OpenSSL to check the pfx certificate's content. $ openssl pkcs12 -in <certificate.pfx> -out KEYSTORE.pem -nodesAt this point, a password for the pfx file will be requested. Expected output: $ openssl pkcs12 -in <certificate.pfx> -out KEYSTORE.pem -nodesEnter Import Password:MAC verified OK3. Open KEYSTORE.pem file, from step 2. This should look similar to this:You will find three certificates on it and the private key: Bag Attributes Microsoft Local Key set: <No Values> localKeyID: 01 00 00 00 friendlyName: le-36c42c6e-ec49-413c-891e-591f7e3dd306 Microsoft CSP Name: Microsoft RSA SChannel Cryptographic ProviderKey Attributes X509v3 Key Usage: 10-----BEGIN RSA PRIVATE KEY-----MIIEpQIBAAKCAQEAtPwoO3eOwSyOapzZgcDnQOH27cOaaejHtNh921Pd+U4N+dlm...EDITING...R5rsB00Yk1/2W9UqD9Nn7cDuMdilS8g9CUqnnSlDkSG0AX67auKUAcI=-----END RSA PRIVATE KEY-----Bag Attributes localKeyID: 01 00 00 00 friendlyName: *.something.comsubject=/serialNumber=sj6QjpTjKcpQGZ9QqWO-pFvsakS1t8MV/C=US/ST=Missouri/L=CHESTERFIELD/O=Oracle_Corp, Inc./OU=Oracle/CN=*.something.comissuer=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA-----BEGIN CERTIFICATE-----MIIErzCCA5egAwIBAgIDAIH6MA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT...EDITING...wA5JxaU55teoWkuiAaYRQpuLepJfzw+qMk5i5FpMRbVMMfkcBusGtdW5OrAoYDL94rgR-----END CERTIFICATE-----Bag Attributes friendlyName: GeoTrust Global CAsubject=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CAissuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA-----BEGIN CERTIFICATE-----MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT...EDITING...5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==-----END CERTIFICATE-----Bag Attributes: <Empty Attributes>subject=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CAissuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA-----BEGIN CERTIFICATE-----MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT...EDITING...TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ=-----END CERTIFICATE-----4. Identify and store contents from KEYSTORE.pem certificate, to proceed and create jks files:At this point, you will find three certificates on KEYSTORE.pem and the private key. 4.1 Private Key.To identify the private key, look for the following headings: -----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----Both above mentioned tags will be surrounded the private key. Go ahead and save the content of it into a file called: my_key_pk.pem. This has to include the headings. Expected file: -----BEGIN RSA PRIVATE KEY-----MIIEpQIBAAKCAQEAtPwoO3eOwSyOapzZgcDnQOH27cOaaejHtNh921Pd+U4N+dlm...EDIT...Y4ZrW12PRa9/EOBGTG5teKAEada/K4yKReTyQQAGq6j5RjErmuuKkKgPGMSCjvMSR5rsB00Yk1/2W9UqD9Nn7cDuMdilS8g9CUqnnSlDkSG0AX67auKUAcI=-----END RSA PRIVATE KEY-----4.2 Root Certificate.To identify the Root Certificate, look for the following headings: subject=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA Subject and issuer must be the same. Go ahead and save the content of it into a file called: my_key_root.pem. Include all the content from BEGIN CERTIFICATE TO END CERTIFICATE, both included.4.3 Intermediate Certificate.To identify an Intermediate Certificate, look for the following heading: subject=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CAissuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA Subject and issuer are different only on the CN. Go ahead and save the content of it into a file called: my_key_intermediate.pem. Include all the content from BEGIN CERTIFICATE TO END CERTIFICATE, both included. NOTE: This certificate is optional and there are some cases where it'll not be present. If this is the case, go ahead and skip this step. In any other case, this needs to be added to the identity keystore jks file. 4.4 Server Certificate. To identify a Server Certificate, look for the following heading: friendlyName: some.thing.comsubject=/serialNumber=sj6QjpTjKcpQGZ9QqWO-pFvsakS1t8MV/C=US/ST=Missouri/L=CHESTERFIELD/O=Oracle_Corp, Inc./OU=Oracle/CN=some.thing.com        A server certificate includes a heading called Friendly Name. Go ahead and save the content of it into a file called: my_key_crt.pem. Include all the content from BEGIN CERTIFICATE TO END CERTIFICATE, both included.5. Create a Trust Keystore and import the Root certificate into it. $ keytool -import -trustcacerts -file my_key_root.pem -alias my_key_root -keystore my_key_trust.jks -storepass <store_pass> -keypass <key_pass>Expected Output: Certificate already exists in system-wide CA keystore under alias <geotrustglobalca> Do you still want to add it to your own keystore? [no]: yes Certificate was added to keystore6. Generate an Identity Keystore and import Server into it. $java utils.ImportPrivateKey -keystore my_key_identity.jks -storepass <store_pass> -storetype JKS -keypass <key_pass> -alias server_identity -certfile my_key_crt.pem -keyfile my_key_pk.pem -keyfilepass <pfx_password> With these instructions, two jks files will be produced: my_key_identity.jks my_key_trust.jks With both files, the next step is to configure Custom Identity and Custom Trust on WebLogic Server.

    Read the article

  • ForeignSecurityPrincipals with LDAP connection on Active Directory servers with trusted forest

    - by Killerwhile
    The context is the following : Two domains mutually trusted dc=dom1 dc=dom2 a group cn=group1,ou=someou,dc=dom1 with users inside : cn=user11,ou=anotherou,dc=dom1 cn=user12,ou=anotherou,dc=dom1 cn=user13,ou=anotherou,dc=dom1 cn=user21,ou=anotherou,dc=dom2 cn=user22,ou=anotherou,dc=dom2 cn=user23,ou=anotherou,dc=dom2 The questions : 1. Test user's credentials How can I do a ldap bind to test credentials for users of dom2 ? I tried to bind as usual but I cannot authenticate users of dom2, even if I connect in ldaps. Is there any trick ? Special permissions to set ? 2. Search and display users from the group. How can I retrieve the detailed informations about the users of dom1 and dom2 using LDAP(s) connection on the AD of dom1 ? I have an technical user which has right to browse both domain. I'm able to see 6 entries in the group with the following filter : (&(memberOf=cn=group1,ou=someou,dc=dom1)(|(objectClass=user)(objectClass=foreignSecurityPrincipal))) but the users from the other domain are seen as cn=...(some key)...,cn=foreignSecurityPrincipal,dc=dom1 Java hints would be better. Thanks a lot !

    Read the article

  • IComparable not included when serializing in WCF

    - by djerry
    Hey guys, I have a list i'm filling at server side. It's a list of "User", which implements IComparable. Now when WCF is serializing the data, i guess it's not including the CompareTo method. This is my Object class : [DataContract] public class User : IComparable { private string e164, cn, h323; private int id; private DateTime lastActive; [DataMember] public DateTime LastActive { get { return lastActive; } set { laatstActief = value; } } [DataMember] public int Id { get { return id; } set { id = value; } } [DataMember] public string H323 { get { return h323; } set { h323 = value; } } [DataMember] public string Cn { get { return cn; } set { cn = value; } } [DataMember] public string E164 { get { return e164; } set { e164 = value; } } public User() { } public User(string e164, string cn, string h323, DateTime lastActive) { this.E164 = e164; this.Cn = cn; this.H323 = h323; this.LastActive= lastActive; } [DataMember] public string ToStringExtra { get { if (h323 != "/" && h323 != "") return h323 + " (" + e164 + ")"; return e164; } set { ;} } public override string ToString() { if (Cn.Equals("Trunk Line") || Cn.Equals("")) if (h323.Equals("")) return E164; else return h323; return Cn; } public int CompareTo(object obj) { User user = (User)obj; return user.LastActive.CompareTo(this.LastActive); } } Is it possible to get the CompareTo method to reach the client? Putting [DataMember] isn't the solution as i tried it ( i know...). Thanks in advance.

    Read the article

  • Is there any bad thing happens if I change /etc/ldap/slapd.d/cn=config.ldif manually?

    - by HVNSweeting
    Since 2.3, OpenLDAP uses a configuration engine called slapd-config. They said that use it make all LDAP configuration can be changed on fly. This is the header of /etc/ldap/slapd.d/cn=config.ldif: # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. I've changed data in it and some other files which have that header, after restarting slapd, my changes took effects. Is there anything else happen if I change those files manually? If I don't need 'change on fly', should I edit those file manually instead of using ldapmodify? Which application generated those files, and when? NOTE: I'm using openldap-2.4.28 on Ubuntu 12.04

    Read the article

  • javax.naming.InvalidNameException using Oracle BPM and weblogic when accessing directory

    - by alfredozn
    We are getting this exception when we start our cluster (2 managed servers, 1 admin), we have deployed only the ears corresponding to the OBPM 10.3.1 SP1 in a weblogic 10.3. When the server cluster starts, one of the managed servers (the first to start) get overloaded and ran out of connections to the directory DB because of this repeatedly error. It looks like the engine is trying to get the info from the LDAP server but I don't know why it is building a wrong query. fuego.directory.DirectoryRuntimeException: Exception [javax.naming.InvalidNameException: CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8349, best match of: 'CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp,dc=televisa,dc=com,dc=mx' ^@]; remaining name 'CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp']. at fuego.directory.DirectoryRuntimeException.wrapException(DirectoryRuntimeException.java:85) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectById(JNDIQueryExecutor.java:163) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectById(JNDIQueryExecutor.java:110) at fuego.directory.hybrid.ldap.Repository.selectById(Repository.java:38) at fuego.directory.hybrid.msad.MSADGroupValueProvider.getAssignedParticipantsInternal(MSADGroupValueProvider.java:124) at fuego.directory.hybrid.msad.MSADGroupValueProvider.getAssignedParticipants(MSADGroupValueProvider.java:70) at fuego.directory.hybrid.ldap.Group$7.getValue(Group.java:149) at fuego.directory.hybrid.ldap.Group$7.getValue(Group.java:152) at fuego.directory.hybrid.ldap.LDAPResult.getValue(LDAPResult.java:76) at fuego.directory.hybrid.ldap.LDAPOrganizationGroupAccessor.setInfo(LDAPOrganizationGroupAccessor.java:352) at fuego.directory.hybrid.ldap.LDAPOrganizationGroupAccessor.build(LDAPOrganizationGroupAccessor.java:121) at fuego.directory.hybrid.ldap.LDAPOrganizationGroupAccessor.build(LDAPOrganizationGroupAccessor.java:114) at fuego.directory.hybrid.ldap.LDAPOrganizationGroupAccessor.fetchGroup(LDAPOrganizationGroupAccessor.java:94) at fuego.directory.hybrid.HybridGroupAccessor.fetchGroup(HybridGroupAccessor.java:146) at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at fuego.directory.provider.DirectorySessionImpl$AccessorProxy.invoke(DirectorySessionImpl.java:756) at $Proxy66.fetchGroup(Unknown Source) at fuego.directory.DirOrganizationalGroup.fetch(DirOrganizationalGroup.java:275) at fuego.metadata.GroupManager.loadGroup(GroupManager.java:225) at fuego.metadata.GroupManager.find(GroupManager.java:57) at fuego.metadata.ParticipantManager.addNestedGroups(ParticipantManager.java:621) at fuego.metadata.ParticipantManager.buildCompleteRoleAssignments(ParticipantManager.java:527) at fuego.metadata.Participant$RoleTransitiveClousure.build(Participant.java:760) at fuego.metadata.Participant$RoleTransitiveClousure.access$100(Participant.java:692) at fuego.metadata.Participant.buildRoles(Participant.java:401) at fuego.metadata.Participant.updateMembers(Participant.java:372) at fuego.metadata.Participant.<init>(Participant.java:64) at fuego.metadata.Participant.createUncacheParticipant(Participant.java:84) at fuego.server.persistence.jdbc.JdbcProcessInstancePersMgr.loadItems(JdbcProcessInstancePersMgr.java:1706) at fuego.server.persistence.Persistence.loadInstanceItems(Persistence.java:838) at fuego.server.AbstractInstanceService.readInstance(AbstractInstanceService.java:791) at fuego.ejbengine.EJBInstanceService.getLockedROImpl(EJBInstanceService.java:218) at fuego.server.AbstractInstanceService.getLockedROImpl(AbstractInstanceService.java:892) at fuego.server.AbstractInstanceService.getLockedImpl(AbstractInstanceService.java:743) at fuego.server.AbstractInstanceService.getLockedImpl(AbstractInstanceService.java:730) at fuego.server.AbstractInstanceService.getLocked(AbstractInstanceService.java:144) at fuego.server.AbstractInstanceService.getLocked(AbstractInstanceService.java:162) at fuego.server.AbstractInstanceService.unselectAllItems(AbstractInstanceService.java:454) at fuego.server.execution.ToDoItemUnselect.execute(ToDoItemUnselect.java:105) at fuego.server.execution.DefaultEngineExecution$AtomicExecutionTA.runTransaction(DefaultEngineExecution.java:304) at fuego.transaction.TransactionAction.startNestedTransaction(TransactionAction.java:527) at fuego.transaction.TransactionAction.startTransaction(TransactionAction.java:548) at fuego.transaction.TransactionAction.start(TransactionAction.java:212) at fuego.server.execution.DefaultEngineExecution.executeImmediate(DefaultEngineExecution.java:123) at fuego.server.execution.DefaultEngineExecution.executeAutomaticWork(DefaultEngineExecution.java:62) at fuego.server.execution.EngineExecution.executeAutomaticWork(EngineExecution.java:42) at fuego.server.execution.ToDoItem.executeAutomaticWork(ToDoItem.java:261) at fuego.ejbengine.ItemExecutionBean$1.execute(ItemExecutionBean.java:223) at fuego.server.execution.DefaultEngineExecution$AtomicExecutionTA.runTransaction(DefaultEngineExecution.java:304) at fuego.transaction.TransactionAction.startBaseTransaction(TransactionAction.java:470) at fuego.transaction.TransactionAction.startTransaction(TransactionAction.java:551) at fuego.transaction.TransactionAction.start(TransactionAction.java:212) at fuego.server.execution.DefaultEngineExecution.executeImmediate(DefaultEngineExecution.java:123) at fuego.server.execution.EngineExecution.executeImmediate(EngineExecution.java:66) at fuego.ejbengine.ItemExecutionBean.processMessage(ItemExecutionBean.java:209) at fuego.ejbengine.ItemExecutionBean.onMessage(ItemExecutionBean.java:120) at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466) at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371) at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327) at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4547) at weblogic.jms.client.JMSSession.execute(JMSSession.java:4233) at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3709) at weblogic.jms.client.JMSSession.access$000(JMSSession.java:114) at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5058) at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: javax.naming.InvalidNameException: CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8349, best match of: 'CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp,dc=televisa,dc=com,dc=mx' ^@]; remaining name 'CN=Alvarez Guerrero Bernardo DEL:ca9ef28d-3b94-4e8f-a6bd-8c880bb3791b,CN=Deleted Objects,DC=corp' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at fuego.jndi.FaultTolerantLdapContext.search(FaultTolerantLdapContext.java:612) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectById(JNDIQueryExecutor.java:136) ... 67 more

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >