sub domain - Page 224 - Developer IT

php session_start() error

- by tooepic

Hi, i've used a sample found on online and applied it to my code: <?php session_start(); if (isset($_REQUEST["email"])) { $_SESSION["name"] = true; $host = $_SERVER["HTTP_HOST"]; $path = dirname($_SERVER["PHP_SELF"]); $sid = session_name() . "=" . session_id(); header("Location: index.php?$sid"); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> ... ... and rest of the html code When I open this page, I got an error: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /data/server/user/directory/sub-directory/login.php:1) in /data/server/user/directory/sub-directory/login.php on line 2 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /data/server/user/directory/sub-directory/login.php:1) in /data/server/user/directory/sub-directory/login.php on line 2 I looked around to resolve this issue and saw few posts about this in this site also, but I just can't get a good grip on this...can't find the answer. Please help. Thanks.

Read the article

Code producing System.NullReferenceException error for Membership.GetUser(). This is VB.Net (ASP.Net 4)

- by Derrek

I have a Default.aspx page that is not static. I have added functionality with datalist and sqldatasources. When a user logins he/she will see items like saved workouts, saved equipment, total replys, etc... This is based on getting the currently logged in user UserID. Quite simply this works great when the user is logged in. However, I do not want to force a user to login to view the Default page because it does have functionality on it that does not require login. When a user is not logged in of course I receive the [System.NullReferenceException] error. I understand the error well but I do not know how to code to fix it. That is where I need help. I will admit I am more designer than developer. However, I do know the exception error I am receivving is caused by me not setting a value in my code when a user is not logged in. I do not know how to do that and have for a week made unsuccessful attempts at writing the code. Both sets of code below compile for VB.Net/ASP.Net 4/Visual Studio 2010 without errors. However, I still get the System.NullReferenceException error if not logged in. I know it can be done but I do not know the right syntax. If you can help please insert you code in mine or write it out. JUST TELLING ME WHERE TO GO TO FIND AN ANSWER WON'T HELP. I HAVE DONE THAT FOR 7 STRAIGHT DAYS. I APPRECIATE OUR HELP. Partial Class _Default Inherits System.Web.UI.Page Protected Sub SqlDataSource4_Selecting(ByVal sender As Object, ByVal e As SqlDataSourceCommandEventArgs) Handles SqlDataSource4.Selecting Dim MemUser As MembershipUser MemUser = Membership.GetUser() If Not MemUser Is DBNull.Value Then UserID.Text = MemUser.ProviderUserKey.ToString() e.Command.Parameters("@UserId").Value = MemUser.ProviderUserKey.ToString() End If End Sub -------------------------------------ORIGINAL CODE------------------------------- Partial Class _Default Inherits System.Web.UI.Page Protected Sub SqlDataSource4_Selecting(ByVal sender As Object, ByVal e As SqlDataSourceCommandEventArgs) Handles SqlDataSource4.Selecting Dim MemUser As MembershipUser MemUser = Membership.GetUser() UserID.Text = MemUser.ProviderUserKey.ToString() e.Command.Parameters("@UserId").Value = MemUser.ProviderUserKey.ToString() End Sub

Read the article

Making A Dynaically Created Excel Report Downloadable

- by Nick LaMarca

I have 2 blocks of code, if someone could help me put them together I would get the functionality I am looking for. The first block of code downloads a gridview to excel using the download dialog I am looking for: Public Overloads Overrides Sub VerifyRenderingInServerForm(ByVal control As Control) ' Verifies that the control is rendered End Sub Private Sub ExportToExcel(ByVal filename As String, ByVal gv As GridView, ByVal numOfCol As Integer) Response.Clear() Response.Buffer = True Response.AddHeader("content-disposition", String.Format("attachment; filename={0}", filename)) Response.Charset = "" Response.ContentType = "application/vnd.ms-excel" Dim sw As New StringWriter() Dim hw As New HtmlTextWriter(sw) gv.AllowPaging = False gv.DataBind() 'Change the Header Row back to white color gv.HeaderRow.Style.Add("background-color", "#FFFFFF") For i As Integer = 0 To numOfCol - 1 gv.HeaderRow.Cells(i).Style.Add("background-color", "blue") gv.HeaderRow.Cells(i).Style.Add("color", "#FFFFFF") Next For i As Integer = 0 To gv.Rows.Count - 1 Dim row As GridViewRow = gv.Rows(i) 'Change Color back to white row.BackColor = System.Drawing.Color.White For j As Integer = 0 To numOfCol - 1 row.Cells(j).Style.Add("text-align", "center") Next 'Apply text style to each Row row.Attributes.Add("class", "textmode") 'Apply style to Individual Cells of Alternating Row If i Mod 2 <> 0 Then For j As Integer = 0 To numOfCol - 1 row.Cells(j).Style.Add("background-color", "#CCFFFF") row.Cells(j).Style.Add("text-align", "center") '#C2D69B 'row.Cells(j).Style.Add("font-size", "12pt") Next End If Next gv.RenderControl(hw) 'style to format numbers to string Dim style As String = "<style> .textmode { mso-number-format:\@; } </style>" Response.Write(style) Response.Output.Write(sw.ToString()) Response.Flush() Response.End() End Sub The second block of code is a sample report I am wish to be downloaded. So instead of downloading a gridview I want this function to accept a worksheet object.

Read the article

Null reference but it's not?

- by Clint Davis

This is related to my previous question but it is a different problem. I have two classes: Server and Database. Public Class Server Private _name As String Public Property Name() As String Get Return _name End Get Set(ByVal value As String) _name = value End Set End Property Private _databases As List(Of Database) Public Property Databases() As List(Of Database) Get Return _databases End Get Set(ByVal value As List(Of Database)) _databases = value End Set End Property Public Sub LoadTables() Dim db As New Database(Me) db.Name = "test" Databases.Add(db) End Sub End Class Public Class Database Private _server As Server Private _name As String Public Property Name() As String Get Return _name End Get Set(ByVal value As String) _name = value End Set End Property Public Property Server() As Server Get Return _server End Get Set(ByVal value As Server) _server = value End Set End Property Public Sub New(ByVal ser As Server) Server = ser End Sub End Class Fairly simple. I use like this: Dim s As New Server s.Name = "Test" s.LoadTables() The problem is in the LoadTables in the Server class. When it hits Databases.Add(db) it gives me a NullReference error (Object reference not set). I don't understand how it is getting that, all the objects are set. Any ideas? Thanks.

Read the article

got undefined variable in php code

- by Newbie New

I got a error message when I run my php however the result is come out this is my code function cart() { foreach($_SESSION as $name => $value) { if ($value>0) { if (substr($name, 0, 5) == 'cart_'){ $id = substr($name, 5, (strlen($name)-5)); $get = mysql_query('SELECT id, name, price FROM products WHERE id=' .mysql_real_escape_string((int)$id)); while ($get_row = mysql_fetch_assoc($get)){ $sub = $get_row['price'] * $value; echo $get_row['name'].' x '.$value.' @ &pound'.number_format($get_row['price'], 2).' = &pound'.number_format($sub, 2).' <a href="cart.php?remove='.$id.'">[-]</a> <a href="cart.php?add='.$id.'">[+]</a> <a href="cart.php?delete='.$id.'">[Delete]</a><br />' ; } } $total += $sub; } } echo $total; } ?> I got a error message Notice: Undefined variable: total in C:\xampp\htdocs\shoppingcart\cart.php on line 54 which line 54 is echo $total; what's wrong with my code?? I think I have defined the code in $total += $sub; thanks for helping me :)

Read the article

Where to start with the development of first database driven Web App (long question)?

- by Ryan

Hi all, I've decided to develop a database driven web app, but I'm not sure where to start. The end goal of the project is three-fold: 1) to learn new technologies and practices, 2) deliver an unsolicited demo to management that would show how information that the company stores as office documents spread across a cumbersome network folder structure can be consolidated and made easier to access and maintain and 3) show my co-workers how Test Drive Development and prototyping via class diagrams can be very useful and reduces future maintenance headaches. I think this ends up being a basic CMS to which I have generated a set of features, see below. 1) Create a database to store the site structure (organized as a tree with a 'project group'-project structure). 2) Pull the site structure from the database and display as a tree using basic front end technologies. 3) Add administrator privileges/tools for modifying the site structure. 4) Auto create required sub pages* when an admin adds a new project. 4.1) There will be several sub pages under each project and the content for each sub page is different. 5) add user privileges for assigning read and write privileges to sub pages. What I would like to do is use Test Driven Development and class diagramming as part of my process for developing this project. My problem; I'm not sure where to start. I have read on Unit Testing and UML, but never used them in practice. Also, having never worked with databases before, how to I incorporate these items into the models and test units? Thank you all in advance for your expertise.

Read the article

vb Syntax error in INSERT INTO statement

- by user201806

im new in vb, i was create a program to connection ms access but when i run the program it get syntax error in Insert into statement, OleDbExpection was unhandled here my code Public Class Form2 Dim cnn As New OleDb.OleDbConnection Private Sub Form2_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load txtdate.Value = DateTime.Now cnn = New OleDb.OleDbConnection cnn.ConnectionString = "Provider=Microsoft.Jet.Oledb.4.0; Data Source=C:\Users\John\Documents\db.mdb" End Sub Private Sub btnsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsave.Click If Not cnn.State = ConnectionState.Open Then cnn.Open() End If Dim cmd As New OleDb.OleDbCommand cmd.Connection = cnn cmd.CommandText = "INSERT INTO sr(names,add,tel,dates,prob,serv,model,snm,acc,sna,remark)" & _ "VALUES ('" & Me.txtname.Text & "','" & Me.txtadd.Text & "','" & Me.txttel.Text & "', '" & _ Me.txtdate.Text & "','" & Me.txtpro.Text & "','" & Me.txtser.Text & "','" & Me.txtmod.Text & "', '" & _ Me.txtsnm.Text & "','" & Me.txtacc.Text & "','" & Me.txtsna.Text & "','" & Me.txtrem.Text & "')" cmd.ExecuteNonQuery() cnn.Close() End Sub End Class it's there any wrong with my code?

Read the article

Batch file recursively find files and rar them

- by b1gf00t

Hi there, I have a Parent Directory which hosts many sub directories, and in every sub directory there is .mpg movies. Some of the directories might contain one or more .mpg movies. I would like to automate the process below, which I have been doing manually. Step One If the directory has more than 1 .mpg file, I create separates directories for each and move each file into its directory, naming the directory as per the name of the file. Step Two I rar each video file in its directory as per one of my profiles, by that it splits the movie into 50MB parts, test the archive, delete the source, and instructs winrar to wait if another rar is executing. I am doing this so I can queue jobs manually. Step Three After having all the rars in the sub directories, I start creating a checksum for every directory, therefore leaving checksum.sfv in every directory. Step Four I copy the parent folder and its sub directories to my external drives. I was hoping that someone could assist me in creating a script. I was able to automate the process of creating directories as per the name of the file, and moving the file. However, I never succeeded in automating Step two. I am using the below software Winrar from rarlabs exf from exactfile Appreciate your assistance.

Read the article

excel:mysql: rs.Update not working

- by every_answer_gets_a_point

i am updating a table using an ODBC connection from excel to mysql unfortunately the only column that gets updated is this one: .Fields("instrument") = "NA" where i am assigning variables to .Fields, it is putting NULL values!! what is going on here? here's the code Option Explicit Dim oConn As ADODB.Connection Private Sub ConnectDB() Set oConn = New ADODB.Connection oConn.Open "DRIVER={MySQL ODBC 5.1 Driver};" & _ "SERVER=localhost;" & _ "DATABASE=employees;" & _ "USER=root;" & _ "PASSWORD=pas;" & _ "Option=3" End Sub Function esc(txt As String) esc = Trim(Replace(txt, "'", "\'")) End Function Private Sub InsertData() Dim dpath, atime, rtime, lcalib, aname, rname, bstate, instrument As String Dim rs As ADODB.Recordset Set rs = New ADODB.Recordset ConnectDB With wsBooks rs.Open "batchinfo", oConn, adOpenKeyset, adLockOptimistic, adCmdTable Worksheets.Item("Report 1").Select dpath = Trim(Range("B2").Text) atime = Trim(Range("B3").Text) rtime = Trim(Range("B4").Text) lcalib = Trim(Range("B5").Text) aname = Trim(Range("B6").Text) rname = Trim(Range("B7").Text) bstate = Trim(Range("B8").Text) ' instrument = GetInstrFromXML(wbBook.FullName) With rs .AddNew ' create a new record ' add values to each field in the record .Fields("datapath") = dpath .Fields("analysistime") = atime .Fields("reporttime") = rtime .Fields("lastcalib") = lcalib .Fields("analystname") = aname .Fields("reportname") = rname .Fields("batchstate") = bstate .Fields("instrument") = "NA" .Update ' stores the new record End With ' get the last id Set rs = oConn.Execute("SELECT @@identity", , adCmdText) 'MsgBox capture_id rs.Close Set rs = Nothing End With End Sub

Read the article

Configuring Fed Authentication Methods in OIF / IdP

- by Damien Carru

In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML 1.1 SSO OpenID 2.0 Enjoy the reading! Configuration As I mentioned in my previous article, mapping Federation Authentication Methods to OAM Authentication Schemes is protocol dependent, since the methods are defined in the various protocols (SAML 2.0, SAML 1.1, OpenID 2.0). As such, the WLST commands to set those mappings will involve: Either the SP Partner Profile and affect all Partners referencing that profile, which do not override the Federation Authentication Method to OAM Authentication Scheme mappings Or the SP Partner entry, which will only affect the SP Partner It is important to note that if an SP Partner is configured to define one or more Federation Authentication Method to OAM Authentication Scheme mappings, then all the mappings defined in the SP Partner Profile will be ignored. WLST Commands The two OIF WLST commands that can be used to define mapping Federation Authentication Methods to OAM Authentication Schemes are: addSPPartnerProfileAuthnMethod() to define a mapping on an SP Partner Profile, taking as parameters: The name of the SP Partner Profile The Federation Authentication Method The OAM Authentication Scheme name addSPPartnerAuthnMethod() to define a mapping on an SP Partner , taking as parameters: The name of the SP Partner The Federation Authentication Method The OAM Authentication Scheme name Note: I will discuss in a subsequent article the other parameters of those commands. In the next sections, I will show examples on how to use those methods: For SAML 2.0, I will configure the SP Partner Profile, that will apply all the mappings to SP Partners referencing this profile, unless they override mapping definition For SAML 1.1, I will configure the SP Partner. For OpenID 2.0, I will configure the SP/RP Partner SAML 2.0 Test Setup In this setup, OIF is acting as an IdP and is integrated with a remote SAML 2.0 SP partner identified by AcmeSP. In this test, I will perform Federation SSO with OIF/IdP configured to: Use LDAPScheme as the Authentication Scheme Use BasicScheme as the Authentication Scheme Map BasicSessionScheme to the urn:oasis:names:tc:SAML:2.0:ac:classes:Password Federation Authentication Method Use OAMLDAPPluginAuthnScheme as the Authentication Scheme Map OAMLDAPPluginAuthnScheme to the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Federation Authentication Method LDAPScheme as Authentication Scheme Using the OOTB settings regarding user authentication in OAM, the user will be challenged via a FORM based login page based on the LDAPScheme. Also the default Federation Authentication Method mappings configuration maps only the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport to LDAPScheme (also marked as the default scheme used for authentication), FAAuthScheme, BasicScheme and BasicFAScheme. After authentication via FORM, OIF/IdP would issue an Assertion similar to: <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> BasicScheme as Authentication Scheme For this test, I will switch the default Authentication Scheme for the SP Partner Profile to BasicScheme instead of LDAPScheme. I will use the OIF WLST setSPPartnerProfileDefaultScheme() command and specify which scheme to be used as the default for the SP Partner Profile referenced by AcmeSP (which is saml20-sp-partner-profile in this case: getFedPartnerProfile("AcmeSP", "sp") ): Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setSPPartnerProfileDefaultScheme() command:setSPPartnerProfileDefaultScheme("saml20-sp-partner-profile", "BasicScheme") Exit the WLST environment:exit() The user will now be challenged via HTTP Basic Authentication defined in the BasicScheme for AcmeSP. Also, as noted earlier, the default Federation Authentication Method mappings configuration maps only the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport to LDAPScheme (also marked as the default scheme used for authentication), FAAuthScheme, BasicScheme and BasicFAScheme. After authentication via HTTP Basic Authentication, OIF/IdP would issue an Assertion similar to: <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> Mapping BasicScheme To change the Federation Authentication Method mapping for the BasicScheme to urn:oasis:names:tc:SAML:2.0:ac:classes:Password instead of urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport for the saml20-sp-partner-profile SAML 2.0 SP Partner Profile (the profile to which my AcmeSP Partner is bound to), I will execute the addSPPartnerProfileAuthnMethod() method: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerProfileAuthnMethod() command:addSPPartnerProfileAuthnMethod("saml20-sp-partner-profile", "urn:oasis:names:tc:SAML:2.0:ac:classes:Password", "BasicScheme") Exit the WLST environment:exit() After authentication via HTTP Basic Authentication, OIF/IdP would now issue an Assertion similar to (see that the AuthnContextClassRef was changed from PasswordProtectedTransport to Password): <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:Password </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> OAMLDAPPluginAuthnScheme as Authentication Scheme For this test, I will switch the default Authentication Scheme for the SP Partner Profile to OAMLDAPPluginAuthnScheme instead of BasicScheme. I will use the OIF WLST setSPPartnerProfileDefaultScheme() command and specify which scheme to be used as the default for the SP Partner Profile referenced by AcmeSP (which is saml20-sp-partner-profile in this case: getFedPartnerProfile("AcmeSP", "sp") ): Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setSPPartnerProfileDefaultScheme() command:setSPPartnerProfileDefaultScheme("saml20-sp-partner-profile", "OAMLDAPPluginAuthnScheme") Exit the WLST environment:exit() The user will now be challenged via FORM defined in the OAMLDAPPluginAuthnScheme for AcmeSP. Contrarily to LDAPScheme and BasicScheme, the OAMLDAPPluginAuthnScheme is not mapped by default to any Federation Authentication Methods. As such, OIF/IdP will not be able to find a Federation Authentication Method and will set the method in the SAML Assertion to the OAM Authentication Scheme name. After authentication via FORM, OIF/IdP would issue an Assertion similar to (see the AuthnContextClassRef set to OAMLDAPPluginAuthnScheme): <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> OAMLDAPPluginAuthnScheme </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> Mapping OAMLDAPPluginAuthnScheme To add the OAMLDAPPluginAuthnScheme to the Federation Authentication Method urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport mapping, I will execute the addSPPartnerProfileAuthnMethod() method: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerProfileAuthnMethod() command:addSPPartnerProfileAuthnMethod("saml20-sp-partner-profile", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", "OAMLDAPPluginAuthnScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from OAMLDAPPluginAuthnScheme to PasswordProtectedTransport): <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> SAML 1.1 Test Setup In this setup, OIF is acting as an IdP and is integrated with a remote SAML 1.1 SP partner identified by AcmeSP. In this test, I will perform Federation SSO with OIF/IdP configured to: Use LDAPScheme as the Authentication Scheme Use OAMLDAPPluginAuthnScheme as the Authentication Scheme Map OAMLDAPPluginAuthnScheme to the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Federation Authentication Method Use LDAPScheme as the Authentication Scheme Map LDAPScheme to the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Federation Authentication Method LDAPScheme as Authentication Scheme Using the OOTB settings regarding user authentication in OAM, the user will be challenged via a FORM based login page based on the LDAPScheme. Also the default Federation Authentication Method mappings configuration maps only the urn:oasis:names:tc:SAML:1.0:am:password to LDAPScheme (also marked as the default scheme used for authentication), FAAuthScheme, BasicScheme and BasicFAScheme. After authentication via FORM, OIF/IdP would issue an Assertion similar to: <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> OAMLDAPPluginAuthnScheme as Authentication Scheme For this test, I will switch the default Authentication Scheme for the SP Partner to OAMLDAPPluginAuthnScheme instead of LDAPScheme. I will use the OIF WLST setSPPartnerDefaultScheme() command and specify which scheme to be used as the default for the SP Partner: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setSPPartnerDefaultScheme() command:setSPPartnerDefaultScheme("AcmeSP", "OAMLDAPPluginAuthnScheme") Exit the WLST environment:exit() The user will be challenged via FORM defined in the OAMLDAPPluginAuthnScheme for AcmeSP. Contrarily to LDAPScheme, the OAMLDAPPluginAuthnScheme is not mapped by default to any Federation Authentication Methods (in the SP Partner Profile). As such, OIF/IdP will not be able to find a Federation Authentication Method and will set the method in the SAML Assertion to the OAM Authentication Scheme name. After authentication via FORM, OIF/IdP would issue an Assertion similar to (see the AuthenticationMethod set to OAMLDAPPluginAuthnScheme): <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="OAMLDAPPluginAuthnScheme"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> Mapping OAMLDAPPluginAuthnScheme To map the OAMLDAPPluginAuthnScheme to the Federation Authentication Method urn:oasis:names:tc:SAML:1.0:am:password for this SP Partner only, I will execute the addSPPartnerAuthnMethod() method: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerAuthnMethod() command:addSPPartnerAuthnMethod("AcmeSP", "urn:oasis:names:tc:SAML:1.0:am:password", "OAMLDAPPluginAuthnScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from OAMLDAPPluginAuthnScheme to password): <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> LDAPScheme as Authentication Scheme I will now show that by defining a Federation Authentication Mapping at the Partner level, this now ignores all mappings defined at the SP Partner Profile level. For this test, I will switch the default Authentication Scheme for this SP Partner back to LDAPScheme, and the Assertion issued by OIF/IdP will not be able to map this LDAPScheme to a Federation Authentication Method anymore, since A Federation Authentication Method mapping is defined at the SP Partner level and thus the mappings defined at the SP Partner Profile are ignored The LDAPScheme is not listed in the mapping at the Partner level I will use the OIF WLST setSPPartnerDefaultScheme() command and specify which scheme to be used as the default for this SP Partner: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setSPPartnerDefaultScheme() command:setSPPartnerDefaultScheme("AcmeSP", "LDAPScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would issue an Assertion similar to (see the AuthenticationMethod set to LDAPScheme): <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="LDAPScheme"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> Mapping LDAPScheme at Partner Level To fix this issue, we will need to add the LDAPScheme to the Federation Authentication Method urn:oasis:names:tc:SAML:1.0:am:password mapping for this SP Partner only. I will execute the addSPPartnerAuthnMethod() method: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerAuthnMethod() command:addSPPartnerAuthnMethod("AcmeSP", "urn:oasis:names:tc:SAML:1.0:am:password", "LDAPScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from LDAPScheme to password): <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> OpenID 2.0 In the OpenID 2.0 flows, the RP must request use of PAPE, in order for OIF/IdP/OP to include PAPE information. For OpenID 2.0, the configuration will involve mapping a list of OpenID 2.0 policies to a list of Authentication Schemes. The WLST command will take a list of policies, delimited by the ',' character, instead of SAML 2.0 or SAML 1.1 where a single Federation Authentication Method had to be specified. Test Setup In this setup, OIF is acting as an IdP/OP and is integrated with a remote OpenID 2.0 SP/RP partner identified by AcmeRP. In this test, I will perform Federation SSO with OIF/IdP configured to: Use LDAPScheme as the Authentication Scheme Map LDAPScheme to the http://schemas.openid.net/pape/policies/2007/06/phishing-resistant and http://openid-policies/password-protected policies Federation Authentication Methods (the second one is a custom for this use case) LDAPScheme as Authentication Scheme Using the OOTB settings regarding user authentication in OAM, the user will be challenged via a FORM based login page based on the LDAPScheme. No Federation Authentication Method is defined OOTB for OpenID 2.0, so if the IdP/OP issue an SSO response with a PAPE Response element, it will specify the scheme name instead of Federation Authentication Methods After authentication via FORM, OIF/IdP would issue an SSO Response similar to: https://acme.com/openid?refid=id-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fidp.com%2Fopenid&openid.claimed_id=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.identity=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.return_to=https%3A%2F%2Facme.com%2Fopenid%3Frefid%3Did-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.response_nonce=2014-03-24T19%3A20%3A06Zid-YPa2kTNNFftZkgBb460jxJGblk2g--iNwPpDI7M1&openid.assoc_handle=id-6a5S6zhAKaRwQNUnjTKROREdAGSjWodG1el4xyz3&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ax.mode=fetch_response&openid.ax.type.attr0=http%3A%2F%2Fsession%2Fcount&openid.ax.value.attr0=1&openid.ax.type.attr1=http%3A%2F%2Fopenid.net%2Fschema%2FnamePerson%2Ffriendly&openid.ax.value.attr1=My+name+is+Bobby+Smith&openid.ax.type.attr2=http%3A%2F%2Fschemas.openid.net%2Fax%2Fapi%2Fuser_id&openid.ax.value.attr2=bob&openid.ax.type.attr3=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ax.value.attr3=bob%40oracle.com&openid.ax.type.attr4=http%3A%2F%2Fsession%2Fipaddress&openid.ax.value.attr4=10.145.120.253&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_time=2014-03-24T19%3A20%3A05Z&openid.pape.auth_policies=LDAPScheme&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ax%2Cax.mode%2Cax.type.attr0%2Cax.value.attr0%2Cax.type.attr1%2Cax.value.attr1%2Cax.type.attr2%2Cax.value.attr2%2Cax.type.attr3%2Cax.value.attr3%2Cax.type.attr4%2Cax.value.attr4%2Cns.pape%2Cpape.auth_time%2Cpape.auth_policies&openid.sig=mYMgbGYSs22l8e%2FDom9NRPw15u8%3D Mapping LDAPScheme To map the LDAP Scheme to the http://schemas.openid.net/pape/policies/2007/06/phishing-resistant and http://openid-policies/password-protected policies Federation Authentication Methods, I will execute the addSPPartnerAuthnMethod() method (the policies will be comma separated): Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerAuthnMethod() command:addSPPartnerAuthnMethod("AcmeRP", "http://schemas.openid.net/pape/policies/2007/06/phishing-resistant,http://openid-policies/password-protected", "LDAPScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from LDAPScheme to the two policies): https://acme.com/openid?refid=id-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fidp.com%2Fopenid&openid.claimed_id=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.identity=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.return_to=https%3A%2F%2Facme.com%2Fopenid%3Frefid%3Did-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.response_nonce=2014-03-24T19%3A20%3A06Zid-YPa2kTNNFftZkgBb460jxJGblk2g--iNwPpDI7M1&openid.assoc_handle=id-6a5S6zhAKaRwQNUnjTKROREdAGSjWodG1el4xyz3&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ax.mode=fetch_response&openid.ax.type.attr0=http%3A%2F%2Fsession%2Fcount&openid.ax.value.attr0=1&openid.ax.type.attr1=http%3A%2F%2Fopenid.net%2Fschema%2FnamePerson%2Ffriendly&openid.ax.value.attr1=My+name+is+Bobby+Smith&openid.ax.type.attr2=http%3A%2F%2Fschemas.openid.net%2Fax%2Fapi%2Fuser_id&openid.ax.value.attr2=bob&openid.ax.type.attr3=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ax.value.attr3=bob%40oracle.com&openid.ax.type.attr4=http%3A%2F%2Fsession%2Fipaddress&openid.ax.value.attr4=10.145.120.253&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_time=2014-03-24T19%3A20%3A05Z&openid.pape.auth_policies=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fphishing-resistant+http%3A%2F%2Fopenid-policies%2Fpassword-protected&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ax%2Cax.mode%2Cax.type.attr0%2Cax.value.attr0%2Cax.type.attr1%2Cax.value.attr1%2Cax.type.attr2%2Cax.value.attr2%2Cax.type.attr3%2Cax.value.attr3%2Cax.type.attr4%2Cax.value.attr4%2Cns.pape%2Cpape.auth_time%2Cpape.auth_policies&openid.sig=mYMgbGYSs22l8e%2FDom9NRPw15u8%3D In the next article, I will cover how OIF/IdP can be configured so that an SP can request a specific Federation Authentication Method to challenge the user during Federation SSO.Cheers,Damien Carru

Read the article

SPARC T5-4 LDoms for RAC and WebLogic Clusters

- by Jeff Taylor-Oracle

I wanted to use two Oracle SPARC T5-4 servers to simultaneously host both Oracle RAC and a WebLogic Server Cluster. I chose to use Oracle VM Server for SPARC to create a cluster like this: There are plenty of trade offs and decisions that need to be made, for example: Rather than configuring the system by hand, you might want to use an Oracle SuperCluster T5-8 My configuration is similar to jsavit's: Availability Best Practices - Example configuring a T5-8 but I chose to ignore some of the advice. Maybe I should have included an alternate service domain, but I decided that I already had enough redundancy Both Oracle SPARC T5-4 servers were to be configured like this: Cntl 0.25 4 64GB App LDom 2.75 CPU's 44 cores 704 GB DB LDom One CPU 16 cores 256 GB The systems started with everything in the primary domain: # ldm list NAME STATE FLAGS CONS VCPU MEMORY UTIL NORM UPTIME primary active -n-c-- UART 512 1023G 0.0% 0.0% 11m # ldm list-spconfig factory-default [current] primary # ldm list -o core,memory,physio NAME primary CORE CID CPUSET 0 (0, 1, 2, 3, 4, 5, 6, 7) 1 (8, 9, 10, 11, 12, 13, 14, 15) 2 (16, 17, 18, 19, 20, 21, 22, 23) -- SNIP 62 (496, 497, 498, 499, 500, 501, 502, 503) 63 (504, 505, 506, 507, 508, 509, 510, 511) MEMORY RA PA SIZE 0x30000000 0x30000000 255G 0x80000000000 0x80000000000 256G 0x100000000000 0x100000000000 256G 0x180000000000 0x180000000000 256G # Give this memory block to the DB LDom IO DEVICE PSEUDONYM OPTIONS pci@300 pci_0 pci@340 pci_1 pci@380 pci_2 pci@3c0 pci_3 pci@400 pci_4 pci@440 pci_5 pci@480 pci_6 pci@4c0 pci_7 pci@300/pci@1/pci@0/pci@6 /SYS/RCSA/PCIE1 pci@300/pci@1/pci@0/pci@c /SYS/RCSA/PCIE2 pci@300/pci@1/pci@0/pci@4/pci@0/pci@c /SYS/MB/SASHBA0 pci@300/pci@1/pci@0/pci@4/pci@0/pci@8 /SYS/RIO/NET0 pci@340/pci@1/pci@0/pci@6 /SYS/RCSA/PCIE3 pci@340/pci@1/pci@0/pci@c /SYS/RCSA/PCIE4 pci@380/pci@1/pci@0/pci@a /SYS/RCSA/PCIE9 pci@380/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE10 pci@3c0/pci@1/pci@0/pci@e /SYS/RCSA/PCIE11 pci@3c0/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE12 pci@400/pci@1/pci@0/pci@e /SYS/RCSA/PCIE5 pci@400/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE6 pci@440/pci@1/pci@0/pci@e /SYS/RCSA/PCIE7 pci@440/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE8 pci@480/pci@1/pci@0/pci@a /SYS/RCSA/PCIE13 pci@480/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE14 pci@4c0/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE15 pci@4c0/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE16 pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c /SYS/MB/SASHBA1 pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4 /SYS/RIO/NET2 Added an additional service processor configuration: # ldm add-spconfig split # ldm list-spconfig factory-default primary split [current] And removed many of the resources from the primary domain: # ldm start-reconf primary # ldm set-core 4 primary # ldm set-memory 32G primary # ldm rm-io pci@340 primary # ldm rm-io pci@380 primary # ldm rm-io pci@3c0 primary # ldm rm-io pci@400 primary # ldm rm-io pci@440 primary # ldm rm-io pci@480 primary # ldm rm-io pci@4c0 primary # init 6 Needed to add resources to the guest domains: # ldm add-domain db # ldm set-core cid=`seq -s"," 48 63` db # ldm add-memory mblock=0x180000000000:256G db # ldm add-io pci@480 db # ldm add-io pci@4c0 db # ldm add-domain app # ldm set-core 44 app # ldm set-memory 704G app # ldm add-io pci@340 app # ldm add-io pci@380 app # ldm add-io pci@3c0 app # ldm add-io pci@400 app # ldm add-io pci@440 app Needed to set up services: # ldm add-vds primary-vds0 primary # ldm add-vcc port-range=5000-5100 primary-vcc0 primary Needed to add a virtual network port for the WebLogic application domain: # ipadm NAME CLASS/TYPE STATE UNDER ADDR lo0 loopback ok -- -- lo0/v4 static ok -- ... lo0/v6 static ok -- ... net0 ip ok -- ... net0/v4 static ok -- xxx.xxx.xxx.xxx/24 net0/v6 addrconf ok -- .... net0/v6 addrconf ok -- ... net8 ip ok -- -- net8/v4 static ok -- ... # dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net1 Ethernet unknown 0 unknown ixgbe1 net0 Ethernet up 1000 full ixgbe0 net8 Ethernet up 10 full usbecm2 # ldm add-vsw net-dev=net0 primary-vsw0 primary # ldm add-vnet vnet1 primary-vsw0 app Needed to add a virtual disk to the WebLogic application domain: # format Searching for disks...done AVAILABLE DISK SELECTIONS: 0. c0t5000CCA02505F874d0 <HITACHI-H106060SDSUN600G-A2B0-558.91GB> /scsi_vhci/disk@g5000cca02505f874 /dev/chassis/SPARC_T5-4.AK00084038/SYS/SASBP0/HDD0/disk 1. c0t5000CCA02506C468d0 <HITACHI-H106060SDSUN600G-A2B0-558.91GB> /scsi_vhci/disk@g5000cca02506c468 /dev/chassis/SPARC_T5-4.AK00084038/SYS/SASBP0/HDD1/disk 2. c0t5000CCA025067E5Cd0 <HITACHI-H106060SDSUN600G-A2B0-558.91GB> /scsi_vhci/disk@g5000cca025067e5c /dev/chassis/SPARC_T5-4.AK00084038/SYS/SASBP0/HDD2/disk 3. c0t5000CCA02506C258d0 <HITACHI-H106060SDSUN600G-A2B0-558.91GB> /scsi_vhci/disk@g5000cca02506c258 /dev/chassis/SPARC_T5-4.AK00084038/SYS/SASBP0/HDD3/disk Specify disk (enter its number): ^C # ldm add-vdsdev /dev/dsk/c0t5000CCA02506C468d0s2 HDD1@primary-vds0 # ldm add-vdisk HDD1 HDD1@primary-vds0 app Add some additional spice to the pot: # ldm set-variable auto-boot\\?=false db # ldm set-variable auto-boot\\?=false app # ldm set-var boot-device=HDD1 app Bind the logical domains: # ldm bind db # ldm bind app At the end of the process, the system is set up like this: # ldm list -o core,memory,physio NAME primary CORE CID CPUSET 0 (0, 1, 2, 3, 4, 5, 6, 7) 1 (8, 9, 10, 11, 12, 13, 14, 15) 2 (16, 17, 18, 19, 20, 21, 22, 23) 3 (24, 25, 26, 27, 28, 29, 30, 31) MEMORY RA PA SIZE 0x30000000 0x30000000 32G IO DEVICE PSEUDONYM OPTIONS pci@300 pci_0 pci@300/pci@1/pci@0/pci@6 /SYS/RCSA/PCIE1 pci@300/pci@1/pci@0/pci@c /SYS/RCSA/PCIE2 pci@300/pci@1/pci@0/pci@4/pci@0/pci@c /SYS/MB/SASHBA0 pci@300/pci@1/pci@0/pci@4/pci@0/pci@8 /SYS/RIO/NET0 ------------------------------------------------------------------------------ NAME app CORE CID CPUSET 4 (32, 33, 34, 35, 36, 37, 38, 39) 5 (40, 41, 42, 43, 44, 45, 46, 47) 6 (48, 49, 50, 51, 52, 53, 54, 55) 7 (56, 57, 58, 59, 60, 61, 62, 63) 8 (64, 65, 66, 67, 68, 69, 70, 71) 9 (72, 73, 74, 75, 76, 77, 78, 79) 10 (80, 81, 82, 83, 84, 85, 86, 87) 11 (88, 89, 90, 91, 92, 93, 94, 95) 12 (96, 97, 98, 99, 100, 101, 102, 103) 13 (104, 105, 106, 107, 108, 109, 110, 111) 14 (112, 113, 114, 115, 116, 117, 118, 119) 15 (120, 121, 122, 123, 124, 125, 126, 127) 16 (128, 129, 130, 131, 132, 133, 134, 135) 17 (136, 137, 138, 139, 140, 141, 142, 143) 18 (144, 145, 146, 147, 148, 149, 150, 151) 19 (152, 153, 154, 155, 156, 157, 158, 159) 20 (160, 161, 162, 163, 164, 165, 166, 167) 21 (168, 169, 170, 171, 172, 173, 174, 175) 22 (176, 177, 178, 179, 180, 181, 182, 183) 23 (184, 185, 186, 187, 188, 189, 190, 191) 24 (192, 193, 194, 195, 196, 197, 198, 199) 25 (200, 201, 202, 203, 204, 205, 206, 207) 26 (208, 209, 210, 211, 212, 213, 214, 215) 27 (216, 217, 218, 219, 220, 221, 222, 223) 28 (224, 225, 226, 227, 228, 229, 230, 231) 29 (232, 233, 234, 235, 236, 237, 238, 239) 30 (240, 241, 242, 243, 244, 245, 246, 247) 31 (248, 249, 250, 251, 252, 253, 254, 255) 32 (256, 257, 258, 259, 260, 261, 262, 263) 33 (264, 265, 266, 267, 268, 269, 270, 271) 34 (272, 273, 274, 275, 276, 277, 278, 279) 35 (280, 281, 282, 283, 284, 285, 286, 287) 36 (288, 289, 290, 291, 292, 293, 294, 295) 37 (296, 297, 298, 299, 300, 301, 302, 303) 38 (304, 305, 306, 307, 308, 309, 310, 311) 39 (312, 313, 314, 315, 316, 317, 318, 319) 40 (320, 321, 322, 323, 324, 325, 326, 327) 41 (328, 329, 330, 331, 332, 333, 334, 335) 42 (336, 337, 338, 339, 340, 341, 342, 343) 43 (344, 345, 346, 347, 348, 349, 350, 351) 44 (352, 353, 354, 355, 356, 357, 358, 359) 45 (360, 361, 362, 363, 364, 365, 366, 367) 46 (368, 369, 370, 371, 372, 373, 374, 375) 47 (376, 377, 378, 379, 380, 381, 382, 383) MEMORY RA PA SIZE 0x30000000 0x830000000 192G 0x4000000000 0x80000000000 256G 0x8080000000 0x100000000000 256G IO DEVICE PSEUDONYM OPTIONS pci@340 pci_1 pci@380 pci_2 pci@3c0 pci_3 pci@400 pci_4 pci@440 pci_5 pci@340/pci@1/pci@0/pci@6 /SYS/RCSA/PCIE3 pci@340/pci@1/pci@0/pci@c /SYS/RCSA/PCIE4 pci@380/pci@1/pci@0/pci@a /SYS/RCSA/PCIE9 pci@380/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE10 pci@3c0/pci@1/pci@0/pci@e /SYS/RCSA/PCIE11 pci@3c0/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE12 pci@400/pci@1/pci@0/pci@e /SYS/RCSA/PCIE5 pci@400/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE6 pci@440/pci@1/pci@0/pci@e /SYS/RCSA/PCIE7 pci@440/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE8 ------------------------------------------------------------------------------ NAME db CORE CID CPUSET 48 (384, 385, 386, 387, 388, 389, 390, 391) 49 (392, 393, 394, 395, 396, 397, 398, 399) 50 (400, 401, 402, 403, 404, 405, 406, 407) 51 (408, 409, 410, 411, 412, 413, 414, 415) 52 (416, 417, 418, 419, 420, 421, 422, 423) 53 (424, 425, 426, 427, 428, 429, 430, 431) 54 (432, 433, 434, 435, 436, 437, 438, 439) 55 (440, 441, 442, 443, 444, 445, 446, 447) 56 (448, 449, 450, 451, 452, 453, 454, 455) 57 (456, 457, 458, 459, 460, 461, 462, 463) 58 (464, 465, 466, 467, 468, 469, 470, 471) 59 (472, 473, 474, 475, 476, 477, 478, 479) 60 (480, 481, 482, 483, 484, 485, 486, 487) 61 (488, 489, 490, 491, 492, 493, 494, 495) 62 (496, 497, 498, 499, 500, 501, 502, 503) 63 (504, 505, 506, 507, 508, 509, 510, 511) MEMORY RA PA SIZE 0x80000000 0x180000000000 256G IO DEVICE PSEUDONYM OPTIONS pci@480 pci_6 pci@4c0 pci_7 pci@480/pci@1/pci@0/pci@a /SYS/RCSA/PCIE13 pci@480/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE14 pci@4c0/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE15 pci@4c0/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE16 pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c /SYS/MB/SASHBA1 pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4 /SYS/RIO/NET2 Start the domains: # ldm start app LDom app started # ldm start db LDom db started Make sure to start the vntsd service that was created, above. # svcs -a | grep ldo disabled 8:38:38 svc:/ldoms/vntsd:default online 8:38:58 svc:/ldoms/agents:default online 8:39:25 svc:/ldoms/ldmd:default # svcadm enable vntsd Now use the MAC address to configure the Solaris 11 Automated Installation. Database Logical Domain # telnet localhost 5000 {0} ok devalias screen /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@7/display@0 disk7 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0/disk@p3 disk6 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0/disk@p2 disk5 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0/disk@p1 disk4 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0/disk@p0 scsi1 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0 net3 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4/network@0,1 net2 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4/network@0 virtual-console /virtual-devices/console@1 name aliases {0} ok boot net2 Boot device: /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4/network@0 File and args: 1000 Mbps full duplex Link up Requesting Internet Address for xx:xx:xx:xx:xx:xx Requesting Internet Address for xx:xx:xx:xx:xx:xx WLS Logical Domain # telnet localhost 5001 {0} ok devalias hdd1 /virtual-devices@100/channel-devices@200/disk@0 vnet1 /virtual-devices@100/channel-devices@200/network@0 net /virtual-devices@100/channel-devices@200/network@0 disk /virtual-devices@100/channel-devices@200/disk@0 virtual-console /virtual-devices/console@1 name aliases {0} ok boot net Boot device: /virtual-devices@100/channel-devices@200/network@0 File and args: Requesting Internet Address for xx:xx:xx:xx:xx:xx Requesting Internet Address for xx:xx:xx:xx:xx:xx Repeat the process for the second SPARC T5-4, install Solaris, RAC and WebLogic Cluster, and you are ready to go. Maybe buying a SuperCluster would have been easier.

Read the article

iptables issue on plesk

- by Fred Rufin

i don't know how to open a specific port (rtmp=1935) on my CentOS server using Plesk or itables. I created new rules for port 1935 i/o using Plesk/Modules/Firewall but this doesn't work. Nmap scanning tells me this : 1935/tcp filtered rtmp . So i decided to have look at my iptable using SSH (iptables -L), and iptables seems to contain my rules (tcp spt:macromedia-fcs): Chain INPUT (policy DROP) target prot opt source destination VZ_INPUT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination VZ_FORWARD all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination VZ_OUTPUT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere Chain VZ_FORWARD (1 references) target prot opt source destination Chain VZ_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpts:filenet-tms:65535 ACCEPT udp -- anywhere anywhere udp dpts:filenet-tms:65535 ACCEPT tcp -- anywhere anywhere tcp dpt:cddbp-alt ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https ACCEPT tcp -- localhost.localdomain localhost.localdomain ACCEPT tcp -- anywhere anywhere tcp dpt:macromedia-fcs ACCEPT udp -- localhost.localdomain localhost.localdomain Chain VZ_OUTPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:http ACCEPT tcp -- anywhere anywhere tcp spt:ssh ACCEPT tcp -- anywhere anywhere tcp spt:smtp ACCEPT tcp -- anywhere anywhere tcp spt:pop3 ACCEPT tcp -- anywhere anywhere tcp spt:domain ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT tcp -- anywhere anywhere ACCEPT udp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp spt:cddbp-alt ACCEPT tcp -- anywhere anywhere tcp spt:pcsync-https ACCEPT tcp -- localhost.localdomain localhost.localdomain ACCEPT tcp -- anywhere anywhere tcp spt:macromedia-fcs ACCEPT udp -- localhost.localdomain localhost.localdomain My rules seems to be OK but there is no connection to 1935 port using a browser. I can connect to this port with SSH (typing "wget myServerIP:1935") but maybe this is because it is an SSH tunelling ? I don't know how to do.

Read the article

Can't successfully run Sharepoint Foundation 2010 first time configuration

- by Robert Koritnik

I'm trying to run the non-GUI version of configuration wizard using power shell because I would like to set config and admin database names. GUI wizard doesn't give you all possible options for configuration. I run this command: New-SPConfigurationDatabase -DatabaseName "Sharepoint2010Config" -DatabaseServer "developer.pleiado.pri" -AdministrationContentDatabaseName "Sharepoint2010Admin" -DatabaseCredentials (Get-Credential) -Passphrase (ConvertTo-SecureString "%h4r3p0int" -AsPlainText -Force) Of course all these are in the same line. I've broken them down into separate lines to make it easier to read. When I run this command I get this error: New-SPConfigurationDatabase : Cannot connect to database master at SQL server a t developer.pleiado.pri. The database might not exist, or the current user does not have permission to connect to it. At line:1 char:28 + New-SPConfigurationDatabase <<<< -DatabaseName "Sharepoint2010Config" -Datab aseServer "developer.pleiado.pri" -AdministrationContentDatabaseName "Sharepoint 2010Admin" -DatabaseCredentials (Get-Credential) -Passphrase (ConvertTo-SecureS tring "%h4r3p0int" -AsPlainText -Force) + CategoryInfo : InvalidData: (Microsoft.Share...urationDatabase: SPCmdletNewSPConfigurationDatabase) [New-SPConfigurationDatabase], SPExcep tion + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSPCon figurationDatabase I created two domain accounts: SPF_DATABASE - database account SPF_ADMIN - farm account I'm running powershell console as domain administrator. I've tried to run SQL Management studio as domain admin and created a dummy database and it worked wothout a problem. I'm running: Windows 7 x64 on the machine where Sharepoint Foundation 2010 should be installed and also has preinstalled SQL Server 2008 R2 Windows Server 2008 R2 Server Core is my domain controller I've installed Sharepoint according to MS guides http://msdn.microsoft.com/en-us/library/ee554869%28office.14%29.aspx installing all additional patches that are related to my configuration. Any ideas what should I do to make it work?

Read the article

map subdomain to another subdomain via cname

- by Stephen

Question: I need to get DNS configured to point a subdomain from one domain (which I will generally not be controlling) to another subdomain on a different domain name. Testing this process using a simple CNAME entry keeps pointing to the primary domain and not the subdomain where it should be going. This is the scenario; (newdomain.com is in my control) cdn.xyz.com should display content from this subdomain subdomain.newdomain.com It is instead displaying content from newdomain.com (not the subdomain sub domain) cdn.xyz.com/page.htm displays content from newdomain.com/page.htm although what I need is it to display content from subdomain.newdomain.com/page.htm Other Background: setup is between two different servers with different IP ranges although DNS cluster is on between all servers the newdomain.com is set up with its own unique IP (which is on the A records for the subdomains, the subdomains work as expected/normal) the DNS entry is correct (cdn CNAME subdomain.newdomain.com.) ie the end period is included a DNS lookup on the CNAME externally reports back as subdomain.newdomain.com. as the record Does anyone know what DNS entries I am missing to get this working correctly ? Note: I do not want to just put a redirect between domains as I need the content of subdomain.newdomain.com/content.html to be visible via the URL of cdn.xyz.com/content.html also I can just use some redirects on newdomain.com to achieve what I am after but would prefer to just get the DNS correct. EDIT Current DNS cdn CNAME subdomain.newdomain.com. || CNAME entry for domain1 subdomain A XXX.XXX.XXX.XXX || A record entry for working subdomain pointing to unique IP What should happen is that cdn.domain1.com - subdomain.newdomain.com What is happening is cdn.domain1.com - newdomain.com (ie. the root not the subdomain) EDIT 2 Actually if its easier I am trying to emulate a simple cloud setup like Rackspace Containers (which I assume is similar to Buckets on AWS). although it is not for cloud storage Where a container has a url reference of hd62321678d323.rackspace.com (in truth they are much longer) so I can use a CNAME record of: cdn CNAME hd62321678d323.rackspace.com. so that http://cdn.mydomain.com/myfile.jpg displays content from http://hd62321678d323.rackspace.com/myfile.jpg

Read the article

NetApp FAS 2040 LDAP Win2k8R2

- by it_stuck

I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base.group ldap.base.netgroup ldap.base.passwd ldap.enable on ldap.minimum_bind_level anonymous ldap.name domain-admin-account ldap.nssmap.attribute.gecos gecos ldap.nssmap.attribute.gidNumber gidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory homeDirectory ldap.nssmap.attribute.loginShell loginShell ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup ldap.nssmap.attribute.memberUid memberUid ldap.nssmap.attribute.netgroupname cn ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple ldap.nssmap.attribute.uid uid ldap.nssmap.attribute.uidNumber uidNumber ldap.nssmap.attribute.userPassword userPassword ldap.nssmap.objectClass.nisNetgroup nisNetgroup ldap.nssmap.objectClass.posixAccount posixAccount ldap.nssmap.objectClass.posixGroup posixGroup ldap.passwd ****** ldap.port 389 ldap.servers ldap.servers.preferred ldap.ssl.enable off ldap.timeout 20 ldap.usermap.attribute.unixaccount unixaccount ldap.usermap.attribute.windowsaccount sAMAccountName ldap.usermap.base ldap.usermap.enable on output of nsswitch.conf: hosts: files dns passwd: ldap files netgroup: ldap files group: ldap files shadow: files nis Error Message(s): [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for dc1.colour.domain.LOCAL. [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using DNS site query (site). [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using generic DNS query. Could not get passwd entry for name = <random user> the filer can ping the FQDN of dc1 the filer can ping the IP of dc1 the filer cannot ping "dc1" I'm not sure where I'm going wrong, so any pointers would be great.

Read the article

Installing ikiwiki on nginx - fastcgi/fcgi wrapper

- by meder

My ultimate goal is to setup ikiwiki, my current goal is to get a fcgi wrapper working for nginx, so I can move on to the next step... The ikiwiki page points out this page as an example for a fcgi wrapper: http://technotes.1000lines.net/?p=23 So far I've installed the ikiwiki and libfcgi-perl modules through aptitude: aptitude install libfcgi-perl aptitude install ikiwiki It installed those packages as well as some minimal dependency packages. So the next step following the guide at technotes, I grabbed http://technotes.1000lines.net/fastcgi-wrapper.pl but I'm not sure where to actually place this file... do I run it as a service? The script makes a socket file in /var/run/nginx but that directory does not exist.. do I manually create it? So in addition to the .pl file for the cgi wrapper, I need to also define a separate cgi file for parameters. If my conf looks like this... server { listen 80; server_name notes.domain.org; access_log /www/notes/public_html/notes.domain.org/log/access.log; error_log /www/notes/public_html/notes.domain.org/log/error.log; location / { root /www/notes/public_html/notes.domain.org/public/; index index.html; } } And I don't have a cgi-bin directory, where exactly should I create it within my structure, and regarding that I'd obviously have to update the below before I include it in my conf, but I'm just not exactly sure how this would work out. # /cgi-bin configuration location ~ ^/cgi-bin/.*\.cgi$ { gzip off; fastcgi_pass unix:/var/run/nginx/perl_cgi-dispatch.sock; [1]* fastcgi_param SCRIPT_FILENAME /www/blah.com$fastcgi_script_name; [2]* include fastcgi_params; [3]* } Also since the user is www-data and /var/run is root owned, what's the proper way of giving it access? Any tips appreciated.

Read the article

LDAP authentication issue with Kerio Connect

- by djk

We have Kerio Connect (mail server) running on a Windows Server 2003 server on a domain. In the webmail client, users are able to change their domain password. This functionality used to work fine until a user tried to change their password a few days ago, when every password they'd try would result in the webmail client claiming their password was "invalid". I spoke to Kerio about this and they claim that this error is returned by the domain controller, which supports my initial investigations. The error that the DC is logging when an attempt is made to change the password is this: "80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece" The "data 52e" part indicates that this is an "invalid credentials" error. I don't see how this can be as I've tried (in the Kerio Connect configuration) various accounts that have privileges to modify accounts, including my own as I am a domain admin. I have ran 'dcdiag' (all tests) on the DC and it came back passing every single one of them. I've searched high and low for an answer to this and came up empty. Does anyone have any idea why this may have suddenly started happening? Thanks! Edit: I should mention that the passwords we are changing to do comply with the complexity policy.

Read the article

Disable local delivery in Sendmail

- by Luke P M

I am using Sendmail on a Centos server to send email for PHP scripts, but the problem is that mail is delivered to a local mailbox on the machine rather than what is specified in the MX records for the domain - which actually point to another machine I use for email. I would like sendmail to not try and locally deliver mail for the domain the machine is setup for, is there a simple way to disable local delivery? The domain is not in the local-host-names file. I've already done lots of googling and I have looked at: http://serverfault.com/questions/26934/sendmail-configuration-to-not-deliver-mail-to-local-machine http://serverfault.com/questions/65365/disable-local-delivery-in-sendmail But either there is no answer or it is not suitable. I don't want to relay to another server, i just want it to send mail regardless of domain. To provide an example: I have two servers, one is the mail server at mail.example.com and a web server which is example.com, when I use the smtp service on the web server it currently routes mail to a local mailbox on example.com, but it should be going to mailboxes on mail.example.com Output of sendmail -bt returns: ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter 3,0 [email protected] canonify input: info @ example . com Canonify2 input: info Canonify2 returns: info canonify returns: info parse input: info Parse0 input: info Parse0 returns: info ParseLocal input: info ParseLocal returns: info Parse1 input: info Parse1 returns: $# local $: info parse returns: $# local $: info

Read the article

NetApp FAS 2040 LDAP Win2k8R2

- by it_stuck

I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base.group ldap.base.netgroup ldap.base.passwd ldap.enable on ldap.minimum_bind_level anonymous ldap.name domain-admin-account ldap.nssmap.attribute.gecos gecos ldap.nssmap.attribute.gidNumber gidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory homeDirectory ldap.nssmap.attribute.loginShell loginShell ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup ldap.nssmap.attribute.memberUid memberUid ldap.nssmap.attribute.netgroupname cn ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple ldap.nssmap.attribute.uid uid ldap.nssmap.attribute.uidNumber uidNumber ldap.nssmap.attribute.userPassword userPassword ldap.nssmap.objectClass.nisNetgroup nisNetgroup ldap.nssmap.objectClass.posixAccount posixAccount ldap.nssmap.objectClass.posixGroup posixGroup ldap.passwd ****** ldap.port 389 ldap.servers ldap.servers.preferred ldap.ssl.enable off ldap.timeout 20 ldap.usermap.attribute.unixaccount unixaccount ldap.usermap.attribute.windowsaccount sAMAccountName ldap.usermap.base ldap.usermap.enable on output of nsswitch.conf: hosts: files dns passwd: ldap files netgroup: ldap files group: ldap files shadow: files nis Error Message(s): [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for dc1.colour.domain.LOCAL. [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using DNS site query (site). [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using generic DNS query. Could not get passwd entry for name = <random user> the filer can ping the FQDN of dc1 the filer can ping the IP of dc1 the filer cannot ping "dc1" I'm not sure where I'm going wrong, so any pointers would be great.

Read the article

Ubuntu 12.04 LDAP SSL self-signed cert not accepted

- by MaddHacker

I'm working with Ubuntu 12.04, using OpenLDAP server. I've followed the instructions on the Ubuntu help pages and can happily connect without security. To test my connection, I'm using ldapsearch the command looks like: ldapsearch -xv -H ldap://ldap.[my host].local -b dc=[my domain],dc=local -d8 -ZZ I've also used: ldapsearch -xv -H ldaps://ldap.[my host].local -b dc=[my domain],dc=local -d8 As far as I can tell, I've setup my certificate correctly, but no matter why I try, I can't seem to get ldapsearch to accept my self-signed certificate. So far, I've tried: Updating my /etc/ldap/ldap.conf file to look like: BASE dc=[my domain],dc=local URI ldaps://ldap.[my host].local TLS_CACERT /etc/ssl/certs/cacert.crt TLS_REQCERT allow Updating my /etc/ldap.conf file to look like: base dc=[my domain],dc=local uri ldapi:///ldap.[my host].local uri ldaps:///ldap.[my host].local ldap_version 3 ssl start_tls ssl on tls_checkpeer no TLS_REQCERT allow Updating my /etc/default/slapd to include: SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///" Several hours of Googling, most of which resulted in adding the TLS_REQCERT allow The exact error I'm seeing is: ldap_initialize( ldap://ldap.[my host].local ) request done: ld 0x20038710 msgid 1 TLS certificate verification: Error, self signed certificate in certificate chain TLS: can't connect. ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed After several hours of this, I was hoping someone else has seen this issue, and/or knows how to fix it. Please do let me know if I should add more information, or if you need further data.

Read the article

vhost.conf file in PLESK not working as intended

- by Saif Bechan

I have configured a vhost file for my domain but it does not seem to work. These are the steps I took, please correct me if I am wrong. First I made a file called vhost.conf in: /var/www/vhosts/*domain*/conf/vhost.conf The content of the vhost file looks like this: <Directory /var/www/vhosts/*domain*/httpdocs> php_admin_flag engine on php_admin_flag display_errors on </Directory> Now in my /etc/php.ini i set display_errors=Off After everything i rebuild with: /usr/local/psa/admin/sbin/websrvmng -a But I don't see the any errors in my page. When i turn on the display_errors in /etc/php.ini only then can I see the errors. I know for a fact that the vhost file is read, because when i type nonsense values i get an error when restarting apache saying there are errors in the vhost file. Anyone know what the problem can be. Should there be special settings in either the php.ini file or the httpd.conf file. The httpd.conf i edit is in /etc/httpd/conf/httpd.conf. Is this the file that PLESK uses or is there another, because the values i see there do not really reflect the http folders of my domain. The httpd file looks like this now. # The document root DocumentRoot "/var/www/html" # i guess this is the base directory <Directory /> Order Deny,Allow Deny from all Options None AllowOverride None </Directory> # And i guess here are all my domains located, but there aren't any here <Directory "/var/www/html"> Options None AllowOverride None Order allow,deny Allow from all </Directory> Only this directory /var/www/html is not used by me, I use the directory /var/www/vhosts. The only folder found in /var/www/html is a folder called awstats. Does plesk use other files, and where are they located. I hope this all makes sense to anyone, and i hope i can find a solution

Read the article

SPF hardfail and DKIM failure when recipient has e-mail forwarding

- by Beaming Mel-Bin

I configured hardfail SPF for my domain and DKIM message signing on my SMTP server. Since this is the only SMTP server that should be used for outgoing mail from my domain, I didn't foresee any complications. However, consider the following situation: I sent an e-mail message via my SMTP server to my colleague's university e-mail. The problem is that my colleague forwards his university e-mail to his GMail account. These are the headers of the message after it reaches his GMail mailbox: Received-SPF: fail (google.com: domain of [email protected] does not designate 192.168.128.100 as permitted sender) client-ip=192.168.128.100; Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of [email protected] does not designate 192.168.128.100 as permitted sender) [email protected]; dkim=hardfail (test mode) [email protected] (Headers have been sanitized to protect the domains and IP addresses of the non-Google parties) GMail checks the last SMTP server in the delivery chain against my SPF and DKIM records (rightfully so). Since the last STMP server in the delivery chain was the university's server and not my server, the check results in an SPF hardfail and DKIM failure. Fortunately, GMail did not mark the message as spam but I'm concerned that this might cause a problem in the future. Is my implementation of SPF hardfail perhaps too strict? Any other recommendations or potential issues that I should be aware of? Or maybe there is a more ideal configuration for the university's e-mail forwarding procedure? I know that the forwarding server could possibly change the envelope sender but I see that getting messy.

Read the article

Destination host unreachable - Windows Server 2008

- by Doug

Hi There, I'm working with a windows 2008 domain controller, which I'm having issues connecting to internet resources. A small bit of background, this is a 2008 domain controller that has been added into an existing Win 2k domain, with a goal of replacing the older computers. Both of the older controllers can still access internet resources, and so can all the clients. When I ping Google.ca from the new server, it does resolve to an ip address, but then says "Reply from 192.168.123.20: Destination host unreachable." I'm really at a lost now, I've checked and rechecked my ip configuration, the default gateway is my router, the primary DNS server is the my DC, and the secondary DNS is also my router. The DNS server on the domain has a forwarder added for the router as well. Everything on my local network works just fine, all my internal resources can be resolved. For the time being, I've stopped the Firewall service. I'm not 100% used to Server 2008 yet, but it might be a case of just missing something simple. Thanks for your time.

Read the article

Destination host unreachable - Windows Server 2008

- by Doug

Hi There, I'm working with a windows 2008 domain controller, which I'm having issues connecting to internet resources. A small bit of background, this is a 2008 domain controller that has been added into an existing Win 2k domain, with a goal of replacing the older computers. Both of the older controllers can still access internet resources, and so can all the clients. When I ping Google.ca from the new server, it does resolve to an ip address, but then says "Reply from 192.168.123.20: Destination host unreachable." I'm really at a lost now, I've checked and rechecked my ip configuration, the default gateway is my router, the primary DNS server is the my DC, and the secondary DNS is also my router. The DNS server on the domain has a forwarder added for the router as well. Everything on my local network works just fine, all my internal resources can be resolved. For the time being, I've stopped the Firewall service. I'm not 100% used to Server 2008 yet, but it might be a case of just missing something simple. Thanks for your time.

Read the article

NFS: Server says "authenticated mount request", but client sees "access denied"

- by zigdon

I have two machine, an NFS server (RHEL) and a client (Debian). The server has NFS set up, exporting a particular directory: server:~$ sudo /usr/sbin/rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 910 status 100024 1 tcp 913 status 100021 1 udp 53391 nlockmgr 100021 3 udp 53391 nlockmgr 100021 4 udp 53391 nlockmgr 100021 1 tcp 32774 nlockmgr 100021 3 tcp 32774 nlockmgr 100021 4 tcp 32774 nlockmgr 100007 2 udp 830 ypbind 100007 1 udp 830 ypbind 100007 2 tcp 833 ypbind 100007 1 tcp 833 ypbind 100011 1 udp 999 rquotad 100011 2 udp 999 rquotad 100011 1 tcp 1002 rquotad 100011 2 tcp 1002 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 1013 mountd 100005 1 tcp 1016 mountd 100005 2 udp 1013 mountd 100005 2 tcp 1016 mountd 100005 3 udp 1013 mountd 100005 3 tcp 1016 mountd server$ cat /etc/exports /dir *.my.domain.com(ro) client$ grep dir /etc/fstab server.my.domain.com:/dir /dir nfs tcp,soft,bg,noauto,ro 0 0 All seems well, but when I try to mount, I see the following: client$ sudo mount /dir mount.nfs: access denied by server while mounting server.my.domain.com:/dir And on the server I see: server$ tail /var/log/messages Mar 15 13:46:23 server mountd[413]: authenticated mount request from client.my.domain.com:723 for /dir (/dir) What am I missing here? How should I be debugging this?

Search Results

Search found 17955 results on 719 pages for 'sub domain'.

Page 224/719 | < Previous Page | 220 221 222 223 224 225 226 227 228 229 230 231 | Next Page >

- by tooepic

- by Derrek

- by Nick LaMarca

- by Clint Davis

- by Newbie New

- by Ryan

- by user201806

- by b1gf00t

- by every_answer_gets_a_point

- by Damien Carru

- by Jeff Taylor-Oracle

- by Fred Rufin

- by Robert Koritnik

- by Stephen

- by it_stuck

- by meder

- by djk

- by Luke P M

- by it_stuck

- by MaddHacker

- by Saif Bechan

- by Beaming Mel-Bin

- by Doug

- by Doug

- by zigdon

< Previous Page | 220 221 222 223 224 225 226 227 228 229 230 231 | Next Page >