The default OpenAM schema requires the sn and cn attributes when using the /identity/create service. Even though I'm specifying them in the request, I get an error on the back end saying sn is missing... Has anyone else got the create identity endpoint to work?
I'm using OpenDS for the backing ldap and version 9.5.4 for OpenAM. All the other endpoints (authenticate, logout, isValidToken, update) work just fine.
Request:
http://openam:8080/openam/identity/create?admin={token}&identity_type=user&identity_name=jdoe&identity_realm=/&identity_attribute_names=userpassword&identity_attribute_values_userpassword=changeme&identity_attribute_names=givenname&identity_attributes_values_givenname=tbd&identity_attribute_names=sn&identity_attributes_values_sn=tbd&identity_attribute_names=cn&identity_attributes_values_cn=tbd
Exception:
exception.name=com.sun.identity.idsvcs.GeneralFailure Plug-in com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo encountered an ldap exception. LDAP Error 65: The requested operation will add or change data so that the data no longer complies with the schema.
OpenDS Error:
ADD RES conn=82 op=20 msgID=33882 result=65 message="Entry uid=jdoe,ou=people,dc=company,dc=com violates the Directory Server schema configuration because it is missing attribute sn which is required by objectclass person" etime=0
Update:
It look like by the time it gets to the LDAPv3Repo, the sn and cn attributes have been dropped:
LDAPv3Repo:07/02/2012 05:52:17:986 PM PDT: Thread[http-bio-8080-exec-2,5,main]
exit addAttrMapping: attrMap = {mail=[], sn=[], cn=[], inetuserstatus=[Active], givenname=[], userpassword=xxx..., dn=[]}
There is nothing else in the debug log that looks like it helps.
This looks like you are hitting a typo, and unhelpful error messages.
Your userpassword pair
identity_attribute_names=userpassword&identity_attribute_values_userpassword=changeme
should be
identity_attribute_names=userpassword&identity_attributes_values_userpassword=changeme
with an extra s at the end of the second attribute. You are likely to find the OpenAM mailing list more responsive for OpenAM questions (https://lists.forgerock.org/mailman/listinfo/openam)
Related
I am trying to run paragraphs using zeppelin spark object method
z.run("noteId","paragraphId")
z.run("paragraphId")
I have tried both the methods, but nothing seems to be triggering the next paragraph. I do not get any errors also. Please let me know if I am missing something here.
On checking the zeppelin server logs I am getting the below error :
ERROR [2020-08-26 15:46:37,742] ({Thread-35} RemoteInterpreterEventPoller.java[run]:250) - Can't handle event RemoteInterpreterEvent(type:RUN_INTERPRETER_CONTEXT_RUNNER, data:{"logger":{"traceCapable":true,"name":"org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$ParagraphRunner"},"noteId":"2FHDFMR16","paragraphId":"20200819-131115_701985359"})
org.apache.zeppelin.rest.exception.ForbiddenException: HTTP 403 Forbidden
at org.apache.zeppelin.socket.NotebookServer.onRemoteRunParagraph(NotebookServer.java:2153)
at org.apache.zeppelin.interpreter.remote.RemoteInterpreterEventPoller.run(RemoteInterpreterEventPoller.java:141)
I have created my notebook using the admin user only. Do we need to provide any special access? I am just using admin user.
Update 1:
I changed notebook settings in which we removed user and owner permissions. It's triggering, but it's with an anonymous user. It will be a problem if we are working in multi-user environment.
I think instead of that
Try
z.z.run
I have configured Websphere Liberty to use LDAP to authenticate user. I have enabled security trace -
com.ibm.ws.security.=all:com.ibm.ws.webcontainer.security.=all:com.ibm.oauth.=all:com.ibm.wsspi.security.oauth20.=all:com.ibm.ws.transport.http.=all:org.apache.http.client.=all
I have following feature list enabled in WebSphere Liberty v17.0.0.3,
webProfile-7.0, javaMail-1.5, ldapRegistry-3.0 and localConnector-1.0.
However, secure content is failing with error HTTP 401 (Unauthenticated).
In trace file, I can see that LDAP is able to return logged in user data. But WebSphere Liberty is failing with error -
com.ibm.wsspi.security.wim.model.Entity incompatible with com.ibm.wsspi.security.wim.model.LoginAccount
java.lang.ClassCastException: com.ibm.wsspi.security.wim.model.Entity incompatible with com.ibm.wsspi.security.wim.model.LoginAccount
at com.ibm.ws.security.wim.registry.util.SecurityNameBridge.getUserSecurityName(SecurityNameBridge.java:203)
at com.ibm.ws.security.wim.registry.WIMUserRegistry.getUserSecurityName(WIMUserRegistry.java:316)
at com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule.getSecurityName(ServerCommonLoginModule.java:104)
Please help guide if this error is due to any configuration problem.
The problem was resolved after correcting configuration of registry used. I was using LDAP registry and had mentioned LDAP server type as Tivoli. This was causing the problem in Subject class being returned from LDAP not matching expected class in Liberty. Once I changed LDAP service type to Custom, this error got resolved. Below is the tag for LDAP registry I used in server.xml
<ldapRegistry baseDN="ou=xxxxxxxx,o=xxxxxx" host="xxxxxxxxxxxxxxx" id="xxxxxxxxxxx" ldapType="Custom" port="636" realm="xx" recursiveSearch="true" sslEnabled="true" sslRef="sslrepo1">
<customFilters userFilter="(&(mail=%v)(objectclass=ePerson))" userIdMap="*:mail"/>
</ldapRegistry>
I am getting following error when I use pagination of view.
Unable to render the data. If the problem persists, contact your web
server administrator.Correlation
ID:c64a4e9d-64d2-3009-f658-7f1c8b0faebc
When I checked the Logs from ULSViewer I got these errors messages
Error while executing web part: System.ArgumentException: The
specified view is invalid. at
Microsoft.SharePoint.SPViewCollection.get_Item(Guid guid) at
Microsoft.SharePoint.ApplicationPages.InplaceViewEditor.get_View()
at
Microsoft.SharePoint.ApplicationPages.InplaceViewEditor.RenderListView()
at
Microsoft.SharePoint.ApplicationPages.InplaceViewEditor.Execute(String
strCmd) at
Microsoft.SharePoint.ApplicationPages.InplaceViewEditor.OnLoad(EventArgs
e)
Forced due to logging gap, cached # 12/24/2015 10:59:32.88, Original
Level: Verbose] No data was found on the incoming client request
Proxy response returned error: 'The remote server returned an error:
(601).'
Could you please check and let me know what is the issue? I am not able to resolve it.
Thanks in advance.
Best Regards,
Manoj.
Have you added the custom web parts or add custom code?
For troubleshooting the issue, you could check things below:
Create a new list view to check if the same issue will occur.
Do an IIS reset to check if it can work.
I am using SSIS 2012 and deploying projects via project deployment model. I have 3 project connection managers and passing the password information to the connection manager through a project parameter. When I set the Sensitive property of password parameter to False the package runs fine but when I set it to true it gives the below error :
Error: SSIS Error Code DTS_E_CANNOTACQUIRECONNECTIONFROMCONNECTIONMANAGER. The AcquireConnection method call to the connection manager "ConnManager" failed with error code 0xC0202009
It is erroring because you are trying to touch a Parameter that is marked as Sensitive. You cannot use the "old" approach for configuring connection managers. For the project deployment model and Connection managers, in the SSISDB, you right click on the project and select Configure.
There is where you overlay a password.
Otherwise, you then need to use the GetSensitiveValue method to access the value instead of the standard Getter property.
Dts.Variables["$Package::FtpPassword"].GetSensitiveValue().ToString();
See Matt's article Retrieving the Value of a Sensitive Parameter in a Script
I have a Symfony2 (2.0.19) application with the FOSUserBundle that I extends with a custom UserManager class because it has to load data from an old database which can not be migrated for now. Everything works well, users can login, access their dashboard, disconnect... But I have this recurrent warning in the prod.log log file:
[2012-12-05 18:16:45] security.WARNING: Username "" could not be found. [] []
This is caused when trying to log with a user-name that can't be found. So the error is "normal".
This warning is not very useful as the user-name is not logged. So, I'd like to remove it without changing the error report level of the prod environment.
As we commit our vendor (not a good practice but we've been asked to do this) I have deleted this log which was useless.