Messages

46

MP Server / Re: ODWEK REST Services API

« on: May 12, 2022, 09:07:32 AM »

I don't see a port listed in your curl command. This would then default to either 80/443 . This is most likely incorrect. Check your port and then try your request again.

-Rob

47

MP Server / Re: Field maximum length issue

« on: May 12, 2022, 09:04:57 AM »

Reach out to me if you haven't solved this problem yet.

-Rob

48

MP Server / Re: Users with and without SSO

« on: May 12, 2022, 09:03:28 AM »

One other option you might consider. You can set the ARS_LDAP_OD_AUTHORITY_FALLBACK=TRUE in your systems configuration. This will cause OnDemand to revert back to the OnDemand logon when the userid does not exist on the LDAP server. NOTE: The default is FALSE if the ARS_LDAP_OD_AUTHORITY_FALLBACK is not set.

So if the user isn't found it LDAP, OnDemand will attempt to authenticate the user using the provided userid/password. Let me know if you have any questions.

Rob

49

MP Server / Re: Verifying synchronized users from AD to OD

« on: February 03, 2022, 06:54:28 AM »

Does SSO work for other ID's in ICN?

50

MP Server / Re: Verifying synchronized users from AD to OD

« on: February 02, 2022, 01:10:20 PM »

That would be a good enhancement request.


However, it's pretty simple to know what's synced. Get list of all users in OD and subtract what's in the ignore list. What is left came from LDAP.

Is there something I am missing that you need?

-Rob

51

OD/WEK & JAVA API / Re: REST API

« on: February 02, 2022, 01:02:32 PM »

You should create a separate JVM for the REST services.  This way maintenance can be performed on each independently.

Running both application on the same server is not recommended.

-RR

52

Windows Client / Re: Duplicate ids

« on: January 11, 2022, 08:24:42 AM »

How are you creating these ID's, i.e. admin client, arsxml, arslsync....?

Need the specifics. I have tried and can't recreate this issue.

53

Announcements & News / Re: SECURITY: Apache Log4j vulnerability

« on: December 13, 2021, 06:29:15 PM »

You got it, Nolan.

-RR

54

Announcements & News / Re: SECURITY: Apache Log4j vulnerability

« on: December 13, 2021, 03:22:31 PM »

Nolan,

What are you running that you are trying to update?

-RR

55

MP Server / Re: Determine the active segment table being used

« on: December 12, 2021, 01:12:03 PM »

You can try this too:

arstblsp -a3 -h archive

This will show all the tables that are open for loading by application group.

56

MP Server / Re: OD SSO - issue calling websphere java class WSCallbackHandlerImpl

« on: November 22, 2021, 06:39:44 AM »

Check on your WebSphere system where sas.jar is. It is what contains what WebSphere is looking for to validate the ltpa token.

Without knowing how you set the other jars I can't tell you what went wrong but something is over-riding the WAS default classpath.

Thanks,
RR

57

MP Server / Re: OD SSO - issue calling websphere java class WSCallbackHandlerImpl

« on: November 17, 2021, 05:52:47 PM »

It would appear something has screwed up the classpath in WAS and that is the cause of the error. I am not sure how you are setting the classpath for the other requirements but I wonder if that has overridden the WAS defaults.

-RR

58

MP Server / Re: Reference multiple users with wildcard for ARS_LDAP_IGN_USERIDS in ars.cfg

« on: October 28, 2021, 06:19:21 AM »

An easy one. 

No.


-RR

59

MP Server / Re: Unable to contact LDAP server through arslsync

« on: October 19, 2021, 08:48:58 AM »

Ok. Please open a support incident.

RR

60

MP Server / Re: Unable to contact LDAP server through arslsync

« on: October 18, 2021, 09:32:08 AM »

Ok. So now that you have that sorted, I recommended using ldapsearch from your OnDemand server to truly verify connectivity. The syntax would be:

ldapsearch -h <hostname> -p 389 -w <password> -s sub -b OU=Service Accounts -D CN=CN=svc-od-bind-t,OU=Service Accounts "(objectClass=user)"

Simply change the hostname and password. I did notice after putting that together that your base DN looks odd. It looks to be missing something. While it might in fact be correct, I would double check that with your AD admin.

-RR