Thứ Ba, ngày 18 tháng 8 năm 2015

Data codes related to 'LDAP: error code 49' with Microsoft Active Directory

Data codes related to 'LDAP: error code 49' with Microsoft Active Directory

Technote (troubleshooting)


Problem

When IBM® WebSphere® Portal accesses the LDAP (in this case Microsoft® Active Directory), either to start the server or during configuration tasks, "LDAP: error code 49" can be encountered.

Symptom

Generally, error references SECJ0369E and SECJ0055E will be generated in the SystemOut.log. There are, however, various root causes that can be derived from the values that follow the initial description. An example is shown below.
From SystemOut.log:

[date/time] 0000000a LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server ldap://:389.
[date/time] 0000000a LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece ].
[date/time] 0000000a distContextMa E SECJ0270E: Failed to get actual credentials. The exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)


In this case, validate-ldap is the config task that was failing, and from the ConfigTrace.log we see:

action-validate-ldap-was-admin-user:
[ldapcheck] ###########################
[ldapcheck] ldapURL : :389
[ldapcheck] ldapUser : CN=wasadmin,OU=WebspherePortal,OU=Service Accounts,DC=select,DC=corp,DC=sem
[ldapcheck] ldapPassword : *********
[ldapcheck] ldapSslEnabled : false
[ldapcheck] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece ]
[ldapcheck] ERROR: 4
[ldapcheck] Invalid or insufficient authorization privileges.
Target finished: action-validate-ldap-was-admin-user

Cause

The error shown below is similar each time there is an LDAP authentication issue. 
    "The exception is [ LDAP: error code 49 - 80090308: LdapErr: DSID-0Cxxxxxx, comment: AcceptSecurityContext error, data xxx, vece ]."

However, there are several values that can indicate what LDAP function is causing the issue. Here are some general references for Microsoft Active Directory:

The AD-specific error code is the one after "data" and before "vece" or "v893" in the actual error string returned to the binding process

525user not found
52einvalid credentials
530not permitted to logon at this time
531not permitted to logon at this workstation
532password expired
533
534
account disabled
The user has not been granted the requested logon type at this machine
701account expired
773user must reset password
775user account locked

     
Common Active Directory LDAP bind errors: 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
HEX: 0x525 - user not found 
DEC: 1317 - ERROR_NO_SUCH_USER
 (The specified account does not exist.)
NOTE: Returns when username is invalid.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
HEX: 0x52e - invalid credentials 
DEC: 1326 - ERROR_LOGON_FAILURE
 (Logon failure: unknown user name or bad password.)
NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 530, v893
HEX: 0x530 - not permitted to logon at this time 
DEC: 1328 - ERROR_INVALID_LOGON_HOURS 
(Logon failure: account logon time restriction violation.)
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893
HEX: 0x531 - not permitted to logon from this workstation 
DEC: 1329 - ERROR_INVALID_WORKSTATION
 (Logon failure: user not allowed to log on to this computer.)
LDAP[userWorkstations: ]
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893
HEX: 0x532 - password expired 
DEC: 1330 - ERROR_PASSWORD_EXPIRED
 (Logon failure: the specified account password has expired.)
LDAP[userAccountControl: ] - PASSWORDEXPIRED
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 533, v893
HEX: 0x533 - account disabled 
DEC: 1331 - ERROR_ACCOUNT_DISABLED 
(Logon failure: account currently disabled.)
LDAP[userAccountControl: ] - ACCOUNTDISABLE
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 701, v893
HEX: 0x701 - account expired 
DEC: 1793 - ERROR_ACCOUNT_EXPIRED 
(The user's account has expired.)
LDAP[accountExpires: ] - ACCOUNTEXPIRED
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 773, v893
HEX: 0x773 - user must reset password 
DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE 
(The user's password must be changed before logging on the first time.)
LDAP[pwdLastSet: ] - MUST_CHANGE_PASSWD
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 775, v893
HEX: 0x775 - account locked out 
DEC
1909 - ERROR_ACCOUNT_LOCKED_OUT (The referenced account is currently locked out and may not be logged on to.)
LDAP[userAccountControl: ] - LOCKOUT
NOTE: Returns even if invalid password is presented

The DEC: values are not presented in Portal logs; however, review of LDAP activity combined with analysis of SystemOut.log and relevant configuration tasks can help narrow down the root cause.

Resolving the problem

NOTE: This document is not meant to provide a solution to any LDAP errors. Since the full LDAP error described in the DEC statement is not captured in the Portal logs, this document can be used to associate the errors found in the SystemOut.log to common LDAP errors for MSAD.
Use the codes above to verify the settings and users in LDAP.

Thứ Hai, ngày 01 tháng 6 năm 2015

How to Compile Linux Kernel from Source to Build Custom Kernel


he life force of all Linux family of operating systems including Ubuntu, CentOS, and Fedora
For most part, you don’t need to compile the kernel, as it is installed by default when you install the OS. Also, when there is a critical update done to the kernel, you can use yum, or apt-get to update the kernel on your Linux system.

However you might encounter certain situation, where you may have to compile kernel from source. The following are few situation where you may have to compile Kernel on your Linux system.
  • To enable experimental features that are not part of the default kernel.
  • To enable support for a new hardware that is not currently supported by the default kernel.
  • To debug the kernel
  • Or, just to learn how kernel works, you might want to explore the kernel source code, and compile it on your own.
In this tutorial, we’ll explain how to compile Linux kernel from source.
Also, please note that if you just want to compile a driver, you don’t need to compile the kernel. You need only the linux-headers package of the kernel.

1. Download the Latest Stable Kernel

The first step is to download the latest stable kernel from kernel.org.
# cd /usr/src/

# wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.9.3.tar.xz

2. Untar the Kernel Source

The second step is to untar the kernel source file for compilation.
# tar -xvJf linux-3.9.3.tar.xz

3. Configure the Kernel

The kernel contains nearly 3000 configuration options. To make the kernel used by most people on most hardware, the Linux distro like Ubuntu, Fedora, Debian, RedHat, CentOS, etc, will generally include support for most common hardware. You can take any one of configuration from the distro, and on top of that you can add your own configuration, or you can configure the kernel from scratch, or you can use the default config provided by the kernel.
# cd linux-3.9.3

# make menuconfig
The make menuconfig, will launch a text-based user interface with default configuration options as shown in the figure. You should have installed “libncurses and libncurses-devel” packages for this command to work.
We will use the default config provided by the kernel. So select “Save” and save the config in the file name “.config”.
The following is a sample of the “.config” file:
CONFIG_MMU=y
CONFIG_NEED_DMA_MAP_STATE=y
CONFIG_NEED_SG_DMA_LENGTH=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_HWEIGHT=y

4. Compile the Linux Kernel

Compile the main kernel:
# make
Compile the kernel modules:
# make modules
Install the kernel modules:
# make modules_install
At this point, you should see a directory named /lib/modules/3.9.3/ in your system.

5. Install the New Kernel

Install the new kernel on the system:
# make install
The make install command will create the following files in the /boot directory.
  • vmlinuz-3.9.3 – The actual kernel
  • System.map-3.9.3 – The symbols exported by the kernel
  • initrd.img-3.9.3 – initrd image is temporary root file system used during boot process
  • config-3.9.3 – The kernel configuration file
The command “make install” will also update the grub.cfg by default. So we don’t need to manually edit the grub.cfg file.

6. Boot Linux to the new Kernel

To use the new kernel that you just compiled, reboot the system.
# reboot
Since, in grub.cfg, the new kernel is added as default boot, the system will boot from the new kernel. Just in case if you have problems with the new kernel, you can select the old kernel from the grub menu during boot and you can use your system as usual.
Once the system is up, use uname command to verify that the new version of Linux kernel is installed.
$ uname -r
3.9.3

Thứ Sáu, ngày 29 tháng 5 năm 2015

JAX-WS Web Service Example Using Eclipse(STS)

In this tutorial , we will create hello world SOAP web service example in eclipse(STS). Eclipse (STS) provides good API for creating web services. Eclipse(STS) will do all work for you-creating WSDL, stub, endpoints etc.


Steps for creating web services in eclipse(STS):

1. Create new dynamic web project and name it "WebService".


2. Create new package named "com.dineshonjava.com"


3.Create a simple java class named "HelloWorld.java"
  1. package com.dineshonjava.ws;  
  2.   
  3. import javax.jws.WebMethod;  
  4. import javax.jws.WebService;  
  5. import javax.jws.soap.SOAPBinding;  
  6. import javax.jws.soap.SOAPBinding.Style;  
  7.   
  8. /** 
  9.  * @author Dinesh Rajput 
  10.  * Service Endpoint Interface 
  11.  */  
  12.   
  13. @WebService  
  14. @SOAPBinding(style = Style.RPC)  
  15. public interface HelloWorld {  
  16.  @WebMethod   
  17.  String sayHelloWorld(String name);  
  18. }  

4. Right click on project->new->web service


5. Click on next.


In service implementation text box,write fully qualified class name of above created class(com.dineshonjava.ws.HelloWorldImpl) and move both above slider to maximum level (i.e. Test service and Test Client level)and click on finish. You are done!! A new project named "WebServiceClient" will be created in your work space.

6. Click on next.



7. Start Server.


8. After clicking start server,eclipse will open test web service API. With this test API, you can test your web service.




Note: Sometimes we get the following exception when we creating Web Service using Eclipse or STS

IWAB0506E Error when copying Axis jar files to web project
        java.io.FileNotFoundException: /lib/saaj.jar
        at org.eclipse.osgi.framework.internal.protocol.bundleentry.Handler.findBundleEntry(Handler.java:44)
        at org.eclipse.osgi.framework.internal.core.BundleResourceHandler.openConnection(BundleResourceHandler.java:168)
        at java.net.URL.openConnection(Unknown Source)
        at java.net.URL.openStream(Unknown Source)
        at

FileNotFoundException in Eclipse when creating a webservice

 




References
1. W3 School for Web Services
2. Wikipedia for Web Service

Thứ Tư, ngày 29 tháng 4 năm 2015

BUG: Ubuntu 14.04 LTS not show USB 3.0 devices

Fix 1: sudo echo "blacklist uas" >> /etc/modprobe.d/blacklist.conf
Fix 2: sudo apt-get install libnss-myhostname

# sudo reboot

Chủ Nhật, ngày 26 tháng 4 năm 2015

Top 10 Inheritance Interview questions

1.what is inheritance?
  • inheritance is one of the oops concepts in java.inheritance is concept of  getting properties of one class object to another class object.
  • Inheritance represents the IS-A relationship,also known as parent-child relationship.
2.what are the types of inheritance?

1.Multiple inheritance( java doesn't support multiple inheritance).
2.Multilevel inheritance.

3.How Inheritance can be implemented in java?
  • Inheritance can be implemented in JAVA using below two keywords:
1.extends
2.implements
  • extends is used for developing inheritance between two classes and two interfaces.
  • implements keyword is used to developed inheritance between interface and class.
4.Why we need to use Inheritance?

1.For Code Re usability.
2.For Method Overriding.

5.what is syntax of inheritance?

public class subclass extends superclass{

//all methods and variables declare here
}

6.what is multilevel inheritance?
  • Getting the properties from one class object to another class object level wise with different priorities.
6.what is Multiple inheritance?why Java Doesn't Support multiple Inheritance.
  • The concept of Getting the properties from multiple class objects to sub class object with same priorities is known as multiple inheritance.
  • In multiple inheritance there is every chance of multiple properties of multiple objects with  the same name available to the sub class object with same priorities leads for the ambiguity. also known as diamond problem. one class extending two super classes.
  • Because of multiple inheritance there is chance of the root object getting created more than once.
  • Always the root object i.e object of object class hast to be created only once.
  1. Because of above mentioned reasons multiple inheritance would not be supported by java.
  2. Thus in java a class can not extend more than one class simultaneously. At most a class can extend only one class.

8.How do you implement multiple inheritance in java?
  • Using interfaces java can support multiple inheritance concept in java. in java can not extend more than one classes, but a class can implement more than one interfaces.
Program:

interface A{

}
interface B{
}
class C extends interface A,B{
}

9.Can a class extend itself?

  • No,A class can't extend itself.

10.What happens if super class and sub class having same field name?


  • Super class field will be hidden in the sub class. You can access hidden super class field in sub class using super keyword.

Thứ Sáu, ngày 10 tháng 4 năm 2015

Compare RESTful vs SOAP Web Services

There are currently two schools of thought in developing Web Services – one being the standards-based traditional approach [ SOAP ] and the other, simpler school of thought [ REST ].
This article quickly compares one with the other -
RESTSOAP
Assumes a point-to-point communication model–not usable for distributed computing environment where message may go through one or more intermediariesDesigned to handle distributed computing environments
Minimal tooling/middleware is necessary. Only HTTP support is requiredRequires significant tooling/middleware support
URL typically references the resource being accessed/deleted/updatedThe content of the message typically decides the operation e.g. doc-literal services
Not reliable – HTTP DELETE can return OK status even if a resource is not deletedReliable
Formal description standards not in widespread use. WSDL 1.2, WADL are candidates.Well defined mechanism for describing the interface e.g. WSDL+XSD, WS-Policy
Better suited for point-to-point or where the intermediary does not play a significant roleWell suited for intermediated services
No constraints on the payloadPayload must comply with the SOAP schema
Only the most well established standards apply e.g. HTTP, SSL. No established standards for other aspects.  DELETE and PUT methods often disabled by firewalls, leads to security complexity.A large number of supporting standards for security, reliability, transactions.
Built-in error handling (faults)No error handling
Tied to the HTTP transport modelBoth SMTP and HTTP are valid application layer protocols used asTransport for SOAP
Less verboseMore verbose
Published at DZone with permission of Jagadeesh Motamarri, author and DZone MVB. (source)

The two protocols have very different uses in the real world.
SOAP(using WSDL) is a heavy-weight XML standard that is centered around document passing. The advantage with this is that your requests and responses can be very well structured, and can even use a DTD. The downside is it is XML, and is very verbose. However, this is good if two parties need to have a strict contract(say for inter-bank communication). SOAP also lets you layer things like WS-Security on your documents. SOAP is generally transport-agnostic, meaning you don't necessarily need to use HTTP.
REST is very lightweight, and relies upon the HTTP standard to do it's work. It is great to get a useful web service up and running quickly. If you don't need a strict API definition, this is the way to go. Most web services fall into this category. You can version your API so that updates to the API do not break it for people using old versions(as long as they specify a version). REST essentially requires HTTP, and is format-agnostic(meaning you can use XML, JSON, HTML, whatever).

Generally I use REST, because I don't need fancy WS-* features. SOAP is good though if you want computers to understand your webservice using a WSDL. REST specifications are generally human-readable only.

Thứ Tư, ngày 01 tháng 4 năm 2015

How to Install the Linux Dynamic Update Client on Ubuntu

You will be able to install No-IP.com’s DUC on Ubuntu in just a few minutes with Terminal. Once you have opened up your Terminal window you will need to login as the “root” user. You can become the root user from the command line by entering “sudo -s” followed by the root password on your machine.
  1. cd /usr/local/src/
  2. wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
  3. tar xf noip-duc-linux.tar.gz
  4. cd noip-2.1.9-1/
  5. make install
You will then be prompted to login with your No-IP.com account username and password.
If you get “make not found” or “missing gcc” then you do not have the gcc compiler tools on your machine. You will need to install these in order to proceed.
To Configure the Client
As root again (or with sudo) issue the below command:
  • /usr/local/bin/noip2 -C (dash capital C, this will create the default config file)
You will then be prompted for your username and password for No-IP, as well as which hostnames you wish to update. Be careful, one of the questions is “Do you wish to update ALL hosts”. If answered incorrectly this could effect hostnames in your account that are pointing at other locations.
Now the client is installed and configured, you just need to launch it. Simply issue this final command to launch the client in the background:
  • /usr/local/bin/noip2
Read the README file in the no-ip-2.1.9 folder for instructions on how to make the client run at startup. This varies depending on what Linux distribution you are running.
And you are done! The DUC should now be installed on Ubuntu.