I want to understand how ACL's works in Tivoli Identity Manager. I am trying to request for an a/c on a service from a user console but getting an error :
" The request cannot be submitted because the synchronization password does not comply with the password rules that govern the service. Change or reset the synchronization password to comply with the following password rules."
I have set default password to "12345" in provisioning policy and password length from 0 to 8 in password policy and have grant 'ADD' operation in ACL, still dont know what wrong am i doing. pLease suggest
Below is the rule under default Identity policy for ITIM.
function createIdentity() {
var EXISTING_CASE=0;
var UPPER_CASE=1;
var LOWER_CASE=2;
var tf = false;
var identity = "";
var baseidentity = "";
var counter = 0;
var locale = subject.getProperty("erlocale");
var fAttrKey = "uid";
var sAttrKey = "";
var idx1 = 0;
var idx2 = 0;
var fCase = 2;
var sCase = 2;
if ((locale != null) && (locale.length > 0)) {
locale = locale[0];
}
if (locale == null || locale.length == 0)
locale = "";
var firstAttribute = "";
var secondAttribute = "";
if (((fAttrKey != null) && (fAttrKey.length > 0)) || ((sAttrkey != null) && (sAttrkey.length > 0))) {
if ((fAttrKey != null) && (fAttrKey.length > 0)) {
firstAttribute = subject.getProperty(fAttrKey);
if (((firstAttribute != null) && (firstAttribute.length > 0)))
firstAttribute = firstAttribute[0];
if (firstAttribute == null || firstAttribute.length == 0)
firstAttribute = "";
else {
firstAttribute=IdentityPolicy.resolveAttribute(fAttrKey,firstAttribute);
if ((idx1>firstAttribute.length) || (idx1==0))
idx1=firstAttribute.length;
firstAttribute = firstAttribute.substring(0,idx1);
}
if (fCase == UPPER_CASE)
firstAttribute = firstAttribute.toUpperCase(locale);
else if (fCase == LOWER_CASE)
firstAttribute = firstAttribute.toLowerCase(locale);
}
if ((sAttrKey != null) && (sAttrKey.length > 0)) {
secondAttribute = subject.getProperty(sAttrKey);
if (((secondAttribute != null) && (secondAttribute.length > 0)))
secondAttribute = secondAttribute[0];
if (secondAttribute == null || secondAttribute.length == 0)
secondAttribute = "";
else {
secondAttribute=IdentityPolicy.resolveAttribute(sAttrKey,secondAttribute);
if ((idx2>secondAttribute.length) || (idx2==0))
idx2=secondAttribute.length;
secondAttribute = secondAttribute.substring(0,idx2);
}
if (sCase == UPPER_CASE)
secondAttribute = secondAttribute.toUpperCase(locale);
else if (sCase == LOWER_CASE)
secondAttribute = secondAttribute.toLowerCase(locale);
}
baseidentity = firstAttribute + secondAttribute;
}
if ((baseidentity == null) || (baseidentity.length == 0)) {
var givenname = subject.getProperty("givenname");
if (((givenname != null) && (givenname.length > 0)))
givenname = givenname[0];
if(givenname == null || givenname.length == 0)
givenname = "";
else
givenname = givenname.substring(0,1);
baseidentity = givenname + subject.getProperty("sn")[0];
}
tf = IdentityPolicy.userIDExists(baseidentity, false, false);
if (!tf)
return baseidentity;
while (tf) {
counter+=1;
identity = baseidentity + counter;
tf = IdentityPolicy.userIDExists(identity, false, false);
}
return identity;
}
return createIdentity();
I am going to assume when you are requesting access you don't already have an account for the service. Hence, it is trying to create a new account for that service before provisioning the access. When the new account is created, it will use the password from the identity for the service if you have global password synchronization turned on.
The password set on the identity (erSynchPassword) does not meet the password requirements for the individual service. Try changing the password on the identity and make sure that the password meets the service's password requirements. Or, temporarily for testing, disable the password policy that applies to that service and attempt to request access.
If this is a development question, personally I would disable all password policies temporarily to determine if the problem is really a password policy issue. That is the easiest way to troubleshoot the error you are seeing.
Related
I am using free-jqgrid 4.15.4 for showing the data. There i have a need to search date column with Date less but not empty filter, but it is not filtering correctly. In result it gives me date which are greater than searched date.
Below code is used for custom filter in date column:
customSortOperations: {
dlne: {
operand: "<!=''",
text: "Date less but not empty",
filter:function (options) {
var p = this.p, iCol = p.iColByName[options.cmName], cm = p.colModel[iCol],
newformat = cm.formatoptions != null && cm.formatoptions.newformat ?
cm.formatoptions.newformat :
$(this).jqGrid("getGridRes", "formatter.date.newformat"),
srcformat = cm.formatoptions != null && cm.formatoptions.srcformat ?
cm.formatoptions.srcformat :
$(this).jqGrid("getGridRes", "formatter.date.srcformat"),
fieldData = $.jgrid.parseDate.call(this, srcformat, options.item[options.cmName]),
searchValue = $.jgrid.parseDate.call(this, newformat, options.searchValue);
var retFData = convertD(fieldData), t = new Date(retFData);
if ((retFData.getFullYear() < searchValue.getFullYear()) && (retFData.getMonth() < searchValue.getMonth()) && (retFData.getDate() < searchValue.getDate())) {
return true
}
}
},
}
The convert function that I am using for converting string into date format, is written below:
function convertD(dateField) {
var date = new Date(dateField),
mnth = ("0" + (date.getMonth() + 1)).slice(-2),
day = ("0" + date.getDate()).slice(-2);
// year= (date.getFullYear())
var retVal = [day, mnth, date.getFullYear()].join("/");
return retVal;
}
I have taken the idea from here and made some changes but seems no avail. So requesting community to help on this.
The code of dlne could be fixed to for example the following:
dlne: {
operand: "<!=''",
text: "Date less but not empty",
filter: function (options) {
var p = this.p, iCol = p.iColByName[options.cmName], cm = p.colModel[iCol],
newformat = cm.formatoptions != null && cm.formatoptions.newformat ?
cm.formatoptions.newformat :
$(this).jqGrid("getGridRes", "formatter.date.newformat"),
srcformat = cm.formatoptions != null && cm.formatoptions.srcformat ?
cm.formatoptions.srcformat :
$(this).jqGrid("getGridRes", "formatter.date.srcformat"),
fieldData, searchValue;
// the exact condition to test for "empty" depend on the format of your data
if (!options.item[options.cmName]) {
return false; // ignore empty data
}
fieldData = $.jgrid.parseDate.call(this, srcformat, options.item[options.cmName]);
searchValue = $.jgrid.parseDate.call(this, newformat, options.searchValue);
return fieldData.getFullYear() < searchValue.getFullYear() ||
(fieldData.getFullYear() === searchValue.getFullYear() &&
fieldData.getMonth() < searchValue.getMonth()) ||
(fieldData.getFullYear() === searchValue.getFullYear() &&
fieldData.getMonth() === searchValue.getMonth() &&
fieldData.getDate() < searchValue.getDate());
}
}
see https://jsfiddle.net/OlegKi/51vfn4k9/11/
I am using NetWkstaUserEnum() to get the local users name and its domain details.
Till Windows 7 it used to return only the login name and it worked fine. From Windows 8 onwards Microsoft Account was added and for this type of account the API started returning the Microsoft Account name instead of the local login name.
For example it returned username#outlook.com instead of usern_0000 which is the actual Windows local login name.
I cannot use NetUserEnum() as it does not return the domain name of the user.
So I need to get the local login name for the given Microsoft Account returned by NetWkstaUserEnum() API.
Any help will be appreciated.
Finally I was able to locate a way to get the Windows username for the given Microsoft Account.It uses NetUserGetInfo() to get the Microsoft Account name for the given username.
Code Snippet:
do
{
ntStatus = NetUserEnum(szSvr, 0, 0, (LPBYTE*)&userInfo0, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries, &dwResumeHandle);
if( (ntStatus == NERR_Success) || (ntStatus == ERROR_MORE_DATA) )
{
tmpinfo = userInfo0;
for( i = 0; (i < dwEntriesRead); i++ )
{
if(tmpinfo != NULL)
{
ntStatus = NetUserGetInfo(szSvr, tmpinfo->usri0_name, 24,(LPBYTE*)&userInfo24);
if(ntStatus == NERR_Success)
{
CString internetPrincipalName = (LPCWSTR) userInfo24->usri24_internet_principal_name;
if(LoginUsrStr.CompareNoCase(internetPrincipalName) == 0)
{
OutputDebugString("###### Account Found ######");
localAccount = (LPCWSTR) tmpinfo->usri0_name;
userFound = TRUE;
break;
}
}
}
tmpinfo++;
}
}
if( userInfo0 != NULL )
{
NetApiBufferFree( userInfo0 ) ;
userInfo0 = NULL ;
}
if( userInfo24 != NULL )
{
NetApiBufferFree( userInfo24 ) ;
userInfo24 = NULL ;
}
} while( userFound == FALSE && ntStatus == ERROR_MORE_DATA ) ;
I'm trying to retrieve a users tweets from the last 2 months. However, LINQ to Twitter limits the amount of tweets you can retrieve to 200. Is there a way to retrieve more?
The Twitter api allows paging, like:
http://api.twitter.com/1/statuses/user_timeline.json?id=username8&count=200&page=2
I couldn't find anything similair in the LINQ to Twitter library.
I tried the following, but it doesn't work:
var statusTweets = (from tweet in twitterCtx.Status
where tweet.Type == StatusType.User &&
tweet.Count == 200 &&
tweet.ScreenName == "username"
select tweet).Skip(200);
Ok, I feel a bit stupid now. Turns out there IS a paging parameter.
Solution
for (int i = 0; i < 5; i++)
{
var statusTweets = (from tweet in twitterCtx.Status
where tweet.Type == StatusType.User &&
tweet.Count == 200 &&
tweet.ScreenName == "username" &&
tweet.Page == i
select tweet)
}
Here is a full function to get all the tweets from a user
public static List<Status> searchUserTweet(string screenName, int maxPagination)
{
var twitterCtx = new TwitterContext(authorizer);
List<Status> searchResults = new List<Status>();
int maxNumberToFind = 200;
int pagination = 0;
ulong lastId = 0;
int count = 0;
var tweets = (from tweet in twitterCtx.Status
where tweet.Type == StatusType.User &&
tweet.ScreenName == screenName &&
tweet.Count == maxNumberToFind
select tweet).ToList();
if (tweets.Count > 0)
{
lastId = ulong.Parse(tweets.Last().StatusID.ToString());
searchResults.AddRange(tweets);
}
do
{
var id = lastId - 1;
tweets = (from tweet in twitterCtx.Status
where tweet.Type == StatusType.User &&
tweet.ScreenName == screenName &&
tweet.Count == maxNumberToFind &&
tweet.MaxID == id
select tweet).ToList();
searchResults.AddRange(tweets);
lastId = tweets.Min(x => x.StatusID);
pagination++;
count = (pagination > maxPagination) ? 0 : tweets.Count;
} while (count == maxNumberToFind);
return searchResults;
}
I want to write an application which will create cookies for firefox.
I want to create Client cookies so that firefox will send cookie content in HTTP request.
Similar to the win32 API InternetSetCookie()
Can you please guide on this ?
If you can point me to some code snippet or help, I will try to figure out from that.
This cookie needs to go to SQLITE database, but it seems from old questions that this database get locked if firefox is running. This locking is done in FF 3.5
Just want to confirm if this is the case with FF9 or do we have any API ?
Regards
On Firefox, you can write an add-on to achieve that. Take a look at the source code of the following add-ons. They provide features such as adding, deleting, editing cookies while Firefox is running. It seems they all work with Firefox 9.0.1 (latest stable).
Cookie Manager+
Advanced Cookie Manager
Add N Edit Cookie
Edit Cookie
Edit:
I am posting some cookie management code from the Evernote plugin's MozillaCookieManagerImpl.js file. I think the code speaks for itself. Have a look below. It shows how to access cookies, set, get and remove them etc.
Accessing Mozilla's Cookie Management Interface
Evernote.MozillaCookieManagerImpl = function MozillaCookieManagerImpl() {
};
Evernote.inherit(Evernote.MozillaCookieManagerImpl,
Evernote.CookieManagerImpl, true);
Evernote.MozillaCookieManagerImpl.isResponsibleFor = function(navigator) {
var ua = navigator.userAgent.toLowerCase();
return (ua.indexOf("firefox") >= 0 || ua.indexOf("thunderbird") >= 0 || ua
.indexOf("shredder") >= 0);
};
Evernote.MozillaCookieManagerImpl.prototype.manager = null;
Evernote.MozillaCookieManagerImpl.prototype._ios = null;
Evernote.MozillaCookieManagerImpl.prototype._cookieSrv = null;
Evernote.MozillaCookieManagerImpl.prototype._cookieManagerSrv = null;
Evernote.MozillaCookieManagerImpl.prototype.getIOService = function() {
if (this._ios == null) {
this._ios = Components.classes["#mozilla.org/network/io-service;1"]
.getService(Components.interfaces.nsIIOService);
}
return this._ios;
};
Evernote.MozillaCookieManagerImpl.prototype.getCookieService = function(
force) {
if (this._cookieSrv == null || force) {
this._cookieSrv = Components.classes["#mozilla.org/cookieService;1"]
.getService(Components.interfaces.nsICookieService);
}
return this._cookieSrv;
};
Evernote.MozillaCookieManagerImpl.prototype.getCookieManagerService = function(
force) {
if (this._cookieManagerSrv == null || force) {
this._cookieManagerSrv = Components.classes["#mozilla.org/cookiemanager;1"]
.getService(Components.interfaces.nsICookieManager);
}
return this._cookieManagerSrv;
};
Get Cookie
Evernote.MozillaCookieManagerImpl.prototype.get = function(name, url) {
var uri = this.getIOService().newURI(url, null, null);
var cookieMgr = this.getCookieManagerService();
if (cookieMgr) {
for ( var e = cookieMgr.enumerator; e.hasMoreElements();) {
var cookie = e.getNext().QueryInterface(Components.interfaces.nsICookie);
if (cookie && cookie.host == uri.host && cookie.name == name) {
return new Evernote.Cookie(cookie);
}
}
}
return null;
};
Set Cookie
Evernote.MozillaCookieManagerImpl.prototype.set = function(cookie, url) {
var uri = (typeof url == 'string') ? this.getIOService().newURI(url, null,
null) : null;
if (cookie instanceof Evernote.Cookie && typeof cookie.name == 'string'
&& cookie.name.length > 0) {
this.getCookieService().setCookieString(uri, null,
(cookie.name + "=" + cookie.value + ";"), null);
}
};
Removie Cookie
Evernote.MozillaCookieManagerImpl.prototype.remove = function(name, url) {
var cookieMgr = this.getCookieManagerService();
var urlParts = url.split("://", 2);
var domain = (urlParts.length == 2) ? urlParts[1] : urlParts[0];
urlParts = domain.split("/", 2);
var path = (urlParts.length == 2) ? urlParts[1] : null;
cookieMgr.remove(domain, name, path, false);
};
i am building a site with a login page and want to prevent user from login after 5 try fails for 20 min
maybe one way is this
const int maxTryCount = 5;
const int minutesToSuspend = 20;
[HttpPost]
public ActionResult Index(PeopleAccount account, string returnUrl)
{
if (Session["TimeStamp"] == null || ((DateTime)Session["TimeStamp"]).AddMinutes(minutesToSuspend) <= DateTime.Now)
{
PeopleAccountService service = new PeopleAccountService();
DataSet ds = service.Authentication(account.UserName, account.Password, null, null);
if (ds.Tables[1].Rows.Count > 0)
{
FormsAuthentication.SetAuthCookie(account.UserName, false);
Session.Clear();
Session["UserAccressibility"] = ds.Tables[0];
Session["UserFullName"] = ds.Tables[1].Rows[0][0];
if (returnUrl != null && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
return Redirect(returnUrl);
return RedirectToAction("Index", "Stuff", null);
}
else
{
Session["TryCount"] = (Session["TryCount"] == null
|| (Session["TimeStamp"] != null && ((DateTime)Session["TimeStamp"]).AddMinutes(minutesToSuspend) <= DateTime.Now)) ?
1 : ((int)Session["TryCount"]) + 1;
if ((int)Session["TryCount"] > maxTryCount)
{
Session["TimeStamp"] = DateTime.Now;
return Redirect("~/UnauthorizedAccess/Index");
}
ModelState.AddModelError("", Paymankaran.Content.Messages.InvalidUsernameAndOrPassword);
ModelState.AddModelError("", string.Format(Paymankaran.Content.Messages.TryCountWarning,
Session["TryCount"], maxTryCount, minutesToSuspend));
return View();
}
}
return Redirect("~/UnauthorizedAccess/Index");
}
}
in fact i am using Session["TimeStamp"] and Session["TryCount"] variables to implement this functionality
is there a better or more secure way?
is this a good way to achieve this functionality?
Using Asp.net membership provider would give you this feature (and much more) for free.