Skip navigation
All People > Patrick-Dussault > Patrick Dussault's Blog

Here's a sample of ldapsearch command line to get all attributes from a specific user :

 

ldapsearch -h ldap_server_ip -p ldap_port -b "dc=training,dc=com" -D "administrator_dn_to_connect_to_ldap" -w administrator_password -x "(uid=the_uid_value)"

Question

 

How to log headers when running Apache ?

 

Answer

 

Configure Apache with the following module :

 

<IfModule log_forensic_module>  ForensicLog /var/log/httpd/forensic_log  </IfModule> 

and the access request will be logged with access data and all the headers received by the Apache server in /var/log/httpd/forensic_log.

First have installed RedHat Jboss 5.1 on RedHat 5.5 64 bit

 

Then, create the application. 


# su - jboss
$ pwd
/opt/java/jboss
$ mkdir HelloWorld
$ cd HelloWorld
$ nano -w hi.jsp
<html><head><title>JSP Test</title>
<%!
String message = "Hello, World.";
%>
</head>
<body>
<h2><%= message%></h2>
<%= new java.util.Date() %>
</body></html>
$ mkdir WEB-INF
$ nano -w WEB-INF/web.xml
<web-app>
<display-name>Hello World</display-name>
</web-app>

 

Create its deployer :


$ nano -w deploy.sh
#!/bin/bash
SOA_HOME=/opt/CA/JbossAgent

JAVA_OPTS="${JAVA_OPTS} -DJAVA_AGENT_ROOT=${SOA_HOME} -Dlog.log-config-properties=${SOA_HOME}/config/log-config.properties"

JBOSS_CLASSPATH=${JBOSS_CLASSPATH}:${SOA_HOME}/config:${JBOSS_HOME}/server/default/lib/cryptojFIPS.jar

 

Create and deploy the .war


$ /opt/java/jdk/bin/jar -cvf helloworld.war *.jsp WEB-INF
$ cp helloworld.war $JBOSS_HOME/server/default/deploy
$ chmod 755 /opt/java/jboss/jboss-as/server/default/deploy/helloworld.war

 

Start JBoss and have fun


$ cd ..
$ ./jboss-as/bin/run.sh

NOTE : add any other jsp page in the same directory of hi.js in order to produce headers, etc.

How can I know quickly how my Windows OS is configured for localization ?

 

Open a DOS console, and run the following command :

 

c:\> dism /online /get-intl

 

And the output will give you details about the OS configuration :

 


Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Reporting online international settings.

Default system UI language : en-US
System locale : sv-SE
Default time zone : Eastern Standard Time
Active keyboard(s) : 0409:00000409
Keyboard layered driver : PC/AT Enhanced Keyboard (101/102-Key)

Installed language(s): en-US
Type : Fully localized language.

The operation completed successfully.

Download apache-tomcat-8.5.9.tar.gz
Download jdk-7u80-linux-x64.tar.gz
Download JCE for Java 1.7 US_export_policy.jar and local_policy.jar

 

Install the JDK :

 

# mv jdk-7u80-linux-x64.tar.gz /opt/
# cd /opt
# tar xzvf jdk-7u80-linux-x64.tar.gz

 

Applies the JCE patches to the JDK :

 

# cp -p /opt/jdk1.7.0_80/jre/lib/security/US_export_policy.jar /opt/jdk1.7.0_80/jre/lib/security/US_export_policy.jar.orig
# cp -p /opt/jdk1.7.0_80/jre/lib/security/local_policy.jar /opt/jdk1.7.0_80/jre/lib/security/local_policy.jar.orig
# cp US_export_policy.jar /opt/jdk1.7.0_80/jre/lib/security/
# cp local_policy.jar /opt/jdk1.7.0_80/jre/lib/security/

 

Install Tomcat :

 

# mv apache-tomcat-8.5.9.tar.gz /opt/
# cd /opt/
# tar zxvf apache-tomcat-8.5.9.tar.gz
# export CATALINA_HOME=/opt/apache-tomcat-8.5.9
# export JAVA_HOME=/opt/jdk1.7.0_80/jre

 

Start Tomcat :

 

# cd /opt/apache-tomcat-8.5.9/bin/
# ./startup.sh

 

Test the Tomcat's welcome page :

 

On your Windows PC dos console :

 

c:\> start /B iexplore http://mytomcat.mydomain.com:8080/

 

You should see a page with

 

Apache Tomcat/8.5.9
If you're seeing this, you've successfully installed Tomcat. Congratulations!

To see the attribute format from a certificate :

 

$ openssl x509 -in mycert.crt -subject -issuer -nameopt multiline,show_type -noout -subject_hash -issuer_hash

 

subject=
countryName = PRINTABLESTRING:US
organizationName = UTF8STRING:My company .inc
organizationalUnitName = UTF8STRING:Support
commonName = UTF8STRING:My company .inc
description = UTF8STRING:my certificate for the service
emailAddress = IA5STRING:supporto@mycompany.com

 

issuer=
countryName = PRINTABLESTRING:US
organizationName = UTF8STRING:CA Cert
organizationalUnitName = UTF8STRING:Trust Service Provider
2.5.4.97 = UTF8STRING:111-US
commonName = UTF8STRING:CA Cert

Patrick-Dussault

SDK Java Agent Trace

Posted by Patrick-Dussault Employee Nov 24, 2017

If you need to set the traces on the sdk code running java, you should add the following to the java command line :

java -Dcom.ca.siteminder.sdk.agentapi.enableDebug=true

get CMD12165049E.ISO package

 

# mkdir -p /mnt/disk
# mount -o loop CMD12165049E.ISO /mnt/disk
# cd /mnt/disk
# ./dxinstall.sh

 

choose 1. Install Directory Management package (DXmanager, JXweb)
Specify the Java Binary to use [/etc/alternatives/java] /opt/jre1.6.0_22/bin/java
Do you want to change the directory ? (y/n) [n] enter
Please select an option (1,2,3,4,5) [2] enter
Enter the command required, or [Return] to quit. [] Proceed
Do you want to install the DXwebserver software? (y/n/i/q) [y] y
Enter a GID for etrdir, or leave blank to accept the system default []
Enter the login shell for the dsa account [/bin/csh] /bin/bash
Enter a UID for dsa, or leave blank to accept the system default []
The dsa account requires a password
New UNIX password : password
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password: password
Please specify the DXwebserver installation directory [/opt/CA/Directory/dxwebserver]
Do you want to change the directory ? (y/n) [n]
Do you want to specify the DXwebserver port numbers? (y/n) [n]
Do you want to start it now? (y/n) [y]
Do you want to install the DXmanager software (y/n/i/q) [y]
Enter the DXmanager Superuser name [dxmanager]
Enter DXmanager Superuser password: password
Confirm DXmanager Superuser password: password

 

get DVD11092737E.ISO

 

# mkdir -p /mnt/disk
# mount -o loop DVD11092737E.ISO /mnt/disk
# cd /mnt/disk
# ./dxinstall.sh

 

Please select an option (1,2,3,4,5) [2] enter
Enter the command required, or [Return] to quit. [] Proceed
Do you want to install the DXserver software? (y/n/i/q) [y] y
Please specify the DXserver installation directory [/opt/CA/Directory/dxserver]
Do you want to change the directory ? (y/n) [n]
Do you wish to setup DXadmind? (y/n) [y] n
Do you want to view the Readme file for this release? (y/n) [y] n

 

Install capki

 

# cd /mnt/disk/linux_x86/capki
# ./setup install caller=ETRDIR env=all verbose

 

Create a Policy Store :

 

# cd /opt/CA/Directory/dxserver
# export DXHOME=`pwd`
# cd bin/
# ./dxnewdsa ps12sp3cr08 10001 "dc=training,dc=com"

 

From the Policy Server, transfer the following files files to
/root/download

netegrity.dxc
etrust.dxc

# cp /root/download/*.dxc /opt/CA/Directory/dxserver/config/schema/
# cd /opt/CA/Directory/dxserver/config/schema/
# cp -p default.dxg ps12sp3cr08.dxg
# nano -w ps12sp3cr08.dxg

 

add at the very end of the file :
#CA Schema
source "netegrity.dxc";
source "etrust.dxc";
# cd ../servers/
# nano -w ps12sp3cr08.dxi

 

change
# schema
source "../schema/default.dxg";
to
# schema
source "../schema/ps12sp3cr08.dxg";

 

at the end of the file, add :
# cache configuration
set ignore-name-bindings=true;
# nano -w ../limits/default.dxc
change
set max-users = 255;
to
set max-users = 1000;
add
set credits = 5;
change
set max-local-ops = 100;
to
set max-local-ops = 1000;
change
set max-op-size = 200;
to
set max-op-size = 4000;

 

Be sure that everingthing is owned by dsa user created by the installer
# chown -R dsa:etrdir /opt/CA/Directory/dxserver/*
# chown -R dsa:etrdir /opt/CA/Directory/dxwebserver/*
# su - dsa
$ cd bin
$ ./dxserver start ps12sp3cr08

Configure the dxserver as Policy Store

connect host rh5-ps-2.training.com as anonymous
Base DN: dc=training,dc=com
OK
connect
in Explore
create under com - > training
New
Enter RDN: ou=Netegrity
select organizationalunit

OK
submit
refresh
under Netegrity
New
Enter RDN: ou=SiteMinder
select organizationalunit

OK
submit
refresh
under SiteMinder
New
Enter RDN: ou=PolicySvr4
select organizationalunit

OK
submit
refresh

create a user under dc=training,dc=com as cn=siteminder,dc=training,dc=com
cn of the user will be cn=siteminder
sn of the user will be sn=siteminder
edit the userpassword and set "password" as password
this user should have objectClass :

inetOrgPerson
organizationalPerson
person
top

 

Configure the connection to the Policy Store with

Admin Username : cn=siteminder,dc=training,dc=com
Password : password
Confirm Password : password
Root DN : dc=training,dc=com

c:\> smreg -su password
c:\> smobjimport -ihome\db\smdif\smpolicy.smdif -dsiteminder -wpassword -v
c:\> smobjimport -ihome\db\smdif\ampolicy.smdif -dsiteminder -wpassword -v -l -f -c
c:\> XPSDDInstall -ihome\xpd\dd\SmObjects.xdd
c:\> XPSDDInstall -ihome\xpd\dd\EPMObjects.xdd
c:\> XPSDDInstall -ihome\xpd\dd\SecCat.xdd
c:\> XPSDDInstall -ihome\xpd\dd\FssSmObjects.xdd
c:\> XPSRegClient siteminder:password -adminui-setup

get CMD12165049E.ISO package

 

# mkdir -p /mnt/disk
# mount -o loop CMD12165049E.ISO /mnt/disk
# cd /mnt/disk
# ./dxinstall.sh

 

choose 1. Install Directory Management package (DXmanager, JXweb)
Specify the Java Binary to use [/etc/alternatives/java] /opt/jre1.6.0_22/bin/java
Do you want to change the directory ? (y/n) [n] enter
Please select an option (1,2,3,4,5) [2] enter
Enter the command required, or [Return] to quit. [] Proceed
Do you want to install the DXwebserver software? (y/n/i/q) [y] y
Enter a GID for etrdir, or leave blank to accept the system default []
Enter the login shell for the dsa account [/bin/csh] /bin/bash
Enter a UID for dsa, or leave blank to accept the system default []
The dsa account requires a password
New UNIX password : password
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password: password
Please specify the DXwebserver installation directory [/opt/CA/Directory/dxwebserver]
Do you want to change the directory ? (y/n) [n]
Do you want to specify the DXwebserver port numbers? (y/n) [n]
Do you want to start it now? (y/n) [y]
Do you want to install the DXmanager software (y/n/i/q) [y]
Enter the DXmanager Superuser name [dxmanager]
Enter DXmanager Superuser password: password
Confirm DXmanager Superuser password: password

 

get DVD11092737E.ISO

 

# mkdir -p /mnt/disk
# mount -o loop DVD11092737E.ISO /mnt/disk
# cd /mnt/disk
# ./dxinstall.sh

 

Please select an option (1,2,3,4,5) [2] enter
Enter the command required, or [Return] to quit. [] Proceed
Do you want to install the DXserver software? (y/n/i/q) [y] y
Please specify the DXserver installation directory [/opt/CA/Directory/dxserver]
Do you want to change the directory ? (y/n) [n]
Do you wish to setup DXadmind? (y/n) [y] n
Do you want to view the Readme file for this release? (y/n) [y] n

 

Install capki

 

# cd /mnt/disk/linux_x86/capki
# ./setup install caller=ETRDIR env=all verbose

 

Create a Policy Store :

 

# cd /opt/CA/Directory/dxserver
# export DXHOME=`pwd`
# cd bin/
# ./dxnewdsa ps12sp3cr08 10001 "dc=training,dc=com"

 

From the Policy Server, transfer the following files files to
/root/download

netegrity.dxc
etrust.dxc

# cp /root/download/*.dxc /opt/CA/Directory/dxserver/config/schema/
# cd /opt/CA/Directory/dxserver/config/schema/
# cp -p default.dxg ps12sp3cr08.dxg
# nano -w ps12sp3cr08.dxg

 

add at the very end of the file :
#CA Schema
source "netegrity.dxc";
source "etrust.dxc";
# cd ../servers/
# nano -w ps12sp3cr08.dxi

 

change
# schema
source "../schema/default.dxg";
to
# schema
source "../schema/ps12sp3cr08.dxg";

 

at the end of the file, add :
# cache configuration
set ignore-name-bindings=true;
# nano -w ../limits/default.dxc
change
set max-users = 255;
to
set max-users = 1000;
add
set credits = 5;
change
set max-local-ops = 100;
to
set max-local-ops = 1000;
change
set max-op-size = 200;
to
set max-op-size = 4000;

 

Be sure that everingthing is owned by dsa user created by the installer
# chown -R dsa:etrdir /opt/CA/Directory/dxserver/*
# chown -R dsa:etrdir /opt/CA/Directory/dxwebserver/*
# su - dsa
$ cd bin
$ ./dxserver start ps12sp3cr08

Configure the dxserver as Policy Store

connect host rh5-ps-2.training.com as anonymous
Base DN: dc=training,dc=com
OK
connect
in Explore
create under com - > training
New
Enter RDN: ou=Netegrity
select organizationalunit

OK
submit
refresh
under Netegrity
New
Enter RDN: ou=SiteMinder
select organizationalunit

OK
submit
refresh
under SiteMinder
New
Enter RDN: ou=PolicySvr4
select organizationalunit

OK
submit
refresh

create a user under dc=training,dc=com as cn=siteminder,dc=training,dc=com
cn of the user will be cn=siteminder
sn of the user will be sn=siteminder
edit the userpassword and set "password" as password
this user should have objectClass :

inetOrgPerson
organizationalPerson
person
top

 

Configure the connection to the Policy Store with

Admin Username : cn=siteminder,dc=training,dc=com
Password : password
Confirm Password : password
Root DN : dc=training,dc=com

c:\> smreg -su password
c:\> smobjimport -ihome\db\smdif\smpolicy.smdif -dsiteminder -wpassword -v
c:\> smobjimport -ihome\db\smdif\ampolicy.smdif -dsiteminder -wpassword -v -l -f -c
c:\> XPSDDInstall -ihome\xpd\dd\SmObjects.xdd
c:\> XPSDDInstall -ihome\xpd\dd\EPMObjects.xdd
c:\> XPSDDInstall -ihome\xpd\dd\SecCat.xdd
c:\> XPSDDInstall -ihome\xpd\dd\FssSmObjects.xdd
c:\> XPSRegClient siteminder:password -adminui-setup

In order to register as trusted host a Windows Machine to a specific
Windows Domain, do the following :

 

Windows Domain : training.com
Active Directory IP : 10.130.236.102

On the OS to be attached to the domain :

- Set the primary DNS server in the network configuration to be the IP
Address of the Domain Controller (where you just install the Active
Directory), as for example : 10.130.236.102

- In file C:\Windows\System32\drivers\etc\hosts add the following :

10.130.236.102 training.com

- Click Start and Right Click on "My Computer", choose "Properties"
- click on tab "Computer Name"
- Click on "Change..."
- Select Domain and write Training.com
- Give the username and password of the Domain administrator :

administrator : mypassword

- Click "Ok";
- On window "Welcome to the training.com domain" Click "Ok";
- On windows "You must restart your computer before the new settings will take effect" Click "yes";

The PC will reboot. Once you will be able to connect to the machine using :

training\administrator
mypassword

If you need to catch all the output of an interactive command line in
a file, as ca-wa-config.sh to illustrate it, you can use the tee
command to do so :

 

# ./ca-wa-config.sh -i console | tee output.txt

 

and the file output.txt will have all the output you have seen during
the execution of the command ca-wa-config.sh

I'm trying to install jdk-8u131-windows-i586.exe on Windows 2012 R2, and some secondsd after double clicking on the executable, the process ends and shows nothing. How can I solve that ?

 

If you run mcafee antivirus, disable the client the time you run the installation :

 

c:\> mvadm disable

 

To re-enable when your installation is done, run the following command :

 

c:\> mvadm enable

To disable the ldaps 636 port on Oracle Directory Server on Linux, run
the following command :

 

Start the ldap instance :

 

# dsadm start /opt/dsee7/local/myinstance

 

Disable the ldap port 636

 

# dsconf set-server-prop -h localhost -p 389 ldap-secure-port:disabled

 

Stop and start to make the changes

 

# dsadm stop /opt/dsee7/local/myinstance
# dsadm start /opt/dsee7/local/myinstance

 

and verify that the port is not in use anymore :

 

# lsof -i -n -P | grep 636

A single line to install all required packages for 32bit Policy Server on RedHat 6 :

 

for i in compat-db compat-db42 compat-db43 compat-libstdc++ compat-libtermcap expat libfontconfig libfreetype libICE libidn libSM libstdc++ libuuid libX11 libXau libxcb libXext libXft libXi libXp libXrender libXt libXtst ncurses-libs ; do yum -y install $i.i686 ;done;

On Windows, if you have problem to start a process, like Policy Server to illustrate it, you
can use Debug Diag to get the traces of the failure. Because the process doesn't start completely,
then you won't have any log from the Policy Server, and no dump from the process itself neither.
To get the traces and indication on the reason of that problem, follow this procedure. The resulting
files will give you a "trace" of what happens when loading .dll and modules. These indication might
be useful to have an idea where the start process stopped and its reason.

 

1 - To run Debug Diag against a Policy Server :

 

  - Insure that there's no Policy Server running on the system;
  - Double click on C:\Program Files\DebugDiag\DebugDiag.Collection
  - Click "Add Rule...";
  - Select "Crash";
  - Click "Next";
  - Select "A specific process";
  - Click "Next";
  - In "Selected Process", write "smpolicysrv.exe"
  - Click "Next";
  - Click "Exceptions...";
  - Click "Add Exception...";
    - For each "Exception code", select it and click "OK", and repeat until you have selected all "Exception code";
    - When you add all of them, click "Save & Close";
  - Click "Breakpoints...";
  - Click "Add Breakpoints...;
    - For each "Offset Expression", select it and click "OK", and repeat until you have selected all "Exception code";
    - When you add all of them, click "Save & Close";
  - Click "Events..."
    - For each the "Event Code", select it and click "OK", and repeat until you have selected all "Event Code";
    - When you add all of them, click "Save & Close";
  - Click "Next";
  - Click "Next";
  - Select "Activate the rule now";
  - Click "Finish";
  - Open the service pane, and make sure that "Debug Diagnostic Service" (DbgSvc) is up and running;
  - Make sure the Policy Server service is stopped and there's no running Policy Server;
  - As administrator, open a Dos console;
  - Go to the bin repository of your Policy Servert : c:/> cd /path/to/policyserver/bin
  - Write down the current date and hour on the Server;
  - Run the following command : c:\> smpolicysrv
  - Take a screenshot of any popup that might show up;
  - Go to folder : C:\Program Files\DebugDiag\Logs
  - Collect all the logs files starting with DbgSVC_ and smpolicysrv_ you find under this repository;
  - Collect all the dmp files you may find under this repository;