I am using MuleSoft to connect LDAP and provision a user. Connection for Mule 4 LDAP Connector is using LDAPS (SSL Connection using trustStore file + password) over port 636. As mentioned in online documents, I am setting valid userPassword attribute based on Active Directory guidelines. Still it's throwing error:
"OPERATION_NOT_SUPPORTED: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12E8, problem 5003 (WILL_NOT_PERFORM), data 0"
I am able to set this to 546, 544, etc., but 512 never achieved. Please could anyone suggest what may the reason for this error?
Below are the payload for LDAP Add operation :
{
"accountExpires": "0",
"givenName": "First",
"name": "First Last",
"displayName": "First Last",
"cn": "First Last",
"sn": "Last",
"userAccountControl": "512",
"userPassword": "s4mb#r89!DRFnw",
"physicalDeliveryOfficeName": "London",
"dn": "CN=First Last,OU=London,DC=company,DC=co,DC=uk",
"distinguishedName": "CN=First Last,OU=London,DC=company,DC=co,DC=uk",
"manager": "CN=Mgr Name,OU=London,DC=company,DC=co,DC=uk",
"userPrincipalName": "First.Last#company.co.uk",
"sAMAccountName": "First.Last",
"employeeID": "First.Last",
"objectCategory": "CN=Person,CN=Schema,CN=Configuration,DC=company,DC=co,DC=uk",
"objectClass": ["top", "person", "organizationalPerson", "user"]
}
Mule 4 - LDAP Connector Configuration:
<ldap:config name="LDAP_Configuration" doc:name="LDAP Configuration" doc:id="dc616c25-140d-42ef-a72e-575379a81596" >
<ldap:ssl-connection
authDn="ldap_user"
authPassword="password"
url="ldaps://domain:636"
trustStorePath="C:\path\src\main\resources\server.truststore"
trustStorePassword="mulesoft" >
<reconnection >
<reconnect frequency="20000" count="2" />
</reconnection>
</ldap:ssl-connection>
</ldap:config>
It seems that the password used is still not complying with some restriction according to this page: https://ldapwiki.com/wiki/ERROR_PASSWORD_RESTRICTION.
ERROR_PASSWORD_RESTRICTION is an LDAP Result Codes and Microsoft Response Code implying the value provided for the new password does not meet the length, complexity, or history requirements of the domain.
The key code in the string is the Hex Value "0000052D" which is referenced in the Microsoft Response Code
It doesn't seem that there is anything Mule related to this issue. It looks to be purely Active Directory related.
Related
We have multiple data pipelines writing to different BQ tables. Many of them are daily, even hourly as well. Normally they run fine on everyday basis.
Once in a while, the BQ jobs take longer period to complete than usual, and then all the jobs start failing with below error, and after x hours, slowly they get restored on its own and then (all of them) run smoothly.
My guess is they face BQ slot unavailability during this time, so they take longer time to execute, and if the slot unavailability continues, then all the waiting jobs fail (due to auth token expiration), until slots are again available.
In last 6 months, this happened twice that complete unavailability.
We have flat-rate pricing model.
I'm not sure what's causing this slot unavailability issue. Is my understanding in right direction?
Or any suggestions as in how to debug this issue?
Error:
com.google.cloud.bigquery.BigQueryException: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
GET https://www.googleapis.com/bigquery/v2/projects/ccg24-hrzana-p-dps/queries/6e80e34f-b167-464e-b1a4-a2256e5d9376?location=US&maxResults=0&prettyPrint=false
{
"code" : 401,
"details" : [ {
"#type" : "type.googleapis.com/google.rpc.ErrorInfo",
"reason" : "ACCESS_TOKEN_EXPIRED"
} ],
"errors" : [ {
"domain" : "global",
"location" : "Authorization",
"locationType" : "header",
"message" : "Invalid Credentials",
"reason" : "authError"
} ],
"message" : "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status" : "UNAUTHENTICATED"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:118)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:37)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:428)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1111)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:514)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:455)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:565)
at com.google.cloud.bigquery.spi.v2.HttpBigQueryRpc.getQueryResults(HttpBigQueryRpc.java:641)
... 30 more
I added compatibility level FULL on a subject and now I want it removed, so the schema-registry compatibility level (global compatibility level) is used. How can it be done?
According to the documentation updating compatibility level for the specified subject is done by 'PUT /config/(string: subject)' + {"compatibility": "FULL"}.
When I try:
{
"compatibility": ""
}
as body it returns :
{
"error_code": 42203,
"message": "Invalid compatibility level. Valid values are none, backward, forward and full"
}
and if I try empty body:
{
"error_code": 422,
"message": "updateSubjectLevelConfig.arg3 may not be null (was null)"
}
Can someone help?
I checked out schema registry code and in ConfigResource compatibility level received from the request and is parsed against a CompatibilityLevel enum. So, it is either a valid config (none, full...) or exception is thrown (when null). Also, I couldn't find any other rest end point in rest resources that can allow the deletion of this configuration.
How can I log all AMQP commands that go through RabbitMQ broker including service commands like basic.ack, confirm.select etc?
The standard Java client library com.rabbitmq:amqp-client:3.5.4 contains Tracer tool that works as a standalone proxy between your client and broker. It logs all AMQP commands that go through it to System.out.
It's described here: http://www.rabbitmq.com/java-tools.html
Here's an example of its output:
1441190584927: <Tracer-0> ch#1 -> {#method<channel.open>(out-of-band=), null, ""}
1441190584968: <Tracer-0> ch#1 <- {#method<channel.open-ok>(channel-id=), null, ""}
1441190585008: <Tracer-0> ch#1 -> {#method<confirm.select>(nowait=false), null, ""}
1441190585047: <Tracer-0> ch#1 <- {#method<confirm.select-ok>(), null, ""}
1441190585090: <Tracer-0> ch#1 -> {#method<basic.publish>(ticket=0, exchange=node.confirm.publish, routing-key=, mandatory=false, immediate=false), #contentHeader<basic>(content-type=string/utf8, content-encoding=null, headers=null, delivery-mode=2, priority=null, correlation-id=null, reply-to=null, expiration=null, message-id=null, timestamp=null, type=null, user-id=null, app-id=null, cluster-id=null), "some message"}
1441190585128: <Tracer-0> ch#1 <- {#method<channel.close>(reply-code=404, reply-text=NOT_FOUND - no exchange 'node.confirm.publish' in vhost '/', class-id=60, method-id=40), null, ""}
you'll need to modify the rabbimq config. see this page for configuration settings.
specifically, you'll want to set something like "info" or "debug" for whatever you're interested in:
[
{log_levels, [
{channel, debug},
{connection, debug}
]}
].
From that page, look for log_levels and you'll find this configuration information:
Controls the granularity of logging. The value is a list of log event category and log level pairs.
The level can be one of 'none' (no events are logged), 'error' (only errors are logged), 'warning' (only errors and warning are logged), 'info' (errors, warnings and informational messages are logged), or 'debug' (errors, warnings, informational messages and debugging messages are logged).
At present there are four categories defined. Other, currently uncategorized, events are always logged.
The categories are:
channel - for all events relating to AMQP channels
connection - for all events relating to network connections
federation - for all events relating to federation
mirroring - for all events relating to mirrored queues
Default: [{connection, info}]
I'm trying to use hawtio to view some enqueued topics in ActiveMQ.
But when I click on view messages, I get a blank list as output (even though I know the contents are not blank).
This is the error message I get when I browse around my localhost on /8080/hawtio/, so I'm guessing something regarding this is causing it.
Failed to get a response! { "error_type": "javax.management.InstanceNotFoundException", "error": "javax.management.InstanceNotFoundException : org.fusesource.insight:type=LogQuery", "status": 404, "request": { "operation": "logResultsSince", "mbean": "org.fusesource.insight:type=LogQuery", "arguments": [ 0 ], "type": "exec" }, "stacktrace": "javax.management.InstanceNotFoundException: org.fusesource.insight:type=LogQuery\n\tat com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(DefaultMBeanServerInterceptor.java:1095)\n\tat com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBeanInfo(DefaultMBeanServerInterceptor.java:1375)\n\tat com.sun.jmx.mbeanserver.JmxMBeanServer.getMBeanInfo(JmxMBeanServer.java:920)\n\tat org.jolokia.handler.ExecHandler.extractMBeanParameterInfos(ExecHandler.java:167)\n\tat org.jolokia.handler.ExecHandler.extractOperationTypes(ExecHandler.java:133)\n\tat org.jolokia.handler.ExecHandler.doHandleRequest(ExecHandler.java:84)\n\tat org.jolokia.handler.ExecHandler.doHandleRequest(ExecHandler.java:40)\n\tat org.jolokia.handler.JsonRequestHandler.handleRequest(JsonRequestHandler.java:89)\n\tat org.jolokia.backend.MBeanServerExecutorLocal.handleRequest(MBeanServerExecutorLocal.java:109)\n\tat org.jolokia.backend.MBeanServerHandler.dispatchRequest(MBeanServerHandler.java:102)\n\tat org.jolokia.backend.LocalRequestDispatcher.dispatchRequest(LocalRequestDispatcher.java:91)\n\tat org.jolokia.backend.BackendManager.callRequestDispatcher(BackendManager.java:388)\n\tat org.jolokia.backend.BackendManager.handleRequest(BackendManager.java:150)\n\tat org.jolokia.http.HttpRequestHandler.executeRequest(HttpRequestHandler.java:197)\n\tat org.jolokia.http.HttpRequestHandler.handlePostRequest(HttpRequestHandler.java:131)\n\tat org.jolokia.jvmagent.JolokiaHttpHandler.executePostRequest(JolokiaHttpHandler.java:195)\n\tat org.jolokia.jvmagent.JolokiaHttpHandler.handle(JolokiaHttpHandler.java:143)\n\tat com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)\n\tat sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:83)\n\tat com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:80)\n\tat sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:677)\n\tat com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)\n\tat sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:649)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)\n\tat java.lang.Thread.run(Thread.java:724)\n" }
Incidentally ActiveMQ doesn't support browsing of topics; only queues
You'll need to upgrade to hawt.io 1.2M27, which fixes this issue. 1.2M26 was assuming the log query was always installed, M27 removed it from the default.
Also we don't yet support all activemq message types, there's an open issue for that -> https://github.com/hawtio/hawtio/issues/655
So if your messages are not text messages this could be why you're not seeing the message body.
Tried with a similar question earlier, but could not I make headway. So I did new tests and here is the new question:
I did a brand new installation of PHARO 1.4 and GEMSTONE 3.0.1.2 on the same machine. (Linux CENTOS). Loaded seaside 3.0 in Pharo and version 3.0.7.1 in Gemstone using the latest version of Gemtools (1.0 beta 87) with the latest version of glass workspace (1.0 beta 8.7.4).
I opened the workspace and evaluated:
(WAEmailMessage
from: (WAEmailAddress address: 'xx#aa.com' username: 'fromMe')
to: (WAEmailAddress address: 'shyam#localhost' username: 'shyam')
subject: 'Email Test')
body: 'This is a Test Email sent';
send.
(BTW, As the default mail host in Gemstone is "mailhost", I added the following line to the /etc/hosts file127.0.0.1 localhost mailhost ).
On Pharo the message is sent and received correctly, while in Gemstone I get
a MessageNotUnderstood occurred (error 2010), a UndefinedObject does not understand #'isEmpty', in the method
readSmtpResult
| result firstChar |
[self readWillNotBlockWithin: 5000]
whileFalse: [GsFile stderr log: 'Waiting for server to write...'].
result := self readString: 500.
result isEmpty =========================> HERE result is "nil".
ifTrue:
[self log: 'Empty result'.
^false].
The reason being that result returns a nil.
I tried with similar results also on MAC OS X which instead went into a loop in the lines above.
Using tcpdump -X -i lo tcp port 25 and WireShark, I noticed that for GEMSTONE, I saw NO activity while the packets were correctly exchanged for PHARO.
Evidently, I am doing something terribly wrong to get it wrong on two different systems.
Any idea ?
Thanks
Shyam.
result is nil because #readString: returned nil.
It seems that the peer does not send any data. As you already traced that there is no activity on port 25 going on, are you sure that the SMTP parameters are correct?
Seaside-Email contains code that you can use to configure your SMTP-Server.
Given you have your Seaside application seasideApp, you can do the following:
seasideApp configuration
addParent: WAEmailConfiguration instance.
seasideApp
preferenceAt: #smtpServer put: 'your.smtp.host';
preferenceAt: #smtpPort put: 25;
preferenceAt: #smtpUsername put: 'your.smtp.username.or.nil.if.unecessary';
preferenceAt: #smtpUsername put: 'your.smtp.password.or.nil.if.unecessary';
yourself.
Note that #smtpServer and smtpPort must be configured the way described, as they are used in the GemStone version of GRPlatform>>#seasideDeliverEmailMessage:. I opted to deliberately not use the GemStone defaults.
Also, setting the SMTP parameters this way is ment to work cross-platform; if it does not, please contact me directly.