Home

Results 1 to 6 of 6

Thread: nqmdiscovery -p to add oracle users to security manager?

  1. #1
    kgorman1 NNTP User

    nqmdiscovery -p to add oracle users to security manager?


    We're looking for a way to run nqmdiscovery from a client server to
    populate oracle users in security manager. In theory, the -p and -f
    options look promising but the syntax is a bit vague.

    nqmdiscovery -h
    ....
    -p label sublabel encryptflag value1 value2 value3
    to add the KPW or Security Context information to MSU
    -f
    used only when -p is specified
    to force MS NOT creating any discovery job
    ....

    Anyone have suggestions, hints, or anything?

    Thanks!


    --
    kgorman1
    ------------------------------------------------------------------------
    kgorman1's Profile: https://forums.netiq.com/member.php?userid=5108
    View this thread: https://forums.netiq.com/showthread.php?t=47870


  2. #2
    andy doran NNTP User

    Re: nqmdiscovery -p to add oracle users to security manager?


    Hi.. Not sure I can give you a complete answer because I am not sure if
    this utility will allow you to pass the information required for the
    Oracle module.

    the -p switch maps the values you supply to the fields in the KPW table
    in the QDB which is where this information ultimately is stored. That
    table uses the fields Label, Sublabel Val1, Val2, Val3 - and if you use
    the "Security Manager" utility from the Operator Console and go to the
    "Custom" tab for a server where you have set this information - you will
    get a better picture of how these things are then mapped.

    In the case of the Oracle module for Unix, that is:-

    Label: oracle$<database name>
    SubLabel: <username>
    Val1: <password>

    So if you wanted to use this to set the information for the database
    "MyNewDB" and the user "MyUser", you would expect to have something
    like:-

    ../nqmdiscovery -p oracle$MyNewDB MyUser true MyNewPassword nothing
    nothing

    (you need all the parameters, so pass any string for Val2 and Val3 -
    they are then ignored by the application... and you need to have them
    stored in encrypted format, so you pass "true" for that parameter).
    However.. I have noticed that the $ causes the utility a problem, so
    setting this information in this way for the Oracle module may not be
    possible.

    It is definitely possible to do this via NetIQOLE - but that is a
    Windows COM object (used in fact by the "Security Manager" application).
    So you could have a VB Script on Windows that sets this information up
    for a bunch of Unix agents, but there may be a problem using it to set
    up the agents from those agents themselves. Unless there is a way to
    "escape" the dollar....


    --
    Andy Doran
    Software Engineer Consultant (NetIQ)
    ------------------------------------------------------------------------
    andy_doran's Profile: https://forums.netiq.com/member.php?userid=3937
    View this thread: https://forums.netiq.com/showthread.php?t=47870


  3. #3
    andy doran NNTP User

    Re: nqmdiscovery -p to add oracle users to security manager?


    OK - thanks to a little help from an engineer ... ;^) You can do this so
    long as you escape the $. So for example you can do this:-

    ../nqmdiscovery -n MYHOST -p oracle\$MyDatabase MyUser true MyPassword
    nothing nothing

    And it will configure security for that server in the QDB for Oracle.
    The "-n MYHOST" ensures that the hostname is used - assuming that the
    agent appears using the hostname. If you miss out that switch then you
    might get it configured via the IP address instead.


    --
    Andy Doran
    Software Engineer Consultant (NetIQ)
    ------------------------------------------------------------------------
    andy_doran's Profile: https://forums.netiq.com/member.php?userid=3937
    View this thread: https://forums.netiq.com/showthread.php?t=47870


  4. #4
    kgorman1 NNTP User

    Re: nqmdiscovery -p to add oracle users to security manager?


    Thanks for the response and sorry for my late reply...
    I figured out quite a while back to use single quotes or to escape the $
    as you suggest. Single quotes (-p 'oracle$MyDatabase') tell the shell
    not to interpret variables.
    If I run from the shell I use -n `hostname -s`

    Something like this:

    nqmdiscovery -n `hostname -s` -p oracle\$MyDatabase MyUser 1 MyPassword
    '' ''
    nqmdiscovery -n `hostname -s` -p 'oracle$MyDatabase' MyUser 1 MyPassword
    '' ''

    The '' '' are 2 sets of single quotes. I seem to recall something saying
    that all values had to be given even if they were, er, nothing.


    --
    kgorman1
    ------------------------------------------------------------------------
    kgorman1's Profile: https://forums.netiq.com/member.php?userid=5108
    View this thread: https://forums.netiq.com/showthread.php?t=47870


  5. #5
    kgorman1 NNTP User

    Re: nqmdiscovery -p to add oracle users to security manager?


    When looking at the log, I see the above generates some XML.
    I'd like to use CreateEvent to do the same (using some XML like
    discovery scripts) rather than ExecCmd to run the binary.
    Why you ask?
    Maybe it's my test system, but I find that running nqmdiscovery from
    within a KS causes the agent to die.
    Similarly, running the oracle config script restarts the agent, which
    restarts the KS, which restarts the agent; infinite loop.

    The idea is to have a KS that configures oracle.netiq and then runs the
    oracle discovery script to discover Oracle instances. The script I've
    created works, but it's a bit clumsy.

    The sequence of events is:
    update security manager for each new instance
    run the oracle config script (Needed when the 1st instance is
    discovered. Restarts the agent)
    write a new oracle.netiq
    run the Oracle discovery script

    As I mentioned, any or all of these may cause the agent to exit, and
    sometimes dump core. Since the default number of core files seems to be
    2, after which the agent won't start, so reliability is a problem.

    Any suggestions?


    --
    kgorman1
    ------------------------------------------------------------------------
    kgorman1's Profile: https://forums.netiq.com/member.php?userid=5108
    View this thread: https://forums.netiq.com/showthread.php?t=47870


  6. #6
    kgorman1 NNTP User

    Re: nqmdiscovery -p to add oracle users to security manager?


    Nice. You can edit, but not save after a few minutes so what was typed
    gets lost.

    Anyway, I made a KS to send XML (snagged from the agent log after
    running nqmdiscovery) via CreateEvent but suspect the parameters are
    incorrect.

    BTW, I also got the syntax down for the Weblogic nqmdiscovery long ago.


    Thanks!


    --
    kgorman1
    ------------------------------------------------------------------------
    kgorman1's Profile: https://forums.netiq.com/member.php?userid=5108
    View this thread: https://forums.netiq.com/showthread.php?t=47870


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •