ACS an Win 2k3 AD attribute mapping

Hello!
I have a problem with 802.1x (PEAP) authentication for wired clients. If the option "Log On To" in AD is enabled, authentication failed. Without this option everything works fine.
I suspect that I'm missing something in ACS configuration which uses AD as external database.
Which ACS attribute corresponds to "Log On To" option in AD?
Thanks!

Is the external database configuration for the Windows database set up correctly?
Can you successfully use the AD credentials to log in via a plane text password, such as logging into a router?
Are the users statically configured? If so, they will need to have their password type set to "Windows Database".
Or, are you using the Unknown User configuration? If so, is that properly configured to use the Windows database?

Similar Messages

Weblogic 10.3.0 on Win 2k3 64 bit

Hi All
I have installed Weblogic 10.3.0 on Win 2K3 64 bit and created a domain with using Sun JDK 1.6.0_10.
The server crashes when I enter the username on the prompt while starting the server. But if I hard-code the userID/pwd in the SetDomainEnv.cmd file, the server works fine.
The error that I am getting in the first case is:
Enter username to boot WebLogic server:weblogic
<Oct 6, 2010 2:53:38 PM CDT> <*Error*> <Security> <BEA-090782> <Server is Running in Production Mode and Native Library(terminalio) to read the password securely from commandline is not found.>
<Oct 6, 2010 2:53:38 PM CDT> <Notice> <WebLogicServer> <BEA-000388> <JVM called WLS shutdown hook. The server will force shutdown now>
<Oct 6, 2010 2:53:38 PM CDT> <Alert> <WebLogicServer> <BEA-000396> <Server shutdown has been requested by <WLS Kernel>>
<Oct 6, 2010 2:53:38 PM CDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
Please let me know if anyone of you have the resolution to this problem.
Thanks

You might try to rename (.old) the admin server cache files and try again. They are located at xxxdomain\servers\admin (4 folders - cache, data, tmp, security).....

AP_EXPENSE_REPORT_HEADERS_ALL attribute mapping to AP_INVOICES_ALL

Hi,
We need to have some values in AP_INVOICES_ALL in some DFF ( For example Attribute10 ) for invoices we import via expense express. When we update attribute10 of ap_expense_report_headers_all after import i dont see it in the ap_invoices_all table.
What is the mapping of the ap_invoices_all attributes to the ap_expense_report_headers_all attributes.
Please help.
thanks
Ramakrishna

Hi,
The Attribute Mapping must be exactly matching between AP & Iexp.
For example, if you are having a DFF in iExpense called DFF1 (Attribute12-Expense Headers), then you need to create a Attribute in AP Invoice Headers with the same Attribute Number 12.
If you are creating in Expenses Report Lines, the create in AP Invoice Lines category. Pls remember that Attribute No. must be same. If it is done, then data will move exactly from iExpense to AP when Expense Report Export program is run.
The DFF Names need not be same.
Regards,
guru

XSU attribute mapping error

I've encountered an attribute mapping problem when using the Java OracleXMLQuery class in XSU (Oracle XML Developer's Kit for PL/SQL on Windows NT - 9i 9.2.0.1.0). As an example, take a look at the following object type containing one field whose name is prefaced with "@". This should cause XSU to map the field as an attribute rather than an element:
create or replace type testtype_t as object
"@test_attribute" varchar2(20),
test_element varchar2(30)
Here's the query passed to OracleXMLQuery:
select testtype_t('abc', 'def') "TEST1", testtype_t('ghi', 'jkl') "TEST2" from dual
Here's the output of the getXMLString method:
<?xml version = '1.0'?>
<ROWSET>
<ROW num="1">
<TEST1 test_attribute="abc">
<TEST_ELEMENT>def</TEST_ELEMENT>
</TEST1>
<TEST2>
<test_attribute>ghi</test_attribute>
<TEST_ELEMENT>jkl</TEST_ELEMENT>
</TEST2>
</ROW>
</ROWSET>
Notice that the output is correct for the "TEST1" element - it contains a "test_attribute" attribute. The "TEST2" element, however, does not contain a "test_attribute" attribute. Instead, the field was output as a child element of "TEST2" called "test_attribute". To get around this, I had to create another object type as follows:
create or replace type testtype2_t as object
"@test_attribute" varchar2(20),
test_element varchar2(30)
It's format is identical to the "testtype_t" object type described above. Here's the new query passed to OracleXMLQuery:
select testtype_t('abc', 'def') "TEST1", testtype2_t('ghi', 'jkl') "TEST2" from dual
Here's the resulting output of the getXMLString method:
<?xml version = '1.0'?>
<ROWSET>
<ROW num="1">
<TEST1 test_attribute="abc">
<TEST_ELEMENT>def</TEST_ELEMENT>
</TEST1>
<TEST2 test_attribute="ghi">
<TEST_ELEMENT>jkl</TEST_ELEMENT>
</TEST2>
</ROW>
</ROWSET>
Now, the "TEST2" element contains an attribute as it should.
It seems that the only time attributes are mapped correctly for a particular object type is when it is first encountered in the query. The mapping fails for each subsequent occurrence. Creating additional object type definitions is a solution, but this can result in the creation of many redundant object type definitions. Is there another solution available? Thanks . . .

Hi,
Please tell me when you are getting this error and please explain a bit more what exactly you want to do..
Thanks
--Anil

Attribute mapping not working with complex searches

Hi all,
We are using "attribute mapping" for some attributes and that works fine as far as we don't make a complex search. We are doing the attribute mapping at the Directory proxy 6.3 so we map businessSector to businessUnit. Everything work fine if we just put businessSector in the search, but if we add something else to the search filter, it will not work.
So, if we use filter businessSector=XXXXXXX, it will work and make all the mapping, but if we use something like "(&(pocketSizeOffice=Yes)(businessSector=XXXXXXX))", it will not work.
We have look at the logs and we see the mapping happening in the first case, but not in the second one.
Have somebody seem this before or is facing this problem?
Thanks,
Federico

Hi Federico,
I was not able to reproduce the problem with DPS 6.3 in my labs... so the conditions to reproduce it may be more tricky than described. Anyway, this is not a known problem.
Feel free to contact Sun support to have a fix delivered to you.
Thanks
-Sylvain

UME attribute mapping for lastpasswordchange to AD

We are on EP 7.0 and are using Microsoft Active Directory 2003 as our user repository.
I am using a writeable datasource configuration file to update passwords in AD from portal (SSL configured)
For users who had password reset done through the portal, portal has the information for "Date of Last Password Change".
However, for users who do password resets with other mechanisms (outside of SAP portal), portal does not have this information.
I am trying to map the UME logical attribute "lastpasswordchange" to the corresponding physical attribute on Active Directory - which I believe is "pwdLastSet".
My XML configuration looks like the following
<dataSource id="CORP_LDAP"
         <responsibleFor>
              <principal type="account">
                   <nameSpace name="com.sap.security.core.usermanagement">
                        <attribute name="j_user"/>
                        <attribute name="logonalias"/>
                        <attribute name="j_password"/>
                        <attribute name="userid"/>
                        <attribute name="lastpasswordchange"/>
                   </nameSpace>
                   <nameSpace name="com.sap.security.core.authentication">
                        <attribute name="principal"/>
                        <attribute name="realm"/>
                        <attribute name="domain"/>
                   </nameSpace>
              </principal>
              <principal type="user">
              </principal>
              <principal type="group">
              </principal>
         </responsibleFor>
         <attributeMapping>
              <principal type="account">
                   <nameSpace name="com.sap.security.core.usermanagement">
                        <attribute name="j_user">
                             <physicalAttribute name="samaccountname"/>
                        </attribute>
                        <attribute name="logonalias">
                             <physicalAttribute name="samaccountname"/>
                        </attribute>
                        <attribute name="j_password">
                             <physicalAttribute name="unicodepwd"/>
                        </attribute>
                        <attribute name="userid">
                             <physicalAttribute name="*null*"/>
                        </attribute>
                        <attribute name="lastpasswordchange">
                             <physicalAttribute name="pwdLastSet"/>
                        </attribute>
                   </nameSpace>
                </principal>
              <principal type="user">
                   <nameSpace name="com.sap.security.core.usermanagement">
                        <attribute name="firstname">
                             <physicalAttribute name="givenname"/>
                        </attribute>
              </principal>
         </attributeMapping>
         <privateSection>
         </privateSection>
    </dataSource>
However the above configuration doesn't work. I am not able to read the attribute "pwdLastSet" from AD using attribute mapping.
Can some one please suggest what I am missing ?
Thank You,

You may google "pwdLastSet convert" a try to find out some scripts to convert pwdLastSet to another timestamp.
As I got from some Google's [links|http://anothersysadmin.wordpress.com/2010/10/22/convert-pwdlastset-to-a-human-readable-date/] pwdLastSet it counts time in nanoseconds.
Consult you MS Active Diractory team for help to create the converting script of create another attribute in AD with the format that match the portal's timestamp. Then you'll map the new AD attribute to the "lastpasswordchange" attribute of the portal.
Regards, Mikhail.

Attribute mapping in replication

Hi,
We have around 10 servers running DS5.2P4.
Now we are building DS6.3 servers for an acquired enterprise and would like to store the new directory information in one of the old 5.2 servers for data recovery.
The problem is that the schema in 6.3 is different compared to the old 5.2P4.
So is attribute mapping possible in replication between 6.3 and 5.2 Directory servers.
Thanks

Hi,
Please tell me when you are getting this error and please explain a bit more what exactly you want to do..
Thanks
--Anil

Adv. Pricing: Custom Attribute mapped to Std. Volume's ITEM_QUANTITY field

Advanced Pricing: A Custom Attribute is mapped to Std. Volume's ITEM_QUANTITY field, to be able to capture a user-defined volume onto the Standard Quantity field via. Attribute Mapping. However the expected behavior is not achieving. Still the PTE prices if off the OM/ASO's Quantity field, and not based on the number that goes into the attribute field.
PTE= 'Order Fulfillment', Context Type = 'Pricing Context', Context = 'VOLUME', Code = 'ITEM_QUANTITY'.
Attribute Mapping Method = ATTRIBUTE MAPPING.
Click on Attribute Mapping button
Application Name=Advanced Pricing
Line Level User Source Type=PL/SQL API
User Value String= OE_ORDER_PUB.G_LINE_REC.ATTRIBUTE10
When I create the Sales Order in OM, at the line level after entering the item, I entered a number in attribute10, then
also a value in the standard quantity field, and Save. The item had price
breaks defined in the pricelist. But the price returned was based on the value
in the standard Quantity field, not the value in attribute10. Even when I
reprice the line (Actions-->Price Line), there is no change.
Expected behavior is to get the Price off the Attribute that mapped to the 'ITEM_QUANTITY' field (which is a standard/seeded attribute).
Does anyone made such expected behavior to work (without being used with a Customer Price API)?

can someone pls reply?
Thanks!

RE: Attributes mapping

Hi,
I think it is the later case, that is, the current object is being altered
by SetValue. Maybe you can trace the action by creating a DomainClass from
TextNullable and run it in debug.
Regards,
Peter Sham.
-----Original Message-----
From: Dimitar Gospodinov [SMTP:[email protected]]
Sent: Tuesday, March 23, 1999 3:01 PM
To: Forte Users Mail List
Subject: Attributes mapping
Does anyone know what mechanism Forte uses when performs an
attribute
mapping in the window classes.
For example if we have a DataField widget named MyDataField that
maps to
TextData. Let assume also that you have created an instance of the
TextData class that is referenced by the MyDataField variable.
Then the question is what will happen when you change the value in
the
DataField?
A new object will be created or the current object will be altered
by
invoking the method SetValue?
Regards,
Dimitar Gospodinov
Dimitar Gospodinov
Consultant
International Business Corporation
e-mail: [email protected] << File: Card for Dimitar Gospodinov >>
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

Try to use rework warehouse as a location for rework and if you want it recorded in a specific/certain GL, you must define it in COA firsts. using good issue and good receipts and do not forget to record PO no. in the remarks (comments field). So, when rework happens, receipt it in the rework warehouse using good receipts and issuing it from production warehouse and vice versa.
BTw, what type of company you are currently facing ? Is it assembly type ? steel manufacturing or what ? You must also provide info whether you use backflush or manual.
Rgds,

Installaing ECC6.0 with oracle as DB on win 2k3 Getting any error

Hi All
I am unable to find out the error while i am installaing ECC6.0 with oracle as DB on win 2k3 please find the error report
ERROR 2008-11-06 08:57:24
FCO-00011 The step unpack with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|1|0|NW_Unpack|ind|ind|ind|ind|8|0|unpack was executed with status ERROR .
ERROR 2008-11-06 08:57:24
MUT-03011 Execution of the command "C:\WINDOWS\TEMP\sapinst_exe.3896.1225941925\SAPCAR.exe -x -v -g -i -R C:/usr/sap/PRD/SYS/exe/uc/NTI386 -f C:/oraclnt/OCL_WINDOWS_I386/OCL10232.SAR," finished with return code 29. Output: SAPCAR: no archives specified for extracting (error 29). There are no more files.
ERROR 2008-11-06 08:57:24
MUT-03011 Execution of the command "C:\WINDOWS\TEMP\sapinst_exe.3896.1225941925\SAPCAR.exe -x -v -g -i -R C:/usr/sap/PRD/SYS/exe/uc/NTI386 -f C:/oraclnt/OCL_WINDOWS_I386/OCL10232.SAR," finished with return code 29. Output: SAPCAR: no archives specified for extracting (error 29). There are no more files.
Please suggets
Thanks in advance
Thanks you
Sudhakar A

Hi,
Please informe us are you installing oracle client or oracle enterprises.
Anil

Acrobat Distiller Standard In Win 2k3 Server

Hi,
We have a service running in a win 2k3 server which converts office files to PDF using acrobat distiller standard 8. Often some PDF files misses table borders or some images gets distorted. If I rerun, proper PDF files are rendered. And the same word files can be converted to PDF with out any issues in my xp desktop box using acrobat distiller professional. Both have the same settings.
We use VBS to do the conversion job, which is used by a windows service. VBS converts word to ps files first and then use distiller to print them to PDF.
Is this because we are using standard version win 2k3 server? do we need to upgrade to a professional or server version?

Thanks for the reply.
Why it cant be used? Or do you mean we cannot use Standard? Do you have any other suggestions?

UIXInclude getAttribute Illegal access of the include attribute map out

Using JDeveloper 11.1.1.6.0
I've been digging into the reason why I've been getting this in my logs. At first, I thought it was because of a declarative component, but after further digging, it was actually the region which I'm using inside a declarative region's facet.
<UIXInclude> <getAttribute> Illegal access of the include attribute map outside of the include context
Searching google only gets me to this link:
[ Oracle® Fusion Middleware Error Messages Reference|http://docs.oracle.com/cd/E16162_01/core.1112/e22506/chapter_adf_faces_messages.htm]
Has anyone encountered this same log? If you have, can you share what is causing it?
Thanks.
-Marvin

Found the issue.
Too bad I had to realize it the hard way. When the declarative component is trying to point to an attribute that doesn't exist, then you get this message in your log. Feel bad for the af:region for getting blamed... (but hey the documentation said contact support so that didn't help as well).
Killed the unneeded and anonymous attribute element and everything is back to normal.
-Marvin

Export Custom Attribute Mapping

Hello Gurus!
I'm migrating a xMII 11.5 project to MII 12.1 and the migration tool was fine on creating the Custom Attributes and Custom Attribute Mapping. However, what I need now is to export Custom Attribute and Custom Attribute Mapping from MII 12.1 DEV to QAS and PRD.
My question is: When exporting Custom Attributes from Configurations menu, it will export Custom Attribute Mapping too? How can I export and import Custom Attribute Mapping from DEV to QAS and PRD?
Thanks

Manoel,
have you tried the following:
- open System Management / Configurations
- unmark the "Select All" and only mark the "Custom Attributes"
- click export and save the zip file
The exported zip file should include all the settings. In your follow up systems QAS and PRD you can import the zip file.
See also SAP Help on [MII 12.1 Configuration|http://help.sap.com/saphelp_mii121/helpdata/en/43/e80b59ad40719ae10000000a1553f6/frameset.htm]
Michael

HCM / VDS / IDM Attribute Mapping

Hi folks!
So we have a bunch of attributes in SAP that start with SYHR, and we have a couple of questions about them.
1. How are these fields mapped to IDM? We've found some information in Identity Management for SAP System Landscapes: Configuration Guide, but we are looking for something more. It seems attributes mapped in the PNP database (or tables?) is not shown that clearly. Our Business Analysts want more information.
2. It seems most of these fields are calculated somehow. As a bonus, we'd like to know how these fields are calculated in the first place.
Thanks for any help you can provide,
Matt

I am not sure how well the document reflects the attribute mapping in the transfer event task in the Staging Id Store. I guess that you need to both look at the document and the event task in Staging Id Store that moves the data to Productive Id Store to see all the attribute mappings.
The real question is how would you need to map them between HCM and IdM. It's pretty normal requirement analysis work to figure out what to export. You should only export relevant attributes.
I am not sure about "calculated attributes" and I am not an ABAP'per, but if you have HCM-consultants on site have them analyze the query definition shipped with HCM. Any transformation that takes place should be in the query and it's data mappings.
I wrote this while ago, won't give you any technical tips etc but more of what I've faced in HCM-integration: Considerations in connecting SAP IdM with Leading Identity System(s)
regards, Tero

IDM schema and attribute mapping

As I understood from the documents - Identity manager doesn't store any data in local database.I have 60 attributes in resource-1 which needs to be flown to resource-2
==>As per my understanding, i will need to create 60 attributes in IDM as user extended attributes and do the mapping between Resource1 -- IDM -- Resource-2
==>But if I create this schema in IDM will it hold the whole data locally ?
Or will it hold the data between scheduled jobs for Resource-1 and Resource-2
==>Or I have to enable somewhere to store the data locally?
==>Also if there is any other option that I don't need to configure schema and attribute mapping ?
I am new to IDM so not sure how to configure the flow in better way.

First things first keep the extended attributes to the minimum in IDM
for your case
To get the values from one resource to the other you have to have attribute mappings in IDM for both the resources.
There is no need for storing them in the extended attributes just have a job that picks up the users data from resource 1 and push it to resource 2 if the user in IDM has both the resources linked.
Hope this works

ACS an Win 2k3 AD attribute mapping

Similar Messages

Maybe you are looking for