Dynamic Groups in LDAP and Calendar

Similar Messages

• Using Dynamic Groups in Ldap for Accounts and Roles

  Does anyone currently use dynamic groups in LDAP for accounts and roles? I have set up a dynamic group in ldap (we are using OID Oracle internet Directory 10.1.2.0) , ldapsearch returns the correct list of unique names, but the account does not appear on my profile page when I log in to UCM (10.1.3). I cannot find any documentation so I'm asking myself if it is supported .....

  Thanks tim ... will check, but Oracle are saying :
  Oracle Universal Content Management - Version: 7.5.1
  Information in this document applies to any platform.
  Product: Content Server
  Version: 6.0
  Goal
  Can the Content Server's LDAP provider support, or can it be configured to support, dynamic LDAP groups?
  Solution
  The Content Server by itself is unable to process dynamic LDAP groups since the filter that is used cannot read dynamic groups. However, dynamic groups can still work in the Content Server if the permissions for the queried user are generated on the LDAP server side. For example: Novell and Active Directory both have this functionality.
  to which I have replied you suport 3rd party ldaps, but not your own? Shurely shome mishtake ..... if ldap search works in a seamless way, surely provider should too ....
  Billy, you may well be right, just got a cashflow problem over here !

• Identity Service LDAP with dynamic grouping

  Hi all,
  We are developing an enterprise application with oc4j and bpel.
  First we managed to handle user management with XML based JAZN tool.
  After that,we managed to connect identity service with iPlanet LDAP server and get users and roles(with static groups defined.)
  But our client wanted static and dynamic groups together in their LDAP server,because of the complexity of their current user base.
  When we try this,we cannot get the roles that are assigned with dynamic groups.But we can get the roles that are statically defined.
  We check the roles from the worklist application (integration/worklistapp... thing..) and we se the static groups where we cannot see dynamic one's.
  There is a section in is_config.xml like:
  <roleControls>
  <property name="nameattribute" value="cn"/>
  <property name="objectclass" value="groupOfUniqueNames"/>
  <property name="membershipsearchscope" value="onelevel"/>
  <property name="memberattribute" value="uniquemember"/>
  <search searchbase="ou=Groups,dc=dummy,dc=com,dc=tr" scope="onelevel" maxSizeLimit="1000" maxTimeLimit="120"/>
  </roleControls>
  I think the property uniquemember has an effect in this situation but I cannot find any sample configurations using dynamic groups in LDAP.
  Hope somebody has already done that..

  I find a solution here:
  http://download.oracle.com/docs/cd/E15523_01/integration.1111/e10226/hwf_config.htm
  I am currently using weblogic's defaultAuthentication to test BPM 11g.
  I do not know if this approach works in production environment.

• Authentication against both LDAP and BI repository

  I have a lot of user who are authenticated against LDAP. I need add few users who aren't exist in LDAP. I can create user in BI repository and if this user is in an Administrator group he is able to log in. But if this user isn't in an Administrator group he get error "Succesfull execution of intitializtion block LDAP is required". Is there any way how to authenticate users agains both LDAP and BI repository?

  Hi,
  why dont you create a group in ldap and add the correspondng users to that group.
  You can configure the LDAP server with that group and try...
  Hope it works...
  Regards
  Venkat

• Dynamic group spark with scroller component

  Hi,
  I am creating a dynamic group(mygrp) spark and adding elements using addElement function. I need to add a scroller to the main group object dynamically. I tried with same method [myScroller.addElement(mygrp)]. But that is not working. Please help me to resolve this issue. Basically I have a main contaner group object. Insided that some other group object, label, buttons using for loop. I need to give scroller for main group object.
  Many Thanks in advance

  Hi,
  I am creating a dynamic group(mygrp) spark and adding elements using addElement function. I need to add a scroller to the main group object dynamically. I tried with same method [myScroller.addElement(mygrp)]. But that is not working. Please help me to resolve this issue. Basically I have a main contaner group object. Insided that some other group object, label, buttons using for loop. I need to give scroller for main group object.
  Many Thanks in advance

• Dynamic group spark with scroller

  Hi,
  I am creating a dynamic group(mygrp) spark and adding elements using addElement function. I need to add a scroller to the main group object dynamically. I tried with same method [myScroller.addElement(mygrp)]. But that is not working. Please help me to resolve this issue. Basically I have a main contaner group object. Insided that some other group object, label, buttons using for loop. I need to give scroller for main group object.
  Many Thanks in advance

  Hi Shailendra, the articles below should provide some guidance on how to go about this:
  http://www.systemcentercentral.com/creating-dynamic-computer-groups-using-regular-expressions-in-opsmgr/
  http://social.technet.microsoft.com/wiki/contents/articles/7205.operations-manager-dynamic-group-examples.aspx
  https://technet.microsoft.com/library/hh212842.aspx
  If you've found this post helpful,  please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  MrChiyo | My blog: Technical | Twitter: MrChiyo

• Configuring groups in LDAP

  Hello experts !
  I'm trying to configure group in LDAP, and add members to this group :
  The group :
  ~~~~~~~~~
  objectClass:     groupOfNames
  objectClass:     top
  cn:     billingdept
  member:     o=ibm,c=us,uid=c0001,ou=people
  member:     o=ibm,c=us,uid=c0002,ou=people
  member:     o=ibm,c=us,uid=c0003,ou=people
  member:     o=ibm,c=us,uid=c0004,ou=people
  One of the members (C0004) :
  ~~~~~~~~~~~~~~~~~~~~~~~~
  uid:     c0004
  displayName:     David
  givenName:     David
  objectClass:     inetOrgPerson
  objectClass:     top
  objectClass:     person
  objectClass:     organizationalPerson
  userPassword:      [B@5c5e5c5e
  ou:     Billing
  cn:     Steven Moyer
  sn:     Moyer
  title:     Billing worker
  The Problem : When i give permission in Websphere for a specific user, it's OK and the user can log in.
  BUT, When I give a permission in Websphere for a group, websphere does\n't allow the group's users to log in, because Websphere doesn't recognize the user i'm tring to login with, as a user of this group.
  So maybe this is not the way i should configure group.
  can anyone help ?

  member DN appears to be incorrect but i cant confirm unless u provide your DIT

• Contacts and Calendar unable to sync

  Yesterday my iPhone started having a problem syncing Contacts and Calendars. As far as I know, I changed no settings on either my phone or my computer to cause this to happen. I'm using a Mac with OSX Tiger, syncing through the USB cable with iTunes.
  I first found that my calendars would not sync in either direction (iCal > phone or vice versa). The "Sync calendars" box was definitely checked, but when I tried to sync, it skips over the calendar sync process altogether (it used to display "Syncing calendars..." for a few seconds in the top of the iTunes window back before it stopped working, but not anymore).
  I did a restore on my phone, losing my contacts and calendars that were already on there, and discovered that the contacts weren't syncing as well (despite most definitely being set to sync in iTunes), leaving me with a blank contact list. Other things such as Applications and Photos are able to sync perfectly fine. Here are things I've tried after reading some discussions, to no avail:
  -Restoring the phone (both to a backup and as a new iPhone)
  -Unchecking/rechecking "Sync Calendars/Contacts" boxes in iTunes, including experimenting with "all contacts" vs certain groups of contacts and calendars
  -Resetting my Sync history in iSync
  -Creating a new user account, with test contacts and calendar appointments (also failed to transfer)
  -Hard resetting the phone
  None of these seems to have helped the problem. It's as if my computer doesn't realize that I've checked the boxes to sync anything under the "Info" tab in iTunes.
  Any ideas that I haven't tried yet? Thanks in advance for your help.

  Hi Thomas,
  Did contacts and calendar sync in another user account?
  Have you installed any software that takes over syncing on your Mac? Maybe software that would let you sync a Windows Mobile phone.
  If the issue is happening in all user accounts, try reinstalling iTunes as described here: http://support.apple.com/kb/HT1224
  If the issue is only happening in one user account, there may be an issue with the SyncServices folder which is described here: http://support.apple.com/kb/HT1865
  -Jason

• Assign Group from LDAP

  Hello Experts.
  We are using LDAP with the option: dataSourceConfiguration_<LDAP_directory_vendor>_deep_readonly_db.xml
  I need to assign users to groups without use User Admin --> Identity Management.
  I want to know how can I assign Groups from LDAP and not from UME datasource because we don't want use the Identity Management tool.
  The Portal Version is EP7.0 SP23
  Thanks very much.
  Regards
  Mariano

  Hello Jigar,
  thank you.
  I created groups and sub-groups in LDAP but from Portal only I can see the Groups and not the sub-groups.
  How can I config to see all the tree?
  Thanks a lot.
  Regards
  Mariano

• Configure Groups to LDAP Users

  Hi,
  We have configured LDAP for authentication of users. We would like to associate set of users to groups.
  Can we create custom groups and associate LDAP users to those groups in Weblogic server ?
  Or is it the only way we need to create groups in LDAP and associate users to those groups?
  Thanks,
  Satya

  Satya, if u have a user in ur LDAP, you cant make a user from ur LDAP be a member of a Group in WLS.
  What you can do it modify the Global Roles so that the user has the same previledge as a user belonging to the group in WLS.
  Follow the steps below
  1. Go to "myrealm"
  2. Click the tab "Roles and Policies"
  3. Click the tab "Realm Roles"
  4. Expand the link "Global Roles"
  5. Click the link "View Role Conditions" coressponding to the name "Admin". Enter the panel "Edit Global Role"
  6. Click the button "Add Conditions"
  7. Select "Predicate List" as "user"
  8. Click the button "Next"
  9. Enter my username (ldapuser) in LDAP to the field "User Argument Name:"
  10. Click the button "Add"
  11. Click the button "Finish"
  12. Back to the page "Edit Global Role"
  13. Here I can see
  User :ldapuser
  Or
  Group : Administrators
  14. Click the button "Save"
  15. Restart the server
  ldapuser will have the same previledge as a user belonging to Administrator group..

• LDAP Dynamic Groups

  Hi,
  I have been trying to do some coding around - fetching members of dynamic ldap groups. In both these code snippets.. I get the same exception:
  java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtx
  no matter whatever i tried. Can anyone please - let me know what could be causing this exception.
  Regards.
  String filter = LDAPRealm.DYNAMIC_GROUP_FILTER;
            String[] targets = new String[] { target, "memberUrl" };
            try {
                 SearchControls ctls = new SearchControls();
                 ctls.setReturningAttributes(targets);
                 ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                 ctls.setReturningObjFlag(true);
                 NamingEnumeration e = context.search(baseDN, filter, ctls);
                 while(e.hasMore()) {
                      SearchResult res = (SearchResult)e.next();
                      Object searchedObject = res.getObject();
                      //if(searchedObject instanceof com.sun.jndi.ldap.obj.GroupOfURLs){ // dynamic group
                           com.sun.jndi.ldap.obj.GroupOfURLs gurls = (com.sun.jndi.ldap.obj.GroupOfURLs) searchedObject;
                           Principal x500principal = new X500Principal(userDN);
                           if (gurls.isMember(x500principal)) {
  and
  java.security.acl.Group obj = (java.security.acl.Group)ctx.lookup(groupDN);
                 Enumeration members = obj.members();
                 Principal member = null;
                 while (members.hasMoreElements()) {
                      member = (Principal)members.nextElement();
                      memberDNs.add(member.getName());
                 }

  How is this different from [your previous question|http://forums.sun.com/thread.jspa?threadID=5434523&messageID=10965220#10965220]? If it is the same queston, then please stay in the same thread.

• LDAP- large dynamic groups - performance

  A dynamic group is to a static group what a view is to a table
  A group is to its members what a table or view is to its records.
  When the memebrs of a dynamic group is very large are there any performance problems or is that eliminatable by some indexing means?

  Just an FYI ...
  I found out from iPlanet that this is a bug in SP3 and will be fixed in SP4.
  In the meantime, you can call tech support and get a patch.
  Matt
  "Matt Raible" <[email protected]> wrote in message
  news:9nldgs$[email protected]..
  I discovered today that the dynamic group does not seem to work for
  form-based authentication with iPlanet App Server. I have a group,
  Employees, in my LDAP server, and it has a dynamic group configured as
  ldap:///o=douglas.co.us??sub?dcRoles=ttEmployee, where each user has a
  custom attribute, dcRoles. I can test this dynamic group and expectedusers
  are found.
  However, I cannot authenticate with a user in this group when "Employees"is
  my configured role to authenticate with.
  If I open the group Employees in my LDAP Server, and under the Members,
  Static Group tab - I add a user, I can authenticate with them.
  I also tried adding "ttEmployee" as well as "Employee" to my deployment
  descriptors - but no luck. The method of adding a user (above) is the only
  way I found to work.
  Can someone shed some light on this?
  Thanks,
  Matt

• OAM 10g - obmygroups and nested dynamic groups

  I've run into an issue with the obmygroups header action in OAM 10g, and I'm not sure whether this is by design or not.
  The obmygroups will return static and dynamic group names for which the user is a member, and it will return static groups that contain nested static groups where the user is a member of the nested group. However, it doesn't seem to static groups with nested dynamic groups where the user is a member of the nested dynamic group.
  Is that by design? Is there any way to nest dynamic groups so that obmygroups will return the parent group name? I'd like to have a group that contains both nested static and nested dynamic groups, and have the obmygroups action return the name of the parent group.
  Thanks,
  Matt

  Return Attribute Action in authentication or authorization rules
  obmygroups:<ldap_url> special attribute returns those groups to which the user belongs that also satisfy the criteria <ldap_url> filter specifies.
  EX: "obmygroups:ldap:///cn=Groups,dc=myorg,dc=com??sub(group_type=role) returns all the groups in cn=Groups,dc=myorg,dc=com tree for which the logged-in user is a member and the group_type is role.
  For more information check OAM Access Administration Guide

• SQL Query for members of dynamic group - Need to include Name, Path and Type

  Hello,
  I built a custom dynamic group that has all my SQL databases in it using SCOM 2012 SP1.  The group works fine as I can see the Name(ie, Database name), Health State, Path (ie, hostname/instance) and Types (ie; SQL 2005).  Now I'm trying to
  build a custom report based off this same information using a SQL query.   I'm no DBA and could use some help.  So far this is what i have
  use
  select
  SourceObjectDisplayName as
  'Group Name',
  TargetObjectDisplayName,TargetObjectPath
  from RelationshipGenericView
  where isDeleted=0
  AND SourceObjectDisplayName
  like
  'SQL_Databases_All'
  ORDERBY TargetObjectDisplayName
  This gets me the Group Name (which i really don't care about), database name, and hostname/instance. What I am missing is the Health State and most importantly the Type (ie, SQL Server 2005 DB, SQL Server 2008DB).
  If someone could assist me here I would appreciate it. I believe I need to do some type of INNER JOIN but have no idea where the SQL type info lives or the proper structure to use. Thanks
  OperationsManager

  Here's the updated Query for OpsMan 2012 R2:
  To find all members of a given group (change the group name below):
  select SourceObjectDisplayName as 'Group Name', TargetObjectDisplayName as 'Group Members' 
  from RelationshipGenericView 
  where isDeleted=0 
  AND SourceObjectDisplayName = 'Agent Managed Computer
  Group' 
  ORDER BY TargetObjectDisplayName

• BBM group list and calendars gone

  With the recent upgrade to BBM, all of my group lists and calendars appear to have been cleared. The list title still shows, but all entries under the list have been removed. The only items showing in my calendar are what had been added over the weekend. Is there anyway to recover the information that was in my group lists and calendars?

  Which upgrade? The one a few days ago, or the one today?
  For what it's worth, earlier today I noticed the calendar in one of my groups was empty. Then I upgraded and the calendar is back.
  My suggestion is check and see if you have a BBM upgrade available. If so, do it. Either way, if the list is still empty, reboot the device and check again.