LDAP Dynamic Groups
Hi,
I have been trying to do some coding around - fetching members of dynamic ldap groups. In both these code snippets.. I get the same exception:
java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtx
no matter whatever i tried. Can anyone please - let me know what could be causing this exception.
Regards.
String filter = LDAPRealm.DYNAMIC_GROUP_FILTER;
String[] targets = new String[] { target, "memberUrl" };
try {
SearchControls ctls = new SearchControls();
ctls.setReturningAttributes(targets);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctls.setReturningObjFlag(true);
NamingEnumeration e = context.search(baseDN, filter, ctls);
while(e.hasMore()) {
SearchResult res = (SearchResult)e.next();
Object searchedObject = res.getObject();
//if(searchedObject instanceof com.sun.jndi.ldap.obj.GroupOfURLs){ // dynamic group
com.sun.jndi.ldap.obj.GroupOfURLs gurls = (com.sun.jndi.ldap.obj.GroupOfURLs) searchedObject;
Principal x500principal = new X500Principal(userDN);
if (gurls.isMember(x500principal)) {
and
java.security.acl.Group obj = (java.security.acl.Group)ctx.lookup(groupDN);
Enumeration members = obj.members();
Principal member = null;
while (members.hasMoreElements()) {
member = (Principal)members.nextElement();
memberDNs.add(member.getName());
}
How is this different from [your previous question|http://forums.sun.com/thread.jspa?threadID=5434523&messageID=10965220#10965220]? If it is the same queston, then please stay in the same thread.
Similar Messages
-
How to retrieve members of ldap dynamic groups?
Hi,
Can any one provide me the java-code snippet for listing the members(users) of a LDAP-dynamic group?
Regards.How is this different from [your previous question|http://forums.sun.com/thread.jspa?threadID=5434523&messageID=10965220#10965220]? If it is the same queston, then please stay in the same thread.
-
Using Dynamic Groups in Ldap for Accounts and Roles
Does anyone currently use dynamic groups in LDAP for accounts and roles? I have set up a dynamic group in ldap (we are using OID Oracle internet Directory 10.1.2.0) , ldapsearch returns the correct list of unique names, but the account does not appear on my profile page when I log in to UCM (10.1.3). I cannot find any documentation so I'm asking myself if it is supported .....
Thanks tim ... will check, but Oracle are saying :
Oracle Universal Content Management - Version: 7.5.1
Information in this document applies to any platform.
Product: Content Server
Version: 6.0
Goal
Can the Content Server's LDAP provider support, or can it be configured to support, dynamic LDAP groups?
Solution
The Content Server by itself is unable to process dynamic LDAP groups since the filter that is used cannot read dynamic groups. However, dynamic groups can still work in the Content Server if the permissions for the queried user are generated on the LDAP server side. For example: Novell and Active Directory both have this functionality.
to which I have replied you suport 3rd party ldaps, but not your own? Shurely shome mishtake ..... if ldap search works in a seamless way, surely provider should too ....
Billy, you may well be right, just got a cashflow problem over here ! -
Identity Service LDAP with dynamic grouping
Hi all,
We are developing an enterprise application with oc4j and bpel.
First we managed to handle user management with XML based JAZN tool.
After that,we managed to connect identity service with iPlanet LDAP server and get users and roles(with static groups defined.)
But our client wanted static and dynamic groups together in their LDAP server,because of the complexity of their current user base.
When we try this,we cannot get the roles that are assigned with dynamic groups.But we can get the roles that are statically defined.
We check the roles from the worklist application (integration/worklistapp... thing..) and we se the static groups where we cannot see dynamic one's.
There is a section in is_config.xml like:
<roleControls>
<property name="nameattribute" value="cn"/>
<property name="objectclass" value="groupOfUniqueNames"/>
<property name="membershipsearchscope" value="onelevel"/>
<property name="memberattribute" value="uniquemember"/>
<search searchbase="ou=Groups,dc=dummy,dc=com,dc=tr" scope="onelevel" maxSizeLimit="1000" maxTimeLimit="120"/>
</roleControls>
I think the property uniquemember has an effect in this situation but I cannot find any sample configurations using dynamic groups in LDAP.
Hope somebody has already done that..I find a solution here:
http://download.oracle.com/docs/cd/E15523_01/integration.1111/e10226/hwf_config.htm
I am currently using weblogic's defaultAuthentication to test BPM 11g.
I do not know if this approach works in production environment. -
Dynamic Groups in LDAP and Calendar
Folks,
I have defined a dynamic group in LDAP. I would like for that group to be invited to an event. When I add an event and search I find the group. When I check the group and click 'OK' it doesn't show the group as invited. When I search again, it says the group is included but no one is invited.
Also, how do I protect a group from being used by anybody???
keithThanks tim ... will check, but Oracle are saying :
Oracle Universal Content Management - Version: 7.5.1
Information in this document applies to any platform.
Product: Content Server
Version: 6.0
Goal
Can the Content Server's LDAP provider support, or can it be configured to support, dynamic LDAP groups?
Solution
The Content Server by itself is unable to process dynamic LDAP groups since the filter that is used cannot read dynamic groups. However, dynamic groups can still work in the Content Server if the permissions for the queried user are generated on the LDAP server side. For example: Novell and Active Directory both have this functionality.
to which I have replied you suport 3rd party ldaps, but not your own? Shurely shome mishtake ..... if ldap search works in a seamless way, surely provider should too ....
Billy, you may well be right, just got a cashflow problem over here ! -
LDAP- large dynamic groups - performance
A dynamic group is to a static group what a view is to a table
A group is to its members what a table or view is to its records.
When the memebrs of a dynamic group is very large are there any performance problems or is that eliminatable by some indexing means?Just an FYI ...
I found out from iPlanet that this is a bug in SP3 and will be fixed in SP4.
In the meantime, you can call tech support and get a patch.
Matt
"Matt Raible" <[email protected]> wrote in message
news:9nldgs$[email protected]..
I discovered today that the dynamic group does not seem to work for
form-based authentication with iPlanet App Server. I have a group,
Employees, in my LDAP server, and it has a dynamic group configured as
ldap:///o=douglas.co.us??sub?dcRoles=ttEmployee, where each user has a
custom attribute, dcRoles. I can test this dynamic group and expectedusers
are found.
However, I cannot authenticate with a user in this group when "Employees"is
my configured role to authenticate with.
If I open the group Employees in my LDAP Server, and under the Members,
Static Group tab - I add a user, I can authenticate with them.
I also tried adding "ttEmployee" as well as "Employee" to my deployment
descriptors - but no luck. The method of adding a user (above) is the only
way I found to work.
Can someone shed some light on this?
Thanks,
Matt -
DIP fails loading dynamic groups into OID
Hello,
we're trying to load groups from OeBS into OID and associate them via dynamic groups feature with user records that was loaded earlier as follows:
personid=18630,cn=dev,cn=hrsyncusers,cn=users,dc=ic,dc=lan
orcltimezone=Asia/Yekaterinburg
displayname=NOT ASCII
employeetype=NOT ASCII
givenname=NOT ASCII
postalcode=628484
orcldateofbirth=19610404000000
orclgender=F
departmentnumber=342
uid=18630
mail=HRNULL
cn=NOT ASCII
initials=NOT ASCII
street=NOT ASCII
employeenumber=4824
middlename=NOT ASCII
l=NOT ASCII
orclhiredate=20051107000000
sn=NOT ASCII
personid=18630
c=Russia
title=NOT ASCII
objectclass=inetorgperson
objectclass=person
objectclass=organizationalperson
objectclass=orcluserv2
objectclass=kapitalperson
objectclass=country
objectclass=residentialperson
objectclass=locality
objectclass=top
Among other attributes each user entity has 'departmentNumber' that indicates number of his/her department.
Now trying to load list of departments as dynamic groups with the following config
files:
*** DevHRAgentGroups.cfg ***
[SELECT]
SELECT psv.version_number
, pos.name hierarchyname
, hou.organization_id depno
, poe.organization_id_parent parent_id
, REPLACE(hou2.name, '"') parentname
, poe.organization_id_child child_id
, REPLACE(hou.name, '"') orgname
, ldap://idm01.ic.lan:389/cn=DEV,cn=HRSyncUsers,cn=Users,dc=ic,dc=lan??sub?(depar
tmentnumber='||hou.organization_id||')' ldapuri
, hrl.meaning org_type
FROM per_organization_structures pos
, per_org_structure_versions psv
, per_org_structure_elements poe
, hr_all_organization_units hou
, hr_all_organization_units hou2
, hr_lookups hrl
WHERE pos.business_group_id = psv.business_group_id
AND pos.organization_structure_id = psv.organization_structure_id
AND pos.primary_structure_flag = 'Y'
AND psv.date_to IS NULL
AND poe.org_structure_version_id = psv.org_structure_version_id
AND poe.business_group_id = hou.business_group_id
AND poe.organization_id_child = hou.organization_id
AND poe.business_group_id = hou2.business_group_id
AND poe.organization_id_parent = hou2.organization_id
AND hrl.lookup_code = hou.type
AND hrl.enabled_flag = 'Y'
AND hrl.lookup_type = 'ORG_TYPE'
AND hrl.lookup_code NOT IN (30,40)
AND TRUNC(SYSDATE) BETWEEN hou.date_from AND NVL(hou.date_to, TO_DATE('31.12.4712','dd.mm.yyyy'))
AND hou.last_update_date >= to_date(:BINDVAR,'YYYYMMDDHH24MISS')
*** DevHRAgentGroups.map ***
DomainRules
NONLDAP:cn=DEV,cn=HRSyncGroups,cn=Groups,dc=ic,dc=lan:departmentID=%,cn=DEV,cn=HRSyncGroups,cn=Groups,dc=ic,dc=lan
AttributeRules
orgname:1: : :cn: :groupOfUniqueNames
depno:1: : :departmentID: :kapitalDepartment
ldapuri: : : :labeledURI: :orclDynamicGroup
We're getting the following error in ?/ldap/odi/log/DevHRAgentGroups.trc during HRAgent execution at mapping phase:
Normalized DN : departmentid=82,cn=dev,cn=hrsyncgroups,cn=groups,dc=ic,dc=lan
Changetype is 5
Processing modifyRadd Operation ..
Entry Not Found. Converting to an ADD op..
Processing Insert Operation ..
Performing createEntry..
Exception creating Entry : javax.naming.NamingException: [LDAP: error code 1 - Dynamic group cache update failed.]; remaining name 'departmentid=82,cn=dev,cn=
hrsyncgroups,cn=groups,dc=ic,dc=lan'
[LDAP: error code 1 - Dynamic group cache update failed.]
javax.naming.NamingException: [LDAP: error code 1 - Dynamic group cache update failed.]; remaining name 'departmentid=82,cn=dev,cn=hrsyncgroups,cn=groups,dc=i
c,dc=lan'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3028)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
at oracle.ldap.odip.gsi.LDAPWriter.createEntry(LDAPWriter.java:1162)
at oracle.ldap.odip.gsi.LDAPWriter.insert(LDAPWriter.java:425)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:822)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:349)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:655)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:376)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:237)
DIP_LDAPWRITER_ERROR_CREATE
Error in executing mapping DIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
Please, note. Loading is successful if we commenting out mapping line for labeledURI attribute (that's loading static groups).
Loading is also successful when labeledURI is mapped to
'ldap://idm01.ic.lan:389/cn=DEV,cn=HRSyncUsers,cn=Users,dc=ic,dc=lan??sub?(objec
tclass=person)' but this definetly is not what we are going to get.
I don't have ideas what's wrong for example with the following generated 'labeledURI' attribute:
ldap://idm01.ic.lan:389/cn=DEV,cn=HRSyncUsers,cn=Users,dc=ic,dc=lan??sub?(departmentnumber=82)
Any help is appreciated
Thanks,
EdwardHi Frank,
there is something wrong with departmentnumber attribute of user records. Searching users with ldapsearch using "departmentnumber=*" filter fails with the following error:
ldap_search: DSA is unwilling to perform
ldap_search: additional info: Function Not Implemented
I think this is probably the cause of failing creation of dynamic groups.
Searching on other user attributes (cn, uid, employyenumber) works fine.
Still don't understand what's wrong with this particular attribute. -
ZCM 11.2.3a dynamic groups summery incorrect
Hi there
When creating a dynamic group for Agent version = 10.3.1.34138 (example)
I click the preview and it shows me 20 members.
Going to each of those devices in the preview list shows me the correct agent version as per the filter. (10.3.1.34138)
However after applying and looking at the "members displayed in the Summary" tab, it shows 5000 odd members.
I have tried this with a few dynamic groups and changed the agent version.
I know it will only show the first 200 in the preview tab, but even when there are a few (50 members),
after applying or resetting and looking at the Summary, a completely different no is displayed.
Any ideas. - Don't recall having this with ZCM 11.2 We are on 11.2.3a at the moment.
Thanks
MarkOriginally Posted by markvh
Hi there
When creating a dynamic group for Agent version = 10.3.1.34138 (example)
I click the preview and it shows me 20 members.
Going to each of those devices in the preview list shows me the correct agent version as per the filter. (10.3.1.34138)
However after applying and looking at the "members displayed in the Summary" tab, it shows 5000 odd members.
I have tried this with a few dynamic groups and changed the agent version.
I know it will only show the first 200 in the preview tab, but even when there are a few (50 members),
after applying or resetting and looking at the Summary, a completely different no is displayed.
Any ideas. - Don't recall having this with ZCM 11.2 We are on 11.2.3a at the moment.
Thanks
Mark
I don't believe the display results are always in order, it's kinda like LDAP where it returns the first X that it finds, so the results may be different every time. (the preview portion).
At least that's what it does here (the group total is correct, but the preview/display is not in order alphabetically or anything and randomly changes) -
I can't seem to get dynamic groups working. Here's my dynamic group setup:
ldapsearch -D "cn=directory manager" -w "passwd01" -b "ou=internal,dc=example,dc=com" "objectclass=groupOfUrls"
version: 1
dn: cn=istest,ou=Groups,ou=internal,dc=example,dc=com
cn: istest
objectClass: top
objectClass: groupOfUrls
ou: Groups
memberURL: ldap:///ou=people,ou=internal,dc=example,dc=com??sub?(uid=user1)
I know for sure user1 exists:
ldapsearch -D "cn=directory manager" -w "passwd01" -b "ou=internal,dc=example,dc=com" "uid=user1"
version: 1
dn: uid=user1,ou=people,ou=internal,dc=example,dc=com
objectClass: shadowAccount
objectClass: posixAccount
objectClass: account
objectClass: top
loginShell: /bin/bash
uidNumber: 3000
homeDirectory: /home/user1
gecos: User1
cn: User1
gidNumber: 500
uid: user1
When I run a search, I get nothing:
ldapsearch -D "cn=Directory Manager" -w passwd01 -b "ou=internal,dc=example,dc=com" "(isMemberOf=cn=istest,ou=Groups,ou=internal,dc=example,dc=com)"
Directory Server version: 6.3
Using /usr/bin/ldapsearch on solaris 10.
My main objective so to use dynamic groups to setup some ACI. eg: allow user w/ attribute gidNumber=400 full read/write.
mikeismemberof only works for static groups.
My main objective so to use dynamic groups to setup some ACI.
eg: allow user w/ attribute gidNumber=400 full read/write.Have you considered using filtered roles ? -
Hi,
Despite that subject was touched numerous times I still don't quite get how to make dynamic groups posix compliant.
Solaris native ldap client will only see a group entry if:
1) a user has a "gidNumber" attribute (single-valued),
2) a group has "memberUid" for him (static)
I'd really like to know how to make groups with "memberURL" entry only real posix groups.Groups can be nested. Use the attribute uniquemember in the objectclass groupofuniquenames. uniquemember's value is then the dn of another Group.
Regards,
Ingo -
Trouble with ACIs and dynamic groups
Hi!
Does Dirctory Server stop searching for subgroups after evaluating a dynamic group?
Example:
A User "uid=A,o=company" is member of a dynamic group "cn=dyn,o=company" via memberURL: "ldap:///o=company??sub?(uid=A)".
The dynamic group "cn=dyn,o=company" is member of a static group "cn=stat,o=company" via uniquemember: "cn=dyn,o=company".
If I grant any permission using an ACI with (groupdn = "ldap:///cn=stat,o=company") user A gets that permission.
BUT
A User "uid=B,o=company" is member of a static group "cn=static,o=company" via uniquemember: "uid=B,o=company".
The static group "cn=static,o=company" is member of a dynamic group "cn=dynamic,o=company" via memberURL: "ldap:///o=company??sub?(cn=static)".
If I grant any permission using an ACI with (groupdn = "ldap:///cn=dynamic,o=company") user B does not get the permission.
Has anyone any suggestions?Hi!
Does Dirctory Server stop searching for subgroups after evaluating a dynamic group?
Example:
A User "uid=A,o=company" is member of a dynamic group "cn=dyn,o=company" via memberURL: "ldap:///o=company??sub?(uid=A)".
The dynamic group "cn=dyn,o=company" is member of a static group "cn=stat,o=company" via uniquemember: "cn=dyn,o=company".
If I grant any permission using an ACI with (groupdn = "ldap:///cn=stat,o=company") user A gets that permission.
BUT
A User "uid=B,o=company" is member of a static group "cn=static,o=company" via uniquemember: "uid=B,o=company".
The static group "cn=static,o=company" is member of a dynamic group "cn=dynamic,o=company" via memberURL: "ldap:///o=company??sub?(cn=static)".
If I grant any permission using an ACI with (groupdn = "ldap:///cn=dynamic,o=company") user B does not get the permission.
Has anyone any suggestions? -
OAM 10g - obmygroups and nested dynamic groups
I've run into an issue with the obmygroups header action in OAM 10g, and I'm not sure whether this is by design or not.
The obmygroups will return static and dynamic group names for which the user is a member, and it will return static groups that contain nested static groups where the user is a member of the nested group. However, it doesn't seem to static groups with nested dynamic groups where the user is a member of the nested dynamic group.
Is that by design? Is there any way to nest dynamic groups so that obmygroups will return the parent group name? I'd like to have a group that contains both nested static and nested dynamic groups, and have the obmygroups action return the name of the parent group.
Thanks,
MattReturn Attribute Action in authentication or authorization rules
obmygroups:<ldap_url> special attribute returns those groups to which the user belongs that also satisfy the criteria <ldap_url> filter specifies.
EX: "obmygroups:ldap:///cn=Groups,dc=myorg,dc=com??sub(group_type=role) returns all the groups in cn=Groups,dc=myorg,dc=com tree for which the logged-in user is a member and the group_type is role.
For more information check OAM Access Administration Guide -
I'm trying to use the weblogic.security.ldaprealmv2.LDAPRealm class that comes with
Weblogic Version 6.0. along with iPlanet Direcory Server. Below is a copy of my
configuration data:
user.filter=(&(uid=%u)(objectclass=person))
user.dn=ou=people,dc=directv,dc=com
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames))
server.principal=uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
group.filter=(&(cn=%g)(objectclass=groupofuniquenames))
group.dn=ou=groups,dc=directv,dc=com
server.host=127.0.0.1
My issue is that the group is dynamiccaly defined, so the attribute uniquemember
is not defined and memberurl is. The memberurl is a ldap query defining all the
groups/people that are in the group.
My question is; Can I modify the membership.filter to pickup the memberurl. My guess
is yes, but then how does Weblogic get the unique members from that?
Do I need to write a custum realm?Hi Mark,
Netscape dynamic groups do not work with WebLogic's LDAP realm in WLS 6.x or lower. (Not
sure about 7.0)
You could definitely write your own custom realm to handle dynamic groups
Cheers
Joe Jerry
Mark Celano wrote:
I'm trying to use the weblogic.security.ldaprealmv2.LDAPRealm class that comes with
Weblogic Version 6.0. along with iPlanet Direcory Server. Below is a copy of my
configuration data:
user.filter=(&(uid=%u)(objectclass=person))
user.dn=ou=people,dc=directv,dc=com
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames))
server.principal=uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
group.filter=(&(cn=%g)(objectclass=groupofuniquenames))
group.dn=ou=groups,dc=directv,dc=com
server.host=127.0.0.1
My issue is that the group is dynamiccaly defined, so the attribute uniquemember
is not defined and memberurl is. The memberurl is a ldap query defining all the
groups/people that are in the group.
My question is; Can I modify the membership.filter to pickup the memberurl. My guess
is yes, but then how does Weblogic get the unique members from that?
Do I need to write a custum realm? -
Hi,
I'm trying to get a dynamic group working with the oracle directory server enterprise edition 11.1.1.5.0 .
I've created a dynamic group like this:
dn: cn=employees,ou=groups,dc=example,dc=com
cn: employees
objectclass: top
objectclass: groupOfURLs
ou: groups
memberURL: ldap:///ou=people,dc=example,dc=com??sub?(uid=*)
but when I check for the membership, I'm just getting the dn of the user with uid = "me", but nothing else.
ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password \
-b dc=example,dc=com "(uid=me)" isMemberOf
There was a similar question like that in the forum, but no useful answer.
Does anyone know how dynamic groups work correctly?
best regards, solst_iceHi,
Ismemberof is supported for static groups only in DSEE. Dynamic group are group definition that client apps can retrieve but there is no built-in membership evaluation in the core server.
You might want to consider Oracle Unified DIrectory that support ismemberOf for static and dynamic groups
See http://docs.oracle.com/cd/E37116_01/index.htm and Managing Users and Groups - 11g Release 2 (11.1.2)
Regards,
-Sylvain -
Identity Sever Dynamic Group expansion
I have few dynamic groups defined based on 'dynamic filter' (example:- ldap:///dc=abc,dc=com??sub?(myRole=Helpdesk)). All these group's have 'dynamic member only' attribute set to true.
I always have to expand it manually from configuration to refresh the static users in this group. Is there a way to make this process automatic ? for example:- automatic expansion every 1hr?
Thanks!
KabiThere is no timing thread built into OAM - so you have to work this out outside of the product.
I have, for example, used Quartz and an HTTP client library to 'click' the expand button on a regular schedule. You can also bring in the Access SDK if you need an ObSSOCookie to get to the Admin interface.
Mark
Maybe you are looking for
-
Once 7610 the pc pairs with it, pc suite couldnt s...
hi there, i've been searching through out the forum and there's no one having this problem. pc suite 6.82.22 nokia 7610 windows pro xp service pack 2 ziga (brand) bluetooth, it works previously. so i don think it has a problem with the bluetooth devi
-
I have a page in which a picture in displayed. Requirement If the user clicks on that image, the image should open in WPFV (Windows Picture and Fax Viewer) Please assist! Thanks.
-
how to get the last know location of a missing iphone 4s before it goes 'offline' - i mean it uses so much battery getting the location every step so where/how to get the last location ?
-
What is the function module to calculate "years of services" in HR?
What is the function module to calculate "years of services" in HR?
-
ICC profiles show as unavailable
Hi I have CS running on Snow Leopard and I've downloaded some profiles from a print shop in the UK, copied them to library/colorsync/profiles but they don't show as loaded when I do view/proof setup. When I click load and locate the profiles they sho