Logical identifiant for User Notes synchronized from LDAP

Similar Messages

• Search for users in a particular LDAP through Web Dynpro code...

  Hi Experts,
  Let me try explaining my problem. In my project we are using two ADAM LDAPs. One for storing internal users and the other for storing external users. I have configured the portal to connect to both the LDAPs. I am able to search for the users created in both the LDAPs through portal Indentity Management.
  I am trying to search for the users in a specific LDAP through Web Dynpro coding... I am not lucky enough to get it done. Let me explain you what I did.
  I created a custom attribute for UME through config tool. Gave a physical mapping for the custom attribute in dataSourceConfig_xxx.xml to the LDAP attribute distinguishedName which returns the distinguished Name for the user in ADAM LDAP.
  For Example: Custom attribute in UME is ldapuser which is mapped to distinguishedName attribute in ADAM LDAP in dataSourceConfig_xxx.xml.
  When I do a search for the users in a particular LDAP, I am trying to put a filter to the newly created ldapuser attribute to distinguish between the two LDAPs.
  The search will result if I pass the value as '*'. If I try to specify the user path for the LDAP in this attribute it doesnt result any data.
  For example:
  userSearchFilter.setSearchAttribute(
       "com.sap.com.cust.admn",
        "ldapuser",
       "OU=16482515,OU=Members",
       ISearchAttribute.LIKE_OPERATOR,
       false);
  The above code will not return the data, whereas
  userSearchFilter.setSearchAttribute(
       "com.sap.com.cust.admn",
        "ldapuser",
       ISearchAttribute.LIKE_OPERATOR,
       false);
  Will result with user list from both the LDAPs.
  If anyone tried searching for users in a particular LDAP through code, please help me with this issue.
  Thank you in advance.
  Regards,
  Rekha Malavathu

  I just figured it out. Under "group-policy GroupPolicy_COMPANY_SSL_VPN attributes", I had to add "vpn-simultaneous-logins 15". Apparently, it was using the value "vpn-simultaneous-logins 0" under the NOACCESS group policy.

• OCI Catalog for Vendor problem : Logical system for catalog not maintained

  We have set up an OCI catalog with on of our vendors. This works fine untill we transfer shopping basket data from Vendor sysem into our SRM-system (SRM5.0). Then data is not being transfered and Vendor Webshop screen remains 'open'.
  in SLG1 i have found an error "Logical system for catalog not maintained. Inform system administrator'
  Anyone an idea what the cause of this error can be or what we need to check ?
  Thanks in advance

  Hi,
  I have not seen that error before. However, I think it may have to do with the LOGICAL_SYSTEM OCI field. Can you check if your punch-out catalog vendor is populating that field? Also, check if you have the correct BP# populated in the catalog configuration and the LOGICAL SYSTEM Field on the define External Webservices is blank.
  SG

• Issuing certificates for user and clients from different forest/domain

  Hello,
  at first I would like to say that I have made some researches on this forum and in the Internet overall.
  I have AD Forest with ~10 sites all over the Europe, DFL and FFL is 2008 R2, right now we are migrating site by site from old domain (samba) to AD.
  Last time I have deployed PKI based on offline root CA and 2 Enterprise acting as 2-node Failover Cluster.
  Everything in my AD Forest is OK, I mean, autoenrollment works perfect for users and computers from my forest, 
  now I need to deploy a certificate (for test) to one web-based pbx server in samba domain, there are no trusts etc. Samba domain as well as AD Forest are working on the same network, with routeable subnets in each site, so there is no problem with connectivity,
  What are possible way to achieve this goal? I mean to issue cert to client from different forest, so that this client is able to validate it, validate certificate chain and renew it when needed?
  I have Installed and Configured CE Web Service and CE Policy Web Service. Now I have configured Enrollment Policies on my virtual machine (being part of different domain), I selected username/password authentication, I am able to request certificate, I can
  see all templates which I should see, but when I try to enroll I got an error:
  (translated from my language)A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider
  My root CA cert is added to trusted publishers for computer and user node as well.
  What could be wrong? If you have any ideas or questions, please share or ask. 
  Thank you in advance.

  Everything is clear, I have Certificate Enrollment Web Services installed and configured,
  problem is what i get from certutil - TCAInfo
  ================================================================
  CA Name: COMPANY-HATADCS002-ISSUING-CA
  Machine Name: COMPANYClustGenSvc
  DS Location: CN=COMPANY-HATADCS002-ISSUING-CA,CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=COMPANY,DC=COM
  Cert DN: CN=COMPANY-HATADCS002-ISSUING-CA, DC=COMPANY, DC=COM
  CA Registry Validity Period: 2 Years -- 2016-03-04 12:20
   NotAfter: 2019-02-14 12:44
  Connecting to COMPANYClustGenSvc\COMPANY-HATADCS002-ISSUING-CA ...
  Server "COMPANY-HATADCS002-ISSUING-CA" ICertRequest2 interface is alive (1078ms)
    Enterprise Subordinate CA
  dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10)
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_NT_AUTH
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwRevocationFreshnessTime: 18 Days, 4 Minutes, 1 Seconds
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwRevocationFreshnessTime: 18 Days, 4 Minutes, 1 Seconds
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
    Issuer: CN=HATADCS001-COMPANY-ROOT-CA
    NotBefore: 2014-02-14 12:34
    NotAfter: 2019-02-14 12:44
    Subject: CN=COMPANY-HATADCS002-ISSUING-CA, DC=COMPANY, DC=COM
    Serial: 618f3506000000000002
    Template: SubCA
    9e1bea4ffa648e5fe3e9f8c4be3c604c49af04e9
    Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
      CRL 02:
      Issuer: CN=HATADCS001-COMPANY-ROOT-CA
      ThisUpdate: 2014-02-14 12:16
      NextUpdate: 2024-02-15 00:36
      d7bafb666702565cae940a389eaffef9c919f07a
    Issuance[0] = 1.2.3.4.1455.67.89.5 
  CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
    Issuer: CN=HATADCS001-COMPANY-ROOT-CA
    NotBefore: 2014-02-14 11:55
    NotAfter: 2024-02-14 12:05
    Subject: CN=HATADCS001-COMPANY-ROOT-CA
    Serial: 18517ac8a4695aa74ec0c61b475426a8
    b19b85e0e145da17fc673dfe251b0e2a3aeb05e9
    Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
    Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
    Issuance[0] = 1.2.3.4.1455.67.89.5 
  Exclude leaf cert:
    5b309c67a8b47c50966088a4d701c8526072c9ac
  Full chain:
    413b91896ba541d252fc9801437dcfbb21d37d91
    Issuer: CN=HATADCS001-COMPANY-ROOT-CA
    NotBefore: 2014-02-14 12:34
    NotAfter: 2019-02-14 12:44
    Subject: CN=COMPANY-HATADCS002-ISSUING-CA, DC=COMPANY, DC=COM
    Serial: 618f3506000000000002
    Template: SubCA
    9e1bea4ffa648e5fe3e9f8c4be3c604c49af04e9
  A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)
  Supported Certificate Templates:
  Cert Type[0]: COMPANYOnlineResponder (COMPANY Online Responder) -- No Access!
  Cert Type[1]: COMPANYWebServer(SSL) (COMPANY WebServer (SSL))
  Cert Type[2]: COMPANYUser(Autoenrollment) (COMPANY User (Autoenrollment))
  Cert Type[3]: COMPANYKeyRecoveryAgents (COMPANY Key Recovery Agents)
  Cert Type[4]: COMPANYEnrollmentAgent(Computer) (COMPANY Enrollment Agent (Computer))
  Cert Type[5]: COMPANYEnrollmentAgent (COMPANY Enrollment Agent)
  Cert Type[6]: COMPANYComputer(Autoenrollment) (COMPANY Computer (Autoenrollment)) -- No Access!
  Validated Cert Types: 7
  ================================================================
  COMPANYClustGenSvc\COMPANY-HATADCS002-ISSUING-CA:
    Enterprise Subordinate CA
    A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)
    Online
  CertUtil: -TCAInfo command completed successfully.
  please put some light on it because it's driving me crazy :/
  Thanks in advance
  one remark: certutil -tcainfo performed on CA directly is 100% OK, no errors regarding 
  "A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)"

• GRC 5.3 CUP SP16 - User info not loading from LDAP into CUP

  Hello,
  We have multiple LDAPS that we needed to connect to our CUP system to authenticate the userids before a request can be created for them. And also to bring in Manager ID and manager email from LDAP as the first level approver for requests.
  My client hasn't maintained the actual LDAP userids, Manager and manager email fields correctly, so we utlized three other custom fields in LDAP and then did field mapping in CUP for those fields. But even when the connection to all the LDAPs is successful, there's no user information being pulled in from LDAP into CUP.  I noticed that when I use our backend SAP QA system as 'User Data Source' while using multiple LDAPS for 'User Detail Source Data' , it only reads data from SAP QA system SU01 area and even when I'm trying to create requests, no Manager info is being pulled from LDAPS for that user id. 
  SAP does not allow the use of multiple LDAPS for the configuration-->User Data Source , top option.  So, if a client has userids in multiple systems, it can only read from one data source.  But even when I temporarily assigned one active directory LDAP to the 'user data source' option, it stated, no records found. So, something is up that no data is being pulled from LDAPs even when the connection to those systems is successful. I just asked our AD guy to temporarily assign domain admin rights to that LDAP connection ID to see if it's access issue, and still I am not getting any LDAP data to read into GRC CUP.
  Anyone else has had this issue? Is there especial access that the LDAP connection id needs access in LDAP to be able to retreive data into GRC? Is there any jobs that need to be run to read LDAP data. I thought it should be live as the system is connected to LDAPs. I don't understand if the connection is successful, why the user info is not being pulled from there and even after the LDAP custom field mapping is done, those field values are not showing up on requests.
  We need the following to happen:
  1). Authenticate the custom userid field in LDAPs to ensure this user exist as an employee b4 request can be created for the user. For this I have configured the multiple LDAPS for the 'Authentication'. But it doesn't seem to confirm that option when creating a request for a user.
  2). The user details info source should bring in the custom manager id and manager email into the request to send the first level of approval via workflow to that manager. Since SAP doesn't give the option to define approvers per user group values in CUP, we had to actually map all the User Owner approvers this way since their direct managers are not aware of  what to request as the User owner approvers per user group are.  So, we added custom fields for Manager id and Manager EMail into LDAP to be ready automatically into the request when reading user id while creating request.
  I will greatly appreciate anyone's help on how they got the LDAP field values to be read into GRC CUP for request processing and what type of encripted access can a LDAP connection id have without assigning it complete domain admin rights on an open port 389 for LDAP and GRC CUP connection.
  Thanks and Regards,
  Alley

  Hi Alley,
  1). Authenticate the custom userid field in LDAPs to ensure this user exist as an employee b4 request can be created for the user. For this I have configured the multiple LDAPS for the 'Authentication'. But it doesn't seem to confirm that option when creating a request for a user.
  This is not possible. You can have only 1 LDAP. Why you want to authenticate the user in different sources?? CUP looks at only one user source, not many. The below wiki explains you the configuration part:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b089fb71-a3b7-2a10-64a2-8c77243b0664
  2). The user details info source should bring in the custom manager id and manager email into the request to send the first level of approval via workflow to that manager. Since SAP doesn't give the option to define approvers per user group values in CUP, we had to actually map all the User Owner approvers this way since their direct managers are not aware of what to request as the User owner approvers per user group are. So, we added custom fields for Manager id and Manager EMail into LDAP to be ready automatically into the request when reading user id while creating request.
  Based on user group is not possible. However, if you wish to maintain the Manager's Field, ensure that the CUP mapping is done correctly from the Configuration, Field Mapping, LDAP Mapping.
  While defining the workflow, take the approver determinator as Manager. This will route the request to the users manager. Also, ensure that LDAP is the source in all the confiuration areas in CUP.
  Check note 1228996 for more information.
  Hope this helps!!
  Regards,
  Raghu

• Admin Console not displaying new Users and Groups from LDAP

  We created a new Realm in WebLogic, which specifies the location of the Netscape
  LDAP server. Our Weblogic application, called TGSLC, is able to find the ldap
  server to use for authentication. My problem is this- the Admin Console is not
  displaying the new users and groups from the LDAP server. Shouldn't the WebLogic
  Admin Console display any users and groups specified in the ldap server, which
  is referenced in the customized Realm?

  Hi Andy,
  I am not sure why you are unable to see the users and groups through the
  console., you should be able to. Can you post the config.xml?
  thanks,
  -satya
  Andy Levy <[email protected]> wrote in message
  news:3b700c36$[email protected]..
  >
  We're running WLS 6.0 Sp2 on Windows 2000 Professional.
  "Satya Ghattu" <[email protected]> wrote:
  Andy,
  Could you please tell us what Version of Weblogic you are running?
  thanks,
  -satya
  Andy Levy <[email protected]> wrote in message
  news:[email protected]..
  We created a new Realm in WebLogic, which specifies the location ofthe
  Netscape
  LDAP server. Our Weblogic application, called TGSLC, is able to findthe
  ldap
  server to use for authentication. My problem is this- the Admin
  Console
  is not
  displaying the new users and groups from the LDAP server. Shouldn'tthe
  WebLogic
  Admin Console display any users and groups specified in the ldap
  server,
  which
  is referenced in the customized Realm?

• Logical Locking for User and Session ID possible?

  Hi colleagues!
  We are developing on NetWeaver CE 7.10 SP6
  Currently it is possible for a user to access the same business object (like a specific order number for example) in two separate browser tabs in parallel. This leads to many strange and unwanted side-effects.
  One option would be to use a non cumulative exclusive locking. However we would like to avoid that as we use the lock life time "user session". And in this case we would need to set the lock only at one place and could not assure the setting of the lock again at different places (lock() may only be called once in this case).
  It would be nice if the com.sap.engine.services.applocking.LogicalLocking class would support support a session based exclusive locking where the same lock can be applied multiple times but only for the same session. But this does not seem to be possible.
  Does anybody know a nice solution for this issue? How to avoid that the same user opens the same business object in multiple sessions? Ideally this should be callable from a CAF application service.
  Thanks and kind regards,
  Gunnar
  Edited by: Gunnar Goerke on Jul 6, 2009 4:07 PM
  Edited by: Gunnar Goerke on Jul 6, 2009 4:09 PM

  For analyze, we have synchronized 15 LDAP Users to Notes
  FirstName, Lastname and login attributes are from 1 to 15 characters lenght as following :
  givenname, lastname, UID
  1,1,1
  F2,L2,ID
  F33,L33,ID3
  F444,L444,ID44
  F5555,L5555,ID555
  F66666,L66666,ID6666
  F777777,L777777,ID77777
  F8888888,L8888888,ID888888
  F99999999,L99999999,ID9999999
  Faaaaaaaaa,Laaaaaaaaa,IDaaaaaaaa
  Fbbbbbbbbbb,Lbbbbbbbbbb,IDbbbbbbbbb
  Fccccccccccc,Lccccccccccc,IDcccccccccc
  Fdddddddddddd,Ldddddddddddd,IDddddddddddd
  Feeeeeeeeeeeee,Leeeeeeeeeeeee,IDeeeeeeeeeeee
  Fffffffffffffff,Lffffffffffffff,IDfffffffffffff
  Between 6 and 8 characters, le logical Name of the user is correct
  He is constructed as %fistname% %lastname%/DOMAIN
  Less than 6 or more than 8 characters, the logical name is not correct
  We can show the partial path of the lotus's data directory.
  I can send screenshot to an email Adress if you want
  Why this ? It's not usable
  PS : All certificates can be viewed without provide password !
  Why the LDAP password of the user's entry is not used to open the ID ?
  Thanks for your help.
  BRs
  Vincent

• Rename users display name from LDAP

  my OBIEE 10.1.3.4 does user authentication from LDAP on our domain Active Directory..
  a users display name was mis-spelled in Active Directory.. I corrected the mis-spelling.. but BI still shows it wrong..
  when the user is created is the display name then stored in an ATR file or somewhere in the catalog..
  were do I go to change it.. or how do I get it to update from Active Directory again..

  If the display name is really bothering the user, then you can do a work around like letting users to set their own display name by enabling the enable any user to set the value of the variable option for the DISPLAYNAME variable in the LDAP init block and calling it in the front end using NQSSetSessionValue().
  Hope this helps.
  Regards,
  -Amith.

• Retrieve all user id's from LDAP directory and populate in Oracle table.

  Guys,
  We've implemented LDAP authentication functionality in our application using Oracle's dbms_ldap package objects.
  Now,Is there any way that I can retrieve all user ids from the LDAP directory and store in an Oracle table?
  The distinguished name of authorized user as it appears in our LDAP directory is below:
  dn=uid=ab0472,ou=people,ou=xyz,o=world.
  Now I need to fetch all users uid's from the LDAP directory and populate in an Oracle table.Can somone help me with thoughts.
  Thanks,
  Bhagat

  Have a look at attachments API, since this also does the same thing except that it puts the file in fnd_lobs instead of the custom table.
  Thanks
  Tapash

• Presence the phone and mobile field entries not coming from LDAP

  I tested by changing name and all...working fine changes happening
  But the phone field is not coming at all
  ANY IDEA????

  I'm sorry if I misunderstood you. But it looks like there's some confusion here.
  Confusions and mistakes are usually caused by false assumptions.
  CUPC gets LDAP attributes from LDAP directly. CUPC does not retrieve those attributes from CUPS.
  If you're troubleshooting double-click on CUPC, the CUPS presence viewer doesn't help at all.
  When you double-click a contact in CUPC, CUPC dials the number in "BusinessPhoneNumber". By default "BusinessPhoneNumber" is mapped to "telephoneNumber" in Active Directory.
  If you cannot double-click a contact to dial, that's because "BusinessPhoneNumber" was blank.
  Michael
  http://htluo.blogspot.com

• Create alert for users not login in R12 for specific number of  days

  Dear experts
  we have R12.1.1 .
  i want to create auto alert for users who dont login to R12 application for defined period e.g 30 days .
  please tell me that can i implement this ?
  Regards

  i want to create auto alert for users who dont login to R12 application for defined period e.g 30 days .
  please tell me that can i implement this ?You can use Oracle Alert to do this. To check when was the last time the user logged in to the application, query FND_USER.LAST_LOGON_DATE (for example, SYSDATE - LAST_LOGON_DATE > 30).
  http://etrm.oracle.com/pls/et1211d9/etrm_pnav.show_object?c_name=FND_USER&c_owner=APPLSYS&c_type=TABLE
  Thanks,
  Hussein

• Using a User Store different from LDAP to identify users

  Hello everybody,
  I've developed a couple of authentication classes in Access Manager and
  I found the constrain to use a LDAP user store very limitative.
  I have to develop a class that check the credential against a table in
  a database. I've no LDAP user store at all. I find all the relevant
  information in the db. So I can correctly authenticate the user but I
  can't "say" to the Identity Server that the user is also correctly
  identified. In the code I can create a new NIDPPrincipal object with a
  (null UserAuthority) setting its properties for the authenticated user.
  It works but anyway I've to add a "fake" LDAP User store to be able to
  check the "identify user" option in the method definition in the
  Administration Console. And I presume that the Identity Server can
  became unstable because it can not find the User in the user store.
  I've looked at the LDAP Plugin extesion, trying to create a "wrapper"
  to the db, but the documented API is only about the LDAP definition and
  does not expose any interface to catch ldap search or read (or whatever
  else the Indentity Server may ask to the User store) so I guess that the
  LDAP access is hard-wired in the Identity server code. This approach
  seems very strange because the modular architecture of the NAM solution
  could work very well with other type of user stores than LDAP. I
  expected to find an interface to abstract the User Authority.
  I'm missing something or my argumentations are very wrong?
  Thanks
  Giovanni
  cannata_g
  cannata_g's Profile: http://forums.novell.com/member.php?userid=17484
  View this thread: http://forums.novell.com/showthread.php?t=422784

  cannata g wrote:
  >
  > Hello everybody,
  > I've developed a couple of authentication classes in Access Manager
  > and I found the constrain to use a LDAP user store very limitative.
  >
  > I have to develop a class that check the credential against a table in
  > a database. I've no LDAP user store at all. I find all the relevant
  > information in the db. So I can correctly authenticate the user but I
  > can't "say" to the Identity Server that the user is also correctly
  > identified. In the code I can create a new NIDPPrincipal object with a
  > (null UserAuthority) setting its properties for the authenticated
  > user. It works but anyway I've to add a "fake" LDAP User store to be
  > able to check the "identify user" option in the method definition in
  > the Administration Console. And I presume that the Identity Server can
  > became unstable because it can not find the User in the user store.
  >
  > I've looked at the LDAP Plugin extesion, trying to create a "wrapper"
  > to the db, but the documented API is only about the LDAP definition
  > and does not expose any interface to catch ldap search or read (or
  > whatever else the Indentity Server may ask to the User store) so I
  > guess that the LDAP access is hard-wired in the Identity server code.
  > This approach seems very strange because the modular architecture of
  > the NAM solution could work very well with other type of user stores
  > than LDAP. I expected to find an interface to abstract the User
  > Authority.
  >
  > I'm missing something or my argumentations are very wrong?
  I'm probably not really the right person but the way I see it is that
  NAM supports LDAP userstores therefore it kinda makes why the LDAP code
  is so heavily embedded. Maybe log an enhancement request to see if JDBC
  can be supported as an authentication mechanism.
  Cheers,
  Edward

• Responsibility not appearing for user after added from System Administrator

  Hi,
  I'm testing on R11510. After adding more responsibilities to a user from system administrator -> user -> define, logout and login to the user, the new responsibilities didn't show up. Anything I missed?
  Thanks for your help.

  Hi,
  Did you try to bounce Apache and see if it helps?
  Please see the suggested solutions in the following threads.
  Responsibility not appearing
  Re: Responsibility not appearing
  Assigned Responsibility Not Visible on Login through AppsLocalLogin.jsp
  Re: Assigned Responsibility Not Visible on Login through AppsLocalLogin.jsp
  Regards,
  Hussein

• Custom Auto Attendant Prompts through TUI not working for users who migrated from 2010 to 2013

  In Exchange 2010, we started using unified messaging and set up Auto Attendants. We setup a admin role/RBAC for people of a security group to be able to update the message on the auto attendants. They have the UMPrompts assigned role. All of this is working
  great in 2010. We have now migrated to 2013, and the users who were migrated from 2010 to 2013 can no longer update the messages through TUI. Newly created 2013 users can and are assigned the EXASCT same permission as the users who have been doing this for
  well over a year on 2010.  When they call the AA and press #,* they are asked to provide their extension, after doing so the system tells them that extension is not correct. and asks for the extension again.  Newly created users with the same permissions
  get prompted for their PIN and can log in and change the message just fine. 
  Confirmed Bug?  anybody else having this issue?
  What would be different for this process between a user who was migrated from a previous version like 2010 compared to a newer user who has only ever existed on 2013?

  What if the migrated 2010 users are in the same DB as the system mailbox? I had a similar issue during a migration; http://www.skypeadmin.com/2014/11/10/known-issue-um-automated-attendant-tui-editing-broken-migration/
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Address book card not updating from LDAP on server

  I am running 10.5.6 on a MacBook and connecting to a 10.5.6 server. If I search the LDAP directory in Address Book and add a found card to my Address Book, it should update automatically with any changes - the box is ticked in the LDAP Preferences in Address Book.
  The thing is, updates are not happening. I can connect to the server and searches come up with the information I want, but cards previously dragged to the Address Book from an earlier search never get updated.
  Any ideas, anyone?

  Hi,
  If a new OAB is set as default, please check whether the OAB folder in the following path is the latest date in Exchange sever:
  a. OAB generated in Mailbox:
  \\Program Files\Microsoft\Exchange Server\ ExchangeOAB
  b. OAB distribution in Client Access:
  \\Program Files\Microsoft\Exchange Server\ClientAccess\OAB
  If the OAB file is not generated, please collect any event logs in Mailbox server and provide your OAB virtual directory information for more troubleshooting. If the files in both of two folders are latest,
  we can try the following steps in Outlook to download Offline Address Book:
  1. Delete the *.oab files in the following folders in local machine:
       \Users\<username>\AppData\Local\Microsoft\Outlook\Offline Address Books
  2. Create a new Outlook profile that uses Cached Exchange Mode.
  3. Start Outlook 2010 with this new profile.
  4. In the ribbon click Send / Receive, click
  Send/Receive Groups and then click Download Address Book.
  For more information about OAB downloading and updating, please refer to Q5 to Q20 in:
  http://support.microsoft.com/kb/841273/en-us
  Regards,
  If you have any feedback for TechNet Subscriber Support, contact
  [email protected]
  Winnie Liang
  TechNet Community Support