OSB and LDAP

Does anyone know, how to authenticate any service based on LDAP credentials in OSB?
Thanks
AB

Since OSB delegates much of its security to underlying application server, you have to ask yourself "how to authenticate any service based on LDAP credentials in your application server running OSB".
In case of WebLogic, you can find useful information here:
http://download.oracle.com/docs/cd/E11035_01/wls100/secmanage/atn.html#wp1198953
However, configuring security realm parameters is not a simple task. You should probably read documentation carefully.

Similar Messages

Connectivity between OSB and LDAP

Hi All
We have a requirement to connect to LDAP from OSB (not for retrieving security related information) for querying business information like users, user groups and geographical hierarchy etc. I know there is no Adapter to use for integrating LDAP with OSB. Please suggest some implementation technique for this approach.
Thanks
Vishwanath

Which LDAP are you using ? If you are using OID you have a Ldapcleint.jar on the OID server, you can use that to connect.
If you are using openldsp you using the open source ldap jar files for the same.
Sample Code :-
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;
import oracle.ldap.util.jndi.*;
import oracle.ldap.util.*;
import java.io.*;
public class NickNameSearch {
public static void main(String[] args)
throws Exception
InitialLdapContext ctx = ConnectionUtil.getDefaultDirCtx( args[0],
args[1], args[2],args[3]);
RootOracleContext roc=new RootOracleContext(ctx);
Subscriber sub = null;
sub = roc.getSubscriber(ctx, Util.IDTYPE_DEFAULT, null, null) ;
PropertySetCollection psc = sub.getProperties(ctx,
Subscriber.USER_NAMING_PROPERTIES, null);
String nickNameAttribute = null;
try
nickNameAttribute = (String) psc.getPropertySet(0).getProperty(Subscriber.USER_NAMING_ATTR_SIMPLE).getValue(0);
catch (Exception e)
// unable to retrieve the attribute name
System.exit(0);
System.out.println("Nickname attribute: " + nickNameAttribute);
// Retrieve user using simple name, guid or DN
User user = sub.getUser(ctx, Util.IDTYPE_SIMPLE,"orcladmin", null);
System.out.println("user DN: " + user.getDN(ctx)); }
// Retrieve nickname value using User object
psc = user.getProperties(ctx, new String[]{ nickNameAttribute });
String nickName = null;
try
nickName = (String) psc.getPropertySet(0).getProperty(nickNameAttribute).getValue(0);
catch (Exception e)
// unable to retrieve the attribute value
System.exit(0);
System.out.println("Nickname : " + nickName);
Using the Java API Extensions to JNDI

OSB to LDAP

Team,
How do I connect from OSB to LDAP? Is there any LDAP adapter? If not, may be I have to use java code to connect to LDAP and use proxy service java call out.
Are there any samples for doing that?
Thanks in advance.

Below link can provide some inputs to solve your purpose.
https://forums.oracle.com/thread/2274238
Cheers,
Durga

Problem with ADS and LDAP

Problem with ADS and LDAP
I have installed Win2000 + sp1 and ADS on a computer. This computer is PDC.
After connection via LDAP I cann't get any object ( users or goups etc. ).
I try connect to ADS by java ( JNDI ).
When I use another clients of LDAP ( eg. Maxware Directory Explorer) I have
the same problem - no objects.
Can anybody help me?
Grzegorz Pszona
my e-mail: [email protected]

Thanks a lot.
Softerra's browser is really good.
Thanks
Rashmi
"Anant Kadiyala" <[email protected]> wrote:
>
I used Softerra's LDAP browser. The browser is free. There is also a
java baded
LDAP browser from Univ of Michigan. I found the Softerra browser to be
more easier
to use.
-anant
"rashmi" <[email protected]> wrote:
Hi,
Can you please let me know which exact ADS tool that you used to examine
the
DN. I have Active Directory Users and Computers, Sites and Servicesand
Domain
and Trusts installed on my machine but I am not able to figure out how
to get
the DN?
Thanks
Rashmi
for Stephen Davies <[email protected]> wrote:
Grzegorz,
I have had WLS6.1 & ADS working ok using LDAP V2. Mind you it did take
a
fair bit of messing around to get it going. MS does have a few oddities,
for example the Administrators DN might look something like this:
cn=Administrator,cn=Users,dc=eglobal,dc=net
One tool that I found invaluable came with the additional support tools
for Windows 2000. The 'Active Directory Administration Tool' made it
easy to list the directory contents and examine the DNs.
Regards,
Steve
Stephen Davies
Principal Consultant
eGlobal Services Pty. Ltd.
Sydney, Australia
Ph. +61 2 9283 1033
http://www.eglobal.net/

Single sign-on using Kerberos and Ldap

I am currently setting up single sign-on using Kerberos for authentication and Ldap for authorization and information store.
The setup includes several Solaris 8 & 9 workstations, a couple of SGI's, as well as a M$ terminal server farm, several WinXP desktops and their associated Active Directory.
I am required to authenticate etc against the AD. (which has M$ SFU3.5 installed)
I have the Kerberos authentication and part of the Ldap service working via pam & nss.
ie. I can logon to the solaris worksatations using the AD username and password, mount the home directory from a M$ NFS server.
BUT...
id gives:- userID, groupID (primary group only)
groups :- primary group only. (no secondary groups are listed)
Question: what additional configuration information do I need in the pam, nss &/or ldap config files, so that I can list the secondary groups.
Thanks in advance for any help.

After evaluating (giving up on, and finally throwing out) the Sun Directory server it looks like we are going to endup with a similar solution..
Sadly enough, the MS AD seems much more stable and easier to handle than Suns DS, kerberos and associated services.
Anyway, currently we are evaluating a product called vintela ( www.vintela.com ), and it seems very promising; its easy, robust, stable and does what we require it to do, as well as more :) It comes with an additional nss module called 'vas', so you easily can retrieve data like hosts/groups from your AD.
//M.

1 Admin console to manage OSB and SOA installed on different servers

Dear All,
We are planning to have OSB installed on Host 1 and SOA server installed on Host 2. But there will be one Admin console to manage these 2 for the ease of maintenance. When i was trying to install this configuration I had few issues. Hope SOA experts can help me with the configuration.
1)
As SOA and OSB are installed on 2 different host both the servers must have weblogic installed as pre requisite. So I will have
on host 1:
http://host1:7001/console
http://host1:7001/sbconsole
On host 2:
http://host2:7001/console (this is redundant)
http://host2:8001/soa-infra
2) Is it possible to inactivate http://host2:7001/console ? and add SOA server running on host2 to http://host1:7001/console. In the sense, I would like to control the SOA server from host 1.
Issue No :2
When I create a domain on Host 1 I just get the options for OSB and not SOA. It is obvious as SOA is not installed on Host1. but if that is the case, Is it possible to add SOA server running on host2 to host1. Is it going to be a cluster?
Is this configuration seems realistic? Has anyone implemented. Any pointers please.
Reagrds,
Aani

Hi Aani,
Please go through the blog series -
http://blogs.oracle.com/reynolds/2010/09/installing_an_11g_soa_cluster.html
You may also refer EDG -
http://download.oracle.com/docs/cd/E17904_01/core.1111/e12036/toc.htm
Regards,
Anuj
Edited by: Anuj Dwivedi on Feb 23, 2011 9:14 PM

Adding phones and users with bat and LDAP sync

What are the various ways of importing users with phones when the Communications Manager 9.0 is sync'd with LDAP. Also, what method is the easiest and fastest?
For example, I could do the following steps:
Sync CUCM with LDAP to import new users, add phones using bat files, manually update users to associate devices etc
I believe I should also be able to do the above method and use a bat file to update the users to associate devices etc. This method still involves 2 steps and the creation of 2 seperate bat files.
In CUCM version 9 it is possible to have local and LDAP users, so is it possible to add the phones and users using the phones/users tab of the bat file and have them beocme LDAP users?
Thank you,
Danny

#1 Remove this embedded CSS code from your HTML document(s). You don't need it.
body {
    background-color: #CCC;
body,td,th {
    color: #FFF;
    font-size: 14px;
#2 Open PW.css file and add this to the top:
body {
font-family: Arial, Helvetica, sans-serif;
font-size: 14px;
background-color: #CADFEB;
/**or insert a background-image using the CSS editor**/
#3 Remove font-family and font-size from all your other CSS selectors. You don't need to duplicate styles on every element.
#4 Replace this:
#content {
    position:absolute;
    left:199px;
    top:10px;
    width:860px;
    z-index:1;
    right: auto;
    background-color: #FFF;
    text-align: center;
    color: #000;
    height: auto;
with this:
#content {
     width:860px;
     margin: 20px auto;
     border: 4px solid silver;
     background-color: #FFF;
     text-align: center;
     color: #000;
     -moz-box-shadow: 5px 5px 5px #888;
     -webkit-box-shadow: 5px 5px 5px #888;
     box-shadow: 5px 5px 5px #888;
#5 Save your PW.css file and upload to server.
Nancy O.
Alt-Web Design & Publishing
Web | Graphics | Print | Media Specialists
http://alt-web.com/
http://twitter.com/altweb

OBIEE and LDAP problem

Hi all!
After connecting our OBIEE 11.1.1.5 to LDAP we faced with a strange problem: after one user enters the system any next user logged in has the same privileges in OBIEE as the first one.
We turned off the following caches:
- WebLogic Principal Validator Cache in a security realm Performance section
- Group Membership Lookup Hierarchy Caching in our LDAP authentication provider Performance section
But the problem still occurs. Does anyone have any suggestions on this?

Hi I was having endless issues with OBIEE and LDAP, I followed the exact steps here:
http://docs.oracle.com/cd/E17904_01/web.1111/e13707/atn.htm#SECMG169
These worked for me, so you could check for a start these recommended setting are same in your environment.
Thanks

XI 3.1 Client Tools and LDAP Authentication

I have Business Objects XI 3.1 SP2 installed. For the web clients (InfoView) single sign on and LDAP authentication are working correctly. However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
[repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?

Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
Take a look at note 1272536 (http://service.sap.com/notes)
Regards,
Stratos

I want to see list of Disabled user from AD and LDAP

Hi
i wan see the list of disabled user from AD and LDAP and it shows in the next page as Tabular format
having all the details of AD (Attributes)

Hi
i wan see the list of disabled user from AD and LDAP and it shows in the next page as Tabular format
having all the details of AD (Attributes)

Connected MDM and LDAP, but but now what? Why user mapping?

Hi Gurus,
In my last thread, I posted that I was not able to connect MDM with LDAP. I was finally able to.
My problem now is I have to define user mapping in SAP Portal for the MDM business iViews to work.
By connecting MDM and LDAP, I got the benefit that now the authentication and authorization is happening via LDAP.
But this does eliminate the need for user mapping. If this is the case then why the real benefit of using LDAP?
In this case this becomes worse as I need to know the user's LDAP Password which no body will share for sure.
Any ideas? I want to get rid off this user mapping stuff.
Warn Regards,
Karan

without knowing specifics of ur architecture, i can quickly point out two things:
1) LDAP is primarily used for authentication, true.
2) Portal User mapping should not be an issue if u already have portal tied up to the active directory or some kind of single sign on?
So portal knows the users who has logged it, polls the Active directory for authentication and Active directory logs into MDM with that users role.
-Sudhir

ISE and LDAP Integration

Hello,
I have a question about the LDAP integration with the ISE:
Since the ISE has a limitation of reading only 100 groups, I cannot find the groups that I need to use on the authorization, and also the ISE cannot find group if I search for it directly.
What I mean here, that I can fetch the first 100 groups from the top of the directory, but when I search as example for any group (appear on the list or not) the ISE did not find it.
Even I tried to change the base DN and the search DN but without luck.
The ISE version is 1.1.4 installed on VM and the LDAP schema is AD.
Is there any missing information/tips required in such integration?

Hello,
I found a cisco doc that provides resolution of Key Features of Integration of Cisco ISE and LDAP .I hope this helps!
This section contains the following:
•Directory Service
•Multiple LDAP Instances
•Failover
•LDAP Connection Management
•User Authentication
•Authentication Using LDAP
•Binding Errors
•User Lookup
•MAC Address Lookup
•Group Membership Information Retrieval
•Attributes Retrieval
•Certificate Retrieval
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1059913

OSB and BPEL Capacity Planning

Guys,
I am looking for a start point to begin a capacity planing of OSB and BPEL infrastructure.
What are the parameters to take in account?
How many managed servers?
RAM?
CPU?
I know that some answers might be shallow because there are so many factor to work with, but I need a small guidance.
Anyone?
Thanks a lot

You can't expect a serious answer to your question. With so many unknown factors in place ...
However, if we stay on this "general level", then based on my experience I can easily say that OSB is not greedy at all. You can handle tens to hundreds of requests per second on a retail hardware. Of course, it all depends on the character of your services. The more complexity (XQuery, XSLT, service callouts, java callouts) you add to your services the more power you need.

How to configure osb and soa in single domain

Hi all,
hope all are fine.
sorry if this question is already posted.
I installed wls 10.3.6 and osb 11.1.1.6 & SOA 11.1.1.6 and domain cofiguration also successful.
in domain cofiguration i selected both osb and soa.
all (wls,osb,soa ) servers are up but soa_infra was down. I am unable to see soa folder in em.
where is the problem please provide solution for this...
thanks in advance.
Thanks
Mohan

Hi Harsh,
I tried with(developer template) that but again soa_infra was down. i am getting user messaging services.
admin server logs are
oracle.mds.lcm.exception.MDSLCMException: MDS-01330: unable to load MDS configuration document
MDS-01329: unable to load element "persistence-config"
MDS-01370: MetadataStore configuration for metadata-store-usage "soa-infra-store" is invalid.
ORA-04063: package body "DEV_MDS.MDS_INTERNAL_SHREDDED" has errors
ORA-06508: PL/SQL: could not find program unit being called: "DEV_MDS.MDS_INTERNAL_SHREDDED"
ORA-06512: at line 1
     at oracle.mds.internal.lcm.deploy.DeployManager.deploy(DeployManager.java:733)
     at oracle.mds.internal.lcm.deploy.DeployManager.startDeployment(DeployManager.java:204)
     at oracle.mds.internal.lcm.MDSLifecycleListenerImpl.start(MDSLifecycleListenerImpl.java:215)
     at oracle.mds.lcm.weblogic.WLLifecycleListener.preStart(WLLifecycleListener.java:77)
     at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
     at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:199)
     at weblogic.application.internal.flow.BaseLifecycleFlow.preStart(BaseLifecycleFlow.java:62)
     at weblogic.application.internal.flow.HeadLifecycleFlow.prepare(HeadLifecycleFlow.java:283)
     at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
     at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
     at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
     at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:59)
     at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
     at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
     at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:144)
     at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
     at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
     at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
     at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
     at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
     at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
     at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
     at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.mds.config.MDSConfigurationException: MDS-01330: unable to load MDS configuration document
MDS-01329: unable to load element "persistence-config"
MDS-01370: MetadataStore configuration for metadata-store-usage "soa-infra-store" is invalid.
ORA-04063: package body "DEV_MDS.MDS_INTERNAL_SHREDDED" has errors
ORA-06508: PL/SQL: could not find program unit being called: "DEV_MDS.MDS_INTERNAL_SHREDDED"
ORA-06512: at line 1
     at oracle.mds.config.PConfig.loadFromBean(PConfig.java:959)
     at oracle.mds.config.PConfig.<init>(PConfig.java:758)
     at oracle.mds.config.MDSConfig.loadFromBean(MDSConfig.java:787)
     at oracle.mds.config.MDSConfig.loadFromElement(MDSConfig.java:848)
     at oracle.mds.config.MDSConfig.<init>(MDSConfig.java:491)
     at oracle.mds.config.MDSConfig.<init>(MDSConfig.java:438)
     at oracle.mds.internal.lcm.deploy.DeployManager.deploy(DeployManager.java:516)
     ... 27 more
Caused by: oracle.mds.exception.MDSExceptionList: MDS-01329: unable to load element "persistence-config"
MDS-01370: MetadataStore configuration for metadata-store-usage "soa-infra-store" is invalid.
ORA-04063: package body "DEV_MDS.MDS_INTERNAL_SHREDDED" has errors
ORA-06508: PL/SQL: could not find program unit being called: "DEV_MDS.MDS_INTERNAL_SHREDDED"
ORA-06512: at line 1
     at oracle.mds.config.PConfig.loadFromBean(PConfig.java:953)
     ... 33 more
I installed rcu correctly and db is up and i installed following combination
oepe-wls-indigo-installer-11.1.1.8.0.201110211138-10.3.6-win32
ofm_rcu_win_11.1.1.6.0_disk1_1of1
ofm_osb_generic_11.1.1.6.0_disk1_1of1
ofm_soa_generic_11.1.1.6.0_disk1_1of2
is there any mismatch combination.
Thanks
Mohan
Edited by: Mohan SOA on Sep 12, 2012 12:39 AM

OSB and SOA Server (Mediator) Design question

As OSB is the strategic ESB and is used for external services does it make sense that all communication must go out via the OSB.
For example if I have a request that comes in gets routed through the OSB and then calls a backend composite which contains a BPEL that sits on the Oracle SOA server that calls multiple external services (CRM, SAP etc..) Would all the calls out from the BPEL then go back to the OSB and out to the external services (via proxy/business services.) This seems to add a lot of network hops to the whole architecture.
I can't really seem to find a diagram to explain this but an external service consumer could call the Oracle SOA stack that will come in via the OSB (for security gateway as OWSM 11g doesn't support gateway yet.) Then get transformed into the CDM and then passed on to the Oracle SOA server that has a composite service with BPEL that orchestrates multiple calls to internal and external services. The external ones requiring a transformation back into the service providers format.
How does this flow work?

If you are talking to external B2B systems you should use the Oracle B2B Server, have a look at this link,
http://download.oracle.com/docs/cd/E14571_01/integration.1111/e10229/b2b_intro.htm#CEGGAGJA
Section 1.6 in there gives a good example of doing just that. The OSB mediator is responsible for talking between CDM's in this case so it does some internal work, within one CDM set of services and then when ready the mediator translates from CDM to the format needed for the B2B. The B2B Server then does all the clever stuff needed to talk to the B2B partner.
In the internal case where the call is within the Enterprise the Oracle documentation states that there may be cases when doing this translation from CDM to legacy format may take place within the SOA server but recommends that it is normally done using the mediator in the same way as with partner calls. The 11g developer documentation states "The stated direction by Oracle is for the Oracle Service Bus to be the preferred ESB for interactions outside the SOA Suite. Interactions within the SOA Suite may sometimes be better dealt with by the Oracle Mediator component in the SOA Suite, but we believe that for most cases, the Oracle Service Bus will provide a better solution and so that is what we have focused on within this book."
Just what those exceptions are is an interesting question. If you have a CDM and all of your legacy world has translators you will spend all of your time hoping up to the mediator and back down maybe that is the exception. If everything is using the mediator then the SOA orchestration power is lost. If on the other hand most of your system lives within a canonical schema and there is one exception perhaps you make it pay the price for non-conformance.

OSB and LDAP

Similar Messages

Maybe you are looking for