Problem with Security Role mapping and LDAP

Hi,
In Oracle Internet Directory I've created a group called OIDGroup1.OIdGroup1 has 2 users : OIDuser1 and OIDuser2.
OIDGroup1 is mapped to EjbRole1 (is a security role defined in ejb-jar.xml, EjbRole1 can do everything in the application).Now if I login as OIDuser1 or OIDuser2, application said that the user does not
have authorization to execute some method. The mapping in my orion-application.xml is :
<security-role-mapping name="EjbRole1">
<group name="admin/OIDGroup1"/>
</security-role-mapping>
<jazn provider="LDAP" location="ldap://myhost:4032"><jazn-web-app auth-method="SSO"/></jazn>
if I modified orion-application.xml like this :
<security-role-mapping name="EjbRole1">
<group name="admin/OIDGroup1"/>
<user name="admin/OIDuser1"/>
</security-role-mapping>
then login as OIDuser1, it works. But it does not work with OIDuser2.
That's is a problem for me because our customer can not manage the user/group
easily : each time they have a a new user, instead of simply adding this user
in the OIDGroup1 (with graphic interface of OIDAS), they have to modify
orion-application.xml.
Do you have any idea ?
Thanks in advance
regards

I found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).

Similar Messages

  • Problem with security role

    Hello,
    I have Enterpise Portal 7.0 SP13 instance (only Java stack installed). My enviroment is AIX 5.3 and Oracle 10.
    This instance has a lot of security alerts in the default trace log, like this:
    #1.5^H#C2B30000C03D006400000039000A9084000443246AFD6467#1199723599717#com.sap.engine.services.security.roles.SecurityRoleImpl##com.sap.engine.services.security.roles.SecurityRoleImpl#j2ee_admin#1208####41667d10bd3e11dccc51c2b30000c03d#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/System/Security/Audit/J2EE#Java###:Authorization check for caller assignment to J2EE security role [ : ].#3#ACCESS.ERROR#SAP-J2EE-Engine#guests#
    Anyone knows what is it?
    Regards
    Rodrigo

    I found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).

  • Problem with Sun Outlook connector Microsoft LDAP Directory MAPI Service Pr

    Dear All
    I have big problem with sun outlook connector and I can find any way to fix the problem,
    I am using sun java system connector deployment to create installation script for my clients.
    in the tool I have specify the location of Microsoft LDAP services, I am using outlook 2003 and sun say this option is not needed for outlook 2003, if I try to create the script and run the script on target client I will receive below error,
    I tried the office CD-ROM as path for LDAP services but the outlook connector says there is no LDAP services on the CD and I receive same error,
    19:02:29 [5365] Outlook version is 11.0.5608.0.
    19:02:29 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
    19:02:29 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
    19:02:31 [5362] Checking Windows version.
    19:02:31 [5363] Windows version is 5.1.
    19:02:31 [5364] Checking Outlook version.
    19:02:31 [5509] Checking default mail client.
    19:02:31 [5508] Default mail client is 'Microsoft Outlook'.
    19:02:31 [5178] Verifying that Outlook is not running.
    19:02:31 [5179] Trying to login to shared session.
    19:02:31 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
    19:02:32 [5502] Upgrading the Sun Java System MAPI Service Providers.
    19:02:40 [5370] Finished installing Sun Java System MAPI Service Providers.
    19:02:40 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
    19:02:40 [5367] Sun Java System MAPI Service Providers are installed.
    19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    19:02:41 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
    Best regards
    Mo

    Hi,
    Have a look at:
    http://forum.java.sun.com/thread.jspa?messageID=9320116
    Directions on the installation/configuration and requirements of the outlook connector (for 2005Q4 since you haven't told us what version of the comm suite you are using) are available at docs.sun.com e.g.
    http://docs.sun.com/app/docs/prod/2783#hic
    Outlook connector requires that you have UWC (a.k.a communication express) installed and configured, which has it's own requirements. UWC provides the single web-interface to mail & calendar & address-book. Outlook uses the address-book functionality via UWC, IMAP and SMTP for messaging/email, plus WCAP for calendar.
    Regards,
    Shane.

  • Hello I have a problem with security questions and i cant reset to my email  The error was   Exceeded Maximum Attempts  We apologize, but we were unable to verify your account information with the answers you provided to our security questions. You have

    Hello
    I have a problem with security questions and i cant reset to my email
    The error was
    Exceeded Maximum Attempts
    We apologize, but we were unable to verify your account information with the answers you provided to our security questions.
    You have made too many attempts to answer these questions. So, for security reasons, you will not be able to reset password for the next eight hours.
    Click here      for assistance.
    i waited more than eight hours. and back to my account but it is the same ( no change ) i cant find forgot your answers
    http://www.traidnt.net/vb/attachment...134863-333.jpg
    can you help me please

    Alternatives for Help Resetting Security Questions and Rescue Mail
         1. Apple ID- All about Apple ID security questions.
         2. Rescue email address and how to reset Apple ID security questions
         3. Apple ID- Contacting Apple for help with Apple ID account security.
         4. Fill out and submit this form. Select the topic, Account Security.
         5.  Call Apple Customer Service: Contacting Apple for support in your
              country and ask to speak to Account Security.
    How to Manage your Apple ID: Manage My Apple ID

  • Use of default XACML with custom role mapper and authorization provider

    Hi,
    Is it possible to use the default XACML provider for custom role mappers and authorization providers when role information will be provided via an external application ( not an LDAP or RDBMS server )?
    My custom providers will be communicating with the external application via an API that accepts user credentials and will return decisions whether the credentials were successfully authenticated as well as returning a list of roles for the authenticated user.
    Once the roles and the subject are cached, will the default XACML provider be able to use them to make role mapping and authorization decisions?

    I see 2 approaches. First, write a custom authenticator that stores the role information in the subject either by creating a custom java.security.Principal that is stored in the Subject or by saving it in PrivateCredentials of the Subject. Then right a custom role mapper that knows how to get the role information from the Subject and return a role Map. The default XACML Authorizer will then work with the role information in the role map.
    Second approach is to write a custom role mapper that looks up the role information based on the Subject and returns a role map.
    The chosen approach depends on where you're getting the role information from.

  • Problem with sun outlook connector,  Microsoft LDAP services

    Dear All
    I have big problem with sun outlook connector and I can find any way to fix the problem,
    I am using sun java system connector deployment to create installation script for my clients.
    in the tool I have specify the location of Microsoft LDAP services, I am using outlook 2003 and sun say this option is not needed for outlook 2003, if I try to create the script and run the script on target client I will receive below error,
    I tried the office CD-ROM as path for LDAP services but the outlook connector says there is no LDAP services on the CD and I receive same error,
    19:02:29 [5365] Outlook version is 11.0.5608.0.
    19:02:29 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
    19:02:29 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
    19:02:31 [5362] Checking Windows version.
    19:02:31 [5363] Windows version is 5.1.
    19:02:31 [5364] Checking Outlook version.
    19:02:31 [5509] Checking default mail client.
    19:02:31 [5508] Default mail client is 'Microsoft Outlook'.
    19:02:31 [5178] Verifying that Outlook is not running.
    19:02:31 [5179] Trying to login to shared session.
    19:02:31 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
    19:02:32 [5502] Upgrading the Sun Java System MAPI Service Providers.
    19:02:40 [5370] Finished installing Sun Java System MAPI Service Providers.
    19:02:40 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
    19:02:40 [5367] Sun Java System MAPI Service Providers are installed.
    19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    19:02:41 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
    Best regards
    Mo

    This is likely to depend on the version of the OC you have. The released one isn't supposed to work with Outlook 2003. Please contact Tech Support for the latest version and help.

  • Problems with external context mapping

    Hi ,
    I am having the following problems with external context mapping from one WD component to another.
    Problem description:
    In the <i>Component Interfaces</i> I have defined a WD interface "InfA".
    In the <i>interface controller</i> of this compoenent,I have ContextA and attributeA(cardinality 1..1).The contextA is marked as an "Input Element".
    Now my webdynpro componentB adds InfA as used component.In componentB I decalre a contextB with attributeB and map it to contextA to set up the external context mapping.
    Now I expect that if any webdynpro component implements this WD interface InfA ,he has access to contextA with the data getting filled from contextB.
    After i have created the component for the used component I try to fill values in the source node contextB thru this code:
    wdContext.currentContextB.setB(value);
    But in the runtime I keep getting error nullPointerException for nodeContextB,suggesting that the mapping has not been completed.
    Can anyone suggest due to what the error can come ,and, if its a webdynpro bug ,is there a workaround??
    Thanks in advance for your help.
    Best regards
    Sourav

    HI,
    Valery : I personally checked  by doing the example, if the names of value attribute are different in the child's interface and parents component controller then it throws the exception.
    Sourav: NullPointer Exception is thrown when something is not properly initialised, if in the main component the cardinality of mapped origin is 1.1 then you need to access it element directly like:
    wdContext.currentParentNodeElement().setFname("Abhijeet");
        wdContext.currentParentNodeElement().setLname("M");
    i will suggest just check out if you are declaring some element of value node and without initialising taking its use or what?
    if this doesnt solve your problem, please post the expanded exception.
    hope it helps
    let me know if you face nay problem
    regards

  • HT5312 Problem with security question

    I have Problem with security question

    The Best Alternatives for Security Questions and Rescue Mail
         1.  Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
         2.  Call Apple Support in your country: Customer Service: Contact Apple support.
         3.  Rescue email address and how to reset Apple ID security questions.
    An alternative to using the security questions is to use 2-step verification:
    Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

  • HT5699 Having problem with security question

    Cannot get iTunes card to work having problem with security question

    Alternatives for Help Resetting Security Questions and Rescue Mail
         1. Apple ID- All about Apple ID security questions.
         2. Rescue email address and how to reset Apple ID security questions
         3. Apple ID- Contacting Apple for help with Apple ID account security.
         4. Fill out and submit this form. Select the topic, Account Security.
         5.  Call Apple Customer Service: Contacting Apple for support in your
              country and ask to speak to Account Security.
    How to Manage your Apple ID: Manage My Apple ID

  • Problems with ESS in  "Career and Jobs" in option "Appraisal Document"

    hi
    My problem with ESS in "Career and Jobs" menu in the option "Appraisal Document" is not appear the appraisal documents or my my question is...
    What I can customize for appear the "Appraisal Documents"?
    My ESS shows the following screens:
    http://img295.imageshack.us/img295/3451/appraisalportal.jpg (there is also a problem with the flash player, I marked with red rectangle)
    I found looking on the internet that had to configure the Performance Management
    I entered in SPRO tcode, follow these steps
    http://img580.imageshack.us/img580/2598/appraisal1.jpg (Entered in "Define Templates in Performance Management")
    http://img215.imageshack.us/img215/6233/appraisal2.jpg
    http://img651.imageshack.us/img651/4243/appraisal3.jpg
    http://img340.imageshack.us/img340/622/appraisal4.jpg
    http://img52.imageshack.us/img52/1842/appraisal5.jpg (click in "End Configuration")
    http://img534.imageshack.us/img534/8746/appraisal6a.jpg (Error screen part 1)
    http://img4.imageshack.us/img4/1261/appraisal6b.jpg  (Error screen part 2)
    I hope the answers and posts, I wonder if my chosen way(configuring the Performance Managemente)  is correct
    thanks for posts
    Ivan

    thanks Chris for comments,
    Now I customize the "Appraisal Document"
    http://img18.imageshack.us/img18/4640/uiapraisal.jpg (Here I can see the evaluation that was done in the back-end)
    but, I clicked in the hiperlink of  "Appraisal Document Name",  I see this error:
    http://img80.imageshack.us/img80/8157/uiapraisal2.jpg (Error:<b>Page not found or not avaible</b>)
    even before I saw another error (<b>"There is no iView available for system "SAP_ERP_HumanResources": object "employee". For more information, contact your administrator."</b>) in others posts(questions in sap forums) mentioned, These included the following notes
    1468466 Performance Management Launchpad Configuration
    1463821 Performance Management Portal Configuration
    1416756 OBN Configuration in Performance Management
    1408243 Configuration for object-based navigation
    They recommended me in the back-end include roles in the resources:
    http://img401.imageshack.us/img401/8048/uiapraisala.jpg
    http://img689.imageshack.us/img689/9359/uiapraisalb.jpg
    The note number 1463821(especially), I recommend the following
    <a href="https://websmp230.sap-ag.de/sap(bD1lcyZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1463821" target=nieves>note 1463821</a> (link note)
    http://img88.imageshack.us/img88/7484/uiapraisal1.jpg (LPD_CUST tcode)
    http://img266.imageshack.us/img266/7405/uiapraisal1b.jpg (Check in "Restricted Parameters" and "Active" - "EXT_HEAD")
    but in these notes appointing a role that I could not find on my system that is:
    pcd:portal_content/com.sap.pct/line_manager/com.sap.pct.erp.mss.bp_folder/com.sap.pct.erp.mss.14.bp_folder/com.sap.pct.erp.mss.14.pages/com.sap.pct.erp.mss.hcm/com.sap.pct.erp.mss.appraisal_document_wd_ui
    because, I was looking at my porta's role  (With reference "Appraisals Document")
    http://img97.imageshack.us/img97/5167/uiapraisal3a.jpg
    http://img413.imageshack.us/img413/5643/uiapraisal3b.jpg
    http://img534.imageshack.us/img534/4585/uiapraisal3c.jpg
    http://img203.imageshack.us/img203/4605/uiapraisal3d.jpg
    Finally, my main error is :<b>Page not found or not avaible</b> (I referred at the beginning of the post http://img80.imageshack.us/img80/8157/uiapraisal2.jpg)
    Why I see this error (Page not found or not avaible)?
    http://img80.imageshack.us/img80/8157/uiapraisal2.jpg (Error:Page not found or not avaible)
    I hope the helps, and thaks very much.
    Ivan

  • HT201363 hello,I have a problem with security questions.i don't remember the answer. can you help me please

    hello,I have a problem with security questions.i don't remember the answer,please help me. i don't know how to manage this

    You need to ask Apple to reset your security questions; ways of contacting them include phoning AppleCare and asking for the Account Security team, clicking here and picking a method for your country, and filling out and submitting this form.
    They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
    (104775)

  • I downloaded a new version of firefox. It said it had problems with my norton toolbar and now it doesn't feature it in the window. I'm not that comp savvy. How do I either get the Norton toolbar up or go back to the old firefox? Thank you.

    I downloaded a new version of firefox. It said it had problems with my norton toolbar and now it doesn't feature it in the window. I'm not that comp savvy. How do I either get the Norton toolbar up or go back to the old firefox? Thank you.

    Please authorize ADE 3 with same credentials that you used with older version of ADE

  • After having yet another problem with my MacBook Pro and having to wipe the drive, I am now unable to sync my iPhones etc without erasing all the music on them. Is there a way around this? I have no other library!

    After having yet another problem with my MacBook Pro and having to wipe the drive, I am now unable to sync my iPhones etc without erasing all the music on them. Is there a way around this? I have no other library!
    iTunes is a mess! It couldn't find it's own libraries and I was forced to create a new one. Now I don't know where my music is or if any's missing.

    columbus new boy wrote:
    How crap is that?
    It's not crap at all.
    It's not that simple. For example, I've 3500 songs on my MacBook but don't want them all on my phone, so I have to manually select each song again???
    There has to be a solution.
    Why not simply make a playlist with the songs you want on the iPhone?
    and maintain a current backup of your computer.

  • I tried downloading a free app and it asked for my billing information and when i entered it, it says that there was a billing problem with a previoud purchase and i have to update it. I keep updating it and it wont let me verify it and i cant get apps

    I tried downloading a free app and it asked for my billing information and when I entered it, it said that there was a billing problem with a previous purchase and I have to update it. I keep updating it and it wont let me verify it and I cant get any apps even if they are free, and I just Deleted some apps to make room for my new upate!

    The message says: "The payment method has been denied, try another method"
    I'm living in the same country and city since I was born, so I don't think the location is the problem.
    And yes, I paid with the card a meal in Burguer King today. And nothing more.

  • HT3552 I have been trying to download apps from the app store and every time it tells me there is a problem with my previous billing and direct me to put in new billing information and every time i do that it still will not let me download any apps.

    I have been trying to download apps from the app store and every time it tells me there is a problem with my previous billing and direct me to put in new billing information and every time i do that it still will not let me download any apps.

    Have a look here >  http://support.apple.com/kb/TS1646

Maybe you are looking for

  • Adobe Muse will not open

    I am a CC subscriber, I use Dreamweaver and Photoshop daily and open them with no problems. I've used Muse on several occasions, but not within the past few weeks. When I tried to open Muse this morning, I got this message: There are no other options

  • Final Cut Express HD 3.0 + OS X 10.4.9

    Hi, Having major problems with FCE HD, found the below note on Apple's support which of course i have both of those versions! I have tried to update my FCE to version 3.1 but as it begins to install the computer interrupts and states that i dont need

  • G/L Account assigned to Asset's Account determination.

    Hi All, I have a asset number 13858 and sub-asset number as 0 and Acct determination as 40000. The G/L Account assigned to Acct determination is 10600010. I can get all the details by going to AS03. I am looking to get G/L Account from table where As

  • LSMW to upload Vendor Master Data

    Hi, I am trying to upload the vendor data for more than 1000 records from flat file structure to sap using LSMW (standard batch/ direct input) for XK01 transaction code. For uploading the house and street address i have created additional fields STR_

  • Can I publish to blogger from iWeb?

    I want to publish from iWeb but I don't want to pay for a website, and I'm only going to blog for a couple of months while I am on vacation. Any Thoughts?