Query eDirectory LDAP using VB -
Hey, I've been searching for days for a solution to vbe abe to do a
simple query against eDirectory that would return an attribue from
user's accounts.
There seems to be very little information on this and the little I have
doesnt work either so is there anyone out there who would have this
knowledge or better sill code?
Thanks
Ramara
rainiera
rainiera's Profile: http://forums.novell.com/member.php?userid=61239
View this thread: http://forums.novell.com/showthread.php?t=382627
It's not much different than querying AD or any other LDAP directory.
Here's an example for AD, just modify the base appropertly.
http://www.experts-exchange.com/Prog..._21662853.html
Jared Jennings
Novell Support Forums Sysop
Senior Systems Architect, Data Technique, Inc.
http://www.datatechnique.com
My Blog and Wiki with Tips, Tricks, and Tutorials
http://jaredjennings.org
Twitter@ http://twitter.com/jaredljennings
Similar Messages
-
Show Stopper today with eDirectory (LDAP)
We are currently setting up Sun IDM 5.5 and are trying to do
reconciliation with an eDirectory 8.6.2 (10350.29) but are experiencing
severe performance issues. The directory contains groups with large scale
membership base, some groups 25.000+ members.
Same scenario occurs with Sun IDM 5.0 SP5.
When isolating to a single OU as baseDN with 10 accounts, a full clean
reconciliation takes 6-10 minutes. The network has thoroughly been
debugged, and no errors or issues have been found. Manual browsing in the
eDirectory with various ldap-tools without any issues. The total case
involves a total of more than 30.000+ accounts.
A test with identical user data in a Sun Directory Server 5.2 does the reconciliation take approx 2-3 seconds.
The eDirectory LDAP RA adapter can be viewed below. Any insight, or similar experiences are of great value and importance! Anything that can help me get this on track...
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Resource PUBLIC 'waveset.dtd' 'waveset.dtd'>
<!-- MemberObjectGroups="#ID#Top" hostname="130.243.85.109" id="#ID#F77594225BD088E0:775121:1065E88DBC9:-7FE5" name="NDS" startupType="Disabled" supportedObjectTypes="Group|Domain|Organization|Organizational Unit" supportsContainerObjectTypes="true" supportsScanning="false" syncEnabled="false" syncSource="true" type="LDAP"-->
<Resource id='#ID#F77594225BD088E0:775121:1065E88DBC9:-7FE5' name='NDS' creator='Configurator' createDate='1126879507899' lastModifier='Configurator' lastModDate='1126886340268' lastMod='19' class='com.waveset.adapter.LDAPResourceAdapter' typeString='LDAP' typeDisplayString='com.waveset.adapter.RAMessages:RESTYPE_LDAP' hasId='true' facets='provision' timeLastExamined='0' reconcileTime='0' syncSource='true' startupType='Disabled'>
<ResourceAttributes>
<ResourceAttribute name='host' displayName='com.waveset.adapter.RAMessages:RESATTR_HOST' description='RESATTR_HELP_240' value='130.243.85.109'>
</ResourceAttribute>
<ResourceAttribute name='port' displayName='com.waveset.adapter.RAMessages:RESATTR_PORT' description='RESATTR_HELP_264' value='389'>
</ResourceAttribute>
<ResourceAttribute name='ssl' displayName='com.waveset.adapter.RAMessages:RESATTR_SSL' description='RESATTR_HELP_281' value='0'>
</ResourceAttribute>
<ResourceAttribute name='principal' displayName='com.waveset.adapter.RAMessages:RESATTR_USERDN' description='RESATTR_HELP_271' value='cn=admin,ou=nds,ou=res,o=mdh'>
</ResourceAttribute>
<ResourceAttribute name='credentials' displayName='com.waveset.adapter.RAMessages:RESATTR_PASSWORD' type='encrypted' description='RESATTR_HELP_219' value='izkkkM1YJto='>
</ResourceAttribute>
<ResourceAttribute name='baseContext' displayName='com.waveset.adapter.RAMessages:RESATTR_BASE_CTXS' description='com.waveset.adapter.RAMessages:RESATTR_BASE_CTX_DESC' multi='true' value='ou=06,ou=STUDENT,ou=ANV,o=mdh'>
</ResourceAttribute>
<ResourceAttribute name='Object Class' displayName='com.waveset.adapter.RAMessages:RESATTR_OBJECT_CLASS' description='RESATTR_HELP_253' multi='true'>
<value>top</value>
<value>person</value>
<value>organizationalPerson</value>
<value>inetorgperson</value>
<value>ndsLoginProperties</value>
</ResourceAttribute>
<ResourceAttribute name='ldapSearchFilter' displayName='com.waveset.adapter.RAMessages:RESATTR_LDAP_SEARCH_FILTER' description='com.waveset.adapter.RAMessages:RESATTR_HELP_LDAP_SEARCH_FILTER'>
</ResourceAttribute>
<ResourceAttribute name='includeObjClassesInSearchFilter' displayName='com.waveset.adapter.RAMessages:RESATTR_INCL_OBJCLASSES_IN_SEARCH_FILTER' type='boolean' description='com.waveset.adapter.RAMessages:RESATTR_HELP_INCL_OBJCLASSES_IN_SEARCH_FILTER' value='true'>
</ResourceAttribute>
<ResourceAttribute name='wsname' displayName='com.waveset.adapter.RAMessages:RESATTR_WSNAME' description='RESATTR_HELP_292' value='cn'>
</ResourceAttribute>
<ResourceAttribute name='Display Name Attribute' displayName='com.waveset.adapter.RAMessages:RESATTR_DISPLAY_NAME_ATTR' description='RESATTR_HELP_41'>
</ResourceAttribute>
<ResourceAttribute name='Use blocks' displayName='com.waveset.adapter.RAMessages:RESATTR_USE_BLOCKS' description='RESATTR_HELP_192' value='1'>
</ResourceAttribute>
<ResourceAttribute name='blockCount' displayName='com.waveset.adapter.RAMessages:RESATTR_BLOCKCOUNT' description='RESATTR_HELP_34' value='100'>
</ResourceAttribute>
<ResourceAttribute name='groupMemberAttr' displayName='com.waveset.adapter.RAMessages:RESATTR_GRP_MBR_ATTR' description='RESATTR_HELP_233' value='groupMembership'>
</ResourceAttribute>
<ResourceAttribute name='Password Hash Algorithm' displayName='com.waveset.adapter.RAMessages:RESATTR_PASSWORD_HASH_ALG' description='RESATTR_HELP_49'>
</ResourceAttribute>
<ResourceAttribute name='changeNamingAttr' displayName='com.waveset.adapter.RAMessages:RESATTR_MOD_NAMING_ATTR' description='RESATTR_HELP_47' value='0'>
</ResourceAttribute>
<ResourceAttribute name='Object Classes to Synchronize' displayName='com.waveset.adapter.RAMessages:RESATTR_ACTIVE_SYNC_OBJECT_CLASSES' description='com.waveset.adapter.RAMessages:RESATTR_HELP_ACTIVE_SYNC_OBJECT_CLASSES' multi='true' facets='activesync'>
<value>person</value>
<value>organizationalPerson</value>
<value>inetorgperson</value>
</ResourceAttribute>
<ResourceAttribute name='LDAP Filter for Accounts to Synchronize' displayName='com.waveset.adapter.RAMessages:RESATTR_ACTIVE_SYNC_LDAP_FILTER' description='com.waveset.adapter.RAMessages:RESATTR_HELP_ACTIVE_SYNC_LDAP_FILTER' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='Attributes to synchronize' displayName='com.waveset.adapter.RAMessages:RESATTR_ATTRIBUTE_FILTER' description='com.waveset.adapter.RAMessages:RESATTR_HELP_ATTRIBUTE_FILTER' multi='true' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='When reset, ignore past changes' displayName='com.waveset.adapter.RAMessages:RESATTR_RESET_TO_TODAY' description='com.waveset.adapter.RAMessages:RESATTR_HELP_LDAPAS_RESET_TO_TODAY' facets='activesync' value='1'>
</ResourceAttribute>
<ResourceAttribute name='Change Log Blocksize' displayName='com.waveset.adapter.RAMessages:RESATTR_BLOCKSIZE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_36' facets='activesync' value='100'>
</ResourceAttribute>
<ResourceAttribute name='Change Number Attribute Name' displayName='com.waveset.adapter.RAMessages:RESATTR_CHANGE_NUMBER_ATTRIBUTE_NAME' description='com.waveset.adapter.RAMessages:RESATTR_HELP_37' facets='activesync' value='changenumber'>
</ResourceAttribute>
<ResourceAttribute name='Filter Changes Made By' displayName='com.waveset.adapter.RAMessages:RESATTR_FILTER_CHANGES_BY' description='com.waveset.adapter.RAMessages:RESATTR_HELP_FILTER_CHANGES_BY' multi='true' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='Proxy Administrator' displayName='com.waveset.adapter.RAMessages:RESATTR_PROXY_ADMINISTRATOR' description='com.waveset.adapter.RAMessages:RESATTR_HELP_30' value='Configurator'>
</ResourceAttribute>
<ResourceAttribute name='Input Form' displayName='com.waveset.adapter.RAMessages:RESATTR_FORM' description='com.waveset.adapter.RAMessages:RESATTR_HELP_26'>
</ResourceAttribute>
<ResourceAttribute name='Pre-Poll Workflow' displayName='com.waveset.adapter.RAMessages:RESATTR_PREPOLL_WORKFLOW' description='com.waveset.adapter.RAMessages:RESATTR_PREPOLL_WORKFLOW_HELP'>
</ResourceAttribute>
<ResourceAttribute name='Post-Poll Workflow' displayName='com.waveset.adapter.RAMessages:RESATTR_POSTPOLL_WORKFLOW' description='com.waveset.adapter.RAMessages:RESATTR_POSTPOLL_WORKFLOW_HELP'>
</ResourceAttribute>
<ResourceAttribute name='Maximum Archives' displayName='com.waveset.adapter.RAMessages:RESATTR_MAX_ARCHIVES' description='com.waveset.adapter.RAMessages:RESATTR_HELP_MAX_ARCHIVES' value='3'>
</ResourceAttribute>
<ResourceAttribute name='Maximum Age Length' displayName='com.waveset.adapter.RAMessages:RESATTR_MAX_LOG_AGE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_MAX_LOG_AGE'>
</ResourceAttribute>
<ResourceAttribute name='Maximum Age Unit' displayName='com.waveset.adapter.RAMessages:RESATTR_MAX_LOG_AGE_UNIT' description='com.waveset.adapter.RAMessages:RESATTR_HELP_MAX_LOG_AGE_UNIT'>
</ResourceAttribute>
<ResourceAttribute name='Log Level' displayName='com.waveset.adapter.RAMessages:RESATTR_LOG_LEVEL' description='com.waveset.adapter.RAMessages:RESATTR_HELP_27' value='2'>
</ResourceAttribute>
<ResourceAttribute name='Log File Path' displayName='com.waveset.adapter.RAMessages:RESATTR_LOG_PATH' description='com.waveset.adapter.RAMessages:RESATTR_HELP_28'>
</ResourceAttribute>
<ResourceAttribute name='Maximum Log File Size' displayName='com.waveset.adapter.RAMessages:RESATTR_LOG_SIZE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_29'>
</ResourceAttribute>
<ResourceAttribute name='Scheduling Interval' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_INTERVAL' description='com.waveset.adapter.RAMessages:RESATTR_HELP_51'>
</ResourceAttribute>
<ResourceAttribute name='Poll Every' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_INTERVAL_COUNT' description='com.waveset.adapter.RAMessages:RESATTR_HELP_52'>
</ResourceAttribute>
<ResourceAttribute name='Polling Start Time' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_START_TIME' description='com.waveset.adapter.RAMessages:RESATTR_HELP_56'>
</ResourceAttribute>
<ResourceAttribute name='Polling Start Date' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_START_DATE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_54'>
</ResourceAttribute>
<ResourceAttribute name='useInputForm' displayName='com.waveset.adapter.RAMessages:RESATTR_USE_INPUT_FORM' type='boolean' description='com.waveset.adapter.RAMessages:RESATTR_USE_INPUT_FORM_HELP' facets='activesync' value='true'>
</ResourceAttribute>
<ResourceAttribute name='parameterizedInputForm' displayName='com.waveset.adapter.RAMessages:RESATTR_PARAMETERIZED_INPUT_FORM' description='com.waveset.adapter.RAMessages:RESATTR_PARAMETERIZED_INPUT_FORM_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='activeSyncPostProcessForm' displayName='com.waveset.adapter.RAMessages:RESATTR_SYNC_POST_PROCESS_FORM' description='com.waveset.adapter.RAMessages:RESATTR_SYNC_POST_PROCESS_FORM_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='activeSyncConfigMode' displayName='com.waveset.adapter.RAMessages:RESATTR_SYNC_CONFIG_MODE' description='com.waveset.adapter.RAMessages:RESATTR_SYNC_CONFIG_MODE_HELP' facets='activesync' value='basic'>
</ResourceAttribute>
<ResourceAttribute name='processRule' displayName='com.waveset.adapter.RAMessages:RESATTR_PROCESS_RULE' description='com.waveset.adapter.RAMessages:RESATTR_PROCESS_RULE_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='correlationRule' displayName='com.waveset.adapter.RAMessages:RESATTR_CORRELATION_RULE' description='com.waveset.adapter.RAMessages:RESATTR_CORRELATION_RULE_HELP' facets='activesync' value='CORRELATION_RULE_NONE'>
</ResourceAttribute>
<ResourceAttribute name='confirmationRule' displayName='com.waveset.adapter.RAMessages:RESATTR_CONFIRMATION_RULE' description='com.waveset.adapter.RAMessages:RESATTR_CONFIRMATION_RULE_HELP' facets='activesync' value='CONFIRMATION_RULE_NONE'>
</ResourceAttribute>
<ResourceAttribute name='deleteRule' displayName='com.waveset.adapter.RAMessages:RESATTR_DELETE_RULE' description='com.waveset.adapter.RAMessages:RESATTR_DELETE_RULE_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='createUnmatched' displayName='com.waveset.adapter.RAMessages:RESATTR_CREATE_UNMATCHED' description='com.waveset.adapter.RAMessages:RESATTR_CREATE_UNMATCHED_HELP' facets='activesync' value='true'>
</ResourceAttribute>
<ResourceAttribute name='resolveProcessRule' displayName='com.waveset.adapter.RAMessages:RESATTR_RESOLVE_PROCESS_RULE' description='com.waveset.adapter.RAMessages:RESATTR_RESOLVE_PROCESS_RULE_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='populateGlobal' displayName='com.waveset.adapter.RAMessages:RESATTR_POPULATE_GLOBAL' description='com.waveset.adapter.RAMessages:RESATTR_POPULATE_GLOBAL_HELP' facets='activesync' value='false'>
</ResourceAttribute>
</ResourceAttributes>
<AccountAttributeTypes nextId='15'>
<AccountAttributeType id='2' name='accountId' syntax='string' mapName='cn' mapType='string' required='true'>
<AttributeDefinitionRef>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:accountId' name='accountId'/>
</AttributeDefinitionRef>
</AccountAttributeType>
<AccountAttributeType id='3' name='password' syntax='encrypted' mapName='userPassword' mapType='string'>
<AttributeDefinitionRef>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:password' name='password'/>
</AttributeDefinitionRef>
</AccountAttributeType>
<AccountAttributeType id='4' name='firstname' syntax='string' mapName='givenname' mapType='string'>
<AttributeDefinitionRef>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:firstname' name='firstname'/>
</AttributeDefinitionRef>
</AccountAttributeType>
<AccountAttributeType id='5' name='lastname' syntax='string' mapName='sn' mapType='string' required='true'>
<AttributeDefinitionRef>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:lastname' name='lastname'/>
</AttributeDefinitionRef>
</AccountAttributeType>
<AccountAttributeType id='8' name='loginDisabled' syntax='string' mapName='loginDisabled' mapType='string'>
</AccountAttributeType>
<AccountAttributeType id='9' name='fullname' syntax='string' mapName='fullname' mapType='string'>
</AccountAttributeType>
<AccountAttributeType id='10' name='email' syntax='string' mapName='mail' mapType='string'>
</AccountAttributeType>
<AccountAttributeType id='11' name='ssn' syntax='string' mapName='workforceId' mapType='string'>
</AccountAttributeType>
<AccountAttributeType id='12' name='description' syntax='string' mapName='description' mapType='string'>
</AccountAttributeType>
</AccountAttributeTypes>
<Template>
<text>cn=</text>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:accountId' name='accountId'/>
<text>,ou=06,ou=STUDENT,ou=ANV,o=mdh</text>
</Template>
<Retries max='0' delay='10' emailThreshold='5'/>
<ObjectTypes>
<ObjectType name='Group' nameKey='UI_RESOURCE_OBJECT_TYPE_GROUP' icon='group'>
<ObjectClasses primary='groupOfUniqueNames' operator='OR'>
<ObjectClass name='groupOfNames'/>
<ObjectClass name='groupOfUniqueNames'/>
</ObjectClasses>
<ObjectFeatures>
<ObjectFeature name='create'/>
<ObjectFeature name='update'/>
<ObjectFeature name='delete'/>
<ObjectFeature name='rename'/>
<ObjectFeature name='saveas'/>
</ObjectFeatures>
<ObjectAttributes idAttr='dn' displayNameAttr='cn' descriptionAttr='description' objectClassAttr='objectclass'>
<ObjectAttribute name='cn' type='string'/>
<ObjectAttribute name='description' type='string'/>
<ObjectAttribute name='owner' type='distinguishedname' namingAttr='cn'/>
<ObjectAttribute name='uniqueMember' type='distinguishedname' namingAttr='cn'/>
</ObjectAttributes>
</ObjectType>
<ObjectType name='Domain' nameKey='UI_RESOURCE_OBJECT_TYPE_DOMAIN' icon='folder' container='true'>
<ObjectClasses operator='AND'>
<ObjectClass name='domain'/>
</ObjectClasses>
<ObjectFeatures>
<ObjectFeature name='find'/>
</ObjectFeatures>
<ObjectAttributes idAttr='distinguishedName' displayNameAttr='dc' objectClassAttr='objectclass'>
<ObjectAttribute name='dc' type='string'/>
</ObjectAttributes>
</ObjectType>
<ObjectType name='Organization' nameKey='UI_RESOURCE_OBJECT_TYPE_ORGANIZATION' icon='folder_with_org' container='true'>
<ObjectClasses operator='AND'>
<ObjectClass name='organization'/>
</ObjectClasses>
<ObjectFeatures>
<ObjectFeature name='create'/>
<ObjectFeature name='delete'/>
<ObjectFeature name='rename'/>
<ObjectFeature name='saveas'/>
<ObjectFeature name='find'/>
</ObjectFeatures>
<ObjectAttributes idAttr='dn' displayNameAttr='o' objectClassAttr='objectclass'>
<ObjectAttribute name='o' type='string'/>
</ObjectAttributes>
</ObjectType>
<ObjectType name='Organizational Unit' nameKey='UI_RESOURCE_OBJECT_TYPE_ORGANIZATIONALUNIT' icon='folder_with_orgunit' container='true'>
<ObjectClasses operator='AND'>
<ObjectClass name='organizationalUnit'/>
</ObjectClasses>
<ObjectFeatures>
<ObjectFeature name='create'/>
<ObjectFeature name='delete'/>
<ObjectFeature name='rename'/>
<ObjectFeature name='saveas'/>
<ObjectFeature name='find'/>
</ObjectFeatures>
<ObjectAttributes idAttr='dn' displayNameAttr='ou' objectClassAttr='objectclass'>
<ObjectAttribute name='ou' type='string'/>
</ObjectAttributes>
</ObjectType>
</ObjectTypes>
<LoginConfigEntry name='com.waveset.security.authn.WSResourceLoginModule' type='LDAP' displayName='com.waveset.adapter.RAMessages:RES_LOGIN_MOD_LDAP'>
<AuthnProperties>
<AuthnProperty name='ldap_uid' displayName='com.waveset.adapter.RAMessages:UI_USERID_LABEL' isId='true' formFieldType='text' dataSource='user'/>
<AuthnProperty name='ldap_password' displayName='com.waveset.adapter.RAMessages:UI_PWD_LABEL' formFieldType='password' dataSource='user'/>
</AuthnProperties>
<SupportedApplications>
<SupportedApplication name='Administrator Interface'/>
<SupportedApplication name='User Interface'/>
</SupportedApplications>
</LoginConfigEntry>
<ResourceUserForm>
<ObjectRef type='UserForm' id='#ID#LDAP User Form'/>
</ResourceUserForm>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</resource>few questions....are you getting any errors on the ldap side? object class errors perhaps?
what app server are you using and what version of java?
--Dana Reed -
In Query of Query, can't use LEFT() function?
Hi All,
I've got an LDAP query that I use for our employee directory. I then do a Query of Queries and do LEFT(SN,1) to separate out by first character of last name [A,B,C,D,E...] etc.
I had this working just fine in Railo CFM, but now I'm using Adobe CF and can't get that to work. I'm on CF9 Standard.
I've read the Query of Queries guide, but didn't find anything helpful there. Even when I do
'#LEFT(SN,1)#' as FirstCharacterOfLastName in my query, what I get is the value for the last row, not the value of each row as it's looping through the recordset.
Am I missing something? Any way to get that to work? Is that addressed in CF10?
thx.BenYou need to understand two things:
1) any CFML in your SQL string within a <cfquery> tag pair is processed by CF before the SQL string is passed to the DB driver. So your #left()# expression won't be processed "per row", because it's processed before the DB engine does any "per row" operations.
2) QoQ's SQL support is tragically minimalist. This lists all the functions it supports:
http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec0e4fd -7ff0.html#WSc3ff6d0ea77859461172e0811cbec0e4fd-7fcc
With the addition of two string functions: UPPER() and LOWER(). Oh, and CAST() (if that can be seen as a function).
That's it. That page in the docs describes all the functionality QoQ has. There's nothing missing 9as far as I know). That's it. There's not much to it.
I've been lobbying Adobe for a number of years to pull finger and improve QoQ to the point that it's more than just a curio, but they don't seem interested.
As to why your code works on Railo? Railo does some weird things, and doesn't stick to the precedent Adobe dictates their language should follow. Depending on who you talk to, this is either a feature or a barrier to entry (I'm mostly ambivalent, but err towards the latter camp). But perhaps Railo's QoQ processor supports LEFT().
Basically... you're gonna have to approach this differently: loop over the query with <cfloop> (etc) and update it row by row. This is pretty much what QoQ is doing anyhow, so I don't think you'll see a performance degradation. Well: you won't... because you can't do what you want to do with QoQ at all, I guess ;-)
Adam -
Retrieve parameters from LDAP using authentication module
I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
If the forwarding is not possible what is the next best alternative ?OpenSSO forum is quite silent so I'm back with you guys.
I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
My LDAP looks like this:
# testuser, pollo.fi
dn: cn=testuser,dc=pollo,dc=fi
cn: testuser
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Test
sn: User
ou: People
uid: testuser
mail: [email protected]
And my datastore configuration:
LDAP server->localhost:389
LDAP bind DN->cn=admin,dc=pollo,dc=fi
LDAP organization DN->dc=pollo,dc=fi
Attribute name mapping->empty
LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
LDAP3 Plugin search scope->scope_sub
LDAP Users Search Attribute->uid
LDAP Users Search Filter->(objectclass=inetorgperson)
LDAP User Object Class->organizationalPerson
LDAP User Attributes->uid, userpassword
Create User Attribute Mapping->empty
Attribute Name of User Status->inetuserstatus
User Status Active Value->Active
User Status Inactive Value->inactive
LDAP Groups Search Attribute->cn
LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
LDAP Groups container Naming Attribute->ou
LDAP Groups Container Value->groups
LDAP Groups Object Class->top
LDAP Groups Attributes->cn,description,dn,objectclass
Attribute Name for Group Membership->empty
Attribute Name of Unqiue Member->uniqueMember
Attribute Name of Group Member URL->memberUrl
LDAP People Container Naming Attribute->ou
LDAP People Container Value->people
LDAP Agents Search Attribute->uid
LDAP Agents Container Naming Attribute->ou
LDAP Agents Container Value->agents
LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
LDAP Agents Object Class->sunIdentityServerDevice,top
LDAP Agents Attributes->empty
Identity Types That Can Be Authenticated->Agent,User
Authentication Naming Attribute->uid
Persistent Search Base DN->dc=pollo,dc=fi
Persistent Search Filter->(objectclass=*)
Persistent Search Maximum Idle Time Before Restart->0
Should I enable some setting still to get the forwarding going on? Any ideas for debugging? -
Get A nonfatal JIT error querying a ldap server
I wrote a java program to query a ldap server based on last name. Basically my code does a search for any entry with sn equal to the passed argument. It works fine when it returns a small set of records, but when I try to query sn = * or even sn = l* (which should return a few hundred people) the code bombs with the following:
A nonfatal internal JIT (3.10.107(x)) error 'chgTarg: Conditional' has occured in :
'com/sun/jndi/ldap/Connection.readReadOnly (Lcom/sun/jndi/ldap/LdapRequest;)Lcom/sun/jndi/ldap/BerDecoder;': Interpreting method.
Please report this error in detail to http://java.sun.com/cgi-bin/bugreport.cgi
The above come out of stderr. Stadnard output will have 'current thread not owner' after the above error message.
I doubt I am the only person who is doing something like this. If anyone knows what is happening with the above message, please give me a hint.
thanks a bunch.Not knowing what the underlying problem is, I decided to use the Netscape directory SDK instead of the jndi solution with Sun's ldap service provider. I was able to retrieve 2000 entries and it is actually a lot faster than the jndi method.
I hope this helps others who are trying to connect to a ldap server. -
What query should I use to find all versions of Office 2013 64-bit installed on client computers? Could someone create a custom query? I need all of the client computers names and which ones have any Office 64-bit components. Thank you so much! I really
appreciate it!Hi,
You could edit the following query to meet your requirement.
SELECT dbo.v_R_System.Name0, dbo.v_GS_OPERATING_SYSTEM.Caption0 AS [Operating System],
dbo.v_GS_OPERATING_SYSTEM.CSDVersion0 AS [OS Service Pack], arp.DisplayName0,
CASE WHEN arp.version0 LIKE '11.0.6361.0' THEN 'SP1' WHEN arp.version0 LIKE '11.0.7969.0' THEN 'SP2' WHEN arp.version0 LIKE '11.0.8173.0'
THEN 'SP3' WHEN
arp.version0 LIKE '12.0.6215.1000' THEN 'SP1' WHEN arp.version0 LIKE '12.0.6425.1000' THEN 'SP2' WHEN arp.version0 LIKE '14.0.6029.1000'
THEN 'SP1' ELSE '' END
AS 'Service Pack', arp.Version0
FROM dbo.v_Add_Remove_Programs AS arp INNER JOIN
dbo.v_R_System ON arp.ResourceID = dbo.v_R_System.ResourceID INNER JOIN
dbo.v_RA_System_SMSInstalledSites AS ASSG ON dbo.v_R_System.ResourceID = ASSG.ResourceID INNER JOIN
dbo.v_GS_OPERATING_SYSTEM ON dbo.v_R_System.ResourceID = dbo.v_GS_OPERATING_SYSTEM.ResourceID
WHERE (arp.DisplayName0 LIKE '%Microsoft Office%edition%' OR
arp.DisplayName0 LIKE '%Microsoft Office Standard 2007%' OR
arp.DisplayName0 LIKE '%Microsoft Office Enterprise 2007%' OR
arp.DisplayName0 LIKE '%Microsoft Office Professional%2007%' OR
arp.DisplayName0 LIKE '%Microsoft Office Standard 2010%' OR
arp.DisplayName0 LIKE '%Microsoft Office Enterprise 2010%' OR
arp.DisplayName0 LIKE '%Microsoft Office Professional%2010%' OR
arp.DisplayName0 LIKE 'Microsoft Office 2000%' OR
arp.DisplayName0 LIKE 'Microsoft Office XP%') AND (arp.DisplayName0 NOT LIKE '%update%') AND
(arp.DisplayName0 NOT LIKE '%Microsoft Office XP Web Components') AND (dbo.v_R_System.Operating_System_Name_and0 NOT LIKE '%server%')
AND
(arp.InstallDate0 NOT LIKE 'NULL')
ORDER BY dbo.v_R_System.Name0, arp.DisplayName0, arp.Version0
Full details:http://social.technet.microsoft.com/Forums/systemcenter/en-US/7baeb348-fb63-4115-8d76-2c884d18f708/sql-query-to-check-ms-office-service-pack-level?forum=configmgrreporting
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Creating a new group in LDAP using JLDAP
Can anybody tell me how to creat a new group in LDAP using JLDAP
Hi,
Have a look at the following link. It will surely help you.
<a href="http://help.sap.com/saphelp_crm50/helpdata/en/20/a4ffee7e0fcc4ebb7e5466d3903d38/frameset.htm">http://help.sap.com/saphelp_crm50/helpdata/en/20/a4ffee7e0fcc4ebb7e5466d3903d38/frameset.htm</a>
<b>Please reward points if it helps.</b>
Regards,
Amit Mishra -
Hi,
I want to pass multiple query string values using the same parameter in Query String (URL) Filter Web Part like mentioned below:
http://server/pages/Default.aspx?Title=Arup&Title=Ratan
But it always return those items whose "Title" value is "Arup". It is not returned any items whose "Title" is "Ratan".
I have followed the
http://office.microsoft.com/en-us/sharepointserver/HA102509991033.aspx#1
Please suggest me.
Thanks | Arup
THanks! Arup R(MCTS)
SucCeSS DoEs NOT MatTer.Hi DH, sorry for not being clear.
It works when I create the connection from that web part that you want to be connected with the Query String Filter Web part. So let's say you created a web part page. Then you could connect a parameterized Excel Workbook to an Excel Web Access Web Part
(or a Performance Point Dashboard etc.) and you insert it into your page and add
a Query String Filter Web Part . Then you can connect them by editing the Query String Filter Web Part but also by editing the Excel Web Access Web Part. And only when I created from the latter it worked
with multiple values for one parameter. If you have any more questions let me know. See you, Ingo -
Can we use Result from another query in Webi using Bex uery universe?
Hi,
Can we use Result from another query filter option in Webi to create a report using a Bex Query universe?
I need to create a report using two universes, one is Bex Query Universe and the other is Orcle universe. I have two queries, one is using Oracle universe; the other using Bex Query universe. I need to pass the Oracle data from the Oracle query to the Bex Query query to get the matched data from SAP Bex query.
I used Result from another query in the query filter panel for the query using Bex query universe. But I got an error saying that 'A filter contains a wrong value. you cannot run this query. (Error: WIS 00007). The data used in the filter on both sides are the same. they are char.
I have tested by using two queries from the same Bex query universe to see if the Result from another query filter option works. And I got the same error.
Has anyone run into the same issue and if this is possible and what should be the solution?
Thanks in advance!
Edited by: BO_Haiyan on Oct 6, 2010 3:47 PMIn that situation:
Create two queries : Oracle and BW query.
@ Report:
As you have to see result set from both the Dataproviders, correct? To achieve thise one must have common dimension objects to merge them at report and use Objects those are coming from both queries to use them in single Table/Report.
Unless you don't use Merge Dimensions, you don't get a chane to use both queries objects in single Table/Report. (It will give tooltip saying: You can't drop here -- Incompatable Objects)
In case, if you don't have common dimensions, change object definitions to Detail objects, for those required.
Hope it helps you.
Thank You!! -
How to get the naming attribute of an LDAP using JNDI.?
Hi,
How do we fetch the naming attribute of a LDAP using JNDI. Is this possible using JNDI..?
By default, every LDAP has been set with a naming attribute such as 'uid' or 'cn'. This could be changed according to business needs.
How to determine this using JNDI.
Regards,
BaraniAre you trying to call the portlet Customization form directly from the browser?
-
Issue While executing the Query for Pagination using ROWNUM with like
Issue While executing the Query for Pagination using ROWNUM with like.
Database is Oracle11G.
Oracle Database Table contains 8-9 lakh records
1) SQL equal (=)
SELECT /*+ FIRST_ROWS(n) */ ROWNUM RNUM, A.* FROM LINE A
WHERE A.REFERENCE = 'KMF22600920'
Execution Time:- 0.00869245 seconds
Returns 2 resultsets
2) SQL like (one %)
SELECT /*+ FIRST_ROWS(n) */ ROWNUM RNUM, A.* FROM LINE A
WHERE A.REFERENCE = 'KMF22600920%'
Execution Time:- 0.01094301 seconds
Returns 2 resultsets
3) SQL like (two%)
SELECT /*+ FIRST_ROWS(n) */ ROWNUM RNUM, A.* FROM LINE A
WHERE A.REFERENCE like '%KMF22600920%'
Execution Time:- 6.43989658 seconds
Returns 2 resultsets
In Pagination, we are using Modified version of SQL Query 3) with ROWNUM as mentioned below :-
4) SELECT * FROM (
SELECT /*+ FIRST_ROWS(n) */ ROWNUM RNUM, A.* FROM LINE A
WHERE REFERENCE like '%KMF22600920%' AND ROWNUM <= 20 ) WHERE RNUM > 0
Execution Time:- Infinite
ResultSets:- No as execution time is infinite
a) Instead of like if we use = in the above query it is returning the 2 resultsets (execution time 0.02699282 seconds)
b) Instead of two % in the above query, if use one example REFERENCE like 'KMF22600920%' it is returning the 2 resultsets (execution time 0.03313019 seconds)
Issue:- When using two % in like in the above query i.e. REFERENCE like '%KMF22600920%' AND ROWNUM <= 20 ) , it is going to infinite.
Could you please let us know what is the issue with two % used in like and rownum
5) Modified version of Option1 query (move out the RNUM condition AND RNUM <= 20)
SELECT * FROM (
SELECT /*+ FIRST_ROWS(n) */ ROWNUM RNUM, A.* FROM LINE A
WHERE REFERENCE like '%KMF22600920%' ) WHERE RNUM > 0 AND RNUM <= 20
Execution Time:- 7.41368914 seconds
Returns 2 resultsets
Is the above query is best optimized query which should be used for the Pagination or still can improve on this ?This would be easier to diagnose if there was an explain plan posted for the 'good' and 'bad' queries. Generally speaking using '%' on both sides precludes the use of any indexes.
-
Please suggest a select query / sub query with out using any subprograms or
source table: Three columns ORIGIN, DESTINATION,MILES
Origin Destination Miles
Sydney Melbourne 1000
Perth Adelaide 3000
Canberra Melbounre 700
Melbourne Sydney 1000
Brisbane Sydney 1000
Perth Darwin 4000
Sydney Brisbane 1000
out put :Three columns ORIGIN, DESTINATION,MILES
Duplicate routes are to be ignored so the output is
Origin Destination Miles
Sydney Melbourne 1000
Perth Adelaide 3000
Canberra Melbounre 700
Brisbane Sydney 1000
Perth Darwin 4000
Please suggest a select query / sub query with out using any subprograms or functions/pkgs to get the out put table.Hi,
user9368047 wrote:
... Please suggest a select query / sub query with out using any subprograms or functions/pkgs to get the out put table.Why? If the most efficient way to get the results you want involves using a function, why wouldn't you use it?
Here's one way, without any functions:
SELECT a.*
FROM source_table a
LEFT OUTER JOIN source_table b ON a.origin = b.destination
AND a.destination = b.origin
AND a.miles = b.miles
WHERE b.origin > a.origin -- Not b.origin > b.origin
OR b.origin IS NULL
;If you'd care to post CREATE TABLE and INSERT statements for your sample data, then I could test this.
Edited by: Frank Kulash on Nov 6, 2012 7:39 PM
Corrected WHERE clause after MLVrown (below) -
Query a table using Multi Select Item
Hi everyone!
I got a page where I have this multiselect item, and I want to query a table using its values.
For example: The Multiselect item has this values: 1,2,3,4,5,6,7,8,9 and 10
And I want to query every person who has ID_CLASS 1,4,7 and 9 by selecting those IDs from the list, and when I click que Consult button the Report displays those persons.
Whowever I can't accomplish this, I was trying to find a post about this without success.
Can anybody help me with this?
Thanks!!Hi,
This is my problem, I select 2 or more options in the multiple select item, then after I click the "Consult" buttom it submits the page, however only 1 option is highlighted. For example I choose the first two options, then I click Consult and the page is submitted. After that only one of the 2 options are selected, but I need to get the 2 options highlighted as selected items.
If I clear cache I think I'll lost everything. (selected items)
Thanks again! -
Restrict Query Resultset which uses Analytic Function
Gents,
Problem Definition: Using Analytic Function, get Total sales for the Product P1
and Customer C1 [Total sales for the customer itself] in one line.
I want to restrict the ResultSet of the query to Product P1,
please look at the data below, queries and problems..
Data
Customer Product Qtr Sales
C1 P1 19991 100.00
C1 P1 19992 125.00
C1 P1 19993 175.00
C1 P1 19994 300.00
C1 P2 19991 100.00
C1 P2 19992 125.00
C1 P2 19993 175.00
C1 P2 19994 300.00
C2 P1 19991 100.00
C2 P1 19992 125.00
C2 P1 19993 175.00
C2 P1 19994 300.00
Problem, I want to display....
Customer Product ProdSales CustSales
C1 P1 700 1400
But Without using outer query, i.e. please look below for the query that
returns this reult with two select, I want this result in one query only..
Select * From ----*** want to avoid this... ***----
(Select Customer,Product,
Sum(Sales) ProdSales,
Sum(Sum(Sales)) Over(Partition By Customer) CustSales
From t1
Where customer='C1')
Where
Product='P1' ;
Also, I want to avoid Hard coding of P1 in the select clause....
I mean, I can do it in one shot/select, but look at the query below, it uses
P1 in the select clause, which is No No!! P1 is allowed only in Where or Having ..
Select Customer,Decode(Product, 'P1','P1','P1') Product,
Decode(Product,'P1',Sales,0) ProdSales,
Sum(Sum(Sales)) Over (Partition By Customer ) CustSales
From t1
Where customer='C1' ;
This will get me what I want, but as I said earlier, I want to avoid using P1 in the
Select clause..
Goal is to Avoid using
1-> Two Select/Outer Query/In Line Views
2-> Product 'P1' in the Select clause...
Thanks
-Dhaval RasaniaI don't understand goal number 1 of not using an inline view.
What is the harm? -
What query can we use ...for over 30 days
select PROPERTY,RELAVANTDATE ,
sum(NOTICES) over (
partition by property
order by RELAVANTDATE
range between interval '30' day preceding and current row
) "SUM"
from Test_Data
what query can we use ...for over 30 days
can i use following or precedingSCOTT@soti_9> WITH Test_Data AS (
2 select 10100 as property, to_date('25-JAN-07') as RelavantDate, 20 as notices from dual union all
3 select 10100 as property, to_date('25-DEC-07') as RelavantDate, 5 as notices from dual union all
4 select 10100 as property, to_date('02-JAN-08') as RelavantDate, 10 as notices from dual union all
5 select 10100 as property, to_date('01-DEC-08') as RelavantDate, 10 as notices from dual union all
6 select 10100 as property, to_date('02-DEC-08') as RelavantDate, 20 as notices from dual union all
7 select 10100 as property, to_date('31-DEC-08') as RelavantDate, 20 as notices from dual union all
8 select 10100 as property, to_date('03-JAN-09') as RelavantDate, 30 as notices from dual union all
9 select 10100 as property, to_date('25-JAN-09') as RelavantDate, 20 as notices from dual
10 )
11 select PROPERTY,RELAVANTDATE ,
12 sum(NOTICES) over (
13 partition by property
14 order by RELAVANTDATE
15 range between current row and interval '30' day following
16 ) "SUM"
17 from Test_Data
18 ;
PROPERTY RELAVANTD SUM
10100 25-jan-07 20
10100 25-dec-07 15
10100 02-jan-08 10
10100 01-dec-08 50
10100 02-dec-08 40
10100 31-dec-08 70
10100 03-jan-09 50
10100 25-jan-09 20
8 rows selected.Regards,
Dima
Maybe you are looking for
-
Remote app on computer-to-computer network
Hello there. I have some problems with the Remote app. It works fine when I'm at home (both MacBook and iPod connected to same wireless network via router). But, when I'm not at home and want to use the Remote app, I create a computer-to-computer wir
-
Help with setting a MDX goal expression in SSAS
Our data is updated monthly and the last date of available data can be anywhere from 45-75 days behind. For example, data is current through 6/30/2014 as of 8/25/2014. I have a Time dimension hierarchy named [Calendar] with [Year]>[Half Year]>[Quart
-
My iPhone 4 screen went all white and is now flashing what wrong
What's wrong with my phone?!
-
Menubar submenu display problems
I have created a menubar using graphic elements as the submenu triggers, and I was able to go in and make modifications to the css and js files so that everything was being properly positioned in FF and IE6. When I checked in IE7, however, the submen
-
Oracle 9i 9.2 j_servPort error message installation error message on XP
I get an error saying, " a non value for j_servPort" It list the folder Apache\ports.ini to where it can't create. I am installing the 'Transaction Processing' Database Configuration Environment Thanks, Jay