2 LDAP source to 1 EP

Similar Messages

• Importing users from LDAP source

  Importing users from LDAP source, "first name"/"last name" are not imported.
  Is there a way to get those from LDAP source?

  Not currently. This is something we expect in a release late this year/early next as we introduce additional LDAP support enhancements.
  Jason
  >>> ZGajsak<[email protected]> 8/29/2012 3:16 PM >>>
  Importing users from LDAP source, "first name"/"last name" are not
  imported.
  Is there a way to get those from LDAP source?
  ZGajsak
  ZGajsak's Profile: http://forums.novell.com/member.php?userid=14389
  View this thread: http://forums.novell.com/showthread.php?t=459442

• Effect on VIBE users when AD OU in LDAP source modified

  Hi,
  I need to rename some OU's in my Active Directory. I will ofcourse modify the LDAP source entry in the VIBE config area to reflect the new...

  Hi,
  we got a problem in Vibe 4:
  In a working area are some unread messages. If you click on these (in example 38 unread), a box appears with no...

• Link ECC roles to Portal roles (Portal is using LDAP source for UME)

  Hi all,
  If a user is assigned a certain ECC ABAP role, they should also receive a related portal role.  Our portal is using LDAP.
  If our portal ume source was an ABAP system, I think it would be easy to achieve the ECC to ABAP role linkage.
  We were thinking of developing a UME java webservice and have an ABAP proxy class consume it to allow our abap system to assign the correct portal role, and delete the portal role.
  Any other ideas?

  Rajendra,
  Thx for your reply.  Can you provide any more details as to the design of your solution with the web service?  We are thinking of running a batch job nightly with a some mapping table in ECC to determine what ABAP role should link to the portal group then call the webservice to add the user to the portal group or delete the user from the portal group. 
  A second question is...does SAP Identity Manager offer any solution for this type of requirement?
  Thanks

• LDAP Source Query IP (Cisco ISR G2 WebSecurity)

  Hi Cisco folks,
  Goal:
  I would like to implement Cisco ISR Connector with ScanSafe for the company.
  I have followed the ISR Solution Guide carefully (found here:
  http://www.cisco.com/en/US/docs/security/web_security/ISR_SS/ISR_ScanSafe_SolutionGuide.pdf)
  So far I have managed to get a basic configuration working.
  Problem:
  This configuration consists of the basic Web Security features and a VPN to our internal network.
  I would now like to implement authentication on the device with LDAP.
  As far as I can tell the configuration is correct. (I followed the solution guide precisely)
  The authentication though doesn't work.
  Here an output from the debug:
  *Feb 22 13:07:35.034: LDAP: LDAP: Queuing AAA request 52 for processing
  *Feb 22 13:07:35.034: LDAP: Received queue event, new AAA request
  *Feb 22 13:07:35.034: LDAP: LDAP authentication request
  *Feb 22 13:07:35.034: LDAP: Username sanity check failed
  *Feb 22 13:07:35.034: LDAP: Invalid hash index 512, nothing to remove
  *Feb 22 13:07:35.038: LDAP: New LDAP request
  *Feb 22 13:07:35.038: LDAP: Attempting first  next available LDAP server
  *Feb 22 13:07:35.038: LDAP: Got next LDAP server :scansafe-ldap-server
  *Feb 22 13:07:35.038: LDAP: Free connection not available. Open a new one.
  *Feb 22 13:07:35.038: LDAP: Opening ldap connection ( Internal IP of DC, 636 )ldap_open
  ldap_init libldap 4.5 18-FEB-2000
  open_ldap_connection
  ldap_connect_to_host: Internal IP of DC
  :636
  *Feb 22 13:07:35.038: LDAP: socket 5 - connecting to Internal IP of DC (636)
  *Feb 22 13:07:35.038: LDAP: socket 5 - connection in progress
  *Feb 22 13:07:35.038: LDAP: Connection on socket 5
  *Feb 22 13:07:35.038: LDAP: Connection to LDAP server (scansafe-ldap-server, Internal IP of DC) attempted
  *Feb 22 13:07:35.038: LDAP: Connection state: DOWN => CONNECTING
  *Feb 22 13:07:35.038: LDAP: LDAP request saved. Will be served after Root Bind is done.
  *Feb 22 13:07:35.038: LDAP: LDAP request successfully processed
  *Feb 22 13:08:05.038: LDAP: Received socket event
  *Feb 22 13:08:05.038: LDAP: Process socket event for socket = 5
  *Feb 22 13:08:05.038: LDAP: Server is not valid and non-TLS
  *Feb 22 13:08:05.038: LDAP: Socket read event socket=5
  *Feb 22 13:08:05.038: LDAP: Found socket ctx
  *Feb 22 13:08:05.038: LDAP: ldap tcp transport closing on socket 5
  *Feb 22 13:08:05.038: LDAP: Transport DOWN notification for scansafe-ldap-server/5
  *Feb 22 13:08:05.038: LDAP: Clearing all ldap transactions
  *Feb 22 13:08:05.038: LDAP: Triggering server failover for transit requet
  *Feb 22 13:08:05.038: LDAP: Connection state: CONNECTING => DOWNldap_unbind
  ldap_free_connection lc=0x8C5C14D4
  ldap_free_connection: actually freed
  As you can see the router can't contact our DC.
  Now I did some sniffing and noticed that the router sends the LDAP query with the source address of the external interface (Public IP).
  This results, that the queries are sent out into the internet with an internal destination IP. --> hence can't connect.
  Question:
  Now to my actual question.. How can I force the ISR to originate the LDAP queries from our internal interface ... which would then enter the VPN and connect to the DC?
  Thanks in advance, and if you need any additional information, please don't hesitate to ask
  Kind regards
  - Sam

  I recently went through this exact issue with Cisco TAC. The answers are quite unpleasant, but Cisco feels the LDAP protocol doesn't need a source-interface command because an LDAP server doesn't need a specific source IP. The "workaround" is to include your egress interface IP in the VPN tunnel so it will get encapsulated and be able to reach the LDAP server over the VPN. There is another even less desirable workaround to use a Virtual Tunnel Interface, but it is not practical for companies with more than 1 remote site or using the headend VPN concentrator for internet routing because of the requirement of the tunnel being ip any any.

• SAP Abap system as LDAP source/server?

  Hello,
  is it possible to configure a SAP Abap system as LDAP server so that I can read out the user information via LDAP?
  We have a SSL-Gateway that needs to preauthenticate external users and we don't want to manage those users in two different systems.

  Marc,
  Are you thinking about Central User Administration (CUA). Then it is possible by LDAP.
  Hope this helps.
  Manoj

• Multiple LDAP Sources for Portal

  Per the HELP docs and other forum suggestions, I uploaded a new XML file and called it multildap_datasource.xml
  After uploading, it does NOT appear in the drop-down list of files to pick? Am I missing something here?

  Hi,
  Check if you get any error message.
  also check in the configuration adapter to see if the file uploaded.

• E-Sourcing and LDAP Sellside

  Hello experts, I have a question about using LDAP on the sellside of e-sourcing. Is there anyone that is using Microsoft Active directory as their sellside LDAP source? If so I'm guessing you created a separate domain for this LDAP? What do you do about licensing on the AD side? Do you have to pay for every sellside account created on the Microsoft LDAP directory or is there some special license available from Microsoft for this?
  Thanks in advance for any responses to these questions.
  Dave Wood

  Dave,
  We're using Microsoft Active Directory for internal users but Sun Directory Server for external users.  So, I'm sorry that I can't help you with your question regarding external accounts.
  Best Regards, Scott

• XML Publisher 5.6.2 with LDAP integration

  Hi,
  I have XMLP 5.6.2 installed on a tomcat instance.
  I wish to integrate the same with a LDAP source - Sun Iplanet directory server.
  For the user docs that I read, it is for Oracle LDAP and it is different for Iplanet.
  Is XMLP not supported for Iplanet directory server?

  Just to add some more context here:
  Using the SUN One console, I created all the roles mentioned (XMLP_ADMIN, XMLP_DEVELOPER...etc) in the user doc, and added users from the directory server to these roles.
  Then, I modified the xmlp-config file like:
  <property name="LDAP_PROVIDER_URL" value="ldap://millvalley:2389/"/>-->
  <property name="LDAP_PROVIDER_ADMIN_USERNAME" value="cn=Directory Manager"/>
  <property name="LDAP_PROVIDER_ADMIN_PASSWORD" value="oracle"/>
  <property name="LDAP_PROVIDER_USER_DN" value="cn=Rohit Valiveti, ou=Sales, ou=Dealer1k1, ou=Latin America, ou=Ford, o=company,c=us"/>
  The DS is working, I can connect via any LDAP client.
  I also restarted the tomcat and the Iplanet Directory Server.
  But now i am unable to login at all. The catalina.out file says:
  javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]

• How can portal use two different LDAP Server in UME

  Hi,
  My question is Can UME in portal be configured for multiple LDAP sources.Currently i have a setting in portal
  as follows:
  Server Name : Abcd
  port : 1234
  user : CN=" ",Ou=" ",Ou=" ",Dc=AD,Dc=my company,Dc=com
  password :
  user path : DC=AD,Dc=My company,Dc=Com
  group Path : same as user path
  I want to configure one more LDAP server to my portal UME,how can give values for that in above sttings.I even want these current settings to be enabled.
  Do anyone have idea on this.
  Thanks and Regards
  Rani A

  Hi again ,
  I know it can be done. But how urgent is this for you.
  I can get back to you in couple of days, me lil busy today.
  cheers,
  Anu...

• LDAP against BEA identity

  This may sound...odd...but I swear there's a legit business reason. :)
  Situation:
  ==========
  * I have ~5 auth sources
  - BEA DB ("native" users)
  - ~4 separate LDAP sources
  * Read: no central user store
  - auth sources are confusing to users
  - very difficult to resolve integration with external services as portal is never truly able to integrate with 3rd part apps that assume we use a central AD/LDAP user store
  * I want to provide a way to solve the second bit of that problem, but ... realistically... I won't be able to fix it the right way by getting a central store set up.
  - central store not possible given our IT and business constraints
  - setting up my own store creates other issues
  My dumb idea
  ===============
  I'm wondering. Has anyone ever considered authing against the portal natively over LDAP? Process might work like...
  1) Portal replicates users from multiple sources, etc. (it knows where to phone home for synch/auth per user)
  2) Configure a web service that mimics LDAP interfaces such that systems can synch and auth against the portal
  - does a search against user name (in theory, finds user - realize you could get duplicate matches)
  - knows the "true" auth source for that user (database, ldap, ad, whatever)
  - passes on provided credentials to "true" auth source
  This may sound stupid, but my thought is that if the portal can become the central point of aggregation for apps, profile data, etc. and is being pushed as a nice bridge between all these places, why not set it up to also be the bridge for the "federated" identity management problems that prohibit us from integrating 3rd party apps that rely on a central LDAP/AD store shared by those apps and the portal. Basically, the portal becomes the user store "glue."
  Yeah - it would be slow. Not as worried about that atm :)
  Just kinda seeing if I'm the only one facing this problem and if there are other options

  Hi Eric,
  I understand where you're coming from. You don't necessarily control the "guts" of the authentication and authorization code for the third-party application and it is expecting a single central user repository like LDAP or AD. You want Plumtree to be that repository (which would allow you to use any number of LDAPs or ADs AND native Plumtree DB users as well) by sync'ing with all the user repositories and then "brokering" authentication to the correct repository based on which repository was used to sync the given user.
  Here's a 10,000-foot view of how I would build this.
  You'll need the following ingredients:
  1) One or more LDAP and/or AD auth sources
  2) A custom SSO or Login solution
  3) A portlet "container" that gets credentials, calls the authenticator web service, and then redirects to the portlet application
  3) An authenticator web service running on a machine that has access to the server APIs (plumtreeserver.dll)
  First, bring all your users and groups in using the LDAP and AD auth sources. Create the necessary Plumtree DB users as well.
  Next, build a custom SSO or customized Login solution that will (ideally, log the user in automatically) capture their username, password and auth source id and send these values to portlets. That's accomplished very easily in custom SSO by putting the headers or cookies into an array, which instructs the portal to forward them to the portlets. However, if you customize login, you can set these settings as personal settings in Login or in one of the Login PEIs and then configure them to be sent to the portlets as User Settings. If you don't know how to do this, let me know and I'll walk you through it.
  Next, configure a portlet "container" of sorts. This "container" will call the EDK to get the username, password and auth source, call the authenticator web service* to re-authenticate the user, and then redirect the request to eRoom (or whatever application you're trying to integrate).
  *The authenticator web service will be the hardest peice of this puzzle to write. You'll need to use the auth source id sent down by the container to figure out which auth source to use, then crack open the auth source to get the settings out of the property bag, and then manually authenticate the user and return success or failure to the caller.
  Theorically, all this sounds great -- albeit a little complicated. If any of it doesn't make sense, let me know. I'm always up for a challenge, so if you want me to help you write some or all of this stuff, I'm game. (Read: will work for food and/or alcohol. :-)
  Regards,
  Chris Bucchere | bdg | [email protected] | www.bdg-online.com

• Embedded LDAP on Weblogic Server

  Hi Everyone
  i'm currently using the embedded LDAP available in Weblogic for Security for SOA 11g
  The users are getting updated on the system-jazn.xml file.But i dont know where the email information is getting stored. Does anyone know where it is stored.
  Is there way i would download the users,roles and user properties from the embedded LDAP.
  Regards
  Sabir

  Hi Sabir
  1. By default, as far as I know, from pure WLS point of view, we can create new users with just username and password like from WLS Admin Console.
  2. I am not much familiar with "The users are getting updated on the system-jazn.xml file". Is this like External Authentication Provider that you configured with WLS.
  3. For example, WLS can be configured with any External LDAP sources that has full User Profile and username and password etc. Then for say Weblogic Portal Applications, we have some procedure, to view the entire profile. Even for out of box Embedded LDAP in case of Weblogic Portal Appliations only we can View/Edit the full User Profile from something called Portal Admin Console. But this is all specific to Weblogic Portal Applications only.
  If you can give more details on this "system-jazn.xml" file, we can look into it. But when it comes to core WLS, all you can do, configure it with any External Security Provider from Weblogic Console. And additionally create your own custom Authentication Provider. Coming to Profile, I know for Weblogic Portal Applications deployed on this WLS + portal modules, we can View/Edit full Profile.
  HTH
  Ravi Jegga

• External LDAP - Configuring the External LDAP to the Weblogic Server 10.3.3

  I m new to LDAP concepts. Is there any documentation link to configure any of the External LDAP for WLS 10.3.3?
  Where can I download to install the Extarnal LDAP?
  Thanks

  To use Active Directory for quick testing with Weblogic, you can use either Suns Sun One Active Directory Server or OpenLDAP which is an open source LDAP. We use OpenLDAP on unix and configure this with WLS. All our users are in OpenLDAP. Try googling around like "OpenLDAP Download" or "Sun One Directory Server" etc. All these are LDAP sources with very minor differences (Some extra attributes here and there). Configuration wise all are same from WLS point of view. We define LDAPs Host, Port, admin useranme/password, User basedn and Group basedn. These are minimum things we need to know upfront.
  Thanks
  Ravi Jegga

• LDAP Address Book

  I'm setting up OS X mail and it is working perfect. The only problem is I use Apple's Open Directory and I want squirrelmail to look at it over LDAP to pull the address book. I have that working but it only searchs the email name not the givenname or otherfields. So, if I search for "pzie" it finds "[email protected]", but I search for "Pat" and it returns no results even though "Pat" is set up as givenname in Open Directory. I found the file that controls this. /usr/share/squirrelmail/functions/abookldapserver.php I would like it to be able to search more than one field. Has anyone already come acrosse this problem and fixed it?

  Originally Posted by mikebell90
  On 2/25/2010 5:06 PM, brianbe2 wrote:
  >
  > Hello folks,
  >
  > Our company is a mixed bag of GroupWise 7, Lotus/Domino, MS Exchange,
  > MS BPOS and Google Apps. We are trying to build a Global Address List
  > for our company and are testing by trying to feed our GroupWise Address
  > information via LDAP to our Domino/Lotus server and visa versa.
  >
  > We can query each others LDAP sources but are unable to find a method
  > of pullin and pushing LDAP information between server automatically. ur
  > thoughts are, it's just LDAP information, can't the two replicate to
  > each other so our users will have up to date addresses and contact
  > information?
  >
  > Hope someone finds this topic familiar and is able to assist.
  >
  > Thanks,
  > Brian
  >
  >
  Nope, that's a sadly simplistic view of LDAP. You can push and import
  stuff, but it's not just automatic.
  Thanks Mike,
  Yes, I WAS trying to make it simple as an opener to this discussion, trying to avoid detail for times sake.
  So, how can I push and import stuff?
  We are using LDAPAdmin to query the selected LDAP databases and finding good stuff. It would seem that someone would have a connector for LDAP, perhaps source agnostic, that could match attributes from one system to another, in this case GroupWises attributes don't exactly line up to Notes. Google Apps has an LDAP database we can query as well, I'm sure BPOS (Microsofts answer to Google Apps) does also.
  Can GroupWise import LDAP to assist in creating a GAL (Global Address List)?
  Thanks again,
  Brian

• Squid+Solaris10 zone+LDAP helpers --- make all problem

  Hi
  I have a blocking problem with the combination in subject.
  I need to run Squid in a Solaris 10 zone with basic auth on ldap dir. server.
  Actually my platform is sun fire x2200 (Amd 64) and Solaris 10 11/06
  with the last patch cluster just applied.
  I just installed from solaris official packages openldap-lib, gcc,
  gcc-runtime-libs, ecc ecc.
  and the source of squid come from the solaris companion cd (formally
  squid-2.5.STABLE7)
  My ./configure is
  bash-3.00# ./configure --prefix="/opt/products/squidOK"
  enable-storeio="null" enable-auth="basic"
  --enable-basic-auth-helpers="LDAP"
  --enable-external-acl-helpers="ldap_group"
  the output gone ok.. and then i run an
  bash-3.00# make all
  so it work for some seconds and then it exit with this output (I APOLOGIZE FOR THE LENGTH OF ATTACHMENT!!):
  Making all in icons
  Making all in errors
  Making all in doc
  Making all in helpers
  Making all in basic_auth
  Making all in LDAP
  source='squid_ldap_auth.c' object='squid_ldap_auth.o' libtool=no \
  depfile='.deps/squid_ldap_auth.Po' tmpdepfile='.deps/squid_ldap_auth.TPo' \
  depmode=gcc3 /bin/sh ../../../cfgaux/depcomp \
  gcc -DHAVE_CONFIG_H -I. -I. -I../../../include -I../../../include -g
  -Wall -c `test -f squid_ldap_auth.c || echo './'`squid_ldap_auth.c
  squid_ldap_auth.c: In function `open_ldap_connection':
  squid_ldap_auth.c:248: error: `LDAP_OPT_SUCCESS' undeclared (first use
  in this function)
  squid_ldap_auth.c:248: error: (Each undeclared identifier is reported only once
  squid_ldap_auth.c:248: error: for each function it appears in.)
  squid_ldap_auth.c:253: warning: implicit declaration of function
  `ldap_start_tls_s'
  *** Error code 1
  make: Fatal error: Command failed for target `squid_ldap_auth.o'
  Current working directory /opt/sfw/src/squid-
  2.5.STABLE7/helpers/basic_auth/LDAP
  *** Error code 1
  The following command caused the error:
  set fnord ; amf=$2; \
  dot_seen=no; \
  target=`echo all-recursive | sed s/-recursive//`; \
  list='LDAP'; for subdir in $list; do \
  echo "Making $target in $subdir"; \
  if test "$subdir" = "."; then \
  dot_seen=yes; \
  local_target="$target-am"; \
  else \
  local_target="$target"; \
  fi; \
  (cd $subdir && make $local_target) \
  || case "$amf" in *=*) exit 1;; k) fail=yes;; *) exit 1;; esac; \
  done; \
  if test "$dot_seen" = "no"; then \
  make "$target-am" || exit 1; \
  fi; test -z "$fail"
  make: Fatal error: Command failed for target `all-recursive'
  Current working directory /opt/sfw/src/squid-2.5.STABLE7/helpers/basic_auth
  *** Error code 1
  The following command caused the error:
  set fnord ; amf=$2; \
  dot_seen=no; \
  target=`echo all-recursive | sed s/-recursive//`; \
  list='basic_auth ntlm_auth digest_auth external_acl'; for subdir in $list; do \
  echo "Making $target in $subdir"; \
  if test "$subdir" = "."; then \
  dot_seen=yes; \
  local_target="$target-am"; \
  else \
  local_target="$target"; \
  fi; \
  (cd $subdir && make $local_target) \
  || case "$amf" in *=*) exit 1;; k) fail=yes;; *) exit 1;; esac; \
  done; \
  if test "$dot_seen" = "no"; then \
  make "$target-am" || exit 1; \
  fi; test -z "$fail"
  make: Fatal error: Command failed for target `all-recursive'
  Current working directory /opt/sfw/src/squid-2.5.STABLE7/helpers
  *** Error code 1
  The following command caused the error:
  set fnord ; amf=$2; \
  dot_seen=no; \
  target=`echo all-recursive | sed s/-recursive//`; \
  list='lib scripts src icons errors doc helpers'; for subdir in $list; do \
  echo "Making $target in $subdir"; \
  if test "$subdir" = "."; then \
  dot_seen=yes; \
  local_target="$target-am"; \
  else \
  local_target="$target"; \
  fi; \
  (cd $subdir && make $local_target) \
  || case "$amf" in *=*) exit 1;; k) fail=yes;; *) exit 1;; esac; \
  done; \
  if test "$dot_seen" = "no"; then \
  make "$target-am" || exit 1; \
  fi; test -z "$fail"
  make: Fatal error: Command failed for target `all-recursive'
  bash-3.00#
  Any Idea??
  A lot of thanks for any useful suggest.
  Fabio

  I don't know the cause, but i have a workaround.
  Extract ParamImpl.class file from
  D:\ORACLE\iSuites\panama\lib\panama_core.zip and put it in D:\ORACLE\iSuites\Apache\Jserv\servlets\oracle\panama
  Type http://<servername>/servlet/oracle.panama.ParamImpl in your browser's location .
  You should be able to access the Request Manager site.