2004s - Users in LDAP,

Similar Messages

• Fatal error 78: Cannot connect to User Group LDAP Server

  After configuring Calendar server when trying to start:
  give following error:
  # ./start-cal
  Restarting calendar services
  Stopping all calendar services
  Starting all calendar services
  # enpd is started
  csnotifyd is started
  csadmind is started
  Fatal error 78: Cannot connect to User Group LDAP Server
  cshttpd is not started
  Calendar service(s) not started
  cshttpd is not started
  Calendar service(s) not started
  Following logs are from http logs of calendar server
  [13/Sep/2004:22:02:47 +0100] Vigor11 cshttpd[17916]: General Information: Log created (1095109367)
  [13/Sep/2004:22:02:47 +0100] Vigor11 cshttpd[17916]: General Notice: Sun Java System Calendar Server 6 2004Q2 (built Apr 28 2004) cshttpd starting up
  [13/Sep/2004:22:02:47 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd attempting to open Counters Database
  [13/Sep/2004:22:02:47 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd successfully opened the Counters Database
  [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: HTTP Module is refreshing
  [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd is refreshing
  [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd is refreshed
  [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: HTTP Module has refreshed
  [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd: argc=3 argv[0]=/opt/SUNWics5/cal/lib/cshttpd
  [13/Sep/2004:22:02:48 +0100] Vigor11 cshttpd[17916]: General Notice: session_init: attempting to open session database for cshttpd
  [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: General Notice: session_init: session database open completed for cshttpd
  [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: Store Critical: Error checking session database: DB->set_alloc: method not permitted in shared environment
  [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: General Notice: LdapCacheInit: Ldap Cache not enabled.
  [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: General Notice: cshttpd_parse_commandline: successfully bind process 17916 to processor 0
  [13/Sep/2004:22:02:49 +0100] Vigor11 cshttpd[17916]: General Critical: Fatal error 78: Cannot connect to User Group LDAP Server
  Have any body seen this before.
  Regards

  The server was running fine for few months until i restarted the calendar server. i started to see the same error and the problem was the machine name got changed at some point.
  I added the old hostname to the /etc/hosts file and restarted the calender server and it started to work fine.

• Error while creating user in LDAP (MS ADS) from SAP Portal 7.0

  Hi,
  Is it obliged to use SSL connection to create new user in LDAP (MS ADS) from SAP Portal 7.0 ?
  I've configured the UME with ldap server adress and port 389. And use configuration file "dataSourceConfiguration_ads_writeable_db.xml"
  I succeed to view users existing in LDAP but when I try to create new user I've the following error message:
  LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0)
  Thanks and regards

  check this link
  http://help.sap.com/saphelp_nw70/helpdata/EN/37/cfd93f130f9115e10000000a155106/frameset.htm
  and at the end of the page there is a qoute "We strongly recommend that you configure SSL between the UME and the LDAP directory. Some LDAP directories, such as Microsoft Active Directory Server, require an SSL connection if you want to create users on the LDAP directory"
  hence follow this link to configure SSL
  http://help.sap.com/saphelp_nw70/helpdata/EN/7d/77fa735e5f47a2a50b5336fd1b5a61/frameset.htm
  hope this helps..
  [Rahul|http://rahulursportal.blogspot.com/]

• Error while create user in LDAP - LDAP: error code 1

  Hi Guy's, I am getting below error while creating user in LDAP MS AD.
  cn=3001,ou=sAP_IDM,dc=springswf,dc=comcn<mx:TEXT>putNextEntry failed storingOU=SAP_IDM,DC=springswf,DC=com</mx:TEXT>
  <mx:LTEXT>Exception from Add operation:javaxnaming.NamingException: {LDAP: error code 1 = 00000000: LdapErr: DSID-OC090AE2, coment: In order to perform this operation a successful bind must be completed on the connection.,data0,vece
  Steps I am following:
  1. create a job through wizard and pick from (IC->jobs->Active Directory->Create Active Directory User)
  2. Destination tab values that I am passing:
  dn: cn=Dummyuser,ou=SAP_IDM,dc=<main domain>,dc=com
  objectClass: top|person|organizationalPerson|user
  sn: Surname
  givenName: GivenName
  displayName: Dummy user displayname
  Under <main domain> an OU has been created called SAP_IDM for testing user creation from IDM.
  Admin user account created called <XYZ> and has full control over SAP_IDM OU.
  I am passing <XYZ> credentials into my job for user creation.
  Thanks for you help!

  Farhan,
  Based on the error message presented,
  In order to perform this operation a successful bind must be completed on the connection
  Make sure that you're using the correct information to do the AD Bind.  User name should be something like cn=administrator,cn=users,dc=xxx,dc=xxx and the proper password.
  Matt

• Problem with activesync provisioning user from  ldap to red hat

  hello,
  i am using activesync to provision the user from ldap to red hat linux . i am getting the following error message
  An error occurred adding user '#########' to resource 'Red Hat Linux'.
  Script failed waiting for " PASSWORD:" in response "passwd: Only one user name may be specified.
  _,)#+(:"
  Script processor timed out with nothing to read and the following unprocessed text: "passwd: Only one user name may be specified.
  _,)#+(:".
  when to try to assign redhat resource to a user from the idm the user is getting provisioned to redhat successfully .active sync form is working for all the other resource except the redhat.
  can anyone give me solution for the above problem
  thanks in advance.

  Have you set the xhost as ROOT (xhost +hostname), and then as the ORACLE user type "export DISPLAY:0.0" (without the quotes of course) ? This needs to be done prior to running the installer. Try this site for further information - http://www.puschitz.com/OracleOnLinux.shtml

• Question on LDAPSync Post Enable Provision Users to LDAP task

  Hi All,
  Can you please clarify my doubt on
  I created a user "testaccount" in OIM and via ldapsync, it gets created in OID.
  Now, I manaully deleted that user "testaccount" in OID and wants to recreate the user account again in OID. Will this schedule task "LDAPSync Post Enable Provision Users to LDAP" solve my purpose or not?
  Regards,
  Sunny

  I would not expect the account to be re-created. As far as OIM concerned it is in OID, as it was reconciled from OID, and OIM has a record of it's DN and GUID. If OIM later sees the account as disappeared it just treats this as an operation error, and does not update itself to say the account is deleted.
  Have you run the LDAP Sync user deletion reconciliation job? If so it should have deleted the user in OIM. You can then create a new user with the same name (but different logon unless you set the system property to allow logon re-use), to create a new OID account.
  If you do want to create the same user in OID without deleting and recreating the OIM user, via this post-create scheduled it is possible, but involves messing about with the OIM user record in the database to cleat out its old DN and GUID. In that way OIM thinks the user is not in LDAP and should try to recreate.

• Problem to move user in LDAP with the function DBMS_LDAP.rename_s

  Hello,
  I want to move a user in Active Directory, but this function i can only change his "cn". And when I use an invalid DN I have no error.
  My syntax is:
  retval := DBMS_LDAP.rename_s ( emp_session, my_dn,'cn=nom prenom', 'OU=test,DC=XXX,DC=org', 1, NULL, NULL );
  The value of my_dn is :'CN=nom prenom,OU=COMMUNICATIONS,OU=DIRECTION GENERALE,OU=test,DC=XXX,DC=org'
  And 'OU=test,DC=XXX,DC=org' is the new DN, but the user don't move...
  What is the problem????
  How can I move a user in LDAP with DBMS_LDAP?????
  Thanks you very much,
  Matthieu.

  If I use only the -N option without -R option
  ex:ldapmoddn -p 389 -h 190.57.160.24 -D "CN=administrateur,CN=USERS,DC=xxx,DC=org" -w xxx -b "CN=a,OU=test,dc=xxx,dc=org" -N "dc=xxx,dc=org"
  I have this error:
  "ldap_rename_s: Protocol error
  ldap_rename_s: additional info: 00000057: LdapErr: DSID-0C09080A, comment: Error in attribute conversion operation, data 0, v893"
  Can you help me please?????
  Matthieu

• I want to store my EP users in LDAP

  Hello:
       Everyone!
       I want to store my EP users in LDAP
       I know the main two steps:
          1 Configuring EP UME to Use an LDAP Server as Data Source
           2 keep the consistent with users in R3 and LDAP
  Pleast someone give me a good idea!

  Hi Le Xian
  The user management engine (UME) can use an LDAP directory as its data source for user management data. You can connect the LDAP directory as a read-only data source or as a writeable data source.
  Check out this Thread..
  [Re: What is Portal Ldap Directory]
  Also Start from Basics....
  [http://help.sap.com/saphelp_nw70/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm]
  & [http://help.sap.com/saphelp_nw70/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm]
  Thanks....

• Creating user with LDAP Intergrated

  Hi Guys,
  I just sync with LDAP with SAP (ABAP) and its came out nicely.But there's still some questions about how to use this (FYI, the LDAP Server are the leading systems) :
  - How to create a new user from SAP, is it SU01 or from LDAP tcode?
  - As for mapping , do I need to run the RSLDAPSCHEMAEXT on SE38 if LDAP Server is the leading system? Our LDAP server are running on Tivoli
  - If I have to create user from tcode LDAP, do I need to put these syntax: dn=,cn=,sn=...etc?
  Thank You in return

  Hi,
  You can use SU01 or U can create the user in LDAP not using LDAP tocde.Yuo can create the user in LDAP directory and then sync the users by running the report.
  Regards,
  Vamshi.

• Importing users from LDAP source

  Importing users from LDAP source, "first name"/"last name" are not imported.
  Is there a way to get those from LDAP source?

  Not currently. This is something we expect in a release late this year/early next as we introduce additional LDAP support enhancements.
  Jason
  >>> ZGajsak<[email protected]> 8/29/2012 3:16 PM >>>
  Importing users from LDAP source, "first name"/"last name" are not
  imported.
  Is there a way to get those from LDAP source?
  ZGajsak
  ZGajsak's Profile: http://forums.novell.com/member.php?userid=14389
  View this thread: http://forums.novell.com/showthread.php?t=459442

• Single amserver.war force to store users in LDAP

  Hello everyone!
  I've installed Sun Directory Server EE, and now am trying to install Access Manager 7.1u1 as a single war (Solaris 10 x86). I am following steps as described here http://developers.sun.com/identity/reference/techart/install.html . But even if I provide correct ldap connection info on /amserver/configurator.jsp , AM still stores users not in LDAP. After configuration AM login page says that "This server uses Data Store Authentication". There are no user records in ldap.
  So, how can I force AM to use LDAP as primary users datastore?
  This is needed by PS7.2 installer that searches specific users in ldap (amldapuser maybe), does not find them and exits.

  Hi,
  That's quite easy. you change the type of data store from the Sun Access Manager console.
  Follow these steps:
  1. Login in to Sun Access Manager Console-> under your subrealm.
  2. delete the default data store.
  3. configure your datastore i.e., your ldap.
  4. Create a new authentication module of type LDAP from Authentication tab under your subrealmand specify your datastore in it.
  5. Modify authentication chain from Authentication tab to point to newly created authentication module.
  6. save the changes & Restart the Sun Access Manager.
  I am sure after this configuration AM login page will says that "This server uses LDAP Authentication".
  Let me know if you need more help.
  Cheerio
  Sunny

• Defining ORACLE users in LDAP/AD only ?

  Hi,
  I have a question :
  my customers would like to define ORACLE database users in LDAP (or Active Directory) ONLY : without issuing a CREATE USER at the database level.
  Is that possible ? If yes, with which tool/product ?
  Thanks for your help.
  Pierre

  Yes. You can do it. Its easy. You need to use enterprise security.

• Unable to create a User on LDAP instance

  Hi,
  I'm trying to add a user on LDAP resource. But every time when i try to assign this resource, i recieve the below error:
  "*Missing attribute nmid required by identity template for resource "XXXXLDAP*"
  The Identity Template is *uid=$nmid$,ou=Users,ou=ItemWorkFlow,ou=Application,o=auth*
  The user's "nmid" is properly updated.
  One more thing is, when we try creating users on this LDAP server with the help of Flat File Active Sync process by inputting a CSV file on IdM, the users are properly getting created!
  But assigning the resource directly from IdM is not working fine, which is something strange!!
  Can anyone help us on this

  Please see the following knowledge document available on My Oracle Support:
  Oracle Waveset / Exception occurs: com.waveset.util.WavesetException: Missing attribute <attribute> required by the identity template for resource <resource_name> (Doc ID 1451818.1)

• Creating user in LDAP using Oracle Identity Store API

  We are trying to create users in LDAP (open LDAP) using Oracle's Fusion Middleware's Oracle Identity Service API. Here is my code snippet to create user,
            final IdentityStoreService identityStoreService = jpsContextFactory
                      .getContext().getServiceInstance(IdentityStoreService.class);
            IdentityStore idmStore = identityStoreService.getIdmStore();
            final Property statusProperty = new Property("status", Arrays.asList("active"));
            final PropertySet propertySet = new PropertySet();
            propertySet.put(statusProperty);
            idmStore.getUserManager().createUser("userid", new char[0], propertySet);
  but I am getting this error
  Caused by: oracle.security.idm.IMException: Mandatory attribute missing :status
       at oracle.security.idm.providers.stdldap.util.LDAPRealm.createUser(LDAPRealm.java:139)
  even though I am clearly adding the attribute as mentioned above, am I missing any thing?
  Thanks for your help :)
  Full stack trace:
  oracle.security.idm.OperationFailureException: oracle.security.idm.IMException: Mandatory attribute missing : status
       at oracle.security.idm.providers.stdldap.util.LDAPRealm.throwException(LDAPRealm.java:785)
       at oracle.security.idm.providers.stdldap.util.LDAPRealm.createUser(LDAPRealm.java:153)
       at oracle.security.idm.providers.stdldap.LDUserManager.createUser(LDUserManager.java:170)
       at oracle.security.idm.providers.stdldap.LDUserManager.createUser(LDUserManager.java:121)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:173)
       at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:89)
       at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:61)
       at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:75)
       at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
       at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
       at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
       at java.util.concurrent.FutureTask.run(FutureTask.java:138)
       at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
       at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)
       at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
       at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:118)
       at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:208)
       at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
       at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:205)
       at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:113)
       at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184)
       at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
       at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
  Caused by: oracle.security.idm.IMException: Mandatory attribute missing :status
       at oracle.security.idm.providers.stdldap.util.LDAPRealm.createUser(LDAPRealm.java:139)
       ... 52 more
  Edited by: 940837 on Jun 14, 2012 5:00 PM

  URGENT** How to change  OIM user password from outside OIM

• HI I am facing problem to disable user in LDAP thru SIM

  Hi,I have configured LDAP directory server in sun IDM.
  after creating the user in IDM & LDAP I am trying to disable the user both in SIM as well as LDAP,in the IDM repository it is showing as the user in LDAP got disabled but actually in LDAP the user account is in active state.
  I am not understanding why this problem is coming.Earlier when I tried to diable the user in LDAP thru IDM it was working fine but it is not working now.It is very urgent for me.Can anyone tell the reason.?Any advices will be helpfule.

  There are two ways of disabling ANY account on ANY resource through resourc adapter.
  1) use native method, if it exists.
  2) change password to some value which matches password policy AND completely forget this password.
  The first method is used for some adapters, Oracle for example.
  The second method is used more widely, for Solaris, Redhat Linux, LDAP... and many other resource.
  I believe that they made LDAPResourceAdapter using DisableUser this way so that it can be used for comunicating with non-sun directory servers as well.
  So, disabling user from Identity Manager does not disable the user through setting any native flag on JES Directory Server, but by changing and forgetting password AND marking that account as "disabled" in the Identity Manager instead.
  The user cannot log on anymore, so the "disable" is ok. Although you cannot see that the user is disabled using common ldaptools.