Acl on ldap

does tuxedo 7.1 can use LDAP for ACL ?

Tuxedo supports user defined security... using custom written authsvr...
does this ring the bell... u can use LDAP calls and authenticate...
I am not sure if there is a direct way of using LDAP in Tuxedo..
HTH
MS
"amit" <[email protected]> wrote:
does tuxedo 7.1 can use LDAP for ACL ?

Similar Messages

ASA 5520: Retrieve user, group -and- lanlist (ACL) from openldap

hi,
while migrating from a VPN Concentrator 3000 to ASA 5520 (IOS 8.0.4), we'd like to put all VPN-related configuration settings in an openldap server (2.3.27).
We have trouble finding ways to put group settings, LanLists (as they were called on the Concentratror, or ACLs) and Lan2Lan configurations in LDAP.
Authenticating users through openldap works, and there seems to be a aaa-server command "ldap-group-dn-base", but it seems this is only used in conjunction with Active Directory, while we only use openldap.
Furthermore, ACL's seem to be indices refering to ACLs locally stored on the ASA: how to put the complete ACL in LDAP?
Preferred LDAP configuration:
VPN-users: ou=users,dc=vpn,dc=COMPANY,dc=com
VPN-groups: ou=groups,dc=vpn,dc=COMPANY,dc=com
VPN-L2L: ou=lantolan,dc=vpn,dc=COMPANY,dc=com
How to refer the ASA to an entry in ou=groups,... from an entry residing in ou=users?
Same question for LanLists. Is this possible?

Thank you. I did find the attribute map option, but the manuals and explanations that describe this feature all refer to group-settings (ACLs etc) that are _already configured_ on the ASA. They refer to a groupname or ACL-name that is "known" in the ASA configuration.
What we'd like to do is put -all- possible group, ACL, lan2lanlists, data in ldap. So when a user authenticates:
1. his user-credentials are checked against LDAP and relevant configurations (using attribute maps) are loaded into the ASA
2. his group-credentials are checked against LDAP and relevant group-configurations (using attribute maps) are loaded into the ASA
3. possible lan/network-lists to which his group-information refers, are loaded from LDAP into the ASA.
Perhaps I'm missing something, but I've found only ways to put the _name_ (/ID) of these settings in LDAP, referring to settings/configurations already existing in the ASA. I'd like to put _all_ the settings/configurations in LDAP as well.

Anonymous ACL is necessary?

In directory server I see the ACL:(target="ldap:///o=usergroup")(targetfilter=(!(objectclass=sunServiceComponent)))(targetattr != "userPassword||passwordHistory||passwordExpirationTime||passwordExpWarned||passwordRetryCount||retryCountResetTime||accountUnlockTime||passwordAllowChangeTime")(version 3.0; acl "DA anonymous access rights";allow (read,search,compare)userdn = "ldap:///anyone";)It is necessary for correct operation comm suite? I do not wish to give anybody anonymous access. May i delete it?
Another example:(target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";)Thus, any anonymous user can read whole branch o=usergroup.
Directory server and comm suite were installed on new installation solaris 10. No other software was installed and manually any ACL were not added.
Edited by: V.S. on Aug 16, 2009 5:10 AM

V.S. wrote:
In directory server I see the ACL:(target="ldap:///o=usergroup")(targetfilter=(!(objectclass=sunServiceComponent)))(targetattr != "userPassword||passwordHistory||passwordExpirationTime||passwordExpWarned||passwordRetryCount||retryCountResetTime||accountUnlockTime||passwordAllowChangeTime")(version 3.0; acl "DA anonymous access rights";allow (read,search,compare)userdn = "ldap:///anyone";)It is necessary for correct operation comm suite?The only way to know for sure will be to remove the ACI and see what breaks. One obvious issue you will have is with anonymous corporate address-book style access.
Another example:(target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";)
Why do you care if anybody can see the Directory Server schema?
Regards,
Shane.

LDAP as directory service and bind dn

hi, i dont want to bind with the manager user for a dt subtree, but when i create acl for a entry with all permitions for his acl i have permisions problems to create groups and organizational units in administration proxy
�i can only bind with a manager user?
�how i must config another user diferent a manager (i delete acl in ldap thats can bind anonymous)?
thanks

You can bind with a user dn instead of a manager, however you will have to give the user enough rights to create and delete other users. The directory server manual should explain more on this.

LDAP realm for authentication and ACL in Database

We are thinking of using LDAP realm for authentication and we want to use ACL from a Database. But the documentation says: "WebLogic Server defers to the LDAP realm for authentication, but not for authorization. Authorization is accomplished with access control lists (ACLs), which are defined in the weblogic.properties file"
Can we use LDAP realm for authentication and manage our ACL from a Database? or do we have to use the weblogic.properties file? Do the weblogic security API help in the above scenario? Thanks Ram

Unfortunately, there is no easy way to do this in wls 6.0.
The only way to handle it is to write your own custom realm
that uses ldap for users and groups and a database for acls -
probably not a viable alternative.
-Tom
"kevin doherty" <[email protected]> wrote:
>
Jeffrey Hirsch <[email protected]> wrote:
You should be able to use the DelegatedRealm interface to utilize the authentication methods from LDAP and the authorization methods from RDBMSRealm...
I'm trying to do this too, but we are using WL6 and I see that the DelegatedRealm interface has been deprecated in this version. I'd greatly appreciate more information on doing this in WL6.
Thanks!
-kd

LDAP AND ACL

Can we use the weblogic LDAP realm in any way to access the ACL which are stored in a netscape directory server.

It's not clear to me. I'm not familiar with how Process Integrator uses the
security in WLS since
they have implemented their own security schemes.
If Process Integrator just uses the LDAP realm provided in WebLogic Server
without modifications,
then your custom realm should be able to be used by Process Integrator. If
it provides its own,
then it is highly unlikely that it will work.
Paul Patrick
"Vibhu " <[email protected]> wrote in message
news:3a4cbb55$[email protected]..
>
Will this custom realm be able to function with process integrator.
"Paul Patrick" <[email protected]> wrote:
The current LDAP realm implementation does not support the use retrieval
of
ACLs, in any form,
from an LDAP directory server. You could develop your own LDAP-basedcustom
realm to
handle this.
Paul Patrick
"Vibhu S" <[email protected]> wrote in message
news:3a4b980d$[email protected]..
Can we use the weblogic LDAP realm in any way to access the ACL which
are
stored in a netscape directory server.

LDAP changing, ACL maintaining

Hi All,
we have SAP EP6 SP19. UME is against LDAP.
For business reasons, we need to change the LDAP name, mantaining the same schema, with the same ou, users and groups.
Is there a way to update unique ID in the UME, updating only LDAP name and without having impacts on KM ACL, roles assignements and PCD permissions?
Thanks in advance
Antonio

hi,
The reason for such occurrence was that, the UME (User Management Engine) assigns unique IDs to the LDAP users. By Default the unique ID contains the distinguished name of the user.
If the user is moved to a different location in the LDAP Directory, its distinguished name changes.
For example the unique ID of a user is
USER.CORP_LDAP.cn=testuser, ou=people, o=mycompany
If this user is changed to a different location for which ou=admins then the unique ID of the user is changed to
USER.CORP_LDAP.cn=testuser, ou=admins, o=mycompany
In this case the UME can no longer find any data associated with the user under the old unique ID and the data (role assignment or user mappings) stored in database for such users gets lost. So in this regard we have changed the configuration of the UME so that it no longer uses the distinguished name in the unique ID, instead we use a unique attribute that is never changed in the LDAP directory.
Apply the SAP note: 777640
Thanks and regards,
Kris

Creating ACL on a directory to allow a certain ou in LDAP

I can see from the documetation that we can apply ACL's to users and groups within LDAP. Is there a way to set the ACL to a particular ou with our LDAP.
ou=Fujitsu,ou=Customer,o=directory1.fnc.fujitsu.com
Thanks,
JB

I can not remember seeing one.
You can try writing your own LAS plugin and share it with us :
HERE IS VERY VERY OUTDATED ACL GUIDE But concepts of LAS plugin will be the same :
http://docs-pdf.sun.com/816-5643-10/816-5643-10.pdf

LDAP Authintication invalid ACL

Dear All,
i am using apex 4.2 with latest apex listner,oracle database 11g R2 64 bit, windows 7, internet explorer 9.
i want to configure ldap authintication.
i am following the following blog
http://ruepprich.wordpress.com/2012/11/02/ldap-authentication-with-apex/
i am stuck with the following line
l_principal VARCHAR2(30) := 'APEX_040100'; -- upper case
i have created the same trigger like below
DECLARE
l_acl VARCHAR2(100) := 'ldapacl2.xml';
l_desc VARCHAR2(100) := 'LDAP Authentication for ldap.hctsrvpdc01.hct.org';
l_principal VARCHAR2(30) := 'APEX_040100'; -- upper case
l_host VARCHAR2(100) := 'ldap.hctsrvpdc01.hct.org';
BEGIN -- Create the new ACL. -- Also, provide one starter privilege, granting the schema the privilege to connect.
dbms_network_acl_admin.create_acl(l_acl, l_desc, l_principal, TRUE, 'connect');
-- Now grant privilege to resolve DNS names.
dbms_network_acl_admin.add_privilege(l_acl, l_principal, TRUE, 'resolve');
-- Specify which hosts this ACL applies to.
dbms_network_acl_admin.assign_acl(l_acl, l_host);
COMMIT;
END;
but when i run it from sysdba, it give the following error
ERROR at line 1:
ORA-44416: Invalid ACL: Unresolved principal 'APEX_040100'
ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 252
ORA-06512: at line 7
how to fix this issue? what is the l_principal VARCHAR2(30) := 'APEX_040100';??? how could i sure it is APEX_040100?
Regards.

thank you christian,
but it give a new error now, actually i have configured ldap long before on this dataabse.
the error is below.
ERROR at line 1:
ORA-31003: Parent /sys/acls/ already contains child entry ldapacl.xml
ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 252
ORA-06512: at line 7
kindly guide for workaround.
regards.

LDAP Realm & ACLs

i'm using WL510sp8 with a Netscape Dir Server...
when i start weblogic with the LDAP Realm configured it takes forever (20+ minutes) to start up because weblogic goes to the realm and ldap to check other acls in weblogic.properties like "everyone" and "system"...
how can i get around having these other acls checked in the ldap server??? subclass LDAPRealm and stop it manually? delegating realm with both ldap and wlproperties???
thanks
mal

"Mike Westaway" <[email protected]> wrote in message
news:[email protected]..
>
My weblogic web application is configured to authenticate against a groupin an ldap
realm using basic authentication.
This all works just fine.
But now I want to query the LDAP server in the context of the current userto find
out what directory entries I have read/write acecss to.
I don't believe there is any method in the LDAP realm that would allow you
to do your own
queries against the LDAP server.

ACL LDAP

I have a statement in my PIX that says:
access-list 101 permit tcp host 192.168.1.21 255.255.255.255 10.0.0.36 eq ldap
I need to put a similiar statement on an ACL that i am building for my catalyst. However there is no eq ldap in my cat ios. should i just add the following to the acl:
TCP port 389 for client communications
TCP port 636 for SSL communications
TCP port 3268 for communications to Global Catalog server
TCP port 3269 for SSL communications to Global Catalog server

I think these commands are applied based on your cat switch.what is the pix router and the cat switch model u r using? what ios is there in ur switch?for each switch or router model/ios , there is a separate document for their configuration.So,if u mention ur switch model,then it will be easy for me to drill through and provide u with a more appropriate reply.

LDAP ACL Rights

Hi all,
The LDAP ACL Rights are visible or only available in the Directory Server but it is not reflected when connected to the portal. And the Roles are mainly reflected from the portal. More specifically when admin rights are assigned in the portal, that overrides the acl rights provided in the Directory server. Can anyone clarify this how and why admin rights assigned in portal overrides the acl rights assigned in the directory server?
Thanks in advance.
Vijay

hi
please go through this link
http://help.sap.com/saphelp_nw04/helpdata/en/eb/00954081efb90ee10000000a155106/content.htm
please don,t forget to give points
with regards
subrato kundu

Change LDAP, mantaining ACLs

Hi All,
we have SAP EP6 SP19. UME is against LDAP.
For business reasons, we need to change the LDAP name, mantaining the same schema, with the same ou, users and groups.
Is there a way to update unique ID in the UME, updating only LDAP name and without having impacts on KM ACL, roles assignements and PCD permissions?
Thanks in advance
Antonio

hi,
The reason for such occurrence was that, the UME (User Management Engine) assigns unique IDs to the LDAP users. By Default the unique ID contains the distinguished name of the user.
If the user is moved to a different location in the LDAP Directory, its distinguished name changes.
For example the unique ID of a user is
USER.CORP_LDAP.cn=testuser, ou=people, o=mycompany
If this user is changed to a different location for which ou=admins then the unique ID of the user is changed to
USER.CORP_LDAP.cn=testuser, ou=admins, o=mycompany
In this case the UME can no longer find any data associated with the user under the old unique ID and the data (role assignment or user mappings) stored in database for such users gets lost. So in this regard we have changed the configuration of the UME so that it no longer uses the distinguished name in the unique ID, instead we use a unique attribute that is never changed in the LDAP directory.
please follow the SAP note: 777640
This will resolve ur issue.
Thanks and regards,
Kris

Python ldap write access (acl) from another machine?

i've downloaded and installed:
http://python-ldap.sourceforge.net/
and used this example code:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/303336
and i'm using this code to connect to another machine that is running a vanilla install of leopard 10.5.2.
The search works fine, but add and delete return this error:
{'info': 'no write access to parent', 'desc': 'Insufficient access'}
It would appear that the default acl for * doesn't allow for other computers to have write access?
access to *
by set="user/uid & [cn=admin,cn=groups,dc=test,dc=mydomain,dc=com]/memberUid" write
by dn.exact="cn=test.mydomain.com$,cn=computers,dc=test,dc=mydomain,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by * read
What I don't understand about acls is: are the 'by' lines all additive? if I was to add a new acl like the one below, will that give other computers, when authenticated as someone in the admin group, write access?
It would appear that the default acl for * doesn't allow for other computers to have write access? or commenting out the dn=exact and sockurl?
access to *
by set="user/uid & [cn=admin,cn=groups,dc=test,dc=mydomain,dc=com]/memberUid" write
by * read
do i add this to /etc/openldap/slapd_macosxserver.conf and restart the server?

Hi,
You can check these few text-book style troubleshooting steps :-
1. Can you PING the system computername from another System ?
2. Can you check the ServerName Parameter in httpD.Conf of your IAS's Apahce & check if it contains computername ?
3. Can you check if you can access http://computername:7777 or http://computername:7778 ( Default Ports ).
4. Can you Telnet to computername at Port 80 ( using some software like Putty ) and issue Http Commands like GET / HTTP/1.1 ( just to check if the port is open ) ?
Regards,
Sandeep

Issue after ldap syncronization enabled in oim 11.1.1.5.0 unable to create user in oim console

Hi Experts,
I installed oim 11.1.1.5.0 and enabled ldap sync OID 11.1.1.6.0 and after completion of deployments i tried to create user from OIM admin console resulted in error.if i create roles it is working fine.I can see the same roles in OID.
Error message:
[2013-09-26T15:46:02.706+05:30] [oim_server1] [NOTIFICATION] [IAM-0080006] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Orchestration process moved to failed stage, and the corresponding error is - {0}[[
oracle.iam.platform.kernel.EventFailedException: Failed to find obpasswordexpirydate in mandatory or optional attribute list.
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPHandler.execute(UserCreateLDAPHandler.java:98)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.create(UserManagerImpl.java:653)
at oracle.iam.identity.usermgmt.api.UserManagerEJB.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy329.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy184.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy323.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManagerDelegate.create(Unknown Source)
at oracle.iam.identitytaskflow.backing.taskflows.createuser.CreateUserView.saveUserOperation(CreateUserView.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.sun.el.parser.AstValue.invoke(Unknown Source)
at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:46)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: oracle.iam.platform.entitymgr.ProviderException: Failed to find obpasswordexpirydate in mandatory or optional attribute list.
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:303)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPreProcessHandler.createUser(UserCreateLDAPPreProcessHandler.java:193)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPHandler.execute(UserCreateLDAPHandler.java:84)
... 111 more
Caused by: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - LDAP Error 65 : [LDAP: error code 65 - Failed to find obpasswordexpirydate in mandatory or optional attribute list.]]; remaining name 'uid=400011,ou=identity,ou=ubank,ou=users,ou=external,dc=national,dc=com,dc=au'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3063)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:801)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:337)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:266)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:200)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.createSubcontext(LDAPUtil.java:1045)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.create(LDAPDataProvider.java:487)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:291)
... 113 more
[2013-09-26T15:46:02.842+05:30] [oim_server1] [NOTIFICATION] [IAM-3050144] [oracle.iam.identity.usermgmt.impl.handlers.create] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Compensate method called in pre-process handler of user operation CREATE with process Id 87 and event Id 494
[2013-09-26T15:46:02.862+05:30] [oim_server1] [NOTIFICATION] [IAM-3010089] [oracle.iam.ldapsync.impl.eventhandlers.user] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Compensate method called in pre-process handler of user operation CREATE with process Id 87 and event Id 485
[2013-09-26T15:46:02.902+05:30] [oim_server1] [NOTIFICATION] [IAM-0080046] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Completed orchestration with action result - null
[2013-09-26T15:46:02.911+05:30] [oim_server1] [NOTIFICATION] [IAM-3050031] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] The result of the CREATE operation is null.
[2013-09-26T15:46:02.915+05:30] [oim_server1] [ERROR] [IAM-3050030] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] An exception occurred while performing the operation.[[
oracle.iam.platform.kernel.EventFailedException: Failed to find obpasswordexpirydate in mandatory or optional attribute list.
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:817)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.create(UserManagerImpl.java:653)
at oracle.iam.identity.usermgmt.api.UserManagerEJB.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy329.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy184.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy323.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManagerDelegate.create(Unknown Source)
at oracle.iam.identitytaskflow.backing.taskflows.createuser.CreateUserView.saveUserOperation(CreateUserView.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.sun.el.parser.AstValue.invoke(Unknown Source)
at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:46)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
[2013-09-26T15:46:02.916+05:30] [oim_server1] [ERROR] [] [oracle.iam.identitytaskflow.logging] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] IAM-3060023
[2013-09-26T15:46:04.026+05:30] [oim_server1] [NOTIFICATION] [IAM-0060016] [oracle.iam.platform.auth.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005988,0] [APP: oim#11.1.1.3.0] The IP address from which browser is triggered is 148.87.19.45
Please suggest me on this.
Best regards,
Srikanth Vadlamudi.

check this link:
Updating Existing LDAP Users with Required Object Classes
http://docs.oracle.com/cd/E29597_01/fusionapps.1111/e21032/oim.htm

Acl on ldap

Similar Messages

Maybe you are looking for