ACS TACACS Custom Attributes
I have users that require multiple custom attributes under the TACACS configuration. Below are the two that are required, one is for Cisco UCS and the other is for MDS. My question is what is the format to get both of them to work for the same user? Individually they work fine, but when both are configured for the same user, the UCS "admin" privilage seems to work, but I'm only able to get "read" for the MDS. I've had this working before, and can't figure out what the trick was the first time around. Thanks.
cisco-av-pair*shell:roles*"admin"
shell:roles=“network-admin vsan-admin”
You can also configure optional custom attributes to avoid conflicts with non-MDS Cisco switches using the same AAA servers.
cisco-av-pair*shell:roles*"network-admin vsan-admin"
Configuring TACACS+: on cisco MDS 9000
http://www.cisco.com/en/US/partner/products/ps5989/products_configuration_guide_chapter09186a008049b8ed.html#wp1244464
If you have this Cisco-av-pair:
cisco-av-pair*shell:roles*"admin" --> Then it means it's optional, this would be the preferred method.
You can get a list of roles on UCS:
http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/gui/CLI_Config_Guide_chapter9.html#concept_E41FB2D2F363406EAC1011CC59B5D4BB
HTH
JK
Do rate helpful posts-
Similar Messages
-
Multiple instance of custom attributes ACS 5.x
Hello,
is there a way to have multiple instances of user custom attributes and
insert those as multiple instances of the A/V Pair in the authorisation profile in ACS 5.2/5.3 ?
Background:
We have to migrate a ACS 4.2 to 5.3.
In ACS 4.2 our client used the multiline attribute
Number
Name
Description
Type of Value
Inbound/Outbound
Multiple
22
Framed-Route
Routing information to configure for the user on this AAA client. The RADIUS RFC (Request for Comments) format (net/bits [router [metric]]) and the old style dotted mask (net mask [router [metric]]) are supported. If the router field is omitted or zero (0), the peer IP address is used. Metrics are ignored.
String
Outbound
Yes
to specify multiple routes to various networks in the RADIUS reply spcific for every single PPP username of routers dialing in.
Using the internal user database, extended by a string attribute and using that attribute as source of a dynamic value
in the access-policy works basically.
But as I have only ONE single line instance of the attribute for every user, I can only return ONE framed-route.
We have lots of cases where multiple routes have to be assigned to one router.
I 'd like to avoid defining a seperate access profile for every remote RAS router for external PPP Dial-In...
I Think Jack here https://supportforums.cisco.com/thread/2032506 has a simmilar issue...
Any idea?
Thanks, FrankI had to do this once and I created several custom attributes
-Route1 (String)
-Route2 (String)
-Route3 (String)
etc ...
And in the authorization profile you return all those custom attributes as Framed-route. I was actually sending up to 10 Framed-Routes contained in 10 different attributes. -
ACS 5 search in custom attributes
Hi there
on ACS 5 we have the possibility to add custom attributes under System Administration > Configuration > Dictionaries > Identity > Internal xxx.
At the moment there seems no way to search for a value of a custom attribute or even display a column with the custom attribute under Internal Users or Internal Hosts. Does Cisco have plans to implement this in the future?
Thanks and best regards
DominicGood question, I'd like to know this as well for the netscreens. For junos, this is how I tried to do it (you would drop the "netscreen" from yours, but not sure if you would add both as mandatory)
Acs4.x setup
junos-exec
local-user-name=readonly
acs5.2 setup
attribute - local-user-name
value - readonly
mandatory
# junos config
login {
class admin {
idle-timeout 30;
permissions all;
class read-only {
idle-timeout 30;
permissions [ view view-configuration ];
user admin {
class admin;
user readonly {
class read-only;
The problem I have though, is this fixes my login to work to my JunOS devices, but it breaks the authentication to my Cisco IOS devices. The AAA logs show that the authentication succeeded, but the router says "authorization failed". Once I remove either the attribute from my shell profile, or make it optional then the Cisco router works for auth, but the JunOS device stops working (The username it tries to use is "remote" instead of the user I am trying to authenticate with). -
Custom attributes not available in ACS version 4.1
We're trying to enable "authorization" on some new Cisco ACE devices. We're running ACS for Windows 4.1 and don't have a "custom attributes" checkbox to check. Is this not a feature in version 4.1.1?
Thanks,I think it is present in the ACS 4.1.1. The limitation on the custom attributes (of 31,000 as CSAdmin indicates) is that in the T+ Settings per User Group Configuration page, which is accessed from the Interface Configuration page, if you add the 1201st entry in the custom attribute field, the browser crashes.The custom attribute field is currently limited to 31KB (approximately 1,200 attributes.
-
Config the TACACS+ Accounting attributes
hi,
the ACS4.1 as AAA server using TACACS+ ,the customer wants to record the command they used when they loggined the AAA client ,how to config the TACACS+ Accounting attributes ?These commands will perform accounting records whenever a level 0,1,15 command is used
This is logged to the
"Reports and Activities" -> "TACACS+ Administration"
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+ -
Issue with Sorting by Custom Attributes
In our custom SES query application, I am trying to implement sorting at the custom attribute level. I am having difficulty in understanding exactly how to set the options on doOracleOrganizedSearch() to achieve the desired result.
We have a table based content source and allow a user to search via custom search attribute. We are also going to allow them to sort by custom attribute.
For example, say we have a Project content source and one of the attributes is "Client Name". Users are going to be able to sort by client name (A-Z and Z-A). I have a prototype working but it only seems to work if I set topN to a very high number.
I want to bring back the first 10 documents sorted by Client Name A - Z and allowing paging to the next set of sorted results. My prototype works if I set topN to 1000 (more than the # of results) but does not work if I set it to 10 (# of results I want to display per page).
Below if my code. Note I am not setting the group attribute or the cluster list. Perhaps this is the issue?
Many thanks in advance!
OracleResultContainer results = service.doOracleOrganizedSearch
(this.m_query, // query
this.m_docsRequested, // topN
this.m_startIndex, // startIndex
new Integer(10), // docsRequested
this.m_dupRemoved, // dupRemoved
this.m_dupMarked, // dupMarked
this.m_searchDataGroup, // groups
this.m_queryLang, // queryLang
this.m_docLang, // docLang
this.m_returnCount, // returnCount
this.m_filterConnector, // filterConnector
filters, // filters
this.m_fetchAttributeNames, // fetchAttributeNames
null, // searchControls
null, // groupAttr
this.m_sortAttributes, // sortAttrList
null); // clusterListHi Nikola,
in 9.0.1 even if you rewrite the web interface you can't sort files by custom attributes setting a SortSpecification to a Folder. You can only sort by base attributes with getItems(). To get item sorted on custom attributes you must perform a search (a lot more codelines).
Regards, Alessandro -
Limitation on number of custom attributes visible
Hi,
I am using OIM 11g.
All the custom attributes are visible on the create user form. I am able to see only 8 custom attributes on the modify user form.
The visible property of all the attributes is set to true. I cannot modify the attribute once its created at the user creation.
Can someone please help me out?
Thanks...I got it resolved.
Permissions in the access policies were not enabled for the remaining attributes. -
Tar: 7340338.994
OID Version: 10.1.2.0.2
We are trying to encrypt the custom attribute ( ssn, answer ). How do we encrypt the custom attribute ? This is security requirement.
I find nothing in the admin guide and I am not even sure we can do this. Does anyone know how to encrypt a custom attribute?
I am thinking at best this is an Enhancement Request.Several ways:
1. Write a plugin: http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14082/plugin_intr.htm#i120282
2. Put OVD in front of OID, point the application to OVD and write a plugin for OVD: http://download.oracle.com/docs/html/E12283_01/java_plug_ins.htm#CIHBDHHE
3. If you can find the attribute in ODS schema, try encryption at the database level with TDE or VPD. Actually I am not sure it will carry over to LDAP interface..probably not but it's worth a try
4. Have the application do it? -
Problem with setting custom attribute and it being searchable
I'm having an issue with setting a custom attribute and having it be searchable using Portal 10.1.4. The situation that we have is that we initially added a bunch of files to Oracle Portal using webdrive. Later on, we decided that we needed another custom attribute called "Pinned Item" that will be used for searching (boolean value) and gave it a default value of false. The attribute was then added to the "File" item type in the "Shared Objects" group.
It appears that since this attribute wasn't initially available on the file object, we couldn't search on it so we decided to set it programatically. First, I tried using wwsbr.set_attribute but it errored out seemingly because the value wasn't set in the first place. If I set a value first by using the web front end, I could then use the set_attribute procedure.
So, I moved on to using wwsbr_api.modify_item and it appears to set it (although everything is being set to false until I changed it to "text" instead of "boolean" which is OK because that's what I wanted anyway... see metalink bug 390618.1). I'm using the method outlined in metalink doc 413079.1. When I do set it to a "1", and edit the item the check box is checked indicating that it is set correctly. And if I just click "OK" to save the attributes after I open it everything works like it should.
However, the advanced search (and custom search portlet) and the search APIs are not picking it up. I'm not sure if I'm hitting Metalink bug ID 5592472 or not as that's using the "set_attribute" procedure instead of the modify_item procedure. And their "workaround" of setting the attribute in the UI isn't really feasible for a couple thousand files.
So far I've tried the following things to get it working:
1. I am calling wwpro_api_invalidation.execute_cache_invalidation
2. I have executed wwv_context.sync
3. I cleared the page group cache
4. I invalidated all of the web cache
Does anyone else have any other suggestions?I'm having an issue with setting a custom attribute and having it be searchable using Portal 10.1.4. The situation that we have is that we initially added a bunch of files to Oracle Portal using webdrive. Later on, we decided that we needed another custom attribute called "Pinned Item" that will be used for searching (boolean value) and gave it a default value of false. The attribute was then added to the "File" item type in the "Shared Objects" group.
It appears that since this attribute wasn't initially available on the file object, we couldn't search on it so we decided to set it programatically. First, I tried using wwsbr.set_attribute but it errored out seemingly because the value wasn't set in the first place. If I set a value first by using the web front end, I could then use the set_attribute procedure.
So, I moved on to using wwsbr_api.modify_item and it appears to set it (although everything is being set to false until I changed it to "text" instead of "boolean" which is OK because that's what I wanted anyway... see metalink bug 390618.1). I'm using the method outlined in metalink doc 413079.1. When I do set it to a "1", and edit the item the check box is checked indicating that it is set correctly. And if I just click "OK" to save the attributes after I open it everything works like it should.
However, the advanced search (and custom search portlet) and the search APIs are not picking it up. I'm not sure if I'm hitting Metalink bug ID 5592472 or not as that's using the "set_attribute" procedure instead of the modify_item procedure. And their "workaround" of setting the attribute in the UI isn't really feasible for a couple thousand files.
So far I've tried the following things to get it working:
1. I am calling wwpro_api_invalidation.execute_cache_invalidation
2. I have executed wwv_context.sync
3. I cleared the page group cache
4. I invalidated all of the web cache
Does anyone else have any other suggestions? -
Custom Attributes in Target Group Email Campaign Not Refreshed
We have a campaign sending emails to a target group of BPs. To fill our custom attributes with values we have implemented our code in badi CRM_IM_ADD_DATA_BADI method CRM_IM_BPSELE. We tested our code using the Test Send feature from the email form and all worked fine.
But when we ran the campaign in the background for a Target Group with multiple BPs it would not work correctly, our attribute values were incorrect.
We discovered while debugging the job, that the badi gets run once for each BP, but the attribute values from the previous BP do NOT get refreshed. In fact there are 2 entire sets of attribute records in the CT_ATT_VALUES table parameter. Each time through it multiplies by another set of our attributes.
I have put code in the badi as a workaround that deletes the previously filled attributes for the previous BP, but I'd like to figure out what is causing this problem.
Any help would be appreciated.
thanks,
LeeHi Lee,
Is this issue resolved for you now??
I am facing the similar problem.
Though the BADi is not used for these two mails (it is used in some other mail forms), it is actually called in 'CRM_ERMS_MAIL_COMPOSE' Function Module and the process is same as u said. There are 2 sets of values.
I am using a Mail Alert functionality where in a 'Mail Alert ON' is sent to field engineers (FE) and then upon FE accepting the work we will send a 'Mail Alert OFF' to FEs.
Problem is, we get one or two fields data incorrectly sometimes. I am not able to find out the root cause yet.
Please let me know if you have had any resolution to this!
Thanks in advance.
Chaitanya -
How to Add custom Attribute in XML
How to add Custom attribute recusrivly. With sequence order.
//Before xml:-
var myxml:XML=
<root>
<leval0 >
<leval1 >
<leval2></leval2>
<leval2></leval2>
</leval1>
<leval1 >
<leval2></leval2>
<leval2></leval2>
</leval1>
</leval0>
</root>
////After xml:
var myxml:XML=
<root>
<leval0 levalid="0" >
<leval1 levalid="0_0" >
<leval2 levalid="0_0_0"></leval2>
<leval2 levalid="0_0_1"></leval2>
</leval1>
<leval1 levalid="0_1" >
<leval2 levalid="0_1_0"></leval2>
<leval2 levalid="0_1_1"></leval2>
</leval1>
</leval0>
</root>//call this method
trace(addAttribute(myxml));
//method
private function addAttribute(node:XML, depth:String = ""):XML
if (node.hasComplexContent())
var count:int = 0;
var prefix:String = 0 < depth.length ? depth + "_" : "";
var currentAtt:String;
for each (var nodeItem:XML in node.children())
currentAtt = prefix + count;
nodeItem.@levalid = currentAtt;
addAttribute(nodeItem,currentAtt);
count++;
return node; -
How can i add custom attributes to a new Class Object using the API ?
Hello everyone,
Here is my problem. I just created a subclass of Document using the API (not XML), by creating a ClassObjectDefinition and a ClassObject. Here is the code :
// doc is an instance of Document
ClassObject co = doc.getClassObject();
ClassObjectDefinition cod = new ClassObjectDefinition(ifsSession);
cod.setSuperclass(co);
cod.setSuperclassName(co.getName());
cod.setName("MYDocument");
ClassObject c = (ClassObject)ifsSession.createSchemaObject(cod);
Everything seems to be OK since i can see the new class when i use ifsmgr. But my question is : how can i add custom attributes to this new class ? Here is what i tried :
AttributeDefinition value = new AttributeDefinition(ifsSession);
value.setAttribute("FOO", AttributeValue.newAttributeValue("bar"));
c.addAttribute(value);
But i got the following error message :
oracle.ifs.common.IfsException: IFS-30002: Unable to create new LibraryObject
java.sql.SQLException: ORA-01400: impossible d'insirer NULL dans ("IFSSYS"."ODM_ATTRIBUTE"."DATATYPE")
oracle.ifs.server.S_LibraryObjectData oracle.ifs.beans.LibrarySession.DMNewSchemaObject(oracle.ifs.server.S_LibraryObjectDefinition)
oracle.ifs.beans.SchemaObject oracle.ifs.beans.LibrarySession.NewSchemaObject(oracle.ifs.beans.SchemaObjectDefinition)
oracle.ifs.beans.SchemaObject oracle.ifs.beans.LibrarySession.createSchemaObject(oracle.ifs.beans.SchemaObjectDefinition)
void fr.sword.ifs.GestionDocument.IFSDocument.createDocument(java.lang.String)
void fr.sword.ifs.GestionDocument.IFSDocument.main(java.lang.String[])
So, what am i doing wrong ?
More generally, are we restricted in the types of the attributes ? (for example, would it be possible to add an attribute that would be an inputStream ? Or an object that i have already created ?).
Any help would be appreciated. Thanks in advance.
Guillaume
PS : i'm using Oracle iFS 1.1.9 on NT4 SP6 and Oracle 8.1.7
nullHi Guillaume,
you're welcome. Don't know exactly, but assume that ATTRIBUTEDATATYPE_UNKNOWN
is used to check for erronous cases only
and it shouldn't be used otherwise.
Creating your own objects could be simply done via
ClassObject ifsClassObject;
DocumentDefinition ifsDocDef = new DocumentDefinition(ifsSession);
// get class object for my very own document
ifsClassObject = ClassObject.getClassObjectFromLabel(ifsSession, "MYDOCUMENT");
// set the class for the document i'd like to create
ifsDocDef.setClassObject(ifsClassObject);
// set attributes and content for the document...
ifsDocDef.setAttribute("MYFOO_ATTRIBUTE",....);
ifsDocDef.setContent("This is the content of my document");
// create the document...
PublicObject doc = ifsSession.createPublicObject(ifsDocDef);
null -
How to add a custom attributes in Oracle HTML Quotes page?
Hi,
Could someone advice on the best way to add a custom attribute in Oracle HTML Sales Quoting page.
As this page is not an OA page, we are not able to use the concept of View Objects using AK Developer.
Thanks,
ArathiI have a requirement from our end users that all of them requires a shortcut button in toolbar for submitting a request instead of going the normal way in order to submit a single request.
please can any one help me out in solving this query.Any reason you want to use a shortcut rather than using (Requests > Submit) window?
You can use "FND_REQUEST.SUBMIT_REQUEST" API -- https://forums.oracle.com/forums/search.jspa?threadID=&q=FND_REQUEST.SUBMIT_REQUEST&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
How To Submit A Concurrent Request Set Using Fnd_Request.Submit_Request [ID 382791.1]
How To Set ORG_ID When Submitting A Concurrent Request Using FND_REQUEST.SUBMIT_REQUEST in Release 12 [ID 1383266.1]
Thanks,
Hussein -
Creation of Custom Attributes in org structure
Hi All,
I was creating custom attributes that could be displayed in PPOMA_BBP. I tried to create it in table T77omattr, but it doesnot show up in the org plan.
Can somebody provide insight on this and let me know what i need to exactly do in order to create a custom attribute and allow for changes in the org plan?
Thanks
SunnyHi SRM guru,
I am also having a same requirment ...
We have a requirement to create the custom attributes in T770mattr for EG employee number.
I have to specify a field name to for entries to be made in table TT77oMATTR. where do i create the field name?
We have a requirement to match the custom attributes to a custom field developed on the shopping cart screen.
if u suggest me how u have achevied the same, then i can also follow the same.
Please help me asap.
my mail id is [email protected]
Thanks and redards,
Mani -
Custom Attribute not available in Available Fields section of Configuration
Hi Experts,
My requirement is to add a custom search field in contact search screen. For that i tried various options
Option1
Added a model attribute in component/view BP_CONT SEARCH/Search. The attribute got successfully added. But when i opened the Configuration tab, i could not see the attribute in the available fields.
Option 2
In the view CRMVC_SDESIGN, i created a new entry for my attribute in object type: BP_CONTACT and design object . But doing so, i got an error and was not able to add my attribute
Option3
Since the View context node 'Search' is bound to the Component Controller Context node 'Search'. I created my custom attribute in compoennt controller also. But this also did not help.
Option 4
I deleted the enhancement of the view and created a new enhancement. I created a value node in Search context node. But still the attribute is not available in the Availble Fields in the Configuration of component/view BP_CONT_SEARCH/SEARCH.
Kindly provide your valuable suggestions to resolve this issue.
Regards,
Radhika
Edited by: Radhika Chuttani on Jan 6, 2012 7:28 AMHi Radhika,
You need to enhance the search query structure as well in order to get the field in the configuration.
You can find the BOL structure for the corresponding context node bol model.
In your case, the BOL model is the search object 'BuilContactAdvancedSearch'.
The corresponding structure can be found at the BOL Model Browser, under Dynamic Query Objects
for the search object 'BuilContactAdvancedSearch'. The corresponding structure 'CRMT_BUPA_IL_CONP_SEARCH'
has to be enhanced with the new custom attribute. Only then, this field would be available in the configuration
when the following htm code gets executed when you open the configuration tab.
<thtmlb:advancedSearch id = "advs0"
fieldMetadata = "<%= controller->GET_DQUERY_DEFINITIONS( ) %>"
header = "<%= SEARCH->get_param_struct_name( ) %>"
fieldNames = "<%= controller->GET_POSSIBLE_FIELDS( ) %>"
values = "//SEARCH/PARAMETERS"
maxHits = "//SEARCH/MAX_HITS"
ajaxDeltaHandling = "false"
onEnter = "search" />
Here you can see that, it reads the parameter structure using the method SEARCH->get_param_struct_name( ) of
the context node.This is used for configuration as well.
Also if you have an F4 help for your custom attribute, you have to add it in the GET_DQUERY_DEFINITIONS( ) of the
view controller. These additional information will help you to understand better.
Regards
Leon
[SAP Community Network Forums on mobile|https://cw.sdn.sap.com/cw/ideas/7910]
Maybe you are looking for
-
Why won't my iMac 27" boot from external hard drive?
I have a new 27in Intel i5 dual core 3.6GHz iMac. It works wonderfully. My question is this. I have a Pleides Ice Cube external hard drive with a USB 2.0/Firewire enclosure with a 500GB hard drive. I used diskutility to format the hard drive as a GUI
-
Installing sound driver on Windows XP (Qosmio 505 & co.)
http://thesunstroke.blogspot.com/2010/07/windows-xp-on-toshiba-qosmio-x505.html Now that I have Win XP with sound on my laptop I can finally enjoy games.
-
Health Care Adapter Installation Error - SQLException: ORA-00439
Hello, While attempting to install the SOA Health Care in Windows development environment against an XE database the below error was seen. Any thoughts? Oracle_SOA1\bin>ant -f ant-soahc-postinstall.xml replaceSqlScript: [sql] Executing resource
-
Need clarification on Price unit(MBEW-PEINH) in Accounding view
Hi In field selection Group ( OMSR ) for the filed MBEW-PEINH it is defined under 033 when we select Accounting view for any material type under Creation or Change filed MBEW-PEINH is showing as Display ( grey out ), even though it is defined as Opt
-
Oracle WorkFlow not receiving responce from Notified Approver
Hi, I have designed custom workflow for approval process in OM Oracle Apps. The workflow could able to send the notifications to the respective approver roles. And the approver getting notification and the 'APPROVED' the same, but the response is not