Active Directory integration problem, Bind AC and OD

Similar Messages

• Active Directory integration with Service Desk and Busines Partners

  We have populated the business partners in Service Desk with data from Windows Active Directory, but this was a one-time import.
  At the moment if there are any changes to Active Directory then the business partner records need to be updated manually.
  Does anybody know if anyway to integrate Active Directory with the business partner records in Service Desk?
  Thanks
  Simon

  This was also our problem.
  We have multiple user sources (an LDAP, ADS, different SAP systems). I'm not aware of any automated way of doing that.
  If you want to use issue management/service desk all the users need to also be created as SU01-users to be able to use the workcenters. The SU01-Users have also to be assigned to the appropriate business partner. There is no automation for this.
  For us this drawback was so big that we stopped using the service desk.
  Markus

• Help with Active Directory Integration and kerberos

  Hello,
  I’m encountering a bug preventing me to use Active Directory integration with kerberos :
  Our domain name is CORP.DOMAIN.COM.
  When we request the GC in this domain :
  bash-3.00# nslookup -query=any gc.tcp.corp.domain.com
  Server: 1.2.1.6
  Address: 1.2.1.6#53
  ** server can't find gc.tcp.corp.domain.com: NXDOMAIN
  there is no answer.
  But when we request without corp, we find the servers :
  bash-3.00# nslookup -query=any gc.tcp.domain.com | grep sis
  gc.tcp.domain.com service = 0 100 3268 serveur02.corp.domain.com.
  gc.tcp.domain.com service = 0 100 3268 serveur01.corp.domain.com.
  bash-3.00#
  Is-it possible to add the possibility to enter the domain name where reside the gc.tcp ?
  Thank you.

  Hello
  the domain.com domain exist, but it's not our domain.
  so, when I put domain.com, it search with no result (nothing appends).
  our kdc.conf :
  [kdcdefaults]
  kdc_ports = 88,750
  [realms]
  CORP.DOMAIN.COM = {
  profile = /etc/krb5/krb5.conf
  database_name = /var/krb5/principal
  admin_keytab = /etc/krb5/kadm5.keytab
  acl_file = /etc/krb5/kadm5.acl
  kadmind_port = 749
  max_life = 8h 0m 0s
  max_renewable_life = 7d 0h 0m 0s
  default_principal_flags = +preauth
  krb.conf
  [libdefaults]
  default_realm = CORP.DOMAIN.COM
  default_checksum = rsa-md5
  [realms]
  CORP.DOMAIN.COM = {
  kdc = dc01.corp.domain.com
  kdc = dc02.corp.domain.com
  [domain_realm]
  .corp.domain.com = CORP.DOMAIN.COM
  corp.domain.com = CORP.DOMAIN.COM
  in every domain, I think the GC are in corp.domain.com. but in my company, it's in domain.com...
  Thank you,

• OID and MS Active directory integration in 9ias

  How to integrate OID with MS Active directory ?
  We have 9ias and Portal . How to use the username/password in MS AD for Portal authentication ? As far as I know 9ias is using OID , so the question comes down to how to replicate MS AD information to OID ?

  Hi, I have the same question.
  Thanks,
  Malin

• Active Directory integration: Invalid Token Error in Verification Service

  I'm having problems with Active Directory integration. I'm able to browse users in the task routing slip in JDeveloper. But I'm unable to login to the worklist application.
  Getting an "Invalid Token Error in Verification Service" error. Any pointers?
  <2007-06-12 21:40:36,843> <ERROR> <default.collaxa.cube.services> <PCException::<init>> Identity Service Configuration error.
  <2007-06-12 21:40:36,843> <ERROR> <default.collaxa.cube.services> <PCException::<init>> Identity Service Configuration file has error.
  <2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <PCRuntimeException::<init>> Identity Service Configuration error.
  <2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <PCRuntimeException::<init>> Identity Service Configuration file has error.
  <2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <::> WorkflowService:: VerificationService.destroyContext: invalid token: c9pHcmBFtc4q7/EY3xGAv/6hhfa6Hf5tllCb8ZYKtdSA/8/y0exRcwpjy0vWiWGgBPzuIh5Ur+l+ZHDNe0PKb9KiFScsKAG3JK1y+nIJtC827Rljhn8E+/BoF+ZIN6GFYn/iyo/6Mrlmz02Pg4QtetftO7eHJ01rEV5MmZFTXsg8iV6LQPnkAPjqmmsq+5bVYGGfSFpHX7FXk/0FrSabClKy6DKiwt/1Kp2Ldbj2RY8=
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> ORABPEL-30503
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Invalid Token Error in Verification Service.
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Invalid Token Error in Verification Service. Received invalid token c9pHcmBFtc4q7/EY3xGAv/6hhfa6Hf5tllCb8ZYKtdSA/8/y0exRcwpjy0vWiWGgBPzuIh5Ur+l+ZHDNe0PKb9KiFScsKAG3JK1y+nIJtC827Rljhn8E+/BoF+ZIN6GFYn/iyo/6Mrlmz02Pg4QtetftO7eHJ01rEV5MmZFTXsg8iV6LQPnkAPjqmmsq+5bVYGGfSFpHX7FXk/0FrSabClKy6DKiwt/1Kp2Ldbj2RY8= in destroyContext
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Check the underlying exception and correct the error. Contact oracle support if error is not fixable.
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.bpel.services.workflow.verification.impl.VerificationService.destroyContext(VerificationService.java:667)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.bpel.services.workflow.query.impl.TaskQueryService.destroyWorkflowContext(TaskQueryService.java:161)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at worklistapp.servlets.Logout.handleRequest(Logout.java:66)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at worklistapp.servlets.BaseServlet.doGet(BaseServlet.java:142)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at java.security.AccessController.doPrivileged(Native Method)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:368)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:866)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:448)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:216)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at java.lang.Thread.run(Thread.java:595)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Caused by: BPEL-10555
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Identity Service Configuration error.
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Identity Service Configuration file has error.

  Hi Adina,
  thank you for your answer (questions)!
  We use 10.1.3.1 SOA Suite and the default jazn.com Security Provider and what we set at java.naming.security.principal property is oc4jadmin.
  It is interesting, we deployed again out EAR and now it works again! There is not Invalid Token Error exception, but we didn't change almost anything...
  Can we debug it somehow?
  Where does this bug come from?
  Thanks!
  ric

• Tutorial: Azure Active Directory integration with Igloo Software

  Click reply and tell us what you think:
  Tutorial: Azure Active Directory integration with Igloo Software
  Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

  Hello
  Can you be little clear, what you have tested with Airwatch MDM cloud?.. which scenarios?.. 
  1) Device Enrollment ?
  2) Access to Airwatch console?
  3) Access to Airwatch self service portal?
  By following the steps We do not get it working at all. by the way some of the steps in this tutorial are unclear and outdated;  
  I finally personally figured out how things should look like, and  make it work but only with Device Enrollment scenarios from the mobile devices itself. not from the pc and browsers or from the Access panel.

• Active directory Integration with OBIEE

  Hi all,
  Can any one send me a link for active directory integration with OBIEE.
  I have imported the users succesfully and I was able to login to analytics as an AD user.
  But SSO is not possible. Kindly help me over this.
  Thanks,
  Haree.

  Thanks for reply veeravalli.
  Me too followed the same link and successfully imported all the users from AD into OBIEE and login in is also possible.
  But my requirement is to have Single Sign On ie.., users may log on to their Windows PCs and access Oracle BI EE via a standard web browser with no further authentication required on their part.
  Thanks,
  Haree

• Can Microsoft active directory integrated with Oracle Applications

  Hi,
  Can anyone provide me any document on Microsoft Active Directory Integration with Oracle Applications(12.0.6)
  Manish

  Hi,
  It is possible, please refer to the following documents for details.
  Note: 376811.1 - Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
  Note: 415007.1 - Oracle Application Server with Oracle E-Business Suite Release 12 FAQ
  Regards,
  Hussein

• Migrate Active Directory 2003 to 2012 R2 and Exchange Server 2007 to 2013.

  My question is which one need to migration first. Active Directory 2003 to 2012 R2 and FFL & DFL or Exchange Server 2007 to 2013.
  Md. Ramin Hossain

  My question is which one need to migration first. Active Directory 2003 to 2012 R2 and FFL & DFL or Exchange Server 2007 to 2013.
  Domain. For Exchange installation and upgrading to 2013, you need to make sure that your domain controllers can understand attributes of exchange 2013. Besides if you have DC/Exch on the same server which is 2003 is not supported. Because Windows Server
  2003 is not supported.
  Migrate your domain to at least 2008 R2 and then proceed with Exchange 2013.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Issue with Reset Password from Active Directory Integration Pack

  I seem to be having some issues with a subscription in the Reset Password activity from the Active Directory Integration Pack. The "User Password" field refuses to take a value from a subscription provided earlier in a Generate Random
  Text activity. As you will see in the screenshot below, when the Reset Password activity runs, the User Password value is blank.
  Any idea why this might be happening? It looks like a possible bug with the Active Directory Integration Pack.

  Hi John,
  I think this is not a bug, this should be by design because the password is a secure string. If you look for the Published data for Reset User Password activity at
  http://technet.microsoft.com/en-us/library/hh553463.aspx it is not listed there as well.
  If you need the the string (e.g. to send it via email) use the
  data from the "Generate Random Text" Activity.
  Regards,
  Stefan
  www.sc-orchestrator.eu ,
  Blog sc-orchestrator.eu

• ACS 3.2 for Windows and MS Windows AD Directory Integration Problem

  Dear all,
  We have some issues while integrating Windows AD with ACS 3.2 for Windows.Currently we have done the following:
  1. Installed ACS 3.2 for Windows on Windows 2003 Enterprise with SP1
  2. ACS and Domain Controller are configured on the same server
  Checked and verified the following configurations
  1. created a domain user "csacs" selected Act as a part of operating system and log on as a service enabled for this user.
  2. Enabled all the CS services to log on as a user csacs.
  But I noticed CS services are not respdonding and gives the error as "Could not able to start the service with service specific error ..." while trying to start services manually on ACS.
  Kindly help me through this integration part
  An easy and handy Step wise procedure on configuring integration of AD with ACS 3.2 on both Domain Controller and on Member server will be of great help.
  Thanks
  Kind Regards,
  Ahmed

  I have no issues running Cisco ACS version 3.2 on Windows
  Server 2003 with SP2:
  1) create user test1 in MS Active Directory and put test1
  in users group with dial-in access granted,
  3) Create a group called "LDAP". Actually I renamed
  group name "group 1" to "LDAP".
  3) in ACS external user database configuration, I specified
  domain "CCIE" as for this. unknow user policy is to use
  Windows Database configuration,
  4) Configure the database configuration in ACS to point
  to "CCIE" windows domain,
  5) setup the ACS to authenticate one of your Cisco devices
  and log in using the MS windows account,
  By the way, mgurwara, you are wrong. I run Cisco
  ACS 3.2 on windows 2003 Enterprise Edition with Service
  Pack 2. I am running it on a Dell Optiplex Gx240
  (1.7 GHz with 512MB of RAM) and it is running fine.
  I use it to manage about 20 cisco devices and
  about 200 Wireless LEAP user(s). Furthermore, I am also
  running ACS 4.1 on another identical hardware. It has
  nothing to do with the hardware. I don't know where
  you get that information from.

• Active Directory integration with Solman 71. ITSM and Business Partners

  Good morning.
  We have 30 000 users on the Active Directory. All these users must be able to log a call via Solman 7.1. Is there a way to avoid creating the 30 000 users on the Solman system by integrating Solman & AD & automatically assigning the BP to the user(s)? What alternatives are there?
  Kind regards,
  Mojo

  Hi Mojo,
  You can setup the CuA (Central User Administration) to synchronized all your LDAP database to the cua. Then you solman will have to be declare on each ...
  Notes = CuA is a old technology which works fine  ... but SAP does not really support it. New product is called "IDM". It does request to your need I think..

• Active Directory Integration and home folder mounting

  Hello,
  I've set up a G4 tower with Tiger 10.4.4 and bound it to our AD domain. Authentication works perfectly, however the home directories of the users (on smb shares on windows servers) do not mount consistently. At first I thought that it was working for administrative users but not for regular users, but one of our test accounts which has no admin priv's works perfectly. It does seem to work consistently for admins, though.
  Most regular users are given a local home directory. Has anyone seen this? Any thoughts? Is there any particular log file that I might check for clues?
  I'll try get in a little later to post the output of dsconfigad -show , which might help...
  Anyhow any help will be appreciated..... thanks!
  -Jonathan

  I have been working on doing this as well. If I set the 'mount home directoy' property in the user in Active Directory Users and Computers it has worked for all users and I did not have to specify anything in the AD connector on the Macs.
  Robert

• OAM and MS Active Directory Integration on Non-Windows Server envrionment

  I will start by saying that I am dealing with a heterogeneous environment here where multiple systems are run by different levels of management. Our Oracle systems chose to go all *nix (Oracle Solaris and Red Hat Linux) and hence we do not have a single Windows Server in our Oracle services area and would really like to keep it that way as we prefer to keep a uniform platform across our Oracle servers.  However, the desktop side of our department has chosen to use Microsoft Active Directory and now we wish to integrate and perform authentication against it for our OAM protected sites.  We are in the initial setup phase but we have no desire to implement a critical server such as OAM on the Windows platform and would rather tie OAM running on a Red Hat Linux server to Active Directory.  We will also be using OID as we run Portal but do not want to use it as our authentication authority for Oracle Products (local policy is that Active Directory is the only valid credential authority on site as we are moving to true Single Sign On across our desktops and web applications).  I have a few questions.
  1. Can it be done natively or would we have to run the Windows version of OAM?
  2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth?
  3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?

  Hi David,
  Answers in-line
  1. Can it be done natively or would we have to run the Windows version of OAM?
  You can run all of the OAM Servers on *nix, and simply point to AD as an OAM data source on the machine:port that AD is running on. There is no need for the OAM components to be on Windows.
  2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth
  As above, this is not necessary.
  3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?
  Yes, this is entirely possible. Even though it is not necessary in your situation, it often provides more flexibility to front-end the user store with OVD, for example when adding/renaming Windows domains, or specifying specific branches for users and so on.
  Regards,
  Colin

• Active Directory provider problem in 11g

  I am having the opposite problem than many others I see setting up Active Directory as the user store for OBIEE 11g. On two of the installations I have done the Active Directory users work but the original weblogic user does not work in OBIEE. It works fine in the WLS console and the FM Enterprise Manager but fails in analytics. The error I'm getting is:
  'weblogic' was authenticated but could not be located within the Identity Store.
  When others were having this problem they had left the default provider's control flag set at "REQUIRED" and not changed it to "SUFFICIENT". But I have done this (and gone back and reset it again) but the error persists. Any thoughts.

  Setting virtualize=true worked. I had tried this before but I think I did what I almost did this time. I almost created the variable virtual instead of virtualize. Thanks. The instructions I followed from Oracle didn't have this step. And I am wondering why it is necessary. The help for the SUFFICIENT setting says:
  A SUFFICIENT value specifies this LoginModule need not succeed. If it does succeed, control is returned to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list.
  Before I set this. yes, my AD users could login to EM and the WLS console. Other than this the AD integration has worked well.
  Edited by: dirkt on Sep 19, 2011 12:36 PM