AD/LDAP reconciliation using paging

A couple of weeks ago my AD admins suddenly decided to change the maximum query size from 30 000 to 1 000 without telling me in advance I had to quickly upgrade my extraction scripts to support paging.
In case someone else has a need to do the same I thought I should publish the code:
http://iamreflections.blogspot.com/2010/10/adldap-reconciliation-using-paging.html
Hope this helps someone
/Martin

Hi,
Below is the configuration for UME-LDAP. In configtool you have to do this configuration.
ume.ldap.access.server_name : <servername>
ume.ldap.access.server_port         :  <enter the port>
ume.ldap.access.user                    : <user>
ume.ldap.access.password           :  <password>
ume.ldap.access.base_path.user  : 
Ume.ldap.access.base_path.grup : 
Refer the link for more info on LDAP configuration.
http://help.sap.com/saphelp_nw70/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm
Thanks
R.Murali

Similar Messages

  • How can we update data in LDAP server using PL/SQL.

    Hi,
    How can we update data in LDAP server using PL/SQL program.
    Is there any sample code for refrence.
    Thanks,
    Tarun

    Hi Justin,
    Thanks for your help. You got my correct requirements.
    Tim's example returning all the attributes of current user which is admin user. Please correct me if I am wrong.
    I have the following information:
    the admin user and password,server info , port and ldap_base for admin.
    I have uid and password for regular user, I am trying find the ldap_base for regular user, which may be different from adminuser.
    Please help me.
    Thanks,
    Edited by: james. on Jan 12, 2009 5:39 PM

  • Sample code to connect LDAP server using jndi

    Hi,
    can any one help me with sample code to connect LDAP server using jndi,
    like i want to make use of Ldap server for serching Active directoty.
    Thanks in advance,
    Regards
    Muthu

    You can set ldap_auth=none for anonymous user.
    User/password is mandatory otherwise. Please refer to http://docs.oracle.com/cd/E21764_01/integrate.1111/e12644/appendix_ldap_driver.htm#CHDHCABH
    Thansk,

  • How is LDAP being used by iCS 2.x?

    How is LDAP being used by iCS 2.x?
    <P>
    LDAP is used to control access and authenticate iCS 2.x users. It
    is also used to store user preferences. The LDAP schema required by iCS 2.x
    is described
    in the Administration
    Guide. Netscape Directory Server 4.1 already incorporates
    this schema. In order to use other LDAP servers, the schema needs to
    be modified
    to support iCS schema.

    If you mean the ability to do this system wide (and not just in your app) then you would need to use JNI and a HOOK function (assuming this is windows you are talking about). I am sure there are similar hooks in UNIX/LINUX.

  • LDAP lookup using 8.1.7

    I would like to perform an LDAP query using a Java Stored Procedure. My code works outside of Oracle, but not from within.
    I recieve the following message:
    Cannot instantiate class: oracle.aurora.namespace.InitialContextFactoryImpl
    I make ref. to this object from the following code:
    Hashtable env = new Hashtable();
    env.put (Context.INITIAL_CONTEXT_FACTORY,"oracle.aurora.namespace.InitialContextFactoryImpl");
    env.put(Context.PROVIDER_URL,strLDAPURL);
    DirContext ctx = new InitialDirContext(env);
    I am new to developing Java Stored Procedures.
    Thanks.

    more info.
    We can get DBMS_LDAP to retrieve the information we need. What does DBMS_LDAP use that Java can not?

  • LDAP querying using iReport

    Hi
    Does anybody know if it is possible to make LDAP queries using iReport
    or if there is any LDAP Connection (datasource type) available that I
    could reuse?
    I am running iReport 3.0 and there are lots of datasource types but
    none of them is LDAP.
    I know, I believe that it is not a SLM/Sentinel report question but
    iReport in general but if someone has already done that before, please
    let me know. If someone also could get iReport to call an external Java
    code, it would be sufficient as well. I have not find an way to call
    external Java code as well.
    Regards
    HH
    hugohigashi
    hugohigashi's Profile: http://forums.novell.com/member.php?userid=89996
    View this thread: http://forums.novell.com/showthread.php?t=446788

    hugohigashi;10460 Wrote:
    > Yes, you are right. But is it possible to upload that custom datasource
    > driver on SLM and/or Sentinel report environment?
    >
    >
    > --
    > hugohigashi
    > ------------------------------------------------------------------------
    > hugohigashi's Profile: http://forums.novell.com/member.php?userid=89996
    > View this thread: http://forums.novell.com/showthread.php?t=446788
    This can likely be accomplished by publishing a LDAP connection library
    jar and writing some custom code to access LDAP. You'd have to have a
    system that was okay with running anonymous LDAP queries, or providing
    passwords in clear-text via a report parameter.
    So technically possible, but as David said - you're probably best off
    syncing this information into identities or if this is MSSQL, sync the
    data you want out into a SQL table, and use the built-in AD integration
    to join usernames.
    brandon.langley
    brandon.langley's Profile: https://forums.netiq.com/member.php?userid=350
    View this thread: https://forums.netiq.com/showthread.php?t=2441

  • Settting embedded LDAP password using WLST

    Hi All,
    I have a requirement where I need to automate some setup on weblogic server. As part of these scripts, I need to set the embedded ldap password using WLST . I tried recording the actions through Admin console. But, I wasn't able to use the generated script for the same. Any pointers on this would be really helpful.

    Do you mean you need to change a users password in embeded LDAP? If so here's the link Configuring Existing WebLogic Domains - 12c Release 1 (12.1.1)   look for
    Changing a Password

  • LDAP call using a stored function

    I am trying to use one of our stored function with the HMTLDB database (like LDAP_GET_FIRST_NAME) within an HTMLDB application. When I issue the following command within SQLPLUS
    select cw_ldap_get_first_name('<my_ldap_name>', '<my_password>') from dual;
    my first name is displayed by SQLPLUS.
    My question is how do I get the my password with HTMLDB?
    Do I need to capture it as login time?
    Is there a global variable?
    Does anyone have any sample code that I can use that will help me run a stored function with HTMLDB and return it into an page ITEM or global ITEM?
    Thanks,
    Alan

    Chet and Scott,
    Thank you both. You both help out. It works and I am very greatful, I can not move forward.
    Scott you comments reminded me that I was want authenticating using LDAP. My HTMLDB account is the same as my LDAP but with a different password to login as a developer.
    Chet you comments helped with things that I was not aware of (like the clearing of the cache after login). So what I did was create an Afte Submit PL/SQL anonymous block in Page Processing Process section after the Get Username Cookie and before the Login. This way I was able to populate the Page 2 page ITEMS.
    The After Submit processes were section looks like this:
    10 Set Username Cookie
    15 Ldap Info
    20 Login
    30 Clear
    Thanks again ... Great Job ... Great Support
    Alan
    Posts: 108
    From: Gainesville, FL
    Registered: 1/24/02
    Re: LDAP call using a stored function
    Posted: Sep 13, 2005 4:50 PM in response to: alanhauptman Reply
    If you are using the default login page, which it looks like you are, you won't have access to those page items on page 2. There is a clear cache process that runs after login which...clears the cache on page 101. If you remove it, you should have access to those items on page 2. I would only use this for testing purposes because :P101_PASSWORD is still hanging around.
    That looks right to me. I am sure you know this, but you don't have to explicitly declare the variables (I am guessing you are at your wit's end trying to figure it out).
    Could you try a SELECT INTO from the table you are trying to get the first name from (as opposed to the function call)? That might help to narrow down the problem...
    chet
    sspadafo
    Posts: 3,490
    Registered: 1/10/01
    Re: LDAP call using a stored function
    Posted: Sep 13, 2005 5:23 PM in response to: Chet Justice Reply
    Alan - You must be using LDAP authentication in the application...
    You might look into using an LDAP utility that does an anonymous bind so that no password is required for simple lookups.
    Scott

  • Use paging in Sharepoint List items

    Hi ,
    I am having one sharepoint 2013 . I have written the code to read sharepoint custom list item using C# and Jquery both ..My List is having 5000+ items into list ,and when I am binding those records into my Gridview It is taking time to bind the data
    into Gridview. I am using Paging of 10 items per page ..still I am facing performance issues .. 
    Could any one help me on same ... 
    Thanks..

    Hi,
    For your issue, you can use SPListItemCollectionPosition in your GridView and query page by page:
    http://sharepoint.infoyen.com/2012/03/06/sharepoint-list-pagination-using-splistitemcollectionposition/
    http://www.codeproject.com/Articles/407558/SharePoint-using-SPListItemCollectionPosition
    Best Regards,
    Eric
    Eric Tao
    TechNet Community Support

  • Retrieve LDAP Controls using ldapsearch

    I am looking for some advice on retrieving LDAP controls using the ldapsearch tool provided with the DSRK distributed with DSEE 6.3. I am using the below string, it returns my result but not the control.
    /app/dsee6/dsrk6/bin/ldapsearch -h myhost -Z -P cert8.db -D "cn=directory manager" -w - -J 1.3.6.1.4.1.42.2.27.9.5.8:true -b ou=people,dc=local uid=user123 dn
    1.3.6.1.4.1.42.2.27.9.5.8 is the account usability control, it shows as being a supported control.
    Result
    bash-2.05# /app/dsee6/dsrk6/bin/ldapsearch -h myhost -p 636 -Z -P cert8.db -D "cn=directory manager" -w - -b ou=people,dc=local -J 1.3.6.1.4.1.42.2.27.9.5.8:true uid=user123 dn
    Enter bind password:
    version: 1
    dn: uid=user123,ou=people,dc=local
    Result with critical marked false
    bash-2.05# /app/dsee6/dsrk6/bin/ldapsearch -h myhost -p 636 -Z -P cert8.db -D "cn=directory manager" -w - -b ou=people,dc=local -J 1.3.6.1.4.1.42.2.27.9.5.8:false uid=user123 dn
    Enter bind password:
    ldap_search: Protocol error
    ldap_search: additional info: Protocol error, Account Usable control MUST be marked critical
    Edited by: nick50119 on Nov 19, 2009 7:40 PM

    From another forum for OpenLDAP I found the following:
    http://www.openldap.org/lists/openldap-software/200710/msg00041.html
    " The account usability control provides a pair of
    request and response controls that can be used to
    determine whether a user account may be used for
    authenticating to the server.
    The request control has an OID of 1.3.6.1.4.1.42.2.27.9.5.8
    and does not include a value. It should only be
    included in search request messages.
    The corresponding response control has an OID of
    1.3.6.1.4.1.42.2.27.9.5.8 (the same as the request
    control), and it will be included in any search
    result entry messages for a search request that
    includes the account usability request control.
    The value for the account usability response control
    will be encoded as follows:
    ACCOUNT_USABLE_RESPONSE ::= CHOICE {
    is_available [0] INTEGER, -- Seconds before expiration --
    is_not_available [1] MORE_INFO }
    MORE_INFO ::= SEQUENCE {
    inactive [0] BOOLEAN DEFAULT FALSE,
    reset [1] BOOLEAN DEFAULT FALSE,
    expired [2] BOOLEAN DEFAULT_FALSE,
    remaining_grace [3] INTEGER OPTIONAL,
    seconds_before_unlock [4] INTEGER OPTIONAL }
    If the user account is available, then the control
    will include the number of seconds until the user's
    password expires, or -1 if password expiration is
    not enabled. If the user's account is not available,
    then the control will provide the reason it is
    unavailable.
    "

  • LDAP Search using an input User Name returning context

    I'm trying to find a way to search the LDAP tree, using only an input UserID and return the context. For example (ou=ISD,ou=CAMP,o=DIV).
    This is what I have thus far:
    ....an anymous bind has already been established with the server...
    String sFilter = ("cn=" + sUserid);
    int searchScope = LDAPConnection.SCOPE_BASE;
    String searchFilter = "Objectclass=user";
    LDAPSearchResults searchResults =
    conn.search( sFilter,
    searchScope,
    searchFilter,
    null, // return all attributes
    false); // return attrs and values
    any help would be greatly appreciated.

    From looking at the API
    http://docs.sun.com/source/816-5618-10/netscape/ldap/LDAPSearchResults.html
    http://docs.sun.com/source/816-5618-10/netscape/ldap/LDAPEntry.html
    while(searchResults.hasMoreElements()) {
      LDAPEntry next = searchResults.next();
      String contextDN = next.getDN();
    }

  • Synchronization beetween CUA x LDAP - Can it use paged queries?

    I’m using the synchronization process between LDAP (Microsoft Active Directory) and CUA (ECC 6.0). I’m having problems with a specific Microsoft best practice. This best practice allow only read 1000 objects in one query, in order to get the next 1000 objects, you should make a new query.
    I’ve already open this parameter to more than 1000 objects, then everything works well. However, when we receive a Microsoft consulters and auditors, they had hardly advice us to return this parameter to default 1000 objects due security issues.
    Then my question is “how can SAP support it”? The transaction rsldapsync_user has any configuration to support paged queries.

    Notes 1000644 807846 and 584121 which are discussing this issue.
    You can activate the paged search with the commandline parameter
    "-pagesize" as mentioned in these notes.

  • Error during LDAP reconciliation (initial load)

    Hi,
    We are using IDM 7.1. We are trying to do initial load of accounts to Identity Manager using reconciliation with LDAP (Sun Directory Server 5.2). Reconciliation is consistently failing with the following error:
    Error iterating accounts for resource CalNetDirectory:
    javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Sort Response Control]
    Any inputs would be highly appreciated.
    Thanks,
    kIDMan.

    Hello Rupam,
    Abort the load of that object in txn:R3AM1.
    Also, delete the queue entries like R3AI_<OBJECT_NAME> in txn:SMQ2.
    This would let you to restrart the load again.
    If again it goes to WAIT state , then it means that you do not have enough number of work processes to handle this load.
    It happens if several other load are running.So you have to wait till other loads get finished or you need to increase the work process, if your hardware supports.
    Hope this helps!
    Best Regards,
    Shanthala Kudva.

  • How to restrict access to portal when LDAP is used ?

    Hello,
    We implemented an XSS portal using Active Directory as user source. However we are facing a worry : all declared users in LDAP are allowed to connect to portal, even they are not declared within our ECC6 backend.
    I have been told that in an normal situation, unauthorized users should be stopped after authentication by a white screen informing that they are not allowed to access the application.
    Can anyone tell me what miss in the configuration that I set ?
    Regards,
    Sabrina CARK

    So all the users who fall within the group everyone will have the default role and will be able to logon to the portal. However since they dont have access within the R3 they wont be able to execute any transaction if you have enbled SSO with logon tickets (AND NOT User Mapping).
    If I were to configure a scenario like you, I would put in all the users who have access to XSS into a common group and do role mapping for XSS roles only with that group. This would ensure that the XSS tabs are visible only to members from that group. While all other users will have access just to the Home tab post logon
    Thanks,
    GLM

  • SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

    One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
    Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
    I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
    In the Membership provider name text box I entered "LdapMember"
    In the Role provider name  text box I entered "LdapRole"
    In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="((ObjectClass=group)"
    userFilter="((ObjectClass=person)"
    scope="Subtree" />
    </providers>
    </roleManager>
    I modified the SecurityTokenServiceApplication web.config with these details
    <system.web>
    <membership>
    <providers>
    <add name="LdapMemebr"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true">
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    </system.web>
    I modified the web.config of the test application I created with these details
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
    <providers>
    <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="cn"
    dnAttribute="dn"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    <membership defaultProvider="i">
    <providers>
    <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    useDNAttribute="true"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
    The server could not sign you in. Make sure your user name and password are correct, and then try again.
    I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
    8306 - SharePoint Foundation - The security token username and password could not be validated.
    in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
    then this:
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
    The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
    The LDAP server tells the SharePoint server it is ready to communicate
    the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
    The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
    The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
    The SharePoint server acknowledges the connection is closing
    ... and then nothing happens, except the error on SharePoint
    What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
    specified in the web.config). That part does not seem to be happening.
    I am at a standstill on this and any help would be greatly appreciated.

    OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
    is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
    for enabling Forms Based Authentication:
    "ASP.NET Membership provider name"
    "ASP.NET Role manager name"
    We entered a name for Membership provider, and left Role manager blank.
    In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword="validpassword"
    useDNAttribute="false"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager>
    <providers>
    </providers>
    </roleManager>
    useDNAttribute="false" turned out to be important as well.
    So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
    leave anything related to the role provider blank
    configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
    Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
    Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
    a non-existent role manager.

Maybe you are looking for

  • How do I get my previously purchased audiobooks onto my new iPad air?

    I've bought a new iPad air and all my music, iBooks and films where easily available to download free again onto it. I cannot find how to download the audiobooks that I've already purchased and are on my MacBook Pro and old iPad. Help please :-)

  • How do I get rid of the trial question on my Premier elements - which I purchased in Jan 2014

    I purchased my Adobe  Premier Elements in Jan 2014 - but now every time I use the program for editing and DVD burning it confronts me with a trial program (saying I have 2 days left on the trial) - how do I get rid of this trial Advertisement/program

  • Can't I use time capsule to store movies from itunes?

    Hi, Here's my problem. I have a Time Capsule running as a router as well as a HDD and my OS is Windows 8. My music and Tv Shows purchased on Itunes are stored on the TC. However when I try to store movies I get this message: "This item is incompatibl

  • How to reset iTunes Match

    Hi everyone, Just a new thread to share with you how I did reset iTunes Match, this can be useful in some cases, like mine was. This allow you to sync again your entire iTunes library with iTunes Match like if it was the very first time you activate

  • Lightroom trial version, windows

    cannot install lightroom trial version on windows vista laptop,  the exe program does not run.