Anyconnect tunnel-group and group-policy from LDAP

Similar Messages

• Group and Group counter in Routing

  Hi all,
  what is group and group counter in routing , how these are used in routing , please explain.
  Regards,
  Joseph.

  Dear Joseph,
  1.Each routing is stored against a group and group counter no.
  2.When we create routing without respect to any material and only by giving the plant,the set of operations gets saved under one
  group counter and group no.
  4.Many materials can be assigned to this same group and group counter no,so that the routing is valid for all the materials included.
  5.When you create a routing for material specific,the set of operation gets saved in a group no and group counter no as 01,when
  you create another routing with another set of operations for the same material,plant and task list combination now the group no
  remains same and the group counter gets saved under 02.
  6.This data can be further helpful in assigning the routing data in the production version,.
  Check and revert
  Regards
  S Mangalraj

• How do I know which group and group counter used to create current estimate

  Is there a way to know, if for a given set of materials, what groups and groups counters have been used to create the current cost estimate. Or for a given comboniation of material, group and group counter has been used to create a current cost estimate. I can look each up through displaying the cost estimate but I am looking for a quick way since the number of materials are in 100s.
  I was wondering if there is a table I could look up to get the info.
  Any help would be much appreciated.
  Regards

  The name of the table that needs to be used is KEKO. I figured it out so I thought I would share
  Edited by: NIK83 on Mar 7, 2011 10:16 PM

• ASA 5520: Retrieve user, group -and- lanlist (ACL) from openldap

  hi,
  while migrating from a VPN Concentrator 3000 to ASA 5520 (IOS 8.0.4), we'd like to put all VPN-related configuration settings in an openldap server (2.3.27).
  We have trouble finding ways to put group settings, LanLists (as they were called on the Concentratror, or ACLs) and Lan2Lan configurations in LDAP.
  Authenticating users through openldap works, and there seems to be a aaa-server command "ldap-group-dn-base", but it seems this is only used in conjunction with Active Directory, while we only use openldap.
  Furthermore, ACL's seem to be indices refering to ACLs locally stored on the ASA: how to put the complete ACL in LDAP?
  Preferred LDAP configuration:
  VPN-users: ou=users,dc=vpn,dc=COMPANY,dc=com
  VPN-groups: ou=groups,dc=vpn,dc=COMPANY,dc=com
  VPN-L2L: ou=lantolan,dc=vpn,dc=COMPANY,dc=com
  How to refer the ASA to an entry in ou=groups,... from an entry residing in ou=users?
  Same question for LanLists. Is this possible?

  Thank you. I did find the attribute map option, but the manuals and explanations that describe this feature all refer to group-settings (ACLs etc) that are _already configured_ on the ASA. They refer to a groupname or ACL-name that is "known" in the ASA configuration.
  What we'd like to do is put -all- possible group, ACL, lan2lanlists, data in ldap. So when a user authenticates:
  1. his user-credentials are checked against LDAP and relevant configurations (using attribute maps) are loaded into the ASA
  2. his group-credentials are checked against LDAP and relevant group-configurations (using attribute maps) are loaded into the ASA
  3. possible lan/network-lists to which his group-information refers, are loaded from LDAP into the ASA.
  Perhaps I'm missing something, but I've found only ways to put the _name_ (/ID) of these settings in LDAP, referring to settings/configurations already existing in the ASA. I'd like to put _all_ the settings/configurations in LDAP as well.

• How to get list of groups and the users from OID

  Hi,
  Can someone please tell me how to get the list of GROUPS and all the USERS in each group in OID using Java. Need to recursively get all the Groups and Users in each group using Java any samples.
  Thanks

  use examples from OTN like
  http://www.oracle.com/technology/sample_code/products/jdev/readmes/samples/ldapdatacontrol/ldapapplication/src/dc/ldap/model/LDAPSearch.java
  and modify it to your needs
  Bernhard

• Can I delete the hierarchy groups and reload again from R/3

  Hello all,
  I am having some issue in my reports because of the hierarchy groups. Can i just delete the entire hierarcgy groups from "production" and reload again from R/3 will that cause any issue?
  Thanks in advance

  Hi,
     I think u can delete the Master Data Hierarchies. I dont see any issue in the production .
  Rgds,
  Ravi.

• Relationship between groups and their members in LDAP directory missing

  I use SAP EP 6 SPS14 with one LDAP Server as data source using this flat LDAP structure:
  dn: dc=example,dc=com
  objectClass: dcObject
  objectClass: organization
  dc: example
  o: example.com
  dn: ou=user,dc=example,dc=com
  objectClass: organizationalUnit
  description: All Users
  ou: user
  dn: cn=Max Mustermann,ou=user,dc=example,dc=com
  objectClass: inetOrgPerson
  objectClass: organizationalPerson
  objectClass: person
  objectClass: top
  cn: Max Mustermann
  givenName: Max
  sn: Mustermann
  uid: 0001
  userPassword:: bWF4
  dn: cn=Max Meier,ou=user,dc=example,dc=com
  objectClass: inetOrgPerson
  objectClass: organizationalPerson
  objectClass: person
  objectClass: top
  cn: Max Meier
  givenName: Max
  sn: Meier
  uid: 0002
  userPassword:: bWF4
  dn: ou=groups,dc=example,dc=com
  objectClass: organizationalUnit
  description: All Groups
  ou: groups
  dn: cn=internal,ou=groups,dc=example,dc=com
  objectClass: groupOfNames
  objectClass: top
  cn: internal
  member: uid=0001,ou=user,dc=example,dc=com
  dn: cn=external,ou=groups,dc=example,dc=com
  objectClass: groupOfNames
  objectClass: top
  cn: external
  member: cn=Max Meier,ou=user,dc=example,dc=com
  The private section of the LDAP entry in the dataSourceConfiguration.xml looks like:
  <privateSection>
                 <ume.ldap.access.server_type>openLDAP</ume.ldap.access.server_type>
                 <ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
                 <ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
                 <ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
                 <ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
                 <ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
                 <ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
                 <ume.ldap.access.objectclass.user>inetOrgPerson</ume.ldap.access.objectclass.user>
                 <ume.ldap.access.objectclass.uacc>inetOrgPerson</ume.ldap.access.objectclass.uacc>
                 <ume.ldap.access.objectclass.grup>groupofnames</ume.ldap.access.objectclass.grup>
                 <ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
                 <ume.ldap.access.auxiliary_naming_attribute.user>uid</ume.ldap.access.auxiliary_naming_attribute.user>
                 <ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
                 <ume.ldap.access.auxiliary_naming_attribute.uacc>uid</ume.ldap.access.auxiliary_naming_attribute.uacc>
                 <ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
  </privateSection>
  The pointers in the portal are:
  User Path:  ou=user,dc=example,dc=com
  Group Path: ou=groups,dc=example,dc=com
  If I log in as SuperUser, all users and all groups of the LDAP directory are there and I could log on as one of the LDAP provided users. But the relationship between the users and the groups, defined in the member of the objectClass groupOfNames, is missing.
  Whats wrong???
  Message was edited by: Holger Wohlhüter

  Meanwhile I changed the GroupOfNames to GroupOfUniqueNames in the LDAP structure and solved the problem. I had to add this line: <physicalAttribute name="null"/></b> in the User mappings.
  <nameSpace name="com.sap.security.core.usermanagement.relation">
       <attributes>
            <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
                 <physicalAttribute name="*null*"></physicalAttribute>
            </attribute>     
       </attributes>
  </nameSpace>
  Message was edited by: Holger Wohlhüter

• How to create Groups and Group Leaders in Clusters.

  Hi,
  As we know in unicast there is one to one communication and there are groups to control the Thread
  Management, How the Groups and the Group Leaders are created.
  Regards,
  Vardhan.

  Unicast clustering uses TCP/IP sockets to pass cluster messages between members. To avoid requiring each cluster member
  to have connectivity to every other cluster member, WebLogic Server uses a group leader strategy whereby the oldest member
  of the group (in other words, the server that was started first) is designated the group leader. All members of the cluster
  connect to the group leader so that the group leader acts as the relay point for cluster messages between members.
  If the group leader goes down, the next oldest member becomes the new group leader.
  As you can imagine, the group leader strategy works well for small groups but becomes less efficient as the number of members
  of the group grows large. As such, WebLogic Server uses a multiple group leader strategy where it limits the number of members
  in a group to 10. If the cluster is larger than 10 members, WebLogic Server splits into two or more groups, each with their own
  group leader. The group leaders themselves are all interconnected to minimize the number of hops that a cluster message must
  traverse to reach all cluster members.

• Tasl list group and group counter

  hi,
  i have one requirement . I have give internal number range to the task list. so my need to to create task list with one group and several group counter. But what is happening is when i run LSMW for that. seperate group numbers has been generated for each task list. is there any way to get the same group number with different counters using LSMW>

  hi
  since you have given internal number range for task list system will try to create task list with different group numbers .if you want the same group number with different group counter then i think you have to use the task list with external number and use the number created before
  regards
  thyagarajan

• Group and group counter in sap

  Hi all,
  when i am creating rate routing while how can i change group number, external entry is not possible for group.,

  Dear Joy,
  check the number range interval in T.Code OP62 for the number range interval whether the check box is included for external
  number allowed(which means within the from - To range a number can be entered externally for creating routing).
  If not means you can onlu use interval number range,if required a different number range for external series can be configured.
  Check and revert back.
  Regards
  Mangalraj.S

• Bea Portal Group and Group selection / um:getPorperty

  Hi,
  I would like to know if it is possible to set the default group
  in which <um:getProperty> looks into when the user does not have
  the requested property set into his profile.
  I noticed that by default it looks into the current group portal.
  However I would like to make it look into a specific sub group
  of the group portal.
  In the same way there are checks to dertermine if a user belongs to
  several portal groups, I would like to extend these checks and include
  sub groups in the tests and selection.
  I saw that the webflow uses GroupFormProcessor and GroupProcessor but
  couldn't find the source code to see what needs to be initialized for
  <um:getProperty> to work correclty.
  I saw the successor attribute in <um:getProfile>, but I would like to
  know if there's a way to avoid specifying it each time... by setting a
  value in the session for instance ?
  Thanks for your help,
  Best Regards,
  Thierry

  Hello Thierry,
  You probably want to set the explicit successor in the session. A
  successor is a group from which a user inherits properties. An explicit
  successor is one that is specified in the getProperty() call underlying the
  <um:getProperty> tag. Just for your information, this is as opposed to an
  implicit successor, which is persisted for the user and is associated with a
  property set. You can use the methods of ProfileWrapper to persist an
  implicit successor for a user for a specific property set.
  The portal framework sets the ProfileWrapper in the session using the
  com.bea.p13n.usermgmt.SessionHelper.putProfileInSession() method. It sets
  the explict successor for this profile to be equal to the group that was
  selected by the user to apply for this portal session when they logged on
  (if they are only a member of 1 group, then they were not prompted for which
  group...the group was simpley set as the explicit successor). The call to
  SessionHelper.putProfileInSession() is done in the PostLoginProcessor in the
  portal security webflow (see the webflow in your EBCC).
  You can override this by using SessionHelper.putProfileInSession()
  yourself or by putting <um:getProfile> into your portal.jsp page.
  <um:getProfile> does the same thing (uses
  SessionHelper.putProfileInSession() to put the ProfileWrapper into the
  session).
  If I were you, I'd put <um:getProfile> with session scope at the top of
  portal.jsp and use the group that you are interested in as the explicit
  successor.
  See the <um:getProfile> docs at
  http://edocs.bea.com/wlp/docs70/jsp/p13njsp.htm#1001358
  "Thierry Bensoussan" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  I would like to know if it is possible to set the default group
  in which <um:getProperty> looks into when the user does not have
  the requested property set into his profile.
  I noticed that by default it looks into the current group portal.
  However I would like to make it look into a specific sub group
  of the group portal.
  In the same way there are checks to dertermine if a user belongs to
  several portal groups, I would like to extend these checks and include
  sub groups in the tests and selection.
  I saw that the webflow uses GroupFormProcessor and GroupProcessor but
  couldn't find the source code to see what needs to be initialized for
  <um:getProperty> to work correclty.
  I saw the successor attribute in <um:getProfile>, but I would like to
  know if there's a way to avoid specifying it each time... by setting a
  value in the session for instance ?
  Thanks for your help,
  Best Regards,
  Thierry

• Group and group counter used to create cost estimate

  I am creating a custom report and would like to know what table do I have to use if for a given material  the program has to pick Group, Group counter and the task list type that were used in creating the cost estimate for that material. Any help in this regards is much appreciated.
  Regards,

  The name of the table that needs to be used is KEKO. I figured it out so I thought I would share
  Edited by: NIK83 on Mar 7, 2011 10:16 PM

• Provisioning Groups into FIM 2010 from oracle database

  Greetings,
  I am trying to provision security groups from an oracle database where i have a view that contains:
  Department_Code
  Department_Name
  DepParent_Code
  The view has a recursive relation between Department_Code and DepParent_Code (1 to many).
  The view will lead to a Tree that has departments and sub-departments, i want to provision this data into FIM then to AD as security groups reserving the same hierarchy.
  Any help would be appreciated.
  Mohamad Chahla

  I have done something like this myself.  Using my approach I would do the following:
  Extend the Group and group resource type schema in FIM and the FIM Metaverse respectively, adding a new REFERENCE attribute binding ParentGroup/parentGroup respectively;
  Create an Oracle MA for importing DEPARTMENT objects with the anchor attribute Department_Code and with DepParent_Code declared as type REFERENCE;
  Create an inbound sync rule to import department objects as GROUP objects, with IAFs as follows:
  'DEPT-' + Department_Code => group.displayName
  Department_Name => group.description
  DepParent_Code => group.parentGroup
  ... and other IAFs according to the instructions you will find
  here;
  Either create your FIM groups as static (easy), or dynamic/query based (harder - i.e. you would do this if each Person object had a string binding of Department with values which exactly match the DEPT data you are importing) by using an appropriate MPR/workflow;
  Define an outbound sync rule to
  synchronise your FIM group objects to AD.
  If creating dynamic groups, your new workflow "Set Department Group Filter' can be created by using the Function Evaluator to construct the necessary XML filter value (create a group manually first to determine what this must look like) such that each
  group has a matching filter, e.g. the filter for DEPT-ABC would be /Person[Department='ABC']
  Bob Bradley (FIMBob @
  TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

• Grouping and Decimal characters in rtf templates.

  Hi guys and girls,
  I’m really struggling with a problem here regarding the decimal characters for the prices in my output.
  I'm using XML Publisher 5.6.3.
  My goal is to control the grouping and decimal character from my template.
  The numbers in the XML data file can either be 10.000,00 or 10,000.00. The format is handled by the users nls_numeric_characters profile option.
  The output of the template shall be based on the locale and not the data generated by Oracle Reports. For example: Reports to US customers shall show the numbers in the following format 10,000.00. Reports to our European customers shall show the numbers in this format 10.000,00.
  How can I achieve this in my templates? Can it be achieved at all?
  Thank you in advance.
  Kenneth Kristoffersen
  Edited by: Kenneth_ on May 19, 2009 1:30 AM

  Hi,
  Thank you for your reply.
  The problem is that the report is generating the output based on the users profile option nls_numeric_characters.
  I have tried to override the users profile option in the before report trigger without any luck. I can alter selects so the query gets the numbers in the right format but then I would have to go through all queryes and reports which seem a bit wrong? Especially for the standard Oracle reports.
  BR Kenneth

• Retrieving User groups and email for all users in a group

  Hi Everyone,
  I need to create an ADF application to retrieve all the groups in OID, the user would select a group and it should list down all the email addresses in that group.
  Can you suggest what is the best way to achieve this. My main concern is how to retrieve groups and email addresses from OID. I was unable to find APIs for it.
  Your suggestions are greately appreciated.
  Thanks,
  Husain

  In a multi-user environment, a user install a dreamweaver extension,but just the user who install the extension can use it.
  Is there a way that administrator install the extension and make this extension available for other users in multi-user environment(e.g. the Windows 7)
  Dreamweaver had this capability many releases ago, but it has been dropped, so it's no longer available.
  Regards,
  Randy Edmunds
  Dreamweaver Development
  Adobe Systems, Inc.