APEX LDAP Query

Similar Messages

• MMP using wrong search base when doing LDAP query.

  Hi all,
  I installed a new MMP (sun java communication suite v5 on Redhat linux x86).
  When an imap user connects to MMP, the MMP does an ldap query for attributes "MailHostAttrs mailHost".
  This query fails because the search base is
  SRCH base="dc=my,dc=domain,dc=com,o=my.domain.com"
  instead of simply "o=my.domain.com"
  When I ran 'configure' I specified the Organization DN to be o=my.domain.com
  And I've specified the following in the ImapProxyAService.cfg file:
  LdapUrl "ldap://ldap1.my.domain.com:389/o=my.domain.com"
  UserGroupDN "o=my.domain.com"
  DefaultDomain my.domain.com
  So why does it use "dc=my,dc=domain,dc=com,o=my.domain.com"?
  I must be missing something but I can't find it.

  Hi,
  kevin_sysadmin wrote:
  So why does it use "dc=my,dc=domain,dc=com,o=my.domain.com"?
  I must be missing something but I can't find it.The first step the MMP will do to resolve the base DN for a hosted domain is a directory search along the lines of (this is for schema 2 which is the default for a new install):
  [26/Oct/2007:16:46:23 +1000] conn=3152 op=1 msgId=2 - SRCH base="dc=aus,dc=sun,dc=com" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=aus.sun.com)(sunPreferredDomain=aus.sun.com)))" attrs=ALL
  So in my case I have default:LdapUrl "ldap://server.aus.sun.com/dc=aus,dc=sun,dc=com" and default:DefaultDomain aus.sun.com
  So you will probably find that you have a hosted domain configured under "dc=my,dc=domain,dc=com,o=my.domain.com" which got created during installation but not propagated with users.
  Regards,
  Shane.

• Using LDAP Query in Active Directory to see what users are still logged ?

  any suggestions for a LDAP query that I can use in AD to see who is still logged into the network?
  It would be great to distinguish who's logged in with a screen lock which means they aren't really at their PC vs what users are actually using their PCs.
  Thanks in advance!

  I recently posted a framework for checking all machines to see who is logged into them. You can take that and adjust it as you need.
  https://social.technet.microsoft.com/Forums/en-US/fb2ef90a-ba15-41bf-8e6c-95d32256225b/how-do-i-run-this-query-from-a-text-file-list?forum=ITCG
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Log-Entry: 'Warning: LDAP: query accept could not be found'

  I found many entries like this:
  Thu Mar 13 12:45:30 2008 Warning: LDAP: query accept could not be foundin our log 'mail.current'.
  We don't use LDAP (anymore). Where do I have to check if we have missed something what should be de-activated?
  In the GUI 'System Administration', 'LDAP' I have the following entry:
  Server Profile Host Name Port Queries
  Profilename 1.2.3.4.,1.2.3.5 389 None configured
  How can we prevent this warning-entries in the logfile?

  On the GUI interface, go to "Network > Listeners".
  Select the inbound listener. At the bottom, make sure the LDAP queries are all set to None. You may also want to delete your ldap profiles if you're not using them anymore. "System Administration > LDAP"
  If that doesn't address the warnings, contact Technical Support so they can further investigate it.
  I found many entries like this:Thu Mar 13 12:45:30 2008 Warning: LDAP: query accept could not be foundin our log 'mail.current'.
  We don't use LDAP (anymore). Where do I have to check if we have missed something what should be de-activated?
  In the GUI 'System Administration', 'LDAP' I have the following entry:
  Server Profile Host Name Port Queries
  Profilename 1.2.3.4.,1.2.3.5 389 None configured
  How can we prevent this warning-entries in the logfile?

• Getting group members using ldap query

  I need help writing an LDAP query for iPlanet to retrieve all the members of a group. I can do it on Active Directory using the following :
  (memberof=CN=SundanceGroup,CN=Users,DC=Test,DC=com)
  But I am not able to do it with iPlanet. Please let me know how to do it.
  Thanks,
  Binu

  "memberof" attribute is not supported by iPlanet. try using "uniquemember" attribute instead. Also the users in iPlanet are generally created under "ou=people" and not "cn=users". try changing ur filter as(uniquemember=CN=SundanceGroup,ou=people,DC=Test,DC=com).
  BTW
  does anyone know how to query different servers with a common filter to get the groups of a user.

• LDAP Query´s Slow on Virtual DC with W2K12 over Hyper-V W2K12 R2

  Hello,
  We have 2 Virtual Machine DC´s. After upgrade HOSTs from Hyper-V 2012 to Hyper-V 2012 R2, LDAP Query´s are very slow on the 2 Virtual DC´s.
  Has anyone ever went through the same problem?
  Thanks,
  Alexandre Smialoski

  No. But what LDAP query are you running?  
  Do you have any network/connectivity issues?
  Santhosh Sivarajan | Houston, TX | www.sivarajan.com
  ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
  Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
  Blogs: Blogs
  Twitter: Twitter
  LinkedIn: LinkedIn
  Facebook: Facebook
  Microsoft Virtual Academy:
  Microsoft Virtual Academy
  This posting is provided AS IS with no warranties, and confers no rights.

• Is it possible to retrieve data from an Oracle db with an LDAP query?

  Our application uses an LDAP query to retrieve data from Microsoft Active Directory. Is it also possible to retrieve data from an Oracle database with an LDAP query?

  if you have Oracle Internet Directory, you will retrieve with ldapsearch data, which are physically stored in the database. But to select * from emp where ename='SCOTT', it is probably not possible.
  At least I have never heard of such a product which translate ldap query in sql query. But feel free to write your own one in perl :-)

• Critical: LDAP: query DNS result DNS Hard Error looking up e

  I am not having any luck when trying to connect to all 3 of our LDAP Servers...I get this error in the logs:
  Critical: LDAP: query DNS result DNS Hard Error looking up MyServer.Mydomain.com (A): NXDomain
  It is open through our Firewalls. I don't even see the Test Query reach our Firewalls...any suggestions what I am doing wrong?
  We were using Surfcontrol and it worked fine... :?:

  In Surfcontrol I put the IP without the DN and the query returns all the users.
  In IronPort when I put the IP without the DN and do an Accept query using my email address in the Recipient Address I get the above error.

• Create Materialized View based on Results from LDAP Query

  Hi -- I'm trying to create a materialized view based on results from an LDAP query. Unfortunately, it looks like a materialized view can't be created based on a stored procedure, which is where the LDAP results are obtained (using nested loops).
  Does anyone have any idea how to do this without first kicking off a stored procedure that populates a temp table which would be used to create the materialized view? I'm trying to minimize the steps that the DBA's will need to go through when refreshing this new view.
  Thanks,
  ~Christine

  Can you give us more details about the stored procedure you're calling. It will help to know what parameters are involved and what data types they are.
  Off the top of my head though it looks like, at the very least, you would need a stored function that calls the stored procedure. I don't think there is any way to call stored procedures from CREATE ... commands. If you're going to create a stored function anyway ... well, you might as well just create a procedure that inserts values into a regular table instead of fussing with functions and materialized views. You'll probably want to schedule your new procedure to run periodically since it sounds like you'll need the values refreshed from time to time.

• Cache an LDAP query result in a Map Object

  Is there a way to perform a single LDAP query and store it in some type of an indexed list Object in memory. Specifically I need to populate both LDAP manager and managerFullName for an LDAP user object based on an employeenumber query.
  I don't want to query LDAP for every user object. I would like to submit one search such as (objectclass=inetorgperson) and store the result in an indexed list in memolry using employeenumber as the key. This way I only need to query the indexed list object for each user entry.
  Is this possible?

  No this is not possible.
  The only way to do this is to use a java class you write yourself. But and a major but: if you do not stay in the same place in IDM (form or workflow) you will lose the content because the object will be garbage collected when you change.
  The other thing is: how much will you gain? The ldap server can probably return the result far quicker then you can iterate through the list to find the entry.
  WilfredS

• Group Policy Item level targeting LDAP Query for specific AD Sites

  Hi Everyone,
  I'm looking to try and take advantage of Group Policy Preference Item Level Targeting to publish user Proxy settings based on what AD Site a user is located in.
  The company I work for has multiple proxies (for multiple regions). We have hundreds of AD Sites listed within our AD S and S setup. I know that I could potentially list every AD Site that requires a particular proxy, but this would generate additional admin
  overhead each time a new site is commissioned, as well as each time a site is decommissioned (this is a construction company, so may "sites" can fluctuate rapidly).
  Due to this, I would like to know if it is possible to filter by LDAP query, and filter for each proxy, based on a portion of the text/name of the AD Sites (as we use a specific naming convention for our sites, this could be dynamic enough for us to not
  have to add or remove additional AD sites).
  Is this possible, and, if so, how would I write the LDAP Filter/Query??
  Right now I would assume I would do it in the following manner:
  (&(objectCategory=site)(objectClass=site)(cn=AU-*)
  Any assistance would be greatly appreciated.
  Cheers,
  Simon

  > Right now I would assume I would do it in the following manner:
  >
  > (&(objectCategory=site)(objectClass=site)(cn=AU-*)
  Sites do NOT reside in the domain partition, but in the configuration
  partition... You can verify your LDAP filter with
  dsquery * -filter "(your filter here)"
  This query will return all matching objects' distinguished names (DN).
  But why don't you use the "Sites" ILT instead? This ILT supports ? and *
  as wildcards, so it might be sufficient.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• LDAP Query for particular user account in local Administrators group on All Enabled Computer Accounts

  Need to query on all enabled computer accounts that have a particular user account present in the local Administrators group.
  Ldap query is best, because not all our machines have SCCM client
  Thanks for any help you can provide. Lisa

  Ya, I have 41800+ computer accounts in my directory. I think that option is not feasible :) Thanks for your reply.
  I can use SCCM to do this too, but only for those that the client is running on and which are online. Thanks again.
  Hope is not all lost; a scripting solution is still possible.  The difference is instead of running a central script to pull info from all computers, you let the computers report back to you with the info.
  If I were you, I'd do the following:
  1) Create a file share and adjust the permissions so that "Domain Computers" have "Modify" Permissions.
  2) Create a script similar to the 2nd link I posted above, with a bit of adjustment:  at the end of the script, write the information to the file share created in (1), and name the file
  ComputerName.txt
  3) Use Group Policy Preference Scheduled Task to deploy the script, and make sure it only runs once.
  4) Happily wait for the results to come back :)
  The main benefit of this approach is you're not restricted by the computer connectivity at the moment you run the script.  This is especially true if you have many mobile computers in your environment.  Just wait for a reasonable time (they all need
  to come back to the mother ship once a while don't they?) and the results will show up in the file share you created.
  Cheers.

• Determining if a user is disabled in OD using LDAP query

  Hello all,
  I'm doing a LDAP query against my OD to make a web-based user directory. I'm using PHP and doing a LDAP search against 10.6 Server OD such as this:
  $sr=ldap_search($ds, "cn=users,dc=my_server,dc=private", "(CN=*)");
  The search is working perfectly, and I'm getting an array result with multiple key/values such as:
  objectclass
  uidnumber
  apple-generateduid
  apple-mcxflags
  loginshell
  etc.......
  Since it's a listing of active employees, I want to identify deactivated ones and filter them out of my listing. However, I can't see any key/values that could tell me if a user is deactivated or not.
  What would be the best way? Must I run a command line to see if a user is disabled, and if so, what command? (However, this would be poor on performance...)
  Thanks.

  I looked into this ages ago here:
  https://discussions.apple.com/message/6595575#6595575
  This information was relevant back in 10.4 which was post NetInfo.  All things being equal, this is likely still the case.  However, this may have changed and I apologize in advance for not validating.

• OAM 10g Authorization ldap query

  Hi all
  Please let me know if we can write a LDAP query in Authorization - Deny access to deny the users who are not a member of Usergroup 'X'.
  If yes, please give me a sample. Please help.
  Thanks

  Hi,
  Does the solution offered by Sagar (from the above link):
  "If your requirement is to give access to all the members of a particular group then you don't require any ldap filters
  All you have to do is in the authorization rule -> Allow access -> Select People (here you have to select group so click on the group tab, its little hard to see but its there in light blue color on dark blue tab) -> select the group you want to give access"
  (which also applies to Denying access to groups) meet your needs?
  Regards,
  Colin
  Edited by: ColinPurdon on Jun 27, 2011 9:20 AM

• What are attributes we can use in LDAP query in server derivation rules

  Q: What are attributes we can use in LDAP query in server derivation rules
  A: Server derivation rules can be defined for an LDAP server in the same way as that for a Radius server. As opposed to a Radius server, where the list of attributes that are defined for a server are standard, for an LDAP server, the attributes depend on the type of the server.
  The following table contains the list of attributes that are available for an Active Directory implementation. The server may maintain only a subset of these attributes, depending on how the user entries have been configured.
  Attribute Name:
  ==============
  sAMAccountname
  userPrincipalName
  givenName
  sn
  initials
  description
  physicalDeliveryOfficeName
  telephoneNumber
  mail
  wwwHomePage
  url
  logonHours
  logonWorkstation
  userAccountControl
  pwdLastSet
  userAccountControl
  accountExpires
  streetAddress
  postOfficeBox
  postalCode
  memberOf
  primaryGroupID
  title
  department
  company
  manager
  directReports
  profilePath
  scriptPath
  homeDrive
  homeDirectory
  HomeDirDrive
  telephoneNumber
  otherTelephone
  pager
  pagerOther
  mobile
  otherMobile
  fascimileTelephoneNumber
  otherFascimileTelephoneNumber
  ipPhone
  otherIpPhone

  >
  praveen.tecnics wrote:
  > hi experts
  >
  > what are mapping rules in sap xi/pi  ? how we can use this rules for special charters mapping .
  to map special characters you need to use an element called CDATA in your mapping
  a special character causes an error....as XI wont be able to read it (as it is not in a proper XML format)...so to parse this character through XI without causing an eror use the CDATA....just make a search on SDN and you will find the proper use of it....
  For your info: http://www.w3schools.com/XML/xml_cdata.asp
  Regards,
  Abhishek.
  Edited by: abhishek salvi on May 20, 2009 8:52 AM