Associate LDAP user to BPEL domain

Similar Messages

• Configure Groups to LDAP Users

  Hi,
  We have configured LDAP for authentication of users. We would like to associate set of users to groups.
  Can we create custom groups and associate LDAP users to those groups in Weblogic server ?
  Or is it the only way we need to create groups in LDAP and associate users to those groups?
  Thanks,
  Satya

  Satya, if u have a user in ur LDAP, you cant make a user from ur LDAP be a member of a Group in WLS.
  What you can do it modify the Global Roles so that the user has the same previledge as a user belonging to the group in WLS.
  Follow the steps below
  1. Go to "myrealm"
  2. Click the tab "Roles and Policies"
  3. Click the tab "Realm Roles"
  4. Expand the link "Global Roles"
  5. Click the link "View Role Conditions" coressponding to the name "Admin". Enter the panel "Edit Global Role"
  6. Click the button "Add Conditions"
  7. Select "Predicate List" as "user"
  8. Click the button "Next"
  9. Enter my username (ldapuser) in LDAP to the field "User Argument Name:"
  10. Click the button "Add"
  11. Click the button "Finish"
  12. Back to the page "Edit Global Role"
  13. Here I can see
  User :ldapuser
  Or
  Group : Administrators
  14. Click the button "Save"
  15. Restart the server
  ldapuser will have the same previledge as a user belonging to Administrator group..

• Is it possible to have a domain/user in BPEL PM with read access only?

  Hi,
  We deploy, undeploy, purge process and instances using the BPEL PM through the domain credentials. Is it possible to create a domain/profile/user in BPEL PM, through which we can only view the processes and the instances deployed in BPEL PM?
  This could be similar to one we have in Oracle Database, wherein we grant read access on some objects to another schema/user.
  Thanks & Regards,
  Prem.

  no, not in 10.1.2.0.2
  Alternative, you can create your own BPEL Console based on the BPEL AP and JSP.

• CUCM 8.6.2 LDAP User Delete Pending LDAP Sync Status Inactive

  BE6K ver 8.6.2
  Client has a user who recently got married.  They changed her account information in Active Directtory to reflect her new last name. At that point CUCM shows her as
  Delete Pending
  LDAP Sync Status Inactive
  CUC shows
  LDAP User has been deleted.
  The user still exists in both CUC and CUCM and is actively takign and receiving calls.  User has VM access.
  Shorrt of deleting the user in AD and recreating her, is there a way to force this to re-sync?
  Thanks
  Matt

  Then that's expected to happen, for all purposes to CUCM/CUC eyes, msmith no longer exists and will be deleted, and a new user mjones now will be imported.
  Depending on when the change was done and when CUCM detected this, it might take up to 48 hours maximum to delete the user
  You'll need to associate everything to the new user, and also add that new user into CUC.
  Or switch back her userID to the old one, and just change the surname for directory purposes.
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• Server App not seeing external LDAP users & groups

  I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
  When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
  I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
  Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
  This is all so much more opaque than our superbly reliable Snow Leopard servers!
  TIA

  Ok, and again:
  You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
  Connect the third party ldap to your server
  Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
  When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
  Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
  To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
  Feel lucky
  And there ist ist; now you are able to use The accounts taken from an external LDAP.

• Cannot create BPEL domain in SoaSuite 10.1.3.5.0

  Hi all,
  I'm having problems creating BPEL domains.
  Here's my situation:
  I installed a fresh Soa Suite 10.1.3.1 on a Windows environment and upgraded to 10.1.3.5.0. Before patching to 10.1.3.5.0 creating BPEL domains works fine.
  However, after the upgrade to 10.1.3.5.0, when I try to create a new BPEL domain using the BPEL admin console I get an error: jsBundle is not defined.
  The error occurs when I hit the 'Create' button and the javascript calls the validation function (getLocalizedString).
  Has anyone else experienced this behaviour? Any help would be appreciated
  Thanks in advance,
  Rob de Haan
  Edited by: user10750516 on 16-feb-2010 23:56

  Are you trying out the non English version of the admin interface?
  Other users have problems and looks like localization bundles are missing in 10.1.3.5.
  Check this thread: {thread:id=1013311} and then metalink, oracle support is your next stop to search for the TAR SR:)
  Regards,
  Shanmu.

• Connect LDAP service to local domain

  Is there anyone who can tell me if it's possible to connect form the LDAP service to a local domain?
  I have made a new local domain with some groups and users in the Domain management in LC ES admin module.
  Now I want to retrieve those users to my prcess in workbench with the LDAP service, but I can't get it to connect to the new domain (it works fine when I connect to our company AD).
  I have tried with Base DN: DC=NewDomain,DC=local and Search filter: cn=* but with no luck :-(
  Is it possible to connect to the local domaim from the LDAP service if it is, what should the "Base DN" look like and what are the atributes to use in the search filter?
  Thanks
  Søren

  I think you are getting a few things mixed up.
  When you create the users in a local domain, you're in fact creating them in the LiveCycle database. Not in a LDAP system. LiveCycle NEVER writes to an LDAP system. It only reads from it.
  When LC integrates with an LDAP system (like when you create an enterprise domain in adminui), it connects to an external LDAP system and sychronizes with it. I also adds a copy of the users in its database.
  The LDAP service does the same thing is the sense that it just connects to a external LDAP system to get a list of users.
  If you want to query the users from the livecycle database you can use the User Lookup service (under Foundation) instead.
  Jasmin

• How to find the ldap servers in a domain

  we have oce domain controller(win2003) and four additional dc. how to find ldap servers in our domain. ???  Any information is available in dns server???

  G:\Users\joseph>nltest /dclist:gcm.com
  Cannot find DC to get DC list from.Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
         jed-dc.mcg.muhaidibco.com [PDC] [DS] Site: Default-First-Site-Name
        dam-adc.mcg.muhaidibco.com       [DS] Site: Default-First-Site-Name
        JED-ADC.mcg.muhaidibco.com       [DS] Site: Default-First-Site-Name
      infra-adc.mcg.muhaidibco.com       [DS] Site: Default-First-Site-Name
       kaau-adc.mcg.muhaidibco.com       [DS] Site: Default-First-Site-Name
  The command completed successfully
  I have got the above result.From above,  a server is DC and others are Additional DC. My question is, additional domain controll is also a ldap server??????

• Issue using ADSI in powershell to load users from another domain into a group

  I am trying to load users into a domain local security group from another domain using ADSI and powershell. For users who have an existing foreign security principal I can load that without issue, but the users who do not have a foreign security principal
  I am unable to load.
  These work fine, assuming the group domain is fabrikam:
  $Group.psbase.invoke("Add",[ADSI]"LDAP://CN=$external_user_sid_who_has_a_FPN,CN=ForeignSecurityPrincipals,DC=fabrikam,DC=com")
  $Group.psbase.invoke("Add",[ADSI]"LDAP://$userDN,DC=fabrikam,DC=com")
  These does not:
  $Group.psbase.invoke("Add",[ADSI]"LDAP://CN=$externaluser_sid_who_does_not_have_a_FPN,CN=ForeignSecurityPrincipals,DC=fabrikam,DC=com")
  $Group.psbase.invoke("Add",[ADSI]"LDAP://<SID=$external_user_sid_who_does_not_have_a_FPN>")
  $Group.psbase.invoke("Add",[ADSI]"LDAP://<SID=$external_user_hex_sid_who_does_not_have_a_FPN>")
  Any help would be greatly appreciated.
  Thank you

  Thank you for your reply,
  I started with that thread and it ultimately recommends using the [ADSI]"LDAP://<SID=$hexsid>, this bind is not working for me. The page it points to for conversion of sid to hexsid is in VBS, but I have used the below powershell to duplicate its function.
  $sid = "S-1-5-21-2127521184-1604012920-1887927527-72713"
  $parts = $sid.Remove(0,6).Split("-")
  foreach ($part in $parts)
  $hex = ([Convert]::ToString($part, 16)).ToUpper()
  While ($hex.length -lt 8)
  $hex = "0" + $hex
  for ($i=1; $i -lt 5; $i++)
  $reverseEndian = $reverseEndian + $hex.substring($hex.length -2, 2)
  $hex = $hex.Remove($hex.length -2, 2)
  $hexSid = "0105000000000005" + $reverseEndian
  For example SID S-1-5-21-2127521184-1604012920-1887927527-72713 needs
  to be turned into raw hex sid 010500000000000515000000A065CF7E784B9B5FE77C8770091C0100 according to that article and
  then put in the ADSI bind like this: [ADSI ]"LDAP://<SID=010500000000000515000000A065CF7E784B9B5FE77C8770091C0100>". 
  When I put that bind in (with an actual sid and not an example sid) I get the following error:
  format-default : The following exception occurred while retrieving member "PSComputerName": "There is no such object on
  the server.
  + CategoryInfo : NotSpecified: (:) [format-default], ExtendedTypeSystemException
  + FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Commands.FormatDefaultCommand
  For users who are on another domain but already have a foreign principal name created, I can add them easily enough by converting their sid to the appropriate foreign principal name format. I haven't yet had any success adding someone who doesn't have a
  foreign principal name though, even after trying the solution referenced in the article.
  Thank you in advance for any help.

• Cannot add users to new domains anymore

  I got messaging server and delegated admin to work just fine recently until I tried getting LDAP authentication to work so LDAP users could log into Sunrays.
  I used idsconfig and saw that it added a bunch of stuff to the directory so I deleted that stuff after I realized I couldn't add users to a new domain anymore. It just says "cannot create user - unknown error". I can still add users to old domains just fine.
  And I tried both DA and commadmin, neither work. Heres my Messaging server and DA version:
  Sun Java(tm) System Messaging Server 6.2-3.04 (built Jul 15 2005)
  libimta.so 6.2-3.04 (built 01:43:03, Jul 15 2005)
  SunOS testy.i-n-control.com 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Fire-V440
  Delegated Administrator 6.3-0.09
  I turned on debugging for DA and heres the output:
  TRACE [Wed Aug 02 10:10:47 MDT 2006] Default people container = ou=People,o=domain,dc=mail,dc=example,dc=com
  TRACE [Wed Aug 02 10:10:47 MDT 2006] ServerPushThread: setting stop flag
  TRACE [Wed Aug 02 10:10:47 MDT 2006] commTaskManager: progress thread stopped
  TRACE [Wed Aug 02 10:10:47 MDT 2006] com.iplanet.am.sdk.AMException: Unable to create entry.
       at com.iplanet.am.sdk.ldap.DirectoryManager.processInternalException(DirectoryManager.java:433)
       at com.iplanet.am.sdk.ldap.DirectoryManager.createUser(DirectoryManager.java:1046)
       at com.iplanet.am.sdk.ldap.DirectoryManager.createEntry(DirectoryManager.java:1525)
       at com.iplanet.am.sdk.AMDirectoryManager.createEntry(AMDirectoryManager.java:651)
       at com.iplanet.am.sdk.AMCacheManager.createEntry(AMCacheManager.java:337)
       at com.iplanet.am.sdk.AMObjectImpl.create(AMObjectImpl.java:1009)
       at com.iplanet.am.sdk.AMPeopleContainerImpl.createUser(AMPeopleContainerImpl.java:285)
       at sun.comm.cli.server.servlet.CreateUser.create(CreateUser.java:677)
       at sun.comm.cli.server.servlet.CreateUser.doTask(CreateUser.java:91)
       at sun.comm.cli.server.servlet.commTaskManager.execute(commTaskManager.java:196)
       at sun.comm.cli.server.servlet.commServlet.doPost(commServlet.java:90)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
  TRACE [Wed Aug 02 10:10:47 MDT 2006] After AM Exception , msg being sent is Unable to create entry.^324^NONE
  TRACE [Wed Aug 02 10:10:47 MDT 2006] in CLIPageData constructor:status = 1
  TRACE [Wed Aug 02 10:10:47 MDT 2006] commTaskManager - execute => generateOutput
  TRACE [Wed Aug 02 10:10:47 MDT 2006] In CLIPageGenerator ....
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : cliData.status = 1
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : CLIPageData.OK = 0
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput : CLIPageData.FAIL = 1
  TRACE [Wed Aug 02 10:10:47 MDT 2006] Failed: Unable to create entry.^324^NONE
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - Printing successfull results
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - status => FAIL
  TRACE [Wed Aug 02 10:10:47 MDT 2006] CLIPageGenerator - generateOutput - message => Unable to create entry.^324^NONE
  TRACE [Wed Aug 02 10:10:48 MDT 2006] ServerPushThread: done
  TRACE [Wed Aug 02 10:10:48 MDT 2006] ServerPushThread: done
  TRACE [Wed Aug 02 10:10:49 MDT 2006] ServerPushThread: done
  TRACE [Wed Aug 02 10:10:58 MDT 2006] sun.comm.cli.server.servlet.commLDAPAuth: shutting down. Total access count = 1
  Message was edited by:
  nate.wheeler

  Frankly, I'm new to LDAP so I don't know really what
  changed.No time like the present to start learning.
  Its weird, I can do some things, but not
  others. Like I can assign service packages, but not
  change the login id or password of a user. So it
  doesn't look like amadmin can't change things.LDAP provides "ACI", or Access Control settings that can be changed, and create exactly the kinds of things you're looking at.
  The Directory Console can view ACI
  >
  The password encryption seemed to have changed from
  {SSHA} to {CRYPT}. Although I have no idea how to
  switch it back or where to look to see if it did.Unlikely to have made any difference. That should be transparent to the application using DS.
  Most of our applications don't compare the password entry, but attempt a BIND for that very reason.
  Again, I'd be looking at your LDAP access logs for a clue to what's happening.
  >
  Message was edited by:
  nate.wheeler

• Off and On LDAP User Authenticaton

  Before I get started describing my issue, I would like to warn everyone that I am new to solaris administration and solaris in general. So please pardon me if I mispeak or don't initially provide enough information.
  I am having trouble with LDAP user authentication. I am using ldapclient to perform the mapping of user information from our Win2k3 Domain Controllers (running SFU) to our Solaris 10 box. When I configure the system initiallty everything works fine. For example, I can run:
  getent passwd <AD_username>
  and get all the attributes that SFU provides and login via SSH with valid AD credentails. However, for some reason after a period of time (not sure if it is a fixed period of time or vvariable) LDAP authentication will stop working, denying everyone with valid AD credentials. I have tried looking in almost every log file I can think of (/var/adm/messages, /var/ldap/cache_mgr) and there are no error messages from ldapclient. Similarly on the domain controllers I do not see any failed security audits nor any failed ldap requests.
  Any ideas on what could be causing this sort of behavior?
  If it helps I followed the following guide when configuring AD Integration:
  http://blog.scottlowe.org/2007/04/25/solaris-10-ad-integration-version-3/
  Listed below is my ldap_client_file (sensative information removed):
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_SERVERS= <my_dc>
  NS_LDAP_SEARCH_BASEDN= dc=<my_domain>,dc=<extension>
  NS_LDAP_AUTH= simple
  NS_LDAP_CACHETTL= 0
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:dc=<my_domain>,dc=<extension>?sub
  NS_LDAP_SERVICE_SEARCH_DESC= group:dc=<my_domain>,dc=<extension>?sub
  NS_LDAP_ATTRIBUTEMAP= shadow:uid=msSFU30Name
  NS_LDAP_ATTRIBUTEMAP= shadow:userpassword=msSFU30Password
  NS_LDAP_ATTRIBUTEMAP= shadow:shadowflag=msSFU30ShadowFlag
  NS_LDAP_ATTRIBUTEMAP= passwd:loginshell=msSFU30LoginShell
  NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=msSFU30HomeDirectory
  NS_LDAP_ATTRIBUTEMAP= passwd:uid=msSFU30Name
  NS_LDAP_ATTRIBUTEMAP= passwd:uidnumber=msSFU30UidNumber
  NS_LDAP_ATTRIBUTEMAP= passwd:gidnumber=msSFU30GidNumber
  NS_LDAP_ATTRIBUTEMAP= passwd:gecos=displayName
  NS_LDAP_ATTRIBUTEMAP= group:gidnumber=msSFU30GidNumber
  NS_LDAP_ATTRIBUTEMAP= group:memberuid=msSFU30UidNumber
  NS_LDAP_ATTRIBUTEMAP= group:userpassword=msSFU30Password
  NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=user
  NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=user
  NS_LDAP_OBJECTCLASSMAP= group:posixGroup=group

  Here is the information that is present in /var/adm/messages:
  Jan 24 15:22:53 shiva.cs.uwec.edu sshd[9533]: [ID 800047 auth.crit] monitor fata
  l: login_init_entry: Cannot find user "thompstd"
  Jan 24 15:22:53 shiva.cs.uwec.edu sshd[9536]: [ID 800047 auth.crit] fatal: Monit
  or not responding
  Jan 24 15:25:43 shiva.cs.uwec.edu statd[280]: [ID 766906 daemon.warning] statd:
  cannot talk to statd at sgs2.uwec.edu, RPC: Timed out(5)
  Jan 24 15:25:47 shiva.cs.uwec.edu sshd[9508]: [ID 800047 auth.crit] monitor fata
  l: login_init_entry: Cannot find user "butallmj"
  Jan 24 15:25:47 shiva.cs.uwec.edu sshd[9511]: [ID 800047 auth.crit] fatal: Monit
  or not responding
  Jan 24 15:25:58 shiva.cs.uwec.edu statd[280]: [ID 766906 daemon.warning] statd:
  cannot talk to statd at sgs2.uwec.edu, RPC: Timed out(5)
  Jan 24 15:26:13 shiva.cs.uwec.edu statd[280]: [ID 766906 daemon.warning] statd:
  cannot talk to statd at sgs1.uwec.edu, RPC: Timed out(5)
  Jan 24 15:26:28 shiva.cs.uwec.edu last message repeated 1 timeThe statd warnings continue on and we see the two users (thompstd, butallmj) failing to authenticate. Right before the authentication errors I see the following:
  Jan 24 14:42:56 shiva.cs.uwec.edu ebus: [ID 521012 kern.info] su1 at ebus1: offs
  et 2,40
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] su1 is /ebus@1f
  ,464000/serial@2,40
  Jan 24 14:42:56 shiva.cs.uwec.edu ebus: [ID 521012 kern.info] epic0 at ebus1: of
  fset 3,0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] epic0 is /ebus@
  1f,464000/env-monitor@3,0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: f
  ssnap0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] fssnap0 is /pse
  udo/fssnap@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: r
  amdisk1024
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] ramdisk1024 is
  /pseudo/ramdisk@1024
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: w
  inlock0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] winlock0 is /ps
  eudo/winlock@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: d
  evinfo0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] devinfo0 is /ps
  eudo/devinfo@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: l
  lc10
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] llc10 is /pseud
  o/llc1@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: p
  m0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] pm0 is /pseudo/
  pm@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: t
  od0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] tod0 is /pseudo
  /tod@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: l
  ofi0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] lofi0 is /pseud
  o/lofi@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: f
  cp0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] fcp0 is /pseudo
  /fcp@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: f
  csm0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] fcsm0 is /pseud
  o/fcsm@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: r
  sm0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] rsm0 is /pseudo
  /rsm@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: t
  rapstat0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] trapstat0 is /p
  seudo/trapstat@0
  Jan 24 14:42:56 shiva.cs.uwec.edu pseudo: [ID 129642 kern.info] pseudo-device: r
  mcadm0
  Jan 24 14:42:56 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] rmcadm0 is /pse
  udo/rmcadm@0
  Jan 24 14:42:56 shiva.cs.uwec.edu mac: [ID 543131 kern.info] NOTICE: bge2/0 regi
  stered
  Jan 24 14:42:56 shiva.cs.uwec.edu mac: [ID 543131 kern.info] NOTICE: bge3/0 regi
  stered
  Jan 24 14:42:57 shiva.cs.uwec.edu scsi: [ID 193665 kern.info] sd3 at mpt0: targe
  t 1 lun 0
  Jan 24 14:42:57 shiva.cs.uwec.edu genunix: [ID 936769 kern.info] sd3 is /pci@1e,

• User status shows active in portal for inactive LDAP users

  Hi all,
  Users listed in the LDAP as deleted or inactive are still listed in EP
  User Management as valid active users.
  1) is there any process or OSS note which can help us to get users
  inactive in portal user management to the corresponding LDAP inactive
  users?
  2) is there any chance that any inactive or deleted entries in LDAP
  should not be searchable from User admin Portal search?
  Any solution for the above problem?
  Please reply.
  Regards,
  haroon

  Hello there,
  i have the same problem: We have several domains that sometimes contain users with the same user-id. This happens, if a user is "moved" from one domain to another: A new user with the same user-id is created in the new domain and the user-status of the user in the old domain is set to "inactive".
  But SAP NetWeaver Portal (7.0 EHP 1) ignores this user-status flag and thus login (with SPNego / Integrated Windows Authentication, which does not send the domain of an identified user to the portal) fails.
  Is there a possibility to get the portal to "ignore" LDAP users (meaning no longer list them in the UME) that have their user-status flag set to "inactive"?
  Thanks for a reply in advance!
  Regards,
  René

• Login Error from Users machine into BO Desktop Applications With LDAP user

  Hi All,
  I am getting a strange error and got stucked.I have searched in the forums and tried every possible thing but the problem remains same.
  I am not able to login into any Client application using LDAP account.
  The setup is:
  Machine 1: Webserver
  Machine 2: CMS and other servers
  Machine 3: Clustered CMS server
  LDAP is implemented and SSL is enabled between Machine 2 and LDAP server.
  Now when i am into Machine2 and try to login into Client application using LDAP it works for me also for Web Application(CMC, Infoview)
  When i am into user machine I am able to login into Client Application (Designer, Desktop Intelligence etc) using enterprise account, but not with LDAP account. However i am able to login to web Application using LDAP account from users machine.
  All the ports are open and can connect to CMS machine and database repository connectivity is also OK.
  One interesting thing i would like to share that if i am login into Infoview using LDAP account and If i go for editing a report it opens Desktop Intelligence for me (LDAP user) and there is a entry in System name when i login into Deski.That entry in system name is CMS Machine name,Port number, full domain, (J2EE Portal) written in last.
  Using this entry in System I can Login using LDAP account but first should do the process (Login to Infoview, Edit The Report) for every user machine.
  Please help me out where i am getting wrong.
  The error with Client application and LDAP user is USR0013. Can not Access the repository.

  My guess would be that client apps don't have access to the SSL directory defined in the LDAP config but the web/app does. When you edit a report it launches deski in 3-tier mode still using the web/app so this isn't surprising behavior. There are SAP notes on this in SMP key words LDAP SSL deski should return  the result. The link to SMP is in the forum sticky at the top of the administration forum.
  Regards,
  Tim

• Connected user in network domain

  Hi, I need to put into variables in APEX the name of presently connected user in network domain, not only in computer (I think I would be solved with LDAP). Is it somehow possible, or - is it possible in APEX or should I use for exemple JAVA? Thanks for answers.

  Hi,
  I did not get the question completely. But yes , you can authenticate wireless user connecting to particular Wlan with LDAP server where LDAP server acts like an authentication data base.
  For example , Users connecting to web-auth Wlan can be authenticated using LDAP server:
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108008-ldap-web-auth-wlc.html
  Similarly , dot1x users can also be authenticated. For that WLC has to be made Local EAP server and a local profile has to be created under Security > Local EAP. This is described in detail in any WLC configuration guide.
  Regards
  Dhiresh
  **Please rate helpful posts**

• Associate eDir user object with GroupWise account

  After moving a user form secondary domain (GW802) to a new primary
  domain (GW2012) the association of edir object and GW account was lost.
  The user move state showed "completed" and i can see the user's db in
  the /ofuser directory. If i try to associate the GW account it is not
  listed in the po. I tried validation of the po and domain but i got no
  errors.
  Can i manually assign the userdb to the eDir object ?

  maxx,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/