BPM 11g :: Active Directory custom user attribute binding

Similar Messages

• Sharepoint 2013 - Active Directory Import User Profile Property manager fields

  Hi there,
  I juste encountered actually a little issue regarding the Active Directory Import User Profil.
  Importation seems to work well but I have a little problem regarding the Manager field.
  When I verify a user profil through the sharepoint admin page ("Manage user profil") , I can see the manager field is correctly populated, but if I want to check my profil as a user (personal information), the manager field is not visible.
  With Sharepoint Admin and Manage Profil Properties, I haven't the possibility to modify some settings for the manager.
  For example, Policy parameters is greyed.
  The only way I found to show this field in a user profil is to give the permission "allow users to Edit values ...".... setting I don't want to set.
  Have you already this sort of issue ?
  Thanks for your help/idea.

  Hi Michael,
  I don't remember well what I did exactly regarding this issue because I played a lot with user profil.
  I know I used this powershell script from Sheyia which in fact help me a lot to clean and create a good profil setting.
  http://blogs.technet.com/b/sheyia/archive/2013/10/09/sharepoint-2013-another-way-to-change-order-for-user-profile-properties-via-powershell.aspx
  For example, this script help me to resolve some double entries.
  Let-me know if it help you (or not of course)

• Custom user attribute from ABAP to Portal UME

  Hi All,
  We have choose the ABAP as the data source for portal UME. We have a custom user attribute in the abap. Now i want to bring that custom user attribute from abap to custom user attribute in the UME.
  Any help will be rewarded.
  Thanks
  Sarang.

  Any resolution to this issue?

• Custom User Attribute

  Hi All,
  We have choose the ABAP as the data source for portal UME. We have a custom user attribute in the abap. Now i want to bring that custom user attribute from abap to custom user attribute in the UME.
  Any help will be rewarded.
  Thanks
  Sarang.

  Hi Sarang,
  Check this:
  UME attributemapping for R/3 datasource
  Greetings,
  Praveen Gudapati

• OBIEE 11g Active Directory Presentation Service Error retrieving user

  Hi Team,
  It was a great help from all of you on our OBIEE learnings.
  I recently configured Microsoft AD on Weblogic rather than RPD. But felt like I am in a desert of helplessness due to the complicated and lengthy documents and settings :(
  Still when I configured everything and logged in to presentation services using AD Credentials, observed following error!
  Error retrieving user/group data from Oracle BI Server's User Population API.
  Error Details
  Error Codes: GDU6UYHS:OPR4ONWY:U9IM8TAC:OI2DL65P:SDKE4UTF
  Odbc driver returned an error (SQLExecDirectW).
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43113] Message returned from OBIS. [nQSError: 13049] User 'gp06108' with 'oracle.bi.publisher.scheduleReport;AtAGlance;oracle.bi.publisher.accessReportOutput;_all_;oracle.bi.publisher.accessExcelReportAnalyzer;_all_;oracle.epm.financialreporting.accessReporting;Explore;oracle.bi.publisher.accessOnlineReportAnalyzer;EPM_Essbase_Filter;oracle.bi.publisher.runReportOnline;oracle.as.scheduler.security.MetadataPermission' permission can not query user population.Please have your System Administrator look at the log for more details on this error. (HY000)
  Please have your System Administrator look at the log for more details on this error.
  Expression: privileges['Admin: Catalog']['Change Permissions']
  Total blockout! Anyone faced this issue earlier

  You need a user to be present in your Active Directory Base DN that will be used as the BISystemUser. You will either have to create this user in AD or use an existing AD user and then specify its credentials in Enterprise Manager (expand Weblogic Domain > bifoundation_domain (right click) > Security > Credentials). You will need to set system.user credential under oracle.bi.system map. Make sure your AD user's password never expires or you will run into problems in a few weeks time!
  Paul

• Active Directory Discovery fails to bind to OU

  I am continuously receiving the following error:
  Active Directory System Discovery Agent failed to bind to container
  LDAP://OU=DOMAIN CONTROLLERS,DC=MYDOMAIN,DC=COM. Error: The specified directory service attribute or value does not exist.
  Not sure what to check at this point.  I have checked permissions on the OU, Server has read permissions. Here is screenshot of properties:

  Have you tried discovery of the entire forest, not just a single OU? If that works then it has to be permissions to that OU. If it fails, then it would be no permissions to the forest.
  I'd also consider using a user account (just as a test). Personally I've always used the site server computer account, but you could also try a user account for this to ensure that it's not something else.
  Wally Mead

• OIM 11g: UDF disappears from User Attributes page

  Hi,
  I was modifying a user defined attribute using the 11.1.1.3 User Attributes configuration page. All I did was change its category to move it to another section of the user profile page. The last remaining field in the category 'disappeared'. It just went from the list of fields in the category. The field still exists on the USR object and still contains all the values. But it's gone from the UI.
  I exported the /file/User.xml from MDS and sure enough the missing attribute is not present in the User.xml file. It is there for the mapping to the back end column, and in another element. But the element that describes the field proper is not there. I've since added the attribute element back in manually and re-imported the metadata using the weblogic environment manager, but the field still does not appear.
  So, my question is does anybody know where else OIM stores the attribute details? Is it in the DB somewhere and merely mirrored in the MDS? What do I need to do to restore the field? (I can't add it in because it says it already exists.)
  Thanks

  PeachEye,
  I was unable to see the UDF's I had created on the user form until I set up a policy for them. Please check the policy around the UDF's.
  I am hoping this can help you.
  From Oracle documentation:
  User's Guide for Oracle Identity Manager
  11g Release 1 (11.1.1)
  E14316-03
  User-defined fields (UDFs) can be added by creating a policy and
  adding attributes in the self service user management
  administration policy in Oracle Identity Administration. To add
  the User defined attributes for view or modification under the
  Attributes tab, these UDFs need to be added to the modify user
  data set for self-service. Also, a custom policy needs to be created
  under self service user management to grant permission to view
  and/or modify these attributes.
  For details on authorization policies, refer "Creating and Managing
  Authorization Policies" on page 15-2.

• How to ge the value for attribute for terminal services attribute in Active Directory from userParameters attribute

  I am using dirsync to get  the attributes value that have changed in Active Directory(changelog).
  The following link explains how the dirsync is used to get attribute values :
  'http://blogs.technet.com/b/isrpfeplat/archive/2010/09/20/using-the-dirsync-control.aspx'
  I am changing the attribute Local path under Remote Desktop Services Profile of a user. I have ran a client which uses dirsync to get the changed objects in AD.
  In the client the attribute that is changed is `userParameters` and the value is in encrypted form. 
      CtxCfgPresent                                   P☺CtxCfgPresent???? ☻☺CtxWFProfi
      lePath?↑→☺CtxWFHomeDir?????????????"☻☺CtxWFHomeDirDrive?☺CtxShadow????☺CtxMaxDis
      connectionTime????☺CtxMaxConnectionTime????☺CtxMaxIdleTime???? ☻☺CtxWorkDirector
      y?☺CtxCfgFlags1????"☻☺CtxInitialProgram?
  Is there a way to get  the actual value form the userParameters.

  Hi,
  What about other changed attributes? Are other attributes retrieved by DirSync control turn to be encrypted form?
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Authorisation Active Directory Win2003 users in Solaris 10

  Now I am having the task to configure kereberos authentication and ldap authorisation users of Win2003 Active Directory in Solaris 10.
  Kerberos authentication configured by native pam_krb5 according paper http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/usecdirw/08wsdsu.mspx and works fine.
  But I can't configure authorisation by native ldapclient library.
  Can you give steb-by-step guide about configuring native ldapclient and pam.conf for authorisation AD users on Solaris 10.
  ldaplist command return error
  bash-3.00# ldaplist
  ldaplist: Object not found (LDAP ERROR (12): Unavailable critical extension.)
  And snoop ldap return (10.25.66.222 - Solaris 10, 10.25.67.251 -AD-controller)
  bash-3.00# snoop ldap
  Using device /dev/pcn0 (promiscuous mode)
  10.25.67.251 -> 10.25.66.222 LDAP R port=32926
  10.25.66.222 -> 10.25.67.251 LDAP C port=32926
  10.25.66.222 -> 10.25.67.251 LDAP C port=32926
  10.25.66.222 -> 10.25.67.251 LDAP C port=32926 Bind Request
  10.25.67.251 -> 10.25.66.222 LDAP R port=32926 Bind Response Success
  10.25.66.222 -> 10.25.67.251 LDAP C port=32926
  10.25.66.222 -> 10.25.67.251 LDAP C port=32926 Search Request derefAlways
  10.25.67.251 -> 10.25.66.222 LDAP R port=32926 Search ResDone Unavailable Critic
  al Extension
  10.25.66.222 -> 10.25.67.251 LDAP C port=32926
  10.25.66.222 -> 10.25.67.251 LDAP C port=32926 Unbind Request
  10.25.67.251 -> 10.25.66.222 LDAP R port=32926
  10.25.66.222 -> 10.25.67.251 LDAP C port=32926
  10.25.67.251 -> 10.25.66.222 LDAP R port=32926
  10.25.66.222 -> 10.25.67.251 LDAP C port=32926
  10.25.67.251 -> 10.25.66.222 LDAP R port=32927
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927 Bind Request
  10.25.67.251 -> 10.25.66.222 LDAP R port=32927 Bind Response Success
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927 Search Request derefAlways
  10.25.67.251 -> 10.25.66.222 LDAP R port=32927 Search ResDone No Such Object
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927 Search Request derefAlways
  10.25.67.251 -> 10.25.66.222 LDAP R port=32927 Search ResDone No Such Object
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927 Search Request derefAlways
  10.25.67.251 -> 10.25.66.222 LDAP R port=32927 Search ResDone No Such Object
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927 Search Request derefAlways
  10.25.67.251 -> 10.25.66.222 LDAP R port=32927 Search ResDone No Such Object
  10.25.66.222 -> 10.25.67.251 LDAP C port=32927
  My current 'ldapclient list' is following:
  bash-3.00# ldapclient list
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_BINDDN= cn=ldap_test,ou=Users,ou=Office,dc=corp,dc=com
  NS_LDAP_BINDPASSWD= {NS1}5e10c247a91661a5b4
  NS_LDAP_SERVERS= 10.25.67.251
  NS_LDAP_SEARCH_BASEDN= dc=corp,dc=com
  NS_LDAP_AUTH= simple
  NS_LDAP_SEARCH_REF= TRUE
  NS_LDAP_SEARCH_SCOPE= sub
  NS_LDAP_CACHETTL= 0
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
  NS_LDAP_SERVICE_AUTH_METHOD= passwd-cmd:simple
  And pam.conf:
  # Authentication management
  login auth requisite pam_authtok_get.so.1
  login auth required pam_dhkeys.so.1
  login auth sufficient pam_krb5.so.1 debug
  login auth required pam_unix_cred.so.1
  login auth required pam_unix_auth.so.1
  login auth required pam_dial_auth.so.1
  # rlogin service (explicit because of pam_rhost_auth)
  dtlogin auth requisite pam_authtok_get.so.1
  dtlogin auth required pam_dhkeys.so.1
  dtlogin auth sufficient pam_krb5.so.1 debug
  dtlogin auth required pam_unix_cred.so.1
  dtlogin auth required pam_unix_auth.so.1
  other auth requisite pam_authtok_get.so.1
  other auth required pam_dhkeys.so.1
  other auth sufficient pam_krb5.so.1 debug
  other auth required pam_unix_cred.so.1
  other auth required pam_unix_auth.so.1
  passwd auth required pam_passwd_auth.so.1
  cron account required pam_unix_account.so.1
  other account requisite pam_roles.so.1
  other account required pam_unix_account.so.1
  other account required pam_krb5.so.1 debug
  other session required pam_unix_session.so.1
  other session sufficient pam_krb5.so.1 debug
  other password required pam_dhkeys.so.1
  other password requisite pam_authtok_get.so.1
  other password requisite pam_authtok_check.so.1
  other password sufficient pam_krb5.so.1 debug
  other password required pam_authtok_store.so.1

  I tried this, but i found the Solaris implementation to unstable and scarry, so i decided to go with VAS or Vintela from Quest:
  http://www.vintela.com
  it really works, unlike Suns LDAP implementations, and its easy too..
  7/M.

• How to migrate custom user attributes (UDF) from test environment to production when a sandbox is published

  Hi all,
  I like to migrate custom attributes from test environment to my production environment. I read OIM documentation and i tried to fallow these steps but I cannot export sandbox and import it because all sandboxes are published in the test environment.
  I exported and imported users metadata by deployment manager only. Now, all migrated attributes are in the OIM DB but I do not see these attributes in Administration Console.
  How can i solve this issue? Is it possible to export published sandbox and import it in the other environment?
  Thank you.
  Milan

  In OIM 11g R2 you need to export sandbox before publishing sandbox for custom user fields from DEV or TEST environment.
  Then import exported sandbox in the another environment.
  If you didn't exported custom user fields sandbox from your TEST or DEV in that case you need to create those again in another environment manually. There is no other option for this in OIM 11g R2.

• Adding a listener to Active directory for user creation using Java

  Hi,
  I would like to add a listener to active directory such that when a user is created to the "Users" container, I should be notified or informed. I would like to do this with Java. What should I do ?
  Regards,
  Anand Kumar D

  You should add a NamingListener or a NamespaceChangedListener.

• Principal Name for Active Directory "Domain Users"

  Hi,
  I successufully integrated Weblogic & Active Directory Kerberos (SSO). I tested a web application and successifully logined it with authentication.
  The system automatically recognized my Active Directory username. It worked.
  For authentication in my weblogic.xml I used
  <security-role-assignment>
  <role-name>admin</role-name>
  <principal-name>kursat</principal-name>
  <principal-name>fenerbahce</principal-name>
  </security-role-assignment>
  Now I'm trying to allow all domain members to authenticate my application. For my application I only need the actice directory usernames for them.
  For this purpose, I removed "kursat","fenerbahce" from my weblogic.xml
  <principal-name>kursat</principal-name>
  <principal-name>fenerbahce</principal-name>
  I added
  <principal-name>Domain Users</principal-name>
  instead of writing all domain users.
  However I couldn't authenticate. I got the "Error 403--Forbidden"
  Is there anyone can help me?

  test by creating a groups under Domain Users and use it as your principal name in your weblogic.xml
  -Faisal
  http://www.weblogic-wonders.com

• Active Directory, created users not showing up in list of all users

  I created a user name "test".  However, when I look at a list of all users I only have the 4 users that were created on installation.  When I search for "test"
  it shows up.  Why isn't my user showing up in the list of users?
  I am looking in Active Directory Administrative Center:
   <my Domain> (local) -> Users
  Global Search
  Sorry I cannot provide pictures; I am waiting for my account to be activated.

  You need to look to your search criteria to understand what might be wrong.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Custom User Attributes stored?

  Hi,
  I would like to know which table in Database, user attributes like firstname, lastname, email, custom attributes if any are stored. I know that some of the attributes like islocked, failedlogonattempts are stored in <b>ATTR</b> field of <b>UME_STRINGS</b> and their values stored in <b>VAL</b> field  in the same table.
  Can anyone help me in identifying the table in which attributes stored and how altering the table to add extra custom attributes other than the <b>UME APIs</b>?
  Thanks in advance....
  Regards,
  Ganesh N

  Hi Ganesh
  I'm not sure why you'd want to get to the table(s) directly. Why not use the supported mechanism (APIs) rather than hope SAP never changes the underlying tables?
  Have you tried a SQL trace at the J2EE level?
  Cheers

• Custom User Attributes

  Hi,
  1. How to add custom attributes to the Portal User. Like his SSN or some other info which is more specific to the client project.
  2. How to set up a greeting for the logged in user like "Welcome <logged in user>" - "Welcome Portal30" or "Welcome User1". The edit defaults for banner has a greeting which can appear at the desired position, but how to write a pl/sql code to get the user using the api's.
  Thanks
  Nitin Thakkar
  [email protected]

  1. In the current release, user attributes are not extendable. In the 9iAS V2 timeframe we are moving to an LDAP based model for managing users which will provide this extensibility.
  2. In 3.0.8 of the portal (9iAS 1.0.2.1), you can use page templates to define your banner to include data such as the user name. In that case, you define your banner as html in the template and turn off the default banner on the page.