Bulk LDAP lookup of users

Similar Messages

• GAL LDAP Lookup

  I was wondering if anyone could comment whether the following is possible.  We are one of many sub-organizations within a parent organization.  Each sub-organization is completely independent with separate LDAP forests and E-mail servers. 
  The parent has a central LDAP server that is used for E-mail address lookups for all sub-organizations.  Within Exchange 2013 is it possible to create a separate GAL that points to the central LDAP server via LDAP query.  Ideally what we are looking
  to do is have one GAL that only contains the contacts in our sub-organization and second GAL that queries the parent organization LDAP server that contains all sub-organization's contacts.
  I know that in Outlook, we can configure a second address book that does do an LDAP lookup, however I have not found a way to configure this via GPO, other than pushing out reg settings.  Also this does not allow access to the parent organization GAL
  via OWA.
  Any help is appreciated

  Hi,
  We can try to use Address Book Policy to create different GAL for the Parent organization and sub-organizations.
  Address book policies (ABPs) in Exchange allow you to segment users into specific groups to provide customized views of your organization’s global address list (GAL). You can apply the ABP to mailbox users, providing them with access
  to a customized GAL in Outlook and Outlook Web App.
  For more information about Address Book Policies, please refer to:
  http://technet.microsoft.com/en-us/library/jj657455(v=exchg.150).aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• NAC Appliance and LDAP Lookup

  Hello,
  I have two CAM in HA and two CAS in HA.
  I configure the LDAP Lookup for create rule to role allocation.
  In this configuration are only one windows server to make find the user properties.
  There are one problem when this Windows servers is down. There are any configuration to mitigation when the server is not there.
  Thank you all.

  The LDAP lookup server configs state it uses the LDAP Authentication Provider. The LDAP Authentication Provider says you can have multiple entries in the single field
  LDAP
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_auth.html#wp1158614
  You can add redundancy for LDAP Authentication servers by entering multiple LDAP URLs in the Server URL field separated by a space, for example:
  ldap://ldap1.abc.com ldap://ldap2.abc.com ldap://ldap3.abc.com

• JMX example LDAP lookup not working

  Hi,
  Section 4.4 of JMX tutorial has several examples of Server.java using LDAP lookup services. I'm trying to run the RMI connector over JRMP without an external directory. Here are the command and its results (with additional tracing):
  $ java -classpath . -Xdebug -Ddebug=true -Dagent.name=test-server-a
  -Durl="service:jmx:rmi://" -Djava.naming.provider.url="$provider" -Djava.naming.security.principal="$principal" -Djava
  .naming.security.credentials="$credentials" jndi.Server
  Creating MBeanServer...
  Creating Connector: service:jmx:rmi://
  In rmi()
  Context.SECURITY_CREDENTIALS is: java.naming.security.credentials
  Entry: java.naming.security.authentication simple
  Entry: java.naming.provider.url ldap://localhost:389/dc=Test
  Entry: java.naming.security.principal cn=Manager,dc=test
  Entry: jmx.remote.jndi.rebind true
  Entry: java.naming.security.credentials secret
  Creating RMI Connector: service:jmx:rmi://
  In start()
  In getRootContext()
  java.naming.provider.url=ldap://localhost:389/dc=Test
  java.naming.security.principal=cn=Manager,dc=test
  java.naming.security.credentials=******
  In register()
  dn: cn=test-server-a
  Unexpected exception caught in main: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objec
  tClass: value #1 invalid per syntax]; remaining name 'cn=test-server-a'
  javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objectClass: value #1 invalid per syntax];
  remaining name 'cn=test-server-a'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2998)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
  at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:770)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
  at jndi.Server.register(Server.java:238)
  at jndi.Server.start(Server.java:396)
  at jndi.Server.rmi(Server.java:364)
  at jndi.Server.main(Server.java:492)
  I'm using OpenLDAP (with Cygwin) on a Windows XP machine. I have also rmiregistry running in the background. Since I'm executing slapd -d -1, OpenLDAP shows that it is encountering the error here:
  conn=0 op=3 ADD dn="cn=test-server-a,dc=Test"
  send_ldap_result: conn=0 op=3 p=3
  send_ldap_result: err=21 matched="" text="objectClass: value #1 invalid per syntax"
  send_ldap_response: msgid=4 tag=105 err=21
  ber_flush: 54 bytes to sd 8
  0000: 30 34 02 01 04 69 2f 0a 01 15 04 00 04 28 6f 62 04...i/......(ob
  0010: 6a 65 63 74 43 6c 61 73 73 3a 20 76 61 6c 75 65 jectClass: value
  0020: 20 23 31 20 69 6e 76 61 6c 69 64 20 70 65 72 20 #1 invalid per
  0030: 73 79 6e 74 61 78 syntax
  ldap_write: want=54, written=54
  0000: 30 34 02 01 04 69 2f 0a 01 15 04 00 04 28 6f 62 04...i/......(ob
  0010: 6a 65 63 74 43 6c 61 73 73 3a 20 76 61 6c 75 65 jectClass: value
  0020: 20 23 31 20 69 6e 76 61 6c 69 64 20 70 65 72 20 #1 invalid per
  0030: 73 79 6e 74 61 78 syntax
  conn=0 op=3 RESULT tag=105 err=21 text=objectClass: value #1 invalid per syntax
  Does this mean there is a configuration problem with OpenLDAP (something missing in the schema)? Or does the problem lie elsewhere? Your guidance will be highly appreciated. Thanks!

  Hello,
  I am using example at http://www.cris.com/~adhawan/tutorial/ with OpenLDAP on WinXP.
  I am getting following error message when I execute the MakeRoot java class
  javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 � objectClass: value #0 invalid per syntax]; remaining name 'o=jndiTest'
  Please help.
  Regards,
  Atul Mathur

• Secure LDAP lookup with 2005Q4 Outlook Connector 7 not working

  Hello all,
  I have Sun Java(TM) System Directory Server/5.2_Patch_4 B2005.230.0041 (64-bit) installed and the latest 2005Q4 Calendar, Messaging and UWC Server. When testing the Outlook Connector, I can get the 2005Q1 version 7 connector to work just fine with all features. I uninstalled the 2005Q1 connector and installed the 2005Q4 connector into a new profile and everyting works expect if I try to make the LDAP lookups secure for the global address list. Changing the port to 636 for ldap causes Outlook to timeout on the lookup. I checked the directory server logs and noticed that the secure connection is being made without errors, but after a minute an ABANDON operation takes place on the secure connection and Outlook gives up. When using port 389 for lookups, the Connector has no issues.

  Jay,
  I think I found the fix. I upgraded the 2005Q1 -> 2005Q4 Sun Java Connectory Deployment Tool. After I uninstalled the deployment tool and then reinstalled the 2005Q4 I was able to create and .exe and create an Outlook profile that did not have any LDAP over SSL problems.

• Does JNDI cache physical IP address on ldap lookups?  And How to stop it?

  We are using Oracle's 11.1.0.6 thin jdbc driver using the 'ldap lookup' syntax for database connect string lookups. The ldap server we specify is a DNS alias pointing to a hardware server load balancer, which returns different IP addresses based on load and current availability. During maintenance, we will remove a server from the load balancing rotation, but applications will continue to try connecting to this physical IP address even though DNS is no longer serving it up as a valid address. This causes continuous application failures until either the server is brought back up or the application is bounced. Only the application needs to be bounced, not the websphere or the physical server, so the caching is not being done at the server level.
  We've used the tracing capabilities in the 11g jdbc driver to trace the fact that Oracle is passing in thd DNS alias name and not an IP address to the JNDI interface, so it appears the caching is occurring at the JNDI level. Unfortunately, tracing is not detailed enough to show exactly what JNDI calls are being made.
  Is there any JNDI attributes that can be set to stop JNDI from caching this IP address and force it to re-evalute the new DNS lookup at each invocation?
  We already know Oracle's jdbc thin driver supports specifying secondary failover ldap lookup strings, but this IP address is also getting cached, so while this will reduce the frequency of errors, it won't eliminate the problem, especially if a server is removed from the load balancing rotation permanently.

  - Reset the iOS device. Nothing will be lost
  Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
  least ten seconds, until the Apple logo appears.
  - Power off and then back on the router
  - Reset network settings: Settings>General>Reset>Reset Network Settings
  - iOS: Troubleshooting Wi-Fi networks and connections
  - iOS: Recommended settings for Wi-Fi routers and access points
  - Restore from backup. See:
  iOS: How to back up
  - Restore to factory settings/new iOS device.
  Do you have this problem with other networks/routers/access points? If not then that points to a problem with your network.

• Bulk Uploading of New Users without Active Directory Sync. Possible?

  Hello,
  WithOUT Active Directory synchronization, is it possible to do a bulk upload of 100+ users onto Project Server 2013 (Online)?  If so, how?
  In addition, can these new users be setup to default with “User can be assigned as a resource"? 
  Thanks in advance,
  \Spiro Theopoulos PMP, MCITP. Montreal, QC (Canada)

  Hi,
  it is possible, but not completely.
  If you select at least one resource in Resource Center and click "Open", this resource is opened for editing in client. At this place, you can add your new resources with all fields (and Default Booking Type), e.g. with copy/paste from some other
  source. They are added as resources. However, editing column "User Logon Account" is disabled, so you can't add this information in client. You need to do this afterwards from Resource Center for each single resource.
  And yes - I agree: This is very inconvinient!
  Regards
  Barbara
  To increase the value of this forum, please mark the replies that helped to solve your issue as answer. If you find answers to questions from other forum participants to be helpful, please mark them as helpful. Your participation will help others to find
  an appropriate solution faster. Thanks for your support!

• MTA Direct LDAP Lookup Configuration

  Does the MTA Direct LDAP Lookup permit the use of the short login under a multiple domaine configuration ???

  Selim:
  Direct LDAP only applies to the "MTA" portion of Messaing Server. Means SMTP processing.
  Usually, "short form login" is talking about logging in to get messages, via IMAP, POP, or HTTP.
  To get "short form", or login without domain portion of User_ID, you need to use the MMP, as it can provide the long form to the mail store.

• LDAP Lookup / Network Address sometimes populates with TCP

  Our development team has configured our local intranet to do LDAP searches against our tree, thus eliminating the need for users to login. They're doing an IP lookup and then retrieving the user name. What happens very rarely is the the "Network address" field under the Environment tab within ConsoleOne will display "TCP:" followed by the users IP address.
  When this hapens (it's rare), the lookup fails. The typical results display "IP:" followed by the users IP address. This always works. Here's the code that is doing the LDAP query:
  $sLDAPQuery = ldap_search($sLDAPConn, "o=XYZ", "(networkaddress=1#$sIPAddress)")
  Where "(networkaddress=1#$sIPAddress)" is the search string, $sIPAddress being the HEX value of the IP.
  My question is, is there a way for me to eliminate the return value of TCP? Does anyone have any other pointers or potential workarounds for this? Like something that would still allow the IP lookup to succeed when TCP is presented instead of IP?
  Thanks for your help,
  Ryan

  ryan r sd 2 wrote:
  > My question is, is there a way for me to eliminate the return value of
  > TCP? Does anyone have any other pointers or potential workarounds for
  > this? Like something that would still allow the IP lookup to succeed
  > when TCP is presented instead of IP?
  There are different types of network addresses (as defined by that first
  number in the returned string). So, your dev folks need to decode
  according to the type of address that is being returned, and not just
  assume its always IP (ie 1).
  Peter
  eDirectory Rules!
  http://www.DreamLAN.com

• ARD 3 Kills LDAP and NetHome Users

  We recently deployed ARD 3 on our network of close to 600 Macs; close to 200 of which are Net-Home users. (users with home directories mounted from an XServe) We have 7 XServes with the Net-Home users distributed between them.
  Our problem is, with ARD 3, whenever we open the ARD Admin application on any of our administrative workstations and it polls our networks, it causes the clients to bombard our LDAP server with lookups, which in turn, causes all our Net-Home users to get the color wheel/beach ball/etc, as the XServes are very dependent upon LDAP access.
  We did not experience this problem with previous versions of ARD.
  iMac G5 20"   Mac OS X (10.4.6)  

  We originally thought the usage data reporting / reporting to a task server was causing this problem, however, disabling all reporting, task server services, and schedules on the clients did not resolve this problem.

• Bulk create Active Directory Users and Groups in PowerShell using Excel XLSX source file instead of CSV

  Hi Scripting Guy.  I am a Server Administrator who is very familiar with Active Directory, but new to PowerShell.  Like many SysAdmins, I often need to create multiple accounts (ranging from 3-200) and add them multiple groups (ranging
  from 1 - 100).  Previously I used VBS scripts in conjunction with an Excel .XLS file (not CSV file).  Since VBS is essentially out the door and PowerShell is in - I am having to re-create everthing.
  I have written a PowerShell script that bulk creates my users and adds them to their corresponding groups - however, this can only use a CSV file (NOT an XLS file).  I understand that "CSV is much easier to use than Excel worksheets", but
  most times I have three sets of nearly identical groups (for Dev, QA and Prod).  Performing Search and Replace on the Excel template across all four Worksheets ensures the names used are consistent throughout the three environments.
  I know each Excel Worksheet can be exported as a separate CSV file and then use the PowerShell scripts as is, but since I am not the only SysAdmin who will be using these it leads to "unnecessary time lost", not to mention the reality that even
  though you clearly state "These tabs need to be exported using this naming standard" (to work with the PowerShell scripts) that is not the result.
  I've been tasked to find a way to modify my existing PowerShell/CSV scripts to work with Excel spreadsheets/workbooks instead - with no success.  I have run across many articles/forums/scirpts that let you update Excel or export AD data into an Excel
  spreadsheet (even specifying the worksheet, column and row) - but nothing for what I am trying to do.
  I can't imagine that I am the ONLY person who is in this situation/has this need.  So, I am hoping you can help.  How do I modify my existing scripts to reference "use this Excel spreadsheet, and this specific worksheet in the spreadsheet
  prior to performing the New-ADUser/Add-ADGroupMember commands".
  For reference, I am including Worksheet/Column names of my Excel Spreadsheet Template as well as the first part of my PowerShell script.  M-A-N-Y T-H-A-N-K-S in advance.
     Worksheet:  Accounts
       Columns: samAccountName, CN_DisplayName_Name, sn_LastName, givenName_FirstName, Password, Description, TargetOU
     Worksheets:  DevGroups / QAGroups / ProdGroups
       Columns:  GroupName, Members, MemberOf, Description, TargetOU
  # Load PowerShell Active Directory module
  Write-Host "Loading Active Directory PowerShell module." -foregroundcolor DarkCyan # -backgroundcolor Black
  Import-Module ActiveDirectory
  Write-Host " "
  # Set parameter for location of CSV file (so source file only needs to be listed once).
  $path = ".\CreateNewUsers-CSV.csv"
  # Import CSV file as data source for remaining script.
  $csv = Import-Csv -path $path | ForEach-Object {
  # Add '@saccounty.net' suffix to samAccountName for UserPrincipalName
  $userPrincinpal = $_."samAccountName" + "@saccounty.net"
  # Create and configure new AD User Account based on information from the CSV source file.
  Write-Host " "
  Write-Host " "
  Write-Host "Creating and configuring new user account from the CSV source file." -foregroundcolor Cyan # -backgroundcolor Black
  New-ADUser -Name $_."cn_DisplayName_Name" `
  -Path $_."TargetOU" `
  -DisplayName $_."cn_DisplayName_Name" `
  -GivenName $_."givenName_FirstName" `
  -SurName $_."sn_LastName" `
  -SamAccountName $_."samAccountName" `
  -UserPrincipalName $userPrincinpal `

  Here is the same script as a function:
  Function Get-ExcelSheet{
  Param(
  $fileName = 'C:\scripts\test.xls',
  $sheetName = 'csv2'
  $conn = New-Object System.Data.OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = $fileName;Extended Properties=Excel 8.0")
  $cmd=$conn.CreateCommand()
  $cmd.CommandText="Select * from [$sheetName$]"
  $conn.open()
  $cmd.ExecuteReader()
  It is called like this:
  Get-ExcelSheet -filename c:\temp\myfilename.xslx -sheetName mysheet
  Do NOT change anything in the function and post the exact error.  If you don't have Office installed correctly or are running 64 bits with a 32 bit session you will have to adjust your system.
  ¯\_(ツ)_/¯
  HI JRV,
  My apologies for not responding sooner - I was pulled off onto another project this week.  I have included and called your Get-ExcelSheet function as best as I could...
  # Load PowerShell Active Directory module
  Write-Host "Loading Active Directory PowerShell module." -foregroundcolor DarkCyan # -backgroundcolor Black
  Import-Module ActiveDirectory
  Write-Host " "
  # JRV This Function Loads the Excel Reader
  Function Get-ExcelSheet{
  Param(
  $fileName = 'C:\scripts\test.xls',
  $sheetName = 'csv2'
  $conn = New-Object System.Data.OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = $fileName;Extended Properties=Excel 8.0")
  $cmd=$conn.CreateCommand()
  $cmd.CommandText="Select * from [$sheetName$]"
  $conn.open()
  $cmd.ExecuteReader()
  # Set parameter for location of CSV file (so source file only needs to be listed once) as well as Worksheet Names.
  $sourceFile = ".\NewDocClass-XLS-Test.xlsx"
  # Add '@saccounty.net' suffix to samAccountName for UserPrincipalName
  $userPrincinpal = $_."samAccountName" + "@saccounty.net"
  # Combine GivenName & SurName for DisplayName
  $displayName = $_."sn_LastName" + ". " + $_."givenName_FirstName"
  # JRV Call the Get-ExcelSheet function, providing FileName and SheetName values
  # Pipe the data from source for remaining script.
  Get-ExcelSheet -filename "E:\AD_Bulk_Update\NewDocClass-XLS-Test.xlsx" -sheetName "Create DocClass Accts" | ForEach-Object {
  # Create and configure new AD User Account based on information from the CSV source file.
  Write-Host " "
  Write-Host " "
  Write-Host "Creating and configuring new user account from the CSV source file." -foregroundcolor Cyan # -backgroundcolor Black
  New-ADUser -Name ($_."sn_LastName" + ". " + $_."givenName_FirstName") `
  -SamAccountName $_."samAccountName" `
  -UserPrincipalName $userPrincinpal `
  -Path $_."TargetOU" `
  Below is the errors I get:
  Exception calling "Open" with "0" argument(s): "The 'Microsoft.Jet.OLEDB.4.0'
  provider is not registered on the local machine."
  At E:\AD_Bulk_Update\Create-BulkADUsers-XLS.ps1:39 char:6
  + $conn.open()
  + ~~~~~~~~~~~~
  + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
  + FullyQualifiedErrorId : InvalidOperationException
  Exception calling "ExecuteReader" with "0" argument(s): "ExecuteReader
  requires an open and available Connection. The connection's current state is
  closed."
  At E:\AD_Bulk_Update\Create-BulkADUsers-XLS.ps1:40 char:6
  + $cmd.ExecuteReader()
  + ~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
  + FullyQualifiedErrorId : InvalidOperationException

• Can't create or modify ldap group or user

  I have a web proxy 4.0.6 (ans i try with 4.0.7)server link with 2003 active directory server
  But I cannot create or manage group
  The BaseDN is OU=company,DC=ssc,DC=com
  The BindDN is CN=Administrator,CN=Users,DC=ssc,DC=com
  The web proxy server can add organization into active directory
  But cannot create group and user, Error:
  Adding group3... Problem
  An error occurred while contacting the LDAP server.
  (No such attribute)
  The server was unable to process the request, because the request referred to an attribute which does not exist in the entry.
  Adding user3... Problem
  An error occurred while contacting the LDAP server.
  (Naming violation)
  The search of group have a bug too i can' find any group but i can find users or OU
  So how can we say that it's LDAP compatible, there is a bug in this module ?
  Merci
  Edited by: killa74 on Mar 29, 2008 10:49 AM

  Strange but the problem seems to have just gone away on its own!

• Problem with LDAP authentication for users in a group

  I've gone through several forums attempting to find a solution, but I still can't get authentication to work for users in a particular group within AD. Our ASA is running 9.1(2), and the domain controller is a Windows Server 2012 R2.
  I can configure the VPN connection, so that all users can authenticate just fine; however, when I setup the group, there appears to be success, but I'm reprompted to authenticate, and it eventually fails:
  [6707]  memberOf: value = CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com
  [6707]          mapped to IETF-Radius-Class: value = GroupPolicy_COMPANY_SSL_VPN
  [6707]          mapped to LDAP-Class: value = GroupPolicy_COMPANY_SSL_VPN
  [6707]  msNPAllowDialin: value = TRUE
  I'd be grateful if anyone can point me into the right direction and show me what I'm doing wrong. Thank you.
  ldap attribute-map AuthUsers
    map-name  memberOf IETF-Radius-Class
    map-value memberOf "CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com" GroupPolicy_COMPANY_SSL_VPN
  aaa-server LDAP protocol ldap
  aaa-server LDAP (COMPANY_PROD_INTERNAL) host 10.10.100.110
   ldap-base-dn DC=COMPANY,DC=com
   ldap-scope subtree
   ldap-naming-attribute sAMAccountName
   ldap-login-password *****
   ldap-login-dn CN=LDAPAuth,CN=Users,DC=COMPANY,DC=com
   server-type microsoft
   ldap-attribute-map AuthUsers
  group-policy NOACCESS internal
  group-policy NOACCESS attributes
   vpn-simultaneous-logins 0
   vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
   webvpn
    anyconnect ask none default anyconnect
  group-policy GroupPolicy_COMPANY_SSL_VPN internal
  group-policy GroupPolicy_COMPANY_SSL_VPN attributes
   wins-server none
   dns-server value 10.10.100.102
   vpn-tunnel-protocol ikev1 ikev2 ssl-client
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value SPLIT-TUNNEL
   default-domain value net.COMPANY.com
   webvpn
    anyconnect profiles value COMPANY_SSL_VPN_client_profile type user
  tunnel-group COMPANY_SSL_VPN type remote-access
  tunnel-group COMPANY_SSL_VPN general-attributes
   address-pool COMPANY-SSL-VPN-POOL
   authentication-server-group LDAP
   authorization-server-group LDAP
   authorization-server-group (COMPANY_PROD_INTERNAL) LDAP
   default-group-policy NOACCESS
   authorization-required
  tunnel-group COMPANY_SSL_VPN webvpn-attributes
   group-alias COMPANY_SSL_VPN enable
  tunnel-group COMPANY_SSL_VPN ipsec-attributes
   ikev1 pre-shared-key *****

  I just figured it out. Under "group-policy GroupPolicy_COMPANY_SSL_VPN attributes", I had to add "vpn-simultaneous-logins 15". Apparently, it was using the value "vpn-simultaneous-logins 0" under the NOACCESS group policy.

• 10g w/ASM on RHEL4 with LDAP/AD db user

  Hi folks,
  I'm a bit green at all this Oracle stuff (though I'm pretty experienced with Linux) and I'm currently trying to install Oracle 10g on a 64-bit RHEL 4 AS box, using ASM. This box is currently also running 9i happily. I am running into a couple of problems which may or may not be related:
  Firstly, I've installed the asmlib stuff and it will all run fine (pick up and configure disks on my SAN over fibrechannel etc.) apart from the service/interface configuration - for various reasons I need to have my oracle DB user authenticate against LDAP (active directory in this instance) like all my other users do (and this works fine in 9i) - I don't expect this is a problem for the DB install itself (though I've not gotten that far - I don't have a 10g DB installed yet.) but the config script for ASM will not accept any of my LDAP users as valid, and hence won't set the appropriate permissions on the /dev/oracleasm stuff etc (and doing so manually doesn't seem to solve problem 2) - is there a way around this? Is it a restriction just of the config script or can the service just not cope with non-local users?
  The second problem is that even with ASM disks configured, when I go to do an install with runInstaller, and select the configuration of ASM, it can't find any disks to add regardless of what path I give it to look in. I assume this is related to the problems with ASM above, but perhaps there's something else going on?
  Hope y'all can help.
  Thanks,
  -Nathan

  There are no users for ASM per se. You don't connect as Fred/fred since no-one ever logs into it directly. It's only a storage subsystem.
  the only time you would connect is if you needed to go in as the SYSDBA or SYSOPER role to start it up, shut it down or do maintenance.
  When it is up and running and doesn't see your disks there is a good troubleshooting note
  457369.1 which might help. usually diskstring needs to be set.

• URGENT! I need help on LDAP - Finding deleted users Attribute "sAMAccount"

  Hi,
  I am trying to get deleted users from Active Directory after a certain interval. Every time only the differences in the result will be shown. Also I need to get the value of the specific attribute called "sAMAccount" every time for each user(in the result).
  I am using polling here.
  *if (localCookie == null) {*
                      // Specify the DirSync Control
                      *Control[] ctls = new Control[] { new DirSyncControl() };*
                      ctx.setRequestControls(ctls);
                 *} else {*
                      // Specify the DirSync Control with cookie
                      *Control[] ctls = { new DirSyncControl(1, Integer.MAX_VALUE, localCookie, true) };*
                      ctx.setRequestControls(ctls);
  rspCtls = ctx.getResponseControls();
  *if (rspCtls != null) {*
                 *for (int i = 0; i < rspCtls.length; i++) {*
                      *if (rspCtls[i] instanceof DirSyncResponseControl) {*
                           *DirSyncResponseControl rspCtl = (DirSyncResponseControl) rspCtls;*
                           localCookie = rspCtl.getCookie();
  The typical problem I am facing here is 2nd iteration onwards the result is not fetching the attribute "sAMAccount".
  Please suggest the possible reason and solution.

  String searchBase = "DC=test,DC=com";
  String searchString = "(&(objectClass=user)(|(givenName=*)(isDeleted=TRUE)))";
  String url = "ldap://jbaitest.test.com:389";
  String initCntxtFact = "com.sun.jndi.ldap.LdapCtxFactory";
  String login= "CN=Administrator,CN=Users,DC=TEST,DC=COM";
  String passwd = "welcome@1";
  byte[] localCookie = AdPolling.getCookie();
  try {
      Hashtable<String, String> env = new Hashtable<String, String>();
      env.put(Context.INITIAL_CONTEXT_FACTORY, initCntxtFact);
      env.put(Context.SECURITY_AUTHENTICATION, AdConstant.SECURITY_AUTH_TYPE_SIMPLE);
      env.put(Context.SECURITY_PRINCIPAL, login);
      env.put(Context.SECURITY_CREDENTIALS, passwd);
      env.put(Context.PROVIDER_URL, url);
      LdapContext ctx = new InitialLdapContext(env, null);
      SearchControls searchCtls = new SearchControls();
      String returnedAtts[] = null;
      searchCtls.setReturningAttributes(returnedAtts);
      searchCtls.setReturningObjFlag(true);
      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
      if (localCookie == null) {
          Control[] ctls = new Control[] { new DirSyncControl() };
          ctx.setRequestControls(ctls);
      } else {
       // Specify the DirSync Control with cookie
       Control[] ctls = { new DirSyncControl(1, Integer.MAX_VALUE, localCookie, true) };
       ctx.setRequestControls(ctls);
      NamingEnumeration enumSearchResult = ctx.search(searchBase, searchString, searchCtls);
      AdRestClientConnector adRestCon = populateUsers(enumSearchResult); // Method to get the different  attribute values
      rspCtls = ctx.getResponseControls();
      if (rspCtls != null) {
       for (int i = 0; i < rspCtls.length; i++) {
           if (rspCtls[i] instanceof DirSyncResponseControl) {
            DirSyncResponseControl rspCtl = (DirSyncResponseControl) rspCtls;
            localCookie = rspCtl.getCookie();
  AdPolling.setCookie(localCookie);
  } catch (NamingException e) {
       log.error(AdConstant.ERROR_SEARCHING_DIR_PROBLEM + e);
  } catch (Exception e) {
       log.error(AdConstant.ERROR_SEARCHING_DIR_PROBLEM + e);