Cisco Finesse - End user and LDAP sync.

Similar Messages

• How to Use the same iview for both KM End User and the KM Administrator

  Hi friends,
  *This is my scenario :* How to Use the same iview for both KM End User and the KM Administrator but with different Context
  Menu Options.
  i followed these steps but im getting same context menu for both KM End User and the KM Administrator .
  Assign the role Content Administrator to the user km_admin. This is needed so that km_admin can change
  the presentation settings for the KM Folder u201EReports_kmFolder‟.
  Now, login with user km_admin. Navigate to the Km Folder reports_kmFolder through Content Administration
  -> Km Content. Click on Details link of the folder reports_kmFolder.
  Go To Settings -> Presentation. Click on the tab u201ESettings for You‟-> Click on button u201ESelect Profile‟.
  Select the radio button corresponding to u201Elayout Set‟, and choose u201EConsumerExplorer‟ from the dropdown.
  Click u201EOK‟.
  Select both the check boxes corresponding to Items Affected as shown above, and click u201ESave‟
  Now, remove the u201ESuper Administrator‟ role from the user km_admin and login with this user.
  How rto resolve this????
  Regards,
  Prasad.

  Hello Prasad,
  Most likely the user km_admin still has system principal roles assigned, even though you removed the Super Admin role, you should check that this user doesn't have any other admin roles, otherwise it will be considered a System Principal user and will therefore still have access to all content. For more information see http://help.sap.com/saphelp_nw70/helpdata/en/19/56f28fbd4e11d5993b00508b6b8b11/frameset.htm
  Try creating a new user with just read access to the content and you should see that it will not be able to make any changes etc.
  Regards,
  Lorcan.

• Adding phones and users with bat and LDAP sync

  What are the various ways of importing users with phones when the Communications Manager 9.0 is sync'd with LDAP.  Also, what method is the easiest and fastest?
  For example, I could do the following steps:
  Sync CUCM with LDAP to import new users, add phones using bat files, manually update users to associate devices etc
  I believe I should also be able to do the above method and use a bat file to update the users to associate devices etc.  This method still involves 2 steps and the creation of 2 seperate bat files.
  In CUCM version 9 it is possible to have local and LDAP users, so is it possible to add the phones and users using the phones/users tab of the bat file and have them beocme LDAP users?
  Thank you,
  Danny

  #1 Remove this embedded CSS code from your HTML document(s).  You don't need it.
  body {
      background-color: #CCC;
  body,td,th {
      color: #FFF;
      font-size: 14px;
  #2 Open  PW.css file and add this to the top:
  body {
  font-family: Arial, Helvetica, sans-serif;
  font-size: 14px;
  background-color: #CADFEB;
  /**or insert a background-image using the CSS editor**/
  #3 Remove font-family and font-size from all your other CSS selectors.  You don't need to duplicate styles on every element. 
  #4 Replace this:
  #content {
      position:absolute;
      left:199px;
      top:10px;
      width:860px;
      z-index:1;
      right: auto;
      background-color: #FFF;
      text-align: center;
      color: #000;
      height: auto;
  with this:
  #content {
       width:860px;
       margin: 20px auto;
       border: 4px solid silver;
       background-color: #FFF;
       text-align: center;
       color: #000;
       -moz-box-shadow: 5px 5px 5px #888;
       -webkit-box-shadow: 5px 5px 5px #888;
       box-shadow: 5px 5px 5px #888;
  #5 Save your PW.css file and upload to server.
  Nancy O.
  Alt-Web Design & Publishing
  Web | Graphics | Print | Media  Specialists 
  http://alt-web.com/
  http://twitter.com/altweb

• [CUC] Convert Subscriber from AXL CCM User to LDAP Sync User

  I want to know if it's supported, and if so, how, to convert from AXL to LDAP when talking about subscribers in Unity Connection.
  I have found this post, which asks the question, but does not actually "convert", as it requires deleting and re-creating.
  https://supportforums.cisco.com/message/4044114#4044114
  I want to know about a true conversion.  As you do when you go from a local CUC subscriber to an LDAP Synced subscriber.
  I have tried using the store procedure: csp_subscribermodify, supplying the following params: pobjectid = the object id, palias = my AD user ID, pldapccmuserid = my AD user ID, pldaptype = 3, pccmid = null, and pccmidtype = 0.
  While the stored procedure looks like it worked, the web page for the subscriber looks a bit odd.  The alias changed, and the ldap sync status changes, but the normally greyed out fields, like alias, are still editible.  Also, none of the other LDAP attributes sync.  So, I'm convinced it didn't actually work.
  What am I missing to make this work?  Thanks.
  PS Jeff, if you see this, I enjoy your training videos.  "Easy Peasy!"
  Anthony Holloway

  Hi Anthony-
  Check out my answer to this thread:
  https://supportforums.cisco.com/message/3963782#3963782
  Please remember to rate helpful responses and identify helpful or correct answers.

• OIM and ldap sync

  I am using OIM 11gR2 and OID 11.1.1.6. Users and groups will be in OID, and OIM is
  required to do the provisioning of users. Plan is to use ldap sync between oid and oim.
  With ldap sync, all users will be available in OIM. And then in OIM can one do the
  provisioning of users. Is this approach ok? Or should we have OID connector? Or both?

  You can use LDAP Sync between OIM and OID. You dont need OID connector in this case.
  More here...
  Why would you use the LDAP Sync instead of the OID Connector?
  http://fusionsecurity.blogspot.com/2012/01/oim-11g-ldap-synchronization.html

• OIM-OAM integration and LDAP Sync

  Hello All, I have deployed OIM 11g R2 and OAM/OVD 11.1.1.5. Now I need to enable LDAP sync for OIM-OAM integration and I'm not allowed to extend Oracle schema in AD. So I decided to use OUD for FMW schema and I have completed all those steps and OUD is up and running. Since my enterprise directory is AD and OUD is my FMW directory, I need to think of a split profile setting in OVD. I'm following this link http://fusionapplications-ateam.blogspot.com/2012/04/split-profiles-with-ad-and-oid-for.html for this deployment. I have OVD adapters configured for AD, OUD, Join view and changelog. The link does not clearly explain the steps in OIM for LDAP Sync.
  When I configure LDAP Sync in OIM, should I point the sync to the OUD users container?
  When and how this cn=shadowentries container will be used? I understand that the password (obattributes) are used for password management by OAM, but wondering where will that get stored in OUD?
  Please let me know your thoughts.
  Thanks.

  Hi,
  when I use url:
  http://idm1:14000/admin/faces/pages/Admin.jspx
  I get Access Manager login page, I can click links: register new user, reset password and I get correct OIM pages. But when I type xelsysadm and password I get error on the next page:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  I can't logon to EM, OAMconsole, Weblogic etc. when the OAM is running. In OIM log I got errors from oam-agent: "User is not authorized to access resource, MinorCode: DENY, MajorCode: DENY".
  I have got user xelsysadm in OIM and in LDAP, when the OAM is not running I can login to OIM, create users in OIM (they appear in OID) etc. The user xelsysadm is added to group: OAMAdministrators. Also when I try to logon to OAM console (http://idm1:7001/oamconsole) using orcladmin name I get error: Access to administration console is restricted. But when I use weblogic username (the user is in OAMAdministrators group in OID) i can get OAMconsole.
  How can I change logon type in OIM?
  best
  mp
  Edited by: J23 on 2011-01-10 00:47

• Push Notifications to end users and Conditional Success Screen Name ?

  Hi,
  Scenario: PO Approval
  Description: I am developing a PO approval application with 3 levels of approval. The HWC application is based on the push notification ( DCN with payload ). When a PO ( Purchase Order ) is created/modified the end user will get the notification. Once the first 2 levels of approval is done from the mobile devices the notification should reach the 3rd level for approval. And Conditional Based Users only View there Profiles, If an User1 Approved PO Approval then only User2 Will get Push Notification but  for User3 it will not Visible, Oncethe User2 Approved then Only User3 will get Push Notifications and these 3 Profiles have to be log in Based on Condition Name & Conditional Success Screen Name.
  Question: How to set to which user the notification should reach. In the "to" field of JSON when I am providing "supAdmin" means the notification will reach all the devices who has the application. Once a PO is created the notification should reach only to user in the first level. Once he approves the PO, then only it should reach to the user in the 2nd level. And finally 3rd level.
  Here Conditional Name is the best way to Log In or is there any other way to show the User based Log in Details, Because Here I am showing a List of Items Based On Log In,  and Based On Log In user Has to view there List of Products and Status.
  How to manage this situation.
  Midhun VP can you please help me on this.
  Thanks,
  Vamsi K

  Yes, DNS is is fundamental for networks, even for Windows networks. The DNS is working well for the existing Windows network and there are no problems in distributing certificates etc.
  There are more than 150 users and 180 devices on the network without DNS problems.
  I don't know how to discover a DNS problem... Windows works well.
  DNS resolves fine... dig does it for "a" records and "ptr" records. nslookup resolves, too.
  When the problem is a faulty DNS, why does the usage of users/devices from OD work with Profile Manager?
  Renaming and/or migrating the ActiveDirectory is not possible. First, I want to be sure that there is a faulty DNS.
  The .local TLD is not optimal for Bonjour/mDNS but I can't believe that there is no workaround

• End user and password change

  Hi.
  I have a small application running on 3.0.
  I created 10 end-users with a dummy password as "not developers" and "not administrators". Further I marked for change password at next logon.
  However, users are able to logon using the the link from the logout page directly into the application without changing the password. Also, the "FIRST_PASSWORD_USE_OCCURED" = N in table wwv_flow_fnd_user.
  Change_password_on_first_use is Y.
  Anyone seen this before?
  rgds
  Kjell Ove

  Alex,
  Connect as the Application Express product schema, e.g., FLOWS_030000 for version 3.0. Unlock this account first if it is locked or simply connect as SYS and alter session set current_schema=flows_030000. Then:
  select value from wwv_flow_platform_prefs where name='MAX_LOGIN_FAILURES';
  That should show the 9999999... value. You can update that row with a new value.
  We'll look into fixing this problem. Thanks for the info.
  Scott

• Security using both rpd users and ldap

  Hi,
  I need 5 dummy users in rpd. I dont want to give them adminstrator previleges because they are not allowed to see everything in my dashboards. My authentication works using an LDAP server, is there any way I can let these dummy users login along with those in the LDAP server??

  I dont think it is possible to use both BI server default authentication and LDAP. You can always have multiple LDAP servers to authenticate. You can request for 5 service accounts to be created in the LDAP for OBIEE, and assign the privileges accordingly so they will see only required dashboards.
  Please award points if helpful,
  Thanks,
  -Amith.

• Wireless controller lobby user and LDAP

  Hi team,
  I want to ask you is there any possible way to authenticate lobby ambasador users using LDAP? Our client wants to give lobby ambasador priviledges to users in Microsoft Active Directory, so they will be able to create guest users! Do you know if it is possible?
  Kind regards,
  Dimitar Katrandzhiev

  should be I use that with my NCS but for the WLCs I saw a solution..hope that is also one for you..
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080871921.shtml

• Netweaver UME and LDAP sync ( user data)

  Hi Experts,
     We have a requirement to support the offiline availability for one of the netweaver servers in the landscape . We are planning to integrate all the java netwevaer systems with LDAP and is there any possibility to sync all the user data including password to the netweaver UME in case of LDAP not available. So, users can do some tasks in offline mode with LDAP .
  Any information regarding would be greatly appreciated.

  This tool looks interesting, and might be useful to Rao, but it would need some improvements to make it secure. I suggest using cryptographically secured session between the domain controller and the SAP system so that password changes can be send to SAP, and then captured by an RFC function module, and written into SAP user store. Since RFCs in SAP can be secured using SNC, and AD uses Kerberos, it would be good/easy to use Kerberos to secure the session between the DC and SAP ABAP when passing the password over the network. Then, the J2EE engine can be configured to use ABAP as the user store via UME. The end result is that Active Directory can be used to authenticate to SAP, and if AD is not available, or wide area network is not available the ABAP/UME password can be used locally.
  One issue worth considering, is what happens when there is no network connection from the domain controller to the SAP system ? The software would have to queue the request so that when network connection is back, the password change is pushed to SAP system, and then the two password stores will be in sync at all times. Without this queuing system there is a chance the password will get out of sync.
  Obviously, a lot of work to do in order to make this work, especially if you want it to work securely and reliably. However, it has some possibilities.
  Take care,
  Tim

• Active Directory User and Password Sync

  Hi,
  We have virtualised development labs that are direct clones of our production environment, including names, IP addresses and Active Directory. These labs are ring fenced using virtual network appliances with firewall rules that allow access to specific ports.
  The issue we have is that when passwords expire either in the labs or in production AD, it causes issues for our developers. Also, when new users are created in production, the process has to be repeated in multiple labs which is a bit of a time sink, even
  with scripts.
  Currently we sporadically do system state restores to AD controllers in the labs to get them in sync with prod but this also requires us re-adding all the servers back onto the domain and again is tedious process. Is there any way to sync from production
  AD to the labs AD?
  Thanks in advanced.
  Mark

  If it is an isolated environment, you won't be able to synchronize the data.  
  Export/Import, Backup/restore, P2V, D2VHD etc are the only option. 
  Santhosh Sivarajan | Houston, TX | www.sivarajan.com
  ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
  Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
  Blogs: Blogs
  Twitter: Twitter
  LinkedIn: LinkedIn
  Facebook: Facebook
  Microsoft Virtual Academy:
  Microsoft Virtual Academy
  This posting is provided AS IS with no warranties, and confers no rights.

• Cisco's Network Registrar and LDAP (tcl script)

  Hi all,
  I use CNR version 7.1. I use ldap for authentication user. I have a problem if ldap server not available. I want with tcl script to know what ldap not available and send to user default configuration (ip,dns) 
  How I can transfer in tcl a script that the server ldap isn't accessible? where i can found error code for this ?
  Thanks
  Roman

  Hi Habeel,
  I've answered this question before. If you search the forum for "ldap healtcheck script" - and yes the typo is real then you'll see what I did.
  The text is here:
  The easiest way is to capture a packet with the authentication credentials and then replace the hex bind string in the example.
  The alternative is to handcode the BER coded ASN.1 data string - which while more fun is time consuming. The remainder of the script can stay the same.
  I've done this on an ACE module. You have to be aware that 300c02010160 in the example script string is a sort of "header" that holds the request id (1). This will be different in your packet capture.
  If you look at the decomposition of the example you'll be able to see how it is put together and what you need to change.
  0x30 The start of a universal constructed sequence
  0x0c The length of the sequence minus the tag and length bytes = 12 bytes
  0x02 Next field is an integer
  0x01 The length of the next field (1 byte)
  0x01 Value (this is the message ID)
  0x60 Application, number 0, use RFC2251 to decode. This is a Bind Request
  0x07 Length of data to follow.
  0x02 Integer
  0x01 Length 1
  0x03 3 - this is the LDAP version.
  0x04 String
  0x00 Length 0
  0x80 Simple Authentication
  0x00 Length 0
  Just keep the id the same in the unbind.
  The string I use is:
  302d02010160280201030418636e3d41636550726f78792c6f3d556e69766572736974798009ffffffffffffffffff
  where I've replaced the 9 character password with 9*x'ff'.
  The username for binding is AceProxy. If you want to use the same script then create that username and set the password in the string above (in hex). If for example you set the password to Example12 then you need to set the 9*x'ff' to '4578616d706c653132' - which is the hex representation of the ASCII.
  Note that if you use fewer or more than 9 characters then you'll need to change other values in the string because they refer to lengths.
  HTH
  Cathy

• How to see what version of Cisco Jabber end users have installed

  We are running CUCM / CUP 10.5.1.   Where would I be able to see which versions of Jabber are in our environment?   I want to upgrade everyone to Jabber for Windows 10.5, but first I would like some visibility into our current environment.

  We are running Jabber for Windows in Deskphone mode, so there is no CSF device.  Any way to see what version of these clients?

• How to create new user and How can i assign end user roles

  Hi,
  I am new to SAP, please explain how to create end users and their roles
  Thanks
  ravi

  Hi,
  Roles are decided by IT managers. Suppose if Persons who are working in shopfloor or production side
  give authorization to Production order create , change and Confirm like that etc
  1. In role maintenance (transaction PFCG), choose the Authorizations tab page.
  2. To change the authorization data for the transactions assigned to the role, choose Change Authorization Data or Expert Mode for Profile Generation. Otherwise, a dialog box appears in expert mode (see Regenerating an Authorization Profile After Changes).
  Please take telp from Basis person also refer this link,
  http://help.sap.com/saphelp_46c/helpdata/EN/52/6714a9439b11d1896f0000e8322d00/frameset.htm
  Thanks