Configuring Multiple LDAP Domains
I am having trouble configuring multiple ldap domains for declarative security and form-based authentication.
I have setup another instance of Directory Server on my local machine, on a different port. I want to be able to talk to this alternate directory server for form-based authentication and roles.
I have tried to do this by following the instructions at http://docs.iplanet.com/docs/manuals/ias/60/sp3/admin/adbasica.htm#21662, but I've had no luck. Below are screenshots of my configuration. (I've attached a word document in case you don't have a HTML-enabled mail reader).
My screenshots were wrong in the e-mail below, but correct in the attached word doc.
----- Original Message -----
From: Matt Raible
Newsgroups: iplanet.ias.general
Sent: Wednesday, August 22, 2001 7:05 AM
Subject: Configuring Multiple LDAP Domains
I am having trouble configuring multiple ldap domains for declarative security and form-based authentication with iPlanet Application Server 6.0, SP3.
I have setup another instance of Directory Server on my local machine, on a different port. I want to be able to talk to this alternate directory server for form-based authentication and roles.
I have tried to do this by following the instructions at http://docs.iplanet.com/docs/manuals/ias/60/sp3/admin/adbasica.htm#21662, but I've had no luck. Below are screenshots of my configuration. (I've attached a word document in case you don't have a HTML-enabled mail reader).
Similar Messages
-
Configuring Multiple LDAP Datasources in VDS
Hi,
I'm trying to configure multiple LDAP Datasources using VDS, one talking to AD and other to Novell eDir from VDS, my LDAP connection strings works well but when I start the service in VDS the service will never startup all I see is Exception null, it does not throw any exception at the same time it doesn't start up the service. I've tried configuring with signle Datasource which works fine. This is failing when I combine those two datasources into one configuration. Have any configured multiple datasources with in VDS. Not sure if you have encountered any problems.
Thanks,
Joe.PAre you just trying to bring in two LDAP data sources or do a join between them?
Actually both I believe are considered types of joins.
You cannot just define two datasources and expect them to show up. -
How to configura multiple ldap server to the sun access manager
Hi,
please help how to configure multiple ldap server to the sun access manager, for example access manager does't find the user in ldap1 then it should search in ldap2.
Thanks
MouliThere�s no need for deleting the default amSDK based datastore because it�s needed for some default accounts.
You may try to create the datastore using the commandline (amadmin)
Have a look /etc/opt/SUNWam/config/xml/idRepoService.xml
You may also try to create amadmin account in the external ldap directory.
(Un)fortunately i�ve never tried to remove the default datastore.
-Bernhard -
SCOT - Configuring multiple default domain
Hi,
Is it possible to configure multiple default domain in SCOT in a client?
I have set the default domain to e.g. "company1.com" and mails with this domain are sent out. However, mails with "company2.com" are not sent out. The message in SOST is "Delivery Attempted" and the mails were never received.
I tried setting the default domain in SCOT to "company1.com, company2.com" but it didn't work. So I'm assuming that it will only accept one default domain.
"company1.com" and "company2.com" are my subsidiary companies and not "yahoo" or "gmail" domains.
ThanksHi my friend
Default domain can be only one as it's called "default", which involves another setting: the SMTP mail host you define also can be only one, it can't work for 2 different mail domains.
Regards,
Effan -
Configuring one LDAP domain with two OU (one RO, another RW)
Hi Team,
My client is implementing NW 7.0 Enterprise Portal on SP14, AIX 5.3 & Oracle 10.2.0.4.
We're using MS-ADS LDAP as an UME data source. The client wishes to configure UME for one single ADS LDAP (domain) with two OU (NOT domains) such that:
1. One OU has read only access
2. Second OU has read/write access
Following is an illustration of the LDAP tree structure:
CORP_DOM
-- INT_USERS (CN=IntUsers, DC=CORP_DOM, DC=NET) - read-only
-- INT_GROUPS (CN=IntUsers, DC=CORP_DOM, DC=NET) - read-only
-- EXT_USERS (CN=ExtUsers, DC=CORP_DOM, DC=NET) - read/write
-- EXT_GROUPS (CN=ExtGrp, DC=CORP_DOM, DC=NET) - read/write
|-- SAccounts
|--
|--
Note the single LDAP domain, multiple user and group paths with different access privileges.
Based on what I've read so far, this does not seem feasible as the datasource configuration file has to have unique datasource id and the private section allows only one tag for user path and group path.
I checked OSS, SDN but could only find information on configuring multiple domain/LDAP and not one LDAP domain but two OU/CN.
Kindly let me know if anyone has come across or done such a configuration.
Thanks.Hi GLM,
You are right, access permissions to the OU are given to the service account used to access the directory from the portal.
The issue I have is not about granting permissions - its more about whether it is possible at all to configure UME for one single ADS LDAP (domain) containing two OU (NOT domains). I'd need to access the directory with two different service users having differen access privileges.
I don't see how it can be done, since the datasource id in the portal datasource configuration file has to be same as the domain and the private section allows only one tag for user path and group path.
Thanks. -
Ldapclient multiple LDAP requests
Hi,
I have setup an Directory Server for LDAP Authentication. Everything is working as expected, but some clients perform multiple LDAP requests. and decrease the performance of the Directory.
One of such client is an Solaris 8 client
# uname -a
SunOS Jetgold 5.8 Generic_117350-29 sun4u sparc SUNW,UltraAX-i2
Here is the logs in the directory. you can see multiple LDAP open requests for Directory server at the same time from same client. Here the /etc/hosts
# cat /etc/hosts
127.0.0.1 localhost
10.196.59.222 host host.domain.com loghost
10.196.57.1 ldap1 ldap1.domain.com
# tail -f access |grep 10.196.59.222
[27/Nov/2007:17:24:19 -0800] conn=53324 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53325 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53326 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53327 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53328 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53329 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53330 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53331 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53332 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53333 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53334 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53335 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53336 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53337 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53338 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53339 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53340 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53341 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53342 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53343 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53344 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:19 -0800] conn=53345 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53346 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53347 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53348 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53349 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53350 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53351 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53352 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53353 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53354 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53355 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53356 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53357 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53358 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53359 op=-1 msgId=-1 - fd=120 slot=120 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53360 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53361 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53362 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53363 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53364 op=-1 msgId=-1 - fd=120 slot=120 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53365 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53366 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53367 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53368 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53369 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53370 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53371 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53372 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53373 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53374 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53375 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53376 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53377 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53378 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53379 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53380 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53381 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53382 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53383 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53384 op=-1 msgId=-1 - fd=120 slot=120 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53385 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53386 op=-1 msgId=-1 - fd=120 slot=120 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53387 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53388 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53389 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53390 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53391 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53392 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
[27/Nov/2007:17:24:20 -0800] conn=53393 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
Is there any configuration I am missing?
Thanks in advance for your response
SrikanthHi,
You can refer to the following weblinks for the same
HELP.SAP.COM
http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
FORUMS
LDAP Server settings for Configuring Multiple LDAP in Portal UME.
LDAP Configuration - Multiple domains
EP7 - Multiple LDAP sample file
SAP Note
736471 UME Configuration of multiple LDAP data sources
Please let me know incase you have any issues.
Regards
Bir -
Is it possible to have multiple LDAP Sync from OIM 11g?
I have a requirement to setup LDAP sync to a legacy iPlanet 5.2 LDAP server and that looks pretty straight forward. Now I'm planning to integration OAM with OIM. Our OAM is configured against OVD/AD (multiple domains), so that needs a LDAP sync to be cofigured against OVD/AD. I would like to know if multiple LDAP sync is possible and is a supported config? Experts please help.
Thanks,
Sunil.Thanks for the reply.
The below link lists the LDAP's supported:
http://docs.oracle.com/cd/E21764_01/install.1111/e12002/oidonly.htm#autoId23
My question specifically is, can I configure multiple LDAP sync's? I already have LDAP sync configured for iPlanet/ODSEE and now I wanted to set LDAP sync to AD to support OIM-OAM integration. Any thoughts? -
Multiple LDAP data sources in EP7.0 SP14
Hello,
I am new to a site that uses portal and SSO between portal and AD LDAP. The portal version is EP7.0 SP14. The datasource is configured with 'datasourceConfiguration_ads_readonly_db_with_krb5.xml'. User path is OU=Users,OU=Finance,DC=io,DC=network and Group Path is OU=Groups,OU=Finance,DC=io,DC=network. The flag to use the Unique ID is also set to 'samaccountname'. The problem is that we also have users in OU=Admins,OU=Finance,DC=io,DC=network and OU=Managers,OU=Finance,DC=io,DC=network in the same AD LDAP that are not visible to the portal but we would like them to be?
It did appear to work if I changed the User Path to OU=Finance,DC=io,DC=network but I can not find any SAP document that supports doing this?
I have seen the document 'Configure multiple LDAP data sources for the UME' with the following link https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b however this specifies EP6 so I'm not sure if it is still relevant?
Also somebody did warn me with "If you change the xml file it will remove all current user mappings to the portal, all the groups mapped to roles will be lost and you will have to set them up again". Is this true?
Am I supposed to be using the SPNego Wizard as described in SAP Note 994791?
And possibly the following links for configuring and testing the SPNego...
Configuring and troubleshooting SPNego -- Part 1
Configuring and troubleshooting SPNego -- Part 2
Any guidance towards the best approach to solve our problem would be greatly appreciated.
Thanks,
DaveHi Dave,
It did appear to work if I changed the User Path to OU=Finance,DC=io,DC=network but I can not find any SAP document that supports doing this?
OK, I am not an LDAP expert, but if you just want to change your entry point in the structure, I do not see how this would be a problem. I do not know what kind of statement you would expect in the SAP documentation allowing this. Maybe this will answer your question: [Organization of Users and Groups in LDAP Directory|http://help.sap.com/saphelp_nw04s/helpdata/en/09/c5ee407552742ae10000000a155106/frameset.htm]
I have seen the document 'Configure multiple LDAP data sources for the UME' with the following ... however this specifies EP6 so I'm not sure if it is still relevant?
This function has not changed much since EP6, only the administration tools.
Also somebody did warn me with "If you change the xml file it will remove all current user mappings to the portal, all the groups mapped to roles will be lost and you will have to set them up again". Is this true?
It depends on how you change the XML file, but it does not sound like you need to do this, just the configuration of the connection to the LDAP, that is, higher in the structure.
Am I supposed to be using the SPNego Wizard as described in SAP Note 994791?
Only if you want to use SPNego for SSO.
-Michael -
LDAP Configuration - Multiple domains
I have a domain called SA and I have subdomains called IL,NY,TX with corresponding users in the subdomain.It is a deep hierarchy.I want to bring all the users from all these subdomains.
Below is my environment,
User path: ou=users,ou=test,dc=IL,dc=SA
User path: ou=users,ou=map,dc=NY,dc=SA
User path: ou=users,ou=temp,dc=TX,dc=SA
If I give a single path, I am able to bring all the LDAP users. What do I need to do to bring all the users from all the subdomains in EP60.Dear Anonymous User -
Have you tried configuring the connection to the LDAP to use port 3268 instead of 389? Also, you may need to point to the domain controller instead of one of the sub-domains.
Additionally, you'll want to ensure that the users are unique amongst all of the sub-domains. If not, you'll find that users may experience intermittant behaviour.
Finally, you could also configure the portal to use multiple LDAPs, and treat each of th sub-domains as a seperate LDAP even though they physically exist on the same server.
Regards,
Kyle -
LDAP supporting multiple DNS domains
I have an environment with multiple DNS domains, and am configuring a Directory server (DS 6.3.1) to centralize various OS configuration maps including user authentication. None of the DNS domains have unique data, so I'd like to do something like storing all the real data in one suffix, then somehow have all clients look to that primary suffix. I am aware that the Solaris Native LDAP client wants to bind to a nisDomainObject that matches its DNS domain. I'm just having a hard time believing that I really need to manage all those individual suffixes when they don't have unique data requirements.
Take as an example the following domains to be supported: foo.example.com, bar.example.com, dev.example.com, qa.example.com, prd.example.com (no hosts are actually in "example.com", they are all in subdomains). Again, all share common configuration data, same user IDs, etc - no unique maps are required.
I created a suffix, "dc=example, dc=com", set it up with idsconfig. All is well there.
[A] My first thought is to bind all Solaris clients, regardless of their DNS domain, to the baseDN of "dc=example, dc=com" in order to avoid having a separate suffix for each DNS domain. I tried to do this using "-a defaultSearchPath=dc=example,dc=com" with ldapclient init, but it failed with an error indicating it wants to see the nisDomainObject of its real DNS domain.
The second though I had, which I don't believe is possible, is to find some sort of a LDAP equivalent of a symbolic link so that I could actually have an object for each DNS domain, but it would simply point back to "dc=example,dc=com". I can't find anything in the documentation which suggests this is possible, but I'd love to be wrong!
[C] Perhaps this could be somehow done with a rats nest of SSDs, but that really seems unwieldy, right? I plan on using a fair amount of the available objects, so it would be many SSDs per suffix. Yuck.
Can anyone comment on my above thoughts, or provide how they would go about supporting multiple DNS domains that have common configuration data?
Thank you,
ChrisOk, I answered my own question. Turns out it's pretty easy. Just use the "-a domainName=example.com" option with `ldapclient` then make sure that the FQDN of the LDAP server is available (or use its IP address). My problem was that the ldapclient overwriting nsswotch.conf was clobbering the SSL session because I used the FQDN which couldn't resolve.
This leaves an interesting condition of having the output of "domainname" not match the DNS domain. I'm testing now to see if this causes any unexpected issues with our environmnet, but I suspect it's not a problem. -
How to configure multiple domains in Active directory
HI,
How can I configure multiple domains on Active Directory. When I installed AD it asked for a domain name, there I gave ravigupta.com as domain name. But now I find no way of creating another domain.
I am a java developer and my task is to write a programme which returns all the domains available in LDAP server.
To start with ,I tried to create few domains in LDAP server ( AD ) but stuck up ,as i found there could exist only one domain.
Please tell me how to configure multiple domains in LDAP server ( Active Directory).
I skiped DNS configuration while AD installation.
-raviI'm sorry, but you should be asking on a different forum. This has nothing to do with Java.
-
How to configure multiple smtp servers per domain
Hi,
how do we configure multiple smtp servers per domain/corporate in iplanet messaging server 5.2. i wanted to do this so that i can configure some domains with virus scanning and some domains without antivirus.Hi Martin,
Well we are trying to run a report without exactly specifying the name of reports server anywhere, e.g. in database or in form or anywhere else. Now if I do not supply a reports server name using RUN_REPORT_OBJECT, the error it displays is FRM-41211: Integration Error : SSL failure ... However if I specify the reports server name in the form, the reports run perfect. Also the name of reports server is specified in rwservlet.properties.
Now the question goes as follows:
Can I run my report from Form without specifying the name of the Reports server anywhere at all. This is so because either an in-process reports server should be picked or the one which is entered in rwservlet.properties should be pickec up by default. Please correct us if we are wrong. once we are through with it, we have to move to Oracle 10gR2 concept of reports server.
Thanks in anticipation,
Ruchi/Saurabh -
Multiple LDAPS with same username!
Hi,
we have a case where we need to connect to multiple LDAP servers and configure SPNego for Kerberos authentication of portal. we have a problem in case of user names. some user names are same in both LDAPs. LDAPs are portal are positioned as (Landscape convension)
LDAP1: xxxx.yyyy
LDAP2: ssss.yyyy
Portal : pppp.gggg.yyyy
where as gggg.yyyy is a trusted domain for both xxxx.yyyy and ssss.yyyy.
we have login problem in same user case. (same user exist in xxxx.yyyy and ssss.yyyy). I haven't gone into details yet like logs and all troubleshooting stuff. Before doing all this just want to know your views whether I can do this or not. If I can achieve any suggentions how to proceed further?
Regards
RavindraHi,
Kerberose (Spnego) is possible with multiple ADS data sources. Check SAP Note 1007227 and the below link.
http://help.sap.com/saphelp_nw70/helpdata/en/45/40a320773a7527e10000000a114a6b/content.htm
Regards
Deb -
Multiple LDAPs with SSO Kerberos
Hello,
Right now I'm using SAP EP 7.0 EHP1 with one LDAP and everything is working fine. However, I have to integrate two new enterprises to the same SAP EP with different domains and differents LDAP's. I see some information about how to integrate the LDAP's but I want to know what is going to happend with the SSO configuration. How can I enable the same SSO functionality to the new enterprises with multiple LDAP's?
Please, any ideas? Maybe someone have information about this topicHi,
Kerberose (Spnego) is possible with multiple ADS data sources. Check SAP Note 1007227 and the below link.
http://help.sap.com/saphelp_nw70/helpdata/en/45/40a320773a7527e10000000a114a6b/content.htm
Regards
Deb -
Is it possible to have multiple LDAP providers configured within one UCM instance?
Users from A.DOMAIN.COM and users from B.DOMAIN.COM can authenticate with and share one UCM? This is of course not taking into consideration how security would be set up behind the scenes.. this is more of a 'what if...' question. We would want the users authenticating against their domain accounts in their respective domains.
If it makes any difference, A & B are Active Directory domains in a two-way trusted relationship that belong to the common DOMAIN.COM forest.
ThanksHey Peter,
This use case can be handled. If you notice in the documentation for security
[Seen Here|http://download.oracle.com/docs/cd/E10316_01/cs/cs_doc_10/admin/users_security/wwhelp/wwhimpl/common/html/wwhelp.htm?context=managing_security_10&file=page_7_17.htm]
You can set up additional LDAP providers. In this documentation, they are referencing fail-over, however, this will work for your case, with various users are in LDAP B vs LDAP A.
Keep in mind that you need to set the provider priority to be different than your first provider, such as priority 1, then priority 2 and that all users will hit the first provider first if they have never logged in, however, their last success log in with X provider will be saved so all subsequent requests will go to the proper ldap provider.
-AJ LaVenture
Software Consultant
www.fishbowlsolutions.com
Maybe you are looking for
-
Accessing print services in the client machine(browser)
Query: We had migrated a forms-3 form to forms-6i. The forms-3 form used a userexit to call a related Pro*C functionality that helped finally to print the report file generated during the process into the client machine's printer. How do we take care
-
I use 1and 1 webmail for e-mail and there isn't a way to addin my webmail acct. what should I do. in "mailto" in FF I selected "other" should I do that or check something else.
-
I can not sync my iPhone on more than one machine.
Hi, I got a Macbook in replacement of my Windows PC that failed on me . When I plugged my iPhone into my Mac, I couldn't sync the phone because it said 'Erase and Sync' which is something I WILL NOT be doing. So I followed the steps on another commun
-
I have been using LR with PS/CS3 for a while but for some reason the behavior seems to have changed when pushing a file to PS. To maintain layers when working in PS I have to push the file to PS by choosing "Edit a Copy with Lightroom Adjustments", m
-
Where are printer profiles stored in 10.9.5?
I have replaced my old, large format printer and want to discard its old printer profiles from the OS. Where are these stored? I'm using Photoshop CS5 with a (new) Canon iPF6400 printer. Can I just drag these old profiles to the Trash or is there som