Creating user with LDAP Intergrated

Hi Guys,
I just sync with LDAP with SAP (ABAP) and its came out nicely.But there's still some questions about how to use this (FYI, the LDAP Server are the leading systems) :
- How to create a new user from SAP, is it SU01 or from LDAP tcode?
- As for mapping , do I need to run the RSLDAPSCHEMAEXT on SE38 if LDAP Server is the leading system? Our LDAP server are running on Tivoli
- If I have to create user from tcode LDAP, do I need to put these syntax: dn=,cn=,sn=...etc?
Thank You in return

Hi,
You can use SU01 or U can create the user in LDAP not using LDAP tocde.Yuo can create the user in LDAP directory and then sync the users by running the report.
Regards,
Vamshi.

Similar Messages

  • Creating user with extension mobility on prime provisioning 10.5

    Hi All,
    Does anyone know any document or have any expirenece on creating user with extension mobility on prime provisioning 10.5?
    I'm facing challenges on it, appreciate if you have any document or experience to share with me.
    Thanks,
    Cherry

    What sort of issues are you facing?
    I'm also having problems, but I think it is system related.
    CUCM is LDAP synced.
    When PCP tries to provision Extension Mobility Access, it actually seems to be trying to update the user on CUCM (via AXL) (this fails as it is an LDAP user and the values come from LDAP and cannot be updated)
    I've got a tac case open.
    Bug details are currently hidden - CSCuo11522 - but this one is extension mobility provisioning issue
    There was also mention of another bug related to failures to provision users with directory URI's in their LDAP record. I didn't catch a bug ID for this one though.
    Cheers,
    Tim

  • Error while create user in LDAP - LDAP: error code 1

    Hi Guy's, I am getting below error while creating user in LDAP MS AD.
    cn=3001,ou=sAP_IDM,dc=springswf,dc=comcn<mx:TEXT>putNextEntry failed storingOU=SAP_IDM,DC=springswf,DC=com</mx:TEXT>
    <mx:LTEXT>Exception from Add operation:javaxnaming.NamingException: {LDAP: error code 1 = 00000000: LdapErr: DSID-OC090AE2, coment: In order to perform this operation a successful bind must be completed on the connection.,data0,vece
    Steps I am following:
    1. create a job through wizard and pick from (IC->jobs->Active Directory->Create Active Directory User)
    2. Destination tab values that I am passing:
    dn: cn=Dummyuser,ou=SAP_IDM,dc=<main domain>,dc=com
    objectClass: top|person|organizationalPerson|user
    sn: Surname
    givenName: GivenName
    displayName: Dummy user displayname
    Under <main domain> an OU has been created called SAP_IDM for testing user creation from IDM.
    Admin user account created called <XYZ> and has full control over SAP_IDM OU.
    I am passing <XYZ> credentials into my job for user creation.
    Thanks for you help!

    Farhan,
    Based on the error message presented,
    In order to perform this operation a successful bind must be completed on the connection
    Make sure that you're using the correct information to do the AD Bind.  User name should be something like cn=administrator,cn=users,dc=xxx,dc=xxx and the proper password.
    Matt

  • Problem in creating users with password restrictions

    I have enabled the following option in the Authentication>Enterprise tab of CMC.
    Must contain at least N Characters and specified N as 7
    Enforce mixed-case passwords
    However I am able to create user with password as abcd.
    Please suggest.
    Thanks in Advance

    I might be missing something but the rule applies to users changing their pw not administrators creating accounts. If the administrator sets this rule it would be thought/assumed that they would enforce their own rule when creating accounts. The users however should not be able to select 4 character passwords.
    I'll run some tests and see if I find out anything different.
    Tested this on XIR2 SP4 and XI 3.0 The rules apply to the user not the administrator creating the account.
    So create an account while the 7 character pw is enabled. By default the user logs in with the pw (any amount of characters) and is prompted to change their pw. They cannot choose anything less than 7 characters. So unless an administrator creates an account with a password less than 7 characters AND deselects the option to force a pw change. All new users will be forced to select a 7 character password.
    This is by design. If it forced the administrator to create accounts without a 7 character pw they could simply deselect the options(as administrators) so there is no security in forcing this.
    Regards,
    Tim
    Edited by: Tim Ziemba on Aug 13, 2008 5:28 PM
    Edited by: Tim Ziemba on Aug 13, 2008 5:33 PM

  • Create user with select privilege only one schema

    can someone tell me how i can create user with select priviliges only one schema.
    i don't want the user to have any select privileges with other schema.
    can someone advise me.
    Thansk

    In general, you would do something like
    CREATE ROLE abc_read_only;
    FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
    LOOP
      EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
    END LOOP;
    CREATE USER your_user ...;
    GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
    Justin

  • Can't create user with Delegated Administrator Console! Thank you!

    I have installed JES2005Q4 (include Deirectory Server&#12289;Access Manager&#12289;Web Server&#12289;Messaging Server&#12289;Calendar Server&#12289;Instant Messaging&#12289;Communications Express and Delegated Administrator) ,
    i can create domain and user with "commadmin" command, but can't create user with Delegated Administrator console.
    When i checked the logs of the Web Server, found some errors:
    [04/Feb/2006:11:55:25] failure (12015): for host 192.168.182.130 trying to POST /da/wizard/WizardWindow, service-j2ee reports: ApplicationDispatcher[da] WEB2649: Servlet.service() for servlet jsp threw exception
    javax.servlet.ServletException
         at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:536)
         at jsps.com_sun_web_ui._jsp._wizard._WizardWindow_jsp._jspService(_WizardWindow_jsp.java:559)
         at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
         at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
         at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
         at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
         at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
         at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
         at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
         at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:585)
         at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
         at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
         at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
         at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
         at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
         at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
         at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
         at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
         at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
    ----- Root Cause -----
    javax.servlet.jsp.JspException
         at com.sun.web.ui.taglib.wizard.CCWizardTag.getWizardPageHTML(CCWizardTag.java:1577)
         at com.sun.web.ui.taglib.wizard.CCWizardTag.appendPageletBodyContentHTML(CCWizardTag.java:668)
         at com.sun.web.ui.taglib.wizard.CCWizardTag.appendWizardBodyHTML(CCW
    [04/Feb/2006:11:55:25] failure (12015): for host 192.168.182.130 trying to POST /da/wizard/WizardWindow, service-j2ee reports: WEB2798: [da] ServletContext.log(): [ERROR] Uncaught application exception
    com.iplanet.jato.NavigationException: Exception encountered during forward
    Root cause = [javax.servlet.jsp.JspException]
         at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
         at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
         at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:585)
         at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
         at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
         at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
         at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
         at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
         at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
         at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
         at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
         at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
    Root cause:
    javax.servlet.jsp.JspException
         at com.sun.web.ui.taglib.wizard.CCWizardTag.getWizardPageHTML(CCWizardTag.java:1577)
         at com.sun.web.ui.taglib.wizard.CCWizardTag.appendPageletBodyContentHTML(CCWizardTag.java:668)
         at com.sun.web.ui.taglib.wizard.CCWizardTag.appendWizardBodyHTML(CCWizardTag.java:658)
         at com.sun.web.ui.taglib.wizard.CCWizardTag.getHTMLStringInternal(CCWizardTag.java:469)
         at com.sun.web.ui.taglib.common.CCTagBase.doEndTag(CCTagBase.java:114)
         at jsps.com_sun_web_ui._jsp._wizard._WizardWindow_jsp._jspService(_WizardWindow_jsp.java:260)
         at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
         at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
         at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
         at org.apache.catalina.co
    [04/Feb/2006:11:55:26] failure (12015): for host 192.168.182.130 trying to POST /da/wizard/WizardWindow, service-j2ee reports: StandardWrapperValve[WizardWinServlet]: WEB2792: Servlet.service() for servlet WizardWinServlet threw exception
    javax.servlet.ServletException: Uncaught exception
         at com.iplanet.jato.ApplicationServletBase.onUncaughtException(ApplicationServletBase.java:1415)
         at com.sun.comm.da.WizardWinServlet.onUncaughtException(WizardWinServlet.java:98)
         at com.iplanet.jato.ApplicationServletBase.fireUncaughtException(ApplicationServletBase.java:1164)
         at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:639)
         at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
         at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
         at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
         at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
    ----- Root Cause -----
    com.iplanet.jato.NavigationException: Exception encountered during forward
    Root cause = [javax.servlet.jsp.JspException]
         at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
         at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
         at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:585)
         at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
         at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
         at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
         at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
         at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
         at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
         at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
         at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain

    Now i want to update the Delegated Administrator with the 119778-09.jar patch, but the error show:
    Unable to open keystore </var/sadm/security/patchadd/trustore> for reading.
    Signature invalid on signed patch <119778-09>.

  • Creating user in LDAP using Oracle Identity Store API

    We are trying to create users in LDAP (open LDAP) using Oracle's Fusion Middleware's Oracle Identity Service API. Here is my code snippet to create user,
              final IdentityStoreService identityStoreService = jpsContextFactory
                        .getContext().getServiceInstance(IdentityStoreService.class);
              IdentityStore idmStore = identityStoreService.getIdmStore();
              final Property statusProperty = new Property("status", Arrays.asList("active"));
              final PropertySet propertySet = new PropertySet();
              propertySet.put(statusProperty);
              idmStore.getUserManager().createUser("userid", new char[0], propertySet);
    but I am getting this error
    Caused by: oracle.security.idm.IMException: Mandatory attribute missing :status
         at oracle.security.idm.providers.stdldap.util.LDAPRealm.createUser(LDAPRealm.java:139)
    even though I am clearly adding the attribute as mentioned above, am I missing any thing?
    Thanks for your help :)
    Full stack trace:
    oracle.security.idm.OperationFailureException: oracle.security.idm.IMException: Mandatory attribute missing : status
         at oracle.security.idm.providers.stdldap.util.LDAPRealm.throwException(LDAPRealm.java:785)
         at oracle.security.idm.providers.stdldap.util.LDAPRealm.createUser(LDAPRealm.java:153)
         at oracle.security.idm.providers.stdldap.LDUserManager.createUser(LDUserManager.java:170)
         at oracle.security.idm.providers.stdldap.LDUserManager.createUser(LDUserManager.java:121)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:173)
         at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:89)
         at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:61)
         at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:75)
         at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
         at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
         at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
         at java.util.concurrent.FutureTask.run(FutureTask.java:138)
         at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
         at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)
         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
         at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:118)
         at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:208)
         at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
         at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:205)
         at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:113)
         at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184)
         at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:107)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
         at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    Caused by: oracle.security.idm.IMException: Mandatory attribute missing :status
         at oracle.security.idm.providers.stdldap.util.LDAPRealm.createUser(LDAPRealm.java:139)
         ... 52 more
    Edited by: 940837 on Jun 14, 2012 5:00 PM

    URGENT** How to change  OIM user password from outside OIM

  • UME - Creating users in LDAP via Anonymous account

    I want to create users in LDAP via UME security API's. I am using
    IUserManagementEngine umService = (IUserManagementEngine) PortalRuntime.getRuntimeResources().getService( IUserManagementEngine.KEY );
    and saving/commiting values etc using IUserFactory and IUserAccountFactory. It throws an exception
    LDAP: error code 53 - 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
    Inference - User doesnt have permission to create users in LDAP.
    I am in an anonymous portal and I am writing a custom application to create users in LDAP, so there is no logged in user to which extra rights can be added to.
    So to which user should I assign the extra rights to write to LDAP? How can I achieve this?
    Thanks for hints, Dhanz

    Hi,
    LDAP users are coming from external directory.
    Portal UME is differnt from LDAP.  UME users and LDAP users are differnt.
    You can created users in UME as long as you have user administration rights.
    But LDAP needs special permissions as the external user directory is integrated in portal.
    So you should have  full or write permission to that external directory through LDAP.
    Raghu

  • Error while creating user in LDAP (MS ADS) from SAP Portal 7.0

    Hi,
    Is it obliged to use SSL connection to create new user in LDAP (MS ADS) from SAP Portal 7.0 ?
    I've configured the UME with ldap server adress and port 389. And use configuration file "dataSourceConfiguration_ads_writeable_db.xml"
    I succeed to view users existing in LDAP but when I try to create new user I've the following error message:
    LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0)
    Thanks and regards

    check this link
    http://help.sap.com/saphelp_nw70/helpdata/EN/37/cfd93f130f9115e10000000a155106/frameset.htm
    and at the end of the page there is a qoute "We strongly recommend that you configure SSL between the UME and the LDAP directory. Some LDAP directories, such as Microsoft Active Directory Server, require an SSL connection if you want to create users on the LDAP directory"
    hence follow this link to configure SSL
    http://help.sap.com/saphelp_nw70/helpdata/EN/7d/77fa735e5f47a2a50b5336fd1b5a61/frameset.htm
    hope this helps..
    [Rahul|http://rahulursportal.blogspot.com/]

  • How to create users with i18n characters in SunONE directory server?

    Was trying to create users and groups with i18n characters in SunONE directory server
    1. Started LDAP console using -l option
    2. Chaged the Locale to Japanese
    3. Entered few japanese character as username (meaning internationalization user name)
    4. However, I could not able to type the password using the "soft keyboard" that comes with Japanese Locale
    5. to overcome with #4, for now, I typed english chars as the password
    6. Click OK to save the above username/pwd
    7. It says "netscape.ldap.LDAPException: error result (19); value of attribute "uid" contains extended (8-bit) characters"
    Has anyone ever created i18n user names in SunONE Directory Provider? Please help...

    Hi LostLad,
    Soryy for my ignorance...Could you please be elaborate on how to remove "uid attribute from 7-bit ASCII plugin?
    Thanks in advance..

  • Creating user with -S mail also gives him cal

    Hi,
    Using J ES 2005Q4 unpatched.
    Creating a user with commadmin and flags -S mail also gives him access to the Calendar Tab in UWC !
    1. Is their a default for commadmin command that enables -S cal even when it is not on the command line ?
    2. How to modify a user to remove his calendar capability with commadmin or modifying directly ldap or DA or ?
    Thanks
    Fran�ois

    Hello,
    Actually looking at the bug in more detail, can I confirm that UWC doesn't actually log the user into the calendar server. In other words, clicking on the Calendar tab in Comms Express fails for a user that has never been provisioned with the calendar service?
    If this is the case and they can never access the calendar via UWC, then the calendar server should not have auto provisioned that calendar. FYI: Auto provisioning is enable by default in ics.conf:
    local.autoprovision = "yes"
    If enable, when a user logs into the calendar server for the first time, a calendar will be created in the calendar servers database and they will also be added the calendar associated attributes in LDAP. You may wantt to disable autoprovisioning if you want to strictly control who can access the calendar server.
    To correct the UWC problem. You should:
    1. First apply patch 118540-24 or above.
    2. Any users that can still see the calendar tab after applying the patch have probably been autoprovisioned and you will need to remove the calendar and calendar ldap attributes from such users.
    Hope this makes sense, please let me know if you have any further questions.

  • Create user in LDAP subtrees via UME

    Hi all,
    We have different user types (public, employee, ...) in our LDAP server. Each user type has its own subtree under the ou=User node which is configured in UME. It is possible to create users via UME which are places under the according subtree?
    Best Regrads,
    Daniel

    Hi Stuart,
    we had exactly the same problem.
    Defining the additional attributes in the sapum.properties only makes them "visible" in the User Admin iViews.
    We also had to define the Attributes in our DataSource COniguration File in the section for the corresponding Datasource with:
    <attribute name="uniquename" populateInitially="true"/> (SAP Standard Attribute)
    e.g.
    <attribute name="FavouriteAnimal" populateInitially="true"/>
    Furthermore you should create a mapping to an LDAP Attribute. E.G. the Exchange Extension for MSADS offers 9 extensionattributes for free use.
    this is made in the section
    <attributemapping>
    <attribute name="displayname">     (-> Portal Attribute)     <physicalAttributename="displayname"/> (> LDAP)
    </attribute>
    (SAP Standard)
    so for your own attribute you can use e.G.
    <attribute name="FavouriteAnimal">
         <physicalAttributename="extensionattribute1"/>
    </attribute>
    Regards,
    Jochen
    Message was edited by: Jochen Spieth

  • Create user with special character

    Hi,
    We are getting the error while creating a user with special character in a filed. The same user is getting created in development environment but not able to create the same in Production environment.
    We tried to check if any configurations are different but couldn't find any clue. Please help in this regards.
    +Exception caught while insertng or updating the user.java.lang.RuntimeException: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - Value of attribute "uid" contains extended (8-bit) characters: americas-Isosystem_ Serviço]; remaining name 'uid=americas-Isosystem_ Serviço, ou=People'+*
    Regards,
    Abhinav

    No there are no restrictions from LDAP,
    also I am able to give 32 character password in Coreid Console,
    it seems that the web services have a restriction on password length.
    Moreover, these web services used to accept 32 characyer passwords few months ago. we lately recognized this issue happening recent times.
    I suspect some Oracle hotfix or patch would have made the difference.
    But I am clue less how to trace it,
    Any help would be appreciated

  • Create user with DBA privileges with a restriction to access user data

    Hi
    I need to create a user with all DBA privileges with a restriction to access all user schemas
    Thanks,
    Balaji

    Use Database Vault - http://download.oracle.com/docs/cd/E11882_01/server.112/e16544/toc.htm
    HTH
    Srini

  • Create Users with Mail enabled in dscl or command line

    I have figured out how to use the dscl to add a user.
    example:
    $ sudo dscl . create /users/rothman uid 701
    $ sudo dscl . create /users/rothman gid 20
    $ sudo dscl . create /users/rothman realname "Ernest Rothman"
    $ sudo dscl . create /users/rothman passwd \*
    I went as far as to launch WorkGroup manager to enable Mail.
    The following gave me the key values:
    dscl . read /Users/test MailAttribute > mailsettings.txt
    When I try to replace from the txt file. WorkGroup Manager than believes the Mail is not enabled.
    How do I use dscl or a terminal command to enable the user with mail server and to use IMAP Only?
    I do not want to always have to remotely connect to launch Workgroup Manager to enable mail for new users.
    I hope you can help for I am new dscl or even NetInfo command line tools.
    I have tried these, but I guess it does't like how it is being restored into that property.
    dscl . create /Users/test MailAttribute `< mailsettings.txt`
    <?xml version="1.0" encoding="UTF-8"?>
    <dict>
    <key>kAPOPRequired</key>
    <string>APOPNotRequired</string>
    <key>kAltMailStoreLoc</key>
    <string></string>
    <key>kAttributeVersion</key>
    <string>Apple Mail 1.0</string>
    <key>kAutoForwardValue</key>
    <string></string>
    <key>kIMAPLoginState</key>
    <string>IMAPAllowed</string>
    <key>kMailAccountLocation</key>
    <string>192.168.181.132</string>
    <key>kMailAccountState</key>
    <string>Enabled</string>
    <key>kPOP3LoginState</key>
    <string>POP3Deny</string>
    <key>kUserDiskQuota</key>
    <string>0</string>
    </dict>
    I have also tried appending by doing something like this.
    dscl . create /Users/test MailAttribute '<?xml version="1.0" encoding="UTF-8"?>’
    dscl . append /Users/test MailAttribute ‘<dict>’
    dscl . append /Users/test MailAttribute ‘<key>kAPOPRequired</key>’
    dscl . append /Users/test MailAttribute ‘<string>APOPNotRequired</string>’
    dscl . append /Users/test MailAttribute ‘<key>kAltMailStoreLoc</key>’
    dscl . append /Users/test MailAttribute ‘<string></string>’
    dscl . append /Users/test MailAttribute ‘<key>kAttributeVersion</key>’
    dscl . append /Users/test MailAttribute ‘<string>Apple Mail 1.0</string>’
    dscl . append /Users/test MailAttribute ‘<key>kAutoForwardValue</key>’
    dscl . append /Users/test MailAttribute ‘<string></string>’
    dscl . append /Users/test MailAttribute ‘<key>kIMAPLoginState</key>’
    dscl . append /Users/test MailAttribute ‘<string>IMAPAllowed</string>’
    dscl . append /Users/test MailAttribute ‘<key>kMailAccountLocation</key>’
    dscl . append /Users/test MailAttribute ‘<string>192.168.181.132</string>’
    dscl . append /Users/test MailAttribute ‘<key>kMailAccountState</key>’
    dscl . append /Users/test MailAttribute ‘<string>Enabled</string>’
    dscl . append /Users/test MailAttribute ‘<key>kPOP3LoginState</key>’
    dscl . append /Users/test MailAttribute ‘<string>POP3Deny</string>’
    dscl . append /Users/test MailAttribute ‘<key>kUserDiskQuota</key>’
    dscl . append /Users/test MailAttribute ‘<string>0</string>’
    dscl . append /Users/test MailAttribute ‘</dict>’

    Got it to take as a single statement.
    dscl . create /users/test applemail "<?xml version='1.0' encoding='UTF-8'?> <dict> <key>kAPOPRequired</key> <string>APOPNotRequired</string> <key>kAltMailStoreLoc</key> <string></string> <key>kAttributeVersion</key> <string>Apple Mail 1.0</string> <key>kAutoForwardValue</key> <string></string> <key>kIMAPLoginState</key> <string>IMAPAllowed</string> <key>kMailAccountLocation</key> <string>192.168.181.132</string> <key>kMailAccountState</key> <string>Enabled</string> <key>kPOP3LoginState</key> <string>POP3Deny</string> <key>kUserDiskQuota</key> <string>0</string> </dict>"
    Doing the above showed in WorkGroup manager and I tested and the user received a email, so now I can automate adding users without needing the GUI. *Just to note you still have to setup mail services and your virtual, aliases files for postfix. This is just so the user is opened up to be allowed to receive email in the first place.
    I still could not seem to pipe a file into dscl command even though the file was a single line of text. I had planned to embed this in a single command so no big deal.

Maybe you are looking for

  • I am so angry!!!

    I have a Verizon phone purchased at Walmart.  I purchased this because we live in a rural area that has no coverage (cell towers) and use it when we are in a service area.  I have had $15  credited to this account for several months.  Recently my cre

  • How can i connect my I pad 2 to big screen TV to vatch movies?

    How can i connect my I pad 2 to big screen TV to watch movies?

  • Centering pic in text box?

    Okay, say... - I have a text box 600 pixels wide. - Have a pic that is 300 pixels wide that I paste into the text box. - The text wrapping options I have are to have the text to the right, to the left, or above and below. - Currently when I set it to

  • Getting 100501:non-ORACLE EXCEPTION

    Hi, I'm receving an error 100501:non-ORACLE exception, when I try to run the webutil package Webutil_File_Transfer.Client_To_DB on the application server. The same is working in my standalone machine. Regards, Madhu

  • Inventory with HU enabled - pallet in wrong place

    I'm running an inventory in a HU managed storage location, and I've come up with the normal situation that a pallet is in the wrong place. When I try to post the count the system show me the L4 203 that basically says the pallet already exists in ano