Creation of Portal users and group assignments

Hi, everyone. My company just completed a load of some 2000 E-Business suite users into our new portal and have given them group assignments according to payroll. I had gathered a number of routines into a PL/SQL package in order to do this. These came from several sources in these forums, on Metalink, and other places on the internet. I was wondering if anyone would be interested in having it. A lot of it was rewritten on the fly, and I should probably clean it up a bit, but it would have saved me some time if someone had offered it to me. Is there a good place to post things like this? I'm sure that better ways exist to do some of these things than what I used, and I would be interested in some of the experts' comments.
Anyway, let me know if you are interested.
--Dave

hi Dave,
i am trying to study a problem with group assignments in a proper branch in OID. it would probably be helpful to clear some pieces in this problem from your notes.
would you be kind to send a copy to [email protected]
with kind regards,
AMN

Similar Messages

Administration Portal user and group managent performace issue

Hi
I have implemented a custom IPlanet LDAP authentication provider which provides
a realization for the needed authentication, group and user management interfaces
(UserReader, UserEditor, GroupReader, GroupEditor).
The authentication provider itself seems to work fine, but I think I found a possible
performance problem in the WebLogic Administration Portal, when I studied the
authentication framework by remote debugging. Response times (with just one simultaneous
user) are quite long (over 8 seconds) with 40 groups on the same hierarchy level
on the Users, Groups and Roles tree. I'm developing with P4 processor and 1 Gb
ram (512 Mb allocated for WLS)
After little debugging I found out that every time a node in the group tree is
dlicked isMember() method of the authentication provider gets called n * (n -1)
times, where n is the number of visible groups in the hierachy tree. '
What happens is that for each group, the membership of all the other visible groups
is checked by the isMember(group, member, recursive), method call. Even the usage
of a membership cache in this point didn't speed up the rendering noticeably.
By placing a break point in the isMember() method and studying the call stack,
one can see that all the isMember() calls are made during the rendering performed
by the ControlTreeWalker. For example if there is 40 groups visible in the tree,
the isMember() method gets called 1600 times. This seems quite heavy. With a
small number of groups per hierarchy level this problem might not be serious,
but in case where there would be over 30 000 customer companies using the portal
and each having their own user groups, it could be an issue.
The problem does not occur with WebLogic console and browsing of groups and users
(using the same authentication provider) is fast with it. When a user is selected
from the user list and the Groups tab is checked, the Possible Groups and Current
Groups list boxes will get populated. When debugging this sequence, one can see
that only the listGroups() method of the authentication provider is called once
per list box and the order of method calls is of order n (rather than n^2 which
is the case with the Administrator Portal).
Has anyone had similar problems with Administrator Portal's performance?
Ville

Ville,
You're correct about the performance degradation issue. This is being
addressed in SP2.
Thanks,
Phil
"Ville" <[email protected]> wrote in message
news:[email protected]...
>
Hi
I have implemented a custom IPlanet LDAP authentication provider whichprovides
a realization for the needed authentication, group and user managementinterfaces
(UserReader, UserEditor, GroupReader, GroupEditor).
The authentication provider itself seems to work fine, but I think I founda possible
performance problem in the WebLogic Administration Portal, when I studiedthe
authentication framework by remote debugging. Response times (with justone simultaneous
user) are quite long (over 8 seconds) with 40 groups on the same hierarchylevel
on the Users, Groups and Roles tree. I'm developing with P4 processor and1 Gb
ram (512 Mb allocated for WLS)
After little debugging I found out that every time a node in the grouptree is
dlicked isMember() method of the authentication provider gets called n *(n -1)
times, where n is the number of visible groups in the hierachy tree. '
What happens is that for each group, the membership of all the othervisible groups
is checked by the isMember(group, member, recursive), method call. Eventhe usage
of a membership cache in this point didn't speed up the renderingnoticeably.
>
By placing a break point in the isMember() method and studying the callstack,
one can see that all the isMember() calls are made during the renderingperformed
by the ControlTreeWalker. For example if there is 40 groups visible inthe tree,
the isMember() method gets called 1600 times. This seems quite heavy.With a
small number of groups per hierarchy level this problem might not beserious,
but in case where there would be over 30 000 customer companies using theportal
and each having their own user groups, it could be an issue.
The problem does not occur with WebLogic console and browsing of groupsand users
(using the same authentication provider) is fast with it. When a user isselected
from the user list and the Groups tab is checked, the Possible Groups andCurrent
Groups list boxes will get populated. When debugging this sequence, onecan see
that only the listGroups() method of the authentication provider is calledonce
per list box and the order of method calls is of order n (rather than n^2which
is the case with the Administrator Portal).
Has anyone had similar problems with Administrator Portal's performance?
Ville

Example of creating a valid LDAP user and group in the Portal tree

I need to create (via bulk LDIP or API) fresh users AND groups into OID that can be used by Portal. In theory it sounds easy - just create an appropriate LDIF file.
What is the best way to achieve this?
I don't the know the structure that should be used in the LDIF file that would create the correct structure held for all the Portal users and groups in OID.
I've looked through the OID admin and dev guides but am still confused as to what exactly I have to do. It seems that Portal accounts are synchronised by a method called Provisioning.
All I want to do is bulk upload Portal compatible users into the repository.
Can somebody please assist.
Cheers,
John

I have below changes in files
1] In jps-config.xml
-- Added identity store and selected it from drop down in Security Context tab.
2] In weblogic-application.xml
In Security tab --> Role assignment mapped valid-users to principle name.
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>DERDev</principal-name>
</security-role-assignment>
</security>
3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
4] Added security role "DERDev" along with the default/automatically added role "valid users"
<security-role>
<role-name>DERDev</role-name>
</security-role>
Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
Mukesh

User and groups tables

Hi,
I would like to know how to obtain the list of users and groups from the database of portal in the SQL PLUS application.
Thx Bye
Philippe

Hi,
I assume you are talking about the portal users and groups. If so you can find them in wwsec_person$ and
wwsec_group$.
thanks,
Sharmila

Assigning Roles to Users and Groups

Hi,
We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
it is an urgent assignment for me..help can be appreciated...
sudhir

Sudhir,
You can assign the roles to users and groups as below.
1. Select the System Administration in the top level navigtion
2. Select user administration
3. You can search for a specific user or a group from this iView.
4. Use the edit button to edit the profie of the user or group.
5. Search for the role in the search iView.
6. Add the role to the user of group and save.

Proper user and group rights

Dear readers and admins
My question is about the "correct" setting of the user and group rights, so the following is possible. It relates to Server 10.3 and to 10.4.
Requirements:
Group 1 = "Regular user"
Group 2 = "Administration, Accounting"
User 1 and 2 belong to Group 1, users 3 and 4 belong to Group 2.
User 1 & 2 must have read/write access to files and folders in Group 1, but may not have access to files and folders of Group 2.
User 1 & 2 must be in a position of creation and deletion of file and directory of Group 1, as if they were their own files and directories. I.e. User 2 must be in a position to delete or change files and directories that an other user of Group 1 has created.
User 3 & 4 must have read and write access to files and directories of Group 1 & 2. They must be able to creating and changing such files and directories, as if they were their own files and directories. I.e. User 3 & 4 must be able to create and change files and directories which belong to user 1 & 2.
As I understand it, this can be achieved with ACL's under Server 10.6.
Am I right?
What would such a structure look like with ACL's?
I unfortunately don't have a server 10.6 running, as, down due to technical problems, my server is down.
Thank you in advance for your help.
All a happy new year.
Regards
Thomas Thaler

Yes - and it's pretty easy.
1. You would create whatever share points you would like (very easy to do)
2. You would make sure in Workgroup Manager you have the users assigned to the correct groups that you discussed.
3. On the folders for Group 1 you would add ACL permissions of Full Control for Group 1 and Full Control for Group 2.
4. On the folders for Group 2 you would add an ACL permission of Full Control for Group 2.

LDAP Users and Groups

Hi,

I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:

com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.


It seems that this needs to be setup. How do I do this?


Some general notes on LDAP:

I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.

Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.

It would be interesting to read what Bea and other developer think about this.

Kind regards,

Kai


Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)

Populating users and groups - design considerations/best practice

We are currently running a 4.5 Portal in production. We are doing requirements/design for the 5.0 upgrade.
We currently have a stored procedure that assigns users to the appropriate groups based on the domain info and role info from an ERP database after they are imported and synched up by the authentication source.
We need to migrate this functionality to the 5.0 portal. We are debating whether to provide this functionality by doing this process via a custom Profile Web service. It was recommended during ADC and other presentation that we should stay away from using the database security/membership tables in the database directy and use the EDK/PRC instead.
Please advise on the best way to approach(With details) this issue. We need to finalize the best approach to take asap.
Thanks.
Vanita

So the best way to do this is to write a custom Authentication Web Service. Database customizations can do much more damage and the EDK/PRC/API are designed to prevent inconsistencies and problems.
Along those lines they also make it really easy to rationalize data from multiple backend systems into an orgainzation you'd like for your portal. For example you could write a Custom Authentication Source that would connect to your NT Domain and get all the users and groups, then connect to your ERP system and do the same work your stored procedure would do. It can then present this information to the portal in the way that the portal expects and let the portal maintain its own database and information store.
Another solution is to write an External Operation that encapsulates the logic in your stored procedure but uses the PRC/Server API to manipulate users and group memberships. I suggest you use the PRC interface since the Server API may change in subtle ways from release to release and is not as well documented.
Either of these solutions would be easier in the long term to maintain than a database stored procedure.
Hope this helps,
-Akash

User and group management

I just installed an evaluation version of weblogic commerce and personalization server. I understand we can create users and groups and assign users to different groups. But I am wondering who has the privilege to do this, developer or end-user? In paticular, is it possible for a super user (should be end-user) in one group to manager all other users in the same group. This feature would be especially useful for B2B portal because usually we would allow a company administrator manage all users within that company. Thanks in advance.Zhe

Hi Steve,
What's the plan to provide ASP support in WLPS in the future ? Is there
any examples of WLPS that uses a 3rd party user management server (such
as LDAP)?
Thanks,
Leo
6th Dimension-
Steve Willcox wrote:
>
We only support a single administrator for a 'realm' of users. We don't have an admin permission mechanism on a group of users basis. The feature you are looking for more fits the ASP model and not an enterprise application model.
However, since WLPS/WLCS uses the WebLogic security realm to access users and groups, you can use a 3rd party user management tool that supports the permissions you are looking for in order to create users and groups. This would require the 3rd party user management tool to have an implementation of the WebLogic Security Realm class that works with this 3rd party user management server.
Zhe Liu wrote:
I just installed an evaluation version of weblogic commerce and personalization server. I understand we can create users and groups and assign users to different groups. But I am wondering who has the privilege to do this, developer or end-user? In paticular, is it possible for a super user (should be end-user) in one group to manager all other users in the same group. This feature would be especially useful for B2B portal because usually we would allow a company administrator manage all users within that company. Thanks in advance.Zhe--
Steve Willcox
BEA Systems, Inc.
ECommerce Application Components R&D
Architect
mailto:[email protected]
http://www.bea.com

User and group security

Not sure if this fits here, but here goes...
I have a subportal folder, with a community in side. Inside the community, I have groups. If I give one group the admin level authority, is it just for that community and all of its content, or is it the whole portal. The admin docs are very granular on user and group security throughout the various ways of applying it. WHat I am trying to do is give a group admin control over a singel community as well as full admin control of all groups in the communities admin folder. BUT just those things.
thanks

If I recall correctly, there is no inheritance of user and group rights in PT, at least not in 5.x. If you give some rights on a specific object/folder to a specific group, then it will be for that object only and none of its children.
You do have a choice of propagating of user rights down the ownership tree however. I.e., if you select a community and set some rights for yourself, it will prompt you if you want to propagate the same permissions down the chain, to all of its children. If you say yes, it will replacepermissions on all its children by creating copies. If you say no, you'll have to go and apply different permissions on each child individually.
Ruslan.

Hi I do not want iTunes to open up automatically when I turn on my macbook pro. I tried going to System Preferences Users and Groups Login Items and then I took iTunes off the list but it still opens up automatically when I turn on my laptop.

Hi I do not want iTunes to open up automatically when I turn on my macbook pro. I tried going to System Preferences>Users and Groups>Login Items and then I took iTunes off the list but it still opens up automatically when I turn on my laptop. What should I do?

Hi r,
Make sure you close iTunes before shutdown. And you're quite welcome.

I am trying to stop programs from opening automatically when I turn my computer on. I tried system preferences users and groups login items...then I deleted them from the list but it did nothing.

I am trying to stop programs from opening automatically when I turn my computer on. I tried system preferences>users and groups>login items...then I deleted them itunes and emial from the list but it did nothing. They continue to open up every time I turn on my Macbook Pro.

Hi r,
It sounds like you're running Lion?
Have you tried running Verify and/or Repair Disk?
Have you tried running Repair Permissions?
Do you have at least 15% free space available on your HD?

How to change default /Users and /Groups to different Volume?

Users are created in /Volumes/<boot>/Users and groups in /Volumes/<boot>/Groups.
We need these to be created on a different volume, eg., /Volumes/External/Users, and /Volumes/External/Groups.
Setup Assistant correctly put user Backups into */Volumes/External/Shared Items/Backups* and also correctly put web services on /Volumes/External/ServiceData -- we want to do the same for Groups and Users.
Groups are the most critical, as the group needs bulk storage. Users we could leave as is if it can't be done.
How can this be configured? We've read File Server Admin, Open Directory Admin, and Advanced Server admin from http://www.apple.com/server/macosx/resources/documentation.html without finding an answer.
Thanks in advance.

1. Create new folders on the external volume to hold users and groups, but to prevent confusion name them something other than "Users" and "Groups". /Volumes/External/NetUsers and /Volumes/External/NetGroups would be reasonable choices.
2. Share both of these folders (in Server Admin -> server name in sidebar -> File Sharing -> Volumes & Browse modes -> select each folder -> click Share near the top right).
3. Enable both folders for automounting on clients (Server Admin -> server name in sidebar -> File Sharing -> Share Points-> select each folder -> Share Point tab under that -> Enable Automount option) with the default options (Directory: /LDAPv3/127.0.0.1, Protocol: AFP, Use for: User home folders and group folders). Be sure to click Save (not just OK in the dialog).
4. To migrate users, run Workgroup Manager, and change the home location for the users you want to move (select Accounts in the toolbar -> /LDAPv3/127.0.0.1 from the hidden pop-up menu under that -> User icon tab at the left -> select the user(s) you want to change -> Home tab on the right -> select the NetUsers option from the "Where" list). Then, for each user, run this command on the server: "sudo cp -Rp /Users/username /Volumes/External/NetUsers".
5. Similarly, move Group folders in WGM (Accounts -> /LDAP... -> Groups icon on left -> select groups to move -> Group Folder tab on right -> NetGroups in the list). Then, for each group, run "sudo cp -Rp /Groups/groupname /Volumes/External/NetGroups".
6. Test to make sure all is working before deleting the old user and group folders from /Users and /Groups (do NOT delete /Users and /Groups themselves, just the individual folders from under them).

Generate report to show all users and groups in Shared Services in EPM 11x

Hi,
Is there any way to generate a report (like a migration report or job status report) which can be generated through workspace/shared services 11.1.1.3 so that my admin can look at all the users and groups created. Something that I can view and probably print out? Any suggestions?
~Adeeba

Yes, I knew this one. This basically shows me the users and groups assigned specific provision access. Is there any way to view a report that shows which users and groups have access to dimensions of an individual planning application?
~Adeeba

Upgraded to 3.1 and lost all users and groups. How do we get them back?

We ran the update to Server 3.1 (from 3.0) on our Mavericks Mac-Mini Server.
Everything had been fine before the update, but now all users and groups have completely disappeared.
The only user we have is the main administrator log-in.
Since we verified that all of our data, wikis, and other items are still in place, it might be easier to just re-create the groups and users (and permission therein).
But, we cannot log into Workgroup Manager, nor can we add users/groups in the Server app (because it is "grayed-out").
Can somebody please provide a suggestion??
We are a small engineering firm with only 5 users, so it's not like this would take all day.
Thanks, Mike

Have you tried
sudo sso_util configure -r REALM_NAME -a diradmin afp
(cf. Lion Server: AFP users unable to authenticate with Kerberos after upgrading)in Apple Support ?
p.

Creation of Portal users and group assignments

Similar Messages

Maybe you are looking for