Custom AccessGate not support Multi-domain SSO
Hi,
I have a requirement to implement the Multi-domain Single Sign-On with custom built SSO plugin (i.e Webgate/AccessGate/WebAgent), we have proposed OAM to implement Multi-domain SSO with custom built accessGate, now we are facing issue is, as per Oracle Access Manager documentation, Multi-domain SSO will not work if we use Custom Built webgate/AccessGate. Do you know whether OAM 11g or CA or Tivoli will support Multi-domain single sign-on with custom WebAgents?? Your quick response is highly appreciated.
Regards
Som
Since you have MDSSO implemented you need to figure out a way for multidomain logout as well.
In the step 3 since you logged out of abc.com, the obSSOCookie for that domain is deleted but the cookie in the domain def.com still remains so you are able to login again in def.com. If the central domain was completely different from the other domain than you would have got the SSO even after logout.
Seems like you have a configuration where you will never be able to logout of def.com because the cookie in the central domain will always be there until it times out.
Here's what you need to do..
-During logout call logout for all the domains configured
Similar Messages
-
Ora-29886 feature not supported for domain indexes ??
Could anyone tell me the reason for the following error
ora-29886 feature not supported for domain indexes
What are domain indexes ..??
Thanks in advance ..It would have been better if you posted the statement that caused the error.
If you are using something like MERGE INTO, it is not supported with with Domain Indexes. Workaround is to complete your insert with individual insert statements or drop the Domain Index before insert and recreate the index after insert
Domain indexes are built for specific applications (specific domain) like Oracle text, Oracle Spatial etc. So depending on what application you are running, you might be using domain indexes. You create domain indexes as you create b-tree indexes, but the difference is that you have to define the INDEXTYPE.
You can find domain indexes in DBA_SECONDARY_OBJECTS. Find the index on the table you are using, then check the definition of the index and see what it looks like. -
Custom sizes not supported in 10.8
Mountain Lion DOES NOT SUPPORT custom size printing on wide format printers!!!!
Thank you for the follow up. I am glad you got some answers and a way to proceed. I am sure your post will help many others.
I am in 10.7 right now, so I can't exactly duplicate what would appear in Mountain Lion. I took a look at the screen to enter custom page sizes. I noticed that no matter what I put in, it always defaulted to "inches" (I'm in North America). Even when I specified "mm" or "pt" it reverted back to "in". I think the printing system really works only with points -- 72 points to the inch. At least I have always seen measurments in points in PPD files when the maximum height and width are stated for a custom page size.
For the v8.64 driver for your Epson 3880, the PPD contains:
*MaxMediaWidth: "1224.20"
*MaxMediaHeight: "2692.80"
Using the Calculator program from OS X to do the conversions, that would be 17.002 inches (431.870 mm) by 37.400 inches (949.960 mm) for the maximum media size.
I suppose the end result of this is that it would be nice if there were some validation and a simple warning that would tell you the size of the media selected was larger than the maximum allowed. -
Sonic connector -not supporting Multi language
Hi
We are using the SONIC connector to show the SAP office mails in UWL notification tab , When the notification content is other than english , system is not supporting , it is giving the output as "???????" . but in the Task Tab every thing is perfect
is any one have faced this issue ,
Regards
ArumugamIn my experience the notifications have been working with different languages. There has been problems with the special characters (such as cyrillic letters, etc.), but as fas as I know Sonic should support also them. Check OSS about this.
Regards,
Karri -
Supporting Multiple domains in IM&P with and Expressway deployment?
Hello everyone. This is long winded but the context is needed to explain what I'm looking for. Any help is appreciated.
My customer has piloted IM&P for 1 year now and is looking to take it to the next level. They purchased Expressway Core & Edge and they are looking to enable Mobile Remote Access, B2B Video and XMPP Federation. One issue is that the Jabber domain that was selected 1 year ago for the pilot was a local domain. The reason for this is because the multidomain support was not available at the time. Internally there are 3 domains. example.ca, examplesales.ca, and examplebanannas.com. Their Jabber ID they use today is example.root.local. I am reading through the guides and it seems as though IM&P allows you to map a JABBER ID to an email address or a directory URI. This will allow multiple presence domains within one Presence cluster. The problem is that it appears as though federation will not work through expressway core / edge if you use this method. Can this be confirmed?
I am providing you these URL's only for guidance, to show you how I arrived at my situation where I’m asking for help on a configuration change to my customers IM&P settings.
note the section on page 41 of the following guide http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-5-1.pdf
One would presume that Multi-domain support is now supported with expressway core & edge. The caveat I found on page 4 of the following guide in relation to xmpp federation.
http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/XMPP-Federation-with-Cisco-VCS-and-IM-and-Presence-Service.pdf
and page 10 of the following guide
http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/XMPP-Federation-with-Cisco-VCS-and-IM-and-Presence-Service.pdf
and this section
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_5_1/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105_chapter_01010.html#CUP0_RF_CAF8AEDD_00
Expressway-E does not support XMPP address translation (of email addresses, for example). If you are using Expressway-E for XMPP federation, you must use native presence Jabber IDs from IM and Presence Service.
This being said
Based on my findings, I believe Cisco now supports multi-domain setup for IM&P with the "caveat" federation still doesn't work. My customer is not happy with this but still would like to proceed with the rest of the benefits that MRA brings to the table for their Jabber deployment.
To support the above scenario it is my understanding I need to make an adjustment to the configuration of IM&P. As I stated when I opened the case my customer’s current IM&P domain is “example.root.local” their JID is made up of [email protected]. It’s my understanding we cannot use this domain and activate MRA so we need to adjust everyone’s JID to be a Publicly routable DNS name. Since everyone that has a JABBER account also has an email account I was thinking we map the JID to the email. I’m trying to understand how to get from where we are to where we need to be. I found this guide but it doesn’t talk about the effects of doing this on a live system setup the way my customer is setup.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_5_1/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105_chapter_01100.html
I am also not certain this is the setting I’m looking for. I believe what I need to change is actually on the Presence server under the domains section I found this
Domains Configuration
Use the controls on this window to view and edit domains managed by the IM and Presence Service. Previously, the IM and Presence Service supported a single domain. With this release, you can specify multiple domains.
Before You Begin
To take advantage of multiple IM and Presence Service domains, you must choose Directory URI as the IM address scheme on the Advanced Presence Settings window. If the IM address scheme is set to UserID@domain, the default domain is used for the IM and Presence Service. The status of the IM Address Scheme setting is displayed at the top of the window in the Status box. The Status box contains a link to the Advanced Presence Settings window.
Is this what I need to do?Hello everyone. This is long winded but the context is needed to explain what I'm looking for. Any help is appreciated.
My customer has piloted IM&P for 1 year now and is looking to take it to the next level. They purchased Expressway Core & Edge and they are looking to enable Mobile Remote Access, B2B Video and XMPP Federation. One issue is that the Jabber domain that was selected 1 year ago for the pilot was a local domain. The reason for this is because the multidomain support was not available at the time. Internally there are 3 domains. example.ca, examplesales.ca, and examplebanannas.com. Their Jabber ID they use today is example.root.local. I am reading through the guides and it seems as though IM&P allows you to map a JABBER ID to an email address or a directory URI. This will allow multiple presence domains within one Presence cluster. The problem is that it appears as though federation will not work through expressway core / edge if you use this method. Can this be confirmed?
I am providing you these URL's only for guidance, to show you how I arrived at my situation where I’m asking for help on a configuration change to my customers IM&P settings.
note the section on page 41 of the following guide http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-5-1.pdf
One would presume that Multi-domain support is now supported with expressway core & edge. The caveat I found on page 4 of the following guide in relation to xmpp federation.
http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/XMPP-Federation-with-Cisco-VCS-and-IM-and-Presence-Service.pdf
and page 10 of the following guide
http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/XMPP-Federation-with-Cisco-VCS-and-IM-and-Presence-Service.pdf
and this section
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_5_1/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105_chapter_01010.html#CUP0_RF_CAF8AEDD_00
Expressway-E does not support XMPP address translation (of email addresses, for example). If you are using Expressway-E for XMPP federation, you must use native presence Jabber IDs from IM and Presence Service.
This being said
Based on my findings, I believe Cisco now supports multi-domain setup for IM&P with the "caveat" federation still doesn't work. My customer is not happy with this but still would like to proceed with the rest of the benefits that MRA brings to the table for their Jabber deployment.
To support the above scenario it is my understanding I need to make an adjustment to the configuration of IM&P. As I stated when I opened the case my customer’s current IM&P domain is “example.root.local” their JID is made up of [email protected]. It’s my understanding we cannot use this domain and activate MRA so we need to adjust everyone’s JID to be a Publicly routable DNS name. Since everyone that has a JABBER account also has an email account I was thinking we map the JID to the email. I’m trying to understand how to get from where we are to where we need to be. I found this guide but it doesn’t talk about the effects of doing this on a live system setup the way my customer is setup.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_5_1/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105/CUP0_BK_I07B7052_00_integration-guide-interdomain-federation-105_chapter_01100.html
I am also not certain this is the setting I’m looking for. I believe what I need to change is actually on the Presence server under the domains section I found this
Domains Configuration
Use the controls on this window to view and edit domains managed by the IM and Presence Service. Previously, the IM and Presence Service supported a single domain. With this release, you can specify multiple domains.
Before You Begin
To take advantage of multiple IM and Presence Service domains, you must choose Directory URI as the IM address scheme on the Advanced Presence Settings window. If the IM address scheme is set to UserID@domain, the default domain is used for the IM and Presence Service. The status of the IM Address Scheme setting is displayed at the top of the window in the Status box. The Status box contains a link to the Advanced Presence Settings window.
Is this what I need to do? -
MDT from Single Site for Multi Domain OS Deployment
Hi all,
We are looking for a solution which will make it possible to use MDT from a single site to deploy Windows 7 or Windows 8 and join different domains of different customers without trust relationships between domains.
We are a service provider which supports different customers with separate domains. At this moment those different customers have their own WDS server on site and administration is time consuming because a lot of hardware changes occur.
We are now searching for a solution which is easier to manage and one of the solutions we are thinking about is to install a WDS server in our office and use MDT for some custom task sequences but just build one image with all the different driver packs we
have.
Does anyone know how to deal with this from our point of view. All tooling I can find is based on Enterprise clients with one Domain Forest and maybe some different sites but all in one domain, which makes deployment a bit easier then in our situation I guess
as we are looking for a solution that supports Multi-domain deployment.
Hope someone might experienced this before and can help us in the right direction. If someone has experience with additional tooling which might help us I am more then interested to know how the tooling helped in solving this.
Preferrably we had a tool which was Multi-tenant and multiple domains could be managed from a single console, but I think that tool just doesn't exist.
Hope someone is able to help us in the right direction. Please let me know if you have any tips or did experience the same while making a Deployment plan for the service provider you are working for.
Many thanks in advance!Hi all,
We are looking for a solution which will make it possible to use MDT from a single site to deploy Windows 7 or Windows 8 and join different domains of different customers without trust relationships between domains.
We are a service provider which supports different customers with separate domains. At this moment those different customers have their own WDS server on site and administration is time consuming because a lot of hardware changes occur.
We are now searching for a solution which is easier to manage and one of the solutions we are thinking about is to install a WDS server in our office and use MDT for some custom task sequences but just build one image with all the different driver packs we
have.
Does anyone know how to deal with this from our point of view. All tooling I can find is based on Enterprise clients with one Domain Forest and maybe some different sites but all in one domain, which makes deployment a bit easier then in our situation I guess
as we are looking for a solution that supports Multi-domain deployment.
Hope someone might experienced this before and can help us in the right direction. If someone has experience with additional tooling which might help us I am more then interested to know how the tooling helped in solving this.
Preferrably we had a tool which was Multi-tenant and multiple domains could be managed from a single console, but I think that tool just doesn't exist.
Hope someone is able to help us in the right direction. Please let me know if you have any tips or did experience the same while making a Deployment plan for the service provider you are working for.
Many thanks in advance!
So is the goal is not only to get multiple domains to select from, if so you could use a DomainOUList.xml file .
Also would the clients be imaged at your site or your clients site?
If this post is helpful please click "Mark for answer", thanks! Kind regards -
Multi-Domain LDAP UME configuration
Hello
We have EP 7.0 installed and want to connect the UME to our Corporate
LDAP (MSADS) as data source.
Our ADS is as follows:
domain.pt u2013 This is our top level domain. Here we have our main users.
Gs.domain.pt u2013 This is a child domain of ren.pt. Here are some special
users that cannot be moved to domain.pt level (because of this we have to
use multi-domain configuration)
According to some documents Step 2 of Note 762419 - Multi-Domain Logon
Using Microsoft Active Directory this configuration as to be done
according to a Multiple-Domain UME LDAP Configuration.
Following is is my configuration of LDAP access:
I have set the u201CUME LDAP Datau201D in Config Tool to point to
the u201CdataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xmlu201D configuration file that has been previously change by me following previous documents. The xml is is the end of the message
Also in the u201CUME LDAP Datau201D (Directory Server) I have defined the following settings:
Server Name: dc01.domain.pt (This is the DC of domain.pt)
Server port: 389
User: j2ee-pp3 @domain.pt
Pass: ******* (ok on all configuration tests and authentication)
SSL: NO.
User Path: DC=domain,DC=pt
Group Path: DC=domain,DC=pt
Checked the u201CFlat User Group Hierarchyu201D.
Checked the u201CUse UME Unique id with unique LDAP Attributeu201D.
At u201CAdditional LDAP Propertiesu201D I have set the properties of
ume.ldap.unique_user_attribute(global) and
ume.ldap.unique_uacc_attribute(global) to userprincipalname. This was
done according to the Multi-Domain configuration.
Also ume.ldap.access.multidomain.enabled=true was set the property
sheet of the UME service. After this all checks are ok including in
User Administration in Portal.
Conclusion: We have no problem with SSO and search capabilities
at u201Cdomain.ptu201D level. All users of this domain are able to access the
portal with SSO.
Nevertheless no user from u201Cgs.domain.ptu201D is able to logon. Additionally,
using User Admninistration in Portal with option u201CAll Data Sourcesu201D
returns no results when searching for users from this child domain. It
seems the the configuration file does not recognize gs.domain.pt.
Is it possible that our xml file is incorrectly adapted? Is there any
missing or wrong configuration for multi-domain LDAP access? Please
advice.
Thanks in advance
dataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->
<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection>
</privateSection>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="j_user"/>
<attribute name="j_password"/>
<attribute name="userid"/>
<attribute name="logonalias"/>
</attributes>
</nameSpace>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="email" populateInitially="true"/>
<attribute name="email"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
<attribute name="krb5principalname"/>
<attribute name="kpnprefix"/>
<attribute name="dn"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname" populateInitially="true"/>
<attribute name="description" populateInitially="true"/>
<attribute name="uniquename"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</responsibleFor>
<attributeMapping>
<principals>
<principal type="account">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="domain_j_user">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="j_user">
<physicalAttribute name="userprincipalname"/>
<attribute name="logonalias">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="facsimiletelephonenumber"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="null"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephonenumber"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetaddress">
<physicalAttribute name="postaladdress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
<attribute name="krb5principalname">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="kpnprefix">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="dn">
<physicalAttribute name="distinguishedname"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="uniquename" populateInitially="true">
<physicalAttribute name="ou"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</principals>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.objectclass.grup>organizationalUnit</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>ou</ume.ldap.access.naming_attribute.grup>
<ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
<ume.ldap.access.set_pwd>true</ume.ldap.access.set_pwd>
<ume.ldap.access.multidomain.enabled>true</ume.ldap.access.multidomain.enabled>
<ume.ldap.access.extended_search_size>200</ume.ldap.access.extended_search_size>
<ume.ldap.access.domain_mapping>
[DOMAIN_PT;DC=domain,DC=pt]
[GS_DOMAIN_PT;DC=gs,DC=domain,DC=pt]
[gs;DC=DC=gs,DC=domain,DC=pt]
[domain;DC=pt]
</ume.ldap.access.domain_mapping>
</privateSection>
</dataSource>
</dataSources>
Edited by: Joaquim Pereira on Feb 7, 2009 1:34 PMHi Gaetano
I tried to set back the "uniqueid" in the XML to samaccountname.
Also, i changed the spnego to go only to domain.pt (gs.domain.pt is a child domain).
In the 1st tests this worked perfectly, but we still to do some testings with this config.
When i get confirmation, ill reply here.
Thank you.
PS:. we thought on defining the abap user for each user, but there are a lot of users...
we'll try this config, and if it doesn't work, probably, thats what we'll do.
Edited by: Joaquim Pereira on Feb 12, 2009 5:45 PM
Everything seams to be working now. setting back the uniqueid to samaccountname and configuring spnego to go to only 1 domain solved the issue.
I just need to test which change did the trick.
Edited by: Joaquim Pereira on Feb 13, 2009 1:02 PM -
Can esb DVM(Domain-value mapping ) support multi-language ?
I create a dvm , and add some rows in Chinese , but when I restart the soa service , all the DVM that I created disappeared.
Can esb DVM(Domain-value mapping ) support multi-language ?
Edited by: user10732687 on 2009-8-23 下午7:39DVM is designed to use in English only and not intended to support Multi language. It is the job of consumer application to convert from English to native language(Chinese in your case).
Thanks,
Vamsee. -
IOS AIR3.6 runtime error 3747 Multiple application domains are not supported on this operating syst
3747
Multiple application domains are not supported on this operating system.
I'm getting this error from an IOS app compiled with air 3.6.
No code has changed from Air 3.5 which is error free. Web app / android versions of the same codebase do not error.
See the stackTrace below ( well done Adobe for providing this since air 3.5 !! )
I use swfloaders for loading embedded swf vector art graphics. This has not caused any issue until now. Should I load all art into the main app's application domain ?
The error does not crash the app and I could suppress it easily but is could the tip of the iceberg because application domains are scary stuff.
Error: Error #3747
at flash.display::Loader/loadBytes()
at mx.core::MovieClipLoaderAsset()
at mx.controls::SWFLoader/loadContent()
at mx.controls::SWFLoader/load()
at mx.controls::SWFLoader/initializeHandler()
at flash.events::EventDispatcher/dispatchEvent()
at mx.core::UIComponent/dispatchEvent()
at mx.core::UIComponent/set processedDescriptors()
at mx.core::UIComponent/initialize()
at com.komodomath.app::ImageSWFloader/initialize()
at mx.core::UIComponent/http://www.adobe.com/2006/flex/mx/internal::childAdded()
at mx.core::UIComponent/addChildAt()
at spark.components::Group/addDisplayObjectToDisplayList()
at spark.components::Group/http://www.adobe.com/2006/flex/mx/internal::elementAdded()
at spark.components::Group/setMXMLContent()
at spark.components::Group/set mxmlContent()
at spark.components::SkinnableContainer/set mxmlContent()
at spark.components::SkinnableContainer/createDeferredContent()
at spark.components::SkinnableContainer/createContentIfNeeded()
at spark.components::SkinnableContainer/createChildren()
at mx.core::UIComponent/initialize()
at com.komodomath.lesson::SaveStatusCheck/initialize()
at mx.core::UIComponent/http://www.adobe.com/2006/flex/mx/internal::childAdded()
at mx.core::UIComponent/addChildAt()
at spark.components::Group/addDisplayObjectToDisplayList()
at spark.components::Group/http://www.adobe.com/2006/flex/mx/internal::elementAdded()
at spark.components::Group/addElementAt()
at mx.states::AddItems/addItemsToContentHolder()
at mx.states::AddItems/apply()
at mx.core::UIComponent/applyState()
at mx.core::UIComponent/commitCurrentState()
at mx.core::UIComponent/setCurrentState()
at mx.core::UIComponent/set currentState()
at com.komodomath.maingroups::LessonGroup/handleNewLessonClick()
at com.komodomath.maingroups::LessonGroup/___LessonGroup_KButton1_click_lessonOver()same issue as http://forums.adobe.com/message/4736711
-
Error in Installing Netweaver--domain controllers are not supported
When i make the pre-requisite check for installing Netweawer 2004s
I am getting the follwoing error
<b>installation to domain controllers are not supported</b>
Pls help me how to resolve this
Thanks in Advancehi balaji,
FYI,
You cannot create local users and groups on the host that is used as domain controller. Therefore, we do not support running an SAP instance (including the database instance) on the host where the DNS service is installed.
so try to log with a user, who has administrator rights. and check whtr all the services are up & running. then try to re-install.
for more on this refer the installation manual.
hope this will help you.
with regards,
Rajesh.
<i> plz, award with suitable points </i> -
Adobe Bridge does not support OSX 10.10's "Go Back" keyboard shortcut which is `command + shift + [` and does not have a custom one.
I tried "delete" key which is backspace for Windows. It will do delete identical to "delete X" key (which is delete key for Windows).
Sidenote: `command + shift + \` is to go back in views (switch views), not folder structure.Exactly where do you want to use a GO BACK "shortcut" in Bridge? Maybe I don't even understand what you mean by Go Back. Bridge is only a file browser, nothing more. It doesn't open, edit, manipulate or save files at all.
Are you simply referring to going back to view a folder that you viewed before?
Please don't take this a criticism. As someone who will gladly pay money not to have to learn any shortcuts at all, I'm just puzzled and curious, that's all. -
Installations on domain controllers are not supported
Hi All, While checking prerequisites of operating system users and groups, following error message are getting. "installations on domain controllers are not supported". Please help. Thanks, Sam
Hi Sam,
I assume as a technical limiation from SAP. which I suppose being as a local user or even as a local group cannot be done or created on Domain controller..
"You cannot create local users and groups on the host that is used as domain controller. Therefore, we do not support running an SAP instance (including the database instance) on the host where the domain controller is installed.
I hope it helps.
Regards,
Deepanshu Sharma -
Flash CS4 Windows domain not supported
Do you know if it is true that Flash CS4 is not supported by Adobe on a Windows domain environment?
I don't understand why having a computer on a windows domain can cause Flash crashes constantly.
I'm trying to find documentation regarding my question, but haven't been able to find anything.Hi kglad,
I am a bit new to this and can not find any info on allowscriptaccess.
Also most exe files that I have found are 2-3MB and I was just wondering if 4MB is normal as I can not find much info on this.
Also if 4MB is normal, why the increase in size?
Thanks,
Sen -
Oracle doc says Custom Portlet Mode are not supported
Is it true that WebCenter does not support JSR 286 custom portlet modes unless they are predefined Oracle-PDK portlet modes?
http://docs.oracle.com/cd/E17904_01/webcenter.1111/e10148/jpsdg_java_adv.htm#BABEAHHD
"If you are coding portlets to JSR 286, then you can declare custom portlet modes in the portlet.xml file that map to the extended modes offered by PDK-Java, or to accommodate any other functionality you may want to provide."
"Arbitrary custom modes that a third party or custom portlet producer offers are ignored and therefore not supported."WebCenter does not support custom portlet modes. I've tested and answered this.
Oracle WebCenter supports a fixed set of custom portlet modes defined by oracle. This is bad.
Custom portlet modes are a JSR 286 standard. How is it possible that WebCenter does not implement it.
Therefore, it you have a custom portlet mode such as "viewBooksMode", then you must change every mention of it in your project to "about" or "preview" or "help" or "print". -
Portal 7 Multi Domain authentication (AD)/ISA 2006 KCD SSO
I am new to SAP portal etc. I have read posts and want some more clarification and pointers.
Basically want to achieve SSO.
We have Portal 7 on Red Had Linux in a thid party data center with SAP ECC/BI etc at backend.
Active directory is windows 2003 forest which has three domains suppose
domain A (for internal employees),
domain B (for internal employees),
and domain C (for suppliers).
assume all domains have bidirectional windows trust.
Scenario 1
We want to authenticate both domain A and domain B user to Portal.
a) Can we do this by using integrated windows authentication and SPNEGO.
b) Does SPNEGO works with multidomain scenario.
c) Do I have to point to Global Catalog or separate KDC for each domain in portal.
d) Does the windows trust matter between domain A and domain B for SPNEGO to work. To me it seems that the trust shoudn't matter if we SPNEGO is using separate KDC for each domain. If going to Global catalog than it might matter.
d) All SPNEGO configuration are on Portal regardless of underlying of OS. Mine is red hat linux.
Scenario 2
We want to bring domain C to access portal also. Since domain C is for suppliers we will authenticate them using Basic authentication over SSL on ISA 2006 reverse proxy and than use Kerberos constrained delegation (KCD) to pass them to portal. so to achieve SSO.
1) if portal is using SPNEGO for this domain C than will it work.
2) I have to check whether ISA 2006 can do multi domain KCD if I change my design where i push all domain A, Domain B and domain C user to go through ISA server reverse proxy before going to portal.
Thanks for helping out.
triwhdxk
Moved by moderator to the correct forum
Edited by: Hilit Fisch on May 25, 2009 1:55 PMHi Gaetano
I tried to set back the "uniqueid" in the XML to samaccountname.
Also, i changed the spnego to go only to domain.pt (gs.domain.pt is a child domain).
In the 1st tests this worked perfectly, but we still to do some testings with this config.
When i get confirmation, ill reply here.
Thank you.
PS:. we thought on defining the abap user for each user, but there are a lot of users...
we'll try this config, and if it doesn't work, probably, thats what we'll do.
Edited by: Joaquim Pereira on Feb 12, 2009 5:45 PM
Everything seams to be working now. setting back the uniqueid to samaccountname and configuring spnego to go to only 1 domain solved the issue.
I just need to test which change did the trick.
Edited by: Joaquim Pereira on Feb 13, 2009 1:02 PM
Maybe you are looking for
-
Parallel Process in Coldfusion
Hi All, I came across with problem of the time we spent to process 10.000 employees, that took so long, more than 2 hours. I made an Coldfusion application to process Payroll data and calculate the taxes. the Idea to improve the performance is by mak
-
Function Module or BAPI to update Delivery Date (LIKP-lfdat)
Hello friends, I have a requirement to update Delivery Date (LIKP-lfdat) , is there any Function Module or BAPI to do that? any sample codes are appreciated. Thanks a lot! Edited by: Qiwei Yin on Dec 11, 2008 8:50 AM
-
Delegate not able to edit project in project professional
I have a scenario where the delegate is not able to edit the project in project professional which already under the ownership of the person whom he is delegated for. Is this standard feature or limitation? Any fix or references from Microsoft? Reg
-
_SMSTSCurrentActionName place the TS step name into another variable when fails
Hello, Testing a Task Sequence that detects step error and generates a VB script which echos failure or success. Want to capture the _SMSTSCurrentActionName when it fails and places into a user defined variable that can be called an displayed in the
-
Maximum report processing jobs??
Hi, I have developed a web application which uses crystal reports as its report engine. Several people have been testing and printing a particular report and now they all get 'The maximum report processing jobs limit configured by your system adminis