Db access from IdM extension framework
Hi Sappers
I've been looking into this extension framework for IdM 7.1 where you can do some validation on onSubmit events.
In my case i would like to make some searches in the idm database to check some constraints on the entry but the only way I could find was through the EntryFactory but here I need to know the exact mskey for the entries I want to use and that is not good enough!
So my questions is there another way to interact with the idm database (I would like to execute select queries or at least execute some searches on various entry values)?
// Best regards
// Jesper
Jesper:
Firstly, I was officially told that it is not recommended to do SQL lookups in the Extension Framework because it has a negative impact on performance.
Aside from that disclaimer, if you import the java.sql.* and javax.sql.DataSource packages, you can use your existing database connection that is set up on your AS Java system to connect to the database and execute queries. Here is a snippet of what we use as an example, in this case matchQuery is defined elsewhere:
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sap.engine.services.jndi.InitialContextFactoryImpl");
Context idmCont = null;
DataSource idmDS = null;
try
idmCont = new InitialContext(props);
idmDS = (DataSource) idmCont.lookup("jdbc/IDM_DataSource");
catch (NamingException ne)
e1 = ne.getMessage();
//execute the query for matching
try
Connection idmConn = idmDS.getConnection();
Statement idmState = idmConn.createStatement();
ResultSet idmMatch = idmState.executeQuery(matchQuery);
idmMatch.next();
matchedMSKEY = idmMatch.getLong(1);
catch (SQLException se)
e2 = se.getMessage();
This may not be the most effecient way of doing things, but it will at least point you in the correct direction with regards to the classes and packages you would need.
Jared
Similar Messages
-
NWDS 7.3 - extension framework not working
Hi experts,
I m trying to build and run an extension framework on a different requirement on the lines of this. I have defined it on the task extension after successfully deploying it on the connected AS JAVA. But I'm not getting any result on the IdM UI. There is already another EAR deployed not by me, which is running good. I have created everything from scratch with new names and servlet not as IdMRegisterServlet. Should there be any problem due to that ?
Because when I looked into the application tc~idm~jmx~app I could find only IdMRegisterServlet and not the one I designed.. Though I have meticulously followed the steps while deploying. If this is the case how will I be able to register it in the tc~idm~jmx~app ?
Any advise would be a Lifesaver.
Thanks
RimeshHi Rimesh,
I guess the problem is not in the name of the servlet. You can use any name.
Please check:
1. If the application-j2ee-engine.xml of your new extension application contains a reference to
tc/idm/jmx/app application:
application-j2ee-engine xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
xsi:noNamespaceSchemaLocation="application-j2ee-engine.xsd">
<reference reference-type="hard">
<reference-target provider-name="sap.com"
target-type="application">tc/idm/jmx/app
</reference-target>
</reference>
application-j2ee-engine>
2. Check if your servlet is part of the web.xml of the war project:
<servlet>
<description></description>
<display-name>IdMRegisterServlet</display-name>
<servlet-name>IdMRegisterServlet</servlet-name>
<servlet-class>testcustomer.idm.impl.IdMRegisterServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
If that does not help just write me.
Kind Regards,
Stefan -
Synchronize users from IDM Idenity Store to UME
Hi experts
I would like to synchroznize my users from IDM Identity Store to UME Java, I read this document "User management for the Identity
Management User Interface" but it is only for version 7.1, I use IDM 7.2 Sp8. I can't find job templates to ume.
I would like to provide users able to access portal:5000/idm, now only administrator can logon to the portal.
I looking forward for your replyHello Bartosz
For logging to IDM UI , IDM would match the MX_PESON with the UME user and allow the user to access IDM UI if both matches.
Please give idm.authenticated action access via any UME Role or group to users, You can add this action to Everyone group in UME.
For creating users in JAVA UME, You need to create one repository for UME as AS JAVA and choose standard job Create AS JAVA users from SAP Provisioning framework to create users.
Let me know in case any further information is required, I am also on IDM 7.2 SP8
Regards
Deepak Gupta -
Logging info about user, when deleting user from IDM
Hi,
I would like to be able create a report showing deleted users the last month.
The problem is that I also need to fetch the user fullname, and some other IDM attributes as additional columns.
This is not supported with a standard audit log report.
So I would guess that I have two options:
1. Somehow log information while the user is deleted. For example, somewhere in the "Delete User" workflow.
But I can't find the values I'm looking for there. They are not available to me. (a user view for example).
And it also seems hard to pass those values from the "Deprovision Form" to the "Delete User" workflow.
So my question is here: How do I get access to a user view in the "Delete User" workflow, is that possible?
2. I can get the values by looking directly in the audit log for each deleted user. There I can have a look at the ACCTATTRCHANGES to see what the users name was.
But if the AuditLog has been cleared, then that information might not be available.
I'm stuck..
Anyone here that has an idea of how you can fetch deleted users fullname?
Thanks & Regards,
Henrik
Edited by: user1154522 on May 24, 2011 2:18 AMHi,
One possible solution can be to add a handler in the delete user workflow.
For every user that is to be deleted, write the requird information in a file/database. In your report query the information from there and geneate it.
Note: You have to add condition to check if the users was properly deleted from IDM and resource (just to be sure) and then write/store the information in the File/table.
If you want to store the information in the auditlog only, there is a column called comments that you can use, for this also, some customizations is needed in the Delete User Flow.
Regards
Arjun -
How to install IDM extension on Firefox beta versions?
which IDM extension can be installed on Firefox beta versions?
That would be a question for IDM - but from what I have been reading in this forum, it seems that IDM is slow at supporting new Firefox '''release''' versions lately, so I doubt if they support the beta pre-release versions at all.
Take a look at this add-on, it supports three Firefox versions coming in the future, already - Beta, Aurora, and Nightly channel support. <br />
https://addons.mozilla.org/en-US/firefox/addon/flashgot/ <br />
http://flashgot.net/ -
Install PasswordSync Servlet as a separate webapp from IdM
We run Identity Manager 8.1 on a RHEL5 server and have PasswordSync installed on our domain controllers running Windows 2000 server. We have configured PasswordSync to use JMS (Sun Glassfish Message Queue 4.4). However, the PasswordSync servlet is installed in the same container within the same webapp context as IdM. We would like to pull out the PasswordSync servlet into it's own webapp, served in either the same container as IdM or not, so that we can still queue password changes from AD during IdM maintenance (IdM application stopped). Has anyone had any experience with this set up?
According to the FAQ for Sun Java Identity Manager 8.1 (chapter 11), you can install the PasswordSync servlet on a different server from IdM and all you need is "...the spml.jar and idmcommon.jar jar files, in addition to any jar files required by the JMS application". However, after some trial and error, I've discovered that the idmclient.jar contains the PasswordSyncServlet class, so it's also required.
Thanks,
EricMore on this effort... I have created a war containing the PasswordSync Servlet and deployed it to a separate instance of Tomcat. When I try to access the servlet path in my browser, I get the following error message:
"java.lang.IllegalStateException: Error initializing Encryptor: null"
There are no others errors in the Tomcat logs. Has anyone ran into this issue while setting up PasswordSync as a stand alone servlet? -
Is it possible to pick up an incoming call from an extension that is not physically ringing?
Is there a way to pick up an incoming call from an extension that is not physically ringing?
For example if an incoming call was ringing at EXT 1019 and they were away from their desk momentarily, could the call be picked up from another extension by pressing a number sequence or something?
we are using UC560. if you could tell in detail how it can be setup(config) and how it will work.Thank you in advance.Please rate helpful posts.
Thanks,
Alex
Here is the inof for the Call Manager Express.
Enabling Call Pickup
To enable Call Pickup features on SCCP or SIP phones, perform the following steps.
Prerequisites
•SIP phones require Cisco Unified CME 7.1 or a later version.
•The PickUp and GPickUp soft keys display by default on supported SCCP and SIP phones. If previously disabled, you must enable these soft keys with the softkeys idle command.
Restrictions
•SIP phones that do not support the PickUp and GpickUp soft keys must use feature access codes (FACs) to access these features.
•Different directory numbers with the same extension number must have the same Pickup configuration.
•A directory number can be assigned to only one pickup group.
•Pickup group numbers can vary in length, but must have unique leading digits. For example, if you configure group number 17, you cannot also configure group number 177. Otherwise a pickup in group 17 is always triggered before the user can enter the final 7 for 177.
•Calls from H.323 trunks are not supported on SIP phones.
SUMMARY STEPS
1. enable
2. configure terminal
3. telephony-service
4. service directed-pickup [gpickup]
5. fac {standard | custom pickup {direct | group | local} custom-fac}
6. exit
7. ephone-dn dn-tag [dual-line | octo-line]
or
voice register dn dn-tag
8. pickup-group group-number
9. pickup-call any-group
10. end
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
•Enter your password if prompted.
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
telephony-service
Example:
Router(config)# telephony-service
Enters telephony-service configuration mode.
Step 4
service directed-pickup [gpickup]
Example:
Router(config-telephony)# service directed-pickup gpickup
Enables Directed Call Pickup and modifies the function of the GPickUp and PickUp soft keys.
•gpickup—(Optional) Enables using the GPickUp soft key to perform Directed Call Pickup on SCCP phones. This keyword is supported in Cisco Unified CME 7.1 and later versions.
•This command determines the specific soft keys used to access different Call Pickup features on SCCP and SIP phones. For a description, see the service directed-pickup command in the Cisco Unified CME Command Reference.
Step 5
fac {standard | custom pickup {direct | group | local} custom-fac}
Example:
Router(config-telephony)# fac custom pickup group #35
Enables standard FACs or creates a custom FAC or alias for Pickup features on SCCP and SIP phones.
•standard—Enables standard FACs for all phones. Standard FAC for Park Retrieval is **10.
•custom—Creates a custom FAC for a feature.
•custom-fac—User-defined code to dial using the keypad on an IP or analog phone. Custom FAC can be up to 256 characters and contain numbers 0 to 9 and * and #.
Step 6
exit
Example:
Router(config-telephony)# exit
Returns to privileged EXEC mode.
Step 7
ephone-dn dn-tag [dual-line | octo-line]
or
voice register dn dn-tag
Example:
Router(config)# ephone-dn 20 dual-line
or
Router(config)# voice register dn 20
Enters directory number configuration mode.
Step 8
pickup-group group-number
Example:
Router(config-ephone-dn)# pickup-group 30
or
Router(config-register-dn)# pickup-group 30
Creates a pickup group and assigns the directory number to the group.
•group-number—String of up to 32 characters. Group numbers can vary in length but must have unique leading digits. For example, if there is a group number 17, there cannot also be a group number 177.
•This command can also be configured in ephone-dn-template configuration mode and applied to one or more ephone-dns. The ephone-dn configuration has priority over the template configuration.
Step 9
pickup-call any-group
Example:
Router(config-ephone-dn)# pickup-call any-group
or
Router(config-register-dn)# pickup-call any-group
Enables a phone user to pickup ringing calls on any extension belonging to a pickup group by pressing the GPickUp soft key and asterisk (*).
•The ringing extension must be configured with a pickup group using the pickup-group command.
•If this command is not configured, the user can pickup calls in other groups by pressing the GPickUp soft key and dialing the pickup group number.
Step 10
end
Example:
Router(config-ephone-dn)# end
or
Router(config-register-dn)# end
Exits configuration mode.
Examples
The following example shows the Group Pickup and Local Group Pickup features enabled with the service directed-pickup gpickup command. Extension 1005 on phone 5 and extension 1006 on phone 6 are assigned to pickup group 1.
telephony-service
load 7960-7940 P00308000500
load E61 SCCP61.8-2-2SR2S
max-ephones 100
max-dn 240
ip source-address 15.7.0.1 port 2000
service directed-pickup gpickup
cnf-file location flash:
cnf-file perphone
voicemail 8900
max-conferences 8 gain -6
call-park system application
transfer-system full-consult
fac standard
create cnf-files version-stamp 7960 Sep 25 2007 21:25:47
ephone-dn 5
number 1005
pickup-group 1
ephone-dn 6
number 1006
pickup-group 1
ephone 5
mac-address 0001.2345.6789
type 7962
button 1:5
ephone 6
mac-address 000F.F758.E70E
type 7962
button 1:6 -
How do I setup my Time Capsule (3rd Generation) to be accessed from the internet while I'm traveling? It is installed on my home network behind my TWC broadband router.
Ok.. since the TWC modem is also a router.. all configuration takes place on this box.. NONE whatsoever takes place on the TC.
There is no airport utility 7.7.3 but there is a firmware of that number for the latest AC model TC..
Is it tall like this.
Then it is Gen5.
otherwise it will have a firmware.. 7.6.4 or earlier and the airport utility must be 6.3 or earlier.
Open the Airport utility and give us a screenshot of the summary page.
That will also help us determine that you have the TC, which version and how it is setup.
You might want to press the edit and also give us the Internet and Network tab as they should be set correctly as well.
I have created a DDNS through DYN.com although I am not sure how to implement this into the TC.
You do not do anything in the TC.. set it up in the Ubee router.
Port forward 548 to the TC in the Ubee router.
And make sure the TC has a static IP in the Ubee router.
Overall if you find this too hard I strongly recommend you buy a product designed for remote access .. eg WD MyCloud.. they are cheap and easy peasy to setup for remote access.. by PC or Mac and since it is built outside of Apple you not bound up in Apple limitations built into all their equipment to prevent you using it the way you want.. rather than apple want you too.. eg BTMM and iCloud being the only way apple provide for access to the TC and only when it is the main router of the network.
You are fighting hard because Apple made this hard.. not easy. -
I've recently gotten a new laptop and replaced my damaged iphone. Apparently these 2 scenarios qualify as "new devices". This is fine but I also had lost my credit card previously that was connected to my iTunes account, and got a new one with all different numbers. When I try to change my billing information to this new card it won't let me because it says
"Your account has been accessed from a new device, and you must verify your payment information before you can make purchases."
and it asks for the security code of the card I had lost and replaced! I am not able to change my billing info to my new card thus because I can't get past this.
Can anyone please help?Contact iTunes Customer Service and request assistance
Apple Support iTunes Store Contact Us -
I have an iTunes account where I have downloaded Digital movies & I am able to see the list on the desktop of the original downloads. When I log on another device with my login I do not see my list to access them. Why can't I access from another device
Hey GingCarv,
Great question. You'll want to download the movies from your purchase history. The following article explains how to do so:
Downloading past purchases from the App Store, iBookstore, and iTunes Store
http://support.apple.com/kb/HT2519
Note: At this time, movies are not available for automatic downloads.
Thanks,
Matt M. -
Read-only file access from network volume
I get an read-only file access from network volume problem while sharing a drive from Snow Leopard to a Tiger install. Most of files were opening well, but *.fp7 (FileMaker) and *.xls (Excel) files won't open dealing with a read-only error.
As descibed in the last post of http://discussions.apple.com/thread.jspa?threadID=1406977 the client have the same share name of the server. Renomming it resolved the error!
Thanks!right then, as it looks like I'm talking to myself....
I have just wiped clean the Macbook Pro.
I installed Leopard from scratch, then installed Office 2008.
Logged back onto the network share, and the read-only error came up again, ONLY in Excel.
bugger.
Did the same thing with my Macbook and all is fine.
Copy the file to the local hard drive, opens ok.
I then copied the file to another Mac on the network.
mmmm, opens fine.
what's the difference....
mmmm, the machine it opens fine from is running 10.4
the machine which hosts all the data is running 10.3.9
could this be the problem.
Just done a software update check on the 10.3 machine and there are some security updates that need doing.
Going to run that now and see what happens, otherwise I think the iMac running 10.3.9 is going to need to come up to 10.4 and fingers crossed this will solve it. -
Hello All,
we have created shared folder on multiple client machine in domain environment on different 2 OS like-XP,Vista, etc.
from some day's When we facing problem when we are access from host name that shared folder is accessible but same time same computer when we are trying to access the share folder with IP it asking for credentials i have type again and again
correct credential but unable to access that. If i re-share the folder then we are access it but when we are restarted the system then same problem is occurring.
I have checked IP,DNS,Gateway and more each & everything is well.
Pls suggest us.
Pankaj KumarHi,
According to your description, my understanding is that the same shared folder can be accessed by name, but can’t be accessed be IP address and asks for credentials.
Please try to enable the option below on the device which has shared folder:
Besides, check the Advanced Shring settings of shared folder and confrim that if there is any limitation settings.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Is there a way to play an mp4 file at the beginning of a published project only when the project is accessed from a specific site?
A little background info. I use Captivate 7 and currently have over 100 projects that I maintain on a quarterly basis. I publish using the SWF format and upload the swf/htm files to a server where they are then accessed from a few locations (within our online documentation, in our software product, on two different websites). Many of the projects are linked so some will be viewed as a series and others viewed as a standalone video. Each video uses the same template and includes an intro and end slide. Now my organization wants to implement a new intro to all videos (those I publish and those from several groups across the organization). My current intros provide overview material for the specific video so the new intro, which is an animation with audio in mp4 format, would need to be placed at the start of each project. The issue is, the intro adds 9 seconds to every video and in many cases doesn’t add any value (say, if a user accesses the video from within our product or views the videos as a series). I’ve talked it over with my boss and we want to try to add the intro only to videos accessed from site X, not any other location. So now to my question. Is there a way to play an external mp4 file (intro) only when the published project is accessed from a specific site, therefore eliminating the need to update each project? Maybe there's a way to add a parameter or variable to the URL or the html code?
Thanks in advance for your suggestions. Please let me know if you need additional information.AimeeLove,
I have a solution for you. You may have to modify the code a little bit based on how long the timeline animation is for your clock. I based mine on 3 seconds to complete a minute hand sweep around the clock.
Milliseconds for each point on the clock:
12 = 0
1 = 250
2 = 500
3 = 750
4 = 1000
5 = 1250
6 = 1500
7 = 1750
8 = 2000
9 = 2250
10 = 2500
11 = 2750
In the mouseover section for 12 o' clock, put this code...
myVar = setInterval(function(){
var pos = sym.getPosition();
if (pos > 0 && pos < 50){
sym.stop(0);
clearInterval(myVar);
},10);
When you point to the time, the setInterval method loops every 100th of a second and checks the current position of the timeline. When the timeline reaches the range between 0 and 50 milliseconds (almost impossible to hit 1 specific point), the timeline will stop at 0. Also, the clearInterval will be fired to stop the loop.
In the mouseout section, put this...
sym.play();
clearInterval(myVar);
It start the clock again, and it also clears the loop in case you mouseout before you reach the range.
Make sure that myVar is a global variable so you can clear it from the mouseout section.
Repeat this for each point on the clock. To avoid potential conflicts, you may want to use my12, my1, my2, etc. instead of myVar. I put the milliseconds at the top that you would use as the beginning of the range. 50 milliseconds should be enough to catch it. So, for 5 o' clock, you would make your range between 1250 and 1300.
Let me know if you have any questions. Thanks!
Fred -
I want to take remote access from an iTunes library off of my iPad ...when I hit edit from the remote app it pulls that library up ..if I delete it I just want to make sure that I'm not remotely wiping out the library, just access to it from my iPad ?
Call the apple store you got it from and ask them. Sometimes in the past they've extended the 'no questions asked return' but only Apple can tell you for sure.
-
I can't get home sharing to turn on on my computers. I have a PC running windows XP that has a large library on it that I want to access from a newer windows 7 PC. I have turned home sharing on in both, same apple ID. I just will not come up. Any ideas?
Ugh, disregard.. it magically started working -_-
Maybe you are looking for
-
How do I transfer playlists from one ipod to another?
Dell Windows XP
-
Hi Gurus, I am trying to create Vendor by inbound IDOC by enhancing the standard FM IDOC_INPUT_CREDITOR but IDOC is getting posted with status 51: Status 51: Trans. XK01 record 3 : Data record is not flagged as record type 2
-
I'm working on a XI interface scenario and it reads like following Customers (from a File system) send a PO request (containing a Customer PO num) to XI. And, XI maps file data to a PO IDOC PORDCR1 and sends it to R/3 system. In R/3, PO is created. A
-
I am unable to download an album from the itunes library when syncing from my pc.
I am unable to load an album on to my iphone from the itunes library on my pc when syncing.
-
How to recapture with header?
Is there a way to recapture media with an additional header on it? So, say I wanted to disconnect my media and recapture it with the in point on each clip backed up by three or four seconds. How can I do that?