Delegated Admin and User Management in WLP 9.2
Hi,
I've made Delegated Administrator role and a user for it. The user is Delegated Admin for our users and groups. Still that user cannot create new users, only new groups.
The error message that shows when creating new user is "The subject does not have access to the specified group".
What should I do to make it work ?
Regards,
Tanja
Unfortunately, you've run into a bug in the product. See CR282051 in the WLP 9.2 release notes.
http://edocs.bea.com/wlp/docs92/relnotes/relnotes.html#wp1147925
If you have a support contract, you might be able contact BEA Support to see if a patch might be available.
Similar Messages
-
Regarding Background color change in OIM admin and user console
Hi all,
I tried to change the Background color and Text modification in Login Page,Register Page of OIM Adminstration and user console.
As per the Oracle® Fusion Middleware Developer's Guide for Oracle Identity Manager 11g guide i did Style Sheet Modifications.I created the skin the trinidad-skins.xml and myskin.css in admin.war and iam-consoles0faces.war.Even after it not reflecting on oim admin and user console.
After modifiacetions i cleared purgecache.sh as well as tmp [$DOMAIN_ROOT/servers/oim_server1/tmp/] directory.
I think i have done modifications in wrong way.Can anyone please suggest me to do the correct modifications as soon possible.
Regards,
Karthick.Hi Kevin,
Thanks,
I am not able recall any major change.
All i can recall is changing some files for customization like changing some text through filexlWebApp.war and i also i have not i am still to run patch utility. I guess this should not be the reason.
Which configuration file i should look for this ?
Ritu -
Delegated Admin and Class of Service
Hi
we have configured
Messaging Server
Calendar server
Instant Messaging Server
and Portal Server
We would like use delegated admin for user provisioning.
We are able to modify default Class of Service templates to suit our needs for Messaging and Calendaring.
We would also like to provide Portal desktop and Instant messaging access thru' delegated admin.
Help us to configure these class of services either using directory console or any other method
Thanks
Sabarkbunca wrote:
Recently we deleted about 3K users using: commadmin domain purge, and while
it appears to have successfully deleted the users -- ldapsearch doesn't yield any
output. The lower number of users is NOT reflected in the field "Number of Users"
on the Delegated Admin page. It still shows the same number of users >11K we
"had" prior to the deletion process.
Any ideas to explain this discrepancy?The number of users displayed in the DA GUI is recorded in the "sunNumUsers" attribute associated with the domain e.g.
dn: o=aus.sun.com,dc=aus,dc=sun,dc=com
sunNumUsers: 11
This is to avoid having to do an ldapsearch across the domain to get a count. You can manually update this attribute to get the number back-in-sync.
The commadmin domain purge should have updated this value -- I couldn't find any pre-existing bugs to explain why it didn't happen in your case. I suggest you log a support case to get this looked into further.
You may also want to check your directory audit logs to see if an attempt was made to update this attribute but failed for some reason.
Regards,
Shane. -
Customising the admin and user console
I want to customise the Admin and User Console for helpdesk users. Therfore I want them to have create user and manage user menu access. I have created a helpdesk user group and assigned create and manage menu items. When I logon as the helpdesk user I can see the menu items, however if I do a search for users, no records are found. Likewise if I create a user, organisations are not found on the organisations lookup. I have tried assigning various privileges for the group but with no success. Am I missing something obvious?
Thanks
DaveFor HelpDesk admin to be able to search for users, he/she need to be Organization Admin for the company for which they can search for users. For instance, if you have Organizations : ABC, XYZ in your OIM instance and you want HelDesk admin to be able to search for users within "ABC", then the corresponding group has to be an admin for "ABC". To do this, search for the Organization and assign Administrators using the option available in the Organization profile page drop-down.
Once the above task is done, you should be able to search and also assign the Organization to newly created user.
Hope this helps,
- Aman -
Impossible to set up a TC with admin and users privileges
Hi,
Sorry for my english first. I'm not an english speaker...
That's one week I'm playing with my Tc to try to set it up with admin and users privileges and and doesn't succeed to find a good way to do it....
What I want to do: set up my Tc so that I'm an admin and can do whatever I want in the folders of each user. I want the user to have access to one folder with their name. Let's say I would like to user my TC like a usual network drive or NAS.
What I discover: if I enable file sharing with accounts on my TC and define two users user1 and user2 with Read write privileges, user1 can see a folder user1 and put whatever he wants in it and there's a share folder for user1 and user2. BUT I cannot be admin on the TC when account filesharing is on. It means I cannot put anything in user1 folder beacuse I don't see user1 folder. It is just like if you have user accounts on TC you can just change the privileges but not defined an administrator. I'm able to see user1 folder for instance solely changing the filesharing back to secure shared disks "with time capsule password". If i do so I can see all the folders on the TC.
But it's very annoying because it means that each time I want to put a file inside the folder of one of my user, I have to restart my TC "with time capsule password", put the file, set it up back to user account and restart again the TC.... Not really practical!
Anyone got an idea how to use the Tc with user accounts (one admin and others users...)I forgot to mention that I tried also another method: giving guest access to TC to my two users but there are several problems here: first they can only read (if not they would have the same privileges as me) what means they can put any document in the TC. Second, they see all the folders on the TC and the idea is that they can only see the shared one....
-
Doubt between RMAN and User Managed Backup
Friends,
OS: RHEL AS 3.0
DB: 9iR2
Currently we are taking user managed backup.
rman is in testing(learning) process.
Is it possible to take rman backup and user managed backup of a database one after another?
what i mean is.....suppose, if we configure rman for auto backup at 9pm daily. can i take user managed backup before 8pm or after 10pm?
Am i have to take any precaution's?
suppose, rman is failed can i restore the db with user managed backup?
thanksYes, it is possible to perform both user managed backups and RMAN backups.
It is a waste of resources, but it is possible.
You would need to make sure both backups do not overlap each other.
Whether you can restore your database with user managed backup depends completely on the quality of the user managed backup, and whether you have proper (and tested) restore procedures in place.
Sybrand Bakker
Senior Oracle DBA -
Is the recovery techniques for RMAN and user managed are different
Hi Gurus,
I want to know the exact difference b/w RMAN and user managed recovery.
Is the difference is too much or if we know the user managed recovery,can we do the recovery using the RMAN...
Regards,
pradeepuser6738165 wrote:
Hi Gurus,
I want to know the exact difference b/w RMAN and user managed recovery.
Is the difference is too much or if we know the user managed recovery,can we do the recovery using the RMAN...
Regards,
pradeepHi Pradeep and welcome to the forum
I'd suggest you to check the Oracle Documentation to find out the difference by yourself
RMAN Recovery Concepts
http://download.oracle.com/docs/cd/B19306_01/backup.102/b14191/rcmconc2.htm#i1007882
Performing User-Managed Recovery
http://download.oracle.com/docs/cd/B19306_01/backup.102/b14191/osrecov.htm#BABBBBBB
RMAN has great advantages over the User-Managed techniques. RMAN uses it's own RMAN commands to perform backup or recovery, while with user-managed backup and recovery you use SQL commands
By knowing the main backup and recovery concepts, you can perform both -
Delegated Admin and non-flat user/group structures
Hello, I am trying to build a directory structure with several containers under an organization used to store different portions of userdata and group data (i.e. not only ou=people and ou=group, but also a few ou's like them). Server software is from OUCS 7u2 release. Users in "other" containers are populated into LDAP (ODSEE 11) by replication, filling in all the same attributes as a freshly DA-created account has.
The Delegated Admin interface and other parts of the software accept this and work okay with this setup, displaying user information, allowing logins and so on - except for attempts to edit user accounts in the alternate containers in the DA (i.e. add/remove service packages, change quotas, etc.). First I've verified that this is not an LDAP problem - I can use both command-line ldapmodify and an LDAPBrowser GUI to edit the entries with no hiccups.
I tracked that when trying to save account information for accounts in non-standard containers, the DA still tries to use a hard-coded path (i.e. uid=USERNAME,ou=people,o=DOMAINNAME,dc=DOMAIN,dc=NAME) despite the fact that the user account is (and DA displayed it from) uid=USERNAME,ou=morePeople,o=DOMAINNAME,dc=DOMAIN,dc=NAME.
Possibly, this "hardcoding" stems from DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties which does list components of the LDAP structure:
# Ldap configuration.
# List of ldap hosts. Form is <ldaphost>:<portnumber>. (Default port = 389)
# add additional hosts with ldaphost-<consecutive number>
# Schema type is either "1" or "2".
# Reconnect interval is in seconds
# Group and people container is dn from organization dn (e.g ou=people)
ldaphost-1=oucsldap01:389
ldaphost-2=oucsldap02:389
ldaphost-suffix=dc=DOMAIN,dc=NAME
ldaphost-dcsuffix=dc=DOMAIN,dc=NAME
ldaphost-maxcount=50
ldaphost-schematype=2
ldaphost-reconnectinterval=60
ldaphost-peoplecontainer=ou=People
ldaphost-groupcontainer=ou=Groups
ldaphost-orgadminrole=cn=Organization Admin Role
While the organization root dn is not explicit here (and shouldn't be), the default people container is... I might guess a coding error logic like this: indeed, the "ou=People" container should be used by default when creating a user via DA; as a likely error, it might also be used when editing existing users - instead of their existing full DN/parent DN.
Questions:
1) Does anyone have a working configuration with several user/group containers within an organization like this? Would you care to share details and workarounds, if were needed?
2) I think that possibly the "shared domain/organization hosting" mode might help here - at least it is expected to have several LDAP trees with their delegated administrators performing as a single e-mail domain. Before I go and reconfigure everything, I'd love to hear if there are any success stories with this route? Is it a proper solution (or THE solution) for such config?
Thanks,
//Jim KlimovI wanted to follow up that reconfiguring the directory structure according to shared domain hosting, with branches for ISW-synchronized accounts as one of the sub-organizations which share the domain, and manually created OUCS-only accounts being in another sub-organization. This works for both messaging components and the DA, as long as UIDs are in ou=People in their organization. Somewhat unfortunately, ISW config seems to allow only one DSEE target branch and puts groups (CN) there as well. Well, for our needs to edit user attributes and service packages via DA, this suffices. Sometimes there are hiccups (Can not save changes), but they are intermittent and harder to trace debug; usually go away with restart of the DA web container. The DSEE LDAP instances are configured with plugins to enforce uid uniqueness across the organization and uniqueness of values of messaging email address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) to avoid mixups between user accounts in different branches.
Also, we had a problem with Calendar server after migrating the LDAP entries: since our deployment used the nsUniqueID for calendar user identification, relocation of entries (the way we did it) generated new values for new entries and users got new empty caledar databases. On this POC this was not a major problem, and newer OUCS releases with a davUniqueID attribute should specifically be immune to this problem. However, for others trodding this path I can suggest that they export the LDAP database into LDIF including the unique IDs, recreate the suffixes as needed (the ISW target organization in DSEE should be a separate LDAP database suffix), change the LDIF entry pathnames, and import the LDIF anew. This would wipe old LDAP data and should add old nsUniqueIDs to relocated entries (unlike recreation via ldapadd or relocation via ldapmodrdn).
We have also hit a problem with DA refusing to render the list of accounts (returning 0 or 25 empty entries in a table). The LDAP logs showed that on the LDAP side all is ok, and expected amount of replies was located. Pattern searches often produced the proper table with a subset of users in DA. Ultimately, we linked the problem to ISW binary base64-encoded attributes (dspswuserlink et al; some of those values also garbaged output of commadmin queries in a terminal) and created an LDAP ACI which forbade our DA-admin user to read,search,compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, so as to apply this ACI not to an explicitly named admin user but to any users with DA admin privileges (by group or role? which string, to cover them all in advance)? Or, perhaps, nobody except the ISW user account should see these ISW attributes?
Hope this report helps others who would try to pioneer this path of messaging integration
//Jim Klimov -
Delegated Admin and Number of Users
Recently we deleted about 3K users using: commadmin domain purge, and while
it appears to have successfully deleted the users -- ldapsearch doesn't yield any
output. The lower number of users is NOT reflected in the field "Number of Users"
on the Delegated Admin page. It still shows the same number of users >11K we
"had" prior to the deletion process.
Any ideas to explain this discrepancy?
-- Bobrkbunca wrote:
Recently we deleted about 3K users using: commadmin domain purge, and while
it appears to have successfully deleted the users -- ldapsearch doesn't yield any
output. The lower number of users is NOT reflected in the field "Number of Users"
on the Delegated Admin page. It still shows the same number of users >11K we
"had" prior to the deletion process.
Any ideas to explain this discrepancy?The number of users displayed in the DA GUI is recorded in the "sunNumUsers" attribute associated with the domain e.g.
dn: o=aus.sun.com,dc=aus,dc=sun,dc=com
sunNumUsers: 11
This is to avoid having to do an ldapsearch across the domain to get a count. You can manually update this attribute to get the number back-in-sync.
The commadmin domain purge should have updated this value -- I couldn't find any pre-existing bugs to explain why it didn't happen in your case. I suggest you log a support case to get this looked into further.
You may also want to check your directory audit logs to see if an attempt was made to update this attribute but failed for some reason.
Regards,
Shane. -
What is the Ideal Production Setup For One Admin and 4 Managed Servers
Dear Experts
I will be starting with production setup including one Admin server and 4 managed servers in one single domain.
I am thinking of creating a single node environment(no clusters) as the machine has following configuration
OS : Windows Server 2008 R2 Datacenter
RAM : 48 GB
System Type : 64 bit
Processor : Intel(Xenon) 4 processors [email protected]
Can you please let me know if this configuration would suffice for the 4 managed servers if i assign Xmx and Xms as 4096 and Heap Space as 1024 to all the Managed Servers.
It is very urgent and i need to convey to the Infrastructure team if harware procurement is required.
We are looking at somewhere around 300 concurrent users(maximum load) and 100(minimum load) at a given point of time.
Please reply ASAP.
Thanks in advance
Edited by: Abhinav Mittal on Apr 23, 2013 7:58 PM
Edited by: Abhinav Mittal on Apr 23, 2013 8:03 PMHeap size must be calculated according to the applications that are been deployed on each JVM.
With no deployments, you dont need more than 256k for managed servers heap size and 512k for adminserver. As biggest its your heap size, longer will take your garbage collection. And if you can prevent it, better do it.
Kinds,
Gabriel Abelha -
Server Admin and Workgroup Manager is sloooow
When running Server Admin or Workgroup Manager directly from my client macbook, connected to one of our leopard servers, it is painfully slow. I mean painfully.
It takes a minute to connect while I stare at this spinning wheel, some actions never stop spinning the wheel. Sometimes it just stops and everything is working great.
If I run the admin tools locally, connected through remote desktop its working much better, but can still be quite slow when connecting sometimes.
Any ideas?I had a similar problem with a new xserve, setup with the factory pre-install leopard 10.5.2 it defaults to the server FQDN (myservername.com) for server admin with no DNS setup it takes ages to finaly get SA to open because it can't resolve itself.
deleting server.myservername.com once SA fianaly responds it reverts to server.local and responds
once DNS is configured correctly, no more issues.
this particular server went on to develope regular OD crashes and AFP problems with OD crashing and when users logged in/out nd AFP having to be restarted when OD crashed and I decided to rebuild it.
the DVD was 10.5.1, on bootup it was far worse than the factory pre-install when opening SA
I upgraded to 10.5.2 combo before turning on any services , even when I got DNS working it was slow to respond nothing like as bad as without DNS but still slow. DNS checked out fine. The only way I could get it to respond normally was to add the domain name to Search domains in network preferences.
something I did notice with the DVD install in server setup the local address defaulted to .private SA expects .local and the server name wasn't automatically filled out when I entered the server FQDN. the factory pre-install automaticly filled out the server name and used .local
there is an edit button near the server name once you click on that it changes the name from .private to .local
I didn't notice the .private the 1st time around and with the .private things where far worse. SA wouldn't respond at all even with 127.0.0.1 -
Sharing Itunes library between an admin and user account on one imac G5
Hello,
Please forgive the repetitive question. i have set up an admin and a user account on my iMac. I set the itunes library to users/shared/music/itunes/itunes library on both accounts. The music shows up on the admin account but not the user account.
Can anyone give a quick step by step including obscure settings that may need to be altered so that I can finally get this pesky stress monkey off my shoulder!
Thanks!
iMac G5 Mac OS X (10.4.3) Ipod video 30GbHi,
Someone recently poasted a similar problem as yours.
Here's the discussion and solution:
http://discussions.apple.com/message.jspa?messageID=1192454 -
Admin and user rights for change active airport
Hello alltogether,
my son has a new MacBook (System 10.5) for his school and he learn with the computer in all school-subjects. So I create two users, admin and one for him. After he has install all applications that he need for school, I gave the admin a password. Now my son can't install applications or change system settings. But i must give him admin rights, because when he stay at school, he must change the airport environment for school and if he stay at home he must change it back to home. Is it not possible to set the rights for a not admin user so, that he can change the airport environment?
Thanks for reading.
Regards,
TommyIf he needs admin status to use the wireless connection, then you need to make him an admin user. As far as I know, there is no partial admin configuration.
-
Slides for CCMS and User Management
Hello,
Can anyone recommend some helpful (SAP-owned, standard) .ppt-Slides or pdf.-Slides for the following points:
<b>CCMS
User Management und Disaster Recovery Mechanismen </b>
Thank you very much!
Regards
A. HenkeHi,
Take a look at service.sap.com/monitoring and service.sap.com/security
/Jesper -
Hi,
I have following question
User Managed backup
1)when i take user mananged backup i want to know whether DDL operation is permitted or not
2) when i take user mananged backup i want to know whether WE ADD/REMOVE TABLESPACE ??
Rman backup
1)when i take RMAN backup i want to know whether DDL operation is permitted or not
2) when i take Rman backup i want to know whether WE ADD/REMOVE TABLESPACE ??
RegardsHi,
Please go through the below links to get much familiar with user managed backup's and rman backup's.
Oracle9i User-Managed Backup and Recovery Guide
Release 2 (9.2)
http://download.oracle.com/docs/cd/B10501_01/server.920/a96572/toc.htm
Making User-Managed Backups
http://download.oracle.com/docs/cd/B19306_01/backup.102/b14191/osbackup.htm
Oracle9i Recovery Manager (RMAN)
http://www.oracle-base.com/articles/9i/RecoveryManager9i.php
RMAN Backup Concepts (11g R1)
http://download.oracle.com/docs/cd/B28359_01/backup.111/b28270/rcmcncpt.htm
Overview of RMAN Backups (10g R2)
http://download.oracle.com/docs/cd/B19306_01/backup.102/b14192/bkup001.htm
Oracle RMAN Backups: Pushing the "Easy" Button
http://www.oracle.com/technetwork/articles/havewala-rman-grid-089150.html
Hope this helps you understand clearly about both the user managed backups and rman backups. :)
Thanks,
Balaji K.
Maybe you are looking for
-
Editing a video in Photoshop cs6
Hello All I'm using Photoshop cs6 version 13.0.1 x64. I saw that Is it possible to edit videos. My question, Is there a possibility that we can change the background of a video in order to create a green screen video? Regards Panos
-
Mac Mini 2012 (new) - displayport daisy chaining.
Does anybody know whether the TB controller on the 2012 (new) Mac Mini supports DisplayPort v1.2 daisy chaining? I am aware of the limitations of the current Apple TB display, but am wondering if a workaround would be to use display v1.2 panels. My g
-
Power button not working properly
My phone was bought a year back. It was a gift from my brother. Now my warranty has expired but im still under there extended 90 day warranty.My phne is an Iphone 5 nd im facing probs wid d power button.I hve d srl no, bt not d registrtn no.Wt do i d
-
Is this a PowerPivot Bug, or am I doing something wrong?
I am working on a PowerPivot data model. I am having problems with 2 slicers that are not behaving as I would expect. I have double checked everything and I think I have done it right. So why don't they correctly show when there is no visible data ba
-
Help with Solaris 10 and 3COM 3C556 Builtin MiniPCI
Hello All, I have just installed S10. But my 3COM 3C556 Mini PCI NIC, is not working with it. I don't understand why the elxl driver is not working with since it is suppose to be compatible with the 3C9xx... Any one had the same issue? Here is what I