Delegated Admin and User Management in WLP 9.2

Similar Messages

• Regarding Background color change in OIM admin and user console

  Hi all,
  I tried to change the Background color and Text modification in Login Page,Register Page of OIM Adminstration and user console.
  As per the Oracle® Fusion Middleware Developer's Guide for Oracle Identity Manager 11g guide i did Style Sheet Modifications.I created the skin the trinidad-skins.xml and myskin.css in admin.war and iam-consoles0faces.war.Even after it not reflecting on oim admin and user console.
  After modifiacetions i cleared purgecache.sh as well as tmp [$DOMAIN_ROOT/servers/oim_server1/tmp/] directory.
  I think i have done modifications in wrong way.Can anyone please suggest me to do the correct modifications as soon possible.
  Regards,
  Karthick.

  Hi Kevin,
  Thanks,
  I am not able recall any major change.
  All i can recall is changing some files for customization like changing some text through filexlWebApp.war and i also i have not i am still to run patch utility. I guess this should not be the reason.
  Which configuration file i should look for this ?
  Ritu

• Delegated Admin and Class of Service

  Hi
  we have configured
  Messaging Server
  Calendar server
  Instant Messaging Server
  and Portal Server
  We would like use delegated admin for user provisioning.
  We are able to modify default Class of Service templates to suit our needs for Messaging and Calendaring.
  We would also like to provide Portal desktop and Instant messaging access thru' delegated admin.
  Help us to configure these class of services either using directory console or any other method
  Thanks
  Saba

  rkbunca wrote:
  Recently we deleted about 3K users using: commadmin domain purge, and while
  it appears to have successfully deleted the users -- ldapsearch doesn't yield any
  output. The lower number of users is NOT reflected in the field "Number of Users"
  on the Delegated Admin page. It still shows the same number of users >11K we
  "had" prior to the deletion process.
  Any ideas to explain this discrepancy?The number of users displayed in the DA GUI is recorded in the "sunNumUsers" attribute associated with the domain e.g.
  dn: o=aus.sun.com,dc=aus,dc=sun,dc=com
  sunNumUsers: 11
  This is to avoid having to do an ldapsearch across the domain to get a count. You can manually update this attribute to get the number back-in-sync.
  The commadmin domain purge should have updated this value -- I couldn't find any pre-existing bugs to explain why it didn't happen in your case. I suggest you log a support case to get this looked into further.
  You may also want to check your directory audit logs to see if an attempt was made to update this attribute but failed for some reason.
  Regards,
  Shane.

• Customising the admin and user console

  I want to customise the Admin and User Console for helpdesk users. Therfore I want them to have create user and manage user menu access. I have created a helpdesk user group and assigned create and manage menu items. When I logon as the helpdesk user I can see the menu items, however if I do a search for users, no records are found. Likewise if I create a user, organisations are not found on the organisations lookup. I have tried assigning various privileges for the group but with no success. Am I missing something obvious?
  Thanks
  Dave

  For HelpDesk admin to be able to search for users, he/she need to be Organization Admin for the company for which they can search for users. For instance, if you have Organizations : ABC, XYZ in your OIM instance and you want HelDesk admin to be able to search for users within "ABC", then the corresponding group has to be an admin for "ABC". To do this, search for the Organization and assign Administrators using the option available in the Organization profile page drop-down.
  Once the above task is done, you should be able to search and also assign the Organization to newly created user.
  Hope this helps,
  - Aman

• Impossible to set up a TC with admin and users privileges

  Hi,
  Sorry for my english first. I'm not an english speaker...
  That's one week I'm playing with my Tc to try to set it up with admin and users privileges and and doesn't succeed to find a good way to do it....
  What I want to do: set up my Tc so that I'm an admin and can do whatever I want in the folders of each user. I want the user to have access to one folder with their name. Let's say I would like to user my TC like a usual network drive or NAS.
  What I discover: if I enable file sharing with accounts on my TC and define two users user1 and user2 with Read write privileges, user1 can see a folder user1 and put whatever he wants in it and there's a share folder for user1 and user2. BUT I cannot be admin on the TC when account filesharing is on. It means I cannot put anything in user1 folder beacuse I don't see user1 folder. It is just like if you have user accounts on TC you can just change the privileges but not defined an administrator. I'm able to see user1 folder for instance solely changing the filesharing back to secure shared disks "with time capsule password". If i do so I can see all the folders on the TC.
  But it's very annoying because it means that each time I want to put a file inside the folder of one of my user, I have to restart my TC "with time capsule password", put the file, set it up back to user account and restart again the TC.... Not really practical!
  Anyone got an idea how to use the Tc with user accounts (one admin and others users...)

  I forgot to mention that I tried also another method: giving guest access to TC to my two users but there are several problems here: first they can only read (if not they would have the same privileges as me) what means they can put any document in the TC. Second, they see all the folders on the TC and the idea is that they can only see the shared one....

• Doubt between RMAN and User Managed Backup

  Friends,
  OS: RHEL AS 3.0
  DB: 9iR2
  Currently we are taking user managed backup.
  rman is in testing(learning) process.
  Is it possible to take rman backup and user managed backup of a database one after another?
  what i mean is.....suppose, if we configure rman for auto backup at 9pm daily. can i take user managed backup before 8pm or after 10pm?
  Am i have to take any precaution's?
  suppose, rman is failed can i restore the db with user managed backup?
  thanks

  Yes, it is possible to perform both user managed backups and RMAN backups.
  It is a waste of resources, but it is possible.
  You would need to make sure both backups do not overlap each other.
  Whether you can restore your database with user managed backup depends completely on the quality of the user managed backup, and whether you have proper (and tested) restore procedures in place.
  Sybrand Bakker
  Senior Oracle DBA

• Is the recovery techniques for RMAN and user managed are different

  Hi Gurus,
  I want to know the exact difference b/w RMAN and user managed recovery.
  Is the difference is too much or if we know the user managed recovery,can we do the recovery using the RMAN...
  Regards,
  pradeep

  user6738165 wrote:
  Hi Gurus,
  I want to know the exact difference b/w RMAN and user managed recovery.
  Is the difference is too much or if we know the user managed recovery,can we do the recovery using the RMAN...
  Regards,
  pradeepHi Pradeep and welcome to the forum
  I'd suggest you to check the Oracle Documentation to find out the difference by yourself
  RMAN Recovery Concepts
  http://download.oracle.com/docs/cd/B19306_01/backup.102/b14191/rcmconc2.htm#i1007882
  Performing User-Managed Recovery
  http://download.oracle.com/docs/cd/B19306_01/backup.102/b14191/osrecov.htm#BABBBBBB
  RMAN has great advantages over the User-Managed techniques. RMAN uses it's own RMAN commands to perform backup or recovery, while with user-managed backup and recovery you use SQL commands
  By knowing the main backup and recovery concepts, you can perform both

• Delegated Admin and non-flat user/group structures

  Hello, I am trying to build a directory structure with several containers under an organization used to store different portions of userdata and group data (i.e. not only ou=people and ou=group, but also a few ou's like them). Server software is from OUCS 7u2 release. Users in "other" containers are populated into LDAP (ODSEE 11) by replication, filling in all the same attributes as a freshly DA-created account has.
  The Delegated Admin interface and other parts of the software accept this and work okay with this setup, displaying user information, allowing logins and so on - except for attempts to edit user accounts in the alternate containers in the DA (i.e. add/remove service packages, change quotas, etc.). First I've verified that this is not an LDAP problem - I can use both command-line ldapmodify and an LDAPBrowser GUI to edit the entries with no hiccups.
  I tracked that when trying to save account information for accounts in non-standard containers, the DA still tries to use a hard-coded path (i.e. uid=USERNAME,ou=people,o=DOMAINNAME,dc=DOMAIN,dc=NAME) despite the fact that the user account is (and DA displayed it from) uid=USERNAME,ou=morePeople,o=DOMAINNAME,dc=DOMAIN,dc=NAME.
  Possibly, this "hardcoding" stems from DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties which does list components of the LDAP structure:
  # Ldap configuration.
  # List of ldap hosts. Form is <ldaphost>:<portnumber>. (Default port = 389)
  # add additional hosts with ldaphost-<consecutive number>
  # Schema type is either "1" or "2".
  # Reconnect interval is in seconds
  # Group and people container is dn from organization dn (e.g ou=people)
  ldaphost-1=oucsldap01:389
  ldaphost-2=oucsldap02:389
  ldaphost-suffix=dc=DOMAIN,dc=NAME
  ldaphost-dcsuffix=dc=DOMAIN,dc=NAME
  ldaphost-maxcount=50
  ldaphost-schematype=2
  ldaphost-reconnectinterval=60
  ldaphost-peoplecontainer=ou=People
  ldaphost-groupcontainer=ou=Groups
  ldaphost-orgadminrole=cn=Organization Admin Role
  While the organization root dn is not explicit here (and shouldn't be), the default people container is... I might guess a coding error logic like this: indeed, the "ou=People" container should be used by default when creating a user via DA; as a likely error, it might also be used when editing existing users - instead of their existing full DN/parent DN.
  Questions:
  1) Does anyone have a working configuration with several user/group containers within an organization like this? Would you care to share details and workarounds, if were needed?
  2) I think that possibly the "shared domain/organization hosting" mode might help here - at least it is expected to have several LDAP trees with their delegated administrators performing as a single e-mail domain. Before I go and reconfigure everything, I'd love to hear if there are any success stories with this route? Is it a proper solution (or THE solution) for such config?
  Thanks,
  //Jim Klimov

  I wanted to follow up that reconfiguring the directory structure according to shared domain hosting, with branches for ISW-synchronized accounts as one of the sub-organizations which share the domain, and manually created OUCS-only accounts being in another sub-organization. This works for both messaging components and the DA, as long as UIDs are in ou=People in their organization. Somewhat unfortunately, ISW config seems to allow only one DSEE target branch and puts groups (CN) there as well. Well, for our needs to edit user attributes and service packages via DA, this suffices. Sometimes there are hiccups (Can not save changes), but they are intermittent and harder to trace debug; usually go away with restart of the DA web container. The DSEE LDAP instances are configured with plugins to enforce uid uniqueness across the organization and uniqueness of values of messaging email address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) to avoid mixups between user accounts in different branches.
  Also, we had a problem with Calendar server after migrating the LDAP entries: since our deployment used the nsUniqueID for calendar user identification, relocation of entries (the way we did it) generated new values for new entries and users got new empty caledar databases. On this POC this was not a major problem, and newer OUCS releases with a davUniqueID attribute should specifically be immune to this problem. However, for others trodding this path I can suggest that they export the LDAP database into LDIF including the unique IDs, recreate the suffixes as needed (the ISW target organization in DSEE should be a separate LDAP database suffix), change the LDIF entry pathnames, and import the LDIF anew. This would wipe old LDAP data and should add old nsUniqueIDs to relocated entries (unlike recreation via ldapadd or relocation via ldapmodrdn).
  We have also hit a problem with DA refusing to render the list of accounts (returning 0 or 25 empty entries in a table). The LDAP logs showed that on the LDAP side all is ok, and expected amount of replies was located. Pattern searches often produced the proper table with a subset of users in DA. Ultimately, we linked the problem to ISW binary base64-encoded attributes (dspswuserlink et al; some of those values also garbaged output of commadmin queries in a terminal) and created an LDAP ACI which forbade our DA-admin user to read,search,compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, so as to apply this ACI not to an explicitly named admin user but to any users with DA admin privileges (by group or role? which string, to cover them all in advance)? Or, perhaps, nobody except the ISW user account should see these ISW attributes?
  Hope this report helps others who would try to pioneer this path of messaging integration
  //Jim Klimov

• Delegated Admin and Number of Users

  Recently we deleted about 3K users using: commadmin domain purge, and while
  it appears to have successfully deleted the users -- ldapsearch doesn't yield any
  output. The lower number of users is NOT reflected in the field "Number of Users"
  on the Delegated Admin page. It still shows the same number of users >11K we
  "had" prior to the deletion process.
  Any ideas to explain this discrepancy?
  -- Bob

  rkbunca wrote:
  Recently we deleted about 3K users using: commadmin domain purge, and while
  it appears to have successfully deleted the users -- ldapsearch doesn't yield any
  output. The lower number of users is NOT reflected in the field "Number of Users"
  on the Delegated Admin page. It still shows the same number of users >11K we
  "had" prior to the deletion process.
  Any ideas to explain this discrepancy?The number of users displayed in the DA GUI is recorded in the "sunNumUsers" attribute associated with the domain e.g.
  dn: o=aus.sun.com,dc=aus,dc=sun,dc=com
  sunNumUsers: 11
  This is to avoid having to do an ldapsearch across the domain to get a count. You can manually update this attribute to get the number back-in-sync.
  The commadmin domain purge should have updated this value -- I couldn't find any pre-existing bugs to explain why it didn't happen in your case. I suggest you log a support case to get this looked into further.
  You may also want to check your directory audit logs to see if an attempt was made to update this attribute but failed for some reason.
  Regards,
  Shane.

• What is the Ideal Production Setup For One Admin and 4 Managed Servers

  Dear Experts
  I will be starting with production setup including one Admin server and 4 managed servers in one single domain.
  I am thinking of creating a single node environment(no clusters) as the machine has following configuration
  OS : Windows Server 2008 R2 Datacenter
  RAM : 48 GB
  System Type : 64 bit
  Processor : Intel(Xenon) 4 processors [email protected]
  Can you please let me know if this configuration would suffice for the 4 managed servers if i assign Xmx and Xms as 4096 and Heap Space as 1024 to all the Managed Servers.
  It is very urgent and i need to convey to the Infrastructure team if harware procurement is required.
  We are looking at somewhere around 300 concurrent users(maximum load) and 100(minimum load) at a given point of time.
  Please reply ASAP.
  Thanks in advance
  Edited by: Abhinav Mittal on Apr 23, 2013 7:58 PM
  Edited by: Abhinav Mittal on Apr 23, 2013 8:03 PM

  Heap size must be calculated according to the applications that are been deployed on each JVM.
  With no deployments, you dont need more than 256k for managed servers heap size and 512k for adminserver. As biggest its your heap size, longer will take your garbage collection. And if you can prevent it, better do it.
  Kinds,
  Gabriel Abelha

• Server Admin and Workgroup Manager is sloooow

  When running Server Admin or Workgroup Manager directly from my client macbook, connected to one of our leopard servers, it is painfully slow. I mean painfully.
  It takes a minute to connect while I stare at this spinning wheel, some actions never stop spinning the wheel. Sometimes it just stops and everything is working great.
  If I run the admin tools locally, connected through remote desktop its working much better, but can still be quite slow when connecting sometimes.
  Any ideas?

  I had a similar problem with a new xserve, setup with the factory pre-install leopard 10.5.2 it defaults to the server FQDN (myservername.com) for server admin with no DNS setup it takes ages to finaly get SA to open because it can't resolve itself.
  deleting server.myservername.com once SA fianaly responds it reverts to server.local and responds
  once DNS is configured correctly, no more issues.
  this particular server went on to develope regular OD crashes and AFP problems with OD crashing and when users logged in/out nd AFP having to be restarted when OD crashed and I decided to rebuild it.
  the DVD was 10.5.1, on bootup it was far worse than the factory pre-install when opening SA
  I upgraded to 10.5.2 combo before turning on any services , even when I got DNS working it was slow to respond nothing like as bad as without DNS but still slow. DNS checked out fine. The only way I could get it to respond normally was to add the domain name to Search domains in network preferences.
  something I did notice with the DVD install in server setup the local address defaulted to .private SA expects .local and the server name wasn't automatically filled out when I entered the server FQDN. the factory pre-install automaticly filled out the server name and used .local
  there is an edit button near the server name once you click on that it changes the name from .private to .local
  I didn't notice the .private the 1st time around and with the .private things where far worse. SA wouldn't respond at all even with 127.0.0.1

• Sharing Itunes library between an admin and user account on one imac G5

  Hello,
  Please forgive the repetitive question. i have set up an admin and a user account on my iMac. I set the itunes library to users/shared/music/itunes/itunes library on both accounts. The music shows up on the admin account but not the user account.
  Can anyone give a quick step by step including obscure settings that may need to be altered so that I can finally get this pesky stress monkey off my shoulder!
  Thanks!
  iMac G5   Mac OS X (10.4.3)   Ipod video 30Gb

  Hi,
  Someone recently poasted a similar problem as yours.
  Here's the discussion and solution:
  http://discussions.apple.com/message.jspa?messageID=1192454

• Admin and user rights for change active airport

  Hello alltogether,
  my son has a new MacBook (System 10.5) for his school and he learn with the computer in all school-subjects. So I create two users, admin and one for him. After he has install all applications that he need for school, I gave the admin a password. Now my son can't install applications or change system settings. But i must give him admin rights, because when he stay at school, he must change the airport environment for school and if he stay at home he must change it back to home. Is it not possible to set the rights for a not admin user so, that he can change the airport environment?
  Thanks for reading.
  Regards,
  Tommy

  If he needs admin status to use the wireless connection, then you need to make him an admin user. As far as I know, there is no partial admin configuration.

• Slides for CCMS and User Management

  Hello,
  Can anyone recommend some helpful (SAP-owned, standard) .ppt-Slides or pdf.-Slides for the following points:
  <b>CCMS
  User Management und Disaster Recovery Mechanismen </b>
  Thank you very much!
  Regards
  A. Henke

  Hi,
  Take a look at service.sap.com/monitoring and service.sap.com/security
  /Jesper

• Rman And user Managed backup

  Hi,
  I have following question
  User Managed backup
  1)when i take user mananged backup i want to know whether DDL operation is permitted or not
  2) when i take user mananged backup i want to know whether WE ADD/REMOVE TABLESPACE ??
  Rman backup
  1)when i take RMAN backup i want to know whether DDL operation is permitted or not
  2) when i take Rman backup i want to know whether WE ADD/REMOVE TABLESPACE ??
  Regards

  Hi,
  Please go through the below links to get much familiar with user managed backup's and rman backup's.
  Oracle9i User-Managed Backup and Recovery Guide
  Release 2 (9.2)
  http://download.oracle.com/docs/cd/B10501_01/server.920/a96572/toc.htm
  Making User-Managed Backups
  http://download.oracle.com/docs/cd/B19306_01/backup.102/b14191/osbackup.htm
  Oracle9i Recovery Manager (RMAN)
  http://www.oracle-base.com/articles/9i/RecoveryManager9i.php
  RMAN Backup Concepts (11g R1)
  http://download.oracle.com/docs/cd/B28359_01/backup.111/b28270/rcmcncpt.htm
  Overview of RMAN Backups (10g R2)
  http://download.oracle.com/docs/cd/B19306_01/backup.102/b14192/bkup001.htm
  Oracle RMAN Backups: Pushing the "Easy" Button
  http://www.oracle.com/technetwork/articles/havewala-rman-grid-089150.html
  Hope this helps you understand clearly about both the user managed backups and rman backups. :)
  Thanks,
  Balaji K.