DN attribute in ldap
Hi,
The Schema reference of Directory Server 5.1 has an attribute called dn which is nothing but the distinguished name of that ldap entry. Is it possible to do a search using this atribute i.e I want to sepicify the search filter as (dn=cn=Test,ou=People,o=myorg)
I tried and did not return any result.
Can anyone help me.
Thanks
Sudipta
So if you know the DN - set that as the base (without dn=) and objectclass=* as the filter ...
Then return the attributes you want ...
ldapsearch -b "uid=user,ou=users,dc=company,dc=com" -h host -p port -D "binddn" -w password "objectclass=*" attr
Similar Messages
-
Multi level attribute form LDAP
multi level attribute form LDAP
I am trying to write an custom mapping to use to retrieve a value from a multialued field in LDAP (nsRole). Has anyone done this before?
Rigth now all my mappings are 1:1. However the goal is to get a 1 : M and parse thru it till i get the desied value (1:1)Darwin Hammons - Assurant
2:44pm, May 17
Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location) queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location) queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
Anthony Erickson
2:52pm, May 18
Hi Darwin,
We're about to embark on a piece of work with newScale which would be similar to this to support our Multilingual catalogue. I'll provide any updates I'm able.
Thanks,
Ant
Darwin Hammons - Assurant
3:25pm, May 18
Great, Thanks Anthony ! I hope our bringing up this topic will spark a bit of interest. The Custom Java Mapping / Directory integration is documented more with RC 9.1. It will be good to hear more about your project and use of Java mappings with LDAP Directories. -
Accessing custom attributes in LDAP using WD Java - UME APIs
Hello Friends,
I am trying to access a custom attribute from LDAP in WebDynpro Java. I am using bellow code.
IWDClientUser clientUser = WDClientUser.getCurrentUser();
IUser sapUser = clientUser.getSAPUser();
if (sapUser != null) {
String[] str_emp = sapUser.getAttribute(<Name Space>,"Attribute Name");
if (str_emp == null || str_emp.length == 0) {
wdComponentAPI.getMessageManager().reportSuccess(" NULL ");
return;
} else {
strEmpID = str_emp[0];
wdComponentAPI.getMessageManager().reportSuccess(strEmpID);
The name space is "$usermapping$". I am not sure why it is like that only for this attribute i am trying to access.
I am getting null value if i run this code.
Can any one help
thanks
ShobhanHi,
Are you sure this is the right namespace? The default namespace is com.sap.security.core.usermanagement.
You can get all namespaces and the names of all attributes defined for a user using methods getAttributeNamespaces and getAttributeNames : [Interface IPrincipal|http://help.sap.com/javadocs/NW04S/current/se/index.html].
Regards,
Pierre -
Hi guys,
Currently we have an error for LDAP attribute .
distinguishedName = (String) user.getTransientAttribute("ldap.distinguished_name");
user is of type IUser.
and it return null
where could i find the list of user attributes in LDAP? currently we have LDAP 8.8.1.Don,
you might should have a look at a LDAP Browser (eg. http://www-unix.mcs.anl.gov/~gawor/ldap/ ) which helps a lot to find out how the structure of your LDAP server is and which attributes you can access.
1) Start the tool
2) click onto the "Quick Connect"
3) enter you LDAP server
4) press "Fetch DNs"
5) Uncheck "Anonymous bind"
6) Enter your user credentials
7) Browse your LDAP structure
It helped me a lot to get the correct settings for the DBMS_LDAP calls.
Patrick
My APEX Blog: http://www.inside-oracle-apex.com
The ApexLib Framework: http://apexlib.sourceforge.net
The APEX Builder Plugin: http://apexplugin.sourceforge.net/ New! -
Updating attributes in LDAP during a disable
I am having trouble with a disable workflow for an LDAP resource. I need to modify an attribute in LDAP when performing the disable.
So, I have a modified disable user form that adds a "reason" from a textbox and also sets the date of the disble.
The account is being disabled in LDAP, but the attributes "reason" and "date" are not being pushed.
I am looking for the specific order in which I should call workflow to accomplish this task.
Should I:
checkout a userview
modifiy attributes
checkin userview
checkout disable view
checkin disable view
reprovision???
notification
Thanks for your help in advance.
C.The reason they aren't being pushed is because they are not attributes associated with the Disable View.
You can extend the view to include these attributes and then the disable form can include reference these as fields as
resourceAccounts.currentResourceAccounts[ResourceTypeName].attribute.
The view can be extended globally for all all resources of a specified type (e.g. LDAP 1, LDAP2) or for a specific resource.
The Deployment Guide has a chapter on Views and how to extend them. Refer there first, and if you have any followup questions post them here. -
How can i extended attribute of user and add attribute to ldap
how can i extended attribute of user and add attribute to ldap
1.
i use spe to modified "Default User Library":add Field like
title:nation name:accounts[Lighthouse].nation
2.
modified "IDM Schema Configuration"
add <IDMAttributeConfiguration name='nation' description='default attribute from UserExtendedAttributes/UserUIConfig' syntax='STRING'/>
in <IDMAttributeConfigurations>
and
add <IDMObjectClassAttributeConfiguration name='nation' queryable='true' summary='true'/> in<IDMObjectClassConfiguration>
there is extended attribute when i create new user
3.
i create new resource to ldap,and i add nation in "Account Attributes" tab
but the new attribute not add to ldap
i am beginner,how to extended attirbute add add to ldap attribute?So, if I want to fill in blanks on a form where I need to add more pages to fill history, what program do I need? In Adobe Reader, I can edit and fill in blanks, but I cannot duplicate more blank pages.
-
Need help in retrieving attributes from LDAP using JNDI
I am trying to retrieve attributes from LDAP using JNDI, but I'm getting the following error when I try to run my Java program.
Exception in thread "main" java.lang.NoClassDefFoundError: javax/naming/NamingException
I have all the jar files in my classpath: j2ee.jar, fscontext.jar and providerutil.jar. The interesting thing is that it gets compiled just fine but gives an error at run-time.
Could anyone tell me why I'm getting this error? Thanks!
Here's my code:
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
import java.io.*;
class Getattr {
public static void main(String[] args) {
// Identify service provider to use
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// user info
String userName = "username";
String password = "password";
// LDAP server specific information
String host = "ldaphostname";
String port = "portnumber";
String basedn = "o=organization,c=country";
String userdn = "cn=" + userName + "," + basedn;
env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port + "/" + basedn);
env.put(Context.SECURITY_PRINCIPAL, userdn);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
System.setErr(new PrintStream(new FileOutputStream(new File("data.txt"))));
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of the object
Attributes attrs = ctx.getAttributes("cn=" + userName);
NamingEnumeration ne = attrs.getAll();
while(ne.hasMore()){
Attribute attr = (Attribute) ne.next();
if(attr.size() > 1){
for(Enumeration e = attr.getAll(); e.hasMoreElements() ;) {
System.err.println(attr.getID() + ": " + e.nextElement());
} else {
System.err.println(attr.getID() + ": " + attr.get());
// Close the context when we're done
ctx.close();
} catch(javax.naming.NamingException ne) {
System.err.println("Naming Exception: " + ne);
} catch(IOException ioe) {
System.err.println("IO Exception: " + ioe);That doesn't work either. It seems its not finding the NamingException class in any of the jar files. I don't know why? Any clues?
-
How to get user attributes from LDAP authenticator
I am using an LDAP authenticator and identity asserter to get user / group information.
I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
Any help would be appreciatedHi Julián,
in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
Beginner
Medium
Advanced
Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
Hope it helps
Detlev -
Unable to Retrieve Attributes from LDAP Server
I have a problem. I was wondering if anyone can assist me. I am new to LDAP servers and JNDI. I cannot retrieve any attributes from the users listed in my data entry. Any assistance would be greatly appreciated! Thanks.
I created an entry in the LDAP server that looks like this:
�o=somedn�
|
�ou=people, o=somedn�
The �ou=people, o=somedn� entry contains fictitious users. The LDAP server is connected to a MySQL database. When I write Java code to read the attributes of a given user whose fullname (cn) is �Vinny Luigi�, as listed in the database, I receive an error that starts with the following:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=Vinny Luigi,ou=people'
The code I used is based on the Sun JNDI tutorial. Sun�s code is at http://java.sun.com/products/jndi/tutorial/basics/directory/src/GetattrsAll.java. My version of the code is below:
* @(#)GetattrsAll.java 1.5 00/04/28
* Copyright 1997, 1998, 1999 Sun Microsystems, Inc. All Rights
* Reserved.
* Sun grants you ("Licensee") a non-exclusive, royalty free,
* license to use, modify and redistribute this software in source and
* binary code form, provided that i) this copyright notice and license
* appear on all copies of the software; and ii) Licensee does not
* utilize the software in a manner which is disparaging to Sun.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
* HEREBY EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE
* FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING,
* MODIFYING OR DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN
* NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
* REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL,
* CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT
* OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS
* BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* This software is not designed or intended for use in on-line
* control of aircraft, air traffic, aircraft navigation or aircraft
* communications; or in the design, construction, operation or
* maintenance of any nuclear facility. Licensee represents and warrants
* that it will not use or redistribute the Software for such purposes.
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
* Demonstrates how to retrieve all attributes of a named object.
* usage: java GetattrsAll
class GetattrsAll
static void printAttrs(Attributes attrs)
if (attrs == null)
System.out.println("No attributes");
else
/* Print each attribute */
try
for (NamingEnumeration ae = attrs.getAll(); ae.hasMore();)
Attribute attr = (Attribute) ae.next();
System.out.println("attribute: " + attr.getID());
/* print each value */
for (NamingEnumeration e = attr.getAll(); e.hasMore(); System.out.println("value: " + e.next()) )
} catch (NamingException e) {
e.printStackTrace();
public static void main(String[] args) {
// Set up the environment for creating the initial context
Hashtable env = new Hashtable(100);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:10389/o=somedn");
try {
// Create the initial context
DirContext ctx = new InitialDirContext(env);
// Get all the attributes of named object
System.out.println("About to use ctx.getAttributes()");
Attributes answer = ctx.getAttributes("cn=Vinny Luigi,ou=people");
// Print the answer
printAttrs(answer);
// Close the context when we're done
ctx.close();
} catch (Exception e) {
e.printStackTrace();
The primary key of the database is id_pk. Below is a copy of the mapping.xml file which maps the LDAP server entry to the database:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapping PUBLIC "-//Penrose/DTD Mapping 1.2//EN" "http://penrose.safehaus.org/dtd/mapping.dtd">
<mapping>
<entry dn="o=somedn">
<oc>organization</oc>
<oc>top</oc>
<at name="o" rdn="true">
<constant>somedn</constant>
</at>
<aci>
<permission>rs</permission>
</aci>
</entry>
<entry dn="ou=people,o=somedn">
<oc>inetOrgPerson</oc>
<oc>organizationalPerson</oc>
<oc>organizationalUnit</oc>
<oc>person</oc>
<oc>top</oc>
<at name="cn">
<constant>"fullname"</constant>
</at>
<at name="ou" rdn="true">
<constant>people</constant>
</at>
<at name="sn">
<constant>"lastname"</constant>
</at>
</entry>
<entry dn="id_pk=...,ou=people,o=somedn">
<oc>inetOrgPerson</oc>
<oc>organizationalPerson</oc>
<oc>person</oc>
<oc>top</oc>
<at name="Position_">
<variable>usertable9.Position_</variable>
</at>
<at name="id_pk" rdn="true">
<variable>usertable9.id_pk</variable>
</at>
<at name="fullname">
<variable>usertable9.fullname</variable>
</at>
<at name="lastname">
<variable>usertable9.lastname</variable>
</at>
<at name="cn">
<variable>usertable9.fullname</variable>
</at>
<at name="sn">
<variable>usertable9.lastname</variable>
</at>
<source name="usertable9">
<source-name>usertable9</source-name>
<field name="Position_">
<variable>Position_</variable>
</field>
<field name="id_pk">
<variable>id_pk</variable>
</field>
<field name="fullname">
<variable>cn</variable>
</field>
<field name="lastname">
<variable>sn</variable>
</field>
</source>
</entry>
</mapping>
Thanks.The complete name (Distinguished Name) of the user you're searching is 'cn=Vinny Luigi,ou=people,o=somedn'.
Regards,
Ludovic. -
Dynamic Attributes from LDAP Authentication
Is it possible to have attributes pulled directly from an LDAP V3 Directory and made available as HTTP Headers instead of from the Data Store? Reason I ask is that I have an existing 2 Million end users in an eDirectory that I can not make a schema change to accomodate a Data Store so i have Sun DS for Config. So I have created a new LDAP Auth Module anc have that working with eDirectory, however AM wants a profile. If I choose to "ignore" it in the Core Authentication module I can authenticate but get an Error 500 if I try to fetch attributes.
The current workaround I have is to Dynamically create profile and define all the attributes I want copied in the new profile. Problem is this information is static. it never gets updated by AM id the eDirectory is updated. The only option is to delete the user profile.
Is there a way around this? Would this entail a custom Response Provider that obtains attributes directly from the eDirectory? Would I still need a profile if I have a custom response provider?
Thanks in advanceI don't believe you have to add any attributes to a directory server's schema in order to use it as an LDAPv3 data store. This config works fine for me:
<!DOCTYPE Requests
PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN" "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>
<Requests>
<ServiceConfigurationRequests serviceName="sunIdentityRepositoryService" realm="/MyRealm">
<AddSubConfiguration serviceName="sunIdentityRepositoryService" subConfigId="LDAPv3" priority="0" subConfigName="ALDAPv3DataStore"/>
</ServiceConfigurationRequests>
<ServiceConfigurationRequests serviceName="sunIdentityRepositoryService" realm="/MyRealm">
<ModifySubConfiguration serviceName="sunIdentityRepositoryService" subConfigName="ALDAPv3DataStore">
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-ldap-server"/>
<Value>someserver.com:389</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-connection_pool_min_size"/>
<Value>20</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-connection_pool_max_size"/>
<Value>90</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-organization_name"/>
<Value>dc=someserver,dc=com</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-authid"/>
<Value>uid=someuser,ou=people,dc=someserver,dc=com</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-authpw"/>
<Value>somepassword</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-users-search-attribute"/>
<Value>uid</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name=""sun-idrepo-ldapv3-config-users-search-filter"/>
<Value>(objectclass=inetorgperson)</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sunIdRepoSupportedOperations"/>
<!-- set according to LDAPv3Repo loadSupportedOps() -->
<Value>user=read,service</Value>
<!-- need this so we can assign services to the subrealm -->
<Value>realm=read,service</Value>
<Value>role=read</Value>
<Value>filteredrole=read</Value>
<Value>group=read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-user-objectclass"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-user-attributes"/>
<Value>cn</Value>
<Value>entrydn</Value>
<Value>entryid</Value>
<Value>somecustomuserstatusattr</Value>
<Value>objectclass</Value>
<Value>sn</Value>
<Value>givenname</Value>
<Value>uid</Value>
<Value>userpassword</Value>
<Value>mail</Value>
<Value>telephonenumber</Value>
<Value>manager</Value>
<Value>somecustomattr</Value>
<Value>somecustomattr2</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-people-container-name"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-people-container-value"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-search-attribute"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-container-name"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-container-value"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-search-filter"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-objectclass"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-attributes"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-isactive"/>
<Value>somecustomuserstatusattr</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-psearchbase"/>
<Value>dc=someserver,dc=com</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-cache-enabled"/>
<Value>false</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-errorcodes"/>
<Value>80</Value>
<Value>81</Value>
<Value>91</Value>
<Value>85</Value>
</AttributeValuePair>
</ModifySubConfiguration>
</ServiceConfigurationRequests>
</Requests>
{code}
Note that sun-idrepo-ldapv3-config-user-attributes is configurable and you can add/remove attributes your are interested in. Also I don't know if eDirectory supports persistent searches so you might need to leave that value blank -
OPSS errors with virtualize attribute in LDAP
Hi,
I want to retrieve the user attributes for a user in ADF on weblogic PS3 , so far Ok.
I got the user attributes of the internal weblogic ldap user .
Now I also want to do this from an Active Directory user , so I configured the AD authentication provider and I can see the user and groups.
When I log in with a AD user I can see this error ( login was successful , but no user attributes )
oracle.security.idm.ObjectNotFoundException: No User found matching the criteria
at oracle.security.idm.providers.stdldap.util.DirectSearchResponse.initSearch(DirectSearchResponse.java:173)
at oracle.security.idm.providers.stdldap.util.NonPagedSearchResponse.<init>(NonPagedSearchResponse.java:52)
at oracle.security.idm.providers.stdldap.util.LDAPRealm.searchUsers(LDAPRealm.java:430)
at oracle.security.idm.providers.stdldap.LDIdentityStore.searchUser(LDIdentityStore.java:439)
at oracle.security.idm.providers.stdldap.LDIdentityStore.searchUser(LDIdentityStore.java:488)
at nl.amis.security.opss.OpssBean.<init>(OpssBean.java:47)
This is correct, so I set the virtualize attribute
<serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">
<property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/>
<property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/>
<property name="virtualize" value="true"/>
</serviceInstance>
The Virtual directory is working but now I got no user attributes with the internal wls user and the ad user
this is the error.
<VDELogger> <warn> You must use SSL port for this adapter or configure ssladapter with an adapter which uses SSL port.
oracle.security.idm.IMException: Not supported
at oracle.security.idm.providers.libovd.LibOVDIdentityStore.getUserPropertyNames(LibOVDIdentityStore.java:751)
at oracle.security.idm.providers.libovd.LibOVDUser.getAllUserProperties(LibOVDUser.java:613)
at nl.amis.security.opss.OpssBean.<init>(OpssBean.java:50)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at oracle.adfinternal.controller.beans.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:175)
My code to retrieve the attributes.
ADFContext adfCtx = ADFContext.getCurrent();
SecurityContext secCntx = adfCtx.getSecurityContext();
this.username = secCntx.getUserName();
for (String role : secCntx.getUserRoles()) {
this.roles = this.roles + role + ", ";
try {
JpsContext jpsCtx =
JpsContextFactory.getContextFactory().getContext();
IdentityStoreService service = jpsCtx.getServiceInstance(IdentityStoreService.class);
IdentityStore idStore = service.getIdmStore();
User user = idStore.searchUser(secCntx.getUserName());
if (user != null) {
UserProfile userProfile = user.getUserProfile();
PropertySet propSet = userProfile.getAllUserProperties();
Iterator it = propSet.getAll();
while (it.hasNext()) {
Property prop = (Property)it.next();
this.attributes =
this.attributes + "property: " + prop.getName();
Iterator it2 = prop.getValues().iterator();
while (it2.hasNext()) {
Object val = it2.next();
this.attributes =
this.attributes + " values: " + val.toString() +
"\n";
} catch (JpsException e) {
e.printStackTrace();
} catch (IMException e) {
e.printStackTrace();
thanksEdwin,
Can you clarify the requirement - does the ADF application need to user for user profile information from both DefaultAuthenticator and AD? If querying AD is sufficient, then virtualize=true is overkill and not needed.
Ensure that the ordering of the authn providers and the control flag settings in WLS console is correct. Refer to this blog post for more details http://fusionsecurity.blogspot.com/2011/08/couple-of-things-you-need-to-know-about.html
All you may have to do is make the AD authn provider the first one in list (as long as the control flags are the same).
The error you are seeing is because
- the AD is configured using SSL
- the code that got triggered with virtualize=true has different keystore requirements and it doesn't find the correct configuration.
-skt -
Using UME to read binary attribute from LDAP (objectSID)
Hi,
I am trying to read the ObjectSID of an LDAP user (from MS Active directory) from an IUser object. This attribute is binary retrieved from the LDAP and if I defined a normal extra attribute in the datasourceconfiguration file and retrieve it as a String the value is wrong.
So my question is how can I define this as a binary attribute?
From the file C:\usr\sap\EWD\JC00\j2ee\configtool\dataSourceConfiguration.dtd you get the specification of the xml format for the datasourceconfiguration.
The Attribute element has the following specification:
<!ATTLIST attribute name CDATA #REQUIRED populateInitially (true|false) #IMPLIED
readonly (true|false) #IMPLIED
type (string|blob) #IMPLIED
cacheTime CDATA #IMPLIED>
Since you have type here, I tried setting it to blob under the user object as such:
For user:
<attribute name="guid" type="blob" populateInitially="true"/>
For attribute mapping:
<attribute name="guid">
<physicalAttribute name="objectSid"/> </attribute>
However, I still get the following error when calling
iuser.getBinaryAttribute(UME_NAMESPACE,UME_GUID_NAME ):
Caused by: com.sap.security.api.UMRuntimeException: String attribute "com.sap.security.core.usermanagement"-->"guid" must be read using IPrincipal.getAttribute(com.sap.security.core.usermanagement,guid)
at com.sap.security.core.imp.AbstractPrincipal.getBinaryAttribute(AbstractPrincipal.java:300)
at com.sap.security.core.imp.UserWrapper.getBinaryAttribute(UserWrapper.java:261)
at com.bouvet.portal.login.UserIntegrityLoginModule.getStatoilUser(UserIntegrityLoginModule.java:430)
at com.bouvet.portal.login.UserIntegrityLoginModule.login(UserIntegrityLoginModule.java:255)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
... 41 more
This error indicates that the attributes is a string and not a binary attribute.
Anyone?Create OSS and initial message is that this is not supported eventhough some of the configuration files point that direction. It's really easy to implement so maybe if I am lucky I'll get a hotfix.
Dagfinn
btw the field was objectGUID not objectSID -
How can I get the people's attribute from LDAP?
The LDAP Server is Netscape Directory Server 4.1.
I have been trying to connect to my LDAP server from WLS, but when I try to get an Attributes , I get a "No attributes".
The source code is following:
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.0.1.253:389/o=rl.com");
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of object
Attributes attrs = ctx.getAttributes("uid=joe,ou=People");
// Find the surname ("sn") and print it out
System.out.println("sn: " + attrs);
dn: uid=joe,ou=People, o=rl.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe Ken
uid: joe
givenName: Joe
sn: KenWhen you initialize the context, you must have read priviledges.
I have resolve it.
Cui Qiang <[email protected]> wrote in message
news:39fe94ac$[email protected]..
>
The LDAP Server is Netscape Directory Server 4.1.
I have been trying to connect to my LDAP server from WLS, but when I tryto get an Attributes , I get a "No attributes".
The source code is following:
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.0.1.253:389/o=rl.com");
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of object
Attributes attrs = ctx.getAttributes("uid=joe,ou=People");
// Find the surname ("sn") and print it out
System.out.println("sn: " + attrs);
dn: uid=joe,ou=People, o=rl.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe Ken
uid: joe
givenName: Joe
sn: Ken -
How to retrieve null-valued attributes from LDAP server.
I am using JNDI api to do search operations on a Java Directory Server( part of SunOne).
However, I found all the attributes that do not have values are automatically filtered out from the search result.
NamingEnumeration answer = ctx.search(ctxName, filterExpr, cons);
while(answer.hasMore()){
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
for(NamingEnumeration ne = attrs.getIDs();ne.hasMore();){
System.out.println("ids:"+ne.next());
System.out.println("-------------------------------------------------------");
for (NamingEnumeration ae = sr.getAttributes().getAll(); ae.hasMore();) {
Attribute attr = (Attribute)ae.next();
System.out.println("attrName:"+attr.getID());
//System.out.println("attribute: " + attr.getID());
NamingEnumeration e = attr.getAll();
while(e.hasMore()){
System.out.println(" attrVal:"+e.next());
}Is there anything I did wrong here?
Here are a couple of things I noticed,
1. in a Softerra LDAP browser, those no-valued attributes are not present either. But in JXplorer, I can see the full list that includes the attributes that do not have a value.
2. I had Schema disabled in the server console.
Thank you in advance.There are only two ways to read data from Directory Server:
1. a. just fetch the entry
b. display the content
2. a. fetch the entry
b. parse the entry and figure what object classes it is of
c. lookup each object class definition in the schema and retrieve the attribute list
d. combine the attributes of the entry with all the "possible" attributes of its object classe(s)
e. display the content
Here's for an easy example we can relate to:
I have the following entry in my DS
cn=the_duuuuuude,dc=forum,dc=sun,dc=com
objectClass: person
cn: the_duuuuuude
sn: arnaudIf you use method 1, you will get just what is stored in the db. That is:
cn=the_duuuuuude,dc=forum,dc=sun,dc=com
objectClass: person
cn: the_duuuuuude
sn: arnaudif you use method 2, you will get:
cn=the_duuuuuude,dc=forum,dc=sun,dc=com
objectClass: person
cn: the_duuuuuude
sn: arnaud
description:
seeAlso:
telephoneNumber:
userPassword:because when you looked up the 'person' object class you got this:
objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' )Now the important thing to note is that physically in the database, the attributes description, seeAlso, telephoneNumber and userPassword are NOT stored. It's not that they have a 'null' value. They're just not there. It doesn't stop you from looking up the schema.
Optimally, in your client, you would fetch the whole server schema and cache it so you have to do the extra round trip for every entry you process.
The difference you observe with various LDAP browsers might simply be that one uses method 1 and the other method 2.
Hope this helps wrap your mind around this.
-=arnaud=- -
Browsing attributes of ldap entries never finds "cn"
Hello,
newbie here testing how JNDI interacts with a Novell NDS eDirectory LDAP server...
I've created a few test users in the directory, all with "cn" attributes. However, when I run a my JNDI test program, it always finds all the attributes except "cn". I was wondering if anyone ran into this problem before or if it may be some sort of ldap server misconfiguration.
I've included the source code to show how it's working...
************ Start of Source code
import java.util.Hashtable;
import java.util.Enumeration;
import javax.naming.*;
import javax.naming.directory.*;
public class GetAttributes {
public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
public static String MY_SERVICE = "ldap://192.168.0.208:389";
public static String ENTRYDN = "cn=testcn,ou=TESTOU,o=TESTO";
public static void main (String[] args) {
try {
Hashtable env = new Hashtable(5, 0.75f);
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
/* Specify host and port to use for directory service */
env.put(Context.PROVIDER_URL, MY_SERVICE);
/* get a handle to an Initial DirContext */
DirContext ctx = new InitialDirContext(env);
BasicAttributes basicAttributes = (BasicAttributes) ctx.getAttributes(ENTRYDN, null);
System.out.println(basicAttributes.size());
NamingEnumeration ne = basicAttributes.getAll();
BasicAttribute basicAttribute = null;
while (ne.hasMore()) {
basicAttribute = (BasicAttribute) ne.next();
System.out.println(basicAttribute.toString());
catch (Exception e) {
System.out.println(e.toString());
************ End of Source code
************ Start of Results
2
objectClass: person, ndsLoginProperties, top
sn: LastNameOfTest
************ End of Results
Thanks.If you use SearchControls you can specify the attributes you get back. Maybe you should try explicitly returning the cn to see if the entries are being searched correctly.
SearchControls ctls = new SearchControls();
String[] attrs = { "cn" };
ctls.setReturningAttributes(attrs);Then pass the controls when you search:
results = context.search("",filter,ctls);
//where filter is a string that has your search criteria--Nicole -
Using additional userprofile attributes from LDAP
Hi,
my users are inside an OpenDS LDAP-Server connected to SSGD 4.41 - all works fine.
I would like to store some additional SGD attributes like
UserProfile.Multiple = yes/no
(Multiple: Whether someone may log in using this user profile and whether this user profile will be shared by multiple users in the form of a "guest" account.)
also inside the LDAP (extending my own LDAP-schema).
Question: How can i tell SSGD to use this attribute UserProfile.Multiple from LDAP instead of looking into the
local repository ?
regards
DannyHi Danny,
I don't think you can do this, as user profile data is never read from the LDAP directory. LDAP users always have to be mapped to a local profile (from the SGD datastore), meaning that any attributes on the user object from the LDAP directory wouldn't be considered when evaluating a user's profile.
Does anyone else have a take on this?
-- DD
Maybe you are looking for
-
Camera not working after upgrade to io5
Hi i have just updated to io5 and icloud which are fine except the camera does not seem to work anybody same
-
Good Day All, Please I will appreciate a quick response to this questions. (1) I want to ensure a tight security on our network.what are the things we need to put in place(Both logical and Physical).You can specify the devices and software to purchas
-
BC Partner site not appearing in DW CC
I am a BC partner, and when I use DW CC to edit my sites I can't see my free partner site. When I go to the list of my BC sites, the list is empty. Can I use DW CC to edit my partner site? Nick
-
Request Forum inputs for Insert statements
Hi All, I have a scenario as mentioned below and need your inputs to improve performance Package Sample Procedure A Insert into Table A(); End Procedure A Procedure B Insert into Table B(); End Procedure B Procedure C Insert into Table C(); End Proce
-
Exclusive Access To The Database
Is there a way for my code to know if I have Exclusive Access To The Database? If so, what would the Compress Database Command be? Application: I would like my update script to include a command to compress the database, when no one else is in the