Duplicate users portal/LDAP

Similar Messages

• Error while creating user in LDAP (MS ADS) from SAP Portal 7.0

  Hi,
  Is it obliged to use SSL connection to create new user in LDAP (MS ADS) from SAP Portal 7.0 ?
  I've configured the UME with ldap server adress and port 389. And use configuration file "dataSourceConfiguration_ads_writeable_db.xml"
  I succeed to view users existing in LDAP but when I try to create new user I've the following error message:
  LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0)
  Thanks and regards

  check this link
  http://help.sap.com/saphelp_nw70/helpdata/EN/37/cfd93f130f9115e10000000a155106/frameset.htm
  and at the end of the page there is a qoute "We strongly recommend that you configure SSL between the UME and the LDAP directory. Some LDAP directories, such as Microsoft Active Directory Server, require an SSL connection if you want to create users on the LDAP directory"
  hence follow this link to configure SSL
  http://help.sap.com/saphelp_nw70/helpdata/EN/7d/77fa735e5f47a2a50b5336fd1b5a61/frameset.htm
  hope this helps..
  [Rahul|http://rahulursportal.blogspot.com/]

• Portal LDAP SSO

  Our customer requires that their organization LDAP directory be used to forward login tickets to the Portal and that the Portal authenticate users based off of this login ticket.  Is this possible? I know Portal LDAP integration is possible (via the LDAP integration option in the Portal UME) but is it possible to authenticate directory users into the Portal without the Portal UME and LDAP integration?  The customer is opposed to having the Portal integrate into their LDAP and query users and groups which it will need to do for Portal/LDAP integration.  So here would be the authentication scenario: users log into their corporate intranet, they click on the SAP Portal link in the intranet, the Portal authenticates the user based off of their login ticket. 
  Is this possible?  Can someone please provide me with useful documentation and links to achieve this setup?

  ftoobe wrote:
  Is there not a way for the Portal to accept login tickets from the LDAP if its a trusted LDAP, and determine which roles to assign the users based off of the user's LDAP properties, and authenticate the users without the users actually existing in a different persistence store such as ABAP or Java UME?
  How shall this be done from a technical point of view? How shall a portal authenticate users that it does not know about and additionally assign roles to them? For me this sounds more like a dream than a technical idea.
  There are several user stores possible for the portal: ABAP system, LDAP, Portal database. Additionally you may configure spnego which means windows integrated authentication. So as soon as he is logged into windows he is also authenticated against the portal. He does not need to type in username and password again. Nevertheless also for spnego some user store in the portal is needed - mostly customers use the same LDAP like they use for their windows users.
  By the way: as soon as you know what you like to configure take a look at http://help.sap.com - user stores and sso possibilities are quite well documented.
  Anja

• How to create User Portal in OID programmatically in JSP

  Hi.
  I want to create User Portal programmatically in JSP (if posible) or have to use procedure.
  I check with package wwsec_api, it just have 'function
  add_portal_user', but it say we must have "the user must already exist in OID before this function is called."
  So, i checked for 'how to create User in OID'. What i got (in metalink)just methods that 'Create manually Portal Users in to OID' by LDAP or PL/SQL coding (with list of user in flat files).
  What i want to do is, How to create User POrtal in OID by JSP? What are the procedure/table/method involved?
  Do anybody have any samples?..
  Thanks.

  I had to write my own because I could not find one anywhere. Here is an addUser() method that seems to work pretty well.
  import oracle.ldap.util.jndi.ConnectionUtil;
  import javax.naming.directory.*;
  import javax.naming.*;
  public class LdapUser
  public LdapUser(){}
  public void addUser(String pUsername, String pPassword, String pFirstName, String pLastName, String pEmail)
  try
  InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx("host", "port", "orcladmin", "pwd");
  BasicAttributes attrs = new BasicAttributes();
  BasicAttribute oc = new BasicAttribute("objectclass");
  oc.add("top");
  oc.add("person");
  oc.add("inetOrgPerson");
  oc.add("organizationalPerson");
  oc.add("orclUser");
  oc.add("orclUserV2");
  attrs.put(oc);
  BasicAttribute gn = new BasicAttribute("givenName", pFirstName);
  attrs.put(gn);
  BasicAttribute sn = new BasicAttribute("sn", pLastName);
  attrs.put(sn);
  BasicAttribute cn = new BasicAttribute("mail", pEmail);
  attrs.put(cn);
  BasicAttribute pwd = new BasicAttribute("userpassword", pPassword);
  attrs.put(pwd);
  // Etcetera, etcetera...
  ctx.createSubcontext("cn="+pUsername+",cn=users,dc=whatever,dc=com", attrs);
  ctx.close();
  System.out.println("Success!!");
  catch (NameAlreadyBoundException nabe)
  System.out.println("Username is already in use. Please choose another.");
  catch (NamingException ne)
  System.out.println("NamingException: " + ne);
  catch (Exception e)
  System.out.println("User account was not created.");
  }

• 2004s - Users in LDAP,

  I have modified the UME xml file, and am now pulling my users from our (readonly) ldap server(s). The users apppear to be successfully imported - I can login with a UME DB user, and search for users that exist only in LDAP. I can also login with an LDAP user, but they don't have any roles assigned to them.
  When I try to assign a role to an LDAP user, I get an error:
  "You need to enter a valid value to proceed with the requested action"
  And it has marked in the details of the user the "Logon ID" as a required field. It isn't possible for me to edit this field (I assume because it is stored in the readonly LDAP database). Note that the logonalias field is correctly populated with the LDAP username
  Does anyone know how I can assign roles to LDAP users? The roles should be held in the portal DB, as the LDAP database is readonly.
  Have I missed a setting that tells the roles to be stored in the database, or is there something else that I'm missing?
  Thanks in advance for any assistance.
  Regards
  Richard

  I come from a Windows background.  The "proper" way is for users into local groups, local into global groups, global gets the rights.
  It is the same with any LDAP system.  It's that way for good house keeping and it keeps users in a uniform way.  Yes, you can assign a user directly to a role.  But, in a production environment where users are coming and going and transferring in and out, it can get messy.
  If your setup is to have your users in LDAP, make groups in you LDAP that correspond to your roles in the portal. Assign the roles to the groups in the UME then the users will have the rights.
  Until I made myself do things that way... well I got burned a few times.

• Reading/Writing the "wpproperty" from portal LDAP

  Hi,
  We want to read/write the "wpproperty" from portal LDAP. I found the code for EP60.
  IUser user = request.getUser();
  String itar[] = user.getAttribute("com.sap.security.core.usermanagement","wpproperty");
  newUser.setAttribute("com.sap.security.core.usermanagement",
  "wpproperty", value);
  Does anybody have an example for <b>EP50</b> code?
  Kind regards,
  Onno

  I think the answers you got over [url http://forum.java.sun.com/thread.jsp?thread=524137&forum=54]here were excellent. You should now know that Java is a terrible language for this kind of thing. You would be much better off with some kind of a native language like C++. Even then, you are going to have to get heavily into the internal Windows system to get what you want from another application and I can't even imagine what you would have to go through to get it out of IE.
  Anyway, I doubt you are going to find what you are looking for in the 'New To Java Technology' forum. You might be able to find something like this if you found a 'Hacker Forum' with people on it who had spent the time to find out how to steal information from other programs (probably at least a couple of years) and didn't mind if they got invovled with someone who might be talking to the FBI shortly.
  Your only other option would be to spend the year or two it would take you to learn enough to do it yourself.
  Good Luck.

• I want to store my EP users in LDAP

  Hello:
       Everyone!
       I want to store my EP users in LDAP
       I know the main two steps:
          1 Configuring EP UME to Use an LDAP Server as Data Source
           2 keep the consistent with users in R3 and LDAP
  Pleast someone give me a good idea!

  Hi Le Xian
  The user management engine (UME) can use an LDAP directory as its data source for user management data. You can connect the LDAP directory as a read-only data source or as a writeable data source.
  Check out this Thread..
  [Re: What is Portal Ldap Directory]
  Also Start from Basics....
  [http://help.sap.com/saphelp_nw70/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm]
  & [http://help.sap.com/saphelp_nw70/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm]
  Thanks....

• User portal file browsing

  So I'm feeling out my user portal and I want a way for my people to download software.  I had previously set up a Sharepoint library and made an iFrame for users to view it on.  Works great in that the sharepoint frame recognizes their AD account so no additional login.  I have the issue of duplication of files.  I already have a share with all my software neatly organized and to duplicate this on a sharepoint library seems a waste.
  I could just list all my software and then link each name to the file but that seems inefficient especially since I'll update software regularly.  Not to mention I want to do the same thing with some 
  So can anyone suggest a way for a normal user to browse the available folder/file structure and download said files? 
  This topic first appeared in the Spiceworks Community

  I use File Manager, and although it does not supot FTP its a pretty good manager. With several cloud options. 
  https://itunes.apple.com/us/app/file-manager-free/id479295290?mt=8
  However, a quick google search of the App store revealed this:
  iUnarchive Lite - Archive and File Manager with support for Dropbox, Box, Skydrive, SugarSync, WebDAV en FTP
  https://itunes.apple.com/us/app/iunarchive-lite-archive-file/id380663019?mt=8

• What is Portal Ldap Directory

  Hi Experts,
  In documentation of User Management, I saw ' in addition to corporate LDAP directory server(which portla uses as user data repository) Portal User Management Component uses a dedicated portal LDAP directory to store additional data for the portal.
  So here my dought is what is portal LDAP directory, Is it comes with portal installation or do we need this server separately,if we need to install separately, which directory server we need to install and for what additional information we need to install this server.
  Pls any one clarify my dought,,Points will be rewards.
  Regards
  Seshu

  Hi,
  Yes you need to have a separate server i.e. LDAP server. It is not  shipped with portal installation, usually every organisation have LDAP servers as their data sources where every user in an organisation is stored so portal provides ways to integrate this server so that we need not to create users again in portal, once integrated all the users in LDAP will be accessed using portal and every user will have his/her own id created in portal through this data source.
  For some more information, refer these links.
  http://help.sap.com/saphelp_nw70/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm
  Regards,
  Ameya
  Message was edited by:
          Ameya Pimpalgaonkar
  Message was edited by:
          Ameya Pimpalgaonkar

• Cisco Unified MeetingPlace web user portal

  All,
  Someone could say me what is the URL of the "Cisco Unified MeetingPlace web user portal"?
  My design is MeetingPlace / WebEx with MeetingPlace Scheduling.
  Thanks a lot,
  Luciane de Medeiros

  RC,
  This behavior is stemming from a change in MP 7.0 MR2 to disable the MPWeb login for system profiles.  This was an internal change made by the developers to restrict the log on to the MPWeb page by the default accounts created in MeetingPlace upon installation.  The change now displays this error when the admin account is attempted to be used for MPWeb login, as you experienced-
  Error:[22953] You cannot sign in to the Cisco Unified MeetingPlace Web Server interface using preconfigured system profiles.
  You should be able to log into MPWeb using any other user profile that you have either created manually or pulled in from LDAP/Active Directory.  You just cannot use the admin account.  This is reserved for login to the MP Application Server Administration page only.  I am going to work to get this information added to the MP 7.0 documentation with a note for changed behavior in MR2 and above.  Here is the note from MP 8.0 documentation-
  Note: You cannot use this preconfigured admin profile to access the Cisco Unified MeetingPlace Web Server interface. Instead enter the User ID and password information from one of the other user profiles that have system administrator privileges to sign in to the Web Server.
  Please let me know if you have any further questions.
  Thank You,
  Gerry

• UME - Creating users in LDAP via Anonymous account

  I want to create users in LDAP via UME security API's. I am using
  IUserManagementEngine umService = (IUserManagementEngine) PortalRuntime.getRuntimeResources().getService( IUserManagementEngine.KEY );
  and saving/commiting values etc using IUserFactory and IUserAccountFactory. It throws an exception
  LDAP: error code 53 - 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
  Inference - User doesnt have permission to create users in LDAP.
  I am in an anonymous portal and I am writing a custom application to create users in LDAP, so there is no logged in user to which extra rights can be added to.
  So to which user should I assign the extra rights to write to LDAP? How can I achieve this?
  Thanks for hints, Dhanz

  Hi,
  LDAP users are coming from external directory.
  Portal UME is differnt from LDAP.  UME users and LDAP users are differnt.
  You can created users in UME as long as you have user administration rights.
  But LDAP needs special permissions as the external user directory is integrated in portal.
  So you should have  full or write permission to that external directory through LDAP.
  Raghu

• Error while create user in LDAP - LDAP: error code 1

  Hi Guy's, I am getting below error while creating user in LDAP MS AD.
  cn=3001,ou=sAP_IDM,dc=springswf,dc=comcn<mx:TEXT>putNextEntry failed storingOU=SAP_IDM,DC=springswf,DC=com</mx:TEXT>
  <mx:LTEXT>Exception from Add operation:javaxnaming.NamingException: {LDAP: error code 1 = 00000000: LdapErr: DSID-OC090AE2, coment: In order to perform this operation a successful bind must be completed on the connection.,data0,vece
  Steps I am following:
  1. create a job through wizard and pick from (IC->jobs->Active Directory->Create Active Directory User)
  2. Destination tab values that I am passing:
  dn: cn=Dummyuser,ou=SAP_IDM,dc=<main domain>,dc=com
  objectClass: top|person|organizationalPerson|user
  sn: Surname
  givenName: GivenName
  displayName: Dummy user displayname
  Under <main domain> an OU has been created called SAP_IDM for testing user creation from IDM.
  Admin user account created called <XYZ> and has full control over SAP_IDM OU.
  I am passing <XYZ> credentials into my job for user creation.
  Thanks for you help!

  Farhan,
  Based on the error message presented,
  In order to perform this operation a successful bind must be completed on the connection
  Make sure that you're using the correct information to do the AD Bind.  User name should be something like cn=administrator,cn=users,dc=xxx,dc=xxx and the proper password.
  Matt

• Problem with activesync provisioning user from  ldap to red hat

  hello,
  i am using activesync to provision the user from ldap to red hat linux . i am getting the following error message
  An error occurred adding user '#########' to resource 'Red Hat Linux'.
  Script failed waiting for " PASSWORD:" in response "passwd: Only one user name may be specified.
  _,)#+(:"
  Script processor timed out with nothing to read and the following unprocessed text: "passwd: Only one user name may be specified.
  _,)#+(:".
  when to try to assign redhat resource to a user from the idm the user is getting provisioned to redhat successfully .active sync form is working for all the other resource except the redhat.
  can anyone give me solution for the above problem
  thanks in advance.

  Have you set the xhost as ROOT (xhost +hostname), and then as the ORACLE user type "export DISPLAY:0.0" (without the quotes of course) ? This needs to be done prior to running the installer. Try this site for further information - http://www.puschitz.com/OracleOnLinux.shtml

• Duplicate Users in Permission on Internal Partition Causing I/O Error?

  Sigh ... apologies in advance for the novel. I have searched and read and experimented with many of the solutions on these forums but, being a Terminal novice, I am somewhat apprehensive about applying some of the commands listed for fear of causing irreparable damage. For example:
  http://discussions.apple.com/thread.jspa?messageID=7257833
  I upgraded from Tiger and have the dreaded "unknown user" issue, which has not caused problems (to my knowledge) to date. I've been waiting for a fix from Apple, which does not appear forthcoming. However, I now wonder if the "unkown user" is the source of my current dilema.
  I have an iPhoto library on an internal partition, set up as per the instructions on http://support.apple.com/kb/HT1198. The "unknown user" appeared in the permissions list so I deleted it using System Preferences>File Sharing. I am the admin and can access this library without problems. However, my wife (non-admin) can mount the drive but not access the iPhoto library due to "Error -36 Cannot read or write ..."
  When I mount the partition under my profile, the permissions are as expected, Read-Write for both my wife and I and Read Only for "Everyone" ans "Staff." However, when I mount the partition under my wife's profile, Get Info Permissions shows two (duplicate) users for my wife, each with Read-Write permissions and shows no permissions for me or "Staff." One of these duplicates disappears when I add myself to the permissions list but then on restart, we are back to duplicate user permissions for my wife and none for me.
  I've changed th GID on both my and my wife's accounts to 20. I tried Old Toad's suggestions using iPhoto Manager here: http://discussions.apple.com/thread.jspa?messageID=7939561 to no avail. I've copied the library and re-imported it into iPhoto to no avail. I've run Disk Utility from the Leopard DVD to repair permissions and check for errors to no avail and I've tried:
  sudo dscl .delete /users/"my wife's shortname"
  and subsequent steps to re-active my wife's accoudn listed in the post to which I've linked above (but have not gone on to the subsequent steps to delete the unknown user from the partiton).
  I am at my wit's end and beginnning to regret my change to Apple from Windows (although I have yet to try Vista).
  Little help?
  Message was edited by: MarRxK

  Unfortunately, there wasn't much help to be found on this forum. However, I seem to have resolved the issue. I renamed the group "wifesname" to "_wifesname" as outline here:
  http://docs.info.apple.com/article.html?artnum=307128
  I then fixed permissions with Disk Utility (again). Then I deleted the disk image on the partition where I had stored iPhoto's library and created a new disk image using a different name, changed the permissions as outlined the links above. Voila ... functioning shared iPhoto.
  Hope that helps anyone with the same problem.

• Mode not available on user portal

  If we setup the default for users to be OTP how do they change to OTP+pin and set a PIN?
  I turned all the users options on for the portal but the MODE option did not show up
  If I set myself up as an admin then I get a mode option for the user I searched for
  Thanks
  -chuck

  Mode is dictated by the admin. Users can't choose for themselves whether to require PIN or not. Users can be set to PIN mode in the MFA Server or through the User Portal Admin functionality in the User Portal.