Dynamic Attributes from LDAP Authentication

Similar Messages

• How to get user attributes from LDAP authenticator

  I am using an LDAP authenticator and identity asserter to get user / group information.
  I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
  Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
  Any help would be appreciated

  Hi Julián,
  in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
  A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
  Beginner
  Medium
  Advanced
  Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
  Hope it helps
  Detlev

• Need help in retrieving attributes from LDAP using JNDI

  I am trying to retrieve attributes from LDAP using JNDI, but I'm getting the following error when I try to run my Java program.
  Exception in thread "main" java.lang.NoClassDefFoundError: javax/naming/NamingException
  I have all the jar files in my classpath: j2ee.jar, fscontext.jar and providerutil.jar. The interesting thing is that it gets compiled just fine but gives an error at run-time.
  Could anyone tell me why I'm getting this error? Thanks!
  Here's my code:
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.*;
  import java.io.*;
  class Getattr {
  public static void main(String[] args) {     
  // Identify service provider to use     
  Hashtable env = new Hashtable(11);     
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");      
  // user     info
  String userName = "username";     
  String password = "password";          
  // LDAP server specific information     
  String host = "ldaphostname";     
  String port = "portnumber";     
  String basedn = "o=organization,c=country";     
  String userdn = "cn=" + userName + "," + basedn;          
  env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port + "/" + basedn);     
  env.put(Context.SECURITY_PRINCIPAL, userdn);     
  env.put(Context.SECURITY_CREDENTIALS, password);     
  try {          
  System.setErr(new PrintStream(new FileOutputStream(new File("data.txt"))));     
  // Create the initial directory context     
  DirContext ctx = new InitialDirContext(env);          
  // Ask for all attributes of the object      
  Attributes attrs = ctx.getAttributes("cn=" + userName);          
  NamingEnumeration ne = attrs.getAll();                    
  while(ne.hasMore()){                         
  Attribute attr = (Attribute) ne.next();                                   
  if(attr.size() > 1){               
  for(Enumeration e = attr.getAll(); e.hasMoreElements() ;) {                                       
  System.err.println(attr.getID() + ": " + e.nextElement());                     
  } else {
       System.err.println(attr.getID() + ": " + attr.get());
  // Close the context when we're done     
  ctx.close();     
  } catch(javax.naming.NamingException ne) {
       System.err.println("Naming Exception: " + ne);     
  } catch(IOException ioe) {
       System.err.println("IO Exception: " + ioe);     

  That doesn't work either. It seems its not finding the NamingException class in any of the jar files. I don't know why? Any clues?

• Unable to Retrieve Attributes from LDAP Server

  I have a problem. I was wondering if anyone can assist me. I am new to LDAP servers and JNDI. I cannot retrieve any attributes from the users listed in my data entry. Any assistance would be greatly appreciated! Thanks.
  I created an entry in the LDAP server that looks like this:
  �o=somedn�
  |
  �ou=people, o=somedn�
  The �ou=people, o=somedn� entry contains fictitious users. The LDAP server is connected to a MySQL database. When I write Java code to read the attributes of a given user whose fullname (cn) is �Vinny Luigi�, as listed in the database, I receive an error that starts with the following:
  javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=Vinny Luigi,ou=people'
  The code I used is based on the Sun JNDI tutorial. Sun�s code is at http://java.sun.com/products/jndi/tutorial/basics/directory/src/GetattrsAll.java. My version of the code is below:
  * @(#)GetattrsAll.java     1.5 00/04/28
  * Copyright 1997, 1998, 1999 Sun Microsystems, Inc. All Rights
  * Reserved.
  * Sun grants you ("Licensee") a non-exclusive, royalty free,
  * license to use, modify and redistribute this software in source and
  * binary code form, provided that i) this copyright notice and license
  * appear on all copies of the software; and ii) Licensee does not
  * utilize the software in a manner which is disparaging to Sun.
  * This software is provided "AS IS," without a warranty of any
  * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
  * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
  * HEREBY EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE
  * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING,
  * MODIFYING OR DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN
  * NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
  * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL,
  * CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
  * CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT
  * OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS
  * BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  * This software is not designed or intended for use in on-line
  * control of aircraft, air traffic, aircraft navigation or aircraft
  * communications; or in the design, construction, operation or
  * maintenance of any nuclear facility. Licensee represents and warrants
  * that it will not use or redistribute the Software for such purposes.
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.Hashtable;
  * Demonstrates how to retrieve all attributes of a named object.
  * usage: java GetattrsAll
  class GetattrsAll
       static void printAttrs(Attributes attrs)
            if (attrs == null)
                 System.out.println("No attributes");
            else
                 /* Print each attribute */
                 try
                      for (NamingEnumeration ae = attrs.getAll(); ae.hasMore();)
                           Attribute attr = (Attribute) ae.next();
                           System.out.println("attribute: " + attr.getID());
                           /* print each value */
                           for (NamingEnumeration e = attr.getAll(); e.hasMore(); System.out.println("value: " + e.next()) )
                 } catch (NamingException e) {
                      e.printStackTrace();
       public static void main(String[] args) {
            // Set up the environment for creating the initial context
            Hashtable env = new Hashtable(100);
            env.put(Context.INITIAL_CONTEXT_FACTORY,
                      "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, "ldap://localhost:10389/o=somedn");
            try {
                 // Create the initial context
                 DirContext ctx = new InitialDirContext(env);
                 // Get all the attributes of named object
                 System.out.println("About to use ctx.getAttributes()");
                 Attributes answer = ctx.getAttributes("cn=Vinny Luigi,ou=people");
                 // Print the answer
                 printAttrs(answer);
                 // Close the context when we're done
                 ctx.close();
            } catch (Exception e) {
                 e.printStackTrace();
  The primary key of the database is id_pk. Below is a copy of the mapping.xml file which maps the LDAP server entry to the database:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE mapping PUBLIC "-//Penrose/DTD Mapping 1.2//EN" "http://penrose.safehaus.org/dtd/mapping.dtd">
  <mapping>
  <entry dn="o=somedn">
  <oc>organization</oc>
  <oc>top</oc>
  <at name="o" rdn="true">
  <constant>somedn</constant>
  </at>
  <aci>
  <permission>rs</permission>
  </aci>
  </entry>
  <entry dn="ou=people,o=somedn">
  <oc>inetOrgPerson</oc>
  <oc>organizationalPerson</oc>
  <oc>organizationalUnit</oc>
  <oc>person</oc>
  <oc>top</oc>
  <at name="cn">
  <constant>"fullname"</constant>
  </at>
  <at name="ou" rdn="true">
  <constant>people</constant>
  </at>
  <at name="sn">
  <constant>"lastname"</constant>
  </at>
  </entry>
  <entry dn="id_pk=...,ou=people,o=somedn">
  <oc>inetOrgPerson</oc>
  <oc>organizationalPerson</oc>
  <oc>person</oc>
  <oc>top</oc>
  <at name="Position_">
  <variable>usertable9.Position_</variable>
  </at>
  <at name="id_pk" rdn="true">
  <variable>usertable9.id_pk</variable>
  </at>
  <at name="fullname">
  <variable>usertable9.fullname</variable>
  </at>
  <at name="lastname">
  <variable>usertable9.lastname</variable>
  </at>
  <at name="cn">
  <variable>usertable9.fullname</variable>
  </at>
  <at name="sn">
  <variable>usertable9.lastname</variable>
  </at>
  <source name="usertable9">
  <source-name>usertable9</source-name>
  <field name="Position_">
  <variable>Position_</variable>
  </field>
  <field name="id_pk">
  <variable>id_pk</variable>
  </field>
  <field name="fullname">
  <variable>cn</variable>
  </field>
  <field name="lastname">
  <variable>sn</variable>
  </field>
  </source>
  </entry>
  </mapping>
  Thanks.

  The complete name (Distinguished Name) of the user you're searching is 'cn=Vinny Luigi,ou=people,o=somedn'.
  Regards,
  Ludovic.

• Using additional userprofile attributes from LDAP

  Hi,
  my users are inside an OpenDS LDAP-Server connected to SSGD 4.41 - all works fine.
  I would like to store some additional SGD attributes like
  UserProfile.Multiple = yes/no
  (Multiple: Whether someone may log in using this user profile and whether this user profile will be shared by multiple users in the form of a "guest" account.)
  also inside the LDAP (extending my own LDAP-schema).
  Question: How can i tell SSGD to use this attribute UserProfile.Multiple from LDAP instead of looking into the
  local repository ?
  regards
  Danny

  Hi Danny,
  I don't think you can do this, as user profile data is never read from the LDAP directory. LDAP users always have to be mapped to a local profile (from the SGD datastore), meaning that any attributes on the user object from the LDAP directory wouldn't be considered when evaluating a user's profile.
  Does anyone else have a take on this?
  -- DD

• Removing the dynamic attributes from view context

  Hi,
  I have added an attribute dynamically using the following line of code in wdDoModifyView():
  wdThis.wdGetContext().getContext().getRootNodeInfo ().addAttribute(<attributename>, <datatype>);
  Now I want to remove the dynamically created attribute from the context.
  Pls suggest me in this regard.
  Regards,
  Ramesh.

  Hi Ramesh,
  You can use the following code to remove the attribute dynamically:
  Iterator itr = wdContext.node<NodeName>().getNodeInfo().iterateAttributes();
  <i>// If the node where you are making these attributes is a context node then just do:</i>
  // <b>wdContext.getNodeInfo().iterateAttributes()</b>, <i>for iterator</i>
  while(itr.hasNext()){
       IWDAttributeInfo attrInfo = (IWDAttributeInfo)itr.next();
       attrInfo.remove();
  This will solve your problem.
  Regards
  Pravesh
  PS: Please consider rewarding points if helpful and solved.

• Removing Dynamic attributes from node

  Dear Experts,
    I have two nodes node1,node2,i created dynamic attributes for both the nodes.node1 attributes are displaying when the user enter into first screen.node2 table come when the user click action button.i want remove the second node attributes after user click the action.
  I tried with
  wdContext.<node>.getContext().reset();
  But above mthod deletes total dynamic attributes.is there any method to remove the partcular node attributes.
  It's urgent........
  I will provide the points.
  Thanks,
  Santhosh

  Hi,
  This method is suitable to ur requirement
  wdContext.node.invalidate ();
  As you are invalidating the node when you are performing an action .so that after each each time you press the action this invalidate method will be called.
  The data in the node if it is there it will be invalidated..
  Hope it helps you.
  any doubts get back to me.
  Thanks & regards,
  Lokesh.

• Using UME to read binary attribute from LDAP (objectSID)

  Hi,
  I am trying to read the ObjectSID of an LDAP user (from MS Active directory) from an IUser object. This attribute is binary retrieved from the LDAP and if I defined a normal extra attribute in the datasourceconfiguration file and retrieve it as a String the value is wrong.
  So my question is how can I define this as a binary attribute?
  From the file C:\usr\sap\EWD\JC00\j2ee\configtool\dataSourceConfiguration.dtd you get the specification of the xml format for the datasourceconfiguration.
  The Attribute element  has the following specification:
  <!ATTLIST attribute name CDATA #REQUIRED          populateInitially (true|false) #IMPLIED
  readonly (true|false) #IMPLIED
  type (string|blob) #IMPLIED
  cacheTime CDATA #IMPLIED>
  Since you have type here, I tried setting it to blob under the user object as such:
  For user:
  <attribute name="guid" type="blob" populateInitially="true"/>
  For attribute mapping:
  <attribute name="guid">
  <physicalAttribute name="objectSid"/>                    </attribute>     
  However, I still get the following error when calling
  iuser.getBinaryAttribute(UME_NAMESPACE,UME_GUID_NAME ):
  Caused by: com.sap.security.api.UMRuntimeException: String attribute "com.sap.security.core.usermanagement"-->"guid" must be read using IPrincipal.getAttribute(com.sap.security.core.usermanagement,guid)
       at com.sap.security.core.imp.AbstractPrincipal.getBinaryAttribute(AbstractPrincipal.java:300)
       at com.sap.security.core.imp.UserWrapper.getBinaryAttribute(UserWrapper.java:261)
       at com.bouvet.portal.login.UserIntegrityLoginModule.getStatoilUser(UserIntegrityLoginModule.java:430)
       at com.bouvet.portal.login.UserIntegrityLoginModule.login(UserIntegrityLoginModule.java:255)
       at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
       ... 41 more
  This error indicates that the attributes is a string and not a binary attribute.
  Anyone?

  Create OSS and initial message is that this is not supported eventhough some of the configuration files point that direction. It's really easy to implement so maybe if I am lucky I'll get a hotfix.
  Dagfinn
  btw the field was objectGUID not objectSID

• How can I get the people's attribute from LDAP?

  The LDAP Server is Netscape Directory Server 4.1.
  I have been trying to connect to my LDAP server from WLS, but when I try to get an Attributes , I get a "No attributes".
  The source code is following:
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL, "ldap://10.0.1.253:389/o=rl.com");
  // Create the initial directory context
  DirContext ctx = new InitialDirContext(env);
  // Ask for all attributes of object
  Attributes attrs = ctx.getAttributes("uid=joe,ou=People");
  // Find the surname ("sn") and print it out
  System.out.println("sn: " + attrs);
  dn: uid=joe,ou=People, o=rl.com
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Joe Ken
  uid: joe
  givenName: Joe
  sn: Ken

  When you initialize the context, you must have read priviledges.
  I have resolve it.
  Cui Qiang <[email protected]> wrote in message
  news:39fe94ac$[email protected]..
  >
  The LDAP Server is Netscape Directory Server 4.1.
  I have been trying to connect to my LDAP server from WLS, but when I tryto get an Attributes , I get a "No attributes".
  The source code is following:
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL, "ldap://10.0.1.253:389/o=rl.com");
  // Create the initial directory context
  DirContext ctx = new InitialDirContext(env);
  // Ask for all attributes of object
  Attributes attrs = ctx.getAttributes("uid=joe,ou=People");
  // Find the surname ("sn") and print it out
  System.out.println("sn: " + attrs);
  dn: uid=joe,ou=People, o=rl.com
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Joe Ken
  uid: joe
  givenName: Joe
  sn: Ken

• How to retrieve null-valued attributes from LDAP server.

  I am using JNDI api to do search operations on a Java Directory Server( part of SunOne).
  However, I found all the attributes that do not have values are automatically filtered out from the search result.
                 NamingEnumeration answer = ctx.search(ctxName, filterExpr, cons);
                 while(answer.hasMore()){
                      SearchResult sr = (SearchResult)answer.next();
                      Attributes attrs = sr.getAttributes();
                      for(NamingEnumeration ne = attrs.getIDs();ne.hasMore();){
                           System.out.println("ids:"+ne.next());
                      System.out.println("-------------------------------------------------------");
                     for (NamingEnumeration ae = sr.getAttributes().getAll(); ae.hasMore();) {
                         Attribute attr = (Attribute)ae.next();
                         System.out.println("attrName:"+attr.getID());
                         //System.out.println("attribute: " + attr.getID());
                         NamingEnumeration e = attr.getAll();
                         while(e.hasMore()){
                               System.out.println("  attrVal:"+e.next());
                     }Is there anything I did wrong here?
  Here are a couple of things I noticed,
  1. in a Softerra LDAP browser, those no-valued attributes are not present either. But in JXplorer, I can see the full list that includes the attributes that do not have a value.
  2. I had Schema disabled in the server console.
  Thank you in advance.

  There are only two ways to read data from Directory Server:
  1. a. just fetch the entry
  b. display the content
  2. a. fetch the entry
  b. parse the entry and figure what object classes it is of
  c. lookup each object class definition in the schema and retrieve the attribute list
  d. combine the attributes of the entry with all the "possible" attributes of its object classe(s)
  e. display the content
  Here's for an easy example we can relate to:
  I have the following entry in my DS
    cn=the_duuuuuude,dc=forum,dc=sun,dc=com
    objectClass: person
    cn: the_duuuuuude
    sn: arnaudIf you use method 1, you will get just what is stored in the db. That is:
    cn=the_duuuuuude,dc=forum,dc=sun,dc=com
    objectClass: person
    cn: the_duuuuuude
    sn: arnaudif you use method 2, you will get:
    cn=the_duuuuuude,dc=forum,dc=sun,dc=com
    objectClass: person
    cn: the_duuuuuude
    sn: arnaud
    description:
    seeAlso:
    telephoneNumber:
    userPassword:because when you looked up the 'person' object class you got this:
  objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' )Now the important thing to note is that physically in the database, the attributes description, seeAlso, telephoneNumber and userPassword are NOT stored. It's not that they have a 'null' value. They're just not there. It doesn't stop you from looking up the schema.
  Optimally, in your client, you would fetch the whole server schema and cache it so you have to do the extra round trip for every entry you process.
  The difference you observe with various LDAP browsers might simply be that one uses method 1 and the other method 2.
  Hope this helps wrap your mind around this.
  -=arnaud=-

• Accessing custom attributes in LDAP using WD Java - UME APIs

  Hello Friends,
  I am trying to access a custom attribute from LDAP in WebDynpro Java. I am using bellow code.
  IWDClientUser clientUser = WDClientUser.getCurrentUser();
  IUser sapUser = clientUser.getSAPUser();
  if (sapUser != null) {
  String[] str_emp = sapUser.getAttribute(<Name Space>,"Attribute Name");
  if (str_emp == null || str_emp.length == 0) {
  wdComponentAPI.getMessageManager().reportSuccess(" NULL ");
  return;
  } else {
  strEmpID = str_emp[0];
  wdComponentAPI.getMessageManager().reportSuccess(strEmpID);
  The name space is "$usermapping$". I am not sure why it is like that only for this attribute i am trying to access.
  I am getting null value if i run this code.
  Can any one help
  thanks
  Shobhan

  Hi,
  Are you sure this is the right namespace? The default namespace is com.sap.security.core.usermanagement.
  You can get all namespaces and the names of all attributes defined for a user using methods getAttributeNamespaces and getAttributeNames : [Interface IPrincipal|http://help.sap.com/javadocs/NW04S/current/se/index.html].
  Regards,
  Pierre

• JSTL pass through dynamic-attributes

  Folks,
  Hi. I'm just learning Java, JSP & JSTL, and I've hit a bit of a curly one.
  What's the best way to pass dynamic-attributes from a JSTL tag to another JSTL tag? Is there a way to pass them directly as a Map?
  I wrote a generic-html-table-maker custom JSTL tag called "tabulator.tag" (based on one of the examples in JavaServer Pages by Hans Bergsten).
  "tabulator.tag"
  <%-- format contents as a HTML table --%>
  <%@ tag body-content="empty" dynamic-attributes="dynattrs"  
        import="java.util.*" %>
  <%@ attribute name="content" required="true" type="java.util.Map" %>
  <%@ attribute name="caption" %>
  <%@ attribute name="headers" type="java.lang.Boolean" %>
  <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
  <table
    <c:forEach items="${dynattrs}" var="a">
      ${a.key}="${a.value}"
    </c:forEach>
  >
    <c:if test="${!empty caption}">
      <caption>${caption}</caption>
    </c:if>
    <c:if test="${headers}">
      <tr>
        <th>Name</th>
        <th>Value</th>
      </tr>
    </c:if>
    <c:forEach items="${content}" var="row">
      <tr>
        <td>${row.key}</td>
        <td>${row.value}</td>
      </tr>
    </c:forEach>
  </table>This works fine when called from directly from jsp as below:
  "tabulator_test.jsp"
  <%-- format request headers as a HTML table --%>
  <%@ page contentType="text/html" %>
  <%@ taglib prefix="my" tagdir="/WEB-INF/tags/mytags" %>
  <my:tabulator
    headers="true" caption="Tabulated Request Headers" content="${header}"
    border="1" cellspacing="0" cellpadding="2"
  />BUT... Now I'm trying to write a "requestHeaders.tab" just to "centralise" the table attributes... but I can't figure out how to pass the dynamic-attributes (containing the html table attributes) from "requestHeaders.tab" through to tabulator.tab
  "headers2.tab" (aka "requestHeaders.tab")
  <%-- format request headers as a HTML table --%>
  <%@ tag body-content="empty" dynamic-attributes="dynattrs" %>
  <%@ attribute name="caption" required="true" %>
  <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
  <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
  <%@ taglib prefix="my" tagdir="/WEB-INF/tags/mytags" %>
  <%-- build a string of the dynamic-attributes --%>
  <c:set var="s">
    <c:forEach items="${dynattrs}" var="a">
      ${a.key}="${xmlEncode(a.value)}"
    </c:forEach>
  </c:set>
  s: ${s}
  <%-- and pass them to tabulator --%>
  <my:tabulator content="${header}" caption="${caption}" ${s} />... throws the below Tomcat Error when called by ...
  "headers2.jsp"
  <%@ page contentType="text/html" %>
  <%@ taglib prefix="my" tagdir="/WEB-INF/tags/mytags" %>
  <html>
    <body>
      <my:headers2 caption="Request Headers"
        border="1" cellspacing="0" cellpadding="5"
      />
    </body>
  </html>
  Apache Tomcat/5.5.17 - Error report
  exception
  org.apache.jasper.JasperException: /WEB-INF/tags/mytags/headers2.tag(14,55) Unterminated <my:tabulator tag
       org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510)
       org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:375)
       org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
       org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
  root cause
  org.apache.jasper.JasperException: /WEB-INF/tags/mytags/headers2.tag(14,55) Unterminated <my:tabulator tag
       org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:39)
                         ....This is just an intellectual exersice, but it's sucked me in... any help be greatly appreciated.
  Thanx. KRC>

  This always requires some work around. I have done two things in the past:
  1) Create a variable on the page or request scope that contains the dynamic attributes you want to use:
  <!-- JSP Page -->
  <my:requestHeader content="${header}" border="0" cellspacing="1" cellpadding="2" />
  <!-- Request Header -->
  <%@ tag body-content="empty" dynamic-attributes="dynamicAttributes" %>
  <%@ attribute name="content" required="true" type="java.util.Map" %>
  <c:set var="HtmlTableDynamicAttributes" value="dynamicAttributes" scope="page"/>
  <my:htmlTable content="${content}"  />
  <!-- HTML Table -->
  <%@ tag body-content="empty" dynamic-attributes="dybamicAttributes" %>
  <%@ attribute name="content" required="true" type="java.util.Map" %>
  <!-- if no dynamic attributes directly sent, re-assign those stored by
       requestHeader tag -->
  <c:if test="dynamicAttributes == null">
    <c:set var="dynamicAttributes" value="HtmlTableDynamicAttributes"/>
  </c:if>
  //then do table work using "dynamicAttributes"Another way I had done it was to create a tag that needs to be nested in the <my:htmlTable> tag that assigns attributes as needed. So the my:htmlTable tag might need to be called like this:
  <my:htmlTable content="${content}">
    <my:htmlTableAttribute name="${key}" value="${value}"/>
  </my:htmlTable>Finally, after thinking about this in this email, I wonder what scope the variable created by dynamic-attributes="dybamicAttributes" is stored in. I assumed it was a scope too small for the next tag to see. But maybe you could just try to see if the variable is present:
  <!-- JSP Page -->
  <my:requestHeader content="${header}" border="0" cellspacing="1" cellpadding="2" />
  <!-- Request Header -->
  <%@ tag body-content="empty" dynamic-attributes="dynamicAttributes" %>
  <%@ attribute name="content" required="true" type="java.util.Map" %>
  <my:htmlTable content="${content}"  />
  <!-- HTML Table -->
  <%@ tag body-content="empty" %>
  <%@ attribute name="content" required="true" type="java.util.Map" %>
  Dynamic Attributes Seen?  da="${dynamicAttributes}"</br>
  //then do table work using "dynamicAttributes"

• Presence the phone and mobile field entries not coming from LDAP

  I tested by changing name and all...working fine changes happening
  But the phone field is not coming at all
  ANY IDEA????

  I'm sorry if I misunderstood you. But it looks like there's some confusion here.
  Confusions and mistakes are usually caused by false assumptions.
  CUPC gets LDAP attributes from LDAP directly. CUPC does not retrieve those attributes from CUPS.
  If you're troubleshooting double-click on CUPC, the CUPS presence viewer doesn't help at all.
  When you double-click a contact in CUPC, CUPC dials the number in "BusinessPhoneNumber". By default "BusinessPhoneNumber" is mapped to "telephoneNumber" in Active Directory.
  If you cannot double-click a contact to dial, that's because "BusinessPhoneNumber" was blank.
  Michael
  http://htluo.blogspot.com

• Retrieve parameters from LDAP using authentication module

  I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
  I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
  OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
  This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
  The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
  If the forwarding is not possible what is the next best alternative ?

  OpenSSO forum is quite silent so I'm back with you guys.
  I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
  The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
  My LDAP looks like this:
  # testuser, pollo.fi
  dn: cn=testuser,dc=pollo,dc=fi
  cn: testuser
  objectClass: organizationalPerson
  objectClass: inetOrgPerson
  givenName: Test
  sn: User
  ou: People
  uid: testuser
  mail: [email protected]
  And my datastore configuration:
  LDAP server->localhost:389
  LDAP bind DN->cn=admin,dc=pollo,dc=fi
  LDAP organization DN->dc=pollo,dc=fi
  Attribute name mapping->empty
  LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
  LDAP3 Plugin search scope->scope_sub
  LDAP Users Search Attribute->uid
  LDAP Users Search Filter->(objectclass=inetorgperson)
  LDAP User Object Class->organizationalPerson
  LDAP User Attributes->uid, userpassword
  Create User Attribute Mapping->empty
  Attribute Name of User Status->inetuserstatus
  User Status Active Value->Active
  User Status Inactive Value->inactive
  LDAP Groups Search Attribute->cn
  LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
  LDAP Groups container Naming Attribute->ou
  LDAP Groups Container Value->groups
  LDAP Groups Object Class->top
  LDAP Groups Attributes->cn,description,dn,objectclass
  Attribute Name for Group Membership->empty
  Attribute Name of Unqiue Member->uniqueMember
  Attribute Name of Group Member URL->memberUrl
  LDAP People Container Naming Attribute->ou
  LDAP People Container Value->people
  LDAP Agents Search Attribute->uid
  LDAP Agents Container Naming Attribute->ou
  LDAP Agents Container Value->agents
  LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
  LDAP Agents Object Class->sunIdentityServerDevice,top
  LDAP Agents Attributes->empty
  Identity Types That Can Be Authenticated->Agent,User
  Authentication Naming Attribute->uid
  Persistent Search Base DN->dc=pollo,dc=fi
  Persistent Search Filter->(objectclass=*)
  Persistent Search Maximum Idle Time Before Restart->0
  Should I enable some setting still to get the forwarding going on? Any ideas for debugging?

• Where does VCS get passwords from when doing LDAP authentication

  I was wondering, if I were to configure VCS to do LDAP authentication while using an Active Directory as LDAP, which passwords would it be using?   Will it authenticate against domain password or will I need to fill in a separate password attribute (which would be cleartext)?

  Hello Eli -
  Are you referring to user accounts (such as admin accounts that login to the VCS), or for devices (such as endpoints)?
  If you're talking about authenticating user accounts, than it will use your AD username/password.
  Cisco-VCS-Authenticating-Accounts-Using-LDAP-Deployment-Guide-X8-2
  If you're talking about authenticating devices/endpoints, than it will use fields in your LDAP that are created by schemas that you download from the VCS and install to your LDAP directory.
  Cisco-VCS-Authenticating-Devices-Deployment-Guide-X8-2.pdf