E-Sourcing and LDAP Sellside

Similar Messages

• JNDI and LDAP Results

  I have also posted this on Novell forums and it seems to only happen when the LDAP target is eDirectory.
  I am writing a JAVA program that uses JNDI to access LDAP data sources and I have run into an interesting problem when accessing eDirectory. The issue is that when I query on objects that involve a multivalue attribute and that multivalue attribute contains a large number of values then I appear to be getting back multiple records in my JNDI result set. For example, when I am going after an object in the LDAP Directory that is a "group" and there is a multivalue object within that record called "member" and if there are large number of member values (say 30,000 or so) then I will get multiple results in the JNDI Result set for the same DN value. The first record will contain all the normal attributes plus the first 650 or so member attribute values. Subsequent records will contain only the member attribute with more values. Each record is assciated with the same DN value. When I do the same type of thing going against an Active Directory the member attribute will be returned with an id of "member;range=0-1499" indicating that a range retrieval is required to get the remaining attributes BUT with AD I only get a single record back in the result set and it is up to my code to make the appropriate calls to get the remaining records. I can understand that each LDAP provider may have a different implementation for this type of large multivalue attribute issue but I have not been able to figure out in the case of eDirectory who is doing this "chunking" of values and how it can be detected or controlled. Can anyone provide me some help understanding how this data is being returned from eDirectory? I have not been able to find an explanation doing searches on JNDI or eDirectory that explains this behavior. In the testing I have done and looking at the TCP/IP dumps it would appear that JNDI is breaking the result coming from LDAP into multiple SearchResult entries. As mentioned, each SearchResult enties contains about 650 of the multi-valued attribute results which total about 20,000 bytes of information. Whoever is doing this knows the data is for the same DN value as the DN returned for all records by SearchResult.getObject()).getNameInNamespace() is the same.

  Curious if you ever came across a good solution for this?
  I'm running up against essentially the same thing; I have an application that needs to traverse potentially tens of thousands of entries within a given search base. Sort order is unimportant, speed is important. Having the directory administrator create vlv indexes is a non-starter.
  I did notice that I could have it sort on any attribute, even an attribute not in the schema (e.g., "hooHahFoo"), and get the same performance. Also noted that sorting by "dn" is broken in DS5.1, not in DS5.2.

• Radius server (not elektron!) interacting with mysql DB and LDAP

  I am installing a service that requires a radius server. I have tried to build and install freeradius from source, as well as used the installer packages that are out there. None of them include support for mysql. As soon as you turn on sql in the radiusd.conf you get an error like this:
  rlm_sql: Could not link driver rlmsqlmysql: file not found
  Similar to the problem described here:
  http://www.freeradius.org/faq/#4.14
  Except that I get an error saying that rlmsqlmysql.a is an invalid image. The file exists and freeradius sees it and can find it, it's just not usable by freeradius. Like I said I have tried building this from the latest cvs source, and finally got it to build completely fine, and even except connections.
  I just need it to authenticate to mysql now.
  Anybody have any pointers. I have tried some of the suggestions on the freeradius faq, but I think what I am encountering is an issue specific to os x tiger. I have even tried to install using darwinports, but the installation fails.
  The system I am trying to install this on is running 10.4.2 (I am apprehensive about updating the system, because of issues with mysql being hosed.)
  If anyone thinks or knows that 10.4.2 has specific issues as to why it cannot be installed on 10.4.2 I may need to look into doing a backup and then upgrade of the server, and attempt freeradius install on 10.4.7.
  Thanks in advance for any and all help!

  Big help you OS Xers are. J/P!
  Since this place is supposed to be about education, let's educate!
  I ended up installing OpenRadius and using RADsql (it comes with openradius). It's a bit finicky, but in the end it seems to be working. You also have to install Perl DBI, and Perl DBD Mysql, all of which I installed using darwing ports (also btw, you are better off getting the darwin/macports source and compiling it yourself, rather than using the DMG installer) If you are paranoid about using terminal there is an app out their called PORT AUTHORITY which is basically a gui front end to install darwinport apps.
  You may have to do a little searching, but the key is getting the behaviour file and the config file correct, I found examples of the two I needed here:
  http://www.mirrors.wiretapped.net/security/authentication/radius/openradius/exam ples/0.9.10/
  I am attempting to also have openradius look at ldap if it can't auth to sql, I think this is possible, since it seemed to be in freeradius. So that our users don't need to choose a seperate auth protocol.
  I hope at least part of what I have to say will help someone out there, I will update this as I find out more. Right now I can only auth via clear-password, which is not really much of an issue, since this will all be LAN and WAN behind a firewall. But it would be nice if it was at least MD5 which openradius is supposed to support.

• WLC and LDAP Groups

  Is there any way on an LDAP server to create an LDAP group that can be tied to the WLC for LDAP authentication.  I have this url that explains local authentication and LDAP...  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml .  That helps with local authentication but one thing I don't see is any guidance on how to create a group in a DC to communicate with anything on WLC.  Any ideas?

  You are right. You need a radius server overall that integrates with AD and do AD-to-radius group mapping. This way authentication is allowed/denied from radius, not WLC itself.
  If the user can get a radius server to achieve this that will be great (especially if the user is using 802.1x/EAP authenticaion). If not, what I described about OU mapping is the only solution to get the users classified as per what I understood from users requirements.
  The user is not only limited to Microsoft RADIUS (IAS or NPS). However, any radius server that supports AD group mapping can be used. with cisco ACS for example this is supported as well. I am not sure if this is also supported with open-source radius (openRadius for example). But if it is then openRadius can also be used.

• Authenticating against both RDBMS and LDAP in WL6.0

  Hi,
  We are designing a webapp that will be accessible to both internal and
  external users. For internal users, we would like to authenticate via LDAP;
  for external users we would like to use RDBMS. In WL5.1, this looked to be
  possible with the DelegatingRealm, however this has been removed in WL6.0.
  Two questions:
  1) Why was it removed?
  2) How can we get this functionality in WL6.0?
  Thanks much for your help,
  -jt

  We are currently deployed on WL5.1 with a similar situation as you and in
  the process of migrating to WL6. We are Authenticating against LDAP and
  Authorizing against RDBMS. But I can't see how you could tell it to go
  one way for certain users and another for other users.
  The delegatingrealm in WL5 was intended to split the responsibility of
  Authenticating to one source and Authorization to another. To make this
  work for your Application of splitting internal and external users
  security, I suppose you can do it if you can somehow pass the information
  to the Security Realm the type of the user that is logging in. Maybe you
  can make this code a part of the userid such as ext_uersID or int_userID.
  Doing this will allow you to filter the where the users are coming from
  and Direct them to the appropriate security realm.
  As far as WL6 goes, the Delegating realm class is no longer available
  since the security model for WL6 is different from WL5. But you can take
  a look at what they did with the RDBMSrealm example and use that. This is
  what we did to make our Security work in WL6. However, you can no longer
  store ACLs in the RDBMS realm in WL6.
  Hopes this helps.
  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  You will need to create a Custom Realm which delegates to both your RDBMS
  and LDAP perhaps using the Weblogic supplied RDBMS and LDAP realms
  "Jonathan Thompson" <[email protected]> wrote in message
  news:3accf1a3$[email protected]..
  Hi,
  We are designing a webapp that will be accessible to both internal and
  external users. For internal users, we would like to authenticate viaLDAP;
  for external users we would like to use RDBMS. In WL5.1, this looked tobe
  possible with the DelegatingRealm, however this has been removed in WL6.0.
  >
  Two questions:
  1) Why was it removed?
  2) How can we get this functionality in WL6.0?
  Thanks much for your help,
  -jt
  [att1.html]

• Homedirectory, migtrustees and ldap error

  Hi,
  We are starting the migration from NetWare 6.5 sp8 to OES11 sp1 and I have run into an error with the migration tool. I am doing a consolidation migration, both servers are in the same tree. In the File Services configuration there is an option for "Home Directory" that can be set to a path on the source server. The documentation is not clear on exactly how this option is used, but I figure it has to do with changing the User Object "homedirectory" attribute to the new destination server/volume/path. The problem is that during the exectution of the migration the utility "migtrustees" fails with a fatal error of "LDAPAuthError, Invalid credentials, NDS error -669".
  This error (bad username/password) seems to be a bit of a red herring since I am authenticated to both source and target servers with the account for which I am attempting to test the migration.
  Have I misunderstood the function of the "Home Directory" option?
  If not, what might the real problem be?
  Thanks,
  Ron

  Hi Laura,
  Thanks. I'll probably do a similar thing. I tried the operation again in a new project and had the same ldap error (error 49, nds error -669) but on the MAPtrustees operation which had worked just fine previously. So I tried a third time with a different account (a full-on tree admin account) and had NO errors with ldap authentication for either the MAPtrustees or the MIGtrustees commands. However other errors occurred :
  2013-09-18 16:44:27,268 ERROR - FILESYSTEM:migtrustees:Error: command LC_ALL=en_US;ldapmodify -H ldaps://206.87.24.12:636 -w "...." -D "..." -c -x -f /tmp/migdata.ldif 2>&1 2>/tmp/mig-err.txt>&1 failed, ldapmodify: modify operation type is missing at line 2, entry "....", contents of input LDIF file: dn: CN=.....
  In addition to the error "modify operation type is missing at line 2" there is the problem that this error is repeated for a half-dozen-ish other accounts - but none of the accounts were selected as sources in the project.
  So this Home Directory option is far too buggy to use in my particular case of doing a data migration from NetWare to OES in the same tree. Thanks again for your input and please don't spend any more time on this on my behalf since I am not going to pursue it.
  Cheers,
  Ron

• What is difference between using interface as source and table as source?

  I am working on a batch flow which need several steps to populate data from source to target. For example, I need 5 interfaces to finish final data loading. I can either use interface or use temporary table as source and target for the interface 2, 3, and 4. It looks like both case will use tables no matter use interface or use temporary table. So my question is if there is any difference between these two (using interface as source or use temporary table as source)?
  Thanks

  if you use a Table as source for the intermediate process, it will create a physical temporary table i your work rep(depends on you choice) and populate the data into the table. if you use a interface as a source, just it will create a sub query instead of temporary table.
  Thanks
  nidhi

• Create two or more data sources and mapping to DSO

  Hi,
  I´m using SAP Netweaver BI 7.0.
  If there are two or three data sources which have to be mapped to DSO which field from Data Sources has to be mapped to which field in DSO?
  Is it possible to have only one DSO or should it be three DSOs because of the three Data Sources?
  The thing is I have created one view out of three tables. For the view I have created one DSO. Everything worked fine. But now the requirements have changed because of currencies.
  The view I have created is now mixing currencies because in the view is only one currency field, which is filled from the three tables. Two tables have different currencies and one table has one currency.
  The one currency of the one table is important and should stay like it is.
  I´m thinking about something like three different currency key fields in DSO which are mapped from data source. Also for every field of data source mapping with corresponding field in DSO.
  Some hints? I have found articles in SDN about creating data sources and so on but they don´t help me in this matter.
  Thank you in advance!

  Thank you guys for explaining! I´m new to SAP BW and trying to better understand.
  I`ll try it also with the view. It sounds "easier".
  But if I´m doing it with the 3 data sources, that means that for each currency field of the data source I will need an corresponding currency field in the DSO for mapping.
  Is it possible to have 3 times the 0Currency field in the DSO and each data source currency field will be mapped to the DSO?
  If that would work the 0Currency has to be contained in the key figures.
  But if the 0Currency is contained in each key figure will the assignment of currency work correct?
  +For example:+
  Data Source1:
  Turnover in Euro.
  (All currency is in Euro)
  Data Source2:
  Profit in Dollar.
  Profit in Euro.
  Profit in Yen.
  Profit in different currencies available.
  Data Source3:
  Sales in Dollar.
  Sales in Euro.
  Sales in Yen.
  Sales in different currencies available.
  For mapping from DataSources to DSO if it is possible to have 3 times 0Currency in DSO:
  Data Source1 currency fiield ---> DSO 0Currency
  Data Source2 currency fiield ---> DSO 0Currency
  Data Source3 currency fiield ---> DSO 0Currency
  Does it make sense?

• Problem with ADS and LDAP

  Problem with ADS and LDAP
  I have installed Win2000 + sp1 and ADS on a computer. This computer is PDC.
  After connection via LDAP I cann't get any object ( users or goups etc. ).
  I try connect to ADS by java ( JNDI ).
  When I use another clients of LDAP ( eg. Maxware Directory Explorer) I have
  the same problem - no objects.
  Can anybody help me?
  Grzegorz Pszona
  my e-mail: [email protected]

  Thanks a lot.
  Softerra's browser is really good.
  Thanks
  Rashmi
  "Anant Kadiyala" <[email protected]> wrote:
  >
  I used Softerra's LDAP browser. The browser is free. There is also a
  java baded
  LDAP browser from Univ of Michigan. I found the Softerra browser to be
  more easier
  to use.
  -anant
  "rashmi" <[email protected]> wrote:
  Hi,
  Can you please let me know which exact ADS tool that you used to examine
  the
  DN. I have Active Directory Users and Computers, Sites and Servicesand
  Domain
  and Trusts installed on my machine but I am not able to figure out how
  to get
  the DN?
  Thanks
  Rashmi
  for Stephen Davies <[email protected]> wrote:
  Grzegorz,
  I have had WLS6.1 & ADS working ok using LDAP V2. Mind you it did take
  a
  fair bit of messing around to get it going. MS does have a few oddities,
  for example the Administrators DN might look something like this:
  cn=Administrator,cn=Users,dc=eglobal,dc=net
  One tool that I found invaluable came with the additional support tools
  for Windows 2000. The 'Active Directory Administration Tool' made it
  easy to list the directory contents and examine the DNs.
  Regards,
  Steve
  Stephen Davies
  Principal Consultant
  eGlobal Services Pty. Ltd.
  Sydney, Australia
  Ph. +61 2 9283 1033
  http://www.eglobal.net/

• SQL Server Source and Flat File Target in OWB

  Hello All,
  I have a question, is it possible to have SQL Server as Source and Flat File as Target without using any intermediate Oracle table(s).
  like
  SQL Server --> ETL Operators --> Flat file?
  as i m getting errors in data type conversions here. but if i replace flat file with Oracle table it works fine. (though i have used some conversion functions for data types as well in Flat file loading but it is giving me errors)
  Thanks in advance.
  Tayyeb

  Yes this should be fine. Are you using the gateway to access SQLServer or code template mappings? You need to track which columns are throwing the data type conversion errors.
  Cheers
  David

• Create a ReportingServices data source and upload to a data connection library

  I have installed reporting services 2012 in SharePoint 2013 integrated mode. I need to create a report data source and upload it to a data connection library using
  C#.
  As I know it uses the ReportingServices2010 class but I cannot explore a reporting server url.
  There is a ReportingServices2010.asmx file in the 15 hive though.
  Also it works fine when I manually set the data source.

  Hi,
  The following materials would be helpful:
  Inserting Data Connections into a SharePoint Library
  https://social.technet.microsoft.com/Forums/en-US/df79dce5-fd92-4506-af4e-11127cb0d655/inserting-data-connections-into-a-sharepoint-library?forum=sharepointdevelopment
  Programmatically exporting reports from SQL 2012 Reporting Services
  http://stackoverflow.com/questions/12199995/programmatically-exporting-reports-from-sql-2012-reporting-services
  Report Server Web Service Endpoints
  http://msdn.microsoft.com/en-us/library/ms155398(v=sql.110).aspx
  Best Regards
  Dennis Guo
  TechNet Community Support

• Single sign-on using Kerberos and Ldap

  I am currently setting up single sign-on using Kerberos for authentication and Ldap for authorization and information store.
  The setup includes several Solaris 8 & 9 workstations, a couple of SGI's, as well as a M$ terminal server farm, several WinXP desktops and their associated Active Directory.
  I am required to authenticate etc against the AD. (which has M$ SFU3.5 installed)
  I have the Kerberos authentication and part of the Ldap service working via pam & nss.
  ie. I can logon to the solaris worksatations using the AD username and password, mount the home directory from a M$ NFS server.
  BUT...
  id gives:- userID, groupID (primary group only)
  groups :- primary group only. (no secondary groups are listed)
  Question: what additional configuration information do I need in the pam, nss &/or ldap config files, so that I can list the secondary groups.
  Thanks in advance for any help.

  After evaluating (giving up on, and finally throwing out) the Sun Directory server it looks like we are going to endup with a similar solution..
  Sadly enough, the MS AD seems much more stable and easier to handle than Suns DS, kerberos and associated services.
  Anyway, currently we are evaluating a product called vintela ( www.vintela.com ), and it seems very promising; its easy, robust, stable and does what we require it to do, as well as more :) It comes with an additional nss module called 'vas', so you easily can retrieve data like hosts/groups from your AD.
  //M.

• I'm travelling and trying to back up my new iPhone to iCloud. I have sufficient storage, am connected to wifi and it's plugged into a power source and yet it doesn't seem to work. Can anyone suggest what I'm doing wrong?

  I'm travelling and trying to back up my new iPhone to iCloud. I have sufficient storage, am connected to wifi and it's plugged into a power source and yet it doesn't seem to work at all. I'm currently in India. Could that be the cause or can anyone suggest any reason why this wouldn't work?

  "gets stuck" - are there any error messages?
  If you get the error "Backup not successful" and you've tried deleting the last backup and trying to back up manually without luck, try the following test:   Go to...
  Settings>iCloud>Storage & Backup>manage Storage, tap your device name in the Backups section, then look under Backup options.  Turn off all apps from backup and then do a manual backup.  If that doesn't work, then this post will not help.  If the backup works, then go back to the app list and turn some on and try another backup.  If successful, keep repeating these steps.  If it fails at some point, then try to zero in on the one app that seems to make the backup fail.  (I had this problem and found one app failing, probably due to a corrupt data file.)
  This process will take time, but if a backup works with no app data being used but clearly fails with the original settings, then somewhere in the mix of apps is a "bad" one.

• Allow Non-Administrator accounts to create event sources and write to event logs

  We are setting up BizTalk 2013 in Windows Server 2012 and one of the requirements is to allow the service account to create sources and write in event logs (Application) of the BizTalk servers. We have found what it seems to be a simple solution for this
  without giving service accounts local admin rights.
  Give Full control for the following registry keys to the service accounts or groups to allow creating of event sources and write to event logs:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
  Note: when changing permissions for EventLog key, the child keys will inherit the permissions by default except Security key which must be done manually.
  Initial tests using a .net test app seems to work as expected. New event sources are being created in the event logs and writing to the event logs after that works perfectly.
  The above method has been deployed in production and this is the most suitable solution for us.

  Hi Keong6806,
  Thanks a lot for posting and sharing here.
  Do you have any other questions regarding this topic? If not I would change the type as 'Discussion' then.
  Best Regards,
  Elaine
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Help to read a table with data source and convert time stamp

  Hi Gurus,
    I have a req and need to write a ABAP prog. As soon as i excute ABAP program it should ask me enter a data source name, then my ABAP prog has excute teh code, in ABAP code i have to read a table with this data source as key, sort time stamp from table and should display the data source and time stamp as output.
  As follows:
  Enter Data Source Name: 
  Then user enters : 2lis_11_vahdr
  Then out put should be "Data source  :"  10-15-2008.
  The time stamp format in table is 20,050,126,031,520 (YYYYMMDDhhmmss). I have to display as 05-26-2005. Any help would be apprciated.
  Thanks,
  Ram

  Hi Jayanthi Babu Peruri,
  I tried to extract YEAR, MONTH, DAY separately and using
  EDIT MASK written it.
  Definitely there will be some STANDARD CONVERSION ROUTINE will be there. But no idea about it.
  DATA : V_TS      TYPE TIMESTAMP,
         V_TS_T    TYPE CHAR16,
         V_YYYY    TYPE CHAR04,
         V_MM      TYPE CHAR02,
         V_DD      TYPE CHAR02.
  START-OF-SELECTION.
    GET TIME STAMP FIELD V_TS.
    V_TS_T = V_TS.
    CONDENSE V_TS_T.
    V_YYYY = V_TS_T.
    V_MM   = V_TS_T+4(2).
    V_DD   = V_TS_T+6(2).
    V_TS_T(2) = V_MM.
    V_TS_T+2(2) = V_DD.
    V_TS_T+4(4) = V_YYYY.
    SKIP 10.
    WRITE : /10 V_TS," USING EDIT MASK '____-__-________'.
            /10 V_YYYY,
            /10 V_MM,
            /10 V_DD,
            /10 V_TS_T USING EDIT MASK '__-__-__________'.
  If you want DATE alone, just declare the length of V_TS_T as 10.
  Regards,
  R.Nagarajan.
  We can -