Editing LDAP User attributes from UME interface

Similar Messages

• Custom user attribute from ABAP to Portal UME

  Hi All,
  We have choose the ABAP as the data source for portal UME. We have a custom user attribute in the abap. Now i want to bring that custom user attribute from abap to custom user attribute in the UME.
  Any help will be rewarded.
  Thanks
  Sarang.

  Any resolution to this issue?

• Copy user attribute from different user to user currently being edited

  Dear all,
  I'm somehow stuck with a requirement I've to implement.
  I've to copy some user attributes from one user to another. I learned that I should be able to use "getResourceObject" for
  this and I tried to implement this in my user form:
  <Field name='otherUser_actvtGrps'>
  <Display class='Text'>
  <Property name='title' value='otherUser_actvtGrps'/>
  </Display>
  <Default>
  <set name='otheruser'>
  <invoke name='getResourceObject' class='com.waveset.ui.FormUtil'>
  <select>
  <ref>context</ref>
  <ref>:display.session</ref>
  </select>
  <s>SAP_System_A</s> <!-- the resource ID -->
  <s>User</s>
  <s>TemplateUser</s> <!-- this is the AccountID that i need as source -->
  <null/>
  </invoke>
  <ref>otheruser.user.attributes.activityGroups</ref> <!-- this is the attribute from the source user I want to copy/read -->
  </set>
  </Default>
  </Field>
  But this does not return anything..
  Any ideas what I did wrong ?
  Many many thanks for any help/ideas !
  Best regards
  Joerg

  Do you know where to get some docs about the topics you mentioned ?
  1. Your adapter might not to support Resource Objects of type User.ResourceReference manual, the "Resource Object Management" section in each adapter chapter. Also the resource description in XML has the ObjectTypes section, for example, for Active Directory adapters:
    <ObjectTypes>
      <ObjectType name="Group" nameKey="UI_RESOURCE_OBJECT_TYPE_GROUP" icon="group">
        <ObjectClasses operator="AND">
          <ObjectClass name="Group"/>
        </ObjectClasses>
        <ObjectFeatures>
          <ObjectFeature name="create"/>
          <ObjectFeature name="update"/>
          <ObjectFeature name="delete"/>
        </ObjectFeatures>
        <ObjectAttributes idAttr="distinguishedName" displayNameAttr="samAccountName" descriptionAttr="description" objectClassAttr="objectclass">
          <ObjectAttribute name="cn" type="string"/>
          <ObjectAttribute name="sAMAccountName" type="string"/>
  2. You can fetch the complete user view with all resource account information.You will find many examples in IdM XPRESS samples.
  Get user view using LighthouseContext and user accountId
  <invoke name='getView'>
    <invoke name='getLighthouseContext'>
      <ref>WF_CONTEXT</ref>
    </invoke>
    <concat>
      <s>UserViewer:</s>
      <ref>accountId</ref>
    </concat>
    <Map>
    </Map>
  </invoke>Or with WorkflowServices (see BusinessAdministration manual):
  <Action id='0' application='com.waveset.session.WorkflowServices'>
    <Argument name='op' value='getView'/>
    <Argument name='viewId'>
      <concat>
        <s>User:</s>
        <ref>accountId</ref>
      </concat>
    </Argument>
    <Return from='view' to='user'/>
  </Action>
  3. You can fetch resource account info directly using ResourceAdapter API (not too well documented way).Example in Java:
      LighthouseContext ctx = <get context here>;
      // Get resource object
      Resource res = (Resource) ctx.getObject(Type.RESOURCE, <resource name>);
      // Pack resource and user accountId into a ResourceInfo object
      WSUser user = new WSUser();
      ResourceInfo info = new ResourceInfo();
      info.setAccountId(accountId);
      info.setResource(res);
      info.setAttributes(null);
      user.setResourceInfo(new ResourceInfo[] {info});
      // Rertrieve ResourceAdapter object
      ResourceAdapter ra = ResourceOp.findAdapter(res, res.getCache());
      // Get account info into the 'user' object
      WSUser result = ra.getUser(user);
      // Now you can get account status from ResourceInfo ...
      info = result.getResourceInfo(res);
      // ... and account attributes from WSAttributes
      WSAttributes attributes = result.getWSAttributes();
      ...

• Getting User Attributes from an Active Directory LDAP

  Hello all.
  I want to extract attributes assigned to a user in the Active Directory LDAP and make them available through the getPropertyValue property in Javascript. I know that a user's System Attributes can be accessed with getPropertyValue but I have not found a way to get specific attributes from the LDAP and make them available as specific attributes in xMII. System attributes like "EmailAddress1" seem to transfer from the LDAP but others don't. Anyone have any ideas?
  Thanks.
  ...Sparks

  Sparks,
  If you're using 11.5 or 12 actually they should all map into the system as session properties.  You can use the following URL to verify your session properties:
  http://<xMIIServer>/Lighthammer/PropertyAccessServlet?Mode=List
  If you are not seeing the attributes you expect then your Attribute Query for User or Role is incorrect for your LDAP system and you need to change the LDAP configuration queries.
  -Sam

• How to get user attributes from LDAP authenticator

  I am using an LDAP authenticator and identity asserter to get user / group information.
  I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
  Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
  Any help would be appreciated

  Hi Julián,
  in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
  A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
  Beginner
  Medium
  Advanced
  Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
  Hope it helps
  Detlev

• Adding LDAP User store to UME

  We need to authenticate users against an LDAP server.  This works fine from the workbench where the UME ContentSource is database_only.  However, the central WebAs (Netweaver 2004) was installed with ContentSource of r3_rw.  According to the documentation, a prerequisite to adding an LDAP user store is: "You have installed a SAP Web Application Server Java where the UME is configured to use the database of the J2EE Engine as data source."  Since our WebAS Java is not configured this way, is there any way, short of re-installing the server, to add an LDAP user store?  TIA,
  Steve

  Hi Steve,
  Once you choose an ABAP data source, there is no going back.
  You can however synchronize the ABAP with the LDAP server. Have the ABAP user management periodically import users from the LDAP server.
  -Michael

• Accessing user attributes from a pipeline component

  Hello,
  I'm using WLCS & WLPS 3.1. I use webflow and I have implemented the page
  transition myself to work with the portal. Everything is working fine.
  I'm planning to implement a complex step of a business process as a pipeline
  component. For various reasons, this PC will be implemented as an EJB. To
  perform its job, this PC needs to get information about the user that is
  currently logged in. More specifically, it needs to lookup custom attributes
  from the user profile (i.e. user property set).
  So my question is : is this possible directly from the PC, or do I have to
  populate the pipeline session with required information in the input
  processor?
  Thank you for your advice
  Nicolas

  Hello Ture,
  Thanks for both posts.
  Nicolas
  "Ture Hoefner" <[email protected]> wrote in message
  news:[email protected]..
  ... To perform its job, this PC needs to get information about the userthat
  is
  currently logged in. More specifically, it needs to lookup customattributes
  from the user profile (i.e. user property set).
  So my question is : is this possible directly from the PC, or do I haveto
  populate the pipeline session with required information in the input
  processor?Hello Nicolas,
  I have not tried this myself. I think that the disconnect between the
  pipeline session and the portal session is probably the fact that theattributes
  in the portal session have their keys "fixed up" by prepending the portal
  request URI. This is made possible by the
  com.beasys.commerce.foundation.flow.jsp.DefaultDestinationDeterminer,which the
  PortalDestinationDeterminer extends. It puts a "TRAFFIC.URI" attributeinto the
  each request that goes through the FlowManagerServlet for the portal. Inthe
  Acme exampleportal, the "SERVICEMANAGER.USER" attribute is put into theportal
  HttpSession as "exampleportal.SERVICEMANAGER.USER".
  If you want to get to the cached profile from your portal from yourpipeline
  component (PC) then you would have to know that the name is "fixed up" tobe
  "exampleportal.CACHED_PROFILE". There are probably several different waysyou
  could get the "TRAFFIC.URI" information to your PC.
  Ture Hoefner
  BEA Systems, Inc.
  2590 Pearl St.
  Suite 110
  Boulder, CO 80302
  www.bea.com

• LDAP User attribute in VC

  With the USER DATA object in VC, I am able to get a list of user attributes available to the model (uniquename, first name, last name, address etc). One of the attributes we want is currently not in the list that shows up OTB. How can I add more LDAP attributes to show up in the USER DATA so that I can use them in my model?

  Can't you use the default Identity Service functions for this ?
  When you add an assign you have for example one like :
  lookupUser
  Gets the user object. If the user doesnt exist it returns null.
  The signature of this function is ids:lookupUser(userName, realmName). The arguments to the function:
  1) userName - a user name
  2) realmName - The realm name. This is optional and if not specified default realm is assumed
  Should be ok?

• Importing User attributes from OIM 9101 to 11g

  hi all,
  I need to import/create all the User attributes(UDFs) present in the OIM 9101 version to OIM 11g. Is there any way this can be achieved using deployment manager? Looking to avoid creating all of them manually again,as that would be a time consuming/error prone task.
  Looking forward to your replies.
  Thanks,
  Anuj.

  Hi,
  I think, you better create it manually in OIM11g and higher environments. The UDF import in 11g is unstable..some times it works..and some times it disappears..and when you try to create UDF after import, It will make your life hell.
  I really had very bad experience with OIM 11g UDF export/import.
  Regards,
  J

• ACS user creation from external interface

  Hello
  We have a bundle de Cisco WLC 5508 which authenticate users that try to connect to Wifi networks. Those users are stored in a Cisco Secure ACS 4.2 internal database.
  We want to have a simple  external web interface so that non-technical people can create users without access to the ACS.
  Is it possible to create users in a certaing group through an script or any kind of external connector?

  Yes, that is possible.
  Scott
  P.S. Please tell us your first name and put in in your handle and/or profile to help us.

• Password Violation error while creating users from Admin interface

  Guys,
  The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
  Current System:
  1. I have configured TAM Pass-Thru authentication for End User Login Application.
  2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
  3. I have custom password policies configured for different orgainizatoions
  Problem:
  1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
  2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
  Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
  Appreciate your help!!!
  Thanks
  Vijay

  Guys,
  The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
  Current System:
  1. I have configured TAM Pass-Thru authentication for End User Login Application.
  2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
  3. I have custom password policies configured for different orgainizatoions
  Problem:
  1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
  2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
  Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
  Appreciate your help!!!
  Thanks
  Vijay

• Custom User Attribute

  Hi All,
  We have choose the ABAP as the data source for portal UME. We have a custom user attribute in the abap. Now i want to bring that custom user attribute from abap to custom user attribute in the UME.
  Any help will be rewarded.
  Thanks
  Sarang.

  Hi Sarang,
  Check this:
  UME attributemapping for R/3 datasource
  Greetings,
  Praveen Gudapati

• How to Sync User attributes between local forests?

  Hi
  We are currently migrating three AD domains to one.
  We are migrating users and distrubution groups with ADMT to the new domain, and stating to move services to the new domain. starting with sharepoint.
  But for some time, some services will remain in the three old domains. To avoid maintaining user attributes like phonenumber, address etc multiple places, I would like to schedule a sync of some user attributes from the old domains to the
  new.
  Just like DirSync between a local directory to office 365 - but how is it done with local domains and not with office365?
  So if a helpdesk user is updating a users phonenumber i one of the three old AD, it should be synced to the new domain after. I would like to run this as a schedule task every 15 minute or so.
  ADMT is like a one time migrating tool to create the users in the new domain, but I can't see that it will support user attribute
  synchronisation.
  Do you have any suggention on how I can solve this task?
  Best Regards, Steffen. 

  ADMT is like a one time migrating tool to create the users in the new domain, but I can't see that it will support user attribute
  synchronisation.
  I am not sure about the schedule task and if it is available to use in this scenario or not. You have two different security boundaries, so it is not easy as setting up a scheduled task to sync data. Even if it is possible, it would be very hard to established.
  For selected users you have to define what to sync and what not to sync and etc.
  I believe on of the things you can do is to use FIM 2010 in order to have a synchronized directory. That is the best thing you can do AFAIK.
  Sync Users between domains with Forefront 2010
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or
  to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.

• Report on Active Directory User Attributes in SCCM 2012

  I need to output a list of all users in a collection, along with certain user attributes from Active Directory. I can get part of what I need with the following query:
  SELECT v_FullCollectionMembership.ResourceID,
  v_R_User.Windows_NT_Domain0,
  v_R_User.Distinguished_Name0,
  v_R_User.Full_User_Name0,
  v_R_User.Mail0,
  v_R_User.User_Name0
  FROM v_FullCollectionMembership, v_R_User
  WHERE v_FullCollectionMembership.ResourceID = v_R_User.ResourceID
  AND v_FullCollectionMembership.CollectionID = 'SMS00002'
  If possible I need to add:
  Last logon timestamp
  User account status (enabled or disabled)
  I have added "lastLogon" and "lastLogonTimestamp" as additional attributesunder Active Directory User Discovery. This discovery method is enabled and I have run a full discovery about a month ago, and again today. I read in
  another thread that these attributes should appear in the table v_R_User, however they have not. Is v_R_User the right place to look for this or is there another view or table I can query?
  Once I have the above sorted out, how can I find the user account status in SCCM? I have done reports in the past directly from AD and used the 'useraccountcontrol' attribute and I noticed there is a column named 'User_Account_Control0' in v_R_User, however
  the values do not match those found in Active Directory.
  Thanks.

  Have you checked the attribute from the Active Directory in decimal format? Check that and compare it to the value ConfigMgr has stored in its 'User_Account_Control0'...
  User Account Control tells you multiple things of the account, for example does the account have "Smart card login required" -option checked from the account properties.
  The tricky part here is to actually get the report show you what you really want, because "useraccountcontrol" -attribute is a numeric value, you have to calculate what decimal combination means what in readable text.
  More info on the attribute can be found from here
  http://support.microsoft.com/kb/305144 and from there you can also find the values for different settings. For example:
  account is enabled = 512
  account is disabled = 514
  account is enabled with smart card = 262656

• List with user data from User Profile Service

  Hi there!
  I got SP intranet site up and running with more then 2000+ users on it.
  User Profile Services is getting users attributes from Active Directory.
  How can i make a list with all of those users and columns like Department, Manager, Office number, etc.. 
  After that i'm going to apply a filter by current user department.
  I would really appreciate some offer.
  Thanks!

  There is a sharepoint hidden list called User Information List , if you want to filter by current user department I recommend that you use ser search API and search People using SourceID 
  public static ResultTable SearchUsers(string query,int limit,string [] selectproperties)
  KeywordQuery kq = new KeywordQuery(SPContext.Current.Site);
  //select properties
  foreach (string property in selectproperties)
  kq.SelectProperties.Add(property);
  kq.SourceId = new Guid("B09A7990-05EA-4AF9-81EF-EDFAB16C4E31");
  kq.QueryText = query;
  kq.RowLimit = limit;
  ResultTableCollection results = new SearchExecutor().ExecuteQuery(kq);
  return results.Filter("TableType", KnownTableTypes.RelevantResults).FirstOrDefault<ResultTable>();
  you need to pass the query Department:CurrentUserDepartment and to get current user department 
  UserProfileManager manager = new UserProfileManager(SPServiceContext.GetContext(SPContext.Current.Site));
  UserProfile currentUser = manager.GetUserProfile(SPContext.Current.Web.CurrentUser.LoginName);
  string department=currentUser["Department"].toString();
  Hope that helps|Amr Fouad|MCTS,MCPD sharePoint 2010