Enforced disk quota on LDAP group users

Hi,
Currently, i have created individual LDAP users and LDAP group users. I have created individual network shared folder and common network shared folder with disk quotas enforced. I would appreciate if anyone could help me on how i could allow the LDAP user to access their own network shared folder as well as the common folder with disk quota enforced?
Thank you!
Stephanie

Hello Perry,
I recommend to post this query to the [BusinessObjects Enterprise Administration|BI Platform; forum.
This forum is dedicated to topics related to administration and configuration of BusinessObjects Enterprise, BusinessObjects Edge, and Crystal Reports Server.
It is monitored by qualified technicians and you will get a faster response there.
Also, all BOE Administration queries remain in one place and thus can be easily searched in one place.
Best regards,
Falk

Similar Messages

Cannot Add user to CMC Group when they are a member of LDAP group

On PreProduction Server CMC
Softerra LDAP browser used to verify user is a member of LDAP group
User does not show as a member of that group in the CMC
Cannot add user to LDAP group showing in CMC, the same group shows the member in LDAP browser
On Production Server CMC
For kicks I logged into the CMC on Production and I found the user is correctly showing as a member of the Group
Why doesn't the groups in CMC show what is actually showing in the LDAP browser?

Hi,
Check if you have also mapped in both servers the same groups. It might be that there are some groups missing in the Pre-prod.
Also, try restarting the CMS. I have seen similar issues that are solved after forcing the recreation of the graph.
If after the restart you still can't see the groups, check the mapping on the LDAP server. It might be that both servers do not use the same attribute mappings.
Regards,
Julian

Setting disk quota on Mac server for Active Directory users

I'm having trouble setting disk quotas for Active Directory users with home folders on our Mac server.
I've enabled disk quotas on the disk I'm putting home folders on, and I can set disk quotas for local users on the server just fine. But it doesn't seem to work for Active Directory users. I've tried setting disk quotas via Workgroup Manager and via the command line using edquota. But when I use the repquota command there is no quota entry for the AD user. I've run quotacheck and that didn't help either.
I also understand there's a setquota command but there's no man page on how that works.
Has anyone got disk quota for AD users working.
Better still has someone got a shell or perl script for setting quotas they could post.
Thanks
- Cameron

sorry.. I am soooooo stupid... I have to activate "File Sharing" as well.. for the user everything was already pre-activated, not for the AD users, I just saw the Time Machine checkbox grayed out ...

About disk quota in win2008r2 server(AD)

Hi,everyone:
I have a question for help. In win2008r2 domain server, I want to set disk quota on each domain users.
In default, when a user created, it belongs to Domain Users group, and disk quota applied. But if I add the user into Domain Admins group, disk quota does not apply, so is a user as administrator role is whom disk
quota does not apply in AD?
Also I have tested in local computer, administrator account(not "Administrator"), such as "admin", could
be applied also. It seems that all users except Administrator account could be set disk quota limit. Why Domain Admins not? Thanks a lot.

Hi,
What is the meaning about “disk quota does not apply”? Do you mean that disk quota cannot apply to users who member of administrators group? I have done a test, add a user to domain admin group, then disk quota can still apply to the user.
In additional, quota limits are not applied to the Administrators local group.
Managing Disk Quotas
http://technet.microsoft.com/en-us/library/dd277427.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

IMS 5.2 & User Disk Quota

Jay,
Is there any way to enforce a disk quota by directly editing some LDAP entires with ldapmodify?
I have found that some of my domains do not enforce the quota even though it was set with the GUI (NDA 4.5 Delegated Administrator)
I noticed that some users have an LDAP attribute as follows:
mailquota: 10485760 and these users have a quota enforced.
However some users, do not have such an attribute in LDAP and
even though their domain has an attribute as follows, it is not enforced.
maildomaindiskquota: 10485760
In order to enforce a quota on my current set of tools, is there a way?
Maybe each user needs a mailquota attribute?
Thanks in advance.
Tim

Thanks Jay...
I did the following:
$ ./configutil -o store.defaultmailboxquota -v 10485760
Now, I think I read somewhere you have said it is required to restart...
Would it suffice to just refresh the cache with the following command?
./imsimta restart dispatcher
Thanks as always for your support.

I get a Group Policy Disk Quota failure at every system start

This is very long, my apologies
I asked this question about a month ago and then had some medical problems so I'm starting over again.
Whenever I start my system I get a message on the screen that the system is trying to run Group Policy for Disk Quotas. To my knowledge I've never set a disk quota policy and I can't find any indication that one is currently set. I freely admit
that I could be responsible for this. I might have done something in the early days of the system because it wasn't happening for the first month or two.
This time I did more reading and found a procedure on TechNet at:
"http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" which led me step by step through the procedure, although I still can't make sense of the results.
So far I've verified that there are no policies set and that all the hard drives (3) have the Disk Quota bit 'disabled'. I did this as 'Administrator'.
The results from the TechNet procedure turned out to be quite long but I'm listing it here in hope that someone in the community will be familiar with this problem and be able to use the information to figure out the problem.
Here are the results:
From: TechNet Group Policy Testing
( "http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" )
1 - Troubleshooting using the Group Policy operational log
   a - Determine the instance of Group Policy processing
   (Before you view the Group Policy operational log, you must first determine
   the instance of Group Policy processing that failed.)
My ActivityID from the Group Policy operational log = C87E5BC2-FD21-4794-B678-787AB587D8D5
2 - Create a custom view, via a query, of the Group Policy instance
My resultant query:
<QueryList><Query Id="0" Path="Application"><Select Path="Microsoft-Windows-GroupPolicy/Operational">*[System/Correlation/@ActivityID='{C87E5BC2-FD21-4794-B678-787AB587D8D5}']</Select></Query></QueryList>
3 - Results of running the query from step 2 are listed below, in chronological order, including the complete 'detail' sections from each event.
event 4000
Event Description(s) = Computer startup
BEGIN DETAIL SECTION-----------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4000
   Version 1
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.598400000Z
   EventRecordID 22707
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyActivityId {C87E5BC2-FD21-4794-B678-787AB587D8D5}
  PrincipalSamName WORKGROUP\GROK$
  IsMachine 1
  IsDomainJoined false
  IsBackgroundProcessing false
  IsAsyncProcessing false
  IsServiceRestart false
  ReasonForSyncProcessing 2
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Checking for Group Policy client extensions that are not part of the system.
Event Description(s) = Service configuration update to standalone is not required and will be skipped.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5320
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22711
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  InfoDescription %%4161
END DETAIL SECTION-------------------------------------------------------------------------------
event 5313
Event Description(s) = The following Group Policy objects were not applicable because they were filtered out :
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5313
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22710
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  DescriptionString None
  GPOInfoList
END DETAIL SECTION-------------------------------------------------------------------------------
event 5311
Event Description(s) = The loopback policy processing mode is "No loopback mode".
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5311
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22708
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyProcessingMode 0
END DETAIL SECTION-------------------------------------------------------------------------------
event 5312
Event Description(s) = List of applicable Group Policy objects:
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5312
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22709
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  DescriptionString Local Group Policy
  GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>524296</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Extensions>[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]</Extensions></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Microsoft Disk Quota Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (Changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4016
   Version 0
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22714
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
  CSEExtensionName Microsoft Disk Quota
  IsExtensionAsyncProcessing false
  IsGPOListChanged true
  GPOListStatusString %%4102
  DescriptionString Local Group Policy
  ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Finished checking for non-system extensions.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5320
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22713
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
  - Security
   [ UserID] S-1-5-18
- EventData
  InfoDescription %%4165
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Audit Policy Configuration Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (No changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4016
   Version 0
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:21.987200000Z
   EventRecordID 22718
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
  CSEExtensionName Audit Policy Configuration
  IsExtensionAsyncProcessing true
  IsGPOListChanged false
  GPOListStatusString %%4101
  DescriptionString Local Group Policy
  ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 7016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION-------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 7016
   Version 0
   Level 2
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:21.987200000Z
   EventRecordID 22717
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEElaspedTimeInMilliSeconds 108374
  ErrorCode 2147942402
  CSEExtensionName Microsoft Disk Quota
  CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
END DETAIL SECTION-----------------------------------------------------------------------------------------
event 5016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5016
   Version 0
   Level 4
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:22.314800000Z
   EventRecordID 22720
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEElaspedTimeInMilliSeconds 312
  ErrorCode 2147483658
  CSEExtensionName Audit Policy Configuration
  CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
END DETAIL SECTION-----------------------------------------------------------------------------------------
Event 8000
Event Description(s) = Completed computer boot policy processing for WORKGROUP\GROK$ in 108 seconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 8000
   Version 1
   Level 4
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:22.330400000Z
   EventRecordID 22721
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyElaspedTimeInSeconds 108
  ErrorCode 0
  PrincipalSamName WORKGROUP\GROK$
  IsMachine 1
  IsConnectivityFailure false
END DETAIL SECTION-----------------------------------------------------------------------------------------
End of results.
Thanks to all,
wegrok
Win7 Ultimate x64, 8 GB ram, AMD Phenom 9950 Quad-proc @2.6Ghz, HD = 1TB ASUS M4N72-E mobo, Video = NVIDIA GeForce 8800 GT w/ Dell 2407 Digital Monitor -------------------------------------------------------------------------------------------------------

Did you ever have luck tracking this down? Im getting this error and have no clue where it is coming from. I have not enabled gp disk quotas, but I do have a network share on a domain member server that has quotas attached to each users folder.
I removed the quotas and still get this error when I manually perform a gpupdate.

LDAP Groups not displaying correctly in EP User Administration

I am having difficulty configuring EP to pull my Active Directory groups correctly. Currently, it is pulling a list of objects that have an objectClass of 'organizationalUnit', instead of 'group' which is how it is set-up inn Active Directory. I have tried setting the objectClass = group in the direct editing of the UM Configuration, but that does not seem to matter. Each time I change the configuration, I am re-starting the J2EE engine.
Any suggestions would be greatly appreciated
ume.acl.validate_cached_acls=FALSE
ume.admin.account_privacy=FALSE
ume.admin.addattrs=
ume.admin.allow_selfmanagement=TRUE
ume.admin.auto_password=TRUE
ume.admin.create.redirect=
ume.admin.debug_internal=FALSE
ume.admin.display.redirect=
ume.admin.modify.redirect=
ume.admin.nocache=FALSE
ume.admin.password.migration=false
ume.admin.phone_check=TRUE
ume.admin.search_maxhits=1000
ume.admin.search_maxhits_warninglevel=200
ume.admin.self.addattrs=
ume.admin.selfreg_company=FALSE
ume.admin.selfreg_guest=TRUE
ume.admin.selfreg_sus=FALSE
ume.admin.selfreg_sus.adapterid=SUS
ume.admin.selfreg_sus.adminrole=
ume.admin.selfreg_sus.deletecall=TRUE
ume.allow_nested_groups=TRUE
ume.allow_nested_roles=FALSE
ume.authenticationFactory=com.sap.security.core.logon.imp.SAPJ2EEAuthenticator
ume.cache.acl.default_caching_time=1800
ume.cache.acl.initial_cache_size=10000
ume.cache.acl.permissions.default_caching_time=3600
ume.cache.acl.permissions.initial_cache_size=100
ume.cache.default_cache=distributableCache
ume.cache.group.default_caching_time=3600
ume.cache.group.initial_cache_size=500
ume.cache.notification_time=0
ume.cache.principal.default_caching_time=3600
ume.cache.principal.initial_cache_size=500
ume.cache.role.default_caching_time=3600
ume.cache.role.initial_cache_size=500
ume.cache.user.default_caching_time=3600
ume.cache.user.initial_cache_size=500
ume.cache.user_account.default_caching_time=3600
ume.cache.user_account.initial_cache_size=500
ume.company_groups.description_template=Company
ume.company_groups.displayname_template= ()
ume.company_groups.enabled=FALSE
ume.company_groups.guestusercompany_enabled=TRUE
ume.company_groups.guestusercompany_name=Guest Users
ume.db.connection_pool.j2ee.is_unicode=FALSE
ume.db.connection_pool.j2ee.jta_transaction_support_enabled=FALSE
ume.db.connection_pool.j2ee.xatransactions_used=FALSE
ume.db.connection_pool_type=SAP/BC_UME
ume.db.or_search.max_arguments=50
ume.db.parent_search.max_arguments=300
ume.db.use_default_transaction_isolation=FALSE
ume.ldap.access.action_retrial=2
ume.ldap.access.auxiliary_naming_attribute.grup=
ume.ldap.access.auxiliary_naming_attribute.uacc=
ume.ldap.access.auxiliary_naming_attribute.user=
ume.ldap.access.auxiliary_objectclass.grup=
ume.ldap.access.auxiliary_objectclass.uacc=
ume.ldap.access.auxiliary_objectclass.user=
ume.ldap.access.base_path.grup=DC\=left,DC\=sand
ume.ldap.access.base_path.uacc=
ume.ldap.access.base_path.user=DC\=sand
ume.ldap.access.context_factory=com.sun.jndi.ldap.LdapCtxFactory
ume.ldap.access.creation_path.grup=
ume.ldap.access.creation_path.uacc=
ume.ldap.access.creation_path.user=
ume.ldap.access.dynamic_group_attribute=
ume.ldap.access.dynamic_groups=FALSE
ume.ldap.access.flat_group_hierachy=MIXED
ume.ldap.access.msads.control_attribute=userAccountControl
ume.ldap.access.msads.control_value=512
ume.ldap.access.msads.grouptype.attribute=grouptype
ume.ldap.access.msads.grouptype.value=4
ume.ldap.access.multidomain.enabled=FALSE
ume.ldap.access.naming_attribute.grup=ou
ume.ldap.access.naming_attribute.uacc=
ume.ldap.access.naming_attribute.user=
ume.ldap.access.objectclass.grup=group
ume.ldap.access.objectclass.uacc=
ume.ldap.access.objectclass.user=
ume.ldap.access.server_name=myserver
ume.ldap.access.server_port=3232
ume.ldap.access.server_type=
ume.ldap.access.size_limit=0
ume.ldap.access.ssl=FALSE
ume.ldap.access.ssl_socket_factory=com.sap.security.core.server.https.SecureConnectionFactory
ume.ldap.access.time_limit=0
ume.ldap.access.user=domain
svc_user
ume.ldap.access.user_as_account=TRUE
ume.ldap.blocked_accounts=Administrator,Guest
ume.ldap.blocked_groups=Administrators,Guests
ume.ldap.blocked_users=Administrator,Guest
ume.ldap.cache_lifetime=300
ume.ldap.cache_size=100
ume.ldap.connection_pool.connect_timeout=0
ume.ldap.connection_pool.max_connection_usage_time_check_interval=120000
ume.ldap.connection_pool.max_idle_connections=5
ume.ldap.connection_pool.max_idle_time=300000
ume.ldap.connection_pool.max_size=10
ume.ldap.connection_pool.max_wait_time=60000
ume.ldap.connection_pool.min_size=1
ume.ldap.connection_pool.monitor_level=0
ume.ldap.connection_pool.retrial=5
ume.ldap.connection_pool.retrial_interval=10000
ume.ldap.default_group_member=cn\=DUMMY_MEMBER_FOR_UME
ume.ldap.default_group_member.enabled=FALSE
ume.ldap.record_access=FALSE
ume.ldap.unique_grup_attribute=
ume.ldap.unique_uacc_attribute=samaccountname
ume.ldap.unique_user_attribute=samaccountname
ume.persistence.batch.page_size=25
ume.persistence.data_source_configuration=dataSourceConfiguration_ads_deep_readonly_db.xml
ume.persistence.pcd_roles_data_source_configuration=dataSourceConfiguration_PCDRoles.xml
ume.persistence.ume_roles_data_source_configuration=dataSourceConfiguration_UMERoles.xml
ume.principal.cache_group_hierarchy=TRUE
ume.principal.cache_indirect_parents=TRUE
ume.principal.cache_role_hierarchy=TRUE

Hi Doug,
I request your help on this. I am faced with a similar issue.
In my WinAD system, one user can be stored in multiple groups. However, the tree-structure is also present in my Windows AD hierarchy. Hence I am either using a Flat hierarchy or a Mixed hierarchy.
Changing the Datasource Configuration file to a Flat Readonly didn't solve the issue. The AD group path mentioned is correct and hence the group is visible in EP. However, I am not sure what should the UserPath be (As for now, I have kept it the same as the Group path).
Request you to please let me know what should the userpath be.
Rgds,
Sree

How to verify user LDAP group membership

Hi,
we are attempting to determine if a user is a member of a specific LDAP group in our directory and if the user is a member it should return TRUE else FALSE (this is done by defining the LDAP attribute 'CN' (property) which returns a result 'CN=<UserName> or returns 'getting 0 entries'. The query we have is
(&(cn=<username>)(memberOf=CN=<groupname>,DC=domain,DC=com)).
Any pointers on how to do this ?
Thank you.

You could do a couple of things...
1) Install dsquery (add remote AD tools to your box) and run something like
dsquery group -u <user name>
Username would be their login name, yours is "swaupadh" for example. This would return a listing of all the groups they are in and you could regex through that output for the group you are looking for. Use either the Execute Powershell or Execute Windows Command activity here.
2) Use powershell functions and powershell capability to check for group membership, something like this:
function Get-GroupMembership($DN,$group){
$objEntry = [adsi]("LDAP://"+$DN)
$objEntry.memberOf | where { $_ -match $group}
//EXAMPLE CALL
Get-GroupMembership "Cn=kazun,dc=contoso,dc=com" "Backup Operators"
Then you can regex through the output for the "True" or "False" word and run with that.
Either should get you what you want.

Provision a user into an LDAP Group/Organisation

Is it possible to provision a user into a Role that is mapped to an LDAP Group/Organisation through Identity Manager? I've seen that you can add users directly into LDAP groups, but we would like to add users into groups where they already have an account in the Resource/Directory.
For example I want to allow an existing user;
uid=User1,ou=Users,o=mycompany
to access a resource protected by LDAP Group;
cn=AppGroup1,ou=Groups,o=mycompany
this group would be mapped to an Application or Business Role within Identity Manager.
Is this possible?

If I understand your problem correctly then there is no need for customizing the resource adapter java source code at all. You can "calculate" in which OU or O a user is created by customizing the resource's identity template. Just add a variable to the identity template DN and "calculate" that variable in either your form or map it to IGNORE_ATTR on the resource and then you could even set that value in a role.
Same for adding a user into a directory group. Map the respective groups attribute and create a role for that resource, then configure the role to set the group attribute or merge the values - as simple as that. Or did I misunderstand what you are trying to do?

LDAP groups from User View

Hi All,
Can anyone tell me how I can retrieve the LDAP groups from a User View? When I retrieve a user View I don't see where the LDAP groups are located on the View. Is there an attribute I'm missing or is there an alternative mechanism to retrieve the LDAP groups from a User view?

In the user view, you will have to customize the user view form per documentation. Add a multi-select field if editing, or a list/text area using the ldapGroups from the resource. You can find more on ldapGroups in the documentation for resource adapters. Sample code also helps.

How to remove User IDs for deleted users from the Disk Quota list

Hello,
We have a computer lab setup with an Xserve managing 15 stations in the lab. Users are setup with networked home directories and quota's are setup on the drive containing the home directories to limit users' storage.
The user account and the quota limit are setup with Workgroup Manager. When a student has been gone for a while and we are sure they no longer need the account we delete their account within Workgroup Manager and move their Home folder to the trash.
When viewing disk usage in Server Admin (by selecting the volume and clicking the Quatas tab) user ids for deleted users are listed and it still shows the disk usage and quota settings for the user.
How can I remove theses user ids from the quota list?
Any help would be appreciated.
Brian

I would restore User's file structre back to normal just by copying from standby user?
Did you mean copy files to a new user profile? If so, hope this link can be helpful for you
http://windows.microsoft.com/en-in/windows/fix-corrupted-user-profile#1TC=windows-7
For the unknown user, as you said, it's probably a user account from second OS or
action. If you're annoying about this unknown user, then you can remove all occurrences of granted rights to the specified SID with this command icals [/remove[:g|:d]] <Sid>[...]] [/t] [/c] [/l] [/q]
http://technet.microsoft.com/en-us/library/cc753525.aspx
Yolanda Zhu
TechNet Community Support

Prepopulating users LDAP Group Information

Hi
When i provsion a user using sun connector manually, i am having an option to select from lookup the group to which the user must be a member.
How do i prepoulate this information based on the users' organization
sas

refer to this link for the solution.
Provisioning OIM Users to LDAP Groups
Thank you
sas

LDAP Group is empty while the LDAP group have 150 users

Hi,
My BOE is mapped to the corporate LDAP, and the LDAP group is already mapped to a BO group.
The problem is that the LDAP Group is empty while the LDAP group have 150 users.
Currently, just after each user login at the first time the user is created under the BO Group.
Is there any way to populate the BO Group automatically?
Best Regards,
DoronS

Hi,
yes there is. Check your LDAP Authentication Tab and select "Create new aliases when the Alias Update occurs"
It should be under your Alias settings.
But please note that you than require 150 licenses. So each users gets a license even if he doesnt use the BOE System but is part of the LDAP Group.
Regards
-Seb.

Portal Roles added to the LDAP group is not showing up for users

Hello expert,
I have implemented SSO for Enterprise Portal and MS LDAP. It is working fine but when I assigned roles to the LDAP group instead of UME group, they are not taking effect when I refresh the browser. My service account that I set up in the keytab file is a read only account for the LDAP. Is there some permission issue that I have to do to be able to add Portal roles or groups to LDAP groups?

Hi,
By default the LDAP integration configuration file is readonly.
In this case, is not possible to modify data in LDAP.
You must to connect in read-write mode; and I think that, furthermore, you need to configure SSL between Portal and LDAP in order to use read-write mode.
regards,

Disk Quota support?

Hey Folks,
I've got a 10.5 server with an attached RAID volume that I'd like to apply user and group quotas to. I can only find quota configuration options for the user's home folder, but I'd prefer to not enable home folders on the system if possible.
I've got a single share on the RAID volume called "Guests", and have created a group called "serverguests" who are allowed to mount and read/write the "Guests" share via AFP or SMB protocols. I cannot figure out how to limit certain members of the "serverguests" group, or the entire group itself, in terms of a disk quota.
I've tried using "edquota", but that command doesnt do anything. At first it created the ".quota.users" and similar files (command was: sudo "edquota -g serverguests"...as described in the server documentation and the command man page) but it didnt open them for editing. I manually removed the quota files from the root of the RAID drive, and now the "edquota" command will not create new files. It doesnt give any errors...it seems to do nothing. Using "quotacheck" the system reports that no users or groups on the system have any quota restrictions.
How do I get OS X 10.5 server, updated with all the latest updates (including stuff like iTunes and Safari) to have quotas for users? At the very most I could create guest users' home folders in the "Guests" share and invoke the home folder quota, but I'd much prefer to be able to apply quotas to any share I'd like.
Thanks a bunch.

I am having a similar problem..
I am attempting to create quotas on a file server connected to a different OD master server for users in the OD directory and not having success. Doing "edquota -u <ldapuser>" I do get the vi edquota editor and I can successfully edit quotas for an ldap user that appear to be saved somewhere (when i exit and then do it again my edits are still there, so I assume it is editing the .quota.user file) but doing "repquota -a" the user does not show up in the list or in the list under the quota tab in Server Admin -> File Sharing; Only all of the local users show up (_spotlight, _lp, daemon, etc). I can't use network home folders because the clients are using local home folders.
In summary, I want to create a single share on a dedicated leopard file server that network users whose accounts are in a separate OD master can access and still have disk quotas enforced on these users... does anyone know if leopard supports this? I can't seem to find anything on the web other than this excellent tutorial http://www.secure-computing.net/wiki/index.php/HFS%2BDiskQuotas which, while good, doesn't help me.

Enforced disk quota on LDAP group users

Similar Messages

Maybe you are looking for