Escalation policy with groups - LDAP
Hi,
I have my BPEL system configured to go against LDAP instead of the default users' file.
Now I have a human task which I want to escalate. I have achieved the escalation using users. I mean, the task was assigned to a user(u1) and this user has a manager(u2) set in ldap, when the expiry date is over, the task is assigned automatically to the manager.
In order to get this working, I had to set for both users the following attributes:
title
manager
Now I want to do this using groups instead of users. I already assigned the human task to a group (A), and have another group(B) managing the first group(A).
So group A has the attribute managedBy set to B.
But this does not work. The task is created and it expires but does not escalate to anyone, and no errors appear in the logs. It is like the soa suite is not finding who to escalate the task to.
I'm using active directory and I don't find the attributes title and manager for the group.
Please, can anyone tell me how to do this? I'm running out of ideas....
Thanks in advance,
Zaloa
null
Any suggestions?
Please! I need help with this! Thank you....
Similar Messages
-
How to use management chain and escalation hierarchies with LDAP
Hi,
I have experienced now with the management chain pattern and escalation feature. I have used the standard file-based security provider (JAZN and user-properties.xml). You can easily define a user hierarchy using the user-properties.xml file to define the escalation path and the management chain in terms of hierarchy levels.
In a production environment in most cases you will use LDAP as the security provider. I wonder if it is possible to define such an user hierarchy in LDAP. I now you can create a role-based hierarchy, but in cases this will be to much and you need user based hierarchy.
Another issue is that you can also define a highest level op approval. Hower you onlyonly define manager/director/ceo, used in the user-properties.xml file. How can you tell jdeveloper to use other custom roles?
Does anyone has experience of suggentions om this issue?
Kind regards,
-TomTom,
I can address parts of your question, please see below:
How can you tell jdeveloper to use other custom roles?JDeveloper picks up users from the Integration Server connection. So, if the server is configured with the LDAP configured server, you will see users and groups from that registry. JDeveloper (the human task editor dialog) does not go directly against the LDAP.
I wonder if it is possible to define such an user hierarchy in LDAPYes. That is the way it has been designed.
I now you can create a role-based hierarchy, but in cases this will
be to much and you need user based hierarchy.Making a user specific hierarchy has problems - what if a user leaves the company? The role based hierarchies solve this problem very well. May be I misunderstand your question.
I will have a colleague, who works on identity management, look at your question.
Regards,
Sidda. -
Dear All,
We are having an infrastructure setup of around 500 client computers managed through group policy.
Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
It would be great if you can assist me with the following query.
How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
Can we disable Network Tab on the left hand pane ?
explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.> * explorer.exe is blocked already, but users are able to enter the
> Windows Explorer by clicking on the name which is visible on the
> Start Menu.
You cannot block explorer.exe when you do not replace the shell - the
desktop you see effectively IS explorer.exe...
Your requirement sounds like you need a custom shell:
http://gpsearch.azurewebsites.net/#2812
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Excel 2003 problem with group policy
When I manually install EMET Excel 2003 works. When Emet is installed via Group Policy Excel 2003 fails to open. Excel 2010 works whether EMET is installed locally or with Group Policy. Any ideas?
I would try exporting the policy on both installs using emet_conf --export and comparing the 2 policies
GBS Premier Field Engineer Cybersecurity Check out my blog http://blogs.technet.com/kfalde or better yet check out http://technet.com/wiki and start contributing :) -
Remove the "Safety" tab from IE 11 tools with group policy
Is there any way to remove the "Safety" tab or it's contents from the
tools button in the upper right hand corner of IE 11 with Group Policy 2008 r2. I am using a GPMC on a windows 8.1 computer running IE 11. All of the computers we manage are Windows 7 pro running IE 10 or IE 11. The computers I am trying to remove the "Safety"
from are used as library catalog computers. We have them pretty well locked down with group policy and a squid server. I just need to remove the "Safety" or the contents in it. I would love to remove the "Tools" all together but haven't
found a way.
I thought maybe I could use the "Force Full Screen" but need a back, forward
and home button.Hi,
There is no method to remove this button.
If no, like that thread, firewall and proxy could meet your requirement.
Creating Rules that Block Unwanted Outbound Network Traffic
http://technet.microsoft.com/en-us/library/cc732306(v=ws.10).aspx
For Proxy, you could use this group policy to disable user to change connection setting. Navigate to
Computer Configuration\Administrative Templates\Windows Components\Internet Explorer
Find the following entry and enable it.
disable changing connection settings
Then don't grant admin permission to other user so that they cannot do any changing on computer.
Karen Hu
TechNet Community Support -
How to edit Printer Connections in GPO created through Print Management's "Deploy with Group Policy"
Hi there,
I have used the right-click "Deploy with Group Policy" in Print Management on Windows Server 2012 to deploy a printer connection to a GPO.
When you look at the GPO Settings, the Printer Connection is visible under User Configuration -> Policies -> Windows Settings -> Printer Connections -> Path: \ \ printserver\PrinterName.
However, I cannot edit or delete that Printer Connection Path, which would be necessary if I had to rename or delete the printer referenced. If you Edit the GPO, "Printer Connections" is not available under Windows
Settings, only Scripts, Security Settings, Folder Redirection, and Policy-based QoS.
Is there a way to edit the GPO's Printer Connections that are created with "Deploy with Group Policy"?
Thanks for your help.Hi,
How do you want to edit the printer connection? Do you want to edit the path of printer connection?
Based on my test, we can’t edit the printer connection directly in GPO. We can edit the path of printer connection in printer management.
For detail steps, we can refer to the method Miles Zhang provided in the following link:
Where is "Printer Connections set"?
https://social.technet.microsoft.com/Forums/windowsserver/en-US/77e2b4be-7372-4cb2-9d21-bca83f472fc3/where-is-printer-connections-set?forum=winserverGP
Best Regards,
Erin -
Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2)
Dear ALL,
I want to Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2) as per below description. Can someone please help me how to proceed and achieve this.
Pin the following applications to the Taskbar:
Outlook
Pin the following applications to the Start Menu:
Outlook
Excel
Word
Internet Explorer
Software Center
Regards,
Amit Kumar Raohttps://www.google.de/search?q=windows+7+pin+to+taskbar+vbs
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Deploy reader 10.1.3 with group policy
I would like to install 10.1.3 with group policy. I can download the .exe file but extracting it to be an .msi is a struggle. These are Enterprise Windows 7 machines that already have adobe reader 10.1.1 on them. Please help. Thanks.
Moving this discussion to the Adobe Reader forum.
-
Deploying Files with Group Policy - Help Needed
Hi,
I am trying to use group policy to deploy files and folders to our server estate. The policy I have created first creates a folder on each server's C drive and then coppies a set of files to this folder from a network share. The folder creation works fine
but the files copy fails. In the Application logs on the servers it displays the following error:
The computer 'ILMT' preference item in the 'GPO - Servers_Production_ALL {CC026B58-FA3B-4399-AA00-AE8E844B2B47}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
Can anyone advise what exactly does not have access here? I don't know what I need to enable to get this to work.
Can anyone help?
Many thanks
JamesThe copy is on a file server share. presumably if I just give everybody read access to the share that would suffice?
No it won't.
"Sharing" requires several actions:
a) create the folder
b) share the folder
c) grant NTFS permissions on the folder
I think you've neglected action (c).
For your scenario, you need to grant the "server computers" read permissions to the folder.
You can add individual computer accounts, or a group, or "domain computers".
(In a similar way, you could grant access to a user, a group, or "domain users")
[if you need everybody (users) *AND* everything (computers), you could grant permissions to "authenticated users" since that principal includes *BOTH* users and also computers]
Note that "domain computers" and "authenticated users" include all types of domain member computers, i.e. servers, workstations, etc.
Also, note that granting a "computer account" access to a folder or share, does *NOT* mean that a user account on that computer can access the remote share, i.e. permission is granted to the computer account, and a logged-in user account on
that computer does not inherit any kind of access to the remote share by virtue of being logged in.
This means that the computer can access the share but the user cannot access the share. Because the computer account is an identity/principal of it's own accord.
[None of which really has anything to do with Group Policy at all - it's how Windows does file sharing and ACLs... ;)
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
How to Managing Firefox Settings with Group Policy?
Hi
Is there any way to manage Firefox Settings through Windows group policy?
I want to replace Firefox with IE in the network but don't know how to customize the settings with GPO.There are some third party solutions that have worked for others in the past:
You would need a user.js file and a lock file with a list a preferences please see the instructions on how to do this:
*[kb.mozillazine.org/Locking_preferences]
*[https://mike.kaply.com/2014/12/16/managing-firefox-with-group-policy-and-policypak/] -
Config UME with ABAP+LDAP datasource
Hi all,
We are implementing an EP installation. We want to reuse the abap role assignment for the portal roles and we require a SSO solution based on SPNego.
Now we can implement each on it's own fine. The question is how we can connect the ume to use both abap and ldap datasource. I opened an OSS about it and they said it's possible, supported but I'm on my own when it comes to implementing it (or consulting offcourse).
Anyone had experience with this configuration or can provide me with the datasource schema file?
Thank in advance,
EricTry the following:
1. Download the SPNegoWizard_645.zip (for 7.0) SPNegoWizard_640 (for 6.40)from SAP Note 994791 and unzip it.
2. Adjust the user running the SAP system in Active Directory
3. Copy the EAR and XML Files from the SPNegoWizard.ZIP file to a temporary directory on the server.
4. Open up the Visual Administrator. Logon with the admin ID.
5. SID ->Server -> Services -> Deploy
6. Open the Config Tool. (Yes to using DB settings)
7. Select UME LDAP Data
8. Browse to the XML file you copied earlier. (dataSourceConfiguration_ads_readonly_db_with_krb5.xml)
Click the upload button.
9. Select the Configuration file you just uploaded. Click OK on the Warning message.
10. Setup the Connection details as specified below:
Server Name: xxxxxx
Server Port: xxxxxxx
User: SAPService<SID>@domain.com
Password: xxxxxx
Use UME unique id with unique LDAP attribute (checked): samaccountname
User Path: dc=<domain>,dc=com
Group Path: ou=xxxxxx,ou=xxxx,dc=xxxx,dc=xxxx
11. Click the Test Connection button you should see:
Click Close when done.
12. Click the Test Authentication button, enter NT user ID and NT password, and click the authenticate button and you should get a success message:
13. Select cluster-data Global Server Configuration services com.sap.security.core.ume.service
14. Edit the ume.admin.addattrs.
Add the values: krb5principalname;kpnprefix;dn
Click the Set button.
15. Click the Save button or File -> Apply.
16. Close the Config tool and restart the JAVA engine.
17. After the engine is restarted, continue on with the Kerberos configuration.
18. Open up the SP Nego Wizard by going to the following URL: http://<server>:<port>/spnego
19. Logon with the Administrator user ID.
20. Select the check boxes for the u201CService user is created and configured in Active Directoryu201D and u201CUME configuration includes SPNego specific settingsu201D
Click the Next button
21. Click the Add Kerberos Realm button and enter your domain name (e.g. company.com)
22. For the Realm Configurationu2019s KDCs (Key Distribution Centers) put in <KDC host> and 88 for the port (the port should already be filled in.
23. In the KPN (Kerberos Principal Name) section enter the Service User Name & Password.
Service User: SAPService<SID>
Password: xxxx
Leave LDAP Host - blank
24. Click the Next button
25. Select Prefix Based for the Resolution Mode and Click Next
26. In Policy Configuration we want to create a new policy called spnego. Tick Basic password Fallback (when SSO do not work) and tick SSO with Logon Tickets. Click the Next button.
27. Click Finish on the Confirmation screen.
28. Close the browser and restart the engine.
29. After the engine has finished restarting, continue with the final steps.
30. Open up the Visual Administrator. Logon as the Administrator ID.
31. SID Server Services Security Provider
32. Go into change mode by clicking the change button.
33. On the Runtime tab Policy Configurations tab Select ticket from the Components list.
34. On the Authentication tab for the ticket component select Authentication Template: spnego
35. Now go to the useradmin service (http://<server>:<port>/useradmin) to test the Kerberos SSO. You should get signed on without entering a user name or password.
You are done! -
Any issues with using LDAP on LINUX for GRC 5.2 UME?
Our company is converting our LDAP servers from AIX to LINUX. The DNS name used in our UME connection should not change. Are there any issues with using LDAP on LINUX? We are currently on GRC 5.2 SP9 (in the middle of upgrading to SP12).
Also, I have been trying to connect our test UME system to a test LDAP box that has already been converted to LINUX but keep getting a 'connection failed' error when I try to test it.
Do you have to reboot the server to test changing the LDAP connections? I've been trying it by going into UME, pulling up the LDAP tab, hitting the Modify button, entering the new userid and password for test LDAP, and hitting the Test Connection button. I've verified that this userid and password is correct for test LDAP.
Is there a way to get more information about why the connection failed?
Thanks.I've been told by our LDAP Support group that none of the other configuration settings should have to be changed. I should only have to change the id and password to connect to a test version of LDAP instead of our regular connection to the production LDAP.
Can you test a connection for a different userid/password without having to reboot/restart the server? Do I need to change these two settings, save then, reboot/restart, and then do the Test Connection button?
Thanks. -
Show Stopper today with eDirectory (LDAP)
We are currently setting up Sun IDM 5.5 and are trying to do
reconciliation with an eDirectory 8.6.2 (10350.29) but are experiencing
severe performance issues. The directory contains groups with large scale
membership base, some groups 25.000+ members.
Same scenario occurs with Sun IDM 5.0 SP5.
When isolating to a single OU as baseDN with 10 accounts, a full clean
reconciliation takes 6-10 minutes. The network has thoroughly been
debugged, and no errors or issues have been found. Manual browsing in the
eDirectory with various ldap-tools without any issues. The total case
involves a total of more than 30.000+ accounts.
A test with identical user data in a Sun Directory Server 5.2 does the reconciliation take approx 2-3 seconds.
The eDirectory LDAP RA adapter can be viewed below. Any insight, or similar experiences are of great value and importance! Anything that can help me get this on track...
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Resource PUBLIC 'waveset.dtd' 'waveset.dtd'>
<!-- MemberObjectGroups="#ID#Top" hostname="130.243.85.109" id="#ID#F77594225BD088E0:775121:1065E88DBC9:-7FE5" name="NDS" startupType="Disabled" supportedObjectTypes="Group|Domain|Organization|Organizational Unit" supportsContainerObjectTypes="true" supportsScanning="false" syncEnabled="false" syncSource="true" type="LDAP"-->
<Resource id='#ID#F77594225BD088E0:775121:1065E88DBC9:-7FE5' name='NDS' creator='Configurator' createDate='1126879507899' lastModifier='Configurator' lastModDate='1126886340268' lastMod='19' class='com.waveset.adapter.LDAPResourceAdapter' typeString='LDAP' typeDisplayString='com.waveset.adapter.RAMessages:RESTYPE_LDAP' hasId='true' facets='provision' timeLastExamined='0' reconcileTime='0' syncSource='true' startupType='Disabled'>
<ResourceAttributes>
<ResourceAttribute name='host' displayName='com.waveset.adapter.RAMessages:RESATTR_HOST' description='RESATTR_HELP_240' value='130.243.85.109'>
</ResourceAttribute>
<ResourceAttribute name='port' displayName='com.waveset.adapter.RAMessages:RESATTR_PORT' description='RESATTR_HELP_264' value='389'>
</ResourceAttribute>
<ResourceAttribute name='ssl' displayName='com.waveset.adapter.RAMessages:RESATTR_SSL' description='RESATTR_HELP_281' value='0'>
</ResourceAttribute>
<ResourceAttribute name='principal' displayName='com.waveset.adapter.RAMessages:RESATTR_USERDN' description='RESATTR_HELP_271' value='cn=admin,ou=nds,ou=res,o=mdh'>
</ResourceAttribute>
<ResourceAttribute name='credentials' displayName='com.waveset.adapter.RAMessages:RESATTR_PASSWORD' type='encrypted' description='RESATTR_HELP_219' value='izkkkM1YJto='>
</ResourceAttribute>
<ResourceAttribute name='baseContext' displayName='com.waveset.adapter.RAMessages:RESATTR_BASE_CTXS' description='com.waveset.adapter.RAMessages:RESATTR_BASE_CTX_DESC' multi='true' value='ou=06,ou=STUDENT,ou=ANV,o=mdh'>
</ResourceAttribute>
<ResourceAttribute name='Object Class' displayName='com.waveset.adapter.RAMessages:RESATTR_OBJECT_CLASS' description='RESATTR_HELP_253' multi='true'>
<value>top</value>
<value>person</value>
<value>organizationalPerson</value>
<value>inetorgperson</value>
<value>ndsLoginProperties</value>
</ResourceAttribute>
<ResourceAttribute name='ldapSearchFilter' displayName='com.waveset.adapter.RAMessages:RESATTR_LDAP_SEARCH_FILTER' description='com.waveset.adapter.RAMessages:RESATTR_HELP_LDAP_SEARCH_FILTER'>
</ResourceAttribute>
<ResourceAttribute name='includeObjClassesInSearchFilter' displayName='com.waveset.adapter.RAMessages:RESATTR_INCL_OBJCLASSES_IN_SEARCH_FILTER' type='boolean' description='com.waveset.adapter.RAMessages:RESATTR_HELP_INCL_OBJCLASSES_IN_SEARCH_FILTER' value='true'>
</ResourceAttribute>
<ResourceAttribute name='wsname' displayName='com.waveset.adapter.RAMessages:RESATTR_WSNAME' description='RESATTR_HELP_292' value='cn'>
</ResourceAttribute>
<ResourceAttribute name='Display Name Attribute' displayName='com.waveset.adapter.RAMessages:RESATTR_DISPLAY_NAME_ATTR' description='RESATTR_HELP_41'>
</ResourceAttribute>
<ResourceAttribute name='Use blocks' displayName='com.waveset.adapter.RAMessages:RESATTR_USE_BLOCKS' description='RESATTR_HELP_192' value='1'>
</ResourceAttribute>
<ResourceAttribute name='blockCount' displayName='com.waveset.adapter.RAMessages:RESATTR_BLOCKCOUNT' description='RESATTR_HELP_34' value='100'>
</ResourceAttribute>
<ResourceAttribute name='groupMemberAttr' displayName='com.waveset.adapter.RAMessages:RESATTR_GRP_MBR_ATTR' description='RESATTR_HELP_233' value='groupMembership'>
</ResourceAttribute>
<ResourceAttribute name='Password Hash Algorithm' displayName='com.waveset.adapter.RAMessages:RESATTR_PASSWORD_HASH_ALG' description='RESATTR_HELP_49'>
</ResourceAttribute>
<ResourceAttribute name='changeNamingAttr' displayName='com.waveset.adapter.RAMessages:RESATTR_MOD_NAMING_ATTR' description='RESATTR_HELP_47' value='0'>
</ResourceAttribute>
<ResourceAttribute name='Object Classes to Synchronize' displayName='com.waveset.adapter.RAMessages:RESATTR_ACTIVE_SYNC_OBJECT_CLASSES' description='com.waveset.adapter.RAMessages:RESATTR_HELP_ACTIVE_SYNC_OBJECT_CLASSES' multi='true' facets='activesync'>
<value>person</value>
<value>organizationalPerson</value>
<value>inetorgperson</value>
</ResourceAttribute>
<ResourceAttribute name='LDAP Filter for Accounts to Synchronize' displayName='com.waveset.adapter.RAMessages:RESATTR_ACTIVE_SYNC_LDAP_FILTER' description='com.waveset.adapter.RAMessages:RESATTR_HELP_ACTIVE_SYNC_LDAP_FILTER' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='Attributes to synchronize' displayName='com.waveset.adapter.RAMessages:RESATTR_ATTRIBUTE_FILTER' description='com.waveset.adapter.RAMessages:RESATTR_HELP_ATTRIBUTE_FILTER' multi='true' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='When reset, ignore past changes' displayName='com.waveset.adapter.RAMessages:RESATTR_RESET_TO_TODAY' description='com.waveset.adapter.RAMessages:RESATTR_HELP_LDAPAS_RESET_TO_TODAY' facets='activesync' value='1'>
</ResourceAttribute>
<ResourceAttribute name='Change Log Blocksize' displayName='com.waveset.adapter.RAMessages:RESATTR_BLOCKSIZE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_36' facets='activesync' value='100'>
</ResourceAttribute>
<ResourceAttribute name='Change Number Attribute Name' displayName='com.waveset.adapter.RAMessages:RESATTR_CHANGE_NUMBER_ATTRIBUTE_NAME' description='com.waveset.adapter.RAMessages:RESATTR_HELP_37' facets='activesync' value='changenumber'>
</ResourceAttribute>
<ResourceAttribute name='Filter Changes Made By' displayName='com.waveset.adapter.RAMessages:RESATTR_FILTER_CHANGES_BY' description='com.waveset.adapter.RAMessages:RESATTR_HELP_FILTER_CHANGES_BY' multi='true' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='Proxy Administrator' displayName='com.waveset.adapter.RAMessages:RESATTR_PROXY_ADMINISTRATOR' description='com.waveset.adapter.RAMessages:RESATTR_HELP_30' value='Configurator'>
</ResourceAttribute>
<ResourceAttribute name='Input Form' displayName='com.waveset.adapter.RAMessages:RESATTR_FORM' description='com.waveset.adapter.RAMessages:RESATTR_HELP_26'>
</ResourceAttribute>
<ResourceAttribute name='Pre-Poll Workflow' displayName='com.waveset.adapter.RAMessages:RESATTR_PREPOLL_WORKFLOW' description='com.waveset.adapter.RAMessages:RESATTR_PREPOLL_WORKFLOW_HELP'>
</ResourceAttribute>
<ResourceAttribute name='Post-Poll Workflow' displayName='com.waveset.adapter.RAMessages:RESATTR_POSTPOLL_WORKFLOW' description='com.waveset.adapter.RAMessages:RESATTR_POSTPOLL_WORKFLOW_HELP'>
</ResourceAttribute>
<ResourceAttribute name='Maximum Archives' displayName='com.waveset.adapter.RAMessages:RESATTR_MAX_ARCHIVES' description='com.waveset.adapter.RAMessages:RESATTR_HELP_MAX_ARCHIVES' value='3'>
</ResourceAttribute>
<ResourceAttribute name='Maximum Age Length' displayName='com.waveset.adapter.RAMessages:RESATTR_MAX_LOG_AGE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_MAX_LOG_AGE'>
</ResourceAttribute>
<ResourceAttribute name='Maximum Age Unit' displayName='com.waveset.adapter.RAMessages:RESATTR_MAX_LOG_AGE_UNIT' description='com.waveset.adapter.RAMessages:RESATTR_HELP_MAX_LOG_AGE_UNIT'>
</ResourceAttribute>
<ResourceAttribute name='Log Level' displayName='com.waveset.adapter.RAMessages:RESATTR_LOG_LEVEL' description='com.waveset.adapter.RAMessages:RESATTR_HELP_27' value='2'>
</ResourceAttribute>
<ResourceAttribute name='Log File Path' displayName='com.waveset.adapter.RAMessages:RESATTR_LOG_PATH' description='com.waveset.adapter.RAMessages:RESATTR_HELP_28'>
</ResourceAttribute>
<ResourceAttribute name='Maximum Log File Size' displayName='com.waveset.adapter.RAMessages:RESATTR_LOG_SIZE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_29'>
</ResourceAttribute>
<ResourceAttribute name='Scheduling Interval' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_INTERVAL' description='com.waveset.adapter.RAMessages:RESATTR_HELP_51'>
</ResourceAttribute>
<ResourceAttribute name='Poll Every' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_INTERVAL_COUNT' description='com.waveset.adapter.RAMessages:RESATTR_HELP_52'>
</ResourceAttribute>
<ResourceAttribute name='Polling Start Time' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_START_TIME' description='com.waveset.adapter.RAMessages:RESATTR_HELP_56'>
</ResourceAttribute>
<ResourceAttribute name='Polling Start Date' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_START_DATE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_54'>
</ResourceAttribute>
<ResourceAttribute name='useInputForm' displayName='com.waveset.adapter.RAMessages:RESATTR_USE_INPUT_FORM' type='boolean' description='com.waveset.adapter.RAMessages:RESATTR_USE_INPUT_FORM_HELP' facets='activesync' value='true'>
</ResourceAttribute>
<ResourceAttribute name='parameterizedInputForm' displayName='com.waveset.adapter.RAMessages:RESATTR_PARAMETERIZED_INPUT_FORM' description='com.waveset.adapter.RAMessages:RESATTR_PARAMETERIZED_INPUT_FORM_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='activeSyncPostProcessForm' displayName='com.waveset.adapter.RAMessages:RESATTR_SYNC_POST_PROCESS_FORM' description='com.waveset.adapter.RAMessages:RESATTR_SYNC_POST_PROCESS_FORM_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='activeSyncConfigMode' displayName='com.waveset.adapter.RAMessages:RESATTR_SYNC_CONFIG_MODE' description='com.waveset.adapter.RAMessages:RESATTR_SYNC_CONFIG_MODE_HELP' facets='activesync' value='basic'>
</ResourceAttribute>
<ResourceAttribute name='processRule' displayName='com.waveset.adapter.RAMessages:RESATTR_PROCESS_RULE' description='com.waveset.adapter.RAMessages:RESATTR_PROCESS_RULE_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='correlationRule' displayName='com.waveset.adapter.RAMessages:RESATTR_CORRELATION_RULE' description='com.waveset.adapter.RAMessages:RESATTR_CORRELATION_RULE_HELP' facets='activesync' value='CORRELATION_RULE_NONE'>
</ResourceAttribute>
<ResourceAttribute name='confirmationRule' displayName='com.waveset.adapter.RAMessages:RESATTR_CONFIRMATION_RULE' description='com.waveset.adapter.RAMessages:RESATTR_CONFIRMATION_RULE_HELP' facets='activesync' value='CONFIRMATION_RULE_NONE'>
</ResourceAttribute>
<ResourceAttribute name='deleteRule' displayName='com.waveset.adapter.RAMessages:RESATTR_DELETE_RULE' description='com.waveset.adapter.RAMessages:RESATTR_DELETE_RULE_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='createUnmatched' displayName='com.waveset.adapter.RAMessages:RESATTR_CREATE_UNMATCHED' description='com.waveset.adapter.RAMessages:RESATTR_CREATE_UNMATCHED_HELP' facets='activesync' value='true'>
</ResourceAttribute>
<ResourceAttribute name='resolveProcessRule' displayName='com.waveset.adapter.RAMessages:RESATTR_RESOLVE_PROCESS_RULE' description='com.waveset.adapter.RAMessages:RESATTR_RESOLVE_PROCESS_RULE_HELP' facets='activesync'>
</ResourceAttribute>
<ResourceAttribute name='populateGlobal' displayName='com.waveset.adapter.RAMessages:RESATTR_POPULATE_GLOBAL' description='com.waveset.adapter.RAMessages:RESATTR_POPULATE_GLOBAL_HELP' facets='activesync' value='false'>
</ResourceAttribute>
</ResourceAttributes>
<AccountAttributeTypes nextId='15'>
<AccountAttributeType id='2' name='accountId' syntax='string' mapName='cn' mapType='string' required='true'>
<AttributeDefinitionRef>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:accountId' name='accountId'/>
</AttributeDefinitionRef>
</AccountAttributeType>
<AccountAttributeType id='3' name='password' syntax='encrypted' mapName='userPassword' mapType='string'>
<AttributeDefinitionRef>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:password' name='password'/>
</AttributeDefinitionRef>
</AccountAttributeType>
<AccountAttributeType id='4' name='firstname' syntax='string' mapName='givenname' mapType='string'>
<AttributeDefinitionRef>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:firstname' name='firstname'/>
</AttributeDefinitionRef>
</AccountAttributeType>
<AccountAttributeType id='5' name='lastname' syntax='string' mapName='sn' mapType='string' required='true'>
<AttributeDefinitionRef>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:lastname' name='lastname'/>
</AttributeDefinitionRef>
</AccountAttributeType>
<AccountAttributeType id='8' name='loginDisabled' syntax='string' mapName='loginDisabled' mapType='string'>
</AccountAttributeType>
<AccountAttributeType id='9' name='fullname' syntax='string' mapName='fullname' mapType='string'>
</AccountAttributeType>
<AccountAttributeType id='10' name='email' syntax='string' mapName='mail' mapType='string'>
</AccountAttributeType>
<AccountAttributeType id='11' name='ssn' syntax='string' mapName='workforceId' mapType='string'>
</AccountAttributeType>
<AccountAttributeType id='12' name='description' syntax='string' mapName='description' mapType='string'>
</AccountAttributeType>
</AccountAttributeTypes>
<Template>
<text>cn=</text>
<ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:accountId' name='accountId'/>
<text>,ou=06,ou=STUDENT,ou=ANV,o=mdh</text>
</Template>
<Retries max='0' delay='10' emailThreshold='5'/>
<ObjectTypes>
<ObjectType name='Group' nameKey='UI_RESOURCE_OBJECT_TYPE_GROUP' icon='group'>
<ObjectClasses primary='groupOfUniqueNames' operator='OR'>
<ObjectClass name='groupOfNames'/>
<ObjectClass name='groupOfUniqueNames'/>
</ObjectClasses>
<ObjectFeatures>
<ObjectFeature name='create'/>
<ObjectFeature name='update'/>
<ObjectFeature name='delete'/>
<ObjectFeature name='rename'/>
<ObjectFeature name='saveas'/>
</ObjectFeatures>
<ObjectAttributes idAttr='dn' displayNameAttr='cn' descriptionAttr='description' objectClassAttr='objectclass'>
<ObjectAttribute name='cn' type='string'/>
<ObjectAttribute name='description' type='string'/>
<ObjectAttribute name='owner' type='distinguishedname' namingAttr='cn'/>
<ObjectAttribute name='uniqueMember' type='distinguishedname' namingAttr='cn'/>
</ObjectAttributes>
</ObjectType>
<ObjectType name='Domain' nameKey='UI_RESOURCE_OBJECT_TYPE_DOMAIN' icon='folder' container='true'>
<ObjectClasses operator='AND'>
<ObjectClass name='domain'/>
</ObjectClasses>
<ObjectFeatures>
<ObjectFeature name='find'/>
</ObjectFeatures>
<ObjectAttributes idAttr='distinguishedName' displayNameAttr='dc' objectClassAttr='objectclass'>
<ObjectAttribute name='dc' type='string'/>
</ObjectAttributes>
</ObjectType>
<ObjectType name='Organization' nameKey='UI_RESOURCE_OBJECT_TYPE_ORGANIZATION' icon='folder_with_org' container='true'>
<ObjectClasses operator='AND'>
<ObjectClass name='organization'/>
</ObjectClasses>
<ObjectFeatures>
<ObjectFeature name='create'/>
<ObjectFeature name='delete'/>
<ObjectFeature name='rename'/>
<ObjectFeature name='saveas'/>
<ObjectFeature name='find'/>
</ObjectFeatures>
<ObjectAttributes idAttr='dn' displayNameAttr='o' objectClassAttr='objectclass'>
<ObjectAttribute name='o' type='string'/>
</ObjectAttributes>
</ObjectType>
<ObjectType name='Organizational Unit' nameKey='UI_RESOURCE_OBJECT_TYPE_ORGANIZATIONALUNIT' icon='folder_with_orgunit' container='true'>
<ObjectClasses operator='AND'>
<ObjectClass name='organizationalUnit'/>
</ObjectClasses>
<ObjectFeatures>
<ObjectFeature name='create'/>
<ObjectFeature name='delete'/>
<ObjectFeature name='rename'/>
<ObjectFeature name='saveas'/>
<ObjectFeature name='find'/>
</ObjectFeatures>
<ObjectAttributes idAttr='dn' displayNameAttr='ou' objectClassAttr='objectclass'>
<ObjectAttribute name='ou' type='string'/>
</ObjectAttributes>
</ObjectType>
</ObjectTypes>
<LoginConfigEntry name='com.waveset.security.authn.WSResourceLoginModule' type='LDAP' displayName='com.waveset.adapter.RAMessages:RES_LOGIN_MOD_LDAP'>
<AuthnProperties>
<AuthnProperty name='ldap_uid' displayName='com.waveset.adapter.RAMessages:UI_USERID_LABEL' isId='true' formFieldType='text' dataSource='user'/>
<AuthnProperty name='ldap_password' displayName='com.waveset.adapter.RAMessages:UI_PWD_LABEL' formFieldType='password' dataSource='user'/>
</AuthnProperties>
<SupportedApplications>
<SupportedApplication name='Administrator Interface'/>
<SupportedApplication name='User Interface'/>
</SupportedApplications>
</LoginConfigEntry>
<ResourceUserForm>
<ObjectRef type='UserForm' id='#ID#LDAP User Form'/>
</ResourceUserForm>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</resource>few questions....are you getting any errors on the ldap side? object class errors perhaps?
what app server are you using and what version of java?
--Dana Reed -
This is the landscape :-
Web Application / Portal at Oracle Web Center Suite (WCS).
SAP BO 4.0
Authentication using Custom LDAP & SSO with Trusted Authentication.
Used OpenLDAP for authentication via RadiantOne VDS as the proxy.
Activities :
Authenticate the BO users with OpenLDAP via RadiantOne.
Synchronize the BO user group from OpenLDAP via RadiantOne.
Used openDocument.jsp to open WEBI reports.
Problems :
We configure the LDAP as Custom. Attributes mapping as default.
When BOE trying to connect the RadiantOne VDS & create user u201Cuser01u201D which already exists in the OpenLDAP server. It throws the exception :
"An internal error has occurred in the secLdap plugin.u201D
When trying to create user that does not exist in LDAP. It throws the exception :
u201CThe secLdap plugin failed to get the dn for the user notuser.u201D
Please advise us how to resolved this internal error if we want to SSO with custom LDAP !!
Thanks & regards,
Herries EHi,
Herrie, Roland is correct, OpenLDAP is not supported and you can run into problems if you want to escalate issues in the future. The customer must have that into account.
However, LDAP is pretty standard and usually you just need to make sure that the attribute mappings is correct.
Are users correctly created when you map an LDAP group?
Are you able to manually authenticate using LDAP? You can use the CMC page and select authentication LDAP
When you have confirmed that LDAP manual authentication is working, you can set up Trusted Authentication. Check first that the system is working just using QUERY_STRING:
https://service.sap.com/sap/support/notes/1593628
When trusted auth is confirmed to work, you can configure the parameters that Radiant users to pass the user: cookies, web session, etc.
Regards,
Julian -
Group Policy - Workstation Group
Hello,
I am trying to apply a windows group policy using a workstation policy package and associating it with a workstation group.
When I go log in to a workstation that is a member of the workstation group after the policy has been setup and go into gpedit.msc, the setting is not changed.
If I setup a user policy with the user I'm logging in as, the user settings work correctly.
Just as a test, I am going and enabling QOS Limit Reserve Bandwith and setting it to 0%. I have the policy running at user login applying only computer configurations and I have loopback support enabled in replace mode. persistent settings are NOT enabled.
Any suggestions? Thanks for any helpThere are numerous reasons why a Zen managed Group Policy not will apply,
associated via group or not.
Also see my other replies.
Things to check regarding a "Workstation Policy Package" associated GPO
(that only contains "Computer Configuration" settings):
1. Workstation Object must have [RF] to the files on the server.
2. "Network location of existing/new Group Polies" path (in C1) must be UNC.
3. Schedule = "System Startup".
4. The "Computer Configuration" check box must be enabled (in C1).
5. GPT.INI on the server must not be Read-only.
See:
"Error: 5 when copying the policy file to workstation"
http://support.novell.com/docs/Tids/.../10075231.html
6. A Zen distributed GPT.INI should not have any "Options" set, only:
[General]
gPCMachineExtensionNames=
(if the GPO only contains "Computer Configuration" settings).
See:
"Computer Settings in Group Policy do not apply correctly"
http://www.novell.com/support/viewCo...6914&sliceId=1
7. GPT.INI must have the correct CSEs.
See:
http://technet.microsoft.com/en-us/l.../cc779745.aspx
http://support.microsoft.com/kb/216357
http://support.microsoft.com/kb/271135 (particularly the "Group Policy
Components" part).
Regards
Rolf Lidvall
Swedish Radio (Ltd)
Maybe you are looking for
-
I have the iPhone 4S and I cannot get my apps to download. I will click free then install and then it will ask for my password. Once I enter my password correctly it will verify my password an then it won't do anything. what should I do?
-
Something is up with brsuh on cs5 photoshop for me.
Hi everyone. I have a little problem with brushes on cs5 photoshop... The problem is that if brush is big I can't see half of the brush, but if it's small like 50px I can see it all. Maybe someone knows how to fix this problem so I could see the brus
-
Does iPhoto 08 still have the backup files hidden in the Library, etc. I read once that an earlier version would copy an 'original' file to a backup directory so that you can always revert to an original file if you don't want to adjust your changes.
-
Authorization Object for Classification
Dear all Is there any Authorization Object for Classification? Regards Sandeep
-
Hello, My question is how to configure JMS as a Business Service in OSB? Here is scenario I've made: 1) Created JMS Server Name: MyJMSServer Persistent Store: None Target: xbusServer because I'm using WLS provided with OSB 2) Created JMS Module Name: