External Authentication with LDAP

Has anyone integrated external authentication of Essbase with LDAP? I've searched discussion groups, websites with no luck, and of course, Essbase documentation doesn't help either. Any additional documentation will help.Thanks in advance!

Thanks for the info. Is this sample code part of the default implementation that comes installed with the product (essldap.dll)? Or is this something completely different.Also, has anyone done anything similar in visual basic? We have a shortage of v c++ skills around here.Thanks again!

Similar Messages

  • RSA authentication with LDAP group mapping

    Greetings,
    I'm trying to set up RSA authentication with LDAP group mapping with ACS Release 4.2(1) Build 15 Patch 3.
    The problem I'm having is that my users are in multiple OU's on our AD tree.  When I only put our base DN in for User Directory Subtree on ACS, it fails with a "External DB reports about an error condition" error.  If I add an OU in front of it, then it will work fine.
    As far as I know, you can only use one LDAP configuration with RSA.
    Any thoughts on this?

    @Tarik
    I believe your suggestion is the only way i'm going to get this to work. I ran across a similar method just this week that I have been working on.
    I was hoping for dynamic mapping with the original method, but I haven't found any way to make it happen.  I have resorted to creating a Radius profile on the RSA appliance for each access group I need.  Using the Class attribute, I then pass the desired Group name to the ACS, i.e. OU=Admins, and that seems to work.
    Thankfully, I have a small group of users that I am attempting to map.  I will only map those who need elevated priviliges to narrow down how many profiles I will have to manually create.  Likewise, our Account Admin will have to determine who gets assigned a particular access group.
    I would still prefer to do this dynamically.
    Scott

  • Shared Services External Authentication using LDAP in 9.3.1

    Hi,
    I have installed Hyperion Shared Services with native directory. And now planning to setup external authentication using LDAP. I need some guidance to understanding how the external authentication works.
    Questions:
    1. Is it possible to setup Shared Services to use both Native and LDAP user directory? What I mean is some users will be able to login using Native directory, and some others will need to login using User Directory (external authentication).
    2. For User Directory (say we use LDAP), when the user is added into Shared Services, can they be assigned with Groups created in Native directory? We want to explore to use just the external authentication and define all of the groups within shared services.
    If not possible, can we manage the Groups of the User directory using shared services? How is the groups work with external authentication?
    Any feedback would be much appreciated.
    Thanks,
    Lian

    Hi,
    Yes you can use both Native and external authentication. When you add the external provider the native is left by defaut anyway.
    Yes you can add your external users to native groups. You can also provision the groups in the AD if you wish.
    Gee

  • Error in authentication with ldap server with certificate

    Hi,
    i have a problem in authentication with ldap server with certificate.
    here i am using java API to authenticate.
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
    I issued the new certificate which is having the up to 5 years valid time.
    is java will authenticate up to one year only?
    Can any body help on this issue...
    Regards
    Ranga

    sorry i am gettting ythe same error
    javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
    here when i am using the old certificate and changing the system date means i can get the authentication.
    can you tell where we can concentrate and solve the issue..
    where is the issue
    1. need to check with the ldap server only
    2. problem in java code only.
    thanks in advance

  • External authentication with OID

    I know that OID 10g is capable of performing external authentication against AD, Sun OneDirectory, Novell eDirectory and openLDAP, but what about something else like Oracle Virtual Directory?
    As I understand, there is an out of the box script that will create and external authentication plugin that calls a few procedures from the auth_external package. The auth_external package also an out-of-the-box package with a few procedures (authenticate_user and change_passwd) I've seen so far. I haven't looked in the ODS schema, but I'm assuming this auth_external package is wrapped and not generally viewable.
    Anyone out there have any ideas, how this auth_external package works, or better yet... does anyone know if the out-of-the-box solution for external authentication will work with any LDAP directory (in this case a virtual one)?
    Thanks.

    Can someone from Oracle please comment on this? is "AUTH_EXTERNAL" package "out of box" or do we have to write it?
    I am following instructions from
    http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14082/plugin_cust_ext_auth.htm
    LINE/COL ERROR
    143/9 PL/SQL: Statement ignored
    143/19 PLS-00201: identifier 'AUTH_EXTERNAL.AUTHENTICATE_USER' must be
    declared
    241/11 PL/SQL: Statement ignored
    241/11 PLS-00201: identifier 'AUTH_EXTERNAL.CHANGE_PASSWD' must be
    declared
    251/11 PL/SQL: Statement ignored
    251/11 PLS-00201: identifier 'AUTH_EXTERNAL.RESET_PASSWD' must be
    declared
    LINE/COL ERROR
    -------- -----------------------------------------------------------------

  • External Authentication with Server 2008 R2

    Has anyone had success configuring External Authentication on Windows Server 2008 R2? We are using Hyperion Enterprise 6.5.1.
    Thank you.

    Was there ever an answer on this, having problems with setup using same versions

  • External Authentication with Java Card through HSM

    Hi All,
    How to do External Authentication process in Javacard through HSM (Hardware Security Module). Does any HSM supports this?
    My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.
    Does anyone have the idea on this. Because i should not expose the Card KMC to outside world.

    Hi,
    Megaa1207 wrote:
    My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.If you cannot create a functional module for your HSM to perform external authenticate, you can use the PKCS11 libraries (cryptoki) to perform the primitive operations to generate your KDC's and to use them for generating session keys and cryptograms. All the sensitive data will be able to stay secured inside the HSM. You would perform the cryptographic operations on the derivation data and store the result as a key object inside the HSM. There is quite a lot of documentation on the PKCS11 operations on the RSA web site.
    Cheers,
    Shane

  • External authentication with 9.0.1.0.0

    I cannot get external authentication to work over Oracle Net
    with 9i …
    e.g.,
    sqlplus /@s2b …
    ERROR:
    ORA-01004: default username feature not supported; logon denied
    [Cause: An attempt was made to use automatic logon on a system
    not supporting this feature.
    Action: Provide the complete username and password to log on to
    Oracle.
    <http://download-
    east.oracle.com/otndoc/oracle9i/901_doc/network.901/a90150.pdf>
    advanced security guide
    This error indicates that the connection was not over SSL. Look
    at the tnmsnames.ora file to verify the protocol value of the
    net service name that youi are using. The value must be TCPS and
    not TCP.]
    The error messages imply that I have Advanced Security turned
    on, but I do not. .. it's not even part of the installation.
    sqlplus username/passwd@s2 does work
    as does
    sqlplus / [using ORACLE_SID]
    REMOTE_OS_AUTHENT is set to TRUE in the init<SID>.ora file.
    Does anyone know if this feature has been decremented in 9i? It
    definitely does work on our 8.1.7 installations.
    Thanks,
    Dick Wieland

    Yes, I have done that (i.e., edited the initSID.ora file and
    done a shutdown then startup). I can use external authentication
    when I bypass the tnsnames.ora file by going in directly with
    the ORACLE_SID parameter.
    Dick

  • ASA Remote Access Authentication with LDAP Server

    Thank you in advance for your help.
    I am configuring an ASA to authenticate with a ldap server for ipsec vpn access.  My customer has 3 networks that are to be accessed by remote users.  However they want to be able to say that one user can get to 2 of the networks and not the 3rd.  So basically they want control over what network behind the firewall each user can access.  This seems doable from my reading and I had planned to creating a group for each network that needs accessible and either do attribute maps to each group with a separate group created on the ldap server for authentication.  Basically a ldap group on the ldap server that will have the users name in the group in order for access.  I can restrict access via acl's or filtering to force my group to only be allowed access to a specific network.  Here is the problem I am having now.
    The ldap server has been created and seems to be working fine.  I have created my AAA groups and servers and I have done the ldap test with a test user vpntest and a password on the ldap server.  When I run the authentication test from the ADSM or command line I get a good authentication successful message.  So I configured a vpn client remotely and attempted to authenticate to this group and it says there is no user by that name.  Below is a paste of the debug.  The second part is when I did a successful test from the ASDM or CLI and it worked great.  The first part is when I attempted from the vpn client.  It all looks the same from the search criteria.  What am I missing here or does anyone more knowledgeable see anything that I am doing wrong.  Can this be done this way or should I try radius.  The customer was just adament about using ldap.
    extvpnasa5510#
    [243] Session Start
    [243] New request Session, context 0xd5713fe0, reqType = 1
    [243] Fiber started
    [243] Creating LDAP context with uri=ldaps://130.18.22.44:636
    [243] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
    [243] supportedLDAPVersion: value = 2
    [243] supportedLDAPVersion: value = 3
    [243] No Login DN configured for server 130.18.22.44
    [243] Binding as administrator
    [243] Performing Simple authentication for  to 130.18.22.44
    [243] LDAP Search:
            Base DN = [ou=employees,o=msues]
            Filter  = [uid=vpntest]
            Scope   = [SUBTREE]
    [243] User DN = [uid=vpntest,ou=employees,o=msues]
    [243] Talking to iPlanet server 130.18.22.44
    [243] No results returned for iPlanet global password policy
    [243] Fiber exit Tx=386 bytes Rx=414 bytes, status=-1
    [243] Session End
    extvpnasa5510#
    [244] Session Start
    [244] New request Session, context 0xd5713fe0, reqType = 1
    [244] Fiber started
    [244] Creating LDAP context with uri=ldaps://130.18.22.44:636
    [244] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
    [244] supportedLDAPVersion: value = 2
    [244] supportedLDAPVersion: value = 3
    [244] No Login DN configured for server 130.18.22.44
    [244] Binding as administrator
    [244] Performing Simple authentication for  to 130.18.22.44
    [244] LDAP Search:
            Base DN = [ou=employees,o=msues]
            Filter  = [uid=vpntest]
            Scope   = [SUBTREE]
    [244] User DN = [uid=vpntest,ou=employees,o=msues]
    [244] Talking to iPlanet server 130.18.22.44
    [244] Binding as user
    [244] Performing Simple authentication for vpntest to 130.18.22.44
    [244] Processing LDAP response for user vpntest
    [244] Authentication successful for vpntest to 130.18.22.44
    [244] Retrieved User Attributes:
    [244]   sn: value = test user
    [244]   givenName: value = vpn
    [244]   uid: value = vpntest
    [244]   cn: value = vpn test user
    [244]   objectClass: value = top
    [244]   objectClass: value = person
    [244]   objectClass: value = organizationalPerson
    [244]   objectClass: value = inetOrgPerson
    [244] Fiber exit Tx=284 bytes Rx=414 bytes, status=1
    [244] Session End

    Hi Larry,
    You can map AD group memberships to specific group policies on the ASA, you can find that configuration here:
    - http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html
    Let me know if further assistance is required!
    Please proceed to rate and mark as correct the helpful Post!
    David Castro,
    Regards,

  • Authenticating with LDAP

    I am setting up a Solaris computer to authenticate with a LDAP DS on Red Hat (RHDS7.1). I have gotten to the point where I can type getent passwd and get the list of users, but I can't log into them. I got a bunch of information below. If you need more information, just ask
    # getent passwd
    sdoo:x:1700:500:sdoo:/home/sdoo:/bin/bash
    test9991:x:9991:102:test9991:/var/tmp:/bin/sh
    root:x:0:0:Super-User:/:/sbin/sh
    daemon:x:1:1::/:
    bin:x:2:2::/usr/bin:
    sys:x:3:3::/:
    adm:x:4:4:Admin:/var/adm:
    lp:x:71:8:Line Printer Admin:/usr/spool/lp:
    uucp:x:5:5:uucp Admin:/usr/lib/uucp:
    nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
    smmsp:x:25:25:SendMail Message Submission Program:/:
    listen:x:37:4:Network Admin:/usr/net/nls:
    gdm:x:50:50:GDM Reserved UID:/:
    webservd:x:80:80:WebServer Reserved UID:/:
    nobody:x:60001:60001:NFS Anonymous Access User:/:
    noaccess:x:60002:60002:No Access User:/:
    nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
    # getent passwd sdoo
    sdoo:x:1700:500:sdoo:/home/sdoo:/bin/bash
    # su sdoo
    bash-3.00$ su sdoo
    Password:
    su: Sorry
    bash-3.00$ cat /etc/pam.conf
    #ident "@(#)pam.conf 1.28 04/04/21 SMI"
    # Copyright 2004 Sun Microsystems, Inc. All rights reserved.
    # Use is subject to license terms.
    # PAM configuration
    # Unless explicitly defined, all services use the modules
    # defined in the "other" section.
    # Modules are defined with relative pathnames, i.e., they are
    # relative to /usr/lib/security/$ISA. Absolute path names, as
    # present in this file in previous releases are still acceptable.
    # Authentication management
    # login service (explicit because of pam_dial_auth)
    login auth requisite pam_authtok_get.so.1
    login auth required pam_dhkeys.so.1
    login auth required pam_unix_cred.so.1
    login auth required pam_unix_auth.so.1
    login auth required pam_dial_auth.so.1
    # rlogin service (explicit because of pam_rhost_auth)
    rlogin auth sufficient pam_rhosts_auth.so.1
    rlogin auth requisite pam_authtok_get.so.1
    rlogin auth required pam_dhkeys.so.1
    rlogin auth required pam_unix_cred.so.1
    rlogin auth required pam_unix_auth.so.1
    # Kerberized rlogin service
    krlogin auth required pam_unix_cred.so.1
    krlogin auth binding pam_krb5.so.1
    krlogin auth required pam_unix_auth.so.1
    # rsh service (explicit because of pam_rhost_auth,
    # and pam_unix_auth for meaningful pam_setcred)
    rsh auth sufficient pam_rhosts_auth.so.1
    rsh auth required pam_unix_cred.so.1
    # Kerberized rsh service
    krsh auth required pam_unix_cred.so.1
    krsh auth binding pam_krb5.so.1
    krsh auth required pam_unix_auth.so.1
    # Kerberized telnet service
    ktelnet auth required pam_unix_cred.so.1
    ktelnet auth binding pam_krb5.so.1
    ktelnet auth required pam_unix_auth.so.1
    # PPP service (explicit because of pam_dial_auth)
    ppp auth requisite pam_authtok_get.so.1
    ppp auth required pam_dhkeys.so.1
    ppp auth required pam_unix_cred.so.1
    ppp auth required pam_unix_auth.so.1
    ppp auth required pam_dial_auth.so.1
    # Default definitions for Authentication management
    # Used when service name is not explicitly mentioned for authentication
    other auth sufficient pam_ldap.so.1
    other auth requisite pam_authtok_get.so.1
    other auth required pam_dhkeys.so.1
    other auth required pam_unix_cred.so.1
    other auth required pam_unix_auth.so.1
    # passwd command (explicit because of a different authentication module)
    passwd auth required pam_passwd_auth.so.1
    # cron service (explicit because of non-usage of pam_roles.so.1)
    cron account required pam_unix_account.so.1
    # Default definition for Account management
    # Used when service name is not explicitly mentioned for account management
    #other account sufficient pam_ldap.so.1
    other account requisite pam_roles.so.1
    other account required pam_unix_account.so.1
    # Default definition for Session management
    # Used when service name is not explicitly mentioned for session management
    other session required pam_unix_session.so.1
    # Default definition for Password management
    # Used when service name is not explicitly mentioned for password management
    other password required pam_dhkeys.so.1
    other password requisite pam_authtok_get.so.1
    other password requisite pam_authtok_check.so.1
    other password required pam_authtok_store.so.1
    # Support for Kerberos V5 authentication and example configurations can
    # be found in the pam_krb5(5) man page under the "EXAMPLES" section.
    bash-3.00$ cat /etc/nsswitch.conf
    # /etc/nsswitch.files:
    # An example file that could be copied over to /etc/nsswitch.conf; it
    # does not use any naming service.
    # "hosts:" and "services:" in this file are used only if the
    # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
    passwd: ldap files
    group: ldap files
    shadow: ldap files
    hosts: files
    ipnodes: files
    networks: files
    protocols: files
    rpc: files
    ethers: files
    netmasks: files
    bootparams: files
    publickey: files
    # At present there isn't a 'files' backend for netgroup; the system will
    # figure it out pretty quickly, and won't use netgroups at all.
    netgroup: ldap files
    automount: files
    aliases: files
    services: files
    printers: user files
    auth_attr: files
    prof_attr: files
    project: files
    bash-3.00$
    bash-3.00$
    bash-3.00$
    ============I extracted these users from the LDAP server to show the parameters
    # entry-id: 103
    dn: uid=sdoo,ou=People, dc=rocaf,dc=aads
    modifyTimestamp: 20070725171346Z
    modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
    t
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetorgperson
    objectClass: posixAccount
    objectClass: shadowaccount
    objectClass: account
    gecos: sdoo
    gidNumber: 500
    givenName: scooby
    sn: doo
    loginShell: /bin/bash
    uidNumber: 1700
    uid: sdoo
    cn: scooby doo
    homeDirectory: /home/sdoo
    userPassword: {SSHA}JMrO4wSMo2l2JKLQyhiaaYSfiJ6WIPy6QKn+uQ==
    creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
    createTimestamp: 20070725155427Z
    nsUniqueId: 39fc2101-1dd211b2-80e7c451-f2770000
    # entry-id: 81
    dn: cn=proxyagent,ou=profile,dc=rocaf,dc=aads
    cn: proxyagent
    sn: proxyagent
    objectClass: top
    objectClass: person
    userPassword: {SSHA}vAaM167uHBY9671CwK5Tgs4ijjI74HtwPvzv1Q==
    creatorsName: cn=directory manager
    modifiersName: cn=directory manager
    createTimestamp: 20070717125656Z
    modifyTimestamp: 20070717125656Z
    nsUniqueId: 2e747e93-1dd211b2-8087c451-f2770000
    # entry-id: 92
    dn: cn=default, ou=profile, dc=rocaf, dc=aads
    modifyTimestamp: 20070725163437Z
    modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
    t
    objectClass: top
    objectClass: DUAConfigProfile
    profileTTL: 43200
    bindTimeLimit: 10
    credentialLevel: proxy
    searchTimeLimit: 30
    defaultSearchScope: one
    defaultSearchBase: dc=rocaf,dc=aads
    cn: default
    authenticationMethod: tls:simple
    defaultServerList: 172.20.12.61
    creatorsName: cn=directory manager
    createTimestamp: 20070723174648Z
    nsUniqueId: 9f73d482-1dd111b2-8067c451-f2770000

    Which type of authentican method are you using? None, Simple or SASL? I had a lot of problems, similar to yours, where I was able to "READ" the LDAP DB but unable to authenticate (telnet, ssh etc). The solution was to put the client to use SIMPLE as authentication method.

  • Trouble With External Authentication!

    Hello all!
    I have been trying to experiment with external authentication with PHP using the samples provided with the LCCS SDK Navigator.
    I have changed the "index.php" page to include all my account info. and have double checked it!  However, when I upload it to my server, I keep getting the following error(s) whenever I click the submit button on the form:
    Warning: fopen() [function.fopen]: URL file-access is disabled in the server configuration in /home/tueslcom/public_html/LoginTest2/lccs.php on line 690
    Warning: fopen(https://collaboration.adobelivecycle.com/myusername?mode=xml&accountonly=true&) [function.fopen]: failed to open stream: no suitable wrapper could be found in/home/tueslcom/public_html/LoginTest2/lccs.php on line 690
    Fatal error: Uncaught exception 'RTCError' with message 'connection-failed' in /home/tueslcom/public_html/LoginTest2/lccs.php:695 Stack trace: #0 /home/tueslcom/public_html/LoginTest2/lccs.php(587): RTC::http_get('https://collabo...', Array) #1 /home/tueslcom/public_html/LoginTest2/lccs.php(254): RTCAccount->do_initialize() #2 /home/tueslcom/public_html/LoginTest2/index.php(33): RTCAccount->__construct('https://collabo...') #3 {main} thrown in /home/tueslcom/public_html/LoginTest2/lccs.php on line 695
    I have a bit of experience with PHP, however, going through lccs.php and trying to reverse engineer everything to find out what`s going on is a little beyond my skill level!  Any idea what might be happening/missing here?  This seems like it should be a no-brainer!
    Thanks in advance for any help anyone can give.
    Matt

    Raff,
    Thanks for your quick reply!
    I called phpinfo() and it appears that OpenSSL is working:
    OpenSSL Support - enabled
    OpenSSL Support - OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    Is SSL needed for encrypted communications between the browser and the LCCS server?  When it comes to ports, security, and all the headaches that go with it, I am pretty much a NOOB (by choice)!
    Also, the forum search doesn`t seem to be working (at least it`s not returning anything for me).  Any hints as to what other modules are needed?
    btw - Is it "http://connectnow.acrobat.com" or "https://collaboration.adobelivecycle.com"?
    And it seems that "lccs.php" had been renamed from "afcs.php" along with "RTCAccount", which used to be "AFCSAccount".  The code examples have not been updated to reflect this, and although I fixed this in some of the code, could there still be problems inside "lccs.php"?
    Thanks again,
    Matt

  • External Authentication failed with new key

    I have a card using SCP 01 05. There is 1 keyset(3 keys) with version 01. I have added a new keyset(3 keys as well) with version 02.
    I run external authentication with keyset version 01 and it passed. I run external authentication with keyset version 02 immediately but it returned 6982. This mean "Security status not satisfied". Why can't I do authentication with other key?

    Read the INITIAL UPDATE command !!!! What is the P1/P2 ? If you inform it to use the keyset 1, then you can't possibly think that calculating with the keyset 2 will work ?
    The response data contains a bunch of information, including the keyset used to create the card cryptogram. That is the required key for calculating the off-card cryptogram. You would have seen this if you were calculating the card cryptogram properly because you would have been using the wrong key and the cryptograms wouldn't have matched.
    So, Why can't I do authentication with other key? Because you have to INITIALIZE UPDATE with that other key.

  • Authentication ACS LDAP PEAP ?

    Hello
    Could you tell me if its possible to do 802.1X authentication with LDAP server using PEAP MS-CHAP v2 (Machine autentication) ?
    in fact, with Windows external database, its work fine.
    We use only machine authentication with vlan assignement over PEAP.
    Another think, we wan't to use Mac authentication Bypass for printers or other laptop... but we wonder if it could be work with an external Windows database or LDAP ?
    Thanks for your help

    No this isnt possible as LDAP servers do not support MSCHAP v1 or v2.
    You'd need something that can carry a plain text password inside the EAP tunnel - like EAP-GTC

  • Hyperion Hub external authentication issue

    I have Hyperion Hub installed in an Active Directory domain - the users still live in a NT4 domain (we are in the midst of a migration). I have set up trusts between the two domains. We have been utilizing external authentication with Hyperion Reports in this environment for several months. With Hyperion Hub I have setup two authentication providers one for active directory(NTLM) and one for NT4 (NTLM). When adding users in the Hyperion Configuration Console using the provider for NT4, I am only able to pull up users in the "Available Users" list if I have a '*' in the search box. If I try to perform a query of a subset of users (ie. 'g*') it returns nothing. The provider for Active Directory works correctly. Also, with both of the providers I am unable to pull up a full list of available users - even when setting the "Maximum Size" to a large number. Has anyone else come across this???<BR><BR><BR>Greg

    I would suggest you set autoLogin="false" on rtc:ConnectSessionContainer and call cSession.login() when you are ready (you got the token and have everything set up).
    I suspect the automatic login is getting executed before the AdobeHSAuthenticator has been correctly setup.

  • NAC integration with LDAP

    Is possible this integration?. The idea is that the agent will do authentication with LDAP directly

    Hi Anoop,
    To adapt an SAP Workflow, you can create a configuration. In this configuration you can redefine values for steps of the workflow definition. These values are evaluated at runtime instead of the values originally defined.
    You can configure the following step types:
    Activity
    User decision
    Document from template
    Wait
    Moreover,Features
    You can set the following data individually in the step definition of the configurable step types:
    1)Responsible agents
    2)Excluded agents
    3)Message recipient for completion
    4)Priority
    5)Requested start
    6)Indicator denoting whether the step is included in the    workflow log
    7)Activation of a latest end, a latest start, or a requested end with the reaction Send mail
    This URL privides info about various workflow codes http://help.sap.com/erp2005_ehp_02/helpdata/en/9b/572614f6ca11d1952e0000e82dec10/content.htm
    Regds,
    Krutarth
    ·        Reference date/time for latest end, latest start, and requested end
    ·        Message recipient for missed deadline
    ·        Information about the work item display

Maybe you are looking for