External LDAP DN change, refixing "resourceinfo accountId"?

Similar Messages

• Server App not seeing external LDAP users & groups

  I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
  When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
  I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
  Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
  This is all so much more opaque than our superbly reliable Snow Leopard servers!
  TIA

  Ok, and again:
  You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
  Connect the third party ldap to your server
  Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
  When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
  Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
  To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
  Feel lucky
  And there ist ist; now you are able to use The accounts taken from an external LDAP.

• Address Lookup in External LDAP

  I did changes in my $OH/j2ee/OC4J_UM/config/oc4j.properties file in order to Lookup in a external LDAP:
  toolkit.ldap.dir.1.label=Contacts
  toolkit.ldap.dir.1.url=ldap://OtherLinuxHost.mydomain.com:389
  toolkit.ldap.dir.1.searchbase=ou=Contacts,dc=mydomain,dc=com
  toolkit.ldap.dir.1.filter=objectClass=inetOrgPerson
  toolkit.ldap.dir.1.attribute.mail=mail
  toolkit.ldap.dir.1.attribute.lname=sn
  toolkit.ldap.dir.1.attribute.fname=givenName
  toolkit.ldap.dir.1.attribute.alias=uid
  In my Collaboration Suite - Messages when I am creating
  New Message, click in Blue Torch,
  Select from list the "Contactss" directory
  Select "Email Address" "contains" * => Go
  UM shows the contacts from the External Ldap, but when I try to bcc, or cc or to, it is not updating my destination fileds (bcc/ cc/ to). But if instead of select the List "Contacts" I select the Internal Directory (OID) it works fine?
  Which argument I miss ? or how I configure UM for export the email address from the AddrLookup Window to the Message_compose Window in the destination fields (bcc or cc or to) ?
  Thanks alot for any help.

  It is happening to us as well, we have OCS release 2 9.0.4.2 on Linux trying to access an external OpenLDAP linux server for shared contacts.
  After we get the results of the search on the external LDAP, no button works on the Address Lookup window except "Close". It doesn't matter is we select the "Corporate Book" or other Oracle internal address books; we have to close the window and open it again to do a new search.
  Are you seeing the same behavior?
  I will have a phone conference today (5/11/05) with Oracle support to talk about this issue, we have had a TAR open for about 20 days now.
  I'll keep you posted with the results.

• Error while configuring external LDAP user store with weblogic

  Hi,
  I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
  To do this, I have configured authentication provider and provided all the required details to connect to ldap.
  For example:
  Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
  User DN: ou=People,dc=test,dc=com
  Group DN: ou=Groups,dc=test,dc=com
  This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
  In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
  password=xxxxxxx
  username=admin
  Now while starting the admin weblogic server, I am getting the below error:
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
  Regards,
  Neeraj Tati.

  Hi,
  Please refer the below content that I found for Oracle 11g in the docs.
  "If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
  By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
  The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
  If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
  Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
  The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
  When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
  Here not sure what to do.
  Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
  Regards,
  Neeraj Tati.

• Does WLS 8.1 support external ldap in read-only or full read/write?

  In previous releases (e.g. 5.1, 6.1), WLS doesn't provide support for update operations such as creating users and groups when configured to use an external LDAP.
  Has this changed in 8.1? In other words, does WLS 8.1 provide support for update operations?
  Thanks.
  Regards,
  Alan Dupuis

  Hello ,
  Like earlier releases, WLS 8.1 too provides read-only access to External LDAP user database.
  Kuldeep Singh.

• External LDAP user only has search priviledge in UCM

  After I have configed external LDAP successfully in weblogic console, I can see all user from external LDAP. And external LDAP user can login UCM successfully, but these users only has search priviledge. I want external LDAP user has Admin priviledge as weblogic(Default in embed LDAP). How to solve it. Any help will be appreciated greatly! Otherwise, I refer to Oracle's ducument,
  51.1.14 LDAP Users Not Receiving Some Administrator Privileges
  UCM inspects for the group "Administrators" on each user's login to grant UCM roles. If a user should have access to the UCM admin server, the UCM server requires that the user be a member in a group named "Administrators."
  How to add external LDAP user to the group of Administrators.

  Hi ,
  You can use Credential Maps to be achieve the requirement:
  Steps for the same are :
  1. Login to UCM - Administration - Credential Maps .
  2. Create the map name and the following mapping :
  <ldap role> , admin
  3. Save the changes
  4. Navigate to <domain_home>/ucm/cs/data/providers/jpsuserprovider/provider.hda
  add the following variable there :
  ProviderCredentialsMap=<map name created in step 2>
  5. Save the changes and restart ucm server .
  After that login with the user who has the ldap role that is mapped in stpe 2 , this user will have the ucm admin role .
  Hope this helps .
  Thanks
  Srinath

• Can I map iwtUser-role to an attribute in external LDAP???

  Hi,
       I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

  Block off the default role if you don't want anyone going into that role but only
  the ones defined. You can do this by setting the filter to a value that will return
  nothing. (example, title=nonexistant), since the search filter will not return
  results, no one will be placed in that role (otherwise have to manually go into that
  role and 'move' users).
  Hope this helps,
  Manon
  Siva kancheti wrote:
  Hi,
  I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

• External display resolution changes after returning from display sleep

  I often use an external display as a second screen with my Macbook Pro (OS X 10.8.2)  However, when I return to the computer after the display has gone to sleep, the external display resolution changes when the display reappears.  Then I have to go into System Preferences > Display and "Detect Displays" in order to return the external display to the proper resolution.
  Does anybody know of a way for me to avoid having to do this every time my display sleeps?
  Thank you,
  Adam

  I have the exact same problem.
  I found the key combination ⌘ alt F2 also restores the proper resolution on both displays, however it's still a bit annoying

• How to access an External LDAP on a weblogic server using OPSS APIs.

  Hi,
  Can anyone let me know how I can access an External LDAP configured on a weblogic server using OPSS APIs( or alternative APIs).
  I'm currently using the below snippet and I'm getting only the Users and groups from the DefaultAutheticator on the weblogic server and not the external LDAP Server.
  I've verified the providers, users and groups on the weblogic server console and can see that external LDAP server content is being picked, but my below code does not query them.
  import oracle.security.idm.IMException;
  import oracle.security.idm.IdentityStore;
  import oracle.security.idm.Role;
  import oracle.security.jps.JpsContext;
  import oracle.security.jps.JpsContextFactory;
  import oracle.security.jps.JpsException;
  import oracle.security.jps.service.idstore.IdentityStoreService;
  List<Role> rowData = null;
  JpsContextFactory ctxf = JpsContextFactory.getContextFactory();
  JpsContext ctx = ctxf.getContext();
  IdentityStoreService storeService = ctx.getServiceInstance(IdentityStoreService.class);
  IdentityStore idStore = storeService.getIdmStore();
  rowData = this.getRoles(idStore, "*");
  Any help or pointers are highly appreciated.
  Thanks,
  Bhasker

  Can anyone please provide any suggestions. I trying to google around but still not able to find any solution.
  Thanks,
  Bhasker

• External Hard Drives Changing Permissions to Read Only

  Three of my USB external hard drives have suddenly changed to read only. One of the times I was trying to transfer/back-up the files from one drive that had changed to read only to another external. Suddenly the second drive changed permissions. Then after plugging a third external, that drive changed permissions. They all were working perfectly fine with my computer and I have only been using them on MACS. Any explanations? Could there be something wrong with my USB ports? Is it possible to have a virus of some sort?
  Thank you!

  In disk utility I had a look. I cannot verify or set permission (greyed out). The data coming back from info. How can I change this??
  Name : FUJITSU MHZ2320BH G1 Media
  Type : Disk
  Partition Map Scheme : Master Boot Record
  Disk Identifier : disk2
  Media Name : FUJITSU MHZ2320BH G1 Media
  Media Type : Generic
  Connection Bus : USB
  USB Serial Number : 560A48A291F9
  Device Tree : /PCI0/EHC1@1D,7/@3:0
  Writable : Yes
  Ejectable : Yes
  Mac OS 9 Drivers Installed : No
  Location : External
  Total Capacity : 298,1 GB (320.072.933.376 Bytes)
  S.M.A.R.T. Status : Not Supported
  Disk Number : 2
  Partition Number : 0
  Name : NieuwVolume
  Type : Volume
  Disk Identifier : disk2s1
  Mount Point : /Volumes/NieuwVolume
  File System : Windows NT File System (NTFS)
  Connection Bus : USB
  Device Tree : /PCI0/EHC1@1D,7/@3:1
  Writable : No
  Universal Unique Identifier : C7B58C48-D6BC-4078-9DAE-CB125901A4D6
  Capacity : 298,1 GB (320.070.288.384 Bytes)
  Free Space : 127,1 GB (136.438.530.048 Bytes)
  Used : 171,0 GB (183.631.757.312 Bytes)
  Number of Files : 85.578
  Number of Folders : 0
  Owners Enabled : No
  Can Turn Owners Off : No
  Can Be Formatted : No
  Bootable : No
  Supports Journaling : No
  Journaled : No
  Disk Number : 2
  Partition Number : 1

• Steps to connect an external LDAP

  Dear Gurus,
  What are the steps to connect an external LDAP like ADS.
  Pls let me know the step by step procedure e.g.
  creating the admin,guest and ??? users in Portal.Deleting the same from the LDAPs and so on.
  Thanks for the help.
  Nirmal

  Hi,
    Check the below link for LDAP connectivity...
  Integrated Windows Authentication with SAP EP 6.0 SP 3 and higher Part 1 of 2
  Regards
  Vasu

• Use of external LDAP server in Weblogic Commerce Server

  I'm using the following software:
  Iplanet Directory Server v5
  Weblogic Application Server v6
  Weblogic Commerce v3.5
  I need to configure Weblogic Commerce Server to use Iplanet Directory Server directory
  services. How do I do that?
  I have a couple of questions related to this:
  1) As Weblogic Commerce Server runs on top of Weblogic v6, does it mean that to
  use an external LDAP server, I need to configure weblogic v6 to do that and not
  Weblogic Commerce Server?
  2) Whatever may be the case above, how do I do that?
  3) config.xml (weblogic application server v6) contains information that needs
  to be modified to point to an external JNDI source provider but what information
  do I need to modify?
  I'd really appreciate if someone can help me out here. Thanks!

  "JP" <[email protected]> wrote in message news:[email protected]..
  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  Try setting the com.netscape.ldap.trace property.
  \* When -D command line option is used, defining the property with
  * no value will send the trace output to the standard error. If the
  * value is defined, it is assumed to be the name of an output file.
  * If the file name is prefixed with a '+' character, the file is
  * opened in append mode.
  This will create a ldap trace file of the requests that WLS is making on the
  LDAP server. You can then see
  where the filters are not returning the correct value for the group
  membership.

• I  made the mistake when configuring a external monitor, of changing the mhz to 75. When I close the MBP I now get a black screen on the monitor. How do I change it back?

  I  made the mistake when configuring a external monitor, of changing the mhz to 75. When I close the MBP I now get a black screen on the monitor. How do I change it back?
  I have a MacBook Pro with the latest operating system, trying to configure a Gateway flat monitor with vga.
  Thanks

  Apple menu -> System Preferences -> Displays.
  System Preferences can also be found in the Hard drive -> Applications folder.
  Resetting the PRAM can help bring displays back to factory settings if you can't find what you need:
  http://support.apple.com/kb/ht1379

• How to authenticate CXF-Webservice against external LDAP in WebLogic?

  Hi there,
  I'm trying to integrate our Camel-application into WebLogic 12c. All the incoming endpoints are CXF-based webservices. These are secured by "UsernameToken Timestamp" with the WSS4JInInterceptor configured like this:
  <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                 <map>
                      <entry key="action" value="UsernameToken Timestamp" />
                      <entry key="passwordType" value="PasswordDigest" />
                      <entry key="passwordCallbackClass"
                           value="de.mycompany.camel.cxf.UserTokenCallbackHandler" />
                 </map>
            </constructor-arg>     
  </bean>
  My problem is: WSS4JInInterceptor expects the UserTokenCallbackHandler to return the password of the user delivered in the header <wsse:Username>. Is there any way to retrieve this from an external LDAP configured in WebLogic? I've already managed to retrieve the users, groups etc with JMX (javax.management.MBeanServerConnection and weblogic.security.providers.authentication.LDAPAuthenticatorMBean), but I can't figure out how to authenticate the user against the LDAP, i. e. retrieve the password.
  Or am I heading in a completely wrong direction and this is not the way to achieve authentication for CXF-Webservices in WebLogic?
  Please give me a hint (code-snippets preferred ;-) ) how to solve this.
  Regards,
  Frank

  I have run into the exact same situation ? Did you ever get around this ? If so, how ? Please let me know.

• Identity Server using external LDAP

  anyone have idea whether ID Server can use external an LDAP server for authentication, like the Policy Server in Portal Server 3 ?
  Wilson.

  You typically need to use our JNDI store. We strongly recommend this for
  performance reasons..
  You can use the JNDI To LDAP bridge which is available from the sun web
  site.
  Michael Girdley
  BEA Systems Inc
  "Jack Archer" <[email protected]> wrote in message
  news:[email protected]..
  I'm trying to find out if it is possible to re-direct JNDI calls to the WL
  server to an external LDAP server. I know you can install an external LDAP
  server for security purposes, but I would like to use an external LDAP
  server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
  Is this possible?