External ldap mapping & portal 6.2

Similar Messages

• External LDAP and attributes aliases mapping ?

  I have mapped iwtUserInfoProvider-lastName = sn.
  And when i after that access the Portal Server and try to uppdate for examlpe my "IMAP user name" in the User Info channel the Portal Server tries to update my "External LDAP Server". This update is unsuccessful and i get an "error storing user profile".
  Why is the Portal Server trying to update my external LDAP server??
  I only want it to fill in som info for me......

  By configuring External LDAP we map certain LDAP-parameters to portal-parameters. Thus while updating the User Info channel we get "error storing user profile". Edit the /etc/opt/SUNWips/desktop/default/iwtUserInfoProvider/edit.template file to not include the non-writable fields in the form, then the user info provider will not try to write those fields. This should help.
  Thanks,
  Raj_indts
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support

• Can I map iwtUser-role to an attribute in external LDAP???

  Hi,
       I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

  Block off the default role if you don't want anyone going into that role but only
  the ones defined. You can do this by setting the filter to a value that will return
  nothing. (example, title=nonexistant), since the search filter will not return
  results, no one will be placed in that role (otherwise have to manually go into that
  role and 'move' users).
  Hope this helps,
  Manon
  Siva kancheti wrote:
  Hi,
  I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

• External LDAP + Roles in portal

  Folks,
  I use weblogic 8.1 portal.
  Can we use an external LDAP for storing portal roles? If so, what is supported,
  recommended, etc. Does BEA have a recommendation/document on how to support an
  environment with multiple domains that share a common LDAP so that we don’t have
  to keep them all sync.
  Thanks
  - Lara

  Lara,
  The WLS SSPI (plug-in provider architecture) allows you to add additional
  role mappers, however the WLS out-of-the-box authorizer and role mapper are
  still required for WLP. Also, in a WLS domain/cluster each managed server
  has a copy of the LDAP which is automatically kept in sync by the admin
  server.
  -Phil
  "Lara Man" <[email protected]> wrote in message
  news:3f78852c$[email protected]..
  >
  Folks,
  I use weblogic 8.1 portal.
  Can we use an external LDAP for storing portal roles? If so, what issupported,
  recommended, etc. Does BEA have a recommendation/document on how tosupport an
  environment with multiple domains that share a common LDAP so that wedon't have
  to keep them all sync.
  Thanks
  - Lara

• Authentication in weblogic portal server 8.1 sp2 using external LDAP

  Hi,
  I am trying to use external LDAP for authentication.
  I have configured the ActiveDirectoryAuthenticator giving the necessary
  values
  ( and added
  "-Dcom.bea.p13n.usermgmt.AuthenticationProviderName=ActiveDirectoryAuthentic
  ator" in startWeblgoic.cmd )
  and can see the users and the groups from my LDAP provider in the admin
  console and in the admin portal's "users and groups".
  A set of users are given permission to access the restricted site and those
  users are visible in the global role with the permission.
  The web.xml is configured for BASIC auth-method, and the role is
  <externally-defined/> in weblogic.xml.
  Now when I access a restricted page, I am shown a dialog prompt to key in
  the username and password.
  Even when I key in the valid credentials, the restricted page is not shown
  and an "Unauthorized xxx" 401 access error is thrown.
  Any clue, on what i am missing.?
  Please let me know if any suggestion / idea.
  Regards,
  Arun.

  Assuming your application is a WebLogic Portal application, then yes you would definitely need to install WLP 8.1. WLP version 8.1 is the only version of WLP that will run on WLS/WLW version 8.1.
  In order to obtain the product installer, you'll need to contact Oracle Support and file a request. It is not available for download from any Oracle public site. Only version 10.3 is available for download.
  Brad

• Usage of external LDAP server with Portal

  Hi All,
  We are in a situation to use external LDAP server with WLP 8.1. These are the
  constraints we have to deal with:
  1. Only read is allowed from this LDAP server.
  2. This would be used for authentication purpose
  If thats the case, how can we use Visitor Entitlements/Delegated Admin and Group
  creation using Portal Admin tool since this will write to the configured LDAP
  server.
  Can somebody answer my question:
  1. Can we use external LDAP server - just for authetication (I know this is possible
  by using JAAS LoginModule, but I just want to get confirmed on this ) and
  2. Use default and embedded LDAP server for all others like Group/Visitor Entitlements/DAs.
  Any relevant pointers are also welcome.
  TIA,
  Prashanth Bhat.

  Thanks for th ereply. Some of your answers are not clear. Can you pls eloborate
  on this?? Pls see my comments below.
  "Johnson" <[email protected]> wrote:
  >
  Phil,
  Can I use embedded LDAP for production?
  Thanks
  Lawrence
  "Phil Griffin" <BEA> wrote:
  "Prashanth " <[email protected]> wrote in message
  news:[email protected]..
  Hi All,
  We are in a situation to use external LDAP server with WLP 8.1. Theseare
  the
  constraints we have to deal with:
  1. Only read is allowed from this LDAP server.
  2. This would be used for authentication purpose
  If thats the case, how can we use Visitor Entitlements/Delegated Adminand
  Group
  creation using Portal Admin tool since this will write to the configuredLDAP
  server.
  Can somebody answer my question:
  1. Can we use external LDAP server - just for authetication (I knowthis
  is possible
  by using JAAS LoginModule, but I just want to get confirmed on this) and
  >
  You can add the external LDAP server just for authentication, but in
  versions through
  8.1 SP2 WLP will want to verify the user exists (via the UserReaderMBean)
  during
  the login process (this check has been removed in SP3). A work around
  is to
  duplicate
  the user in a provider that does impl UserReaderMBean.
  Prashanth : You mean to say we have to duplicate the User in embedded LDAP server
  also??
  >>
  2. Use default and embedded LDAP server for all others like Group/VisitorEntitlements/DAs.
  >
  Yes, the default/embedded LDAP can still be used for DA/visitor
  entitlements. In the current
  release, the Portal Admin Tools can only be configured to use a single
  authentication provider
  while forming entitlements. In SP3, all configured providers are
  listed/usable by the tools.Prashanth : How can we configure Portal Admin tool to use authentication provider
  for entitlements??
  >>
  Any relevant pointers are also welcome.
  TIA,
  Prashanth Bhat.

• Issue while integrating external LDAP with weblogic

  Hi,
  i am trying integrating external LDAP (OpenLdap) with weblogic 10.3. I created a provider and provided required credentials and able to see users and group of the LDAP into the weblogic console. I am also able to login in the weblogic console with the users available in the LDAP after assigning the admin role to the ldap group. But i when i see the user's property (by clicking on the user in the admin console) it only shows the tabs for General, Password and Group only. on the other hand if i see the users from DefaultAuthenticator, it shows the Attribute tab apart from the General, Password and Group.
  Can anyone let me knwo how can we get the Attribute tab for the Ldap users.
  thx,
  Ajay

  Hi Ajay
  By default Weblogic has READ ONLY adapters for any External Security Providers that are configured like any AD Providers. READ ONLY means, you can only read the data from the ldap but not modify it, hence may be its not showing the Attributes tag. For Default Authenticator, see the first paragraph note in Attributes tab, that says the same thing. NOW, may be WLS can atleast show Attributes in READ only format, but it needs some sort of mappings to be defined. Say on Weblogic side, we have like firstName, lastName which on any typical AD will be like sn (surname = lastname), givenname (firstname) etc etc. This mapping is tough to generalize.
  One thing for sure is, from Weblogic you cannot modify or edit any attributes for any user in external AD. If you really want to get those attributes, you may need to use some javax.ldap apis or some 3rd party ready to use tools/apis. I remember Weblogic Portal has a facility to configure a xml file that defines attributes mapping and get all attributes for any user. But again thats in Weblogic Portal product and not part of weblogic server.
  If you have any SOA Software, they have some utilities for the same.
  Thanks
  Ravi Jegga

• Server App not seeing external LDAP users & groups

  I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
  When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
  I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
  Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
  This is all so much more opaque than our superbly reliable Snow Leopard servers!
  TIA

  Ok, and again:
  You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
  Connect the third party ldap to your server
  Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
  When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
  Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
  To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
  Feel lucky
  And there ist ist; now you are able to use The accounts taken from an external LDAP.

• Steps to connect an external LDAP

  Dear Gurus,
  What are the steps to connect an external LDAP like ADS.
  Pls let me know the step by step procedure e.g.
  creating the admin,guest and ??? users in Portal.Deleting the same from the LDAPs and so on.
  Thanks for the help.
  Nirmal

  Hi,
    Check the below link for LDAP connectivity...
  Integrated Windows Authentication with SAP EP 6.0 SP 3 and higher Part 1 of 2
  Regards
  Vasu

• Use of external LDAP server in Weblogic Commerce Server

  I'm using the following software:
  Iplanet Directory Server v5
  Weblogic Application Server v6
  Weblogic Commerce v3.5
  I need to configure Weblogic Commerce Server to use Iplanet Directory Server directory
  services. How do I do that?
  I have a couple of questions related to this:
  1) As Weblogic Commerce Server runs on top of Weblogic v6, does it mean that to
  use an external LDAP server, I need to configure weblogic v6 to do that and not
  Weblogic Commerce Server?
  2) Whatever may be the case above, how do I do that?
  3) config.xml (weblogic application server v6) contains information that needs
  to be modified to point to an external JNDI source provider but what information
  do I need to modify?
  I'd really appreciate if someone can help me out here. Thanks!

  "JP" <[email protected]> wrote in message news:[email protected]..
  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  Try setting the com.netscape.ldap.trace property.
  \* When -D command line option is used, defining the property with
  * no value will send the trace output to the standard error. If the
  * value is defined, it is assumed to be the name of an output file.
  * If the file name is prefixed with a '+' character, the file is
  * opened in append mode.
  This will create a ldap trace file of the requests that WLS is making on the
  LDAP server. You can then see
  where the filters are not returning the correct value for the group
  membership.

• How to authenticate CXF-Webservice against external LDAP in WebLogic?

  Hi there,
  I'm trying to integrate our Camel-application into WebLogic 12c. All the incoming endpoints are CXF-based webservices. These are secured by "UsernameToken Timestamp" with the WSS4JInInterceptor configured like this:
  <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                 <map>
                      <entry key="action" value="UsernameToken Timestamp" />
                      <entry key="passwordType" value="PasswordDigest" />
                      <entry key="passwordCallbackClass"
                           value="de.mycompany.camel.cxf.UserTokenCallbackHandler" />
                 </map>
            </constructor-arg>     
  </bean>
  My problem is: WSS4JInInterceptor expects the UserTokenCallbackHandler to return the password of the user delivered in the header <wsse:Username>. Is there any way to retrieve this from an external LDAP configured in WebLogic? I've already managed to retrieve the users, groups etc with JMX (javax.management.MBeanServerConnection and weblogic.security.providers.authentication.LDAPAuthenticatorMBean), but I can't figure out how to authenticate the user against the LDAP, i. e. retrieve the password.
  Or am I heading in a completely wrong direction and this is not the way to achieve authentication for CXF-Webservices in WebLogic?
  Please give me a hint (code-snippets preferred ;-) ) how to solve this.
  Regards,
  Frank

  I have run into the exact same situation ? Did you ever get around this ? If so, how ? Please let me know.

• Identity Server using external LDAP

  anyone have idea whether ID Server can use external an LDAP server for authentication, like the Policy Server in Portal Server 3 ?
  Wilson.

  You typically need to use our JNDI store. We strongly recommend this for
  performance reasons..
  You can use the JNDI To LDAP bridge which is available from the sun web
  site.
  Michael Girdley
  BEA Systems Inc
  "Jack Archer" <[email protected]> wrote in message
  news:[email protected]..
  I'm trying to find out if it is possible to re-direct JNDI calls to the WL
  server to an external LDAP server. I know you can install an external LDAP
  server for security purposes, but I would like to use an external LDAP
  server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
  Is this possible?

• External LDAP for UCM

  Hi.
  Is it possible to use external LDAP server for my UCM server without using external LDAP server for my admin server?
  That is I have a domain with admin server and UCM server.
  My admin server doesn't have external LDAP.
  So is it possible to use external LDAP server for my UCM server in such situation?
  And if it is possible, could you give me some information about it?
  (sorry for my english)

  First of all, thank you for links.
  But I have a problem: I configured my own LDAP provider and I can see that 'Connection State' is good (5 out of 5 connections are good), but I can not log in into UCM with users in my LDAP (Invalid Credentials. Please try entering your user name and password again.).
  Here is my LDAP provider configuration:
  Provider Name:      MyLDAP
  Provider Description:      MyLDAP
  Connection State:      5 out of 5 connections are good
  Last Activity Date:      12/17/12 4:23 PM
  Provider Type:      ldapuser
  Provider Class:      intradoc.provider.LdapUserProvider
  Provider Connection:      intradoc.provider.LdapConnection
  Source Path:      MyLDAP
  LDAP Server:      localhost
  LDAP Suffix:      dc=example,dc=com
  LDAP Port:      10389
  Number of connections:      5
  Connection timeout:      10
  Priority:      1
  Credential Map:      
  SSL Enabled:      No
  Attribute Map:      uid:dFullName
  Role Prefix:      ou=groups
  Default Network Roles:      guest
  Filter Groups:      Yes
  Use Full Group Name:      No
  LDAP Admin DN:      uid=admin,ou=system
  And my LDAP structure:
  "dc=example,dc=com"
  _____"ou=groups,dc=example,dc=com"
  __________"cn=Administrators,ou=groups,dc=example,dc=com"
  __________"cn=admin,ou=groups,dc=example,dc=com"
  _____"ou=people,dc=example,dc=com"
  __________"uid=asdasd,ou=people,dc=example,dc=com"
  __________"uid=qweqwe,ou=people,dc=example,dc=com"
  In 'cn=Administrators' entry I have 'uniqueMember:uid=asdasd,ou=people,dc=example,dc=com' property
  In 'cn=admin' entry I have 'uniqueMember:uid=qweqwe,ou=people,dc=example,dc=com' property
  Nevertheless I can't log in into UCM with users in my LDAP (Invalid Credentials. Please try entering your user name and password again.).
  Could you show me my mistake?
  Edited by: Michael Baygeldin on Dec 17, 2012 5:34 AM

• External LDAP user only has search priviledge in UCM

  After I have configed external LDAP successfully in weblogic console, I can see all user from external LDAP. And external LDAP user can login UCM successfully, but these users only has search priviledge. I want external LDAP user has Admin priviledge as weblogic(Default in embed LDAP). How to solve it. Any help will be appreciated greatly! Otherwise, I refer to Oracle's ducument,
  51.1.14 LDAP Users Not Receiving Some Administrator Privileges
  UCM inspects for the group "Administrators" on each user's login to grant UCM roles. If a user should have access to the UCM admin server, the UCM server requires that the user be a member in a group named "Administrators."
  How to add external LDAP user to the group of Administrators.

  Hi ,
  You can use Credential Maps to be achieve the requirement:
  Steps for the same are :
  1. Login to UCM - Administration - Credential Maps .
  2. Create the map name and the following mapping :
  <ldap role> , admin
  3. Save the changes
  4. Navigate to <domain_home>/ucm/cs/data/providers/jpsuserprovider/provider.hda
  add the following variable there :
  ProviderCredentialsMap=<map name created in step 2>
  5. Save the changes and restart ucm server .
  After that login with the user who has the ldap role that is mapped in stpe 2 , this user will have the ucm admin role .
  Hope this helps .
  Thanks
  Srinath

• Create external LDAP authentification to SAP via Web Dynpro

  Hi Guys,
  I have a requirement where I have to create access to SAP via external LDAP authentification. It is similiar how the Enterprise Portal works, but I want to achieve it with out the portal.
  The user will enter his LDAP user and password and I will check via LDAP connector to grant access to SAP.
  The only Problem I have is to switch to SAP user without knowing the SAP Password. Thats why I need external authentification.
  I have been told by an basis expert that I could use java to achieve this. I have also got the java coding what the Enterprise Portal uses.
  Am I on the right way? Can anybody advice me.
  Thanks and best regards
  Ali

  Hi,
  Refer this link and SAP Note
  [SAP GUI for HTML|http://help.sap.com/saphelp_nw04s/helpdata/en/47/4b0902d84818c9e10000000a114a6b/frameset.htm]
  SNote: 517484
  Regards
  Preethish