External LDAP user only has search priviledge in UCM

Similar Messages

• Error while configuring external LDAP user store with weblogic

  Hi,
  I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
  To do this, I have configured authentication provider and provided all the required details to connect to ldap.
  For example:
  Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
  User DN: ou=People,dc=test,dc=com
  Group DN: ou=Groups,dc=test,dc=com
  This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
  In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
  password=xxxxxxx
  username=admin
  Now while starting the admin weblogic server, I am getting the below error:
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
  Regards,
  Neeraj Tati.

  Hi,
  Please refer the below content that I found for Oracle 11g in the docs.
  "If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
  By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
  The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
  If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
  Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
  The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
  When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
  Here not sure what to do.
  Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
  Regards,
  Neeraj Tati.

• Server App not seeing external LDAP users & groups

  I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
  When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
  I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
  Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
  This is all so much more opaque than our superbly reliable Snow Leopard servers!
  TIA

  Ok, and again:
  You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
  Connect the third party ldap to your server
  Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
  When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
  Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
  To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
  Feel lucky
  And there ist ist; now you are able to use The accounts taken from an external LDAP.

• Messaging server and external LDAP user store

  Is it possible to have an external LDAP application store all user information and then have the messaging server authenticate against it and create a mail profile in it's own LDAP instance, similar to the way portal handles LDAP users? If not, what is the best way to store user information outside of the mail server instance? Create an LDAP instance and extend the schema to support the mail classes and then use replication to push the users into the mail servers directory instance?

  Correct, extending the schema on the master directory server and replicating down to the messaging server ldap instance the user info is the way to go.
  This way you do not have to maintain two different sets of user data.
  -Chris

• Does WLS 8.1 support external ldap in read-only or full read/write?

  In previous releases (e.g. 5.1, 6.1), WLS doesn't provide support for update operations such as creating users and groups when configured to use an external LDAP.
  Has this changed in 8.1? In other words, does WLS 8.1 provide support for update operations?
  Thanks.
  Regards,
  Alan Dupuis

  Hello ,
  Like earlier releases, WLS 8.1 too provides read-only access to External LDAP user database.
  Kuldeep Singh.

• ACS LDAP authenication - restrict to only certain LDAP users?

  I'm configuring Secure ACS v4.2 for TACACS+ authentication/authorization and command logging. I'd like to use my external LDAP user database for authentication.
  I have this fucntionality up and working and have one of our 3550 switches able to sucessfully authenticate against ACS with one of my LDAP username/passwords. Command logging and authorization also appear to be working as I can see them in the TACACS+ Accounting/Administration logs on the ACS server.
  Is there a way to restrict what LDAP users are allowed to authenticate? For example, out of my 16000 users in LDAP, I only want only a handfull of users to be able to authenticate against the LDAP server via TACACS+ and get into my devices.
  Can I create an LDAP filter someplace in ACS that specifies only XXX users can
  authenticate against LDAP and to deny all other users?
  Oh and we do not use the "group" functionality on our LDAP server. All users are part of the same OU in LDAP and are not seperated out by a different group OU. I know I know.....I could probably do it this way, but since that info doesn't exist in our LDAP server I'm looking for another solution.
  I'm running ACS v4.2.0.124.

  Sure, add the allowed users to a group in ACS, then use NAR to restrict what devices they can get to. This link might help as well.
  http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&topicID=.ee6e1fe&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc25eb6
  Hope that helps.

• LDAP users Faicng Error While Accessing the ESS Iviews in Portal

  Hi,
  My Portal is SAP EP 7.0 SP20 And ECC 6.0 SP16.
  UME users able to access the ESS MSS Iviews.But only one LDAP User only access ESS/MSS Iviews Other getting the Below error.
  Critical Error
  A critical error has occured. Processing of the service had to be terminated. Unsaved data has been lost.     
  Please contact your system administrator     
  Syntax error in program CL_XSS_CAT_BUFFER=============CP        ., error key: RFC_ERROR_SYSTEM_FAILURE     
  Syntax error in program CL_XSS_CAT_BUFFER=============CP        ., error key: RFC_ERROR_SYSTEM_FAILURE:
  com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Syntax error in program CL_XSS_CAT_BUFFER=============CP        ., error key: RFC_ERROR_SYSTEM_FAILURE
                  at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:101)
                  at com.sap.xss.ser.xssmenu.fc.ModelHandler.onInit(ModelHandler.java:205)
                  at com.sap.xss.ser.xssmenu.fc.wdp.InternalModelHandler.onInit(InternalModelHandler.java:428)
                  at com.sap.xss.ser.xssmenu.fc.FcXssMenu.setPersonnelNumber(FcXssMenu.java:570)
                  at com.sap.xss.ser.xssmenu.fc.FcXssMenu.onInit(FcXssMenu.java:292)
                  at com.sap.xss.ser.xssmenu.fc.wdp.InternalFcXssMenu.onInit(InternalFcXssMenu.java:455)
                  at com.sap.xss.ser.xssmenu.fc.FcXssMenuInterface.onInit(FcXssMenuInterface.java:165)
                  at com.sap.xss.ser.xssmenu.fc.wdp.InternalFcXssMenuInterface.onInit(InternalFcXssMenuInterface.java:389)
                  at com.sap.xss.ser.xssmenu.fc.wdp.InternalFcXssMenuInterface$External.onInit(InternalFcXssMenuInterface.java:546)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:922)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:891)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.attachComponentToUsage(FPMComponent.java:1084)
                  at com.sap.pcuigp.xssutils.navi.FcNavigation.onInit(FcNavigation.java:314)
                  at com.sap.pcuigp.xssutils.navi.wdp.InternalFcNavigation.onInit(InternalFcNavigation.java:358)
                  at com.sap.pcuigp.xssutils.navi.FcNavigationInterface.onInit(FcNavigationInterface.java:145)
                  at com.sap.pcuigp.xssutils.navi.wdp.InternalFcNavigationInterface.onInit(InternalFcNavigationInterface.java:142)
                  at com.sap.pcuigp.xssutils.navi.wdp.InternalFcNavigationInterface$External.onInit(InternalFcNavigationInterface.java:278)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:922)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:891)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.attachComponentToUsage(FPMComponent.java:1084)
                  at com.sap.pcuigp.xssutils.roadmap.VcRoadmap.onInit(VcRoadmap.java:188)
                  at com.sap.pcuigp.xssutils.roadmap.wdp.InternalVcRoadmap.onInit(InternalVcRoadmap.java:162)
                  at com.sap.pcuigp.xssutils.roadmap.VcRoadmapInterface.onInit(VcRoadmapInterface.java:153)
                  at com.sap.pcuigp.xssutils.roadmap.wdp.InternalVcRoadmapInterface.onInit(InternalVcRoadmapInterface.java:144)
                  at com.sap.pcuigp.xssutils.roadmap.wdp.InternalVcRoadmapInterface$External.onInit(InternalVcRoadmapInterface.java:220)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:564)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
                  at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
                  at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
                  at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
                  at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
                  at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
                  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
                  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:782)
                  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:302)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:761)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:696)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
                  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
                  at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
                  at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:869)
                  at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:229)
                  at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1344)
                  at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:356)
                  at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:549)
                  at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:193)
                  at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
                  at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
                  at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
                  at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
                  at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
                  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
                  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:782)
                  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:302)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
                  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
                  at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
                  at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
                  at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
                  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
                  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
                  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
                  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
                  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
                  at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
                  at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
                  at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
                  at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
                  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
                  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
                  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
                  at java.security.AccessController.doPrivileged(Native Method)
                  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
                  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  Caused by: com.sap.aii.proxy.framework.core.BaseProxyException: Syntax error in program CL_XSS_CAT_BUFFER=============CP        ., error key: RFC_ERROR_SYSTEM_FAILURE
                  at com.sap.aii.proxy.framework.core.AbstractProxy.send$(AbstractProxy.java:150)
                  at com.sap.pcuigp.xssutils.xssmenu.model.MenuModel.hrxss_Ser_Getmenudata(MenuModel.java:171)
                  at com.sap.pcuigp.xssutils.xssmenu.model.Hrxss_Ser_Getmenudata_Input.doExecute(Hrxss_Ser_Getmenudata_Input.java:137)
                  at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:92)
                  ... 76 more
  Thanks & Regrads,
  Subba Rao

  Hi,
  Now every user facing the same error while accessing ESS Iviews from Portal.
  in ST22 Dump is created.
  What happened?                                                                                |
  Error in the ABAP Application Program
  The current ABAP program "CL_XSS_CAT_TIME_SHEET=========CP" had to be
  terminated because it has
  come across a statement that unfortunately cannot be executed.
  The following syntax error occurred in program
  "CL_XSS_CAT_BUFFER=============CP " in include
  "CL_XSS_CAT_BUFFER=============CM00C " in
  line 50:
  ""L_CATSDB" and "L_CATSDBCOMM" are not mutually convertible. In Unicode"
  " programs, "L_CATSDB" must have the same structure layout as "L_CATSDB"
  "COMM", independent of the length of a Unicode character."
  The include has been created and last changed by:
  Created by: "SAP "
  Last changed by: "SAP "
  Error in the ABAP Application Program
  The current ABAP program "CL_XSS_CAT_TIME_SHEET=========CP" had to be
  terminated because it has
  |    come across a statement that unfortunately cannot be executed.
  What we need to resolve the above issue.
  Thanks & Regards,
  Subba Rao

• LDAP user to application role mapping

  Hi All,
  OBIEE 11.1.1.5
  I have a table with ldap username and role. I have also configured external LDAP server in RPD. Users are able to login to portal.
  Can some one guide me, how to make sure that when user login to OBIEE automatically by table the role will be fetched and mapped with application role created?
  Or, In simple words,
  How can I assign an external ldap user to be mapped to application role? One by one?? or Via table as mentioned above?
  Anyone can help? All documents are not giving this simple picture to me.
  It was easy in 10g, In 11g is it rocket science so that my company can loose the hope to go ahead with 11g?

  Hi,
  1. Create block to initialize USER variable with user name from LDAP
  2. Create block to initialize GROUP variable with role name from external table
  3. In initializtion block for GROUP variable add precedence with User init block to make sure that USER variable have value
  4. If one user can have few roles you should check row-wise-initialization oprion
  Hope it's helpful

• WLI-8.1 Problem using external LDAP authenticaion provider

  I added a second authentication provider that uses iPlanet DS to authenticate. My external LDAP users show up in the WebLogic Server Admin Console, but they do not show up in the Integration Console's User Management section. I also can't authenticate through the Worklist app as one of the external users. Can anyone help?

  There is a patch available for this. pls. check with bea support.
  Kelly Graves <[email protected]> wrote:
  I added a second authentication provider that uses iPlanet DS to authenticate.
  My external LDAP users show up in the WebLogic Server Admin Console,
  but they do not show up in the Integration Console's User Management
  section. I also can't authenticate through the Worklist app as one
  of the external users. Can anyone help?

• How to force a new password in portal with LDAP user? external users

  With an external portal (used by agents that do not work for you or reside in your office), company policy is for password to be changed every qtr.
  If the users are creating as LDAP users how to force them to change their password when required?
  Is this a custom application that needs to be written so when they log into the portal if the qtr has expired the portal ask them to enter a new password that becomes valid for the next qtr.
  Versus internally deleting and emailing all the users a new password?

  Hi Glenn,
  We are getting one problem when we are creating user in LDAP and login with that user in  Portal that time we are getting Password change screen , but when we create a user in LDAP and change the password of that user in LDAP then when the user tries to  Login to portal that time we are not able to see the password change screen.
  But again if we change the password of that user through Portal we are able to see change password screen.
  can you help on this how we can force the user to change password when we are changing password in LDAP or in SAP System.
  Regards
  Trilochan

• Firefox 31.0 has lost functionality for one user only. No menu dropdown. Win 8.1.

  The primary user has no problems and nor did the second user until yesterday when, returning after a break, Firefox opened with a new tab, no menu bars and no menu button drop-down screen. If I clicked on Alt+menu bar or bookmarks bar, they appeared temporarily. It worked if I typed a url into the search box and I could add bookmarks but they would disappear on shutdown.
  I have tried a reset through Profile Manager and, in desperation, deleted the user completely. After rebooting the PC and creating a new user, Firefox behaves exactly the same way, except that all the bookmarks have been deleted.
  The primary user still has no problem with Firefox but it seems there is some basic problem with the addition of a second user.
  I would greatly appreciate any suggestions.

  The folder for the second user may have corrupt files in it.
  '''https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles'''
  Use the Profile Manager to create and remove Firefox profiles
  Firefox stores your personal information and settings in a profile folder. Learn to use the Profile Manager to create, remove, rename, and switch profiles.
  Create a new user profile. Does it work? Copy the contents of the old profile
  but '''ONLY''' add-ons, history, passwords. '''Do Not''' copy any data files.
  '''https://support.mozilla.org/en-US/kb/Recovering%20important%20data%20from%20an%20old%20profile'''
  Recovering important data from an old profile

• It seems that many (if not all) of my files have been replaced by older versions. I kind find the multiple versions (listed in the Search as in the same dir) and restore them but this is strange. There is no chance that another user here has done a restor

  It seems that many (if not all) of my files have been replaced by older versions. I can find the multiple version including the most recent version using the Search, however, they show up in the same directory even though Finder only shows a single copy. I am able to save and then overwrite in order to restore but this is strange. There is no chance that another user here has done any sort of system restore action (at least intentionally).

  I can find the multiple version including the most recent version using the Search, however, they show up in the same directory even though Finder only shows a single copy.
  In a OS Extended (HFS) file system there is no way you can have two files with identical names in the same directory.
  Of course who knows what spotlight is thinking of most of the time when it does its stupid searches (get Find any File instead) and lists its results?  Are you sure it is listing the same directory or do you have a backup and it is finding it there and you aren't noticing it is two different volumes?
  You could also try reindixing the volume.  Add it to the Spotlight system preferences Privacy and then remove it.

• How to only synchronize one specific LDAP user group with SAP?

  Hi,
  Hopefully this is the correct forum to post this in. I want to have continuous one-way synchronization of users from my LDAP server to my SAP central system. I've started configure in SAP using transaction SM59 and LDAP. Can I somewhere set that only one specific LDAP user group shall be transferred to SAP (they do not need to be assigned to any specific group, profile, role in SAP) - or should this be done on the LDAP server side (or is it at all possible)?
  Correct me if I'm wrong, but the User Group field in the report RSLDAPSYNC_USER only concerns SAP user groups right? This would therefore not be sufficient since I want to select the users to synchronize based on user groups in the directory.
  Thanks, Oscar

  We've used a repository constant to specify the LDAP filter for reading users / groups from the LDAP target.
  E.g. LDAP_FILTER_USERS (&(objectCategory=person)(objectClass=user))
  Then we also have a constant for the LDAP_STARTING_POINT
  For our AD Group Initial Load we filter according to these settings:
  LDAP_FILTER_GROUPS = (objectclass=group)
  LDAP_STARTING_POINT_GROUPS = ou=IDMManagedGroups,ou=Groups,dc=cfstest,dc=le,dc=ac,dc=uk
  The above example only reads AD groups starting at the specified OU
  Then in a Job From LDAP Pass the LDAP URL looks like this:
  LDAP://%$rep.LDAP_HOST%:%$rep.LDAP_PORT%/%$rep.LDAP_STARTING_POINT_GROUPS%?*?SUB?%$rep.LDAP_FILTER_GROUPS%
  I hope this helps
  Paul

• External hard drive only operating system, 500.g western digital, jumpers how should they be set if it has them? It does.

  I have removed the original apple fujitsu HDD because of a crash, I installed the OS X 10.6 on two external drives, and they actually will fit in the place of the original.
  But they both have jumpers and from when I dinked with my windows PC s and setting the jumpers I am retty sure they need to be set up to be known if they are the slave or master and all?
  One of the drives is a 80.g western digital it has 4 little leads there where the jumpers are so more ways to slide the little part in place to establish what role it is to take?
  It is used just to run time machine.
  The other drive is a 500.g WD also just loaded with the OSX DVD 10.5 but it only has two little jumper leads, but that is 2 more than the fujitsu that was originally installed.
  So I would like to put this one inside my macbook pro and both of them will plug right in place for a more solid connection so that is my situation, and would be grateful for some experience here as needed to apply for best and longest possible smooth running.
  Thanks and hope to hear something ASAP, that is if I dont run into a wall and crash?
  Or does it even matter being a laptop it may just default to the internal drive, and from there it is determined either by me holding the alt option, or C key down at start u to decide?
  I don't know I just drive the thing and not that well. Thanks

  FWIW ? Whats that mean? One of the drives had a jumper on it, the other just a place for one the pins but nothing on them.
  So since I am going to put the one in my macbook that actually has a jumper and being supplied I am just trying to find out as much as possible in case my macbook drops another DUCE at least I have one less thing to eliminate to recover.
  first two pins jumped usually is master drive, second is slave, 3rd don't know, 4th is both, it lets drive decide.
  But thats with internal home pc drives, I have a MAXTOR I removed from a G3 mac today so I could look, and it is jumped like no windows pc drive I have ever seen.
  But thanks I am going to check with western digital and find out, value my mac working too much, especially after being on a god forsaken internet exploder loaner windows computer the last week.
  I wanted to spike it just for fun, but it wouldn't have been in less I was spiking it on the head of who built IE, I just cant stand trying to move on the internet and always end up where they want to go.
  anyhow thanks, David                                          FWIW?

• How do you connect a usb printer and usb external hard drive to the airport extreme, as it only has one usb port?

  I'm thinking about upgrading my old 802.11g router for a new airport extreme. Can it connect to a usb printer and external hard drive at the same time and acutally work. It only has one usb port on the back.
  thank you!

  To add multiple USB printers and/or HDDs, you just first need to connect a USB hub (powered prefereably) to the AirPort's USB port, and then, add the USB devices to the hub.