Failover agents who work with active directory integration

Similar Messages

• Does WLS 6.1 LDAP work with Active Directory?

  I see in the security docs that Microsoft Site Server LDAP is supported. Anyone
  know if it will work with Active Directory which is supposed to be LDAP v3 compatible?
  TIA

  I've done it with :
  <CustomRealm
  ConfigurationData="server.host=myLDAP.mydomain.org;membership.filter=(&
  (member=%M)(objectclass=group));server.port=389;group.dn=ou=groupes,dc=myDomain.org;group.filter=(&(cn=%g)(objectclass=group));server.principal=cn=Administrator,cn=Users,dc=myDomain.org;user.dn=ou=Utilisateurs,dc=myDomain.org;user.filter=(&(cn=%u)(objectclass=person));server.ssl=false"
  Name="MyLDAPv2" Notes="Test ldap V2 active Directory"
  Password="myPassword" RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
  Will Spies <[email protected]> wrote:
  Can you put up what a sample <CustomRealm/> tag for AD looks like? I'm
  trying to get this to work with no success. Thanks for any help.

• Help with Active Directory Integration and kerberos

  Hello,
  I’m encountering a bug preventing me to use Active Directory integration with kerberos :
  Our domain name is CORP.DOMAIN.COM.
  When we request the GC in this domain :
  bash-3.00# nslookup -query=any gc.tcp.corp.domain.com
  Server: 1.2.1.6
  Address: 1.2.1.6#53
  ** server can't find gc.tcp.corp.domain.com: NXDOMAIN
  there is no answer.
  But when we request without corp, we find the servers :
  bash-3.00# nslookup -query=any gc.tcp.domain.com | grep sis
  gc.tcp.domain.com service = 0 100 3268 serveur02.corp.domain.com.
  gc.tcp.domain.com service = 0 100 3268 serveur01.corp.domain.com.
  bash-3.00#
  Is-it possible to add the possibility to enter the domain name where reside the gc.tcp ?
  Thank you.

  Hello
  the domain.com domain exist, but it's not our domain.
  so, when I put domain.com, it search with no result (nothing appends).
  our kdc.conf :
  [kdcdefaults]
  kdc_ports = 88,750
  [realms]
  CORP.DOMAIN.COM = {
  profile = /etc/krb5/krb5.conf
  database_name = /var/krb5/principal
  admin_keytab = /etc/krb5/kadm5.keytab
  acl_file = /etc/krb5/kadm5.acl
  kadmind_port = 749
  max_life = 8h 0m 0s
  max_renewable_life = 7d 0h 0m 0s
  default_principal_flags = +preauth
  krb.conf
  [libdefaults]
  default_realm = CORP.DOMAIN.COM
  default_checksum = rsa-md5
  [realms]
  CORP.DOMAIN.COM = {
  kdc = dc01.corp.domain.com
  kdc = dc02.corp.domain.com
  [domain_realm]
  .corp.domain.com = CORP.DOMAIN.COM
  corp.domain.com = CORP.DOMAIN.COM
  in every domain, I think the GC are in corp.domain.com. but in my company, it's in domain.com...
  Thank you,

• Getting Mobile Accounts to work with Active Directory

  Just curious to see if anyone got this to work. I am running OSX server version 10.4.4. I binded the server via directory access to our Active Directory Domain. I could see the active directory accounts in Workgroup manager and was able to get client Mac systems to log in using their AD account info. When I tried to set up the accounts as mobile accounts I ran into probelms. When you enter your login info on the client end, the screen would just go to a blnak blue desktop and not get any further. Anyone have any luck getting their AD accounts set up on the client Macs running as mobile directories?

  Heh. Yeah, and tried switching it on and off a few times, too.
  I think I might have found the problem, but I think I might have also borked my ability to play with it tonight -- in the Advanced Rules section in the firewall settings, there were a bunch of "deny" rules in there that weren't enabled... I guessed that those needed to be turned on, so that it would deny everything by default, but then allow the stuff I want through (set on the other page).
  Except after enabling those, I now can't connect to the server with ARD any more. Oops.
  The good news is that at least I also can't mount AFP shares from here any more either.
  The bad news is that when logging into the MacBook now, with my mobile account, it still starts up the Home Sync process on login (after spending about 35 seconds doing nothing after entering the password), and then hangs there for about 2 minutes trying to contact the sync server before giving up and continuing with the login properly -- this is what I was hoping to avoid.

• IChat integration with Active Directory

  Hi all,
  I'm trying to setup iChat on Mavericks to work with Active Directory. The iChat server is bound to AD, all the users are able to log in to the iChat server locally. The messages service is enabled and rights to the Messages service are granted to some users and groups. However, when I try to login with a Jabber account, I get "login ID or password is incorrect". The username and password are correct. I'm using the same [email protected] syntax for the username as the one I'm using to login to the iChat server directly. I tried with and without Kerberos v5 authentication, I tried with and without SSL and everything else I was able to think of. I have the OpenDirectory there enabled, although I don't really use it. I'm trying from the local network and from the internet (all the ports needed for iChat are forwarded to the server). Still no luck.
  Any help on my issue would be very much appreciated.
  Thanks!

  Hello everyone,
  I ran into the same situation as described above.
  Unfortunately there seems to be no answers on the thread from my research, so I left with no hope at all.
  Please help and give me some advices.
  Thank you in advance!
  Sincerely,
  Anton Todorov

• Active Directory integration: Invalid Token Error in Verification Service

  I'm having problems with Active Directory integration. I'm able to browse users in the task routing slip in JDeveloper. But I'm unable to login to the worklist application.
  Getting an "Invalid Token Error in Verification Service" error. Any pointers?
  <2007-06-12 21:40:36,843> <ERROR> <default.collaxa.cube.services> <PCException::<init>> Identity Service Configuration error.
  <2007-06-12 21:40:36,843> <ERROR> <default.collaxa.cube.services> <PCException::<init>> Identity Service Configuration file has error.
  <2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <PCRuntimeException::<init>> Identity Service Configuration error.
  <2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <PCRuntimeException::<init>> Identity Service Configuration file has error.
  <2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <::> WorkflowService:: VerificationService.destroyContext: invalid token: c9pHcmBFtc4q7/EY3xGAv/6hhfa6Hf5tllCb8ZYKtdSA/8/y0exRcwpjy0vWiWGgBPzuIh5Ur+l+ZHDNe0PKb9KiFScsKAG3JK1y+nIJtC827Rljhn8E+/BoF+ZIN6GFYn/iyo/6Mrlmz02Pg4QtetftO7eHJ01rEV5MmZFTXsg8iV6LQPnkAPjqmmsq+5bVYGGfSFpHX7FXk/0FrSabClKy6DKiwt/1Kp2Ldbj2RY8=
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> ORABPEL-30503
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Invalid Token Error in Verification Service.
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Invalid Token Error in Verification Service. Received invalid token c9pHcmBFtc4q7/EY3xGAv/6hhfa6Hf5tllCb8ZYKtdSA/8/y0exRcwpjy0vWiWGgBPzuIh5Ur+l+ZHDNe0PKb9KiFScsKAG3JK1y+nIJtC827Rljhn8E+/BoF+ZIN6GFYn/iyo/6Mrlmz02Pg4QtetftO7eHJ01rEV5MmZFTXsg8iV6LQPnkAPjqmmsq+5bVYGGfSFpHX7FXk/0FrSabClKy6DKiwt/1Kp2Ldbj2RY8= in destroyContext
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Check the underlying exception and correct the error. Contact oracle support if error is not fixable.
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.bpel.services.workflow.verification.impl.VerificationService.destroyContext(VerificationService.java:667)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.bpel.services.workflow.query.impl.TaskQueryService.destroyWorkflowContext(TaskQueryService.java:161)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at worklistapp.servlets.Logout.handleRequest(Logout.java:66)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at worklistapp.servlets.BaseServlet.doGet(BaseServlet.java:142)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at java.security.AccessController.doPrivileged(Native Method)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:368)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:866)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:448)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:216)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at java.lang.Thread.run(Thread.java:595)
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Caused by: BPEL-10555
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Identity Service Configuration error.
  <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Identity Service Configuration file has error.

  Hi Adina,
  thank you for your answer (questions)!
  We use 10.1.3.1 SOA Suite and the default jazn.com Security Provider and what we set at java.naming.security.principal property is oc4jadmin.
  It is interesting, we deployed again out EAR and now it works again! There is not Invalid Token Error exception, but we didn't change almost anything...
  Can we debug it somehow?
  Where does this bug come from?
  Thanks!
  ric

• Beginners guide to integration with Active Directory?

  Hi (complete beginner to this, but a quick learner)
  I don't know where to start with regards to getting the Macs on our network connecting like the PCs. Currently we have about 100 Macs on 10.4.x that are bound to the AD using Directory Access - users can log in, but that's about as far as integration goes. Their home folders do not "map" to the corresponding folders on the Macs, and we (as administrators) have no control over the Mac network users like we would have the local Mac users.
  I've been asked to look into this issue, and along with creating new modular 10.5.x system builds for all our Macs (different hardware, different software needs, different physical locations), I need to know what the next steps are. I have no experience of using Mac OS X Server or Active Directory. Besides telling me to ask the IT department to hire a Mac professional, what should I be looking into next?
  So far, this is how I think the process goes:
  1) Ensure I have solid modular system builds ready to go for the different macs/different classrooms.
  2) Get an Xserve for IT.
  3) Have Open Directory integrate with Active Directory, so that the same access controls/permissions are applied to the Mac users as they are the Windows users (including Finder access controls, Application controls, folder mapping etc) - *this is where I need guidance*.
  4) Push out the system builds to the Macs on the network
  5) Connect the Macs using Open Directory...
  6) ...
  As you can see, my knowledge kind of peters out towards the end there; is this a realistic undertaking for me (a classroom technician who happens to use Macs - NOT trained in any of this) and the Mac-phobic IT department (who would prefer switching all of our workstations to PC)? Are we going to have to bite the bullet and get some expensive consultants in?

  pisto_grih wrote:
  Hi (complete beginner to this, but a quick learner)
  I don't know where to start with regards to getting the Macs on our network connecting like the PCs. Currently we have about 100 Macs on 10.4.x that are bound to the AD using Directory Access - users can log in, but that's about as far as integration goes. Their home folders do not "map" to the corresponding folders on the Macs, and we (as administrators) have no control over the Mac network users like we would have the local Mac users.
  And that is about as far as the Apple plugin will take you. In order to do more you need to either extend schema (very scary), look at third party products like Centrify (very expensive), or look at getting an OS X Server and implementing the "magic triangle" in which OS X attributes are managed in OD while users, groups, and password are managed by AD.
  I've been asked to look into this issue, and along with creating new modular 10.5.x system builds for all our Macs (different hardware, different software needs, different physical locations), I need to know what the next steps are. I have no experience of using Mac OS X Server or Active Directory. Besides telling me to ask the IT department to hire a Mac professional, what should I be looking into next?
  If you go the route of OS X Server and MCX settings, make life easy on yourself and build one common build. Then limit app access based on your groups. That way you can simplify the number of images you maintain down to one (provided you have appropriate licensing).
  So far, this is how I think the process goes:
  1) Ensure I have solid modular system builds ready to go for the different macs/different classrooms.
  See above. But if you need to, look at InstaDMG
  2) Get an Xserve for IT.
  Yep. But if you are only doing MCX you might want to look for a cheeper alternative. The Xserve can offer some nice additions, including software update server and Netinstall server among others.
  3) Have Open Directory integrate with Active Directory, so that the same access controls/permissions are applied to the Mac users as they are the Windows users (including Finder access controls, Application controls, folder mapping etc) - *this is where I need guidance*.
  Yep. You are on the money.
  4) Push out the system builds to the Macs on the network
  Push huh. Look at Radmind. Then take a summer off to learn it. Then become god.
  5) Connect the Macs using Open Directory...
  Actually, connect the macs to both AD and OD. This will allow authentication and instantiating through AD and management through OD. Works very well.
  6) ...
  As you can see, my knowledge kind of peters out towards the end there; is this a realistic undertaking for me (a classroom technician who happens to use Macs - NOT trained in any of this) and the Mac-phobic IT department (who would prefer switching all of our workstations to PC)? Are we going to have to bite the bullet and get some expensive consultants in?
  It is learnable especially with the summer and available hardware. However, supporting the consulting industry is always nice http://consultants.apple.com
  Hope this helps

• Tutorial: Azure Active Directory integration with Igloo Software

  Click reply and tell us what you think:
  Tutorial: Azure Active Directory integration with Igloo Software
  Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

  Hello
  Can you be little clear, what you have tested with Airwatch MDM cloud?.. which scenarios?.. 
  1) Device Enrollment ?
  2) Access to Airwatch console?
  3) Access to Airwatch self service portal?
  By following the steps We do not get it working at all. by the way some of the steps in this tutorial are unclear and outdated;  
  I finally personally figured out how things should look like, and  make it work but only with Device Enrollment scenarios from the mobile devices itself. not from the pc and browsers or from the Access panel.

• Integrating OEDQ with Active Directory - Disabling SSL

  Hi fellows,
  I've just installed OEDQ (latest release) on a Unix machine (deployed on WebLogic Server 10.3.6) but I've a couple of concerns:
  SSL Communication --> is it mandatory? I mean, I've tried to expose the dndirector admin page through an OHS Apache Web server. I'm able to access the admin page in plain mode but whenever I try to access a specific functionality (dashboard, user management, server configuration, etc) I'm being redirected to https://<web-server-hostname>:<wls-server-ssl-port>/dndirector, so this is not what I'm expecting. What's wrong? By the way, If SSL is mandatory, is there a way to expose the console via apache (avoiding any redirection)?
  OEDQ with Active Directory --> the following documentation -- Integrating OEDQ with Active Directory -- covers just the Single Sign-on configuration (on both Windows/Unix os). What about a simple configuration pointing to an external ldap? The documentation reports the following statement:
            It is also possible to configure OEDQ to work with different directory servers for user authentication and user identification. For information on alternative configurations, "see "Contact Us"
  So, how can I achieve that?
  Any pointers?
  Thanks in advance,
  Marco

  Hi Marco
  Was out of the office a bit - apologies for the delay.
  It looks like you removed these lines from the configuration:
  cdpad.auth  
  = ldap
  cdpad.auth.bindmethod
  = digest-md5
  cdpad.auth.binddn
  = search: sAMAccountName
  If these are not present, the user name is combined with @cdpsede.cassaddpp.it and used to login into AD.  Depending on how user names are setup, this may or may not work.
  If you replace the lines above, then the user account is searched for against the AD UserPrincipalName or the sAMAccountName attributes.  The value of the latter attributre is then used as the login attempt.
  So for example, if you enter the user name if marco.bonadonna, EDQ would search for an AD entry with userPrincipalName = [email protected] or with sAMAccountName = marco.bonadonna and then it would use the value of the sAMAccountName attribute to connect to AD (using digest-md5 for encryption) along with the password.
  If you use
  cdpad.auth.binddn = search: dn
  then EDQ will use the full distiinguished name (DN) of the entry in the bind attempt.
  It is sometimes easier to test connections using a LDAP browser - Apache Directory Studio (see http://directory.apache.org/studio/) is one I use.  You can then check user name and password combination outside EDQ.
  You can also get additional server logging on LDAP interactions in EDQ by adding the line:
  userauth.level = all
  to the logging.properties file in the EDQ config directory.  Then where will be lots of diagnostics in the EDQ main0,log file.
  By the way, there is some documentation for this in the on-line help for EDQ.
  Richard

• Single Signon and Integration with Active Directory

  Hi,
  We have a requirement to integrate Active Directory with SAP and implement Single Signon solution. Our Active Directory is running on Windows 2003 and we are having systems 4.7 , ECC6.0 which run on Linux OS in our landscape.
  Can anyone of you help me by answering following questions
  1. Is there any need of any third party solution(tool) to integrate  Active Directory and SAP and activate single signon?
  2.Is there any difference in integration from SAP 4.7 and ECC6.0 of SAP on Linux OS with Active Directory ?
  3. If possible please share any documents or links on above issue.
  Suitable answers will be rewarded with points. Thanks in advance for your help
  Regards
  Murali

  > Thank you very much for providing me the link. But the document on link seem to be in German. Can you please let me know how to get English version of this document.
  I'm sorry, you'd have to ask Realtech for that document in English.
  Basically you can follow
  http://osdir.com/ml/encryption.kerberos.general/2004-11/msg00007.html
  Markus

• Tighter Integration with Active Directory User Groups

  I just wrapped up a Jabber deployment with IM&P 9.1(1) and J4W clients 9.1(3).
  The customer asked me if it is on Cisco's roadmap to allow groups in Active Directory to be pulled into the Jabber client.  The primary business case is to allow those in IT to send out IM blasts to the corporation or certain departments.
  Obviously, this would require a significant amount of development and a much tighter integration with Active Directory, but I need to ask anyway.
  Has something like this been identified and placed on any roadmap?
  Thanks,
  Matthew Berry

  Unfortunately this kind of questions cannot be addressed here, roadmap questions need to go thru official channels for an answer.
  You need to reach your SE/AM for this question.
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• OIM Integration with Active Directory Federation Services (ADFS)

  Hello friends
  I have a question about the integration of Oracle Identity Manager with Active Directory which is federated with another external directory for ADFS. My question is:
  What considerations should be to contemplate if I have an active directory federated environment when carrying out the integration with Identity Manager?
  I use version 9.1.0.2 of Oracle Identity Manager with Microsoft Active Directory Connector User Management 9.1.1.7
  Thanks for the support.

  First consideration is that the OIM's target ADFS - in the federated scenario, will that participate as a Service provider or identity provider. I would think identity provider.
  Next consideration: What all attributes are required to be played in the SAML assertion to the other end-point? All these attributes must be present and should be provisioned to the AD in this case.
  So, OIM should be set up (UDF etc) to provision all those attributes needed in the SAML.
  Next consideration: What all scenario to support? IdP initiated or SP initiated? If SP initiated, then process will hv to be defined if a user id does not exist in the AD of the OIM target. Will the request be failed or a in-time provisioning should happen.
  Hope this helps.

• Process flow - Active Directory integration with Enterprise Portal

  Hi
  I have seen number of documents/forum discussions on integrating Microsoft Active Directory (LDAP) with Enterprise Portal, but unable to find out the process flow for achieving the same.
  I have installed Enterprise Portal 6 (SP13) running on Web AS 640 (J2EE Standalone). The UME is currently configured to use Java database. (i.e datasourceconfiguration_database_only.xml)
  I intend to proceed as below for integrating with Active Directory and integrate with Windows authentication:
  1) Configure UME to use an LDAP Server as Data Source using Config Tool
  http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
  2) Configure Enterprise Portal UME i.e http://<host name>:50000/irj - System Administration - System Configuration - UM Configuration
  <b>Should I configure Data Sources & LDAP Server here as I have already configured these using J2EE Config tool (point no.1).</b>
  3) Integrate Windows authentication with EP using IISProxy module.
  I hope the above will enable me to logon to Portal without supplying username and password once you are logged on to the PC using your Windows user name and password.
  Also, any schema updates required to Activie Directory i.e What additional data is stored in A.D.
  I would appreciate your guidance on this.
  Thanks in advance,
  Chandu

  Hi Chandau,
  you wanted that some users are not taken into account by the User Management Engine (UME).
  This behavior can be established by specifying the
  ume.ldap.negative_user_filter property for the LDAP data sources in the data source configuration file. Using this property one can define that all users and accounts that
  match the defined conditions are filtered out by the UME API.
  A detailed documentation can be found in the SAP Online Help:
  http://help.sap.com/saphelp_nw04/helpdata/en/9a/f43541b9cc4c0de10000000a1550b0/
  content.htm
  In the following example of a data source configuration file for Microsoft Active Directory
  Server the attribute userPrincipalName is used as Logon ID of a portal user id (j_user).
  Here the user accounts that have one of the following Logon ID’s (index_service,
  notificator_service and cmadmin_service ) are filtered out.
  <dataSources>
  </dataSource>
  <dataSource id="CORP_LDAP">
  <privateSection>
  <ume.ldap.negative_user_filter>
  userPrincipalName=[index_service,notificator_service,cmadmin_service]
  </ume.ldap.negative_user_filter>
  </privateSection>
  </dataSource>
  </dataSources>

• 10.6 home directory mounting with active directory and open directory integration

  Hi guys i am having some issues in my new mac environment. I have a windows network with an server 2008 active directory. I have just recentlly created a "magic triangle" setup with active directory and open directory. When my users login via windows their home folders mount perfect. When any user logs in to any iMac in the building it does not work. They login perfectly fine, but their home folders do not mount. When i try mounting them manually with smb, i get a prompt for credentials. I am thinking this is my issue, my Single sign on with kerbos is working but for some reason is not logging in correctly. If i type in my credentials with my domain first then my name it works.
  For example DOMAIN\jsmith works, but the way i think the mac and active directory is doing it now is just jsmith without the DOMAIN.
  I feel like this is the problem with the home folders not mounting.
  Can anyone provide some help with this?
  Thanks,
  Dani

  Hi dani190,
  are you using the fully qualified domain name of the network server? ie if your server is bob. and your domain is domain.company.com. then the FQDNS would typically be bob.domain.company.com or bob.company.com.
  If the FQDNS works, then have you checked in the AD to make sure the path to the network home folder uses the FQDNS?
  For the contact search path, did you put the AD at the top the list? (in directory utility)
  Did you set the WINS work group on your client computer to your domain?
  ie:Apple Menu, System Preferences, Network, Active Network Port (ethernet and or airport) , Advanced Button, WINS Tab, set workgroup to the name of your domain. ie domain.company.com and or company.com

• Active directory Integration with OBIEE

  Hi all,
  Can any one send me a link for active directory integration with OBIEE.
  I have imported the users succesfully and I was able to login to analytics as an AD user.
  But SSO is not possible. Kindly help me over this.
  Thanks,
  Haree.

  Thanks for reply veeravalli.
  Me too followed the same link and successfully imported all the users from AD into OBIEE and login in is also possible.
  But my requirement is to have Single Sign On ie.., users may log on to their Windows PCs and access Oracle BI EE via a standard web browser with no further authentication required on their part.
  Thanks,
  Haree