Fetching properties from external LDAP

Similar Messages

• URGENT : Add & Retrieve properties from Embedded LDAP in Weblogic 9.2

  I am using Embedded LDAP WebLogic 9.2 and i followed the steps mentioned in the URL below.I have nt changed anything except Server URL which points to localhost:7001.
  http://e-docs.bea.com/wlp/docs92/users/appendixa.html#wp1055363
  Questions:
  1)How to add additional attributes to embedded LDAP? (eg email, phone etc).
  2)How to read those properties from embedded LDAP using WebLogic Portal API? Any code samples?
  Any help is appreaciated.

  this problem is due to hard-coded user/pwd in installation scripts. Here are steps
  1) open file AIA_HOME/Infrastructure/install/wlscripts/FPWLCommonConfig.xml
  2) reach to target CreateStartupClasses
  3) there are three java tasks for com.oracle.oems.weblogic.AQJMSPasswordUtility
  4) in the task for oraesb, password is hardcoded as 'oraesb' in clear text.
  5) this should be password of 'ORAESB' database user.
  6) change this password value; and restart the installation.
  Regards,
  Vaibhav

• How can I get properties from my ldap server?

  urgent,I don't know
  how to use the getproperties to get the properties
  from ldap server,anyone help?

  Hi Kevin,
  You could write a portlet that uses the <um:getProfile> and
  <um:getProperty> tag (
  http://edocs.bea.com/wlp/docs40/p13ndev/jsptags.htm#1058056 )
  Or you can do an easier test that requires no coding: If you use the EBCC
  to create metadata about your ldap property set, then you can use the JSP
  portal admin tool to see your LDAP properties for a user. I think if you go
  through the UUP example on dev2dev.bea.com it has instructions for doing
  this with a UUP. Basically, create a property set (a.k.a. "user profile")
  named "ldap" in the EBCC and create properties that match the ones you want
  to retrieve ("telephoneNumber", etc...CASE SENSITIVE). Then access the JSP
  portal admin tool. If you are not using the LDAPRealm as your alternate
  security realm then create a user that you know exists in LDAP and then hit
  the link for the user and search the "ldap" property set and you will see
  their property values. If you are using the LDAPRealm for authentication,
  then this is not a ManageableRealm so you cannot create users (they are
  managed in your LDAP server). So, if you are using the LDAP realm, just
  create the "ldap" property set in the EBCC and go to the user mgmt tools in
  the JSP admin tools and you will see your user. Then search the "ldap"
  property set for your user and you will see the property values.
  Ture Hoefner
  BEA Systems, Inc.
  www.bea.com
  "Kevin" <[email protected]> wrote in message
  news:[email protected]...
  >
  Hello,
  We're trying to retrieve an arbitrary profile and it's attributes from
  a Novell NDS ldap server. I've configured the ldapprofile.jar as
  described in the portal doc:
  http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824
  but the article doesn't go on to describe how to use the configuration
  to actually access the properties.
  I'm unsure as to how to use the com.bea.p13n.usermgmt.profile.ldap
  package to retrieve the information I need.
  Is there some step by step instructions to achieve this as well as
  some sample code to run in a jsp to test this functionality?
  Thanks for any help.
  Kevin
  Ture Hoefner <[email protected]> wrote:
  Hi Eric,
  The LdapPropertyManager handles that for you. All you have to do is
  deploy it. (I'm talking about Portal 4.0). See the docs at "Accessing
  Properties from an LDAP Server" (
  http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824 )
  You will need to deploy the LDAPPropertyManager EJB, located in
  ldapprofile.jar. It is shipped with the product in
  <wlportal4.0-install-dir>/lib/p13n/ejb/ldapprofile.jar.
  Eric Nie wrote:
  urgent,I don't know
  how to use the getproperties to get the properties
  from ldap server,anyone help?--
  Ture Hoefner
  BEA Systems, Inc.
  2590 Pearl St.
  Suite 110
  Boulder, CO 80302
  www.bea.com

• Not authenticated from external ldap in a cluster

  I am having trouble getting authenticated from an Iplanet LDAP, when the weblogic is configured in a Cluster.
  -I can authenticate with Embedded LDAP domain wide
  -I can authenticate on the external LDAP if I send the request to Admin server
  Here is my cluster configuration (all with Weblogic 7.0 SP4)
  *Admin Server Port: 9209
  *Cluster server 1 : 7209
  *Cluster server 2 : 8209
  *Proxy server     : 9090 (configured with HttpClusteredServlet)
  http://myserver.com:9090/j_security_check fails
  http://myserver.com:9209/j_security_check works
  Please let me know what is wrong?

  "Bob" <[email protected]> wrote in message
  news:3f9fd466$[email protected]..
  I am having trouble getting authenticated from an Iplanet LDAP, when theweblogic is configured in a Cluster.
  -I can authenticate with Embedded LDAP domain wide
  -I can authenticate on the external LDAP if I send the request to Adminserver
  Here is my cluster configuration (all with Weblogic 7.0 SP4)
  *Admin Server Port: 9209
  *Cluster server 1 : 7209
  *Cluster server 2 : 8209
  *Proxy server     : 9090 (configured with HttpClusteredServlet)
  http://myserver.com:9090/j_security_check fails
  http://myserver.com:9209/j_security_check works
  Please let me know what is wrong?Are you sure that the ldap authentication is actually occuring? I would
  define the
  DebugSecurityAtn="true" attribute on the ServerDebug mbean for the cluster
  server members and then look at the log and the ldap_trace.log files to see
  what is happening with LDAP.

• Accounts in UCM 11g from external LDAP provider

  Hi,
  We are developing an application using UCM 11g. For authentication and authorization we are using external LDAP. Following are the steps followed to configure the UCM 11g for external LDAP.
  1) Created User and Groups directory in LDAP
  2) Created user and group in LDAP.
  3) Assigned users to the groups.
  3) Created accounts in group directory .Account name start with @ and ends with (RW)
  4) Created a new provider in WLS.
  5) Created a new JpsProvider in UCM.
  Now, roles(groups in LDAP) and user are coming properly form LDAP. but the accounts are populating in UCM.
  Can anybody tell me the solution for this problem
  Thanks in advance..
  Regards,
  Nitin

  In theory there is no limit, but as with most of the products and features inside the Content Server it comes down to design and size impacting performance.
  So there is no simple answer.
  The more complex answer is you need to try to keep things as simple as possible while still completing your goals.
  For instance the Folders component in 11g is limited (hard coded) to 1000 files per folder maximum due to performance degradation if you put more in your folders. Many people just try to put more in and before the hard coded limit in 11g people did and their folders browsing became almost unusable due to slow browsing of the folder structure and files in side.
  Similarly with Security we can impact performance with too many security groups, badly designed Roles to access security groups or badly designed Account structures. Notice I only said "too many" on Security groups but not "too many" on Accounts. You should try never to go above 25 security groups (this is not a hard coded limit just a best practice) and the "badly designed" part of roles and accounts can lead to bad performance and even broken security.
  It comes down to DB performance, DB limitations and code limits.
  First off be aware that there is a limit on how long a query in the DB can be. Commands and SQL in the DB are not endlessly long, there is a maximum number of characters. Keep that in mind as we go along into the next parts.
  Second be aware that if you make a badly built query it will take a long long time.
  Third be aware that when you are building security models in UCM these security structures go DIRECTLY to DB queries and remember the above 2 points.
  So every search in UCM is a query when you take it back to the DB level, and every search requires a behind the scenes security check to make sure you can read the documents you are searching for. So any query built in the search interface gets an additional set of parameters automatically when executed (security).
  So now we need to also think about your Metadata and not just the Security on that limited length DB back end. Do your users have 99 metadata fields (I hope not) and if they do do they use most of them while searching? How long will that query be before you add the security query?
  Back to the security parts with accounts.
  If you have your users having only a few roles providing only access to a small number of security groups and those same users only having a few accounts then searches will get a short security access query added since the number of additional checks for security are small. If the roles and group accesses and account accesses are very large (to the extreme limit) again this will be easy to make a short query due to the small number of excluded security roles and accounts.
  BUT and this is a biggie. IF the users are given a number of roles and accounts that is middle of the road for number of total accesses then the query is as long as it can be and if the metadata is complex and large too then you may be running into the limit of Query string in the DB and your query may get truncated which results in a broken security model maybe.
  That is not even talking about the efficiency of the query and how long it takes.....
  Sorry for the book like reply to your simple question, but it really is not a simple question. :)

• External LDAP user only has search priviledge in UCM

  After I have configed external LDAP successfully in weblogic console, I can see all user from external LDAP. And external LDAP user can login UCM successfully, but these users only has search priviledge. I want external LDAP user has Admin priviledge as weblogic(Default in embed LDAP). How to solve it. Any help will be appreciated greatly! Otherwise, I refer to Oracle's ducument,
  51.1.14 LDAP Users Not Receiving Some Administrator Privileges
  UCM inspects for the group "Administrators" on each user's login to grant UCM roles. If a user should have access to the UCM admin server, the UCM server requires that the user be a member in a group named "Administrators."
  How to add external LDAP user to the group of Administrators.

  Hi ,
  You can use Credential Maps to be achieve the requirement:
  Steps for the same are :
  1. Login to UCM - Administration - Credential Maps .
  2. Create the map name and the following mapping :
  <ldap role> , admin
  3. Save the changes
  4. Navigate to <domain_home>/ucm/cs/data/providers/jpsuserprovider/provider.hda
  add the following variable there :
  ProviderCredentialsMap=<map name created in step 2>
  5. Save the changes and restart ucm server .
  After that login with the user who has the ldap role that is mapped in stpe 2 , this user will have the ucm admin role .
  Hope this helps .
  Thanks
  Srinath

• Oracle property manager data import from external system to oracle..

  Hi All,
  currently im working on Oracle property manager module..
  i have a requirement like upload and update the properties from external  system to oracle applications.
  how we can import Data from others systems to oracle,, is any API's or Open interfaces available  for this requirement.
  Please suggest me..
  Thanks all.

  Hi,
  You will  have to study the business needs and populate according data, You may also raise an SR with respect to this and get the support from Oracle if you don't have any experienced superiors on this subject/module to ask from.
  Please see if the following links help you.
  Oracle Property Manager Implementation Guide
  http://docs.oracle.com/cd/A85964_01/acrobat/pntrm.pdf
  Thanks &
  Best Regards,

• Error while fetching data from OWB Client using External Table.

  Dear All,
  I am using Oracle Warehouse Builder 11g & Oracle 10gR2 as repository database on Windows 2000 Server.
  I facing some issue in fetching data from a Flat File using external table from OWB Client.
  I have perform all the steps without any error but when I try to view the data, I got the following error.
  ======================================
  RA-29913: error in executing ODCIEXTTABLEOPEN callout
  ORA-29400: data cartridge error
  KUP-04040: file expense_categories.csv in SOURCE_LOCATION not found
  ORA-06512: at "SYS.ORACLE_LOADER", line 19
  java.sql.SQLException: ORA-29913: error in executing ODCIEXTTABLEOPEN callout
  ORA-29400: data cartridge error
  KUP-04040: file expense_categories.csv in SOURCE_LOCATION not found
  ORA-06512: at "SYS.ORACLE_LOADER", line 19
       at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:70)
       at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:110)
       at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:171)
       at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455)
       at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:413)
       at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1030)
       at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:183)
       at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:774)
       at oracle.jdbc.driver.T4CStatement.executeMaybeDescribe(T4CStatement.java:849)
       at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1186)
       at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1377)
       at oracle.jdbc.driver.OracleStatementWrapper.executeQuery(OracleStatementWrapper.java:386)
       at oracle.wh.ui.owbcommon.QueryResult.<init>(QueryResult.java:18)
       at oracle.wh.ui.owbcommon.dataviewer.relational.OracleQueryResult.<init>(OracleDVTableModel.java:48)
       at oracle.wh.ui.owbcommon.dataviewer.relational.OracleDVTableModel.doFetch(OracleDVTableModel.java:20)
       at oracle.wh.ui.owbcommon.dataviewer.RDVTableModel.fetch(RDVTableModel.java:46)
       at oracle.wh.ui.owbcommon.dataviewer.BaseDataViewerPanel$1.actionPerformed(BaseDataViewerPanel.java:218)
       at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1849)
       at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2169)
       at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
       at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
       at javax.swing.AbstractButton.doClick(AbstractButton.java:302)
       at javax.swing.AbstractButton.doClick(AbstractButton.java:282)
       at oracle.wh.ui.owbcommon.dataviewer.BaseDataViewerPanel.executeQuery(BaseDataViewerPanel.java:493)
       at oracle.wh.ui.owbcommon.dataviewer.BaseDataViewerEditor.init(BaseDataViewerEditor.java:116)
       at oracle.wh.ui.owbcommon.dataviewer.BaseDataViewerEditor.<init>(BaseDataViewerEditor.java:58)
       at oracle.wh.ui.owbcommon.dataviewer.relational.DataViewerEditor.<init>(DataViewerEditor.java:16)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
       at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
       at oracle.wh.ui.owbcommon.IdeUtils._tryLaunchEditorByClass(IdeUtils.java:1412)
       at oracle.wh.ui.owbcommon.IdeUtils._doLaunchEditor(IdeUtils.java:1349)
       at oracle.wh.ui.owbcommon.IdeUtils._doLaunchEditor(IdeUtils.java:1367)
       at oracle.wh.ui.owbcommon.IdeUtils.showDataViewer(IdeUtils.java:869)
       at oracle.wh.ui.owbcommon.IdeUtils.showDataViewer(IdeUtils.java:856)
       at oracle.wh.ui.console.commands.DataViewerCmd.performAction(DataViewerCmd.java:19)
       at oracle.wh.ui.console.commands.TreeMenuHandler$1.run(TreeMenuHandler.java:188)
       at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
       at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
       at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
       at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
  ===========================
  In the error it is showing that file expense_categories.csv in SOURCE_LOCATION not found but I am 100% sure that file is very much there.
  Is anybody face the same issue?
  Do we need to configure something before loading data from a flat file from OWB Client?
  Any help would higly appreciable.
  Regards,
  Manmohan Sharma

  Hi Detlef / Gowtham,
  Now I am able to fetch data from flat files from OWB Server as well as OWB Client.
  One way I have achieved as suggested by you
  1) Creating location on the OWB Client
  2) Samples the files at client
  3) Created & Configured external table
  4) Copy all flat files on OWB Server
  5) Updated the location which I created at the client.
  Other way
  1) Creating location on the OWB Client
  2) Samples the files at client
  3) Created & Configured external table
  4) Copied flat files on the sever in same drive & directory . like if my all flat files are on C:\data at OWB Client then I copied flat file C:\data on the OWB Server. But this is feasible for Non-Windows.
  Hence my problem solved.
  Thanks a lot.
  Regards,
  Manmohan

• How to fetch Properties of all Survey Lists from site collection using Java Script in SharePoint 2013

  Hi,
  I am trying to fetch properties of all lists of "Survey Type" from my site collection in SharePoint 2013 using script editor web part. I am able to fetch properties of one list by mentioning its name explicitly in code but not all survey
  list.
  My task is to display Survey name , description ,Time created and URLs of all survey lists using java script in script editor web part.
  And let me know , if there is any other OOB feature of SharePoint 2013 to achieve the same. 
  Here is the code  :
  <script src="http://code.jquery.com/jquery-1.10.2.min.js" type="text/javascript"></script>
  <script type="text/javascript">
  SP.SOD.executeFunc('sp.js', 'SP.ClientContext', sharePointReady);
  function sharePointReady() {
       GetSurveyList();
   function GetSurveyList() {
          var spListTitle = " List Name";
           var clientContext = new SP.ClientContext.get_current();
          var oWeb = clientContext.get_web();
          this.surveyList = oWeb.get_lists().getByTitle(spListTitle);
          clientContext.load(surveyList);
          clientContext.executeQueryAsync(Function.createDelegate(this, this.GetListProperties),Function.createDelegate(this, this.onFailure));
   function GetListProperties() {
          $("#SurveyList").text("");
          var surveyTable = "<table border=1>";
          surveyTable = surveyTable.concat("<tr><td>Survey Name</td>");
          surveyTable = surveyTable.concat("<td>Survey Description</td>");
          surveyTable = surveyTable.concat("<td>Time Created</td>");
          surveyTable = surveyTable.concat("<tr><td>" + surveyList.get_title() + "</td>");
          surveyTable = surveyTable.concat("<td>" + surveyList.get_description() + "</td>");
          surveyTable = surveyTable.concat("<td>" + surveyList.get_created().format("MM/dd/yyyy hh:mm tt")+ "</td>");
               surveyTable = surveyTable.concat("</table>");
          $("#SurveyList").append(surveyTable);
      function onFailure(sender, args) {
          alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
  </script>
  <div id="SurveyList"></div>

  Shifa,
  Please use search result webpart or content query webpart to list all survey list.
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

• LDAP in weblogic. Need additional GROUP from External Table

  I have the LDAP authentication in weblogic & I need to get the GROUP information from external table also since I have some more groups in table apart from LDAP groups.So how can I get that.
  I tried using GROUP variable in RPD but it didn't work.
  Please let me know if anyone has faced this issue in OBIEE11g

  HI,
  As per my knowledge OBIEE user should be authenticated from only one source. it should be either database authetication or LDAP authentication. we cant associate multiple initilization blocks for single system variable USER. so you should convey client to insert groups/users in LDAP.
  I hope this help you and understand it.
  Thanks
  Jay.

• Address Lookup in External LDAP

  I did changes in my $OH/j2ee/OC4J_UM/config/oc4j.properties file in order to Lookup in a external LDAP:
  toolkit.ldap.dir.1.label=Contacts
  toolkit.ldap.dir.1.url=ldap://OtherLinuxHost.mydomain.com:389
  toolkit.ldap.dir.1.searchbase=ou=Contacts,dc=mydomain,dc=com
  toolkit.ldap.dir.1.filter=objectClass=inetOrgPerson
  toolkit.ldap.dir.1.attribute.mail=mail
  toolkit.ldap.dir.1.attribute.lname=sn
  toolkit.ldap.dir.1.attribute.fname=givenName
  toolkit.ldap.dir.1.attribute.alias=uid
  In my Collaboration Suite - Messages when I am creating
  New Message, click in Blue Torch,
  Select from list the "Contactss" directory
  Select "Email Address" "contains" * => Go
  UM shows the contacts from the External Ldap, but when I try to bcc, or cc or to, it is not updating my destination fileds (bcc/ cc/ to). But if instead of select the List "Contacts" I select the Internal Directory (OID) it works fine?
  Which argument I miss ? or how I configure UM for export the email address from the AddrLookup Window to the Message_compose Window in the destination fields (bcc or cc or to) ?
  Thanks alot for any help.

  It is happening to us as well, we have OCS release 2 9.0.4.2 on Linux trying to access an external OpenLDAP linux server for shared contacts.
  After we get the results of the search on the external LDAP, no button works on the Address Lookup window except "Close". It doesn't matter is we select the "Corporate Book" or other Oracle internal address books; we have to close the window and open it again to do a new search.
  Are you seeing the same behavior?
  I will have a phone conference today (5/11/05) with Oracle support to talk about this issue, we have had a TAR open for about 20 days now.
  I'll keep you posted with the results.

• Error while configuring external LDAP user store with weblogic

  Hi,
  I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
  To do this, I have configured authentication provider and provided all the required details to connect to ldap.
  For example:
  Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
  User DN: ou=People,dc=test,dc=com
  Group DN: ou=Groups,dc=test,dc=com
  This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
  In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
  password=xxxxxxx
  username=admin
  Now while starting the admin weblogic server, I am getting the below error:
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
  Regards,
  Neeraj Tati.

  Hi,
  Please refer the below content that I found for Oracle 11g in the docs.
  "If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
  By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
  The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
  If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
  Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
  The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
  When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
  Here not sure what to do.
  Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
  Regards,
  Neeraj Tati.

• DISPLAYNAME when Using External LDAP

  Hi all,
  I'm using OBIEE 11g (11.1.1.6.0 onwards).
  I'm using an external LDAP (OpenLDAP, MSAD, etc). I'm looking for a way to populate the DISPLAYNAME session variable from the LDAP name attribute so that when logged in, the DISPLAYNAME is shown in OBIEE (instead of USER).
  Is this possible in OBIEE 11g? I remember it's possible in 10g.
  Any suggestion on how to achieve this? Thanks a lot!

  Login to Oracle Enterprise Manager (http://<servername>:7001/em ), navigate to WebLogic Domain > bifoundation_domain > Security > Security Provider Configuration
  then
  In the Identity Store Provider, click on Configure button. In Identity Store Configuration add 2 properties:
  Property name: user.login.attr, Value : sAMAccountName
  Property name: username.attr, Value: sAMAccountName
  Note:- sAMAccountName , this is for MSAD, you need to find out attribute for some other LDAP
  lemme know in case of issues
  please mark thread as answered and Assign point , if above soln answere's ur question.
  Regards
  Ankit
  Edited by: AnkitR Gupta on 12 Dec, 2012 1:27 AM
  Edited by: AnkitR Gupta on 12 Dec, 2012 1:32 AM

• How to access an External LDAP on a weblogic server using OPSS APIs.

  Hi,
  Can anyone let me know how I can access an External LDAP configured on a weblogic server using OPSS APIs( or alternative APIs).
  I'm currently using the below snippet and I'm getting only the Users and groups from the DefaultAutheticator on the weblogic server and not the external LDAP Server.
  I've verified the providers, users and groups on the weblogic server console and can see that external LDAP server content is being picked, but my below code does not query them.
  import oracle.security.idm.IMException;
  import oracle.security.idm.IdentityStore;
  import oracle.security.idm.Role;
  import oracle.security.jps.JpsContext;
  import oracle.security.jps.JpsContextFactory;
  import oracle.security.jps.JpsException;
  import oracle.security.jps.service.idstore.IdentityStoreService;
  List<Role> rowData = null;
  JpsContextFactory ctxf = JpsContextFactory.getContextFactory();
  JpsContext ctx = ctxf.getContext();
  IdentityStoreService storeService = ctx.getServiceInstance(IdentityStoreService.class);
  IdentityStore idStore = storeService.getIdmStore();
  rowData = this.getRoles(idStore, "*");
  Any help or pointers are highly appreciated.
  Thanks,
  Bhasker

  Can anyone please provide any suggestions. I trying to google around but still not able to find any solution.
  Thanks,
  Bhasker

• Server App not seeing external LDAP users & groups

  I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
  When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
  I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
  Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
  This is all so much more opaque than our superbly reliable Snow Leopard servers!
  TIA

  Ok, and again:
  You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
  Connect the third party ldap to your server
  Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
  When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
  Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
  To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
  Feel lucky
  And there ist ist; now you are able to use The accounts taken from an external LDAP.