Fetching ROLES from LDAP

Hi Experts,
I need to fetch roles assigned to a user from LDAP. The requirement is such that I need to put the USERID in a search box and on the basis of the USERID, I need to fetch all the roles from LDAP that are assigned to that USERID.
Any code snippets, links will be appreciated.
Thanx
Bhardwaj

<a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2073">Check this blog by Prakash Singh</a>

Similar Messages

  • How do get the role from ldap session.

    i am using the follwing getting the role from the request in openldap and j_security_check:
    f(request.isUserInRole("manager")){
    how can i use this in the session:

    You might wanna change permissions for that attribute ...
    Change it from Admin to OWNER and you should be able to then get it for any user ...
    HTH ..

  • Automatic upload of roles from ECC to portal (UME with LDAP)

    Hi experts,
    This thread reopen the question asked on the following message : automatic upload of roles from BI to portal
    However, it concerns this time "UME with LDAP".
    Problematic :
    SAP Library 04s tells us that is not yet possible to automate role replication (or role assigment replication) from ABAP Based back-end to Netweaver Portal. Only manual process for initial upload is possible.
    Source = http://help.sap.com/saphelp_nw04s/helpdata/en/41/5e4d40ecf00272e10000000a155106/frameset.htm
    Questions :
    1 - Did anyone ever try to implement such an automatic tool ?
    2 - What if I'm not able to write on the Active Directory ? I am still able, at least, to automate role assignment replication from ABAP Based back-end to Netweaver Portal (ie. UME with LDAP) ? Directly from SAP R/3 to EP through UME, without passing through Active Directory since the group field is not maintained in AD.
    Many thanks for your inputs
    Alexis MARTIN

    Hello,
    As I did not read the previous thread I don't know what exactly you are trying to achieve, but I can tell you about what we have done - as far as it is not too late yet.
    We use the portal with integration to a BI system. In the ABAP stack we have lots of roles with menu items for hundreds of reports. We want the users to see these roles in the portal.
    First we have used the role migration tool of the portal to upload these roles. There is a Java API for executing role uploads from code. You need to create a webservice in the java stack to call this api, and can call the webservice from ABAP.
    However it is just a question of time and role size until this will not work at all. Standard role migration is more or less crap, stability is a problem. It also creates a lot of logs in the PCD and thus fills the database with trash. (After a few OSS messages there is now a program for deleting logs + you can turn of logging.) Also upload of larger roles takes up to an hour, and you alwasy have the problem that your portal roles are not up to date during the day.
    When I got completely fed up, I have implemented an own navigation connector. When you log on to the portal it will connect to the ABAP stack via RFC, load the role, and generate the portal menu from it. It uses caching, but on every logon it checks whether the role has been updated in ABAP since the last time it was loaded. It is up to date, faster then PCD navigation, and you need absoluetely no periodical synching at all. I cant even understand why this is not offered by SAP per standard!
    Drawback is that it will of course only work for the menu items, and only menu items with an "URL-type" are supported. I'm prettry sure however that it would be possible to implement a few other types as well.
    Let me know if you are interested in the solution, I can give you a few additional details: oliverDOTsvisztATwienerbergerDOTcom
    Oliver

  • Provisioning LDAP roles from SIM

    SIM Experts:
    I am trying to provision LDAP roles from SIM into our local IPlanet/Sun DS LDAP instance.
    When I created the resource in SIM, I noticed it didnt rope in the built in roles from our LDAP instance, just as it did LDAP groups.
    I tried to circumvent this by :
    1. Creating individual Role_<> attribute entries in the LDAP resource schema which in turn get mapped to 'nsRoleDN' from LDAP.
    2. Create 'Roles' in SIM mapped to the LDAP resource and set attribute values for the 'Role_<>' attributes (added earlier to the schema mapping) like -
    Role_auditor : cn=Auditor,dc=example,dc=com
    The hitch with this approach is if I add multiple roles to the account (during creation), only the last role gets added .. in other words, I see only 1 'nsroleDN'' entry.
    I do not know if this the right approach, but could someone suggest a better alternative, if there is one.
    Thanks in advance,
    apn.

    Answered here: http://forum.java.sun.com/thread.jspa?threadID=5247269&tstart=30
    ... although, as indicated getRoles should return a list of Role names as well... If you create a variable in the workflow and populate it with this call... it should be a List. [item1,item2,item3] may just be the trace representation of a list.

  • In ldap how doe you get your role from your session.

    i am getting the role from the request in ldap how do you get it from the from the session.
    <%if(request.isUserInRole("management")){%>                                                                                                                                                                                                                                                                                       

    Hi,
    who writes it to the session and which attribute name is used ?
    Frank

  • Assigning roles to LDAP users through BIP API

    Hi.
    My customer has BIP 11g and OIM 9.1.0.2 running on the same weblogic server (11g). Both authenticate against the same LDAP server.
    One of our desired next steps is to provision from OIM the BIP roles to each LDAP user so every user gets the correct roles (and access to the correct reports) according to the groups he has on OIM.
    I've been searching for info regarding this without success. The BIP API doc does not show any info about assigning roles to users.
    We don't need to manage LDAP users, BIP roles, etc... through OIM. We only need to assign BIP roles to LDAP users.
    Is it possible to make that assignments through BIP API?
    If not, any other ideas? New ideas or different approaches are welcome.
    Thanks in advance.

    In OBIEE 11g which includes BIP the application roles are applied to LDAP users and groups using the Enterprise Manager Fusion Control.
    During the upgrade process from OBIEE 10g to OBIEE 11g the groups do get assigned to these roles transparently so there must be some API to leverage this functionality.
    I would start there, http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10541/admin_api.htm
    There are no specific instructions on accomplishing what you seek but if you have some WLST or Java Skills you should be able to get something prototyped.
    Let me know if that helps.

  • How to create Users/Roles for ldap in weblogic without using admin console

    Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
    or is there any ant script for creating USers/Roles?
    Regards,
    Raghu.
    Edited by: user9942600 on Jul 2, 2009 1:00 AM
    Edited by: user9942600 on Jul 2, 2009 1:58 AM

    Hi..
    You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
    .e.g. wlst create user
    ..after connecting to admin server
    serverConfig()
    cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
    cmo.createUser("userName","Password","UserDesc")
    ..for adding/configuring a role
    cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
    cmo.createRole('','roleName', 'userName')
    ...see the mbean docs for all the different attributes, operations etc..
    ..Mark.

  • Role of LDAP server in portal

    HI
    Can any one tell me what is the role of LDAP server in portal
    Thanks
    shashank

    Hi Shashak,
    if you use the LDAP Server as UME User Store, the security policy from the LDAP server is enforced. This means that if the data source has defined its own security policy, there is no standard interface to pass on any error messages received from the data source to the UME user in the same level of detail and in the correct language. The user only receives a very generic error message. Therefore, you would need to adapt the Portal security policy accordingly. You can find some further information under http://help.sap.com/saphelp_nw04/helpdata/en/7f/c52442ad9f5133e10000000a155106/frameset.htm.
    More general information on LDAP integration you can find under http://help.sap.com/saphelp_nw04/helpdata/en/3b/68ff407765ed6fe10000000a1550b0/frameset.htm.
    Best regards,
    Joerg

  • Assign role to LDAP group

    Hello,
    I've assigned a role to a LDAP group in portal. But when accesing it displays: 'No portal roles are assigned for this user'.
    The user is included in the LDAP group but I dont't know why it doesn't display nothing.
    Please, do you know what could it be?
    Thanks in advance

    Hi Isabel,
    this really IS strange. Can you assign this user to a group defined in the database and try to assign a role to this group? Is it working then?
    If this is working, then we probably have to increase the log levels and check from there.
    You could also try to remove the role from the group and reassign it again.
    If it's not working: remove it again and this time search for the role and assign the group to it.
    Please come back if it is not working. Then we will try to dig deeper.
    Regards,
    Holger.

  • Retriving user list from ldap (username - first and last, dn, cn)

    Hi,
    I tried connecting LDAP server and succesfully connected and now i need to get userlist from LDAP can anyone give me a sample code to get userlist from LDAP.
    public static boolean testLDAP() {
                   InitialDirContext ctx = null;
                   try {
                           Hashtable htbl = new Hashtable();
                           htbl.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
                           htbl.put(Context.PROVIDER_URL, "ldap://padl:389");
                           htbl.put(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
                           htbl.put(Context.REFERRAL, "ignore");
                           htbl.put(Context.SECURITY_AUTHENTICATION, "simple");
                           htbl.put(Context.SECURITY_PRINCIPAL, "cn=administrator");
                           htbl.put(Context.SECURITY_CREDENTIALS, "password");
                           ctx = new InitialDirContext(htbl);                       
                           if (ctx != null) {
                                   ctx.close();
                                   return true;
                   catch (NamingException e) {
                           System.out.println("Error Connecting to LDAP Server.");
                           System.out.println(e.toString());
                           ctx=null;
                           return false;
                   return false;
           }Thank You.

    Ok here is the code to fetch userlist(First Name, Last Name, cn, dn, mail) from LDAP.
    import java.util.Hashtable;
    import javax.naming.Context;
    import javax.naming.NameNotFoundException;
    import javax.naming.NamingEnumeration;
    import javax.naming.NamingException;
    import javax.naming.directory.Attributes;
    import javax.naming.directory.DirContext;
    import javax.naming.directory.InitialDirContext;
    import javax.naming.directory.SearchControls;
    import javax.naming.directory.SearchResult;
    public class UserListFromLDAP
       public static void main(String args[])
          Hashtable env = new Hashtable();
          env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
          env.put(Context.PROVIDER_URL,"ldap://host:389");
          DirContext ctx;
          try {
             ctx = new InitialDirContext(env);
          } catch (NamingException e) {
             throw new RuntimeException(e);
          NamingEnumeration results = null;
          try {
             SearchControls controls = new SearchControls();
             controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
             results = ctx.search("", "(objectclass=person)", controls);
             while (results.hasMore()) {
                SearchResult searchResult = (SearchResult) results.next();           
                Attributes attributes = searchResult.getAttributes(); 
                System.out.println("dn----------> "+searchResult.getName());
                System.out.println("cn----------> "+attributes.get("cn").get());
                if (attributes.get("givenName")!=null)
                     System.out.println("First Name--> "+attributes.get("givenName").get());
                System.out.println("Last Name---> "+attributes.get("sn").get());
                System.out.println("Mail--------> "+attributes.get("mail").get()+"\n\n");
          } catch (NameNotFoundException e) {
               System.out.println("Error : "+e);
          } catch (NamingException e) {
             throw new RuntimeException(e);
          } finally {
             if (results != null) {
                try {
                   results.close();
                } catch (Exception e) {
                     System.out.println("Error : "+e);
             if (ctx != null) {
                try {
                   ctx.close();
                } catch (Exception e) {
                     System.out.println("Error : "+e);
    }Here is the code to search user from LDAP based on cn and sn
    import java.util.Hashtable;
    import javax.naming.Context;
    import javax.naming.NameNotFoundException;
    import javax.naming.NamingEnumeration;
    import javax.naming.NamingException;
    import javax.naming.directory.Attributes;
    import javax.naming.directory.DirContext;
    import javax.naming.directory.InitialDirContext;
    import javax.naming.directory.SearchControls;
    import javax.naming.directory.SearchResult;
    public class LDAPUserSearch
       public static void main(String args[])
          Hashtable env = new Hashtable();
          env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
          env.put(Context.PROVIDER_URL,"ldap://host:10389");
          DirContext ctx;
          try {
             ctx = new InitialDirContext(env);
          } catch (NamingException e) {
             throw new RuntimeException(e);
          NamingEnumeration results = null;
          // give either cn or sn to check     
          String cn = "Common Name";
          String sn = "lastName";
          try {
             SearchControls controls = new SearchControls();
             controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
             if(!cn.equalsIgnoreCase("") && !sn.equalsIgnoreCase("")){
                  System.out.println("Please test with either cn or sn");
             else if(cn!=null && !cn.equalsIgnoreCase("")){
                  System.out.println("Result based on cn:");
                  results = ctx.search("", "(cn="+cn+")", controls);
             else if(sn!=null && !sn.equalsIgnoreCase("")){
                  System.out.println("Result based on sn:");
                  results = ctx.search("", "(sn="+sn+")", controls);
             else{
                  System.out.println("No results found");
             while (results.hasMore()) {
                 SearchResult searchResult = (SearchResult) results.next();
                 Attributes attributes = searchResult.getAttributes();
                 System.out.println("Full Name:--------> "+attributes.get("cn").get());
                 if(attributes.get("givenName")!=null)
                      System.out.println("First Name:-------> "+attributes.get("givenName").get());
                 System.out.println("Last Name:--------> "+attributes.get("sn").get());
                 System.out.println("Mail:-------------> "+attributes.get("mail").get());
          } catch (NullPointerException e) {
               // Leave this...
          catch (NameNotFoundException e) {
             System.out.println("Error : "+e);
          } catch (NamingException e) {
             throw new RuntimeException(e);
          } finally {
             if (results != null) {
                try {
                   results.close();
                } catch (Exception e) {
                     System.out.println("Error : "+e);
             if (ctx != null) {
                try {
                   ctx.close();
                } catch (Exception e) {
                     System.out.println("Error : "+e);
       public static void common() {
    }

  • RFC fetching data from table which is not commited

    Hi Experts,
                   I have a query regarding commit work.Below is the RFC that i have written
    FUNCTION ZBAPI_CREATE.
    *"*"Local Interface:
    *"  TABLES
    *"      IT_ZABAP_RFC STRUCTURE  ZBAPI_RFC_STR OPTIONAL
    *"      RETURN STRUCTURE  BAPIRET2 OPTIONAL
    CALL FUNCTION 'ZBO_BAPI_CREATE'
    TABLES
       IT_ZABAP_RFC       = IT_ZABAP_RFC
       RETURN             = return
    Break-point.
    DATA lt TYPE TABLE OF ZBAPI_RFC_STR_MAIN.
    CALL FUNCTION 'ZBAPI_SEARCH_RANGE'
    * EXPORTING
    *   IS_STR        =
    TABLES
       ET_TAB        = lt
    *   RETURN        =
    ENDFUNCTION.
    here in first RFC call i am creating a record in ZTABLE , and then at break-point
    i check the ZTABLE where it does not create any record because data is not commited into ZTABLE upto this point, but just after it i have written code for fetching data from ZTABLE but i am able to get this new record in lt.
    Can anybody please explain that from where this serach RFC is providing data because inside serach i am simply selecting data from ZTABLE.
    Regards,
    Abhishek Bajpai
    Edited by: ABHISHEK BAJPAI on Jan 28, 2009 1:12 PM

    Hi Thomas,
                     Thanks for reply , i checked in ZTABLE ,before search RFC call data is not there but if i commit explicitly only then it is showing data in ZTABLE. Actually my requirement is different -
    I have two RFCs 1. Create 2. Search , Now  from web dynpro user will call first Create RFCs but at this point it should not insert record in ZTABLE and just after it user will call another search RFC and in this search he should be able to get these newly created records.
    I want to have the functionality which a user gets when working with normal database front end like SQLPLus for Oracle. In these scenarios we see that whenever user does any insert or update the data sits in the table but still it is not committed. So there he fires Select query he sees the inserted data. But if he logs off from SQL PLUS and then logs in again, and fires Select query he does not see the data as it was not committed. I want a similiar functionalty in which if user inserts the data through Create RFC and fires the Select query through Search RFC then he can see the newly Created data also even though this data is not committed.
    Although if i call create RFC in update task it will not update ZTABLE but in this situation , if user will call search RFC he will not be able to get newly created records.
    So my requirement is that i should be able to get those records which are not commited in ZTABLE .If you have still any doubt regarding my question then please let me know.
    Regards,
    Abhishek

  • How to find the number of fetched lines from select statement

    Hi Experts,
    Can you tell me how to find the number of fetched lines from select statements..
    and one more thing is can you tell me how to check the written select statement or written statement is correct or not????
    Thanks in advance
    santosh

    Hi,
    Look for the system field SY_TABIX. That will contain the number of records which have been put into an internal table through a select statement.
    For ex:
    data: itab type mara occurs 0 with header line.
    Select * from mara into table itab.
    Write: Sy-tabix.
    This will give you the number of entries that has been selected.
    I am not sure what you mean by the second question. If you can let me know what you need then we might have a solution.
    Hope this helps,
    Sudhi
    Message was edited by:
            Sudhindra Chandrashekar

  • Fetching data from internal table in smartform

    Hi,
    I'm able to fetch data from one internal table, but in the table the fields are not coming perfectly, can anybody help me in this?
    Thanks in advance.

    Hi
    You have to to specify the text node that you have created for the table that it belong to which cell in the table. Also you styles to format the text(eg: left aligned, center alinged etc)
    If you have further query please post.
    If this resolves your query close the thread and reward points
    Cheers
    Shafiq

  • Multiple select queries used in Excel BI report ,fetching data from Sharepoint DB(SP2010_Prod_ProjectServer) causing blockage on DB ,when more than one workbook(same copy of Excel BI Report) refreshed using Refresh All option.

    I am using mutiple select queries to fetch data from Project Server 2010 DB(its sharepoint DB) and these queries fetch data in Excel BI report by establishing connection with DB using instance name and all. I have enhance all these select queries and data
    is being fetched in secs. but when more than one copy of same Excel BI report is refreshed using 'Refresh All' option, then these select queries cause blockage on DB.
    Please let me know mitigation for this blockage issue.
    Should I use begin transaction and commit transaction statements/ shared lock statements.
    please reply

    Hi,
    run same query at the same time?

  • How to fetch data from a SAP BW Cube via Perl/PHP on a Linux machine?

    Hi all,
    here's the scenario:
    I need to fetch data from a cube of a remote SAP NetWeaver 7.  The data will later be used in a web application based on  Linux and  Perl/PHP. (I'd prefer using perl for the backend and doing the business logic of the web application.)
    I have:
    A Linux system with all its on-board tools and scripting languages.
    A user for the SAP BW which allows me to logon (very,very limited user rights, no se37,no se80,no rsaX and so on)
    Access to http://<SAP BW Server>:<Port>/sap/bw/xml/soap/xmla with the above mentioned user.
    My questions:
    - Could you please push me into the right direction how I can realize this? E.g. by pointing to tutorials / HowTos / sample code / CPAN modules etc..  (Most information I found so far referred to software based on a different operating system and on remote function calls using custom functions.)
    - I'm aware of the  SAPNW::RFC CPAN module, but do I necessarily have to perform a remote function call? ( If so, is there a "standard" function I could call for accessing a cube?)
    Thanks a lot in advance!

    You can take through the RFCS .check for some system function modules...but why do you need to route it through XI?How huge z the files?

Maybe you are looking for

  • Wacom Tablet Issues with LR 5.6

    Ever since I upgrade to LR 5.6, I'm having problems with my wacom tablet (intuos 5 wireless small).  When I use the TAT, as I move up and down the slider moves a couple of numbers and them stops.  If I use my blue tooth mouse, it works just fine.  Al

  • Inventory cube 0IC_C03 ,Stock on particular date

    Hi All,    We are trying to get the stock on a particular date using cube 0IC_C03 ,but we are unable to get the total stock on a given date. 1)Ex: I want stock on 01.12.2009 ,but in the query output I am getting  null values.   I am only getting the

  • Xml publisher output problem

    i am getiing the output of .rtf file in .rtf only but i selected the pdf format. why it is happning

  • Suhelperd crashes during Software update after HD recovery

    Hallo All, It started with Software update not being able to update. I had to repair my Hard Disk, and I ended up by using the recovery partition to clean the Hard Disk. I'm back by reloading the latest available backup from Time Capsule. The softwar

  • Thumbnails in Project Window

    I have a Konica Minolta 7D. When I import RAW photos from my camera initially the full-sized photos appear in the Project. The second time I open the Project, however, thumbnails are displayed in the Project Screen along with the full-size versions.