Find all groups in LDAP

A user is member of a certain group. This group is member of multiple other groups and so on. Does anyone know how I can retrieve all those groups with java ?
Do I have to loop through all the groups, get the DN and find all other groups that have that DN as a member, again loop through all these groups, ....., or are there better solutions ?
Any help is very appreciated
Koen Boutsen

In general, you will have to find all groups which have the user as a direct member and then check out all groups who have these groups as members, etc.
Some of the LDAPs have 'virtual' attributes which keep track of this forward mapping of group membership (which infrequently changes) and which can be simply fetched as if it were a normal attribute. For example, "nsRole" in iPlanet and 'memberOf' in Active Directory
Hope that helps,
Ken Gartner
Quadrasis, Inc (We Unify Security, www -dot-- quadrasis dot com)

Similar Messages

  • Finding all groups a user is associated to

    Hi,
    I have a situation where in I would like to know ALL the groups a user is associated to. Is there any standard API to do this?
    Thanks,
    Jatinder

    I just meant you can write a little procedure that would use the connect by command to build a user rights path per say. This has been very helpful to me because we have thousands of groups so I can see how the group rights filter down.
    You just need a couple of cursors...
    1)select all the groups from member$ that a user is a direct member of
    2)then do a connect by prior group_id = member_group_id start with member_group_id = (the groups returned in the first cursor).

  • How to find out an active LDAP Server?

    How to find all other active LDAP servers when one fails?

    Hi, its Exchange 2003 SP2, OWA was working up till some updates where done on the server last week, now after you enter the user name and password I get a error HTTP/1.1 503 Service Unavailable, the guy who installed the server has been rolling back the updates to try and get it working but still hasnt been able to. Its problem after problem ATM, I cant VPN in either, the installer can from his place though.

  • Intaract with oid and bring the all groups resides in oid through ldap

    Hi,
    i would like to intaract with oid and bring the all groups which were resides in
    oracle intrnet directory through ldap. can u please give me the procedure
    that i can follow or else suggest me a documentation regarding this .
    regards,
    srinivas

    try this (behaviour not garranteed):
    For local groups (groups within the Portal's group install base) you can program a loop on the table PORTAL.WWSEC_GROUP$ then read the column NAME.
    For non local groups, use the (unsupported) API wwsec_oid (function get_group_name_from_dn(wwsec_group$.dn) ) instead of reading the NAME column.
    If the result is incomplete (synchro issues with OID for instance due to DIP) you'll have to use ldap request with DBMS_LDAP package.(or java alternative, of course)
    Patrick.

  • Get All group from LCES using Livecycle java API

    Hello ,
    Can anyone told me how i can retrieve all the groups that exist in my livecyle using JAVA API.
    Some method who return all groups ??
    Thanks!

    First Thank you for your answer
    I tried this part
    //Set connection properties required to invoke LiveCycle ES
                Properties connectionProps = new Properties();
                connectionProps.setProperty(ServiceClientFactoryProperties.DSC_DEFAULT_EJB_ENDPOINT, "jnp://test:1099");
                                                                      connectionProps.setProperty(ServiceClientFactoryProperties.DSC_TRANSPORT_PROTOCOL,Service ClientFactoryProperties.DSC_EJB_PROTOCOL);
                connectionProps.setProperty(ServiceClientFactoryProperties.DSC_SERVER_TYPE, "JBoss");
                connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_USERNAME, "administrator");
                connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_PASSWORD, "password");
                ServiceClientFactory scf = ServiceClientFactory.createInstance(connectionProps);
                DirectoryManager directoryManager = new DirectoryManagerServiceClient(scf);
                PrincipalSearchFilter psf = new PrincipalSearchFilter();
        psf.setPrincipalType(Principal.PRINCIPALTYPE_GROUP);  //Recommended - refines the search to a User or Group
        psf.setRetrieveOnlyActive(); // Recommended - returns only ative users/groups and not obsolete/deleted users/groups
        List<Principal> resultList = directoryManager.findPrincipals(psf);
        System.out.println("Done");
    and when I check the result of my list I find incomprehensible informations.
    So when I debug the code ,  my list  contains little information.
    NB : my LDAP contains hundreds of groups.
    Any suggestion
    Any code Source.

  • Get all groups from an AD Server

    Hi everyone,
    I'm trying to get all groups from and AD server.
    Here's how I'm doing it:
    DirContext ctx = new InitialDirContext( (Hashtable<String,String>) env);
              Name n2 = new CompositeName().add(groupsContainer);
              NamingEnumeration<Binding> contentsEnum = ctx.listBindings(n2);
              int i = 1;
              while ( contentsEnum.hasMore() && (i++) < 1000 )
                   Binding binding = contentsEnum.next();
                   groups.add(binding.getName().substring(3));
              return groups; The problem is, I always get an error if I don't restrict the results number to below 1000.
    The error is the following *javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded];*
    After googling, I found it it's due to a field in the AD Server, that restrict the result number.
    So there is no way that I can obtain all groups without changing that field?
    Regards,
    Nuno.

    Hi Nuno,
    You have to increase the MaxPageSize value at ActiveDirectory level to retrieve results more than 1000. By default the MaxPageSize value is 1000. There is no option other than increasing the MaxPageSize value.
    Thanks & Regards,
    Murali.
    ============

  • How do I find all pictures with no (empty) keyword ?

    I have decided to import all my pictures into LightRoom.
    A lot of my older pictures are not registered with any keywords :(
    - only with IPTC location information.
    My plan is to systematic go through all my pictures and add relevant keywords to all pictures - so my old pictures become as searchable as my newest pictures.
    Some of my old pictures has keywords some has not.
    How do I in Lightroom - find all pictures with no keywords?
    I have tried to use the Find tool - but don't see any options to search for "Empty/missing" keywords.
    Also I would like to find all pictures with few keywords and in step II add additional keywords to these pictures.
    Any ideas on how to make a find all pictures where number of keywords is less than X inside or outside LightRoom.
    Henrik Bach
    Denmark

    > I also did think of the SQL idea.
    > If I find a way of doing this I will repost my findings.
    Well, being a tech geek, I found this challenge kind of irresistible,
    and I'm happy to report I have a solution for you.
    STEP 1
    First, make a copy of your "Lightroom Database.lrdb" file (we'll work
    off the copy to be safe)
    STEP 2
    Next, you need to be able to browse the database. The database is in
    SQLite3 format. I tried installiing an SQLite3 ODBC driver and accessing
    it through MS Access 2003. While Access was able to see all of the
    tables in the database, every time I tried to link to one I got:
    "Reserved error (-7748); there is no message for this error"
    I found a few tips for this but wasn't able to work around it and get it
    to work. Which is a shame, since Access would be the easiest way for
    browsing and querying tables.
    Instead I found an open source tool called SQLite Database Browser.
    http://sourceforge.net/project/showfiles.php?group_id=87946&package_id=91778&release_id=41 4746
    I used the Windows version. There appears to be a version for MacOSX on
    PowerPC. It doesn't look like there is a version for Intel based Macs
    (though if you know how, you could always try downloading the source and
    compiling it yourself).
    STEP 3
    After you install the browser, open it up, choose "Open Database" and
    select the COPY of the lightroom database we made in step 1
    STEP 4
    go to the Execute SQL tab and issue the following command
    SELECT A.idx_filename, count(C.name)
    FROM Adobe_imageFiles A, AGLibraryTagImage B, AGLibraryTag C
    WHERE A.image=B.image AND B.tag=C.id_local AND C.kindName='AgKeywordTagKind'
    GROUP BY A.idx_filename
    HAVING count(C.name) <= 3
    That will give you all images with 3 or fewer keywords applied.
    Of course, theres no guarantee that this wont break in future versions.
    Now an explanation of the data.
    Adobe_imageFiles - contains data about image files:
    1) idx_filename is the filename
    2) absolutePath is the full file path
    3) image is a unique ID for the image which you can cross reference in
    other image related tables
    AGLibraryTag - contains info about "tags" applied to images:
    1) id_local is a unique ID for this "tag", which you can use to cross
    reference in other tag tables
    2) kindName is the kind of tag you are looking at. Available values
    appear to be:
    AgCaptionTagKind
    AgCollectionTagKind
    AgCopyrightTagKind
    AgEnumeratedMetadataTagKind
    AgFolderTagKind
    AgImportTagKind
    AgKeywordTagKind
    AgMissingFileTagKind
    AgQuickCollectionTagKind
    AgSpecialContentOwningTagKind
    AgTempImagesTagKind
    3) name is the value for that tag (the collection name, the keyword, etc)
    AGLibraryTagImage - Use this to connect the images and tags tables

  • Finding the group from a page level

    I have a requirement to detach a particular page from the master page so that i can edit the respective item.
    I have written the below script that look for the group inside masterPageItems and then detach the page.
    When i printed "currentPage.masterPageItems.length" in alert, it shown me 120 counts. The issue here is that it is looping through all the 120 items to get the group and then detaching it.  Is there a better way to find the group once i get the "currentPage" rather than looping through all the masterpageitems?  Please help if you have a solution for this.  The script takes a lot of time to execute and need to optimize it.  If anybody require i can send you the INDD sample file for testing .  Thanks in advance
                 var myDCPDocument = app.activeDocument;
                 for (var pageIndex =0; pageIndex < myDCPDocument.pages.length; pageIndex++)
                        var currentPage = myDCPDocument.pages.item(pageIndex);
                         alert(currentPage.masterPageItems.length);
                         for (var masterPageItemIndex =0; masterPageItemIndex < currentPage.masterPageItems.length; masterPageItemIndex++)
                                var currentPageItem = currentPage.masterPageItems[masterPageItemIndex];
                                if (currentPageItem.constructor.name == "Group")
                                     var groupPageItems = currentPageItem.pageItems;
                                     for (var pageItemIndex = 0; pageItemIndex < groupPageItems.length; pageItemIndex++)
                                          var cntrl = groupPageItems[pageItemIndex];  
                                           if (cntrl.label == "Markets")
                                                var table = cntrl.tables[0];
                                                alert("Total No of Cells :" + tbl.cells.length );
                                                currentPageItem.override(currentPage);
                                                break;

    Hi Peter,
    That was a good information.  I was able to get the Markets section of the document.  I modified the code as per your suggestion below.
                  for (var pageIndex =0; pageIndex < myDCPDocument.pages.length; pageIndex++)
                        var currentPage = myDCPDocument.pages.item(pageIndex);   
                        var currentPageItem = currentPage.masterPageItems[0];
                        var tables = myDCPDocument.stories.everyItem().tables.everyItem().getElements();
                        for (i = 0; i < tables.length; i++)
                                if (tables[i].parent.label == "Markets")
                                       var table = tables[i];
                                       alert("Total No of Cells :" + table.cells.length );
                                       currentPageItem.override(currentPage);
                                       break;
    But i am unable to override the pageItem.  Neither it doesn't throw any error nor i am unable to apply the swatch (code pasted below).  Do you think the above code is still having problem? 
    Apply swatch on to the detached Markets group
                 for (var pageIndex =0; pageIndex < myDCPDocument.pages.length; pageIndex++)
                        var currentApplyPage = myDCPDocument.pages.item(pageIndex);
                         for (var applyGroupIndex = 0; applyGroupIndex < currentApplyPage.groups.count(); applyGroupIndex++)
                               var applyPageItems =currentApplyPage.groups[applyGroupIndex].pageItems;
                               for (var applyPageItemIndex = 0; applyPageItemIndex < applyPageItems.length; applyPageItemIndex++)
                                        var tableControl = applyPageItems[applyPageItemIndex];    
                                        if (tableControl.label == "Markets")
                                            var applyTable = tableControl.tables[0];
                                            for (cellIndex = 0; cellIndex < applyTable.cells.length; cellIndex++)
                                                    var applyCellInfo = applyTable.cells[cellIndex];
                                                    if (applyCellInfo.contents == "MW-2" )
                                                        applyCellInfo.fillColor = slugNoFillSwatch;
                                                        break;
                                                        //alert('NoFill Swatch is applied for MW-2 market segment sucessfully');
                                             break;

  • User being removed from Domain Admins...how to find all servers his account is being used.

    We have a user that is being removed from IT (more like being forcefully demoted) and our owner still finds him valuable in other departments. My challenge is to find all servers that he may be using his account locally on (as a service or added to a local
    admin group). It hasn't happened yet, but we need to be prepared to say we know all the servers his account is on when the owner demotes him.
    I'm hoping someone has an approach to this that doesn't include going through tons of Event Viewer Security logs. We do have System Center Configuration Manager and Operations Manager 2012 w/ SP1, but the guy that is responsible for those is the guy we are removing
    and none of us are aware on how to use the possible tools that those have. If you feel that those would do the trick then please point me to a "how to" and I'll try to learn on the fly. Otherwise I'll take any other suggestions.
    ~Rick

    Hi Rick,
    Based on my research, you can filter events logs based on user name and event ID:
    Advanced XML filtering in the Windows Event Viewer
    http://blogs.technet.com/b/askds/archive/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer.aspx
    Best Regards,
    Amy

  • How to find all the parts used from stock for 1 machine

    Dear Sap community,
    I'm trying to find all the spare components that are used for 1 specific machine.
    If I look in the work orders under components it only gives the components that are orderd.
    But I would like to find the components that come out of stock. I asked the stockkeeper and he said he writes it all in the work orders but we can't find it back.
    It would be nice to just find it on the work order but it would be easier if I could just choose a machine and then find all the spare parts used from stock.
    So my question is can I find all the spare parts used for 1 machine or just find the spare parts in the work order?
    Thank you for any help you can provide in this situation,
    Michael Claes

    Hi,
    In addition to puneet's information:
    Training and Event Mgmt  infotypes:
        Prices (Infotype 1021)
        Availability Indicators (Infotype 1023)
        Capacity (Infotype 1024)
        Depreciation Meter/Validity (Infotype 1025)
        Business Event Info (Infotype 1026)
        Site-Dependent Additional Info (Infotype 1027)
        Address (Infotype 1028)
        Business Event Type Info (Infotype 1029)
        Procedure (Infotype 1030)
        Mail Address (Infotype 1032)
        Name Format (Infotype 1034)
        Schedule (Infotype 1035)
        Costs (Infotype 1036)
        Billing/Allocation Info (Infotype 1037)
        Business Event Blocks (Infotype 1041)
        Schedule Model (Infotype 1042)
        Demand (Infotype 1060)
        Web Link (Infotype 1061)
        Knowledge Link (Infotype 1062)
        Business Event Group Info (Infotype 1063)
    Thanks,
    Anil.G

  • Query to find all text attachments for items

    I am using the query below to try to find all active items for my org that have an attachment of type 33 (something we have defined I believe) and contain specific text. Some of the items appear to meet all criteria (active, right category, etc) but do not show up in my results. Can someone please take a look and see if there is a join missing, an outer join that should be used, or an overall easier way to do this query and get the text information?
    SELECT i.segment1 "Item Number",
    i.description "Item Description",
    u.user_name || ' (' || ppx.first_name || ' ' || ppx.last_name || ')' "Created By",
    i.creation_date "Created Date",
    to_number(r.revision) "Revision",
    to_char(r.effectivity_date, 'MM/DD/YYYY') "Effectivity Date",
    nvl(tx.short_text, '<No Drawing Info>') "Drawing Info / Attachment"
    FROM apps.mtl_system_items_b i,
    apps.mtl_item_revisions_b r,
    apps.fnd_user u,
    apps.per_people_x ppx,
    apps.fnd_attached_documents ad,
    apps.fnd_documents d,
    apps.fnd_documents_tl t,
    apps.fnd_documents_short_text tx
    WHERE i.organization_id = 90 AND -- for MBE only
    r.organization_id = 90 AND -- for MBE only
    ad.pk1_value = 90 AND -- for MBE only
    ad.entity_name = 'MTL_SYSTEM_ITEMS' AND
    (upper(tx.short_text) LIKE '%DWG%' OR
    upper(tx.short_text) LIKE '%SIZE%' OR
    upper(tx.short_text) LIKE '%DRAW%') AND
    tx.short_text != 'DWG NONE' AND
    d.document_id = t.document_id AND
    t.source_lang = 'US' AND
    t.LANGUAGE = 'E' AND
    to_number(ad.pk2_value) = i.inventory_item_id AND
    t.document_id = ad.document_id AND
    tx.media_id = t.media_id AND
    d.category_id = 33 AND
    i.inventory_item_status_code = 'Active' AND
    i.inventory_item_id = r.inventory_item_id AND
    u.employee_id = ppx.person_id AND
    u.user_id = i.created_by AND
    to_number(r.revision) =
    (SELECT MAX(to_number(r2.revision))
    FROM apps.mtl_item_revisions_b r2
    WHERE r2.inventory_item_id = i.inventory_item_id) AND
    r.effectivity_date =
    (SELECT MAX(r3.effectivity_date)
    FROM mtl_item_revisions_b r3
    WHERE r3.inventory_item_id = i.inventory_item_id)
    GROUP BY i.segment1,
    r.revision,
    i.description,
    u.user_name,
    ppx.first_name,
    ppx.last_name,
    i.creation_date,
    r.effectivity_date,
    tx.short_text
    ORDER BY i.segment1 ASC;
    Thank you!
    Message was edited by:
    matt.schutz

    There is no workbook/worksheet linkage to a business area. So you cannot search for a business area and find all the workbooks "attached" to that business area. The attachment of workbooks is at the folder level. It is actually possible, if you are sharing folders among business areas, to create a workbook with data from 2 or more business areas. I have tested that and it is indeed possible. In Discoverer Administrator you can check on folder dependencies to see what workbooks use the folder. Though in my version of Discoverer, there is a problem with Discoverer Plus, such that the workbook save in Plus is not creating this dependency information like it should. At least I have not found any way to take a business area and determine what workbooks would fall under it. Maybe someone else has found a way.
    John Dickey

  • Which table could i find 'Authorization Group'  used for Material master?

    Hi experts,
    Is there any table available could i find all 'Authorization Group' list as used by material master data.
    OR in SPRO, anywhere could i find 'Define authorization group' for material master data specific??
    Thanks.

    Hi
    Authorization group in the material master are maintained at the material type level.
    SPRO->IMG-> Logistics - General-> Material Master-> Basic Settings-> Material Types-> Define Attributes of Material Types
    List of authorization roups can be found in table T134-Material Types
    this filed is a free defined 4 charcter field.
    Thanks & Regards
    Kishore

  • Finding all the Purhcase Order if we have the Material Number

    Hi Gurus,
    In 2009, we set up the Purchase Orders for particular material with standard cost, now in 2010 the vendor has changed the standard cost of the material,however in our books we did not change the standard cost in the PO.
    Now we want to change the standard cost in all the purchase orders at once. is there any way to find all the purchase orders against any particular material, so that we can update the Purchase order.Actually we are not aware how many purchase orders have been created for such material.
    Thanks

    Dear,
    Use transaction ME2N and find the purchase order for particular material or material group..
    Regards,
    Chintan Joshi

  • Function Module for finding all the users in an org unit?

    Hi,
    is there a function module or a table by which we can find all the users within a purchasing group of purchasing organisatiopn unit.
    Looking for a quick response.
    Regards,
    Neha

    Please use the function module BBP_OM_STRUC_GET_USER_FROM_ORG.  You have to pass the Org Ids in the parameter START_OBJECTS. Then USER_TAB will give you all the users.
    Note:
    OTYPE = 'O'.
    OBJID = <Org Id say 50002323>.
    Regards
    Kathirvel
    Edited by: Kathirvel Balakrishnan on Sep 24, 2008 2:25 PM

  • I'm trying to find all references to a domain in ISE

    We've renamed our internal domain and I'm looking for a way to find all references to our old domain so I can delete it.  I've gone through all of the authorization/authentication/etc. and it still says "Error One or more of the groups being deleted are referred to by another component..." I don't know where it's being referenced to update/remove it.
    Anyway to locate all references to an object? 

    Hello David, unfortunately there isn't such a feature in ISE. I used to do voice for a while and CallManager has a nice feature called "dependency records" which would do exactly that :)
    Here are a few places you can check and see if the AD configuration is being referenced:
     - Identity Store Sequences
     - Guest portal authentication
     - Sponsor portal authentication
     - My Device Portal
     - ISE administrative access via AD
     - Client Provisioning rules
     - Posture Assessment rules
     - Custom created authentication and authorization conditions that were saved to the library
     - Default authentication/authorization conditions in policy sets
    I hope this helps!
    Thank you for rating helpful posts!

Maybe you are looking for

  • Why does Adobe 9.1 completely suck?

    I just upgraded to the new Adobe Reader 9.1 and it seems to me that this is the absolute worst version of reader that I have ever come across. I have yet to see something so pathetically slow when it comes to doing anything and everything. Not just o

  • How to find out the path of already existing directory?

    I need to get the exact path of 'FCO_DIR' directory. Could you please help me out with this. Is there any table name or a quey that I can run to get this information? Below is the code that I am using : Code: l_input_dir CONSTANT VARCHAR2 (30) := 'FC

  • Field in structure 'is not defined in the ABAP Dictionary'

    Hi, I have created an Infoset (SQ01) based on an external program and structure. These two things are required. However when I try to generate my Infoset I get an error message for each element in the structure I created in SE11. The error is: "<stru

  • Best practice when deleting from different table simultainiously

    Greetings people, I have two tables joined with a foreign key contrraint. They are written at the same time to keep the constraint happy but I don't know the best way of deleting them as far as rowsets and datamodels are concerned. Are there "gotchas

  • Ipad video to HTML5

    Have anybody tried to show iPad's video output in a browser using HTMl5??