FMWControl with thirdparty LDAP

Hello,
We have a need to configure our application that is built using ADF to manage security policies for page and task flow authorization. I understand that we can use FMWControl from Oracle Enterprise Manager to define the security policies in OID 11g. How do we configure FMWControl to manage the same security policies in other thrid party LDAP servers. Our customer base may have already defined their enterprise users and roles in a different LDAP. We want our customers to leverage their existing investments.
Thanks.
Rama

"Ross Bonner" <[email protected]> wrote in message
news:3f818fe9$[email protected]..
I can't find any documentation for WebLogic 70 on how to configure LDAP
authentication using the embedded LDAP server.
Has anyone successfully gotten LDAP authentication configured embeddedLDAP
in WebLogic70?
What steps did you taske to get it working?
Can you provide more information on exactly what you are trying to do? There
is the external ldap
provider and the default authenticator provider. Do you want to configure
authentication in one domain to use
the embedded ldap server of another domain?
>
>

Similar Messages

Any issues with using LDAP on LINUX for GRC 5.2 UME?

Our company is converting our LDAP servers from AIX to LINUX. The DNS name used in our UME connection should not change. Are there any issues with using LDAP on LINUX? We are currently on GRC 5.2 SP9 (in the middle of upgrading to SP12).
Also, I have been trying to connect our test UME system to a test LDAP box that has already been converted to LINUX but keep getting a 'connection failed' error when I try to test it.
Do you have to reboot the server to test changing the LDAP connections? I've been trying it by going into UME, pulling up the LDAP tab, hitting the Modify button, entering the new userid and password for test LDAP, and hitting the Test Connection button. I've verified that this userid and password is correct for test LDAP.
Is there a way to get more information about why the connection failed?
Thanks.

I've been told by our LDAP Support group that none of the other configuration settings should have to be changed. I should only have to change the id and password to connect to a test version of LDAP instead of our regular connection to the production LDAP.
Can you test a connection for a different userid/password without having to reboot/restart the server? Do I need to change these two settings, save then, reboot/restart, and then do the Test Connection button?
Thanks.

Show Stopper today with eDirectory (LDAP)

We are currently setting up Sun IDM 5.5 and are trying to do
reconciliation with an eDirectory 8.6.2 (10350.29) but are experiencing
severe performance issues. The directory contains groups with large scale
membership base, some groups 25.000+ members.
Same scenario occurs with Sun IDM 5.0 SP5.
When isolating to a single OU as baseDN with 10 accounts, a full clean
reconciliation takes 6-10 minutes. The network has thoroughly been
debugged, and no errors or issues have been found. Manual browsing in the
eDirectory with various ldap-tools without any issues. The total case
involves a total of more than 30.000+ accounts.
A test with identical user data in a Sun Directory Server 5.2 does the reconciliation take approx 2-3 seconds.
The eDirectory LDAP RA adapter can be viewed below. Any insight, or similar experiences are of great value and importance! Anything that can help me get this on track...
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Resource PUBLIC 'waveset.dtd' 'waveset.dtd'>

<Resource id='#ID#F77594225BD088E0:775121:1065E88DBC9:-7FE5' name='NDS' creator='Configurator' createDate='1126879507899' lastModifier='Configurator' lastModDate='1126886340268' lastMod='19' class='com.waveset.adapter.LDAPResourceAdapter' typeString='LDAP' typeDisplayString='com.waveset.adapter.RAMessages:RESTYPE_LDAP' hasId='true' facets='provision' timeLastExamined='0' reconcileTime='0' syncSource='true' startupType='Disabled'>
<ResourceAttributes>
    <ResourceAttribute name='host' displayName='com.waveset.adapter.RAMessages:RESATTR_HOST' description='RESATTR_HELP_240' value='130.243.85.109'>
    </ResourceAttribute>
    <ResourceAttribute name='port' displayName='com.waveset.adapter.RAMessages:RESATTR_PORT' description='RESATTR_HELP_264' value='389'>
    </ResourceAttribute>
    <ResourceAttribute name='ssl' displayName='com.waveset.adapter.RAMessages:RESATTR_SSL' description='RESATTR_HELP_281' value='0'>
    </ResourceAttribute>
    <ResourceAttribute name='principal' displayName='com.waveset.adapter.RAMessages:RESATTR_USERDN' description='RESATTR_HELP_271' value='cn=admin,ou=nds,ou=res,o=mdh'>
    </ResourceAttribute>
    <ResourceAttribute name='credentials' displayName='com.waveset.adapter.RAMessages:RESATTR_PASSWORD' type='encrypted' description='RESATTR_HELP_219' value='izkkkM1YJto='>
    </ResourceAttribute>
    <ResourceAttribute name='baseContext' displayName='com.waveset.adapter.RAMessages:RESATTR_BASE_CTXS' description='com.waveset.adapter.RAMessages:RESATTR_BASE_CTX_DESC' multi='true' value='ou=06,ou=STUDENT,ou=ANV,o=mdh'>
    </ResourceAttribute>
    <ResourceAttribute name='Object Class' displayName='com.waveset.adapter.RAMessages:RESATTR_OBJECT_CLASS' description='RESATTR_HELP_253' multi='true'>
      <value>top</value>
      <value>person</value>
      <value>organizationalPerson</value>
      <value>inetorgperson</value>
      <value>ndsLoginProperties</value>
    </ResourceAttribute>
    <ResourceAttribute name='ldapSearchFilter' displayName='com.waveset.adapter.RAMessages:RESATTR_LDAP_SEARCH_FILTER' description='com.waveset.adapter.RAMessages:RESATTR_HELP_LDAP_SEARCH_FILTER'>
    </ResourceAttribute>
    <ResourceAttribute name='includeObjClassesInSearchFilter' displayName='com.waveset.adapter.RAMessages:RESATTR_INCL_OBJCLASSES_IN_SEARCH_FILTER' type='boolean' description='com.waveset.adapter.RAMessages:RESATTR_HELP_INCL_OBJCLASSES_IN_SEARCH_FILTER' value='true'>
    </ResourceAttribute>
    <ResourceAttribute name='wsname' displayName='com.waveset.adapter.RAMessages:RESATTR_WSNAME' description='RESATTR_HELP_292' value='cn'>
    </ResourceAttribute>
    <ResourceAttribute name='Display Name Attribute' displayName='com.waveset.adapter.RAMessages:RESATTR_DISPLAY_NAME_ATTR' description='RESATTR_HELP_41'>
    </ResourceAttribute>
    <ResourceAttribute name='Use blocks' displayName='com.waveset.adapter.RAMessages:RESATTR_USE_BLOCKS' description='RESATTR_HELP_192' value='1'>
    </ResourceAttribute>
    <ResourceAttribute name='blockCount' displayName='com.waveset.adapter.RAMessages:RESATTR_BLOCKCOUNT' description='RESATTR_HELP_34' value='100'>
    </ResourceAttribute>
    <ResourceAttribute name='groupMemberAttr' displayName='com.waveset.adapter.RAMessages:RESATTR_GRP_MBR_ATTR' description='RESATTR_HELP_233' value='groupMembership'>
    </ResourceAttribute>
    <ResourceAttribute name='Password Hash Algorithm' displayName='com.waveset.adapter.RAMessages:RESATTR_PASSWORD_HASH_ALG' description='RESATTR_HELP_49'>
    </ResourceAttribute>
    <ResourceAttribute name='changeNamingAttr' displayName='com.waveset.adapter.RAMessages:RESATTR_MOD_NAMING_ATTR' description='RESATTR_HELP_47' value='0'>
    </ResourceAttribute>
    <ResourceAttribute name='Object Classes to Synchronize' displayName='com.waveset.adapter.RAMessages:RESATTR_ACTIVE_SYNC_OBJECT_CLASSES' description='com.waveset.adapter.RAMessages:RESATTR_HELP_ACTIVE_SYNC_OBJECT_CLASSES' multi='true' facets='activesync'>
      <value>person</value>
      <value>organizationalPerson</value>
      <value>inetorgperson</value>
    </ResourceAttribute>
    <ResourceAttribute name='LDAP Filter for Accounts to Synchronize' displayName='com.waveset.adapter.RAMessages:RESATTR_ACTIVE_SYNC_LDAP_FILTER' description='com.waveset.adapter.RAMessages:RESATTR_HELP_ACTIVE_SYNC_LDAP_FILTER' facets='activesync'>
    </ResourceAttribute>
    <ResourceAttribute name='Attributes to synchronize' displayName='com.waveset.adapter.RAMessages:RESATTR_ATTRIBUTE_FILTER' description='com.waveset.adapter.RAMessages:RESATTR_HELP_ATTRIBUTE_FILTER' multi='true' facets='activesync'>
    </ResourceAttribute>
    <ResourceAttribute name='When reset, ignore past changes' displayName='com.waveset.adapter.RAMessages:RESATTR_RESET_TO_TODAY' description='com.waveset.adapter.RAMessages:RESATTR_HELP_LDAPAS_RESET_TO_TODAY' facets='activesync' value='1'>
    </ResourceAttribute>
    <ResourceAttribute name='Change Log Blocksize' displayName='com.waveset.adapter.RAMessages:RESATTR_BLOCKSIZE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_36' facets='activesync' value='100'>
    </ResourceAttribute>
    <ResourceAttribute name='Change Number Attribute Name' displayName='com.waveset.adapter.RAMessages:RESATTR_CHANGE_NUMBER_ATTRIBUTE_NAME' description='com.waveset.adapter.RAMessages:RESATTR_HELP_37' facets='activesync' value='changenumber'>
    </ResourceAttribute>
    <ResourceAttribute name='Filter Changes Made By' displayName='com.waveset.adapter.RAMessages:RESATTR_FILTER_CHANGES_BY' description='com.waveset.adapter.RAMessages:RESATTR_HELP_FILTER_CHANGES_BY' multi='true' facets='activesync'>
    </ResourceAttribute>
    <ResourceAttribute name='Proxy Administrator' displayName='com.waveset.adapter.RAMessages:RESATTR_PROXY_ADMINISTRATOR' description='com.waveset.adapter.RAMessages:RESATTR_HELP_30' value='Configurator'>
    </ResourceAttribute>
    <ResourceAttribute name='Input Form' displayName='com.waveset.adapter.RAMessages:RESATTR_FORM' description='com.waveset.adapter.RAMessages:RESATTR_HELP_26'>
    </ResourceAttribute>
    <ResourceAttribute name='Pre-Poll Workflow' displayName='com.waveset.adapter.RAMessages:RESATTR_PREPOLL_WORKFLOW' description='com.waveset.adapter.RAMessages:RESATTR_PREPOLL_WORKFLOW_HELP'>
    </ResourceAttribute>
    <ResourceAttribute name='Post-Poll Workflow' displayName='com.waveset.adapter.RAMessages:RESATTR_POSTPOLL_WORKFLOW' description='com.waveset.adapter.RAMessages:RESATTR_POSTPOLL_WORKFLOW_HELP'>
    </ResourceAttribute>
    <ResourceAttribute name='Maximum Archives' displayName='com.waveset.adapter.RAMessages:RESATTR_MAX_ARCHIVES' description='com.waveset.adapter.RAMessages:RESATTR_HELP_MAX_ARCHIVES' value='3'>
    </ResourceAttribute>
    <ResourceAttribute name='Maximum Age Length' displayName='com.waveset.adapter.RAMessages:RESATTR_MAX_LOG_AGE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_MAX_LOG_AGE'>
    </ResourceAttribute>
    <ResourceAttribute name='Maximum Age Unit' displayName='com.waveset.adapter.RAMessages:RESATTR_MAX_LOG_AGE_UNIT' description='com.waveset.adapter.RAMessages:RESATTR_HELP_MAX_LOG_AGE_UNIT'>
    </ResourceAttribute>
    <ResourceAttribute name='Log Level' displayName='com.waveset.adapter.RAMessages:RESATTR_LOG_LEVEL' description='com.waveset.adapter.RAMessages:RESATTR_HELP_27' value='2'>
    </ResourceAttribute>
    <ResourceAttribute name='Log File Path' displayName='com.waveset.adapter.RAMessages:RESATTR_LOG_PATH' description='com.waveset.adapter.RAMessages:RESATTR_HELP_28'>
    </ResourceAttribute>
    <ResourceAttribute name='Maximum Log File Size' displayName='com.waveset.adapter.RAMessages:RESATTR_LOG_SIZE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_29'>
    </ResourceAttribute>
    <ResourceAttribute name='Scheduling Interval' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_INTERVAL' description='com.waveset.adapter.RAMessages:RESATTR_HELP_51'>
    </ResourceAttribute>
    <ResourceAttribute name='Poll Every' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_INTERVAL_COUNT' description='com.waveset.adapter.RAMessages:RESATTR_HELP_52'>
    </ResourceAttribute>
    <ResourceAttribute name='Polling Start Time' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_START_TIME' description='com.waveset.adapter.RAMessages:RESATTR_HELP_56'>
    </ResourceAttribute>
    <ResourceAttribute name='Polling Start Date' displayName='com.waveset.adapter.RAMessages:RESATTR_SCHEDULE_START_DATE' description='com.waveset.adapter.RAMessages:RESATTR_HELP_54'>
    </ResourceAttribute>
    <ResourceAttribute name='useInputForm' displayName='com.waveset.adapter.RAMessages:RESATTR_USE_INPUT_FORM' type='boolean' description='com.waveset.adapter.RAMessages:RESATTR_USE_INPUT_FORM_HELP' facets='activesync' value='true'>
    </ResourceAttribute>
    <ResourceAttribute name='parameterizedInputForm' displayName='com.waveset.adapter.RAMessages:RESATTR_PARAMETERIZED_INPUT_FORM' description='com.waveset.adapter.RAMessages:RESATTR_PARAMETERIZED_INPUT_FORM_HELP' facets='activesync'>
    </ResourceAttribute>
    <ResourceAttribute name='activeSyncPostProcessForm' displayName='com.waveset.adapter.RAMessages:RESATTR_SYNC_POST_PROCESS_FORM' description='com.waveset.adapter.RAMessages:RESATTR_SYNC_POST_PROCESS_FORM_HELP' facets='activesync'>
    </ResourceAttribute>
    <ResourceAttribute name='activeSyncConfigMode' displayName='com.waveset.adapter.RAMessages:RESATTR_SYNC_CONFIG_MODE' description='com.waveset.adapter.RAMessages:RESATTR_SYNC_CONFIG_MODE_HELP' facets='activesync' value='basic'>
    </ResourceAttribute>
    <ResourceAttribute name='processRule' displayName='com.waveset.adapter.RAMessages:RESATTR_PROCESS_RULE' description='com.waveset.adapter.RAMessages:RESATTR_PROCESS_RULE_HELP' facets='activesync'>
    </ResourceAttribute>
    <ResourceAttribute name='correlationRule' displayName='com.waveset.adapter.RAMessages:RESATTR_CORRELATION_RULE' description='com.waveset.adapter.RAMessages:RESATTR_CORRELATION_RULE_HELP' facets='activesync' value='CORRELATION_RULE_NONE'>
    </ResourceAttribute>
    <ResourceAttribute name='confirmationRule' displayName='com.waveset.adapter.RAMessages:RESATTR_CONFIRMATION_RULE' description='com.waveset.adapter.RAMessages:RESATTR_CONFIRMATION_RULE_HELP' facets='activesync' value='CONFIRMATION_RULE_NONE'>
    </ResourceAttribute>
    <ResourceAttribute name='deleteRule' displayName='com.waveset.adapter.RAMessages:RESATTR_DELETE_RULE' description='com.waveset.adapter.RAMessages:RESATTR_DELETE_RULE_HELP' facets='activesync'>
    </ResourceAttribute>
    <ResourceAttribute name='createUnmatched' displayName='com.waveset.adapter.RAMessages:RESATTR_CREATE_UNMATCHED' description='com.waveset.adapter.RAMessages:RESATTR_CREATE_UNMATCHED_HELP' facets='activesync' value='true'>
    </ResourceAttribute>
    <ResourceAttribute name='resolveProcessRule' displayName='com.waveset.adapter.RAMessages:RESATTR_RESOLVE_PROCESS_RULE' description='com.waveset.adapter.RAMessages:RESATTR_RESOLVE_PROCESS_RULE_HELP' facets='activesync'>
    </ResourceAttribute>
    <ResourceAttribute name='populateGlobal' displayName='com.waveset.adapter.RAMessages:RESATTR_POPULATE_GLOBAL' description='com.waveset.adapter.RAMessages:RESATTR_POPULATE_GLOBAL_HELP' facets='activesync' value='false'>
    </ResourceAttribute>
</ResourceAttributes>
<AccountAttributeTypes nextId='15'>
    <AccountAttributeType id='2' name='accountId' syntax='string' mapName='cn' mapType='string' required='true'>
      <AttributeDefinitionRef>
        <ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:accountId' name='accountId'/>
      </AttributeDefinitionRef>
    </AccountAttributeType>
    <AccountAttributeType id='3' name='password' syntax='encrypted' mapName='userPassword' mapType='string'>
      <AttributeDefinitionRef>
        <ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:password' name='password'/>
      </AttributeDefinitionRef>
    </AccountAttributeType>
    <AccountAttributeType id='4' name='firstname' syntax='string' mapName='givenname' mapType='string'>
      <AttributeDefinitionRef>
        <ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:firstname' name='firstname'/>
      </AttributeDefinitionRef>
    </AccountAttributeType>
    <AccountAttributeType id='5' name='lastname' syntax='string' mapName='sn' mapType='string' required='true'>
      <AttributeDefinitionRef>
        <ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:lastname' name='lastname'/>
      </AttributeDefinitionRef>
    </AccountAttributeType>
    <AccountAttributeType id='8' name='loginDisabled' syntax='string' mapName='loginDisabled' mapType='string'>
    </AccountAttributeType>
    <AccountAttributeType id='9' name='fullname' syntax='string' mapName='fullname' mapType='string'>
    </AccountAttributeType>
    <AccountAttributeType id='10' name='email' syntax='string' mapName='mail' mapType='string'>
    </AccountAttributeType>
    <AccountAttributeType id='11' name='ssn' syntax='string' mapName='workforceId' mapType='string'>
    </AccountAttributeType>
    <AccountAttributeType id='12' name='description' syntax='string' mapName='description' mapType='string'>
    </AccountAttributeType>
</AccountAttributeTypes>
<Template>
    <text>cn=</text>
    <ObjectRef type='AttributeDefinition' id='#ID#AttributeDefinition:accountId' name='accountId'/>
    <text>,ou=06,ou=STUDENT,ou=ANV,o=mdh</text>
</Template>
<Retries max='0' delay='10' emailThreshold='5'/>
<ObjectTypes>
    <ObjectType name='Group' nameKey='UI_RESOURCE_OBJECT_TYPE_GROUP' icon='group'>
      <ObjectClasses primary='groupOfUniqueNames' operator='OR'>
        <ObjectClass name='groupOfNames'/>
        <ObjectClass name='groupOfUniqueNames'/>
      </ObjectClasses>
      <ObjectFeatures>
        <ObjectFeature name='create'/>
        <ObjectFeature name='update'/>
        <ObjectFeature name='delete'/>
        <ObjectFeature name='rename'/>
        <ObjectFeature name='saveas'/>
      </ObjectFeatures>
      <ObjectAttributes idAttr='dn' displayNameAttr='cn' descriptionAttr='description' objectClassAttr='objectclass'>
        <ObjectAttribute name='cn' type='string'/>
        <ObjectAttribute name='description' type='string'/>
        <ObjectAttribute name='owner' type='distinguishedname' namingAttr='cn'/>
        <ObjectAttribute name='uniqueMember' type='distinguishedname' namingAttr='cn'/>
      </ObjectAttributes>
    </ObjectType>
    <ObjectType name='Domain' nameKey='UI_RESOURCE_OBJECT_TYPE_DOMAIN' icon='folder' container='true'>
      <ObjectClasses operator='AND'>
        <ObjectClass name='domain'/>
      </ObjectClasses>
      <ObjectFeatures>
        <ObjectFeature name='find'/>
      </ObjectFeatures>
      <ObjectAttributes idAttr='distinguishedName' displayNameAttr='dc' objectClassAttr='objectclass'>
        <ObjectAttribute name='dc' type='string'/>
      </ObjectAttributes>
    </ObjectType>
    <ObjectType name='Organization' nameKey='UI_RESOURCE_OBJECT_TYPE_ORGANIZATION' icon='folder_with_org' container='true'>
      <ObjectClasses operator='AND'>
        <ObjectClass name='organization'/>
      </ObjectClasses>
      <ObjectFeatures>
        <ObjectFeature name='create'/>
        <ObjectFeature name='delete'/>
        <ObjectFeature name='rename'/>
        <ObjectFeature name='saveas'/>
        <ObjectFeature name='find'/>
      </ObjectFeatures>
      <ObjectAttributes idAttr='dn' displayNameAttr='o' objectClassAttr='objectclass'>
        <ObjectAttribute name='o' type='string'/>
      </ObjectAttributes>
    </ObjectType>
    <ObjectType name='Organizational Unit' nameKey='UI_RESOURCE_OBJECT_TYPE_ORGANIZATIONALUNIT' icon='folder_with_orgunit' container='true'>
      <ObjectClasses operator='AND'>
        <ObjectClass name='organizationalUnit'/>
      </ObjectClasses>
      <ObjectFeatures>
        <ObjectFeature name='create'/>
        <ObjectFeature name='delete'/>
        <ObjectFeature name='rename'/>
        <ObjectFeature name='saveas'/>
        <ObjectFeature name='find'/>
      </ObjectFeatures>
      <ObjectAttributes idAttr='dn' displayNameAttr='ou' objectClassAttr='objectclass'>
        <ObjectAttribute name='ou' type='string'/>
      </ObjectAttributes>
    </ObjectType>
</ObjectTypes>
    <LoginConfigEntry name='com.waveset.security.authn.WSResourceLoginModule' type='LDAP' displayName='com.waveset.adapter.RAMessages:RES_LOGIN_MOD_LDAP'>
      <AuthnProperties>
        <AuthnProperty name='ldap_uid' displayName='com.waveset.adapter.RAMessages:UI_USERID_LABEL' isId='true' formFieldType='text' dataSource='user'/>
        <AuthnProperty name='ldap_password' displayName='com.waveset.adapter.RAMessages:UI_PWD_LABEL' formFieldType='password' dataSource='user'/>
      </AuthnProperties>
      <SupportedApplications>
        <SupportedApplication name='Administrator Interface'/>
        <SupportedApplication name='User Interface'/>
      </SupportedApplications>
    </LoginConfigEntry>
    <ResourceUserForm>
      <ObjectRef type='UserForm' id='#ID#LDAP User Form'/>
    </ResourceUserForm>
<MemberObjectGroups>
    <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</resource>

few questions....are you getting any errors on the ldap side? object class errors perhaps?
what app server are you using and what version of java?
--Dana Reed

Need Tcode for Synchronization of SAP Useradministration with an LDAP

Hi Experts,
i am configuring the SAPR/3 4.7EE server with an LDAPserver( OID Oracle Intranet Directory server) by using the tcodes SM59,LDAP.
Now i Need the Tcode for Synchronization of SAP Useradministration with an LDAP
when i clicked on the ServerNames tab on the screen with Tcode LDAP,
i am not getting the Synchornization screen when i clicked on the Synchronization
can anyone provide me the info where i have to do the Synchronization of SAP User Administration with an LDAP?
Regds
Phani

Hi Olivier
To be specific, we have an application(.Net) which uses SAP as backend and retrieves the data from SAP using RFC and BAPI's. Well everything works fine with SAP R/3(where using the connection string and SAPConnector we could establish connection and call the RFC/BAPI).
When it comes to SAP ECC we have no idea about the connection string or how to connect using SAPConnector. I knew that ECC uses a secured connection so i want to know how to connect to SAP ECC using .Net Connnector.
For the SSL could you tell me how exactly can we apply that to the above described situation?
thanks
sathish

Buyer Account, Welcome mail with password & LDAP related query

Hi All
We are facing an issue with the LDAP configuration while creating Buy side users, please see below
If anyone of you could help, please provide your contact details or a solution to overcome this
Background
We have installed SAP E-Sourcing 5.1 On-premise.
We are currently doing the post installation configuration
-          Imported the Out of the Box enterprise Deployment Workbook (We have not modified the contents of the workbook)
-          We have configured an SMTP mail host to send and receive all mails from the application
Query
Based on the enterprise Deployment Workbook, the system has created the following Directory configuration settings pointing to different LDAP system
DISPLAY_NAME   EXTERNAL_ID
QA SunOne 5.2 u2013 Buyside dir.qa.sun.bs
QA SunOne 5.2 u2013 Sellside dir.qa.sun.ss
QA ActiveDirectory 2003 - Buyside dir.qa.ms.bs
QA ActiveDirectory 2003 u2013 Sellside dir.qa.ms.ss
QA Oracle 9.0.2 u2013 Buyside dir.qa.ora.bs
QA Oracle 9.0.2 u2013 Sellside dir.qa.ora.ss
When we are creating the Buyside users (If we use the Check Box u2013 Create Directory account), we are getting a communication error
If we uncheck it, it creates the account but the system does not generate the welcome mail. We understand that the welcome mail has the system generated password to log-onto the application as the Buyer.
We are also not able to create the local users, as the password.properties template isnu2019t available in the downloaded software, we donu2019t know the format thatu2019s expected by the system.
Please let us know, if there is an alternate way to get the password even without using LDAP or Local directories.
Incase LDAP or creation of local directory is the key, then please let us know whatu2019s happening incorrectly in our case.
This has become a show stopper for us going any forward.
Request your help ASAP
Regards
Tridip

Hi All
I had the same problem when I tried doing the email Set-up
I finally realised that you need to do the configuration steps for SMTP using the enterprise user and the system user. If you have done this setting as only the system user the mails will be in Awaiting retry.
Do this and the mails will start flowing, incase your SMTP mail server is working fine
Please do the following settings logged in as System User and Enterprise User
System Properties->searrch for messaging
Set           -                Property                       -               Value                -                   Context
messaging messaging.smtp.mailhost                replace the default with your value System Context
messaging messaging.smtp.port                       25                                               System Context
Also please let me know what is the status of the messages in your Queued Messages
This should work
Do let me know, if it does
Regards
Tridip
Edited by: Tridip Chakraborthy on May 27, 2009 11:57 AM
Edited by: Tridip Chakraborthy on May 27, 2009 12:02 PM
Edited by: Tridip Chakraborthy on May 27, 2009 12:02 PM

SSO with Custom LDAP

This is the landscape :-
Web Application / Portal at Oracle Web Center Suite (WCS).
SAP BO 4.0
Authentication using Custom LDAP & SSO with Trusted Authentication.
Used OpenLDAP for authentication via RadiantOne VDS as the proxy.
Activities :
Authenticate the BO users with OpenLDAP via RadiantOne.
Synchronize the BO user group from OpenLDAP via RadiantOne.
Used openDocument.jsp to open WEBI reports.
Problems :
We configure the LDAP as Custom. Attributes mapping as default.
When BOE trying to connect the RadiantOne VDS & create user u201Cuser01u201D which already exists in the OpenLDAP server. It throws the exception :
"An internal error has occurred in the secLdap plugin.u201D
When trying to create user that does not exist in LDAP. It throws the exception :
u201CThe secLdap plugin failed to get the dn for the user notuser.u201D
Please advise us how to resolved this internal error if we want to SSO with custom LDAP !!
Thanks & regards,
Herries E

Hi,
Herrie, Roland is correct, OpenLDAP is not supported and you can run into problems if you want to escalate issues in the future. The customer must have that into account.
However, LDAP is pretty standard and usually you just need to make sure that the attribute mappings is correct.
Are users correctly created when you map an LDAP group?
Are you able to manually authenticate using LDAP? You can use the CMC page and select authentication LDAP
When you have confirmed that LDAP manual authentication is working, you can set up Trusted Authentication. Check first that the system is working just using QUERY_STRING:
https://service.sap.com/sap/support/notes/1593628
When trusted auth is confirmed to work, you can configure the parameters that Radiant users to pass the user: cookies, web session, etc.
Regards,
Julian

Integrating BIP with multiple LDAP servers

Hi,
my question is very simple. In Admin->Security Configuration->Security Model section i've setted Security model combobox with LDAP value. Then i've filled all LDAP information field (for example:URL). All works. But in my rpd i 've multiple LDAP servers (multiple URL) and in the form i can insert information about only one LDAP server.
Is it possible configure BIP with multiple LDAP servers?
Thanks
Giancarlo
P.S. I'm using OBIEE 10g

Hi,
my question is very simple. In Admin->Security Configuration->Security Model section i've setted Security model combobox with LDAP value. Then i've filled all LDAP information field (for example:URL). All works. But in my rpd i 've multiple LDAP servers (multiple URL) and in the form i can insert information about only one LDAP server.
Is it possible configure BIP with multiple LDAP servers?
Thanks
Giancarlo
P.S. I'm using OBIEE 10g

Config UME with ABAP+LDAP datasource

Hi all,
We are implementing an EP installation. We want to reuse the abap role assignment for the portal roles and we require a SSO solution based on SPNego.
Now we can implement each on it's own fine. The question is how we can connect the ume to use both abap and ldap datasource. I opened an OSS about it and they said it's possible, supported but I'm on my own when it comes to implementing it (or consulting offcourse).
Anyone had experience with this configuration or can provide me with the datasource schema file?
Thank in advance,
Eric

Try the following:
1.     Download the SPNegoWizard_645.zip (for 7.0) SPNegoWizard_640 (for 6.40)from SAP Note 994791 and unzip it.
2.     Adjust the user running the SAP system in Active Directory
3.     Copy the EAR and XML Files from the SPNegoWizard.ZIP file to a temporary directory on the server.
4.     Open up the Visual Administrator. Logon with the admin ID.
5.     SID ->Server -> Services -> Deploy
6.     Open the Config Tool. (Yes to using DB settings)
7.     Select UME LDAP Data
8.     Browse to the XML file you copied earlier. (dataSourceConfiguration_ads_readonly_db_with_krb5.xml)
Click the upload button.
9.     Select the Configuration file you just uploaded. Click OK on the Warning message.
10.     Setup the Connection details as specified below:
Server Name: xxxxxx
Server Port: xxxxxxx
User: SAPService<SID>@domain.com
Password: xxxxxx
Use UME unique id with unique LDAP attribute (checked): samaccountname
User Path: dc=<domain>,dc=com
Group Path: ou=xxxxxx,ou=xxxx,dc=xxxx,dc=xxxx
11.     Click the Test Connection button you should see:
Click Close when done.
12.     Click the Test Authentication button, enter NT user ID and NT password, and click the authenticate button and you should get a success message:
13.     Select cluster-data  Global Server Configuration  services  com.sap.security.core.ume.service
14.     Edit the ume.admin.addattrs.
Add the values: krb5principalname;kpnprefix;dn
Click the Set button.
15.     Click the Save button or File -> Apply.
16.     Close the Config tool and restart the JAVA engine.
17.     After the engine is restarted, continue on with the Kerberos configuration.
18.     Open up the SP Nego Wizard by going to the following URL: http://<server>:<port>/spnego
19.     Logon with the Administrator user ID.
20.     Select the check boxes for the u201CService user is created and configured in Active Directoryu201D and u201CUME configuration includes SPNego specific settingsu201D
Click the Next button
21.     Click the Add Kerberos Realm button and enter your domain name (e.g. company.com)
22.     For the Realm Configurationu2019s KDCs (Key Distribution Centers) put in <KDC host> and 88 for the port (the port should already be filled in.
23.     In the KPN (Kerberos Principal Name) section enter the Service User Name & Password.
Service User: SAPService<SID>
Password: xxxx
Leave LDAP Host - blank
24.     Click the Next button
25.     Select Prefix Based for the Resolution Mode and Click Next
26.     In Policy Configuration we want to create a new policy called spnego. Tick Basic password Fallback (when SSO do not work) and tick SSO with Logon Tickets. Click the Next button.
27.     Click Finish on the Confirmation screen.
28.     Close the browser and restart the engine.
29.     After the engine has finished restarting, continue with the final steps.
30.     Open up the Visual Administrator. Logon as the Administrator ID.
31.     SID  Server  Services  Security Provider
32.     Go into change mode by clicking the change button.
33.     On the Runtime tab  Policy Configurations tab  Select ticket from the Components list.
34.     On the Authentication tab for the ticket component  select Authentication Template: spnego
35.     Now go to the useradmin service (http://<server>:<port>/useradmin) to test the Kerberos SSO. You should get signed on without entering a user name or password.
You are done!

Integration of CQ 5.5 with open LDAP

Hi Team,
I am trying to integrate cq 5.5 with open ldap. i am able to see ldap entry in jmx console .
But here the problem is the users in LDAP are not imported to CQ users.
Below are methods in com.adobe.granite.ldap tools section in jmx console.
[Ljava.lang.String;
listOrphanedUsers()
retrieves a list of users not present in the LDAP directory anymore
java.lang.Void
syncAllUsers()
updates all local user informations based on the LDAP directory
[Ljava.lang.String;
syncUser(java.lang.String user)
updates the local user information for a specific LDAP entry
[Ljava.lang.String;
syncUserList([Ljava.lang.String; userlist)
updates the local user information for a list of LDAP entries
[Ljava.lang.String;
purgeUsers()
removes the local user information for all users removed from the LDAP server
using these methods also am unable to import my ldap users to cq.
Please guide me on the same.
Thanks & Regards,
Prasad.

please refer to the master guide available for the SRM 5.0 --> which has got details of the R/3 system which you can use with SRM 5.0.
I have seen the guide and according to it , you can use R/3 3.1i - SAP ECC 6.0.
and also there should be no limitation as far as i know , if you are able to use R/3 4.6B , you should be able to use all the functionality.

Is it possible to retrieve data from an Oracle db with an LDAP query?

Our application uses an LDAP query to retrieve data from Microsoft Active Directory. Is it also possible to retrieve data from an Oracle database with an LDAP query?

if you have Oracle Internet Directory, you will retrieve with ldapsearch data, which are physically stored in the database. But to select * from emp where ename='SCOTT', it is probably not possible.
At least I have never heard of such a product which translate ldap query in sql query. But feel free to write your own one in perl :-)

Need Help With ACS LDAP setup to Query AD

I have 2 Win 2003 ADs, one of them is configured and working under Windows Database (using remote agent) configuration. I am trying to setup the second AD with Generic LDAP setup. I want to know what exactly I should use in the fields UserObjectType and Class, and GroupObjectType and Class for Windows 2003 AD. All Cisco documents give example of Netscape LDAP syntax. I was told by our server admin. what to put under Admin DN, CN=myid,OU=mygroup,OU=myorg,DC=mydomain,DC=com
I have both user & group directory subtree fields filled with DC=mydomain,DC=com.
I am using the ip address for Primary LDAP server, and port is 389, LDAP version 3 is checked.
Is any of these DC, OU, etc. case sensitive?
With all entries that I have tried, when I go to map a group, I am getting error "LDAP server NOT reachable. Please check the configuration". My ACS can ping the domain controller's IP address fine.
Please help. Thank you in advance,
Murali

Murali,
These references may help...
http://download.microsoft.com/download/3/d/3/3d32b0cd-581c-4574-8a27-67e89c206a54/uldap.doc
http://www.microsoft.com/technet/archive/winntas/plan/dda/ddach02.mspx?mfr=true
http://technet.microsoft.com/en-us/library/aa996205.aspx
Regards,
Richard

CE565/CE7325 with MS LDAP Auth - Problem

Once again seems I am the first one to use a new product. I have a CE565 that I am trying to get to work with MS LDAP. Anyone had any luck doing this? Cisco TAC is having difficult time tracing down problem.
ce565#sho ldap
LDAP Configuration:
LDAP Authentication is enabled
Allow mode: disabled
Base DN: DC=domain,DC=com
Filter: <none>
Retransmits: 2
Timeout: 5 seconds
UID Attribute: uid
Group Attribute: memberOf
Administrative DN: <none>
Administrative Password: <none>
LDAP version: 3
LDAP port: 389
Server Status
192.168.99.7 primary
<none> secondary
ce565#debug authe http
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2498 ***pam_ldap: Begin
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2502 *** pam_ldap: Got username ralldread
Apr 24 22:44:56 ce565 http_authmod: _pam_ldap_get_session:1977 *** pam_ldap: Begin
Apr 24 22:44:56 ce565 http_authmod: _read_config:570 ***pam_ldap: Reading configuration
Apr 24 22:44:56 ce565 http_authmod: ldap_server_validate:1928 ***pam_ldap: === Host[0] 192.168.99.7 ===
Apr 24 22:44:56 ce565 http_authmod: ldap_server_isalive:1851 ***pam_ldap: Connecting...
Apr 24 22:44:56 ce565 http_authmod: ldap_server_isalive:1867 ***pam_ldap: Socket timeout 5
Apr 24 22:44:56 ce565 http_authmod: ldap_server_isalive:1891 ***pam_ldap: Connected to 192.168.99.7
Apr 24 22:44:56 ce565 http_authmod: ldap_server_validate:1948 ***pam_ldap: ServerAlive [1] (up=1, down=0)
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2508 *** pam_ldap: Got session
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2519 *** pam_ldap: Do authentication
Apr 24 22:44:56 ce565 http_authmod: _get_user_info:1672 *** pam_ldap: Begin user ralldread
Apr 24 22:44:56 ce565 http_authmod: _connect_anonymously:1059 *** pam_ldap: Host 192.168.99.7
Apr 24 22:44:56 ce565 http_authmod: _connect_anonymously:1063 *** pam_ldap: Open session
Apr 24 22:44:56 ce565 http_authmod: _open_session:927 *** pam_ldap: Begin
Apr 24 22:44:56 ce565 http_authmod: _connect_anonymously:1074 *** pam_ldap: Binding...
Apr 24 22:44:56 ce565 http_authmod: _get_user_info:1676 *** pam_ldap: Connected anonymously
Apr 24 22:44:56 ce565 http_authmod: _get_user_info:1699 *** pam_ldap: Filter (uid=ralldread)
Apr 24 22:44:56 ce565 http_authmod: pam_sm_authenticate:2522 *** pam_ldap: Done authentication FAILURE
Any thoughts?

I got it working. I did 2 things. One, I rebuilt the the server to make sure Active Directory was working correctly. Two, I changed the DC=domain to be dc=domain. I havent had a chance to test which one actually fixed it, but here it the config that I am using.
ce565#sho run
device mode content-engine
hostname ce565
http authentication header 407
http authentication cache timeout 1
http authentication cache max-entries 32000
http proxy incoming 8888
clock timezone EST -5 0
ip domain-name demodomain
https proxy incoming 8888
interface GigabitEthernet 1/0
ip address 10.10.220.71 255.255.255.0
exit
interface GigabitEthernet 2/0
shutdown
exit
ip default-gateway 10.10.220.1
primary-interface GigabitEthernet 1/0
no auto-register enable
ip name-server 10.10.220.80
pre-load enable
pre-load depth-level-default 2
pre-load resume
pre-load traverse-other-domains
pre-load url-list-file ftp://ftpuser:[email protected]/ce-preload.txt
transaction-logs enable
transaction-logs log-windows-domain
transaction-logs archive interval every-hour every 10
transaction-logs sanitize
transaction-logs export enable
transaction-logs export interval every-hour every 10
transaction-logs export ftp-server 10.10.220.80 ftpuser ftpuser /
transaction-logs format extended-squid
username admin password 1 bVmDmMMmZAPjY
username admin privilege 15
ldap server base "dc=demodomain"
ldap server userid-attribute cn
ldap server host 10.10.220.80 primary
ldap server administrative-dn "cn=administrator,cn=users,dc=demodomain"
ldap server administrative-passwd ****
ldap server active-directory-group enable
ldap server version 3
ldap server enable
authentication login local enable primary
authentication configuration local enable primary
url-filter http smartfilter enable
cdm ip 10.10.220.70
cms enable

I need some help with Portal - LDAP connection

Hello...
Can some one please help me with an issue I have when I try to connect a Portal in version EP6.0, with an LDAP, I go to System Admin --> System Config --> UM Config --> LDAP Server, Test the connection, it's successful, then restarted the server, but I still can't see the users at the LDAP.
Hope some one can help me soon.
Miguel

Hi Miguel,
After Configuring LDAP to UME portal,You need to create users in the LDAP.Then only you can see the users when you go to user admin->users->search for the user
1. What happens when you give * to search users?
2. Are you sure that you have mapped attributes of the user properly in data source configuration Xml file..
3 Which LDAP server you are using.
Cheers
Rani A

[OBPM 10gR3]How to configer a hybrid directory with Oracle LDAP Server

Hey, guys,
Does anyone have experience on configering a hybrid directory with Oracle LDAP Server? How to config the mapping conf file for Oracle LDAP in the directory of \OraBPMwlHome\conf?
Here is my conf file. But I got some LDAP mapping errors. It's really weird OBPM doesn't support Oracle's self LDAP, at least it does not provide the conf file.
-----------errors------------
Exception [javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name '']. Reason: [LDAP: error code 53 - Function Not Implemented] fuego.directory.DirectoryRuntimeException: Exception [javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name '']. at fuego.directory.DirectoryRuntimeException.wrapException(DirectoryRuntimeException.java:85) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.select(JNDIQueryExecutor.java:203) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectAllFromView(JNDIQueryExecutor.java:84) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectAllFromView(JNDIQueryExecutor.java:64) at fuego.directory.hybrid.ldap.Repository.selectAllFromView(Repository.java:54) at fuego.directory.hybrid.ldap.LDAPPollingEventGenerator.buildCurrentProxies(LDAPPollingEventGenerator.java:98) at fuego.directory.provider.notifiers.BasePollingEventGenerator.generateEvents(BasePollingEventGenerator.java:41) at fuego.directory.hybrid.HybridMultipleEventGenerator.generateEvents(HybridMultipleEventGenerator.java:43) at fuego.directory.provider.notifiers.DirectoryNotifier.notifyChanges(DirectoryNotifier.java:403) at fuego.server.service.DirectoryListener.updateEngineFromDirectoryImpl(DirectoryListener.java:309) at fuego.server.service.DirectoryListener$DirectoryPollingItem.execute(DirectoryListener.java:351) at fuego.server.execution.DefaultEngineExecution$AtomicExecutionTA.runTransaction(DefaultEngineExecution.java:304) at fuego.transaction.TransactionAction.startBaseTransaction(TransactionAction.java:470) at fuego.transaction.TransactionAction.startTransaction(TransactionAction.java:551) at fuego.transaction.TransactionAction.start(TransactionAction.java:212) at fuego.server.execution.DefaultEngineExecution.executeImmediate(DefaultEngineExecution.java:123) at fuego.server.execution.DefaultEngineExecution.executeAutomaticWork(DefaultEngineExecution.java:62) at fuego.server.execution.EngineExecution.executeAutomaticWork(EngineExecution.java:42) at fuego.ejbengine.ejb.EngineStartupBean.executeItem(EngineStartupBean.java:192) at fuego.ejbengine.ejb.EngineStartupBean.updateFromDirectory(EngineStartupBean.java:172) at fuego.ejbengine.ejb.engine_startup_bpmengine_wodkyx_ELOImpl.updateFromDirectory(engine_startup_bpmengine_wodkyx_ELOImpl.java:365) at fuego.ejbengine.servlet.SchedulerServlet$DirectoryPollingTask.runImpl(SchedulerServlet.java:269) at fuego.ejbengine.servlet.SchedulerServlet$ScheduledTask.run(SchedulerServlet.java:208) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name '' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1812) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at fuego.jndi.FaultTolerantDirContext.search(FaultTolerantDirContext.java:867) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.select(JNDIQueryExecutor.java:190) ... 23 more
-----------mapping conf file for Oracle LDAP---------
<?xml version="1.0" encoding="UTF-8"?>
<?fuego version="6.1 ALPHA" application="albpmenterprise"?>

<config>
     <object id="person">
          <object-filter>
               <![CDATA[
                    (objectclass=inetOrgPerson)
               ]]>
          </object-filter>
          <relative-dn>
               
          </relative-dn>
          <attribute id="id" value="uid"/>
          <attribute id="lastName" value="sn"/>
          <attribute id="firstName" value="givenname"/>
          <attribute id="accountLock" value="orclIsEnabled">
               <attribute-comparator operation="EQUALS" compareTo="ENABLED"/>
               <filter>
                    <![CDATA[
                         ($accountLock=ENABLED)
                    ]]>
               </filter>
          </attribute>
          <attribute id="facsimileTelephoneNumber" value="facsimileTelephoneNumber"/>
          <attribute id="displayName" value="displayName"/>
          <attribute id="mail" value="mail"/>
          <attribute id="telephoneNumber" value="telephoneNumber"/>
          <attribute id="employeeId" value="employeeNumber"/>
          <attribute id="thumbnailPhoto" value="jpegPhoto"/>
          <attribute id="manager" value="manager"/>
          <attribute id="modifyTimeStamp" value="modifytimestamp"/>
     </object>
     <object id="group">
          <object-filter>
               <![CDATA[
                    (objectclass=orclGroup)
               ]]>
          </object-filter>
          <relative-dn>
               
</relative-dn>
          <attribute id="id" value="dn"/>
          <attribute id="modifyTimeStamp" value="modifytimestamp"/>
          <attribute id="displayName" value="displayName"/>
          <attribute id="name" value="cn"/>
          <attribute id="description" value="description"/>
          <attribute id="assignedParticipants" value="uniquemember"/>
          
          <attribute id="ou" value="uniquemember"/>
     </object>
     <object id="ou">
          <object-filter>
               <![CDATA[
                    (objectclass=domain)
               ]]>
          </object-filter>
          <relative-dn>
               
</relative-dn>
          <attribute id="name" value="orclsubscriberfullname"/>
          <attribute id="description" value="description"/>
     </object>
</config>
Edited by: Lemonice on 2009-3-30 上午2:08
Edited by: Lemonice on 2009-3-30 下午7:01
Edited by: Lemonice on 2009-3-30 下午8:43

Hi,
in my case, I am trying to configure the OBPM directory using ALUI and its native LDAP service.
Now, I found that the first name and the last name in BPM are retrieved from the ALUI display name : provided we enter the display name in the format %first name% + %last name% we get them into BPM. But the display name is not always in this format...
In addition, it's the portal telephone number information which is retrieved into BPM Telephone and Fax numbers.
And, the email adress remains blank
I have installed the latest patch for OBPM (Version: 10.3.1.0.0 Build: #97172)
Would you have any documentation about creating a Profile Web Service in ALUI and specifying which LDAP attributes to map to which ALUI properties in the Profile Source ?
Thanks !
Edited by: vVince on May 6, 2009 3:46 PM

J2ee implementation with jaas/LDAP

Hi;
          I search a good j2ee implementation or light framework using jaas API and LDAP directory to authentifies and affects a profil to a user.
          I have already analysed the framework : JGuard.
          regards;

If I understand you correctly, you want to have an application deployed in WebLogic (you don't say what version) use standard J2EE JAAS for declarative authentication and authorization, but use an LDAP provider for the actual implementation.
          If that's the case, at least in WebLogic 8.1 (I don't know about older versions), you shouldn't need any third-party packages. You can configure your WebLogic domain with authentication and authorization providers that interface with an LDAP server. This will work with the JAAS implementation in WebLogic. You can go to <http://e-docs.bea.com/wls/docs81/secmanage/> to read about configuring security in WebLogic (including the LDAP authentication provider).

FMWControl with thirdparty LDAP

Similar Messages

Maybe you are looking for