Getting User Attributes from an Active Directory LDAP
Hello all.
I want to extract attributes assigned to a user in the Active Directory LDAP and make them available through the getPropertyValue property in Javascript. I know that a user's System Attributes can be accessed with getPropertyValue but I have not found a way to get specific attributes from the LDAP and make them available as specific attributes in xMII. System attributes like "EmailAddress1" seem to transfer from the LDAP but others don't. Anyone have any ideas?
Thanks.
...Sparks
Sparks,
If you're using 11.5 or 12 actually they should all map into the system as session properties. You can use the following URL to verify your session properties:
http://<xMIIServer>/Lighthammer/PropertyAccessServlet?Mode=List
If you are not seeing the attributes you expect then your Attribute Query for User or Role is incorrect for your LDAP system and you need to change the LDAP configuration queries.
-Sam
Similar Messages
-
How to get user attributes from LDAP authenticator
I am using an LDAP authenticator and identity asserter to get user / group information.
I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
Any help would be appreciatedHi Julián,
in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
Beginner
Medium
Advanced
Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
Hope it helps
Detlev -
User roles from external active directory
Hi,
I am using my own active directory and not the embedded LDAP on weblogic.
On weblogic server, there the role names and the Provider configured
at path Home >Summary of Security Realms >myrealm >Users and Groups > Groups tab
The provider is configured at path
Home >Summary of Security Realms >myrealm >Users and Groups >Providers
Under 'Provider specific' tab, I have configured the Host, Port, Principal, Credentials etc.
I want to get these roles for the user who is login to the app.
I tried to follow the steps on http://biemond.blogspot.com/2008/12/using-weblogic-provider-as.html, However, when I run the 'Configure ADF Security' wizard I don't get the 'Identity Store' and 'LDAP Identity Store'.
Can someone please guide me on this with the proper steps and some specific jars if required for this?I don't think these links are useful for me. Here is what I am trying to do. Not sure this is right way to do this. I am really stuck on this and need quick help. Please help.
public boolean isInitiatorRole(String userName) {
System.out.println("++++ Calling isInitiatorRole()");
boolean hasRole = false;
Hashtable factEnv = new Hashtable();
Hashtable storeEnv = new Hashtable();
IdentityStoreFactoryBuilder builder = new IdentityStoreFactoryBuilder();
IdentityStoreFactory adFactory =null;
IdentityStore idStore =null;
System.setProperty("javax.net.ssl.trustStore", "/xxx/local/apps/oracle/SOA/jrmc-3.1.2-1.6.0/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
String storeLocation1 = System.getProperty("javax.net.ssl.trustStore")!=null?System.getProperty("javax.net.ssl.trustStore"):"###";
String storePass1 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"###";
// creating the factory instance
factEnv.put(ADIdentityStoreFactory.ST_SECURITY_PRINCIPAL,"ABCD");
factEnv.put(ADIdentityStoreFactory.ST_SECURITY_CREDENTIALS,"*****");
factEnv.put(ADIdentityStoreFactory.ST_LDAP_URL, "ldap://xxx-xxxx-01.xxx.com:389/");
factEnv.put("java.naming.security.protocol","SSL");
// creating the store instance
storeEnv.put(ADIdentityStoreFactory.ST_SUBSCRIBER_NAME, "CN=itfusion,OU=Service Accounts,OU=Security,DC=adweb,DC=bmc,DC=com");
System.out.println("++ AFTER setting prop storeLocation1:"+ storeLocation1 + " ++ storePass1:"+ storePass1);
try {
System.out.println("++++ TRY LOOP");
// System.out.println("++++ User from context: " +ADFContext.getCurrent().getSecurityContext().getUserRoles());
adFactory = builder.getIdentityStoreFactory("oracle.security.idm.providers.ad.ADIdentityStoreFactory", factEnv);
if(adFactory != null){
System.out.println("++++ adFactory not null");
}else{
System.out.println("++++ adFactory null");
idStore= adFactory.getIdentityStoreInstance(storeEnv);
if(idStore != null){
System.out.println("++++ idStore not null");
}else{
System.out.println("++++ idStore null");
User user;
user = idStore.searchUser(userName);
if(user != null){
System.out.println("++++ User not null");
RoleManager roleManager;
roleManager = idStore.getRoleManager();
SearchResponse resp;
resp = roleManager.getGrantedRoles(user.getPrincipal(), true);
System.out.println("++++ IN WHILE LOOP");
while( resp.hasNext() ) {
System.out.println("++++ IN WHILE LOOP");
Identity id = resp.next();
String roleName = id.getName();
if(roleName != null){
System.out.println("Role Name:" + roleName);
}else{
System.out.println("Role Name is null");
// if( roleName != null && roleName.toUpperCase().indexOf("INITIATOR")>0) {
//// if( roleName != null && roleName.toUpperCase().indexOf("XXXXX")>0) {
// hasRole = true;
// break;
}else{
System.out.println("User is null");
} catch (IMException e) {
log.info("??? Error occured while checking the role for Initiator");
return hasRole;
} -
User login report in Active Directory for specific date and time
I want to get User login report in Active Directory for specific date and time e.g user logged in at15-01-2015 from 8:00am to 4:00pm
Is any query, script or any tool available?
Waiting for reply pleaseYou can identify the last logon date and time using my script here: https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771
If you would like to get back in time and see when the user did a logon / logoff then you need to have auditing enabled. Once done, you can records from Security log in the event viewer: https://social.technet.microsoft.com/Forums/windowsserver/en-US/98cbecb0-d23d-479d-aa65-07e3e214e2c7/manage-active-directory-users-logon-logoff-events
I have started a Wiki about how to track logon / logoff and it can help too: http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
How to populate a sharepoint 2010 from the active directory.
I want a list of all the computers in the active directory,
another one with all users.
I want also to populate a sharepoint 2010 list from the sharepoint user profiles.
Thanks
szWhile
the contacts list is usually filled out for contacts that are outside the company, there are times when you would use a contacts list to store internal and external resources. Wouldn’t it be nice if you didn’t have to re-type your internal contacts’
information that are already in the system? Now you can with a little InfoPath customization on the contacts list.
Here’s our plan:
Create the contacts list, and open in InfoPath
Create a data connection to the User Profile web service
Customize the form adding some text, a people picker and a button
Create InfoPath rules that will populate the contact fields from the user fields in the User Profile store
Let’s get going! Before we begin, make sure you have InfoPath 2010 installed locally on your computer. I also want to give credit Laura
Rogers and Darvish Shadravan’s book Using
Microsoft InfoPath 2010 with Microsoft SharePoint 2010 Step by Step. I know it looks like a lot of steps, but it’s easy once you get the hang of it.
So obviously we need a contacts list. If you don’t already have one, go to the SharePoint site where it will live, and create a contacts list.
From the list, click the List tab on the ribbon, then click Customize form:
So now we have our form open in InfoPath 2010. Let’s add our elements to the form.
Above all the fields, let’s add some text instructing users what to do with the the field we’re about to add (.e.g To enter an existing user’s information, choose the user below).
Insert a people picker control by clicking the Person/Group Picker control in the Controls section of the ribbon. This will add a column to the contacts list called group.
Below the people picker, insert a button control from the same section of the ribbon as above. With the button still highlighted, click the Control Tools|Properties tab on the ribbon.
Then in the Label box, change the text to something more appropriate to our task (e.g. Click here to load user data!).
You can drag the button control a little larger to account for the text.
We should end up with something like this:
Before we can populate the fields with user data, we need to create a connection to the User Profile Service.
Add a data connection to the User Profile Service
Click the Data tab on the ribbon, and click the option From Web Service, and From SOAP Web Service.
For the location, enter the URL of your SharePoint site in the following format – http://<site url>/_vti_bin/UserProfileService.asmx?WSDL. Click Next.
Note - for the URL, it can be any SharePoint site URL, not just to the site where your list is.
For the operation, choose GetUserProfileByName. Click Next.
Click Next on the next two screens.
On the final screen, uncheck the box for “Automatically retrieve data when form is opened”. This is because we are going to retrieve the data when the button is clicked, also for performance reasons.
Now we need to wire up the actions on our button to populate the fields with the information for the user in the people picker control.
Tell the form to read the user from the people picker control
Click the Home tab on the ribbon.
Click the button control we created, and under the Rules section of the ribbon, click Manage Rules. Notice the pane appear on the far right.
In the Rules pane, click New –> Action. Change the name to something like “Query and load user data”.
Leave the condition to default (none – rule runs when button is clicked).
Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
For Field, click the button on the right to load the select a field dialog. Click the Show advanced view on the bottom. At the top, click the drop down and choose the GetUserProfileByName
(Secondary) option. Expand myFields and queryFields to the last option and highlightAccountName. Click ok.
For Value, click the formula icon. On the formula screen, click the Insert Field or Group button. Again click the show advanced view link, but this time leave the data
connection as Main. Expand dataFields, then mySharePointListItem_RW. At the bottom you should see a folder called group (the people picker control we just added to the form). Expand this, then pc:Person,
and highlightAccountId. Click Ok twice to get back to the Rules pane.
If we didn’t do this and just queried the user profile service, it would load the data of the currently logged in user. So we need to tell the form what user to load the data for. We take the AccountID field from the people
picker control and inject into the AccountName query field of the User Profile Service data connection.
Load the user profile service information for the chosen user
Click the Add button next to “Run these actions:”, and choose Query for data.
In the popup, for Data connection, click the one we created earlier – GetUserProfileByName and clickOk.
We’re closing in on our goal. Let’s see our progress. We should see something like this:
Now that we have the user’s data read into the form, we can populate the fields in the contact form. The number of steps to complete will depend on how many fields you want to populate. We need to add an action step for
each field. I’ll show you one example and then you will just repeat the steps for the other fields. Let’s update the Job Title field.
Populate the contact form fields with existing user’s data
Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
For Field, click the button on the right to load the select a field dialog. Highlight the field Job Title.
For Value, click the formula icon. On the formula screen, click the Insert Field or Group button. Click the Show advanced view on the bottom. At the top, click the
drop down and choose theGetUserProfileByName (Secondary) option. Expand the fields all the way down until you see the Value field. Highlight it but don’t click ok, but click the Filter
Data button, then Add.
For the first dropdown that says Value, choose Select a field or group. The value field will be highlighted, but click the field Name field
under PropertyData. Click Ok.
In the blank field after “is equal to”, click in the box and choose Type text. Then type the text Title.
Click ok until you get back to the Manage Rules pane. The last previous screen will look like this.
We’re going to update common fields that are in the user’s profile, and likely from Active Directory. You can update fields like first and last name, company, mobile and work phone number, etc. For the other fields, the
steps are the same except the Field you choose to update from the form, and the very last step where you enter the text will change. Here’s what the rules look like when we’re done:
We’re all done, good work! You can preview the form and try it now. Click Ctrl+Shift+B to preview the form. Once you’re satisfied, you can publish the form back to the library. Click File –> Quick
Publish. Once it’s done, you will get confirmation:
Now open your form in SharePoint. From the contact list, click Add new item. Type in a name, and click the button and watch the magic happen! -
Copy user attribute from different user to user currently being edited
Dear all,
I'm somehow stuck with a requirement I've to implement.
I've to copy some user attributes from one user to another. I learned that I should be able to use "getResourceObject" for
this and I tried to implement this in my user form:
<Field name='otherUser_actvtGrps'>
<Display class='Text'>
<Property name='title' value='otherUser_actvtGrps'/>
</Display>
<Default>
<set name='otheruser'>
<invoke name='getResourceObject' class='com.waveset.ui.FormUtil'>
<select>
<ref>context</ref>
<ref>:display.session</ref>
</select>
<s>SAP_System_A</s> <!-- the resource ID -->
<s>User</s>
<s>TemplateUser</s> <!-- this is the AccountID that i need as source -->
<null/>
</invoke>
<ref>otheruser.user.attributes.activityGroups</ref> <!-- this is the attribute from the source user I want to copy/read -->
</set>
</Default>
</Field>
But this does not return anything..
Any ideas what I did wrong ?
Many many thanks for any help/ideas !
Best regards
JoergDo you know where to get some docs about the topics you mentioned ?
1. Your adapter might not to support Resource Objects of type User.ResourceReference manual, the "Resource Object Management" section in each adapter chapter. Also the resource description in XML has the ObjectTypes section, for example, for Active Directory adapters:
<ObjectTypes>
<ObjectType name="Group" nameKey="UI_RESOURCE_OBJECT_TYPE_GROUP" icon="group">
<ObjectClasses operator="AND">
<ObjectClass name="Group"/>
</ObjectClasses>
<ObjectFeatures>
<ObjectFeature name="create"/>
<ObjectFeature name="update"/>
<ObjectFeature name="delete"/>
</ObjectFeatures>
<ObjectAttributes idAttr="distinguishedName" displayNameAttr="samAccountName" descriptionAttr="description" objectClassAttr="objectclass">
<ObjectAttribute name="cn" type="string"/>
<ObjectAttribute name="sAMAccountName" type="string"/>
2. You can fetch the complete user view with all resource account information.You will find many examples in IdM XPRESS samples.
Get user view using LighthouseContext and user accountId
<invoke name='getView'>
<invoke name='getLighthouseContext'>
<ref>WF_CONTEXT</ref>
</invoke>
<concat>
<s>UserViewer:</s>
<ref>accountId</ref>
</concat>
<Map>
</Map>
</invoke>Or with WorkflowServices (see BusinessAdministration manual):
<Action id='0' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='getView'/>
<Argument name='viewId'>
<concat>
<s>User:</s>
<ref>accountId</ref>
</concat>
</Argument>
<Return from='view' to='user'/>
</Action>
3. You can fetch resource account info directly using ResourceAdapter API (not too well documented way).Example in Java:
LighthouseContext ctx = <get context here>;
// Get resource object
Resource res = (Resource) ctx.getObject(Type.RESOURCE, <resource name>);
// Pack resource and user accountId into a ResourceInfo object
WSUser user = new WSUser();
ResourceInfo info = new ResourceInfo();
info.setAccountId(accountId);
info.setResource(res);
info.setAttributes(null);
user.setResourceInfo(new ResourceInfo[] {info});
// Rertrieve ResourceAdapter object
ResourceAdapter ra = ResourceOp.findAdapter(res, res.getCache());
// Get account info into the 'user' object
WSUser result = ra.getUser(user);
// Now you can get account status from ResourceInfo ...
info = result.getResourceInfo(res);
// ... and account attributes from WSAttributes
WSAttributes attributes = result.getWSAttributes();
... -
Integrating Active Directory LDAP in OBIEE 11g
Hi All,
I Have Configured Active Directory LDAP in OBIEE.
Steps i have Followed are,
1) configured Active Directory in providers under Scurity Releam.
2) Restarted BI Services to Load the Ldap Users.
3) login to the EM under bifoundation domain selected securitues->security configuration provider.created user.login.attr and username.attr.
4) under Credentials->oracle.bi.system map->system.user->deleted BISystemUser and Created key with the Existing name in Active Directory.
5) assigned System user to BISystem role in em.
6) in Console Roles and Polocies->Global Roles->Roles->Admin->view Role Condition (User = Active Directory User or Group=Administrators).
7) Restarted BI Server and Presentation Services.
Now I am Unable to Login to Presentation Services.
Please Reply ASAP.
Thanks and Regards
Kiran KumarKiran, Is there a specific reason for using RPD for LDAP authentication? From 11g onwards, the best practice is to use Weblogic (or external Authentication providers). Is it correct to say that for "Authentication' without proper RPD LDAP config for "USER" variable, users cannot login via presentation layer?
Cheers!
BK -
Could we have same name's for User and Groups in Active directory
When iam trying to create a user name " Logistics " under a OU, I am getting a error
"The pre-windows 2000 logon name you have chosen is already in use in this domain. Choose aother pre-windows logon name, and then try again"
We already have a group by the name " Logistics "
Could we have same name's for User and Groups in Active directory?
Thanks in AdvancesAMaccountName attribute is unique. So, the short answer is you cannot.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Oracle Enterprise User, OVD and MS Active Directory (AD)
Hi,
I need to authenticate Oracle Users from MS Active Directory.
If I create an Oracle Enterprise User, can I just use OVD or do I need also OID ?
If the answer is YES, I just need OVD do I need just to install OVD or do I need any other installation from OIM in order for it to work?
Thanks in advance for answering this post : )
CMTHi,
I am not sure that you are correct.
In the meantime, some one mentioned a white paper to read: "Directory Services Integration with Database Enterprise User Secuirty. In page 10 it mentions a scenario: EUS deployment using Active Directory and OVD
(without OID).
The cons mentioned are: Need to extend AD schema to include EUS meta-data (which I am not sure how its done). -
got event ID 4015 and source DNS-Server-Service. please suggest how to fix this issue
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
RajHi
first run "ipconfig /flushdns" and then "ipconfig /registerdns" finally restart dns service and check the situation,also you can check dns logs computer management ->Event viewer->Custom Views->Server roles->DNS. -
Functional module to get the File from a given Directory
Hi all,
I am using a FM name 'subst_get_file_list' to get the file from a given directory but it is accepting only 40 Character length file only my requirement is to accept file name other than 40 char,
give me good sugestion
regards
paulHi Paul,
Check the Function Module Gayathri has given. ie. 'SO_SPLIT_FILE_AND_PATH'.
In the exporting parameter FULL_NAME , give the path name and in the importing parameter stripped_name , you will get the filename.
Check this code.
REPORT ZSHAIL_SPLITFILE.
data: it_tab type filetable with header line,
gd_subrc type i.
tables: rlgrap.
data: path type string,
file_name type string.
parameters file_nam type rlgrap-filename .
data: user_act type i.
at selection-screen on value-request for file_nam.
CALL METHOD cl_gui_frontend_services=>file_open_dialog
EXPORTING
WINDOW_TITLE = 'select a file'
DEFAULT_EXTENSION = '*.txt
DEFAULT_FILENAME = ''
FILE_FILTER = '*.txt'
INITIAL_DIRECTORY = ''
MULTISELECTION = abap_false
WITH_ENCODING =
CHANGING
file_table = it_tab[]
rc = gd_subrc
USER_ACTION = user_act
FILE_ENCODING =
EXCEPTIONS
FILE_OPEN_DIALOG_FAILED = 1
CNTL_ERROR = 2
ERROR_NO_GUI = 3
NOT_SUPPORTED_BY_GUI = 4
others = 5
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
if user_act = '0'.
loop at it_tab.
file_nam = it_tab-filename.
endloop.
endif.
path = file_nam.
CALL FUNCTION 'SO_SPLIT_FILE_AND_PATH'
EXPORTING
full_name = path
IMPORTING
STRIPPED_NAME = file_name
FILE_PATH =
EXCEPTIONS
X_ERROR = 1
OTHERS = 2
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
at selection-screen.
message i001(zmess) with file_name.
Regards,
SP. -
Custom user attribute from ABAP to Portal UME
Hi All,
We have choose the ABAP as the data source for portal UME. We have a custom user attribute in the abap. Now i want to bring that custom user attribute from abap to custom user attribute in the UME.
Any help will be rewarded.
Thanks
Sarang.Any resolution to this issue?
-
Getting user name from sopa header
How should get user name from soap header in my udf...?i searched in sdn,but not get exact solution...
I din't get this with SRemoteUser
1. i've enabled " Do Not Use SOAP Envolope"
2.Enabled ASMA
3.Variable Transport Binding .
used the following code as well:
DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
DynamicConfigurationKey user = DynamicConfigurationKey.create( "http://sap.com/xi/XI/System/SOAP", "SRemoteUser");
conf.get(user);
But not value in it.. Correct me if iam wrong.. -
Cant login to 10.6 from an active directory account
cant login to 10.6 from an active directory account
You haven't provided nearly enough background of your Network for anyone to help you.
Please include an enormous amount of information about:
1) your Mac and the network it is on.
2) How you have established the link to the Active Directory
3) exactly what happens when you try to connect, including the literal text of all error messages. -
Sharepoint 2010 get User Groups from specific site
Hello,
I was able to get all User groups from entire site Collection.
But instead of getting user groups from entire site, I want read user groups only from one specified sub site.
Please help!
ThanksAssuming you have an SPWeb object named "web", example:
SPSite site = new SPSite(http://yourdomain/sites/yoursite);
SPWeb web = site.OpenWeb("mysubsite/subsbusite");
web.Groups will return a collection of SPGroup objects for the current subsite. If this subsite inherits permissions from a parent site (web.HasUniquePerm = False), the list is the same as the Groups property of the parent site.
SPWeb.Groups:
http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.spweb.groups(v=office.15).aspx
SPGroup:
http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.spgroup(v=office.15).aspx
You would be better results by posting coding questions in "SharePoint 2010 - Development and Programming" instead of "SharePoint 2010 - General Discussions and Questions".
Mike Smith TechTrainingNotes.blogspot.com
Books:
SharePoint 2007 2010 Customization for the Site Owner,
SharePoint 2010 Security for the Site Owner
Maybe you are looking for
-
I cannot continue to windows 7 64 bit setup after i make partition in boot camp
i get black screen after i make partition through bootcamp and pc restarts. i tried keeping ALT option to boot from DVD but still the same. i booted from OSX and i can see BOOTCAMP drive but i dont see it in my STARTUP drives. ?
-
I´m new at Garageband and Mainstage. How can I make them work together?
I´m new at Garageband and Mainstage. How can I make them work together?
-
Host command in application FORMS (access denied)
i try to use a host command in a form in apllication server vs 1.0.2.2a that call a copyfile.bat. J see that this operation send me a message to the server console with "access denied", instead if a use this file from the server works. Do you Know so
-
Another Iphoto '11 and PSE9 Questions
I'm running the latest version of iphoto '11. Just installed PSE9 and all of the updates. I've made PSE9 the external editor in iphoto. In the PSE9 prefs, I set: - the color picker to apple's - set on first save to save over current file When I wan
-
Just purchased Photoshop Elements and the serial number shows as invalid
Whenever I enter my serial number a message appears : "This serial number is not valid for Adobe Photoshop Elements 12" How do I solve this? The live chat has not been working as well so I don't know who to contact about this issue. Thank you!