GroupWise ldap attributes names
Hi,
I'm using Novell Identity Manager to synchronize users accounts to GroupWise. What are ldap attributes used to store information about email address, distribution lists and license type (full and limited)?
Thanks
moularbi,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/
Similar Messages
-
Using OID in place of attribute name in an update operation
Hi,
I use Iplanet DS 5.0 on Solaris 8.0
An application that I use needed a custom defined schema.
This application tries to update entries using the OID of the attribute instead of the attribute name.
ie. It uses
Add: 2.5.4.58;binary
instead of the name of the attribute -- attributeCertificateAttribute that has been defined in the directory.
This operation fails with an objectClass violation.
The developer pointed out that this was allowed by the RFC and that it worked with other directories.
Later I tried replacing attribute names by their OIDs in corect LDIF files and these operations failed too.
I have included an ethereal trace of the request and of the response.
Question:
Does this work on Iplanet DS? How can I get it to work ?
Thanks,
sriad
Request
=========================================
Message Id: 2
Message Type: Modify Request (0x06)
Message Length: 437
Distinguished Name: CN=User0,O=PERMIS,C=GB
Add: 2.5.4.58;binary
Response
======================================
Message Id: 2
Message Type: Modify Result (0x07)
Message Length: 7
Result Code: Objectclass violation (0x41)
Matched DN: (null)
Error Message: (null)Thank you ReubenC, the business has decided to not proceed with the LDAP configuration of web.config at this time and would rather stay with using the TNS entry for the time being; this is because we just mirgated their instance to an 11g environment and they want to ensure they have no issues with the migration before they take on web.config changes too.
I will however try your recommendation when they choose to proceed and let you know how it turns out.
Thank you,
Charlie -
ISE 1.1.1. and additional LDAP attribute retrieval
Hello All,
I'm authenticating users against Active Directory and want to also check additionals attributes from LDAP. In ACS 5.3. it was possible to set this up via External Identity Sequence, but in ISE I don't see this possibility. I can set sequence only for authentication, but not for additional attribute retrieval.
When I set a condition in a policy that an LDAP attribute must match with some value, the attribute is not retrieved and autorization ends on default Deny Access.
Can anyone help me how this can be set on ISE?
Thanks!
Regards
Karel NavratilYes that's what I've tried as I wrote in my first post, but the ISE does not retrieve the attribute from LDAP
Here are some screenshots:
authorization rule:
ldap attribute in external identity source:
and the logs:
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
11105 Request received from a device that is configured with KeyWrap in ISE.
Evaluating Service Selection Policy
15048 Queried PIP
15048 Queried PIP
15004 Matched rule
11507 Extracted EAP-Response/Identity
12100 Prepared EAP-Request proposing EAP-FAST with challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12102 Extracted EAP-Response containing EAP-FAST challenge-response and accepting EAP-FAST as negotiated
12800 Extracted first TLS record; TLS handshake started
12805 Extracted TLS ClientHello message
12806 Prepared TLS ServerHello message
12807 Prepared TLS Certificate message
12810 Prepared TLS ServerDone message
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12812 Extracted TLS ClientKeyExchange message
12804 Extracted TLS Finished message
12801 Prepared TLS ChangeCipherSpec message
12802 Prepared TLS Finished message
12816 TLS handshake succeeded
12149 EAP-FAST built authenticated tunnel for purpose of PAC provisioning
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12209 Starting EAP chaining
12218 Selected identity type 'User'
12125 EAP-FAST inner method started
11521 Prepared EAP-Request/Identity for inner EAP method
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12212 Identity type provided by client is equal to requested
11522 Extracted EAP-Response/Identity for inner EAP method
11806 Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
11808 Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - Internal Endpoints
22043 Current Identity Store does not support the authentication method; Skipping it
24210 Looking up User in Internal Users IDStore - test,host/test-pc
24216 The user is not found in the internal users identity store
24430 Authenticating user against Active Directory
24402 User authentication against Active Directory succeeded
22037 Authentication Passed
11824 EAP-MSCHAP authentication attempt passed
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
11810 Extracted EAP-Response for inner method containing MSCHAP challenge-response
11814 Inner EAP-MSCHAP authentication succeeded
11519 Prepared EAP-Success for inner EAP method
12128 EAP-FAST inner method finished successfully
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12126 EAP-FAST cryptobinding verification passed
12200 Approved EAP-FAST client Tunnel PAC request
12219 Selected identity type 'Machine'
12125 EAP-FAST inner method started
11521 Prepared EAP-Request/Identity for inner EAP method
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12212 Identity type provided by client is equal to requested
11522 Extracted EAP-Response/Identity for inner EAP method
11806 Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
11808 Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
Evaluating Identity Policy
11055 User name change detected for the session. Attributes for the session will be removed from the cache
15006 Matched Default Rule
15013 Selected Identity Store - Internal Endpoints
22043 Current Identity Store does not support the authentication method; Skipping it
24210 Looking up User in Internal Users IDStore - test,host/test-pc
24216 The user is not found in the internal users identity store
24431 Authenticating machine against Active Directory
24470 Machine authentication against Active Directory is successful
22037 Authentication Passed
11824 EAP-MSCHAP authentication attempt passed
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
11810 Extracted EAP-Response for inner method containing MSCHAP challenge-response
11814 Inner EAP-MSCHAP authentication succeeded
11519 Prepared EAP-Success for inner EAP method
12128 EAP-FAST inner method finished successfully
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12126 EAP-FAST cryptobinding verification passed
12201 Approved EAP-FAST client Machine PAC request
Evaluating Authorization Policy
15004 Matched rule
15016 Selected Authorization Profile - DenyAccess
15039 Rejected per authorization profile
12855 PAC was not sent due to authorization failure
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
11105 Request received from a device that is configured with KeyWrap in ISE.
12104 Extracted EAP-Response containing EAP-FAST challenge-response
11514 Unexpectedly received empty TLS message; treating as a rejection by the client
12512 Treat the unexpected TLS acknowledge message as a rejection from the client
11504 Prepared EAP-Failure
11003 Returned RADIUS Access-Reject
So no any information that ISE tries to retrieve something from LDAP.
Regards
Karel -
Finding LDAP server names by DNS lookup.
Hi,
I'm very new with JNDI and DNS
We are hardcoding the ldap server name in our configuration to connect to the Active directory, but the requirement is to know the ldap server name dynmaically by querying the DNS server.
The input given to us are below.
Dns domain : indbank.is.
SRV RRecord : ldap.tcp.
Query dns : ldap.tcp.indbank.is.
The domain controller should be found by a DNS lookup for the domain, then a DNS for Domain controllers that advertise the service, then try to see if the domain controllers areanswering, and if so choose the one with the fastest answer time (to avoid choosing a domain controller over WAN).
Kindly help me.I am beginner and some code sample and tip will be welcome. :)
Thanks in advance.
HiubertThanks a lot to All.
My code is as follows...
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
public class dns1
public static void main(String[] args) {
try {
Hashtable env = new Hashtable();
env.put("java.naming.factory.initial","com.sun.jndi.dns.DnsContextFactory");
env.put("java.naming.provider.url", "dns://indbank.is");
DirContext ctx = new InitialDirContext(env);
System.out.println("Intial context created...");
Attributes attrs = ctx.getAttributes("_ldap._tcp.indbank.is",new String[] {"SRV"});
System.out.println("Attributes are been retrieved...");
for (NamingEnumeration ae = attrs.getAll();ae.hasMoreElements();)
Attribute attr = (Attribute)ae.next();
String attrId = attr.getID();
System.out.println("Attribute ID retrieved is" + attrId);
for (Enumeration vals = attr.getAll();vals.hasMoreElements(); System.out.println(attrId + ": " + vals.nextElement()));
ctx.close();
catch(Exception e)
System.err.println("Problem querying DNS: " + e);
e.printStackTrace();
The code runs fine and I get the output as follows
0 100 389 ib500ad1.indbank.in
0 100 389 ib500ad2.indbank.in
I have following questions
1) Do these servers which are returned are the domain controllers or the ldap servers.?(or both domaincontrollers and ldap server are same)
2) how to extract the server name alone from this string.
3) If these two server names are domain controllers then how can I query for a DNS for Domain controllers that advertise the service, then try to see if the domain controllers are answering, and if so choose the one with the fastest answer time (to avoid choosing a domain controller over WAN).
Thanks in advance.
-Hiubert -
Provision user to a resource when a LDAP attribute is set to true by active
HI,
I have the following requirement
When a particular attribute in LDAP is set to true then we have to pick it by the active sync process and provision the user in another resource.
Can any one let me know how to go about this.I'd do it like this:
Create a business role "SomeRole" that includes an IT-Role that includes the target resource.
In the activeSync form, assign this role depending on the LDAP attribute:
<Field name='waveset.roles'>
<Expansion>
<cond>
<eq>
<ref>accounts[LDAP].thisParticularAttribute</ref>
<s>true</s>
</eq>
<s>SomeRole</s> <!-- you will need to append the role to the list if the user already has roles, otherwise all roles will be overwritten by this single value -->
<ref>waveset.roles</ref>
</cond>
</Expansion>
</Field> -
Hi, I've successfully configured authentication acces with LDAP (it's the first time for me) with the code below: String user=request.getParameter("user");
String pwd=request.getParameter("pwd");
session.setAttribute("user",user);
String[] args={"mail.xxxxxx.it","389","xxxxxx",user,pwd};
Hashtable env = new Hashtable(11);
System.out.println("ciao");
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + args[0] + ":" + args[1]);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, args[2] + "\\" + args[3]);
env.put(Context.SECURITY_CREDENTIALS, args[4]);
LdapContext ctx = new InitialLdapContext(env, new Control[0]);but I cannot find mail attributes (name,surname,phone,etc)
What's wrong?
Thanks in advance
ByeOK, figured it out. I was worried because of some configuration options changes. The previous versions were more explicit. But it seems it's also easy to achive this using PE 2.2.
Thanks. -
DBMS_LDAP Seems to Change Attribute Name Case
When we use DBMS_LDAP.populate_mod_array with DBMS_LDAP.mod_replace and then DBMS_LDAP.modify_s our attribute names (not values) stored in LDAP change to all lower case from mixed case. For example, if we have Attribute Name "telephoneNumber" with an Attribute Value of "555-1212". When we change the value to "111-1111" the name changes to "telephonenumber."
Any ideas?
We are passing a mod_type of "telephoneNumber."it would help us analyze if you can post the codes. thanks.
-
Which LDAP attribute is utilized by CertStore to retrive certifications?
Hi
thank you for reading my post
I find that CertStore and LDAPCertStoreParameters and X509CertSelector and X509CRLSelector can be used to extract certifications from LDAP.
What i can not figure out is,
which LDAP attribute uses by these class to extract certifications?
for example we have person class in LDAP which one of its attribute can be userCertificate, how does these class figure out what is name of these attribute?
maybe they uses some other mechanism, and my assumption are not correct?
ThanksHi
Thank you for your reply.
Imagine that i have the following requirement, what could be possible steps to implement it?
I need to check and see whether a digital certification belongs to a user or not.
user will gives it uid and digital certification.
here is one way that i have in my mind:
-Search the LDAP for that user.
-Extract the userCertificate attribute as binary
-Create a X509 certificate from it
-Compare it with what user provides.
Is it a good way?
Does all of the above steps are do-able?
Do you have suggestion to improve the procedure or make it more standard ?
Thanks -
How to change the attribute name for a relation
When the Data Modeler engineers a logical model into a relational model it create table columns for the relations. The names of the generated columns are listed in the attributes list in the properties dialog of the relation. The actual name of the attribute gets calculated by the attribute name of the entity which is part of the relation. This is okay, if there is only one relation between two entities. But when there are two relations between two entities the second attribute gets a stupid number suffix. This makes it impossible to give the attribute a useful semantic meaning.
When I engineer the model into a relational model I can change the column name in the relational model. Changing the column name in the relational model is not perfect but it would be okay for me, if it would not be overwritten during the next engineering run.
So I have two questions:
How can I change the attribute name in the attributes section of the properties dialog of a relation? See here for screen shot:
http://public.ceving.de/2012050300/relationattribute.png
And if it is not possible:
How can I preserve any changes on column names in the relational model during a re-engineering run?
Edited by: 931739 on 03.05.2012 08:07Hi,
I've logged an Enhancement request on this.
I don't believe it's possible to change it from the Entity or Relationship dialog, as it's not updatable in these dialogs.
What you can do is change it in the Relational Model, and then reverse engineer the change back to the Logical Model.
David -
Get the attributes NAME and VALUE from an XML
I really love this forum :)
I load an XML an populate a Tree, from which I start to drag
items.
the xml looks like this:
<myTag attrName="attrValue"
otherAttrName="otherAttrValue"/>
var ds:DragSource = event.dragSource;
var var1:String =(event.dragInitiator as
Tree).value.@attrName;
-> the var1 variable has now: "attrValue"
my question is.. how can I get all the attributes' names? in
this example: attrName and otherAttrName (suppose I don't know the
structure of that xml node)
what about attributes values?
thank you!The snippet below takes an xml node(nodeCur), loops over the
attributes list and builds an array that contains the attribute
name and value for each attribute. It comes from a sample app that
allows you to edit an xml file.
Sorry that the forum will remove the formatting
var aDPAttributes:Array = new Array();
var xlAttributes:XMLList = nodeCur.@*;
var attribute:Attribute;
for ( var i:int = 0; i < xlAttributes.length(); i++) {
aDPAttributes.push({name:xlAttributes [ i ]
.name(),value:xlAttributes [ i ] });
dgAttributes.dataProvider = aDPAttributes; //set the property
sheet dataProvider
Tracy -
Cannot create or replace : The specified extended attribute name was invalid.
New problem arrived today. Trying to copy a file from 10.6 server with an XP (SP3) client. I get this error:
Cannot create or replace (file name here): The specified extended attribute name was invalid.
The contents of the file can be copied, but not the folder. Other files can be copied. There are no funny characters. The name is not too long. I propogated the permissions on the share and that had no affect. The problem exists on three different XP systems. Can't find extended properties that could be causeing a problem. Any ideas?Nikon just released a Firmware update today for the D750
-
Inbound mail routing based on LDAP attribute mailsystem
Hi gents and ladies,
i have a small question ...
is it possible to route an email to a recipient based on an LDAP attribute like mailsystem or ldap attribute domain ?
We have an infrastructure with domino and Xchange. All users have a - so called - maindomain.net SMTP Address.
Is it possible to manage such routing via mail policies or message filters ?
Or is it just easy to realize this jjust with SMTP routing list ? e.g. maindomain.net gets an entry in SMTP routing pointing to the domino gateway ... if no delivery is possible the default gateway (Xchange gateway) would be used instead ?
Thanks in advance for your help and hints.Hello HPGroh2013,
I think I answered your question in the previous entry, at least it looks the same to me.
Regards,
Andreas -
Automatic Generation of classes with required attribute names
Hi ,
I am new to XML technologies ...I am having a problem in deciding whether I
should use JAXB or Castor for data binding.
The problem is the attributes I am to use are named differently as that found in
the DTD.I have creted my own classes using the required attribute names and the
n mapped them using the Castor mapping with the attributes.
I was wondering how should I achieve --"automatic generation of classes" with th
e specified attribute names?
I understand that JAXB can be used to automatically generate classes ,but this
uses the same default names as that of the XML file ..is there a way of forcing
JAXB to generate classes that use my name attributes rather than that of the XM
L dtd
If I use Castor ..is there a way to do the same.Generate Classes with the specif
id attributesHi ,
I am new to XML technologies ...I am having a problem in deciding whether I
should use JAXB or Castor for data binding.
The problem is the attributes I am to use are named differently as that found in
the DTD.I have creted my own classes using the required attribute names and the
n mapped them using the Castor mapping with the attributes.
I was wondering how should I achieve --"automatic generation of classes" with th
e specified attribute names?
I understand that JAXB can be used to automatically generate classes ,but this
uses the same default names as that of the XML file ..is there a way of forcing
JAXB to generate classes that use my name attributes rather than that of the XM
L dtd
If I use Castor ..is there a way to do the same.Generate Classes with the specif
id attributes -
Text variable replacementpath with key, attribute, name then what
text variable replacementpath with key, attribute, name then what are the changes in my report in quary designer
The XML 1.0 spec does not allow elements or attribute names to include spaces in the names.
See: http://www.xml.com/axml/axml.html
for a nice annotated version of the spec.
[Definition:] A Name is a token beginning with a letter or one of a few punctuation characters, and continuing with letters, digits, hyphens, underscores, colons, or full stops, together known as name characters. Names beginning with the string "xml", or any string which would match (('X'|'x') ('M'|'m') ('L'|'l')), are reserved for standardization in this or future versions of this specification. -
I have all these errors, can anyone help with this all means? trying to get my book published in iBooks. Nedd your help. Thanks, Jo
ERROR ITMS-9000: "index_split_000.html(257): attribute "name" not allowed here; expected attribute "accesskey", "charset", "class", "coords", "dir", "href", "hreflang", "id", "rel", "rev", "shape", "style", "tabindex", "target", "title", "type" or "xml:lang"" at Book (MZItmspBookPackage)
Use of the block quote element can cause ePubecheck to give the error "text not allowed here". Text must not be alone inside of a body tag and if it is not enclosed in some other block level tag, this may lead to the error you are receiving.I have all these errors, can anyone help with this all means? trying to get my book published in iBooks. Nedd your help. Thanks, Jo
ERROR ITMS-9000: "index_split_000.html(257): attribute "name" not allowed here; expected attribute "accesskey", "charset", "class", "coords", "dir", "href", "hreflang", "id", "rel", "rev", "shape", "style", "tabindex", "target", "title", "type" or "xml:lang"" at Book (MZItmspBookPackage)
Use of the block quote element can cause ePubecheck to give the error "text not allowed here". Text must not be alone inside of a body tag and if it is not enclosed in some other block level tag, this may lead to the error you are receiving.
Maybe you are looking for
-
How to Maintain Surrogate Key Mapping (cross-reference) for Dimension Tables
Hi, What would be the best approach on ODI to implement the Surrogate Key Mapping Table on the STG layer according to Kimball's technique: "Surrogate key mapping tables are designed to map natural keys from the disparate source systems to their maste
-
Profit Centers & Distribution Rules
hi experts, I have created a distribution rule which consists of 5 profit centers as following: Sales1 20% Sales2 20% Sales3 20% Sales4 20% Sales5 20% I posted a JE with amount of 2000 to one of my expense accounts with distribution rule tagged in ro
-
I am making a textbook for my students using iBooks Author. I would like to create a link that opens another presentation app (Qwiki) for further information. Every time I make a hyperlink, iBooks puts http:// in front of the link, which will not all
-
Adobe Download Assistant won't complete download Acrobat Pro xi
Adobe Download Assistant won't complete download. It says downloading 501mb, and when it does that it goes around again and again. My download speed is about 7mb, so it shouldn't take more that a couple of hours at most...
-
FileDialog, not JFileChooser, how to set filter? help+help!
i want to add file filter to the bottom combo box control of FileDialog, but i have no idea. 1. setFile("*.txt;*.java;") works in a silly style 2. FilenameFilter doesn't work (return true or false makes no diff from accept function. if you used FileD