How to define membership if attribute is not given in group?

This is a newbie question.
If we setup an OpenLDAP provider in our security realm, we successfully see the users (from the users tree ou=People,ou=webUsers,dc=meteoswiss,dc=ch) and the groups (from the groups tree ou=Applications,dc=meteoswiss,dc=ch; in our case different applications). However the users are unfortunately not associated to the group.
In the LDAP directory, the groups do not have an attribute such as member which links the user to the group. Instead, each group (application) has a people tree with all users associated to the group (application). The dn for such a user is as follows:
uid=user1,ou=People,ou=ApplicationX,ou=Applications,dc=meteoswiss,dc=ch
This user entry has an owner attribute which links this user back to the entry in the user tree:
owner=uid=user1,ou=People,ou=webUsers,dc=meteoswiss,dc=ch
How do we have to configure wls:static-member-dn-attribute and wls: static-group-dns-from-member-dn-filter in config.xml so that user1 is connected to ApplicationX (e.g. user1 is in the group ApplicationX)?
From our config.xml:
     <sec:authentication-provider xsi:type="wls:open-ldap-authenticatorType">
<sec:name>OpenLDAP</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
<wls:host>ourHost</wls:host>
<wls:user-name-attribute>uid</wls:user-name-attribute>
<wls:principal>cn=blabla,dc=meteoswiss,dc=ch</wls:principal>
<wls:user-base-dn>ou=People,ou=webUsers,dc=meteoswiss,dc=ch</wls:user-base-dn>
<wls:credential-encrypted>REMOVED/wls:credential-encrypted>
<wls:user-search-scope>onelevel</wls:user-search-scope>
<wls:user-from-name-filter>(&(uid=%u)(objectClass=inetOrgPerson))</wls:user-from-name-filter>
<wls:all-users-filter>(objectClass=inetOrgPerson)</wls:all-users-filter>
<wls:group-base-dn>ou=Applications,dc=meteoswiss,dc=ch</wls:group-base-dn>
<wls:group-search-scope>onelevel</wls:group-search-scope>
<wls:group-from-name-filter>(&(cn=%g)(objectClass=tvdMeteoAppl))</wls:group-from-name-filter>
<wls:all-groups-filter>(objectClass=tvdMeteoAppl)</wls:all-groups-filter>
<wls:static-group-object-class>tvdMeteoAppl</wls:static-group-object-class>
<wls:static-member-dn-attribute>owner</wls:static-member-dn-attribute>
<wls:static-group-dns-from-member-dn-filter>(&(owner=%M)(objectClass=tvdMeteoApplUser))</wls:static-group-dns-from-member-dn-filter>
<wls:use-retrieved-user-name-as-principal>true</wls:use-retrieved-user-name-as-principal>
</sec:authentication-provider>
Thanks, Peter
Edited by peter05 at 10/02/2007 8:18 AM
Edited by peter05 at 10/02/2007 8:20 AM

The answer to the question: "Can Weblogic assign a user to a group even if the group has NOT a MEMBER ATTRIBUTE but a SUBTREE (!= ATTRIBUTE) holding a USER entry attached to the GROUP entry (GROUP->PEOPLE->USER) which holds a reference to a separate USER tree" is unfortunatelly: "No"
Thanks anyway.
Peter

Similar Messages

  • How to define a  multivalued attribute in spml2.xml(spml2PersonForm)?

    I need to define a multivalued attribute in spml2.xml for modifying security answers and adding resources during add request. I tried by giving multivalued="true" during the attribute definition.
    <spmldsml:attributeDefinition name="questions" description="Secret questions" multivalued ="true"/>
    but still the lookup response shows the value as a single attribute
    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='questions'>
    <dsml:value>[What is your mother's maiden name?, asrfasdhfgjk, adsggfjhgkjhl]</dsml:value>
    </dsml:attr>
    Kindly suggest if i missed out anything during the configuration.

    Hi!
    I was unable to post any message. It was displaying that "Message blocked".
    Please help me in this issue.
    Regards
    Mourya

  • How to define a standard web template for a specific group of queries?

    Hello experts,
    I had to enhance the standard web template 0ADHOC and saved it as ZADHOC.
    Then in SPRO t-code I defined it as the standard web template. The problem is: it started to be the standard web template for all the company queries.
    Is there a way to define it as standard only for the queries of my project? Like adding some parameter in the web link only for my project queries?
    Thanks in advance,
    Helder

    I have figured out how to  slice it up myself,  however it appears as though I have to do it all  manually, drawing  each box myself.
    Yes, that's how it will have to be. There is no pertinent slicing in the PSD.
    This will result in either ALLOT of  work making sure  that each box is perfectly aligned with the one before  it, or uneven  slices.
    I am obviously doing something wrong.
    Yes, you are not using guides. You know, those cute turqoise lines of which the document already has a few when opening it...
    As for everything else - the template is simply rubbish. It's poorly organized and mostly unsuitable for building a website template right off the bat. Your work needs to start there by properly grouping items to mimic button states and then exporting them in two passes. And then there's things like this large dummy text etc. that simply don't make sense. Anyway, even if it sounds liek the same record over again: The biggest failure of any such work is to assume that PS could even spit out a working web page. All a web designer would use it for is to extract the graphical elements, but teh rest would stil lbe designed properly with standards compliance in mind in a web design app...
    Mylenium

  • How can I get sigalg attribute from a given X509 certificate

    Hi,
    I am verifying my client's digigital signature like this
    String sigalg = "SHA1WithRSA";
    Signature sig = Signature.getInstance(sigalg);
    sig.initVerify(pubKey);
    sig.update(sEnvelope.getBody().toString().getBytes());
    return sig.verify(Base64.decode(sigValue));
    while getting signature instance, rightnow I am hardcoding that to "SHA!withRSA", because I know that client is comming with that signatureAlgorithm, If another client comes with another alogorithm say "MD5withRSA", it is going to be failed. how can I change that sigAlg variable dynamically, based on different signature ?? what I have from the client is certificate file. how can I get signature algorithm from the certificate or from publicKey object ??
    Thanx, Venu

    Check the following methods in X509Certificate:
    getSigAlgName
    getSigAlgOID

  • How to find which all instances are not listed in groups?

    Hi
    We have 68 servers, 150 instances are there. I need to write a query to fetch from OEM repository, all the instances group by GROUP NAME.
    If any one knows how to get this information, which views/tables of sysman we need to touch please let me know ....
    Thanks in advance.
    RK

    SELECT group_name,targeT_name FROM MGMT$GROUP_MEMBERS WHERE target_type='oracle_database'
    ORDER BY group_name
    SELECT group_name,SUM(1) FROM mgmt$group_members WHERE target_type='oracle_database'
    GROUP BY group_name

  • How to define a Value for an Attribute of an Class

    Hi,
    How to define a Value for an Attribute of a Class ...
    ( I need to change the value of an Attribute of a class in standard program ....
    Ex...
       cl_hrce_masterswitches=>infotype_framework_is_active
    Here infotype_framework_is_active is the attribute .. its value in standard program is 'X'... Now i need to change it as '  '.
    How to define it and set value as ' '.

    Hello Surendar
    The static attribute INFOTYPE_FRAMEWORK_IS_ACTIVE is read-only and there is not SETTER method to manipulate its value.
    However, the attribute is filled in the CLASS_CONSTRUCTOR:
    METHOD class_constructor.
        IF ce_is_active                 = true OR
           global_payroll_is_active     = true OR
           mngmt_global_empls_is_active = true.
          infotype_framework_is_active = true.
          perid_infotype_is_active     = true.
        ELSE.
          infotype_framework_is_active = false.
          perid_infotype_is_active     = false.
        ENDIF.
    ENDMETHOD.
    Thus, you need to analyze how attribute CE_IS_ACTIVE, GLOBAL_PAYROLL_IS_ACTIVE and MNGMT_GLOBAL_EMPLS_IS_ACTIVE are filled in the CLASS_CONSTRUCTOR.
    For sure you will find customizing settings that are responsible for this.
    Regards
      Uwe

  • When multiple MAs present in fimsync belonging to same domain, how to define attribute precedence.

    Hi,
    In our environment there are multiple MAs and i have to define proper precedence of attribute flows in order to function properly. The list of MAs present are
    1. FlatFileMA
    2. FIM MA
    3. ADDs MA
    4. Google Apps MA
    We are provisioning the user from FlatFile to FIM, and then from FIM to AD, FIM to Google Apps MA. Some times the provision directly takes from FIM to AD and from FIM to Google Apps MA. In order to achieve this how should i assign the attribute precedence.
    The attributes that are using are accountName,firstName,LastName etc..
    We are using Code Based provisioning...
    Thanks
    Prasanthi

    If your main source of users is Flat File, it should have the highest.
    Then, as you can create users in FIM Portal and want them also to be provisioned to other sources, FIM MA should be second in precedence.
    Otherwise (if you set FIM MA higher than Flat File), attributes from Flat File would not be propagated to FIM Portal with "Denied - Attribute not precedent" warning in Preview.
    So you can have only two import flows for accountName for example - one from Flat File, second from FIM MA (and Flat file should be higher in precedence). The same are for first and last name.
    If you want to allow users to log in to FIM Portal (for example for password reset purposes), make sure also that you import objectSID from AD MA and domain (probably as "Advanced -> constant value") and export them to FIM MA along with accountName.
    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

  • Define a SAML Attribute whose value is not in any data store

    I attempting to define a SAML Attribute in Sun OpenSSO Ent 8.x, whose value is not in any data store. I need to assign static text. The SP requires a unique value for all assertions under the same company. This is their method to help ensure an employee and assertion are for the correct data. For example,
    <saml:Attribute Name="AccountID">
    <saml:AttributeValue>ref-193749900</saml:AttributeValue>
    </saml:Attribute>
    I have not found a way with the OpenSSO admin portal. Any assistance would be appreciated.
    Thanks.

    Any response to this? I have the same need.

  • How to define CMP attribute unique

    I have an CMP attribute called IDENTIFIER and I want to define that as a unique column in database. How can I define the SSN attribute while creating CMP beans ? Is there any way if map.xmi can be altered to define the attribute as UNIQUE ?
    Please help....
    Thanks in advance...

    Hi,
    See these related threads for steps:
    Re: Problem with T77OMATTR
    Creation of Custom Attributes in org structure
    BR,
    Disha.
    <b>Pls reward points for useful answers.</b>

  • Error VISA (Hex 0xBFFF001E) The specified state of the attribute is not valid, or is not supported as defined by the resource.

    Hi,
    First of all I need to say that I just beginning with the instrument control using Labview. For this reason, it's possible that the problem that i have would be easy to resolve. However, I have been looking for any solution for the forum, but unfortunately I can't fint anything. 
    Then the situation is the following: I'm trying to connect a power analyzer (Yokogawa WT1800) with the PC through GPIB. To achieve this objective I use the Agilent 82357B USB/GPIB Interface. The connection is done properly because I can see and comunicate with it through the NI MAX explorer. 
    In order to achieve the instrument control using Labview, I have downloaded and installed the Yokogawa WT1800 driver (ykt1800 Instrument Driver) using the NI Instrument Driver Finder tool. The problem that I have is that when I execute the provided examples I find the following error:
    Error -1073807330 occurred at Property Node (arg1) in Yokogawa WT1800 Series.lvlib: Initialize.vi -> Yokogawa WT1800 Series Measure Continuos Normal.vi
    Possible reason(s):
    VISA: (Hex 0xBFFF001E) The specified state of the attribute is not valid, or is not supported as defined by the resource,
    I tried to change the input arguments of the Visa open vi because I think that is there where is the problem but I can't achieve any solution. In the following image is attached the block diagram of the initialize.vi:
    Any help is appreciated.
    Thank you.
    Solved!
    Go to Solution.

    Hi,
    The Vi should work, I used it with a NI USB-GPIB interface. Can you use HighLight execution to see which property node is failing. Maybe your interface does not support the used property node.
    Kees

  • VISA: (Hex 0xBFFF001D) The specified attribute is not defined or supported by the referenced resource and VISA: (Hex 0xBFFF0015) Timeout expired before operation completed signal recovery

    I am trying to control an HP 8350B sweep oscillator. I have an Agilent PCI-GPIB card installed on my computer and have set it up to run with labview. I installed NI VISA, followed by Agilent IO libraries and activated the Tulip passport in NI MAX. 
    I tried turning on the "enable agilent GPIB cards for 488 programs" in Agilent IO libraries and checking the VISA test panel for WRITE and READ, but I get the timeout error: (Hex 0xBFFF0015) Timeout expired before operation completed signal recovery
    On moving to labview, when I configure the VISA Serial it gives me this error 
    Error -1073807331 occurred at Property Node (arg 2) in VISA Configure Serial Port (Instr).vi->8350_VISA.vi
    and the possible reason is
    VISA:  (Hex 0xBFFF001D) The specified attribute is not defined or supported by the referenced resource.
    Subsequently on removing the VISA Serial, I get errors in Write and Read with the possible reason being
    VISA:  (Hex 0xBFFF0015) Timeout expired before operation completed.
    Help !!
    Attachments:
    HP-8350B_VISA.vi ‏16 KB

    Moving to LabVIEW makes no sense if you get a timeout error in the VISA test panel and doing any sort of serial configuration makes even less sense. What query did you use with the test panel? Did you confirm it exists in the manual? Did you enable GPIB on the instrument?

  • HI, I JUST GOT IPHONE 5S AND WOULD LIKE TO DEFINE NO OF MAIL IN MAIL BOX, BUT THIS FEATURE NOT AVAILABLE WITH 5S, HOW TO DEFINE IT. AS NOW ITS SYNC ALL MAIL IN MY INBOX, I WOULD LIKE TO DEFINE NO FOR SAME. PL HELP ME.

    HI, I JUST GOT IPHONE 5S AND WOULD LIKE TO DEFINE NO OF MAIL IN MAIL BOX, BUT THIS FEATURE NOT AVAILABLE WITH 5S, HOW TO DEFINE IT. AS NOW ITS SYNC ALL MAIL IN MY INBOX, I WOULD LIKE TO DEFINE NO FOR SAME. PL HELP ME.
    MANU

    Your question doesn't make much sense in English. To have no mail in your in box, you need to delete what you have.

  • I would like to cancel my membership, but it is not listed when I try to view my plans. However, my card still gets charged. How do I cancel my membership for photoshop?

    I would like to cancel my membership, but it is not listed when I try to view my plans. However, my card still gets charged. How do I cancel my membership for photoshop? I am using a Mac Pro.

    Hi Liz,
    Please contact the support through call/chat for the cancellation requests.
    Contact Customer Care
    Regards,
    Sheena

  • How to add a field that is not part of existing page attributes

    Hi Experts,
    Can someone give step by step procedure for adding a field that is not part of IC web view page attributes. I mean the field that I want to add is in BOL entity BTSaleset which is linked to BTAdminH through BTHeadersaleset relation. I have BTadminH in the page attributes but not BTsaleset.
    Thanks in Advance

    Experts.. any inputs ?

  • How to retrieve attribute-names (not values)

    Hi
    I know that I can get all attributes by an XPath expression according to /AA/@* . But since I have a XML document in XMLType and when I use the "..extract( aXpath)" function, I get all the attributes of the corresponding node but as a concatenation of the values. How can I get the attributes names:
    E.G.
    AA
    BB 12.3 /BB
    CC 45.5 /CC
    /AA
    /AA/@* would return 12.345.5, but I need to know "BB" and "CC", any ideas ?

    ${applicationScope.abc}
    or if there is no attribute "abc" in page, request, or session scopes just
    ${abc}

Maybe you are looking for

  • Creating a Coldfusion Data Source that connects to a DB on a different server

    Your assistance is appreciated.  I am attempting to create a data source on server #1 that is to connect to a database residing on Server #2.  Thus far, each attempt made results in an error that the database "is already opened exclusively by another

  • How to upgrade ADF to second instance

    Hi All, We are using ADF in our application. We have older version of OAS 10.1.2.0.2 We were successful in upgrading the ADF libraries on the "home" instance of OAS using ADF installer. Now, we created another instance called "MY_OC4J". Next task is

  • View Attribute Types shows only Java Types

    Hi, when I edit an attribute of a view, normally I can choose it's data type, containing Java Types: "BigDecimal", "Integer" .... and Oracle Types: Number, Date etc. But after having reinstalled the Jdeveloper, the drop down box only shows the Java t

  • Career guidance on SAP BPC

    Hi Gurus, I am a certified BI guy with over 5 yrs experience & as of now I am still an individual contributor in my company. Now I have got an opportunity & time to learn SAP BPC & also I am interested.  So I want to know how much would that be helpf

  • POWER won't come on...

    Everything is as it was... no changes. But the computer will not boot up. Pushing the button on the tower: the light will stay on only as long as I hold it down, but will not kick start the computer. It's as if it's getting no power. HELP. Not panick