How to fill a LDAP directory
Hi;
I have realize a application which authenticates from LDAP directory, the users and affect profils to them.
Q: which is the best means to feed this directory LDAP (its possible from my web application to modify the LDAP password) in using another application or another LDAP directory, or another solution ?
Regards;
Q: which is the best means to feed this directory
LDAP (its possible from my web application to modify
the LDAP password) in using another application or
another LDAP directory, or another solution ?Are you looking to manually update this information or are you looking for a way for users to be able to interactively maintain passwords and admin to maintain roles in real time? Another possibility is keeping seperate corporate ldap and an application ldap instances in sync (ie - user has 1 password for all network apps maintained in corporate ldap, but application ldap has application specific roles and such which cannot be stored in corporate ldap). Clearer definition of exactly what you need here would be useful.
If the first case, there are ldap utilities which work with ldif files to handle this - should be able to google it to come up with what you need - ldapmodify I think.
If you are looking to be able to maintain the data from the application, likely you'll need to figure out your security model and build the interface to update this information. It can be done from the web app, from a standalone utility, or whatever works best for your situation.
Similar Messages
-
How do I import LDAP directory users for assigning devices in Configurator?
I have the Apple Configurator up and running and it is working well. However, I would like to import my user list so that I don't have to manually add 150+ users to assign devices. Is this possible?
This is not something I have done myself before, but I believe it certainly is possible. Have you read the help file? https://help.apple.com/configurator/mac/1.5/#cadbf9c2a0
In short:
Step one - Sign into your LDAP server in system preferences.
Step two - in the Assign view of Configurator click a + and start typing user names, it should fill with users from your server. I assume it's possible to add groups at a time. These are pretty good guides also:
http://krypted.com/iphone/managing-ios-devices-with-apple-configurator/
http://www.classthink.com/deploying-ipads-in-education/
Hope this helps.
Cheers,
Ben -
LDAP support limited. How to configure Address Book / Directory Access?
I complained to a sysadmin that my LDAP searches were returning very limited information (just surname and e-mail). He replied,
"...[Address Book] can't be configured to query specific attributes, it can't be configured to show specific attributes except for the small set they have elected to permit, ... it doesn't even show cn/commonName which is a compulsory field in the inetOrgPerson schema or ou/organizationalUnitName which is the standard way of distinguishing components of an organization..."
Directory Access seems to offer facilities for requesting specific attributes. I tried mapping them to Address Book fields, but with no improvement in the search results. Any tips?Here is some info I found on manually configuring and mapping schemas.
Configuring LDAP Searches and Mappings
Using Directory Access, you can edit the mappings, search bases, and search scopes that specify how Mac OS X finds specific data items in an LDAP directory. You can edit these settings separately for each LDAP directory configuration listed in Directory Access. Each LDAP directory configuration specifies how Mac OS X accesses data in an LDAPv3 or LDAPv2 directory.
You can edit the mapping of each Mac OS X record type to one or more LDAP object classes.
For each record type, you can also edit the mapping of Mac OS X data types, or attributes, to LDAP attributes.
You can edit the LDAP search base and search scope that determine where Mac OS X looks for a particular Mac OS X record type in an LDAP directory.
IMPORTANT: When mapping Mac OS X user attributes to a read/write LDAP directory domain (an LDAP domain that is not read-only), the LDAP attribute mapped to RealName must not be the same as the first attribute in a list of LDAP attributes mapped to RecordName. For example, the cn attribute must not be the first attribute mapped to RecordName if cn is also mapped to RealName.
For detailed specifications of Mac OS X record types and attributes, refer to "Mac OS X Server Open Directory Administration for Version 10.4 or Later" (available at www.apple.com/server/documentation/).
In Directory Access, click Services.
If the lock icon is locked, click it and type the name and password of an administrator.
Select LDAPv3 in the list of services, then click Configure.
If the list of server configurations is hidden, click Show Options.
Select a server configuration in the list, then click Edit.
Click Search & Mappings.
Select the mappings that you want to use as a starting point, if any.
Click the "Access this LDAPv3 server using" pop-up menu and choose a mapping template to use its mappings as a starting point or choose Custom to begin with no predefined mappings.
Add record types and change their search bases as needed.
To add record types, click the Add button below the Record Types and Attributes list. In the sheet that appears, select Record Types, select one or more record types from the list, and then click OK.
To change the search base and search scope of a record type, select it in the Record Types and Attributes List. Then edit the "Search base" field. Select "all subtrees" to set the search scope to include the entire LDAP directory's hierarchy from the search base down. Select "first level only" to set the search scope to include only the search base and one level below it in the LDAP directory's hierarchy.
To remove a record type, select it in the Record Types and Attributes List and click Delete.
To add a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an object class from the LDAP directory. To add another LDAP object class, you can press Return and enter the name of the object class. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
To change a mapping for a record type, select the record type in the Record Types and Attributes List. Then double-click the LDAP object class that you want to change in the "Map to __ items in list" and edit it. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
To remove a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the LDAP object class that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
Add attributes and change their mappings as needed.
To add attributes to a record type, select the record type in the Record Types and Attributes List. Then click the Add button below the Record Types and Attributes list. In the sheet that appears, select Attribute Types, select one or more attribute types, and then click OK.
To add a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an attribute from the LDAP directory. To add another LDAP attribute, you can press Return and enter the name of the attribute.
To change a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then double-click the item that you want to change in the "Map to __ items in list" and edit the item name.
To remove a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the item that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
To change the order of attributes displayed in the list on the right, drag the attributes up or down in the list.
Click Save Template if you want to save your mappings as a template.
Templates saved in the default location are listed in pop-up menus of LDAP mapping templates the next time the current user opens Directory Access. The default location for saved templates is in the current user's home folder at this path:
~/Library/Application Support/Directory Access/LDAPv3/Templates
Click Write to Server if you want to store the mappings in the LDAP directory so that it can supply them automatically to its clients.
You must enter a search base to store the mappings, a distinguished name of an administrator (for example, uid=diradmin,cn=users,dc=ods,dc=example,dc=com), and a password. If you are writing mappings to an Open Directory LDAP server, the correct search base is "cn=config, suffix" (where suffix is the server's search base suffix, such as "dc=ods,dc=example,dc=com").
The LDAP directory supplies its mappings to Mac OS X clients whose custom search policy includes a connection that's configured to get mappings from the LDAP server. The LDAP directory also supplies its mappings to all Mac OS X clients that have an automatic search policy. For instructions, see Configuring Access to an LDAP Directory and Setting Up Search Policies. -
Please Help. How can you monitor a directory using jndi connection to a ldap server?
How can you monitor a directory using jndi connection to a ldap server? I
want the ldap server to monitor the content change in a file system
directory on another computer on the network. Can someone please help.
Thanks
FredHi,
Why do you want to use LDAP for Hard disk monitoring..???
U can do this by creating a MD5 checksum for all the files existing in some
perticular
directory and every hour or any configurable period u can recalculate the
checksum
to find out the change in the content.
I guess all u need is to get the code for "updatedb" utility of Linux and
instrument it for ur needs..
Hope it helps...
-aseem
mr wrote:
How can you monitor a directory using jndi connection to a ldap server? I
want the ldap server to monitor the content change in a file system
directory on another computer on the network. Can someone please help.
Thanks
Fred -
How do I export existing Siebel employees to my LDAP directory?
All;
I have a fully-functional Siebel implementation using an LDAP directory server; I can create new employees, and they are migrated to the LDAP server without any problem.
Unfortunately, I'm using a pre-populated Siebel database with roughly 250 employees, none of whom are in the LDAP directory. I can enter them on the LDAP server one-by-one, but this is painful, to say the least.
If I try to add a password to them using the Siebel application to get them moved to the LDAP directory, I am told that "the user does not exist in the authentication system".
So the problem is clear: In Siebel CRM, on a "create", an LDAP record is created. On an "update", it looks for an existing LDAP record, which I don't have.
Is there any easy way around this, so I can populate my LDAP directory with my existing employees and their passwords?
Thanks!
JoeWhat about using a DB client and export the user data that you have in the Siebel DB?
Then use this data to load the users into the LDAP server?
Axel -
Messenger Express: How do I add the Directory Server to the address book search tool?
In Messenger Express (ME) how do I add the Directory Server (DS) to the address book
search tool?
<P>
Edit the globals.pl file. Look for a line similar to: <BR>
@dirservers = ('MyCompany::phonebook.foo.com::o=FooCorp.,c=US','Four11 Directory::ldap.four11.com::');
<P>
Add an entry to the list. The list is comma delimited and each entry is a
string. The string contains three fields, delimited by a double colon (::). The
first field is the name you want to appear in the User Interface (UI). The second is
the hostname of the DS and the third is the Distinguished Name (DN) to use when searching.
<P>
Please note, Messenger Express is part of the Messaging Server. For more
information on Messenger Express, please see the release notes at
http://home.netscape.com/eng/server/MExpress/relnotes.htmYou can't add a new contact to specific group and there is no app for this. 3rd party apps don't have access to private iPhone APIs with security concerns being a primary reason, which such a function would require.
-
Corrupted ldap directory - URGENT
We are successfully corrupting our ldap directory when using the jndi
1.1 interface with concurrent users on a weblogic 5.1 server. If 2
users try to load the same ldif import file at the same time (don't
ask why) then when an exception occurs, SOMETIMES jndi does not appear
to rollback properly but adds the existing entry into another part of
the directory at the same time as reporting the following error.
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry
Already Exists];
We presume there is a syncronization problem with JNDI clearing its
stack or something.
Has anyone had a similar problem and if so how did they solve it?
Will a more up to date version of weblogic solve the problem?
ThanksWe use IBM Secureway 3.2.1 on W2K platform. But as we can load the
files concurrently using native tools without corruption it is
unlikely to be the Directory Server.
William Morris <[email protected]> wrote in message news:<[email protected]>...
What Directory Server do you use that is being corrupted? It may be a
bug in the server.
--Will
Hilary Bannister wrote:
We are successfully corrupting our ldap directory when using the jndi
1.1 interface with concurrent users on a weblogic 5.1 server. If 2
users try to load the same ldif import file at the same time (don't
ask why) then when an exception occurs, SOMETIMES jndi does not appear
to rollback properly but adds the existing entry into another part of
the directory at the same time as reporting the following error.
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry
Already Exists];
We presume there is a syncronization problem with JNDI clearing its
stack or something.
Has anyone had a similar problem and if so how did they solve it?
Will a more up to date version of weblogic solve the problem?
Thanks -
WebLogic 7.0 LDAP Directory
We are running WebLogic 7.0.1.0 on Solaris 8.
There's a ldap directory generated by default under
/<BEAHome>/<DomainName>/<ServerName> each time a new server instance
is created and started up for the first time, along with the server
log files. I'd like to change the location of this directory, like
how I can change the server log directory under Logging tab in each
server in Admin Console, but I can't seem to find it anywhere.
Can anyone point me to where I can change this configuration or to
documentation on how to do it?
Thanks in advance.
Maggie HuSorry to say, it is not configurable.
-utpal
"Maggie Hu" <[email protected]> wrote in message
news:[email protected]..
We are running WebLogic 7.0.1.0 on Solaris 8.
There's a ldap directory generated by default under
/<BEAHome>/<DomainName>/<ServerName> each time a new server instance
is created and started up for the first time, along with the server
log files. I'd like to change the location of this directory, like
how I can change the server log directory under Logging tab in each
server in Admin Console, but I can't seem to find it anywhere.
Can anyone point me to where I can change this configuration or to
documentation on how to do it?
Thanks in advance.
Maggie Hu -
Workflow reviewers in an ldap directory
Hi,
I have integrated an ldap directory with UCM as the user/group store.
I need to create a criteria workflow where the initial reviewer(s) are actually users in the ldap directory. After the intial review, it would be escalated to another higher level group of users, also in the ldap directory.
i) In this case, how would I be able to have UCM search the ldap store as reviewers? I don't recall idoc script being able to do this.
ii)What would be the best practice to accomplish this?
Thanks.Blake,
If I am using a web application model, I would use the following to allow
"everyone" in my LDAP server to get into certian area's of web applications:
<security-constraint>
<web-resource-collection>
<web-resource-name>GeneralEmployee</web-resource-name>
<description>Employee Resource</description>
<url-pattern>/process/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Employees only</description>
<role-name>everyone</role-name>
</auth-constraint>
</security-constraint>
If you are allowing access to this servlet, I would try:
weblogic.allow.execute.weblogic.servlet.servlets/iclientservlet=bseely,every
one
Ken
"Blake Seely" <[email protected]> wrote in message
news:3b4c9003$[email protected]..
>
<sigh>it's already been a long day: my number is 877-870-4718
Thanks again,
Blake
"Blake Seely" <[email protected]> wrote:
I have a servlet set up on a WebLogic 5.1 SP 8 server running on NT 4.
I want that servlet protected so that only company employees defined
in our Netscape
LDAP directory can log in.
If I just want a single user to access, then my access controls for the
servlet
are:
weblogic.httpd.register.servlets/iclientservlet=iclientservlet
weblogic.allow.execute.weblogic.servlet.servlets/iclientservlet=bseely
I have set up the LDAP Realm (ldaprealm.properties is attached) and this
works
fine for one user. (all lookups, access, etc are anonymous on this
directory,
so I didn't specify any principals or passwords)
But now I need to specify that any user who is in the directory canaccess
the
servlet - how do I do that? What do I list in theweblogic.allow.execute...
line?
How do I need to change my ldaprealm.properties?
Thanks - any help appreciated. If anyone has time to give me a call,
I would appreciate
that, too. -
How to Connect to LDAP through SOA is it possible using BPEL
Hi Guys,
I have a requirement that how to access to LDAP system using BPEL process.
do we need to write any java code to perform a few operations in to LDAP.
Can you please tell me any one across this sceneario.
Thanks in advance.
Your help is more appreciate. this is urgent for us.
Thanks.
ChandrasekharHi Chandrasekhar
1. Yes, there are many ways you can integrate AD with BPEL kind of indirectly. See some of the posts given below.
oracle soa and active directory integration
Weblogic administrator account is inactive after enabling DB Authenticator
Also, once AD is integrated with Weblogic, using Admin Console etc, you can use the out of box REST services for quick testing. You can pretty much get and read all the stuff for any user/role/group/mappings etc. But its just ReadOnly and you cannot modify data on LDAP side. The below link should work for any security provider configured with your weblogic like DefaultAuthenticator or External AD integrated.
http://soaserverhost:soaserverport/integration/services/IdentityService/identity
Thanks
Ravi Jegga -
Hi,
where may I find information/documentatio/toturials of how to connect to LDAP from java classes?
Please help.
Thankyou,
Nadir.Nadir,
Here:
http://java.sun.com/products/jndi/docs.html
You can find many things there and the tutorial is good.
Follow the links in http://java.sun.com/products/jndi/index.html#DOWNLOAD12, you can get many useful examples (great!).
Some code work fine in my app:
import javax.naming.*;
import javax.naming.directory.*;
env = new Hashtable(5, 0.75f);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, URL);
env.put(Context.REFERRAL, "ignore");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, DN); //use your own one
env.put(Context.SECURITY_CREDENTIALS, PassWord); //use your own one
try {
ctx = new InitialDirContext(env);
} catch (NamingException e) {
e.printStackTrace();
Hope this helps.
Cheers,
George -
How can I perform LDAP searches in BPEL?
Hello,
I'm trying to search an LDAP directory from a BPEL process.
There is a "ldap:search" XPath extension which appears to do this, but how do I specify which server to use. Just calling this function in an Assign produces an error message referring to a file called "directories.xml". Can anyone tell me what format this file should have (or how I automatically generate it)? I can't see it mentioned anywhere in the documentation.
Thanks for your help.Did you ever get to know the location of this file?-directories.xml?
-
Integrating standalone OC with existing 3rd party LDAP directory question
Hello everyone,
we have a standalone version 9 Oracle Calendar server with internal directory. We also have an existing enterprise wide LDAP directory. We would like to integrate them together, with as few changes to our existing LDAP schema as possible. Has anyone dealt with this issue before? Are there any documents out there describing how to deal with such situation? What if we upgrade to OC version 10 first?
ThanksMigration might be tricky -
We've been running Calendar since the Netscape era with external LDAP. Basically user's preferences are stored in LDAP, though these can be 'regenerated' on the fly by the client using defaults.
You will need to modify the schema, but it's simply as loading the supplied schema file.
Data itself is still maintained in the internal DB. The link between the DB and LDAP is done via the calendar ID number which gets stored in the user's entry in ldap.
I don't think it would matter on upgrading OC to 10 or not, since the upgrade would not modify anything on the LDAP side (schema has not changed).
You should set up a test environment and test it out... -
Dear All,
I want to access the ldap directory to get the users' names , but i don't know how to get the ldap password and data required to access it, plz help.
Thanks alot,
MarwaThe SDK works with CCM4 only. However, it shouldn't be hard to rewrite components to work with CCM6 if you look at the list of what has changed: http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Phone%20Services%20for%20Developers&topicID=.ee94c94&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc1020e
Just grab a copy of the latest developer guide and adapt the code: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/devguide/6_0_1/cucm_devguide.html
The database schema (here's a link to bookmark immediately - it contains all developer guides for all ccm releases: http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_programming_reference_guides_list.html)
is also helpful depending on what you do (e.g if you want to know which user is currently logged into a phone by extension mobility).. there's no AXL call for that so you need to make an sql query to extract that information. -
Hi there,
I need to deliver a Yellow Page portlet.
This portlet would render a list of users already registered in my BEA embedded
LDAP portal and their personnal information such as Name, First Name, Phone Numbers,
Email,...
Has anyone ever done that and could help?
Otherwise, do you know where I could find some useful components or even the portlet?
Thanks in advanceRahul,
You should be able to just replace your reference to "userProfile" with
"ldap" to read from your ldap PropertySet. The UUP infrastructure will take
care of routing those requests to LDAP automatically. So, in a sense the
PropertySet IS you mapping.
Sincerely,
Daniel Selman
"Rahul Kapoor" <[email protected]> wrote in message
news:3ca9ccda$[email protected]..
>
I am looking to map the properties in ldap to the propertyset.
The scenario goes like this. My application wants to authenticate userfrom LDAP
realm, get some properties from LDAP and remaining properties fromDatabase( typical
UUP case). I am able to authenticate the user from LDAP realm and get theprofile
from the database. Now, I want to retrieve some of the user propertiesfrom LDAP
server. As stated in documentation, I have deployed ldapprofile.jar andalso specified
the env entries( user, group, prinicipal et al.) for the jar. But I am notable
to find where to specify mapping of specific properties like surname, TelNumber
etc are to be retrieved from LDAP.
Also how to use the reserved property set "ldap". Presently all my userproperties
come from "userProfile" property set.
"Anthony Apparailly" <[email protected]> wrote:
Hello,
I succeed to get LDAP user properties when I insert them using LDAP
console
but I wonder if Weblogic Portal is able to write in my LDAP directory.
My aim is to stock portlet user properties in my LDAP and recovering
them
later.
Does anyone already succeed this ?
Thanks for help.
Anthony
Maybe you are looking for
-
IMac camera just stopped working
I have been trying to learn how to communicte with Yahoo Messenger and Facebook. I was learning--slowly--when the person I was talking to said that the video had disappeared, and I then noticed that the little light at the top of the screen had gone
-
Problem with video out sporatically failing
I have a 2G Touch and an iPod -> Composite Video cable hooked to my HD TV. I have sometimes been able to easily view video from my iPod but at other times I get "Device is not supported" error after which, no matter what I do, it refuses to work. How
-
Doubt in Query(on 28th)
Hi all I wrote the following query SELECT COUNT(DISTINCT QUESTION_ID) AS QCOUNT, DECODE(((SUM(SUM(WORK_SPACE))/5)*100)/QCOUNT,<50,COUNT(DISTINCT RESPONSER_ID)) AS COUNT1, DECODE(((SUM(SUM(WORK_SPACE))/5)*100)/QCOUNT,>=50 AND <=60,COUNT(DISTINCT RESPO
-
Creating a java file in the project.
Hi I am using jdev 11.1.2, And i have created a table type in database navigator in my hr schema.Now i want to create a java file for this table type. In jdev 11.1.1.3 i guess i can do it by just right clicking on the type and selecting the 'Generate
-
Problem with syncing and charging. What's wrong?
My 4th gen ipod will no longer sync and charge on my home laptop, but will work on my work computer. What's the problem?