How to fill a LDAP directory

Hi;
I have realize a application which authenticates from LDAP directory, the users and affect profils to them.
Q: which is the best means to feed this directory LDAP (its possible from my web application to modify the LDAP password) in using another application or another LDAP directory, or another solution ?
Regards;

Q: which is the best means to feed this directory
LDAP (its possible from my web application to modify
the LDAP password) in using another application or
another LDAP directory, or another solution ?Are you looking to manually update this information or are you looking for a way for users to be able to interactively maintain passwords and admin to maintain roles in real time? Another possibility is keeping seperate corporate ldap and an application ldap instances in sync (ie - user has 1 password for all network apps maintained in corporate ldap, but application ldap has application specific roles and such which cannot be stored in corporate ldap). Clearer definition of exactly what you need here would be useful.
If the first case, there are ldap utilities which work with ldif files to handle this - should be able to google it to come up with what you need - ldapmodify I think.
If you are looking to be able to maintain the data from the application, likely you'll need to figure out your security model and build the interface to update this information. It can be done from the web app, from a standalone utility, or whatever works best for your situation.

Similar Messages

  • How do I import LDAP directory users for assigning devices in Configurator?

    I have the Apple Configurator up and running and it is working well.  However, I would like to import my user list so that I don't have to manually add 150+ users to assign devices.  Is this possible?

    This is not something I have done myself before, but I believe it certainly is possible.  Have you read the help file?  https://help.apple.com/configurator/mac/1.5/#cadbf9c2a0
    In short:
    Step one - Sign into your LDAP server in system preferences.
    Step two - in the Assign view of Configurator click a + and start typing user names, it should fill with users from your server.  I assume it's possible to add groups at a time.  These are pretty good guides also:
    http://krypted.com/iphone/managing-ios-devices-with-apple-configurator/
    http://www.classthink.com/deploying-ipads-in-education/
    Hope this helps.
    Cheers,
    Ben

  • LDAP support limited. How to configure Address Book / Directory Access?

    I complained to a sysadmin that my LDAP searches were returning very limited information (just surname and e-mail). He replied,
    "...[Address Book] can't be configured to query specific attributes, it can't be configured to show specific attributes except for the small set they have elected to permit, ... it doesn't even show cn/commonName which is a compulsory field in the inetOrgPerson schema or ou/organizationalUnitName which is the standard way of distinguishing components of an organization..."
    Directory Access seems to offer facilities for requesting specific attributes. I tried mapping them to Address Book fields, but with no improvement in the search results. Any tips?

    Here is some info I found on manually configuring and mapping schemas.
    Configuring LDAP Searches and Mappings
    Using Directory Access, you can edit the mappings, search bases, and search scopes that specify how Mac OS X finds specific data items in an LDAP directory. You can edit these settings separately for each LDAP directory configuration listed in Directory Access. Each LDAP directory configuration specifies how Mac OS X accesses data in an LDAPv3 or LDAPv2 directory.
    You can edit the mapping of each Mac OS X record type to one or more LDAP object classes.
    For each record type, you can also edit the mapping of Mac OS X data types, or attributes, to LDAP attributes.
    You can edit the LDAP search base and search scope that determine where Mac OS X looks for a particular Mac OS X record type in an LDAP directory.
    IMPORTANT: When mapping Mac OS X user attributes to a read/write LDAP directory domain (an LDAP domain that is not read-only), the LDAP attribute mapped to RealName must not be the same as the first attribute in a list of LDAP attributes mapped to RecordName. For example, the cn attribute must not be the first attribute mapped to RecordName if cn is also mapped to RealName.
    For detailed specifications of Mac OS X record types and attributes, refer to "Mac OS X Server Open Directory Administration for Version 10.4 or Later" (available at www.apple.com/server/documentation/).
    In Directory Access, click Services.
    If the lock icon is locked, click it and type the name and password of an administrator.
    Select LDAPv3 in the list of services, then click Configure.
    If the list of server configurations is hidden, click Show Options.
    Select a server configuration in the list, then click Edit.
    Click Search & Mappings.
    Select the mappings that you want to use as a starting point, if any.
    Click the "Access this LDAPv3 server using" pop-up menu and choose a mapping template to use its mappings as a starting point or choose Custom to begin with no predefined mappings.
    Add record types and change their search bases as needed.
    To add record types, click the Add button below the Record Types and Attributes list. In the sheet that appears, select Record Types, select one or more record types from the list, and then click OK.
    To change the search base and search scope of a record type, select it in the Record Types and Attributes List. Then edit the "Search base" field. Select "all subtrees" to set the search scope to include the entire LDAP directory's hierarchy from the search base down. Select "first level only" to set the search scope to include only the search base and one level below it in the LDAP directory's hierarchy.
    To remove a record type, select it in the Record Types and Attributes List and click Delete.
    To add a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an object class from the LDAP directory. To add another LDAP object class, you can press Return and enter the name of the object class. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
    To change a mapping for a record type, select the record type in the Record Types and Attributes List. Then double-click the LDAP object class that you want to change in the "Map to __ items in list" and edit it. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
    To remove a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the LDAP object class that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
    Add attributes and change their mappings as needed.
    To add attributes to a record type, select the record type in the Record Types and Attributes List. Then click the Add button below the Record Types and Attributes list. In the sheet that appears, select Attribute Types, select one or more attribute types, and then click OK.
    To add a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an attribute from the LDAP directory. To add another LDAP attribute, you can press Return and enter the name of the attribute.
    To change a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then double-click the item that you want to change in the "Map to __ items in list" and edit the item name.
    To remove a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the item that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
    To change the order of attributes displayed in the list on the right, drag the attributes up or down in the list.
    Click Save Template if you want to save your mappings as a template.
    Templates saved in the default location are listed in pop-up menus of LDAP mapping templates the next time the current user opens Directory Access. The default location for saved templates is in the current user's home folder at this path:
    ~/Library/Application Support/Directory Access/LDAPv3/Templates
    Click Write to Server if you want to store the mappings in the LDAP directory so that it can supply them automatically to its clients.
    You must enter a search base to store the mappings, a distinguished name of an administrator (for example, uid=diradmin,cn=users,dc=ods,dc=example,dc=com), and a password. If you are writing mappings to an Open Directory LDAP server, the correct search base is "cn=config, suffix" (where suffix is the server's search base suffix, such as "dc=ods,dc=example,dc=com").
    The LDAP directory supplies its mappings to Mac OS X clients whose custom search policy includes a connection that's configured to get mappings from the LDAP server. The LDAP directory also supplies its mappings to all Mac OS X clients that have an automatic search policy. For instructions, see Configuring Access to an LDAP Directory and Setting Up Search Policies.

  • Please Help.  How can you monitor a directory using jndi connection to a ldap server?

    How can you monitor a directory using jndi connection to a ldap server? I
    want the ldap server to monitor the content change in a file system
    directory on another computer on the network. Can someone please help.
    Thanks
    Fred

    Hi,
    Why do you want to use LDAP for Hard disk monitoring..???
    U can do this by creating a MD5 checksum for all the files existing in some
    perticular
    directory and every hour or any configurable period u can recalculate the
    checksum
    to find out the change in the content.
    I guess all u need is to get the code for "updatedb" utility of Linux and
    instrument it for ur needs..
    Hope it helps...
    -aseem
    mr wrote:
    How can you monitor a directory using jndi connection to a ldap server? I
    want the ldap server to monitor the content change in a file system
    directory on another computer on the network. Can someone please help.
    Thanks
    Fred

  • How do I export existing Siebel employees to my LDAP directory?

    All;
    I have a fully-functional Siebel implementation using an LDAP directory server; I can create new employees, and they are migrated to the LDAP server without any problem.
    Unfortunately, I'm using a pre-populated Siebel database with roughly 250 employees, none of whom are in the LDAP directory. I can enter them on the LDAP server one-by-one, but this is painful, to say the least.
    If I try to add a password to them using the Siebel application to get them moved to the LDAP directory, I am told that "the user does not exist in the authentication system".
    So the problem is clear: In Siebel CRM, on a "create", an LDAP record is created. On an "update", it looks for an existing LDAP record, which I don't have.
    Is there any easy way around this, so I can populate my LDAP directory with my existing employees and their passwords?
    Thanks!
    Joe

    What about using a DB client and export the user data that you have in the Siebel DB?
    Then use this data to load the users into the LDAP server?
    Axel

  • Messenger Express: How do I add the Directory Server to the address book search tool?

    In Messenger Express (ME) how do I add the Directory Server (DS) to the address book
    search tool?
    <P>
    Edit the globals.pl file. Look for a line similar to: <BR>
    @dirservers = ('MyCompany::phonebook.foo.com::o=FooCorp.,c=US','Four11 Directory::ldap.four11.com::');
    <P>
    Add an entry to the list. The list is comma delimited and each entry is a
    string. The string contains three fields, delimited by a double colon (::). The
    first field is the name you want to appear in the User Interface (UI). The second is
    the hostname of the DS and the third is the Distinguished Name (DN) to use when searching.
    <P>
    Please note, Messenger Express is part of the Messaging Server. For more
    information on Messenger Express, please see the release notes at
    http://home.netscape.com/eng/server/MExpress/relnotes.htm

    You can't add a new contact to specific group and there is no app for this. 3rd party apps don't have access to private iPhone APIs with security concerns being a primary reason, which such a function would require.

  • Corrupted ldap directory - URGENT

    We are successfully corrupting our ldap directory when using the jndi
    1.1 interface with concurrent users on a weblogic 5.1 server. If 2
    users try to load the same ldif import file at the same time (don't
    ask why) then when an exception occurs, SOMETIMES jndi does not appear
    to rollback properly but adds the existing entry into another part of
    the directory at the same time as reporting the following error.
    javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry
    Already Exists];
    We presume there is a syncronization problem with JNDI clearing its
    stack or something.
    Has anyone had a similar problem and if so how did they solve it?
    Will a more up to date version of weblogic solve the problem?
    Thanks

    We use IBM Secureway 3.2.1 on W2K platform. But as we can load the
    files concurrently using native tools without corruption it is
    unlikely to be the Directory Server.
    William Morris <[email protected]> wrote in message news:<[email protected]>...
    What Directory Server do you use that is being corrupted? It may be a
    bug in the server.
    --Will
    Hilary Bannister wrote:
    We are successfully corrupting our ldap directory when using the jndi
    1.1 interface with concurrent users on a weblogic 5.1 server. If 2
    users try to load the same ldif import file at the same time (don't
    ask why) then when an exception occurs, SOMETIMES jndi does not appear
    to rollback properly but adds the existing entry into another part of
    the directory at the same time as reporting the following error.
    javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry
    Already Exists];
    We presume there is a syncronization problem with JNDI clearing its
    stack or something.
    Has anyone had a similar problem and if so how did they solve it?
    Will a more up to date version of weblogic solve the problem?
    Thanks

  • WebLogic 7.0 LDAP Directory

    We are running WebLogic 7.0.1.0 on Solaris 8.
    There's a ldap directory generated by default under
    /<BEAHome>/<DomainName>/<ServerName> each time a new server instance
    is created and started up for the first time, along with the server
    log files. I'd like to change the location of this directory, like
    how I can change the server log directory under Logging tab in each
    server in Admin Console, but I can't seem to find it anywhere.
    Can anyone point me to where I can change this configuration or to
    documentation on how to do it?
    Thanks in advance.
    Maggie Hu

    Sorry to say, it is not configurable.
    -utpal
    "Maggie Hu" <[email protected]> wrote in message
    news:[email protected]..
    We are running WebLogic 7.0.1.0 on Solaris 8.
    There's a ldap directory generated by default under
    /<BEAHome>/<DomainName>/<ServerName> each time a new server instance
    is created and started up for the first time, along with the server
    log files. I'd like to change the location of this directory, like
    how I can change the server log directory under Logging tab in each
    server in Admin Console, but I can't seem to find it anywhere.
    Can anyone point me to where I can change this configuration or to
    documentation on how to do it?
    Thanks in advance.
    Maggie Hu

  • Workflow reviewers in an ldap directory

    Hi,
    I have integrated an ldap directory with UCM as the user/group store.
    I need to create a criteria workflow where the initial reviewer(s) are actually users in the ldap directory. After the intial review, it would be escalated to another higher level group of users, also in the ldap directory.
    i) In this case, how would I be able to have UCM search the ldap store as reviewers? I don't recall idoc script being able to do this.
    ii)What would be the best practice to accomplish this?
    Thanks.

    Blake,
    If I am using a web application model, I would use the following to allow
    "everyone" in my LDAP server to get into certian area's of web applications:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>GeneralEmployee</web-resource-name>
    <description>Employee Resource</description>
    <url-pattern>/process/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <description>Employees only</description>
    <role-name>everyone</role-name>
    </auth-constraint>
    </security-constraint>
    If you are allowing access to this servlet, I would try:
    weblogic.allow.execute.weblogic.servlet.servlets/iclientservlet=bseely,every
    one
    Ken
    "Blake Seely" <[email protected]> wrote in message
    news:3b4c9003$[email protected]..
    >
    <sigh>it's already been a long day: my number is 877-870-4718
    Thanks again,
    Blake
    "Blake Seely" <[email protected]> wrote:
    I have a servlet set up on a WebLogic 5.1 SP 8 server running on NT 4.
    I want that servlet protected so that only company employees defined
    in our Netscape
    LDAP directory can log in.
    If I just want a single user to access, then my access controls for the
    servlet
    are:
    weblogic.httpd.register.servlets/iclientservlet=iclientservlet
    weblogic.allow.execute.weblogic.servlet.servlets/iclientservlet=bseely
    I have set up the LDAP Realm (ldaprealm.properties is attached) and this
    works
    fine for one user. (all lookups, access, etc are anonymous on this
    directory,
    so I didn't specify any principals or passwords)
    But now I need to specify that any user who is in the directory canaccess
    the
    servlet - how do I do that? What do I list in theweblogic.allow.execute...
    line?
    How do I need to change my ldaprealm.properties?
    Thanks - any help appreciated. If anyone has time to give me a call,
    I would appreciate
    that, too.

  • How to Connect to LDAP through SOA is it possible using BPEL

    Hi Guys,
    I have a requirement that how to access to LDAP system using BPEL process.
    do we need to write any java code to perform a few operations in to LDAP.
    Can you please tell me any one across this sceneario.
    Thanks in advance.
    Your help is more appreciate. this is urgent for us.
    Thanks.
    Chandrasekhar

    Hi Chandrasekhar
    1. Yes, there are many ways you can integrate AD with BPEL kind of indirectly. See some of the posts given below.
    oracle soa and active directory integration
    Weblogic administrator account is inactive after enabling DB Authenticator
    Also, once AD is integrated with Weblogic, using Admin Console etc, you can use the out of box REST services for quick testing. You can pretty much get and read all the stuff for any user/role/group/mappings etc. But its just ReadOnly and you cannot modify data on LDAP side. The below link should work for any security provider configured with your weblogic like DefaultAuthenticator or External AD integrated.
    http://soaserverhost:soaserverport/integration/services/IdentityService/identity
    Thanks
    Ravi Jegga

  • How to connect to LDAP?

    Hi,
    where may I find information/documentatio/toturials of how to connect to LDAP from java classes?
    Please help.
    Thankyou,
    Nadir.

    Nadir,
    Here:
    http://java.sun.com/products/jndi/docs.html
    You can find many things there and the tutorial is good.
    Follow the links in http://java.sun.com/products/jndi/index.html#DOWNLOAD12, you can get many useful examples (great!).
    Some code work fine in my app:
    import javax.naming.*;
    import javax.naming.directory.*;
    env = new Hashtable(5, 0.75f);
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, URL);
    env.put(Context.REFERRAL, "ignore");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, DN); //use your own one
    env.put(Context.SECURITY_CREDENTIALS, PassWord); //use your own one
    try {
    ctx = new InitialDirContext(env);
    } catch (NamingException e) {
    e.printStackTrace();
    Hope this helps.
    Cheers,
    George

  • How can I perform LDAP searches in BPEL?

    Hello,
    I'm trying to search an LDAP directory from a BPEL process.
    There is a "ldap:search" XPath extension which appears to do this, but how do I specify which server to use. Just calling this function in an Assign produces an error message referring to a file called "directories.xml". Can anyone tell me what format this file should have (or how I automatically generate it)? I can't see it mentioned anywhere in the documentation.
    Thanks for your help.

    Did you ever get to know the location of this file?-directories.xml?

  • Integrating standalone OC with existing 3rd party LDAP directory question

    Hello everyone,
    we have a standalone version 9 Oracle Calendar server with internal directory. We also have an existing enterprise wide LDAP directory. We would like to integrate them together, with as few changes to our existing LDAP schema as possible. Has anyone dealt with this issue before? Are there any documents out there describing how to deal with such situation? What if we upgrade to OC version 10 first?
    Thanks

    Migration might be tricky -
    We've been running Calendar since the Netscape era with external LDAP. Basically user's preferences are stored in LDAP, though these can be 'regenerated' on the fly by the client using defaults.
    You will need to modify the schema, but it's simply as loading the supplied schema file.
    Data itself is still maintained in the internal DB. The link between the DB and LDAP is done via the calendar ID number which gets stored in the user's entry in ldap.
    I don't think it would matter on upgrading OC to 10 or not, since the upgrade would not modify anything on the LDAP side (schema has not changed).
    You should set up a test environment and test it out...

  • Access Ldap directory

    Dear All,
    I want to access the ldap directory to get the users' names , but i don't know how to get the ldap password and data required to access it, plz help.
    Thanks alot,
    Marwa

    The SDK works with CCM4 only. However, it shouldn't be hard to rewrite components to work with CCM6 if you look at the list of what has changed: http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Phone%20Services%20for%20Developers&topicID=.ee94c94&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc1020e
    Just grab a copy of the latest developer guide and adapt the code: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/devguide/6_0_1/cucm_devguide.html
    The database schema (here's a link to bookmark immediately - it contains all developer guides for all ccm releases: http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_programming_reference_guides_list.html)
    is also helpful depending on what you do (e.g if you want to know which user is currently logged into a phone by extension mobility).. there's no AXL call for that so you need to make an sql query to extract that information.

  • LDAP directory portlet

    Hi there,
    I need to deliver a Yellow Page portlet.
    This portlet would render a list of users already registered in my BEA embedded
    LDAP portal and their personnal information such as Name, First Name, Phone Numbers,
    Email,...
    Has anyone ever done that and could help?
    Otherwise, do you know where I could find some useful components or even the portlet?
    Thanks in advance

    Rahul,
    You should be able to just replace your reference to "userProfile" with
    "ldap" to read from your ldap PropertySet. The UUP infrastructure will take
    care of routing those requests to LDAP automatically. So, in a sense the
    PropertySet IS you mapping.
    Sincerely,
    Daniel Selman
    "Rahul Kapoor" <[email protected]> wrote in message
    news:3ca9ccda$[email protected]..
    >
    I am looking to map the properties in ldap to the propertyset.
    The scenario goes like this. My application wants to authenticate userfrom LDAP
    realm, get some properties from LDAP and remaining properties fromDatabase( typical
    UUP case). I am able to authenticate the user from LDAP realm and get theprofile
    from the database. Now, I want to retrieve some of the user propertiesfrom LDAP
    server. As stated in documentation, I have deployed ldapprofile.jar andalso specified
    the env entries( user, group, prinicipal et al.) for the jar. But I am notable
    to find where to specify mapping of specific properties like surname, TelNumber
    etc are to be retrieved from LDAP.
    Also how to use the reserved property set "ldap". Presently all my userproperties
    come from "userProfile" property set.
    "Anthony Apparailly" <[email protected]> wrote:
    Hello,
    I succeed to get LDAP user properties when I insert them using LDAP
    console
    but I wonder if Weblogic Portal is able to write in my LDAP directory.
    My aim is to stock portlet user properties in my LDAP and recovering
    them
    later.
    Does anyone already succeed this ?
    Thanks for help.
    Anthony

Maybe you are looking for

  • IMac camera just stopped working

    I have been trying to learn how to communicte with Yahoo Messenger and Facebook. I was learning--slowly--when the person I was talking to said that the video had disappeared, and I then noticed that the little light at the top of the screen had gone

  • Problem with video out sporatically failing

    I have a 2G Touch and an iPod -> Composite Video cable hooked to my HD TV. I have sometimes been able to easily view video from my iPod but at other times I get "Device is not supported" error after which, no matter what I do, it refuses to work. How

  • Doubt in Query(on 28th)

    Hi all I wrote the following query SELECT COUNT(DISTINCT QUESTION_ID) AS QCOUNT, DECODE(((SUM(SUM(WORK_SPACE))/5)*100)/QCOUNT,<50,COUNT(DISTINCT RESPONSER_ID)) AS COUNT1, DECODE(((SUM(SUM(WORK_SPACE))/5)*100)/QCOUNT,>=50 AND <=60,COUNT(DISTINCT RESPO

  • Creating a java file in the project.

    Hi I am using jdev 11.1.2, And i have created a table type in database navigator in my hr schema.Now i want to create a java file for this table type. In jdev 11.1.1.3 i guess i can do it by just right clicking on the type and selecting the 'Generate

  • Problem with syncing and charging.  What's wrong?

    My 4th gen ipod will no longer sync and charge on my home laptop, but will work on my work computer.  What's the problem?