How to integrate active directory users(credentials) to Open Directory LDAPv3?

Similar Messages

• How to integrate EBS(OracleApps11i)users into Oracle Virtual Directory(OVD)

  Hi Experts,
  We are using Oracle Virtual directory (OVD).
  We have a requirement to integrate EBS (Oracle Application 11i) users into OVD. For this purpose we are using the Database adapter in OVD to do the same.
  (Note: we could able to see the existing tables, but we don’t know how to integrate EBS users into OVD).
  Are we following the correct approach? If not please give us your suggestions.
  Thanks,
  Parker

  Clarify your requirements.
  OVD - as the name suggests is a virtual directory. What is your underlying directory? OID / Database?
  If your integration need is limited to User Identity data level integration i.e provisioning / synch then you can use native services from OID.
  If you are planning to do SSO - eBiz integration with an OVD ... not sure that is supported yet. because SSO - eBiz - OID is certified / supported ...and then you can do 3rd party SSO / Directory integration.
  I would like Oracle to support eBiz - SSO/OVD integration so that we can have underlying directories ... but that may be a tall order --- for now.
  Does this help?
  Regards,
  Rajiv Grover

• When i integrate Mac client to the domain open directory, he don't ask me account DirAdmin, Why ?

  When i integrate Mac client to the domain open directory, he don't ask me account DirAdmin, Why ?
  I don't want all people can integrate mac client to the open directoy without authentification
  I want he ask me account diradmin for integrate client mac os x to the domain open directory of Lion Server
  I have made a magic triangle
  Thanks

  Malik-O wrote:
  When i integrate Mac client to the domain open directory, he don't ask me account DirAdmin, Why ?
  I don't want all people can integrate mac client to the open directoy without authentification
  1 ) I want he ask me account diradmin for integrate client mac os x to the domain open directory of Lion Server
  Authentication (with open directory admin username & password) is off by default. In Mountain Lion there is no longer a GUI to manage that and some of the other binding options. In Lion, I think you could use Server Admin (or was it Workgroup Manager) -- I can't remember, but there were little checkboxes.
  To make authentication mandatory in Mountain Lion, you can use this on the Server:
  sudo slapconfig -setmacosxodpolicy -binding required
  Use the following to check the binding policies:
  slapconfig -getmacosxodpolicy
  You might want to check the slapconfig man page, you'll find some of the other options that were in Server Admin in Lion, e.g. disable cleartext, block man-in-middle, etc.
  Edit, I just saw you're still using Lion Server, not Mountain Lion. I'm pretty sure the above commands will work on Lion Server as well.

• How do you bind Vista / XP clients to Open Directory?

  I have an OSX Server OD Master set up in 10.5.6.
  My OSX Clients can bind to it just fine using Directory Utility.
  How do you bind Vista / XP clients to Open Directory masters?
  Thanks

  @ jakelh:
  Make sure Kerberos is working on your server. Without it, PC logins will probably fail at least for Vista clients. Otherwise you'd have to downgrade a client-side setting on the Vista clients,
  http://www.builderau.com.au/blogs/codemonkeybusiness/viewblogpost.htm?p=33927074 6
  DNS is critical here, but Vista can have a problem with things that are correctly configured.
  IE: Vista defaults to a TCP/IP setting that can make it incompatible with existing network hardware
  http://www.tech-recipes.com/rx/1744/vistatcp_cannot_communicate_primary_dnsserve

• How to integrate Active Directory with Oracle Weblogic

  hi
  is there any Oracle Document that descripes how to integrate the LDAP Active directory with Oracle Weblogic 10.3
  Regards
  Edited by: qasas on 28-Nov-2009 13:56

  weblogic docs (and there identity asserters) - http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html

• How to log in with user credentials from database table

  Hello all.
  I have a table named users_1 in my database. This table has columns named username, password, email and userid. On userid, I have put a sequence.
  Now, I have manually made 1 row in this table, with in it the user credentials.
  How can I edit my application so that I can use these credentials to log onto the application?
  Please, a step-by-step text would make me rather happy, instead of getting a link with information that I should read. I've read most of it, and it just doesn't make any sense to me, so I prefer a guide-trough.
  Thanks..

  Hi Magali,
  You want only user from database can access your application.
  follow the steps given below.
  Step1  :  create function to authenticate users
  create or replace FUNCTION  "CUSTOM_AUTHENTICATE" (p_username in VARCHAR2, p_password in VARCHAR2)
  return BOOLEAN
  is
    l_password varchar2(4000);
    l_stored_password varchar2(4000);
    l_count number;
  begin
  select count(*) into l_count from users_1 where upper(username) = upper(p_username);
  if l_count > 0 then
     select upper(password) into l_stored_password from users_1 where upper(username) = upper(p_username);
     l_password :=  upper(p_password);
      if l_password = l_stored_password then
        return true;
      else
        return false;
      end if;
  else
    return false;
  end if;
  end;
  Step2  : create authentication scheme for your application
  Go to Application Builder->select your application->shared component->security->authentication scheme->create
  a) custom scheme : Based on a pre-configured scheme from the gallery
  b) give some name to your scheme like custom_scheme or something
  c)scheme type : database account
  d) verify function name = return CUSTOM_AUTHENTICATE
  e) go to = Login Page
  f) Logout url = f?p=&APP_ID.:101 // here 101 is login page no..so you can set your login page no.
  step3  : make this scheme as current scheme
  select your scheme and click make current
  now try to login into your application from your database users..
  Hope this will helps you,
  Thanks,
  Jitendra

• How to track activity for users logged in using solman to target systems?

  If a person accesses a monitored system through solman, how can we track the user activity (including transactions viewed and changes made etc)?
  Thanks
  Prasad

  Hi Prasad,
  Please refer the following similar threads to get more detailed Information:
  STAD parameter
  STAD Historical Data - How Long?
  STAD -  data for last  30 days
  Also check this useful Blog about STAD(/people/andreas.vogel/blog/2007/01/12/statistical-records-part-1-inside-stad) and SAP Note 139418 - Logging user actions.
  You can also configure and activate the Security Audit Log (SM19) and then analyze its entries through SM20. You can configure exactly what needs to be tracked...
  Useful transactions:
  SM19 (config)
  SM20 (analyze) (SM20N , depending on release)
  SM18 (delete old logs)
  Other SAP Note which is helpful in this case 539404 - FAQ: Answers to questions about the Security Audit Log
  Hope this helps.
  Regards,
  Shyam.

• How can I enforce Parental Controls on a group of network users on an Open Directory client?

  I have a Mac mini running OS X Server (Mountain Lion) and have a client family iMac that is a client of the Open Directory server. I have created network users for my kids and put them into a group and created Parental Control restrictions that apply to members of the group. However, the kids can log into the iMac with the same network accounts and no Parental Control policies are enforced on the iMac.
  I'd like to restrict times and hours per day, as well as the obvious content/website restrictions. I'm not sure why the Parental Control policy isn't being enforced. While I'm not great at it, I do have a basic understanding/overview of knowledge on Windows Server administration, but OS X Server seems to be waaay different...
  I have fiddled with the certificate, and I have told the client iMac to trust the certificate coming from my Open Directory server, but it doesn't seem to make much of a difference with the enforcement of the kids group's Parental Control policies.
  Can anyone assist or offer any suggestions?

  Related logs from the OD client iMac below:
  2013-07-13 20:37:45 -0400 mdmclient[12003]: *** ERROR *** [Agent:501] Sending 'OTA-Phase2' request to server: https://server.local/devicemanagement/api/device/ota_service (<NSURLErrorDomain:-1001> The request timed out.
  UserInfo: {
      NSErrorFailingURLKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSErrorFailingURLStringKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSLocalizedDescription = "The request timed out.";
      NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork Code=-1001 \"The request timed out.\" UserInfo=0x7fef6a82b2b0 {NSErrorFailingURLStringKey=https://server.local/devicemanagement/api/device/ota_service, NSLocalizedDescription=The request timed out., NSErrorFailingURLKey=https://server.local/devicemanagement/api/device/ota_service}";
  2013-07-13 20:37:45 -0400 mdmclient[12003]: *** ERROR *** [Agent:501] ProcessOTABootstrapProfileCore (<NSURLErrorDomain:-1001> The request timed out.
  UserInfo: {
      NSErrorFailingURLKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSErrorFailingURLStringKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSLocalizedDescription = "The request timed out.";
      NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork Code=-1001 \"The request timed out.\" UserInfo=0x7fef6a82b2b0 {NSErrorFailingURLStringKey=https://server.local/devicemanagement/api/device/ota_service, NSLocalizedDescription=The request timed out., NSErrorFailingURLKey=https://server.local/devicemanagement/api/device/ota_service}";
  2013-07-13 20:37:45 -0400 System Preferences[11138]: *** ERROR *** [CPInstallerUI:501] Profile installation (Device Enrollment (com.apple.ota.server.local.bootstrap)) (<NSURLErrorDomain:-1001> The request timed out.
  UserInfo: {
      NSErrorFailingURLKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSErrorFailingURLStringKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSLocalizedDescription = "The request timed out.";

• How do I unbind a local user from an Open Directory user?

  I have a couple MacBook Pros running Leopard that successfully bound a local account to a corresponding Open Directory account using Directory Utility.
  I had to re-install Leopard Server (using Standard configuration) and re-create Open Directory accounts. Now these laptops are unable to bind to the new Open Directory accounts. They receive an error that the Open Directory user ID and password provided is incorrect. In addition the local user can no longer reset or change their password. I'm thinking this is because their local accounts are still bound to the old Open Directory accounts that no longer exist. Is there are way to unbind a local account in Leopard that has been bound to an Open Directory account via the Directory Utility.

  What account are you using to bind the machine? When binding you must authenticate using the OD admin login which is usually setup as diradmin or as the current client you are logged into the machine with, but this client needs to exist on the OD server.

• OS X Server 10.6 bound to Active directory, serve that as Open Directory

  I have a OS X server 10.6 bound to an Active directory. I can log in to the afp file server with a AD account.
  Now, I like the clients to be connected to Open Directory from the OS X Server and authenticate to the AD.
  Is this possible?
  I like to be able to use network homefolders etc that resides on the OS X server.

  Yes.
  You are working in the right order. Now that you are bound to AD, simply promote the Mac server to OD Master. This will enable the LDAP server. You will likely note that the Kerberos KDC will not be running. This is proper, because the AD server is the KDC.
  Once this is done, you know can create OD groups and add AD users or groups so that you can manage those groups.
  Now, the trick is, you will need to go back to all the workstations and bind them to OS X as well as AD. This will allow the Mac clients to use AD for user authentication and authorization but then use OD for group management policy.
  Hope this helps

• How to integrate Active Directory with Primavera P6 8.2

  Dear All,
  I want to install LDAP for Integration with Active Directory for Primavera P6 8.2.
  Some advice please should i install Oracle Internet Directory and or Oracle Directory Service Manager for AD Integration.
  And should i install Fusion Middleware and or Service-Oriented Architectures (SOA) for integration for AD Integration.
  And what is the step by step procedure for the above installation with separate database if required.
  I want to install any above application or service on my weblogic environment.
  you can find the status of my web applications and enterprise applications services on the Weblogic Server Administration Console.
  p6 (Active)
  p6help (Active)
  p6tm (Active)
  P6Tutorials (Active)
  p6ws (Active)
  pr (Active)
  pr-help (Active)
  PrimaveraAPI (Active)
  Thanks in advance for your response.

  To provision LDAP user information for P6 EPPM for the first time:
  Caution: Ensure that all users are logged out of P6 EPPM to avoid a reset of the P6 Administrator application settings.
  Note: Verify which global profile is set as the default since this will be assigned to all provisioned users.
  1) Log into the P6 Administrator application.
  2) From the Authentication tab:
  a. Fill in the appropriate settings under the Authentication folder, and make sure that Login Mode is set to NATIVE.
  b. Fill in the appropriate settings under Database instance, and make sure that Authentication Mode is set to NATIVE.
  c. Click Save Changes.
  3) Restart the application server instance.
  Note: If you do not restart the application server instance, the settings will be restored to the previous configuration after the next step.
  4) Log into P6 as a user with privileges to create a new user.
  5) Creating User Accounts for P6 EPPM to add a new user (in Native mode) that exactly matches an LDAP server user with rights to read the LDAP directory. Make sure to assign a global profile that contains privileges to add new users and search the LDAP directory and assign the appropriate project profiles and module access.
  6) Log back into the P6 Administrator application.
  7) From the Authentication tab:
  a. Change Login Mode to LDAP.
  b. Change Authentication Mode to LDAP.
  c. Right-click the LDAP Connection Settings folder and select Test Connection.
  d. Click Save Changes.
  8) Restart the application server instance
  Note: If you do not restart the application server instance, the settings will be restored to the previous configuration after the next step.
  9) Log into P6 as the LDAP user created in step 5.
  a. On the Users page, click the Add icon. The Add Users from LDAP dialog box appears for you to provision users from the LDAP repository:
  Note: You must have the Add/Edit/Delete Users privilege and the Provision Users from LDAP privilege to search the LDAP directory. You do not need the Provision Users from LDAP privilege to import users from an LDIF file.
  1. Either click the Load LDIF button, or enter an LDAP query (for example, uid=*) under Search users. If a search was previously performed by a user with the privilege to search the LDAP directory, the last query entered by that user will appear.
  2. If you clicked the Load LDIF button, browse to the location of the LDIF file, and click Open. If you entered an LDAP query, click Search.
  Note: Depending on your P6 administrative configuration settings, you might be prompted to log into the LDAP server.
  3. A list of users will appear, grouped by status. For example, LDAP repository users that do not exactly match P6 EPPM users will be grouped together. If users exist in the LDAP repository, the User Name, Actual Name, E-mail, and Phone fields are populated (if you previously mapped those fields through the P6 Administrator application settings).
  Note: The User Name field is equivalent to the Login Name field in P6. The Actual Name field is equivalent to the Personal Name field.
  4. Select the option next to each user account that you wish to import, or select the option in the fields bar to select all users. New and modified users are automatically selected.
  5. Click Import.
  Note: The new users will be assigned the default global profile.
  follow the above mentioned procedure and let me know if its working.
  Ajishlal

• How Can I change all User Passwords Within a Directory Instance

  Hi Experts,
  I've been asked to refresh an old directory instance with some production data.  Easy enough I thought, however, the user has requested that all user passwords within the old directory instance are preserved.  Is that at all possible?  My chain of thought was that I can extract user passwords from the old instance into a file: -
  # ldapsearch -D cn="Directory Manager" -w xxxxxxxx -b o=xxxxxxx objectclass=* userpassword > <name of file>
  And then then use ldapmodify (or alike) to re-import the user passwords once I've refresh the old instance with the production data.  However, to my knowledge, in order to modify a particular entry via a file, i'd need the following format: -
  dn: gci=-1,ou=people,o=xxxxxxxx
  changetype: modify
  replace: userpassword
  userpassword: xxxxxxxxxxxxxxxx
  The only information I have in the file I created using the ldapsearch command above is as follows: -
  dn: gci=-1,ou=people,o=xxxxxxxx
  userpassword: xxxxxxxxxxxxxxxx
  I don't want to have to edit the file and add the relevant missing entries accordingly as the generated file has somewhere in the region of 150 thousand entries.
  Am I approaching this the correct way?  Is there any other mean of achieving my requirement.
  Thanks in Advance.

  Hi,
  It does not seem a big deal to add the missing lines to your output file.
  For instance, the following awk command should do the trick
  cat search.out
  dn: gci=-1,ou=people,o=xxxxxxxx
  userpassword: xxxxxxxxxxxxxxxx
  cat search.out | awk '/userpassword/ {print "changetype: modify} ; print "replace: userpassword"; }  {print $0}
  dn: gci=-1,ou=people,o=xxxxxxxx
  changetype: modify
  replace: userpassword
  userpassword: xxxxxxxxxxxxxxxx
  Then you can use ldapmodify to apply your changes
  -Sylvain

• How to Update Activity & SubActivity (User Defined Form)

  Dear All Experts,
  I have a difficult condition with me. I am working on a project which end on 8th Level. Now condition is all 8 levels are connected in some manner. Suppose if I change quantity on 8th level then this quantity should update to 7th level. After updating at 7th Level, the other levels get disturbed. So they also should be updated.
  So it can be explained as follows:
  1. I change quantity at 8th level for an item.
  2. That item is in the row on 7th level. It should be updated by the quantity in step1.
  3. Now sum of quantity on the 7th level should be updated to 6th level at row.
  4. It should be so on upto level1.
  I am just asking about like it happens in Microsoft project. Plz suggest me how can I do that ?
  Reagrds

  Dear All,
  Plz reply to this.
  Regards

• How can i let other user not to open a subVI

  i have created a SubVI function in my Program, and i don't want the other users to open it and see what in it.
  the question is, can i do that?
  thank you
  Rani

  Open your SubVI, right click on the icon, select VI Properties and then under Security you can lock your block diagram.
  Regards
  Ken

• How to set the user's Default joboptions directory?

  Hello Experts,
  When we installed Acrobat Pro 8.x on our Win XP Pro systems our systems were NOT in a Windows Domain.  At that time the default location for user-created/customized joboptions files was:
  C:\Documents and Settings\<Username>\Application Data\Adobe\Adobe PDF\Settings
  where <Username> is the name of the LOCAL Windows user.
  A few years ago we migrated to a Windows Domain and converted our LOCAL users to domain users and disabled, but did not delete, the LOCAL user's account.  We did not remove the LOCAL user's Documents and Settings directory structure either.
  Our users now log into a DOMAIN rather than the LOCAL account.
  As a result of that process the user's Documents and Settings directory structure changed to;
    C:\Documents and Settings\<Username.DOMAINNAME>
  where DOMAINNAME is, of course, our Windows Domain Name.
  Now we are beginning to use Acrobat Distiller joboptions and I notice that when Acrobat/Distiller goes to save a user-created/customized joboptions file the default location has remained;
    C:\Documents and Settings\<Username>\Application Data\Adobe\Adobe PDF\Settings
  which is NOT the user who is logged in
  Acrobat/Distiller should use the Documents and Settings directory of the user who is actually logged in which is;
    C:\Documents and Settings\<Username.DOMAINNAME>\Application Data\Adobe\Adobe PDF\Settings
  This anomaly has created some confusion and appears to have created a dependency of the old LOCAL user's Documents and Settings directory preventing us from deleting it.
  Question:
  How can we force Acrobat/Distiller to use the Documents and Settings directory of the logged in user (eg: the Domain user)?
  In other words, how do we set the user's default joboptions directory?
  Pointers/tips/and tricks are most welcome.

  if the user is the one running the program, you can always get the home directory using System.getProperties ("user.home");
  If you are trying to get the properties of another user, you could try using setProperties to change the user name first, before getiting the home directory, but it probably won't work because of the security manager. You could read the /etc/passwd file and parse the path out, but once again, the user of the code would have to have appropriate permission.