How to retrieve members of  ldap dynamic groups?

Similar Messages

• LDAP Dynamic Groups

  Hi,
  I have been trying to do some coding around - fetching members of dynamic ldap groups. In both these code snippets.. I get the same exception:
  java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtx
  no matter whatever i tried. Can anyone please - let me know what could be causing this exception.
  Regards.
  String filter = LDAPRealm.DYNAMIC_GROUP_FILTER;
            String[] targets = new String[] { target, "memberUrl" };
            try {
                 SearchControls ctls = new SearchControls();
                 ctls.setReturningAttributes(targets);
                 ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                 ctls.setReturningObjFlag(true);
                 NamingEnumeration e = context.search(baseDN, filter, ctls);
                 while(e.hasMore()) {
                      SearchResult res = (SearchResult)e.next();
                      Object searchedObject = res.getObject();
                      //if(searchedObject instanceof com.sun.jndi.ldap.obj.GroupOfURLs){ // dynamic group
                           com.sun.jndi.ldap.obj.GroupOfURLs gurls = (com.sun.jndi.ldap.obj.GroupOfURLs) searchedObject;
                           Principal x500principal = new X500Principal(userDN);
                           if (gurls.isMember(x500principal)) {
  and
  java.security.acl.Group obj = (java.security.acl.Group)ctx.lookup(groupDN);
                 Enumeration members = obj.members();
                 Principal member = null;
                 while (members.hasMoreElements()) {
                      member = (Principal)members.nextElement();
                      memberDNs.add(member.getName());
                 }

  How is this different from [your previous question|http://forums.sun.com/thread.jspa?threadID=5434523&messageID=10965220#10965220]? If it is the same queston, then please stay in the same thread.

• How to retrieve Business Partners Per Target group

  Hi experts!!!
  I am new to CRM development and i need to find the tables related to the target group.
  So far i have only found some tables that hold the T.G. GUID, but i cannot understand how these are connected among them.
  The requirement i have is to retrieve all the bussiness partners related to a specific target group.
  So in the selection screen i should use the target group. (Which field is that??)
  Please help!!!
  Thank u in advance!!!

  HI Grigoria,
  The tables that hold the information that you have requested for is as follows:
  Assuming you found the TG GUID for which you are trying to find the BP's inside it
  Go to Table CRMD_IM_ML_HEAD
  Paste the TG Guid value in the TARGETGRP_GUID field.This would return you "ML_GUID_H" value.
  Take this Guid value and go to table "CRMD_IM_ML_ITEM"
  Paste the ML_GUID_H value from the previous table in the field "ML_GUID_H" of the above table.
  This will return all the BP Guids associated in that TG , which you can convert into the BP # using an FM or from the table BUT000
  Hope this Help's
  Regards,
  Naveen

• How to create a dynamic group to fetch "Managers" for members of another group?

  Hi
  We have a request to created 2 dynamic group. One group with all india employees and another group will managers of all india emnployees [Manager who may be out of india as well].
  We created first group. But 2nd group failed for below filter
                               "/Person[ObjectID = /*[ObjectID = '9b3009a1-0e24-4d43-bc9e-9f7a46910f0d']/ComputedMember]/Manager"
  We could get appropriate results while running the query from powershell script.  But failing when trying to update the group filter.
  We are getting below error while creating this criteria\dynamic group
  Please help provide solution.
   Microsoft.ResourceManagement.Service: System.InvalidOperationException: Operation is not valid due to the current state of the object.
     at Microsoft.ResourceManagement.FilterEvaluation.Language.MembershipCondition.Create(QueryFilter queryFilter, Int32[]& membershipConditions)
     at Microsoft.ResourceManagement.ActionProcessor.FilteredResourceActionProcessor.FilteredResourceActionProcessHelper.DoPreProcessRequest(RequestType request)
     at Microsoft.ResourceManagement.ActionProcessor.FilteredResourceActionProcessor.PreProcessRequestFromAttribute(RequestType request)
     at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.PreProcessRequestFromAttribute(RequestType request)
     at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(CreateRequestDispatchParameter dispatchParameter)
     at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean
  isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, Boolean maintenanceMode, String synchronizationSequenceIdentifier)
     at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean
  isChildRequest, Guid cause, Boolean doEvaluation, String synchronizationSequenceIdentifier)
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)
  Aswathy Raj

  <Going through old threads>
  Look at the Unsupported Filter Definitions list here: 
  http://blog.msresource.net/2011/10/06/set-and-group-criteria-filters/
  http://technet.microsoft.com/en-us/library/ff356871(v=ws.10).aspx
  David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

• Retrieve members of group in Active Directory

  Anyone who knows how to retrieve all the members of a group in AD? We have a single sign on using AD accounts but I want to specify users that will be given access using security group if AD.
  I've tried to list all the groups and determine the membership of a user but listing all the members of a group confuses me and I'm stacked.
  Please help.
  Thanks.

  Look for postings/replies of user "steve_adler"
  In one of his posts about paging and range Ldap Queries he explains how to find all members of a group.

• How to move members of a certain OU from one security group to distribution group?

  Looking for a powershell script that could move members from a certain OU that are members of a certain security group to a distribution group. Anyone point me in the right direction?

  It is easy to determine the members of a group. My concern is that once you know the users, it can be tricky to determine their parent OU in a script. There are ways to parse the user distinguishedName, but some are unreliable (the names of OU's, and even
  DC components, can include commas, for example). The most reliable method would be to bind to the user object with the [ADSI] accelerator and invoke the Parent method, but even then you must parse the result since it will be an ADsPath rather than a DN.
  My approach would be to use Get-ADUser to find all users in a specified OU that are direct members of a specified group. Even here I assume you are only concerned with users (not contacts or groups or computers). I also must assume that no users have the
  group specified as their "primary" group. The code I would suggest to  retrieve all users in an OU that are members of a group:
  Get-ADUser -SearchBase "ou=Sales,ou=West,dc=MyDomain,dc=com" -LDAPFilter "(memberOf=cn=MyGroup,ou=West,dc=MyDomain,dc=com)"
  This does not find users in the OU that are members of the group due to group nesting. However, if that matters, it can be handled using another LDAP syntax filter. In that case use:
  Get-ADUser -SearchBase "ou=Sales,ou=West,dc=MyDomain,dc=com" -LDAPFilter "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGroup,ou=West,dc=MyDomain,dc=com)"
  The "1.2.840.113556.1.4.1941" part is a special chain matching rule that results in a recursive match to handle group nesting. You can also devise a filter to include membership as the "primary" group. You could even use Get-ADObject
  instead  of Get-ADUser if you need to include contacts (or computers or groups), but I assume that is unnecessary.
  The next steps, to remove from one group and add to another, would follow.
  Richard Mueller - MVP Directory Services

• Dynamic Group members error

  I create 5 Dynamic Group and 1 Universal Distribution Group. I add 5 Dynamic Group in 1 Universal Distribution Group. If i view members in every all correct, but if i run in powershell Get-DynamicDistributionGroup/Get-Recipient -recipientPreviewFilter
  - i view all users in domain with mailbox. How fix this?

  Hi,
  Do you mean that you can use EAC to view members in 5 dynamic distribution groups respectively and the preview shows correct users, but shows wrong when using EMS?
  Please use the following command in EMS to preview the list of members of your dynamic distribution group:
  To view Group1:
  $Group1 = Get-DynamicDistributionGroup "Group1"
  Get-Recipient -RecipientPreviewFilter $Group1.RecipientFilter
  To view Group2:
  $Group2 = Get-DynamicDistributionGroup "Group2"
  Get-Recipient -RecipientPreviewFilter $Group2.RecipientFilter
  Please check the results with the preview in EAC:
  1. In the EAC, navigate to Recipients > Groups.
  2. Select a dynamic distribution group.
  3. In the details pane under Membership, the number of people who received the last message sent to the dynamic distribution group is displayed.
  Regards,
  Winnie Liang
  TechNet Community Support

• Dynamic Groups in LDAP and Calendar

  Folks,
  I have defined a dynamic group in LDAP. I would like for that group to be invited to an event. When I add an event and search I find the group. When I check the group and click 'OK' it doesn't show the group as invited. When I search again, it says the group is included but no one is invited.
  Also, how do I protect a group from being used by anybody???
  keith

  Thanks tim ... will check, but Oracle are saying :
  Oracle Universal Content Management - Version: 7.5.1
  Information in this document applies to any platform.
  Product: Content Server
  Version: 6.0
  Goal
  Can the Content Server's LDAP provider support, or can it be configured to support, dynamic LDAP groups?
  Solution
  The Content Server by itself is unable to process dynamic LDAP groups since the filter that is used cannot read dynamic groups. However, dynamic groups can still work in the Content Server if the permissions for the queried user are generated on the LDAP server side. For example: Novell and Active Directory both have this functionality.
  to which I have replied you suport 3rd party ldaps, but not your own? Shurely shome mishtake ..... if ldap search works in a seamless way, surely provider should too ....
  Billy, you may well be right, just got a cashflow problem over here !

• LDAP- large dynamic groups - performance

  A dynamic group is to a static group what a view is to a table
  A group is to its members what a table or view is to its records.
  When the memebrs of a dynamic group is very large are there any performance problems or is that eliminatable by some indexing means?

  Just an FYI ...
  I found out from iPlanet that this is a bug in SP3 and will be fixed in SP4.
  In the meantime, you can call tech support and get a patch.
  Matt
  "Matt Raible" <[email protected]> wrote in message
  news:9nldgs$[email protected]..
  I discovered today that the dynamic group does not seem to work for
  form-based authentication with iPlanet App Server. I have a group,
  Employees, in my LDAP server, and it has a dynamic group configured as
  ldap:///o=douglas.co.us??sub?dcRoles=ttEmployee, where each user has a
  custom attribute, dcRoles. I can test this dynamic group and expectedusers
  are found.
  However, I cannot authenticate with a user in this group when "Employees"is
  my configured role to authenticate with.
  If I open the group Employees in my LDAP Server, and under the Members,
  Static Group tab - I add a user, I can authenticate with them.
  I also tried adding "ttEmployee" as well as "Employee" to my deployment
  descriptors - but no luck. The method of adding a user (above) is the only
  way I found to work.
  Can someone shed some light on this?
  Thanks,
  Matt

• How can I set up an SMS group so that all group members can dial a group number and have a text sent out to all members of the group

  How can I set up an SMS group so that all group members can dial a group number and have a text sent out to all members of the group
  This would be an SMS group similar to an email listserv but running on the SMS network
  I have seen private individuals offering this service
  It seems strange to me that no internet site like Apple, Yahoo or Google offers this as a free service much as the email group services are free services.
  Steve

  I think the app GroupMe might do what you want. You might also try contacting your carrier. My carrier offered some fancy group texting service for a while but they never really advertised it so, unless you asked, you never would have known. But, GroupMe is available in the app store. There are lots of other apps that also do group texting but it seems to be the one that gets recommended the most.

• How can I increase the members in the chat groups?

  The number of members in the cha groups is limited (3000)
  How can I increase the members in the chat groups?

  Elaborate.

• SQL Query for members of dynamic group - Need to include Name, Path and Type

  Hello,
  I built a custom dynamic group that has all my SQL databases in it using SCOM 2012 SP1.  The group works fine as I can see the Name(ie, Database name), Health State, Path (ie, hostname/instance) and Types (ie; SQL 2005).  Now I'm trying to
  build a custom report based off this same information using a SQL query.   I'm no DBA and could use some help.  So far this is what i have
  use
  select
  SourceObjectDisplayName as
  'Group Name',
  TargetObjectDisplayName,TargetObjectPath
  from RelationshipGenericView
  where isDeleted=0
  AND SourceObjectDisplayName
  like
  'SQL_Databases_All'
  ORDERBY TargetObjectDisplayName
  This gets me the Group Name (which i really don't care about), database name, and hostname/instance. What I am missing is the Health State and most importantly the Type (ie, SQL Server 2005 DB, SQL Server 2008DB).
  If someone could assist me here I would appreciate it. I believe I need to do some type of INNER JOIN but have no idea where the SQL type info lives or the proper structure to use. Thanks
  OperationsManager

  Here's the updated Query for OpsMan 2012 R2:
  To find all members of a given group (change the group name below):
  select SourceObjectDisplayName as 'Group Name', TargetObjectDisplayName as 'Group Members' 
  from RelationshipGenericView 
  where isDeleted=0 
  AND SourceObjectDisplayName = 'Agent Managed Computer
  Group' 
  ORDER BY TargetObjectDisplayName

• How to retrieve dynamic filter value submitted from control query to .....

  How to retrieve dynamic filter value submitted from control query to broadcast query.....
  I'm trying to change the hierarchy version determined by a userexit variable in the broadcast query.
  The Hierarchy Version should be dependent on the input filter delivered by the bursting query.
  But how do I catch the dynamic filter value which has been submitted by the bursting query,
  with other words:  where does the bursting query store it's out put while sequentially starting the broadcast query value by value?
  BTW: the filter value from the bursting query appears under "dynamic filter values" in the information of the broadcast query...
  Any thoughts are welcome!
  Edited by: Heinrich Krupp on Jun 24, 2009 1:25 PM

  Further information,
  Report is used via webi only, not Xcelsius or Dashboard.
  Report is consuming BI Web Services.
  Although we can pass in prompt values to BI Services, I couldn't find if we could pass a variable or dimension object into this field. Anyone knows?

• Using Dynamic Groups in Ldap for Accounts and Roles

  Does anyone currently use dynamic groups in LDAP for accounts and roles? I have set up a dynamic group in ldap (we are using OID Oracle internet Directory 10.1.2.0) , ldapsearch returns the correct list of unique names, but the account does not appear on my profile page when I log in to UCM (10.1.3). I cannot find any documentation so I'm asking myself if it is supported .....

  Thanks tim ... will check, but Oracle are saying :
  Oracle Universal Content Management - Version: 7.5.1
  Information in this document applies to any platform.
  Product: Content Server
  Version: 6.0
  Goal
  Can the Content Server's LDAP provider support, or can it be configured to support, dynamic LDAP groups?
  Solution
  The Content Server by itself is unable to process dynamic LDAP groups since the filter that is used cannot read dynamic groups. However, dynamic groups can still work in the Content Server if the permissions for the queried user are generated on the LDAP server side. For example: Novell and Active Directory both have this functionality.
  to which I have replied you suport 3rd party ldaps, but not your own? Shurely shome mishtake ..... if ldap search works in a seamless way, surely provider should too ....
  Billy, you may well be right, just got a cashflow problem over here !

• Identity Service LDAP with dynamic grouping

  Hi all,
  We are developing an enterprise application with oc4j and bpel.
  First we managed to handle user management with XML based JAZN tool.
  After that,we managed to connect identity service with iPlanet LDAP server and get users and roles(with static groups defined.)
  But our client wanted static and dynamic groups together in their LDAP server,because of the complexity of their current user base.
  When we try this,we cannot get the roles that are assigned with dynamic groups.But we can get the roles that are statically defined.
  We check the roles from the worklist application (integration/worklistapp... thing..) and we se the static groups where we cannot see dynamic one's.
  There is a section in is_config.xml like:
  <roleControls>
  <property name="nameattribute" value="cn"/>
  <property name="objectclass" value="groupOfUniqueNames"/>
  <property name="membershipsearchscope" value="onelevel"/>
  <property name="memberattribute" value="uniquemember"/>
  <search searchbase="ou=Groups,dc=dummy,dc=com,dc=tr" scope="onelevel" maxSizeLimit="1000" maxTimeLimit="120"/>
  </roleControls>
  I think the property uniquemember has an effect in this situation but I cannot find any sample configurations using dynamic groups in LDAP.
  Hope somebody has already done that..

  I find a solution here:
  http://download.oracle.com/docs/cd/E15523_01/integration.1111/e10226/hwf_config.htm
  I am currently using weblogic's defaultAuthentication to test BPM 11g.
  I do not know if this approach works in production environment.