IAS and LDAP

Where is the JNDI tree stored in iAS? Is it stored in LDAP or does iAS
have a custom API for storing the JNDI tree? Is there any kind of JNDI
API in iAS 6.0, sp3?
Shiva.

Hi,
The LDAP in iAS is used for storing authentication information and a
part of iAS registry. iAS does not have it's own or custom built API. Hope
this answers your question.
Regards
Raj
Shiva Paranandi wrote:
Where is the JNDI tree stored in iAS? Is it stored in LDAP or does iAS
have a custom API for storing the JNDI tree? Is there any kind of JNDI
API in iAS 6.0, sp3?
Shiva.

Similar Messages

  • WLC and LDAP Groups

    Is there any way on an LDAP server to create an LDAP group that can be tied to the WLC for LDAP authentication.  I have this url that explains local authentication and LDAP...  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml .  That helps with local authentication but one thing I don't see is any guidance on how to create a group in a DC to communicate with anything on WLC.  Any ideas?

    You are right. You need a radius server overall that integrates with AD and do AD-to-radius group mapping. This way authentication is allowed/denied from radius, not WLC itself.
    If the user can get a radius server to achieve this that will be great (especially if the user is using 802.1x/EAP authenticaion). If not, what I described about OU mapping is the only solution to get the users classified as per what I understood from users requirements.
    The user is not only limited to Microsoft RADIUS (IAS or NPS). However, any radius server that supports AD group mapping can be used. with cisco ACS for example this is supported as well. I am not sure if this is also supported with open-source radius (openRadius for example). But if it is then openRadius can also be used.

  • Problem with ADS and LDAP

    Problem with ADS and LDAP
    I have installed Win2000 + sp1 and ADS on a computer. This computer is PDC.
    After connection via LDAP I cann't get any object ( users or goups etc. ).
    I try connect to ADS by java ( JNDI ).
    When I use another clients of LDAP ( eg. Maxware Directory Explorer) I have
    the same problem - no objects.
    Can anybody help me?
    Grzegorz Pszona
    my e-mail: [email protected]

    Thanks a lot.
    Softerra's browser is really good.
    Thanks
    Rashmi
    "Anant Kadiyala" <[email protected]> wrote:
    >
    I used Softerra's LDAP browser. The browser is free. There is also a
    java baded
    LDAP browser from Univ of Michigan. I found the Softerra browser to be
    more easier
    to use.
    -anant
    "rashmi" <[email protected]> wrote:
    Hi,
    Can you please let me know which exact ADS tool that you used to examine
    the
    DN. I have Active Directory Users and Computers, Sites and Servicesand
    Domain
    and Trusts installed on my machine but I am not able to figure out how
    to get
    the DN?
    Thanks
    Rashmi
    for Stephen Davies <[email protected]> wrote:
    Grzegorz,
    I have had WLS6.1 & ADS working ok using LDAP V2. Mind you it did take
    a
    fair bit of messing around to get it going. MS does have a few oddities,
    for example the Administrators DN might look something like this:
    cn=Administrator,cn=Users,dc=eglobal,dc=net
    One tool that I found invaluable came with the additional support tools
    for Windows 2000. The 'Active Directory Administration Tool' made it
    easy to list the directory contents and examine the DNs.
    Regards,
    Steve
    Stephen Davies
    Principal Consultant
    eGlobal Services Pty. Ltd.
    Sydney, Australia
    Ph. +61 2 9283 1033
    http://www.eglobal.net/

  • Single sign-on using Kerberos and Ldap

    I am currently setting up single sign-on using Kerberos for authentication and Ldap for authorization and information store.
    The setup includes several Solaris 8 & 9 workstations, a couple of SGI's, as well as a M$ terminal server farm, several WinXP desktops and their associated Active Directory.
    I am required to authenticate etc against the AD. (which has M$ SFU3.5 installed)
    I have the Kerberos authentication and part of the Ldap service working via pam & nss.
    ie. I can logon to the solaris worksatations using the AD username and password, mount the home directory from a M$ NFS server.
    BUT...
    id gives:- userID, groupID (primary group only)
    groups :- primary group only. (no secondary groups are listed)
    Question: what additional configuration information do I need in the pam, nss &/or ldap config files, so that I can list the secondary groups.
    Thanks in advance for any help.

    After evaluating (giving up on, and finally throwing out) the Sun Directory server it looks like we are going to endup with a similar solution..
    Sadly enough, the MS AD seems much more stable and easier to handle than Suns DS, kerberos and associated services.
    Anyway, currently we are evaluating a product called vintela ( www.vintela.com ), and it seems very promising; its easy, robust, stable and does what we require it to do, as well as more :) It comes with an additional nss module called 'vas', so you easily can retrieve data like hosts/groups from your AD.
    //M.

  • Java API's supported in the Jdeveloper, IAS, and RDBMS product components

    If there are any technical errors or "mistatement of the facts" in this posting, please let me know about them ..
    This article is being delivered in Draft form and may contain
    errors. Please use the MetaLink "Feedback" button to advise
    Oracle of any issues related to this article.
    PURPOSE
    This article describes the "Enterprise Java Beans" (EJB), "Java Server Pages"
    (JSP) and servlets Application Programming Interfaces (API) supported by the
    Oracle products, Jdeveloper, Internet Application Server (IAS) and the Oracle
    RDBMS release 2 and release 3, also known as Version 8.1.6 and 8.1.7,
    respectively.
    SCOPE & APPLICATION
    All parties interested in the Java API's supported by these products.
    Java API's supported in the Jdeveloper, IAS, and RDBMS product components
    JDEVELOPER
    JDEVELOPER is Oracle's Java development tool designed for coding / development,
    testing / debugging, and deployment of Java Applications to the IAS and
    RDBMS platforms.
    With the java software api's being in a constant state of evolution, each new
    release of Jdeveloper adds support for the "then current" version of the java
    software api's, if it does not already have it implemented.
    JDEVELOPER SERVLET API JSP API EJB API
    VERSION VERSION VERSION VERSION
    3.2.X.X 2.2 1.1 1.1
    3.1.X.X 2.1 1.0 1.0
    NOTE :
    Sun Microsystems and their advisory teams (Oracle is on it) is working on
    "draft" specifications for the next version of all of these API's
    EJB -------> http://java.sun.com/products/ejb/index.html
    JSP -------> http://java.sun.com/products/jsp/index.html
    Servlets --> http://java.sun.com/products/servlet/?frontpage-javaplatform
    It is anticipated that future releases of Jdeveloper will continue to be
    upgraded to include support for the next version of each api.
    To obtain the latest information on Oracle's Internet Development Suite (IDS)
    of tools, please review the "Internet Developer Suite" information located
    on Oracle's technet web site at :
    http://technet.oracle.com/products/index.htm
    IAS
    IAS is Oracle's next evolution of the web server and application server
    product technology superceeding the Web Application Server (WAS) and Oracle
    Application Server (OAS) product lines.
    IAS SERVLET API JSP API EJB API EJE VERSION
    VERSION VERSION VERSION VERSION SUPPORTED
    9I(1.0.2) 2.2 1.1 1.1 817
    8i(1.0.1-NT) 2.0 1.0 1.0 816
    8i(1.0.0-UNIX) 2.0 1.0 1.0 816
    The IAS product contains two Java Virtual Machines (JVM) within it's
    architecture.
    They are called :
    1) APACHE JSERV servlet engine
    2) ORACLE ENTERPRISE JAVA ENGINE (EJE)
    APACHE JSERV servlet engine
    The APACHE JSERV servlet engine is an EXISTING product licensed from the
    apache group which supports the servlet api 2.0.ONLY.
    The APACHE JSERV product does not support ANY JSP's unless the customer
    installs a third party jsp engine.
    The IAS 8i/9i which has the APACHE JSERV product embedded in it, comes with
    Oracle's JSP engine (OJSP) already integrated into it. OJSP supports JSP's up
    to the specific JSP engine version documented in the Oracle Universal
    Installer (OUI) for the 8.1.7 RDBMS or the IAS products. It is also documented
    in the product's release notes.
    Oracle ENTERPRISE JAVA ENGINE (EJE)
    The EJE formerly known as :
    1) Oracle 8i Java Virtual Machine (JVM)
    2) JSERVER component,
    3) Aurora JVM
    was originally releas ed in the RDBMS 8.1.5 database with jdk 1.1.6 based java
    support.
    The currently supported versions of the Oracle 8i RDBMS, versions 2 and 3,
    also known as Version 8.1.6 and 8.1.7, respectively, provides a jdk 1.2.1
    based java virtual machine support.
    "EJE" Version 816
    This EJE, found in rdbms 8.1.6 and IAS 8i, contains support for the ejb
    api 1.0, corba, and java stored procedures.
    "EJE" Version 817
    This EJE, found in rdbms 8.1.7 and IAS 9i, contains support for the ejb,
    corba, and java stored procedures as well as the Oracle Servlet Engine (OSE)
    which provides support for the servlets 2.2 api and JSP 1.1 api.
    Note :
    EJB support in the "EJE" Version 817 has been upgraded to comply with the EJB
    1.1 api specification which includes "entity beans" support.
    What is the bottom line ??
    1) Servlets deployed to the APACHE JSERV must comply with servlet api 2.0.
    2) Servlets 2.1 or higher are only supported in EJE's OSE component found in
    the rdbms 817 or ias 9i products. Servlets api 2.0 can also run in the OSE.
    References
    1) "Oracle9i Application Server Technical White Paper" located at :
    http://technet.oracle.com/products/ias/pdf/9ias_102.pdf
    2) "Whats New? Oracle8i JVM Accelerator, Oracle Servlet Engine, OracleJSP ..."
    located at :
    http://technet.oracle.com/products/oracle8i/pdf/504.pdf
    3) "Oracle8i Release 3 New Features Summary" located at :
    http://technet.oracle.com/products/oracle8i/pdf/8iR3_nfs.pdf
    null

    which jvm is used by jserv ?? EJE or a separate jdk ?
    The Jserv servlet engine is running in a separate jdk JVM external to the EJE jvm which is embedded within the "database" component of ias and the RDBMS.
    See the reference below for more details ...
    if jserv only support old apis, why it is in oracle's products ?
    i would assume that the oracle servlet engine was under development when ias 8i was released and became available in time for the ias 9i and rdbms 817 products.
    looking back in history leads me to believe ias 8i was a migration path to get to ias 9i or rdbms 817.
    Based upon the long history of new releases of every oracle product being upgraded with new features, it's reasonable to assume that these products will continue to evolve.
    when I deploy a jsp how to deploy in the right servlet container ("EJE") ?
    as documented in the reference below, you can deploy JSP's to either the apache jserv jvm or the EJE since the ORACLE JSP engine functionality is in both jvm's.
    there are many posts where you can see that people have deploy in jserv and they have problems because they don't use the right container (servlet 2.0 instead of
    servlet 2.2) http://technet.oracle.com:89/ubb/Forum2/HTML/006349.html
    when ias 8i came out this was clearly an issue since servlet support was at api 2.0, and the current servlet api was probably at 2.1.
    oracle clearly made every effort to get ias 9i released quickly to supply a servlet 2.1 and 2.2 capable engine to resolve this issue.
    since ias 9i and rdbms 8.1.7 are available this is no longer an issue.
    The reference below explains the architecture and understanding it would eliminate a lot of "deploy to the wrong ias 9i component" issues.
    so why jserv is bundled with oracle 8i/9ias since EJE support the right api version ?
    if in ias 9i release , oracle had removed the jserv component without any advance warning, many customers would have been very upset since oracle makes every attempt to give advance notice before removal of functionality.
    References
    1) "Oracle9i Application Server Technical White Paper" located at :
    http://technet.oracle.com/products/ias/pdf/9ias_102.pdf

  • Adding phones and users with bat and LDAP sync

    What are the various ways of importing users with phones when the Communications Manager 9.0 is sync'd with LDAP.  Also, what method is the easiest and fastest?
    For example, I could do the following steps:
    Sync CUCM with LDAP to import new users, add phones using bat files, manually update users to associate devices etc
    I believe I should also be able to do the above method and use a bat file to update the users to associate devices etc.  This method still involves 2 steps and the creation of 2 seperate bat files.
    In CUCM version 9 it is possible to have local and LDAP users, so is it possible to add the phones and users using the phones/users tab of the bat file and have them beocme LDAP users?
    Thank you,
    Danny

    #1 Remove this embedded CSS code from your HTML document(s).  You don't need it.
    body {
        background-color: #CCC;
    body,td,th {
        color: #FFF;
        font-size: 14px;
    #2 Open  PW.css file and add this to the top:
    body {
    font-family: Arial, Helvetica, sans-serif;
    font-size: 14px;
    background-color: #CADFEB;
    /**or insert a background-image using the CSS editor**/
    #3 Remove font-family and font-size from all your other CSS selectors.  You don't need to duplicate styles on every element. 
    #4 Replace this:
    #content {
        position:absolute;
        left:199px;
        top:10px;
        width:860px;
        z-index:1;
        right: auto;
        background-color: #FFF;
        text-align: center;
        color: #000;
        height: auto;
    with this:
    #content {
         width:860px;
         margin: 20px auto;
         border: 4px solid silver;
         background-color: #FFF;
         text-align: center;
         color: #000;
         -moz-box-shadow: 5px 5px 5px #888;
         -webkit-box-shadow: 5px 5px 5px #888;
         box-shadow: 5px 5px 5px #888;
    #5 Save your PW.css file and upload to server.
    Nancy O.
    Alt-Web Design & Publishing
    Web | Graphics | Print | Media  Specialists 
    http://alt-web.com/
    http://twitter.com/altweb

  • OBIEE and LDAP problem

    Hi all!
    After connecting our OBIEE 11.1.1.5 to LDAP we faced with a strange problem: after one user enters the system any next user logged in has the same privileges in OBIEE as the first one.
    We turned off the following caches:
    - WebLogic Principal Validator Cache in a security realm Performance section
    - Group Membership Lookup Hierarchy Caching in our LDAP authentication provider Performance section
    But the problem still occurs. Does anyone have any suggestions on this?

    Hi I was having endless issues with OBIEE and LDAP, I followed the exact steps here:
    http://docs.oracle.com/cd/E17904_01/web.1111/e13707/atn.htm#SECMG169
    These worked for me, so you could check for a start these recommended setting are same in your environment.
    Thanks

  • XI 3.1 Client Tools and LDAP Authentication

    I have Business Objects XI 3.1 SP2 installed.  For the web clients (InfoView) single sign on and LDAP authentication are working correctly.  However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
    [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
    Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?

    Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
    Take a look at note 1272536 (http://service.sap.com/notes)
    Regards,
    Stratos

  • I want to see list of Disabled user from AD and LDAP

    Hi
    i wan see the list of disabled user from AD and LDAP and it shows in the next page as Tabular format
    having all the details of AD (Attributes)

    Hi
    i wan see the list of disabled user from AD and LDAP and it shows in the next page as Tabular format
    having all the details of AD (Attributes)

  • Connected MDM and LDAP, but but now what? Why user mapping?

    Hi Gurus,
    In my last thread, I posted that I was not able to connect MDM with LDAP. I was finally able to.
    My problem now is I have to define user mapping in SAP Portal for the MDM business iViews to work.
    By connecting MDM and LDAP, I got the benefit that now the authentication and authorization is happening via LDAP.
    But this does eliminate the need for user mapping. If this is the case then why the real benefit of using LDAP?
    In this case this becomes worse as I need to know the user's LDAP Password which no body will share for sure.
    Any ideas? I want to get rid off this user mapping stuff.
    Warn Regards,
    Karan

    without knowing specifics of ur architecture, i can quickly point out two things:
    1)  LDAP is primarily used for authentication, true.
    2) Portal User mapping should not be an issue if u already have portal tied up to the active directory or some kind of single sign on?
    So portal knows the users who has logged it, polls the Active directory for authentication and Active directory logs into MDM with that users role.
    -Sudhir

  • ISE and LDAP Integration

    Hello,
    I have a question about the LDAP integration with the ISE:
    Since the ISE has a limitation of reading only 100 groups, I cannot find the groups that I need to use on the authorization, and also the ISE cannot find group if I search for it directly.
    What I mean here, that I can fetch the first 100 groups from the top of the directory, but when I search as example for any group (appear on the list or not) the ISE did not find it.
    Even I tried to change the base DN and the search DN but without luck.
    The ISE version is 1.1.4 installed on VM and the LDAP schema is AD.
    Is there any missing information/tips required in such integration?

    Hello,
    I found a cisco doc that provides resolution of Key Features of Integration of Cisco ISE and LDAP .I hope this helps!
    This section contains the following:
    •Directory  Service
    •Multiple  LDAP Instances
    •Failover
    •LDAP  Connection Management
    •User  Authentication
    •Authentication  Using LDAP
    •Binding  Errors
    •User  Lookup
    •MAC  Address Lookup
    •Group  Membership Information Retrieval
    •Attributes  Retrieval
    •Certificate  Retrieval
    http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1059913

  • Setting up authentication using IAS and an AP1200

    I'm trying to get RADIUS authentication working using Windows 2003 IAS and an AP1200, client is an AIR-CB21AG with latest drivers (2.1). Can anyone point me to a "how to" guide or advise how to configure each component to get it all working?
    Thanks in advance!

    Gerardo
    A customer that I work with has set up lots of VPN connections to remote sites where the remote site is behind a cable network connection including actiontech routers. We are using the 1841 router but I would think that the 1861 would be able to do this without much problem.
    As to the specific questions that you ask:
    - We use GRE/IPSec tunnels and it works well.
    - there should not be any configuration changes on the actiontech router.
    - as far as caveats:
    + make sure that the image on the 1861 is the advanced security feature set or the advanced services feature set so that you get support for the encryption needed for VPN.
    + in our implementation we require that the remote site have a fixed IP address which allows each end of the VPN to uniquely specify its peer and allows either end of the VPN to initiate the connection. I assume that your user is getting an address via DHCP from the actiontech. This will mean that your head end will have to accept connection requests from anyone and authenticate to verify that it is an authorized request. And it will mean that the remote must initiate the connection.
    If it is a single user at this remote location would it be feasible to set it up as a remote access VPN rather than a site to site VPN and to have the user use the VPN client which would eliminate the requirement for a router at the remote site?
    HTH
    Rick

  • Database Table and LDAP Authentication in the same repository?

    I'm wondering if it's possible to authenticate through database tables for some users and LDAP for other users. I can configure each one separately but I'm curious if anyone has ever successfully done both in the same repository.
    Thanks,
    -Matt

    Another thing to try is this. I don't have an LDAP server here but it worked for me without LDAP. I think it should also work with LDAP as it is the same idea. I don't think there is a way to have a conditional Init Blocks. Also you can't have two init blocks setting the same variable (USER in our case). But what you can do is to have two Init Blocks, one for LDAP authentication and the other one for table authentication. So you could have this scenario:
    1) LDAP "authentication" init block sets custom variable LDAP_USER
    2) Table "authentication" init block sets custom variable TABLE_USER
    3) Final authentication init block (the real one) sets USER variable using something like this:
    SELECT CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
    ELSE ':TABLE_USER'
    END
    FROM DUAL
    WHERE CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
    ELSE ':TABLE_USER'
    END = ':USER'
    Note how I use the CASE statement both to return the user value I want the USER variable to be set and also in the WHERE clause to make sure no rows are returned in case authentication fails (which should return no rows to denote a failed authentication). Obviously you need to set the init block dependancies correctly. I did a quick test with users coming from two separate Oracle tables in 2 init biocks and it worked fine for me. Give it a try and let me know how it goes.

  • How to config messaging 5.2 and ldap 5.2 with smtp auth?

    Hello.
    I want to config smtp auth for msg 5.2 and ldap 5.2.
    How to step of work.
    I config follow admin guide but it not work.
    Please help me and advice me.

    For your internal clients to be authenticated,
    replace "mustsaslserver" instead of "maysaslserver" in tcp_intranet channel on your imta.cnf file. Then all clients connecting from your internal IPs (listed on your mappings file) will be authenticated.
    Add the below two parameters for messenger express users to use the same system.
    configutil -o local.service.http.smtpauthuser -v "store admin user name"
    configutil -o local.service.http.smtpauthpassword -v "store admin password"
    All other external smtp connections (MX pointed) are not authenticated since they are directed to tcp_local channel.

  • Database, iAS and iDS installed in one box

    I would like to install 9.2.0.1 Database, 9.0.4.1 iAS and 9.0.4.1 iDS all in one box, Does any body have ever had this experience before? please share your experience with me, or at least could advice me where I can find the resource or article. Thank's and best regards.

    Database Installation

Maybe you are looking for

  • How do I edit the CSS of a Dynamic Menu with Dreamweaver and Business Catalyst.

    I've watched tutorials on v2 menu module and it obviously was not made for someone just starting out in Business Catalyst. I want to edit the CSS of my Dynamic Module, preferably V1, but if I have to use version 2 I will. The problem I am running int

  • .swf files not displaying all of a sudden!

    Hi all currently working on a new website for my design company and have hit an unexpected - and very annoying - problem! my portfolio graphics are all vector illustrations - I export them from there as a .swf file - dump them into dreamweaver - and

  • Delete & Un locK   purchase Order

    Hi experts, How can i set a option for 2 users can not be Un LOCK the  purchase order . how can i set  option for only for 1 user to Unlock  option. how to get this AUTHORIZATION in  PFCG roles or   is there any   T code like JOY transaccions. becaus

  • Suggestions please read

    I am going to be making an interactive java tutor in director for my final year project, the key word being interactive I don't want it to be a long presentation. I am not sure if this forum is the correct one so I am sorry if it not but could anybod

  • I edited some photos..  gave them to my sister and she cant open them.. she wants to print them.. is there a way to help her?

    I wanted to upload some of my photos to costco.. they are MY photos.. I edited with photoshop elements 11... and i cant up load.. HELP... did i do something..  can I even print them.?  am i too dang dumb to figure it out.? im frusterated...  can you