IDM / Active Directory : Attributes not geting updated
I am trying to update attributes in my Active Directory Resource, via IDM. But, they are not getting updated.
Before we installed the IDM system in our organization, the Active Directory's "*Department*" field contained previous (old) information.
Now, we want to use IDM to update this information for ALL our employees.
I used the "*Default*" syntax in the IDM User Form, as follows :
*<Field name = 'global.department'>*
*<Display class='Text'>*
*<Property name='Title' value='Department'/>*
*</Display>*
*<Default>*
*<s>Sales Department</s>*
*</Default>*
*</Field>*
Next, I mapped this attribute to the Active Directory "*Department*" field.
However, the new value "*Sales Department*" is not being sent to Active Directory. The old values still remain.
When I tried to do the update directly in AD...........I simply DELETED the old value. And then, I went to IDM to update the employee's account (thereby, I tried to PUSH the new value into AD). But, it did not work. Instead, IDM displayed the following info :
Old value : "empty space"
New value : "old data"
The new data........"*Sales Department*"..........was not being sent to AD.
Next, I simply repeated the update process in AD. But this time, I erased the old data, and wrote "*Sales Department*". Then it worked. AD accepted the new data, and also sent it BACK to idm.
I found this very strange
*(a) why does AD not get updated with the new value from IDM?*
*(b) why does AD reject the new value if the field itself (in AD) is left blank?*
*(c) how can I UPDATE all the employees in Active directory with the new DEFAULT data : "Sales Department"*
MichaelSt wrote:
I want IDM to update AD (meaning, the data-flow is from IDM to AD), not the other way round.
Using "*accounts[AD].department*" means that IDM will take its data FROM active directory. I want AD to take info FROM idmSorry but that's incorrect. The global namespace simply maps an attribute to the equivalent accounts[...].attribute name. So global.department would translate to accounts[AD].department and accounts[LDAP].department and accounts[Some Resource].department. (Incidentally, global.department would get set by the first resource IDM reads with a department attribute so it is very possible to read the attribute from AD. AD may simply not be the first one that IDM comes across.)
Setting the individual resource value, as redindian suggested, is a perfectly valid way of pushing attributes to the resource. (Assuming of course you have the attribute marked as writable in the resource configuration.) So technically if you so desired, you could set different values for accounts[LDAP].department and accounts[AD].department and accounts[Some Resource].department which you cannot do if you use the global namespace.
I do this all the time for some of my attributes. For example, some of my resources (usually the really old legacy ones) require an upper case email address while others require lower case addresses. I set different values for accounts[Legacy Resource].email and accounts[Newer Resource].email when I want to push the attribute down to the resource. I also avoid the global namespace like the plague. I've had so many problems with it mapping data incorrectly that it's just easier to set the individual attributes directly.
The attributes set in the accounts[Resource] namespace is a perfectly valid way to both reference attributes on a resource as well as set them.
As has been suggested, don't use a default but rather use an expansion.
Similar Messages
-
Active Directory client not dynamically updating DNS
Hi,
There has been some other issues mentioned on other threads regarding the Active Directory Plugin within Lion, it does appear to be flaky.
I just wanted to make sure that the issue I'm having is not down to a mis-config by myself.
We have several Macs running 10.7.1 and are bound into Active directory (Windows 2008 r2) however, it appears that the DNS records for these machines are not being dynamically created within AD. (All Zones are AD intergrated) All 10.6.x clients seem to work fine and records are created and updated dynamically as IPs change etc.
Is anybody else having this issue? If not, any ideas why this is happening?
Thanks in advance.Hi!
I'm having exactly the same problem and nobody seems to have an answer.
Regarding the reply you got, this has nothing to do with Lion Server. We're talking about Lion clients bound to an AD (Windows Server 2008 R2, in my case) not dynamically registering their DNS entries.
I also noticed that the DHCP entries for those clients are missing the "Name" property, which is already symptomatic of something going wrong.
Anyone? -
Making LDAP calls to update Active directory attributes
Hi,
I see a lot of postings about authenticating using LDAP, Ibut I am trying to make LDAP calls to update Active directory attributes
How can I do this from my BPEL process ? My input xml file will have a list of users whose attributes need to be updated.
I need to query by making LDAP calls and update as needed.
I am a novice to a step by step guidance will be very helpful.
Thanks much!This is really an AD question. Basically the easist way is to expose a web service to do this then BPEL calls that web service. I think later versions of AD do this out of the box.
Otherwise there are many examples on Google using differnt technology.
cheers
James -
Find Active Directory Attributes that are Not Set
I'm trying to generate a report that lists all accounts where the thumbnailPhoto attribute in Active Directory is not set. I've tried using WHERE thumbnailPhoto < 0, WHERE IsNULL({thumbnailPhoto}) and several others with no success. Can anyone point me in the right direction?
Hi,
1) What version of Crystal Reports are you using?
2) Are you using a SQL Query to report against the Active Directory?
3) What is the datatype of the 'thumbnailPhoto' field?
-Abhilash -
Have an existing ex2010 sp3 organization.
Could not run ex2013cu1 setup from my newly built 2012 server, getting the error in the subject line. I used the command line to run the AD preparation steps successfully from my 2012 DC/GC, then tried to run setup again from the new 2012 server and
still get the same error. The error itself in the log is pretty useless:
[05/07/2013 01:19:13.0137] [0] **********************************************
[05/07/2013 01:19:13.0137] [0] Starting Microsoft Exchange Server 2013 Cumulative Update 1 Setup
[05/07/2013 01:19:13.0137] [0] **********************************************
[05/07/2013 01:19:13.0152] [0] Local time zone: (UTC-08:00) Pacific Time (US & Canada).
[05/07/2013 01:19:13.0152] [0] Operating system version: Microsoft Windows NT 6.2.9200.0.
[05/07/2013 01:19:13.0152] [0] Setup version: 15.0.620.29.
[05/07/2013 01:19:13.0152] [0] Logged on user: DOMAIN\ADMINISTRATOR.
[05/07/2013 01:19:13.0168] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
[05/07/2013 01:19:13.0168] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
[05/07/2013 01:19:13.0215] [0] Command Line Parameter Name='sourcedir', Value='\\h1\f$\junk\installers\server\Exchange\2013cu1'.
[05/07/2013 01:19:13.0215] [0] Command Line Parameter Name='mode', Value='Install'.
[05/07/2013 01:19:13.0215] [0] RuntimeAssembly was started with the following command: '/sourcedir:\\SERVER\f$\junk\installers\server\Exchange\2013cu1 /mode:Install'.
[05/07/2013 01:19:13.0215] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
[05/07/2013 01:19:13.0793] [0] Finished loading screen CheckForUpdatesPage.
[05/07/2013 01:19:38.0762] [0] Finished loading screen UpdatesDownloadsPage.
[05/07/2013 01:19:40.0496] [0] Starting file's copying...
[05/07/2013 01:19:40.0496] [0] Setup copy files from '\\SERVER\f$\junk\installers\server\Exchange\2013cu1\Setup\ServerRoles\Common' to 'C:\Windows\Temp\ExchangeSetup'
[05/07/2013 01:19:40.0700] [0] Finished loading screen CopyFilesPage.
[05/07/2013 01:19:40.0840] [0] Disk space required: 1292445007 bytes.
[05/07/2013 01:19:40.0840] [0] Disk space available: 23767240704 bytes.
[05/07/2013 01:19:59.0762] [0] File's copying finished.
[05/07/2013 01:19:59.0965] [0] Finished loading screen InitializingSetupPage.
[05/07/2013 01:20:02.0934] [0] Setup is choosing the domain controller to use
[05/07/2013 01:20:09.0325] [0] Setup is choosing a local domain controller...
[05/07/2013 01:20:11.0794] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
See the Exchange setup log for more information on this error.
[05/07/2013 01:20:11.0794] [0] [ERROR] Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
[05/07/2013 01:20:11.0809] [0] Setup will use the domain controller ''.
[05/07/2013 01:20:11.0809] [0] Setup will use the global catalog ''.
[05/07/2013 01:20:11.0825] [0] Exchange configuration container for the organization is 'CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local'.
[05/07/2013 01:20:11.0919] [0] Exchange organization container for the organization is 'CN=DOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local'.
[05/07/2013 01:20:11.0966] [0] Setup will search for an Exchange Server object for the local machine with name 'WEX1'.
[05/07/2013 01:20:12.0028] [0] No Exchange Server with identity 'WEX1' was found.
[05/07/2013 01:20:12.0044] [0] The following roles have been unpacked:
[05/07/2013 01:20:12.0044] [0] The following datacenter roles are unpacked:
[05/07/2013 01:20:12.0044] [0] The following roles are installed:
[05/07/2013 01:20:12.0059] [0] The local server does not have any Exchange files installed.
[05/07/2013 01:20:12.0075] [0] Server Name=WEX1
[05/07/2013 01:20:12.0137] [0] Setup will use the path '\\SERVER\f$\junk\installers\server\Exchange\2013cu1' for installing Exchange.
[05/07/2013 01:20:12.0137] [0] The installation mode is set to: 'Install'.
[05/07/2013 01:20:27.0591] [0] An Exchange organization with name 'DOMAIN' was found in this forest.
[05/07/2013 01:20:27.0591] [0] Active Directory Initialization status : 'False'.
[05/07/2013 01:20:27.0591] [0] Schema Update Required Status : 'False'.
[05/07/2013 01:20:27.0591] [0] Organization Configuration Update Required Status : 'False'.
[05/07/2013 01:20:27.0591] [0] Domain Configuration Update Required Status : 'False'.
[05/07/2013 01:20:27.0841] [0] Applying default role selection state
[05/07/2013 01:20:27.0872] [0] Setup is determining what organization-level operations to perform.
[05/07/2013 01:20:27.0872] [0] Because the value was specified, setup is setting the argument OrganizationName to the value DOMAIN.
[05/07/2013 01:20:27.0872] [0] Setup will run from path 'C:\Windows\Temp\ExchangeSetup'.
[05/07/2013 01:20:27.0888] [0] InstallModeDataHandler has 0 DataHandlers
[05/07/2013 01:20:27.0888] [0] RootDataHandler has 1 DataHandlers
[05/07/2013 01:20:27.0903] [0] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency. See
the Exchange setup log for more information on this error.
[05/07/2013 01:20:27.0935] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
See the Exchange setup log for more information on this error.
[05/07/2013 01:21:04.0154] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
[05/07/2013 01:21:04.0154] [0] End of Setup
[05/07/2013 01:21:04.0154] [0] **********************************************Hi,
The cause is clearly described in the log:
[05/07/2013 01:20:11.0794] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
See the Exchange setup log for more information on this error.
[05/07/2013 01:20:11.0794] [0] [ERROR] Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
I'd suggest you check NIC settings and AD configuration.
Hope it is helpful.
Fiona Liao
TechNet Community Support -
GENPC in ESTOH table not geting updated while creating report.
Hi Guys,
I am trying to create a report but once the report is created it is going to generation running status.
I checked table ESTOH where all the item comes once areport is created. There is a field called GENPC in ESTOH table which logically should get filled with the Generation server automaticallly.
The issue is that field is not geting updated with server value.
But if i edit the table and fill the field GENPC with server name , it is then getting prcessed correctly and report is getiing generated.
My question is why GENPC in table ESTOH is not getting updated automatically when a report is created.
Regards,
AnoopHello Anoop,
could you please indicate which release you are using (ECC 6.0 with or without activated Enh.PAck 3).
Are the WWI Work Processes running as scheduled (work processes ?); is the dispatcher running normally ?
Have you checked transaction CG5Z ? Here you should see immediately which generation server should generate the WWI document.
Normally it is like you have explained. You generate a report (from g02) and in the background the dispatcher dispatches this to a WWI work process which takes over the further activities. Then the data is collected and passed on to the WWI server. THen the report is build and the WWI document is passed back to SAP R/3. Im an not sure at which point of time the WWI document get the "unique id" in DMS (what means is the number generated before the WWI is asked to generate something or is it generated if the document has been passed bacK.
Do you have the problem always with the same generation server? Is this always the same specification and generation variant language combination?
During the process the normal status net is used. If you check Cg50 you should be able to control the progress of generation.
The normal status net is like this:
SW => RR => GP => GS => CO => RE => HI (refer to http://help.sap.com/erp2005_ehp_04/helpdata/en/a7/288aa30a6c11d28a220000e829fbbd/frameset.htm
Example of a Status Network for Reports )
If you have the status "generation possible" and nothing is happening any more in most case there is some trouble with SAP => RFC => WWI destination.
Therefore check in additiion WWI version, RFC connections etc.
With best regards
C.B.
Edited by: Christoph Bergemann on Jul 22, 2010 8:30 PM
Edited by: Christoph Bergemann on Jul 22, 2010 8:39 PM
Edited by: Christoph Bergemann on Jul 22, 2010 8:45 PM
Edited by: Christoph Bergemann on Jul 22, 2010 8:45 PM
Edited by: Christoph Bergemann on Jul 22, 2010 8:46 PM
Edited by: Christoph Bergemann on Jul 22, 2010 8:46 PM
Edited by: Christoph Bergemann on Jul 22, 2010 8:47 PM
Edited by: Christoph Bergemann on Jul 22, 2010 8:48 PM -
Hey Scripting Guys,
I have been in and out of Powershell last few years, not that great at it tbh !!! I'm looking for advice on how I can as in Title, Create a Powershell script to Scan Active Directory Attributes for Country and Department ,Then add to Group then add to Distribution
list based on Region/Country
I was thinking along the lines of get-aduser -LDAPFilter "(department=SALES France) and adding a where clause for country.
Any help would be great.
DecSo I have tried a few variations but get errors on both
get-aduser -LDAPFilter "(&(department=SALES)(c=us))" | Add-ADPrincipalGroupMembership -MemberOf "testgroup"
get-aduser -LDAPFilter "(&(department=SALES)(c=fr))" | Add-ADGroupMember -identity "testgroup"
Add-ADPrincipalGroupMembership : Object reference not set to an instance of an
object.
At line:1 char:86
+ get-aduser -LDAPFilter "(&(department=SALES)(c=fr))" | Add-ADPrincipalGroupMe
mbership <<<< -MemberOf "testgroup"
+ CategoryInfo : NotSpecified: (:) [Add-ADPrincipalGroupMembershi
p], NullReferenceException
+ FullyQualifiedErrorId : Object reference not set to an instance of an ob
ject.,Microsoft.ActiveDirectory.Management.Commands.AddADPrincipalGroupMem
bership -
Windows 2003 Active Directory Attribute Editor Tab
My Active Directory does not have an Attribute Editor Tab....how do I add it?
My Active Directory does not have an Attribute Editor Tab....how do I add it?
Bradheld is correct, attribute editor tab was introduced in windows 2008. To view the attribute editor tab from vista/windows 2008 & above for 2000/2003 forest, refer below article.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/6e6ef6bd-b5c9-4f16-b346-097832e3b93c/rsat-and-the-missing-attribute-editor-tab-solution?forum=winserverManagement
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
My question is i was updating a game it got update half then due to low battery my iphone get switch of now i am trying to update my game is not geting update so what should i do pls tell me ..?
See: Resolve iOS update and restore errors - Apple Support
That error usually means that your computer antivirus is blocking the update.
It can also mean that your phone was jailbroken, or your computer was used to jailbreak some iOS device in the past. -
Can the universe designer read in Active Directory attributes? I'm trying to apply row-level security to allow members of one group (by department ID, which is stored in an attribute in AD) permission to only view their department's information. Any help would be greatly appreciated. Thank you.
ChrisHi Chris,
You need to have configured AD authentication in the CMC. You can then import the AD group(s) with its users and use the group(s) in the Designer to apply row level restictions.
Hope this helps
Jacques -
Lync on websearch only but updates from active directory are not processed.
Hello,
I use "websearch only" for "addressbookavailability". This is working fine on all client.
I have a problem with changes in active directory. When we change for example "job title" of someone then the old "job title" stays present on lync client. When i do a reset of the client of a new installation the new "job title"
is present.
Although we use "websearch only" for some changes it seems that the local address book of lync is still used.
Does someone know how i can force a lync client to also query active directory for this.
I know that the lync server updates every night but on many clients the local address book is not updated.
RegardsYou still can force the Addressbook replication by running update-csuserdatabase and update-csadressbook. I suggest you delete the .slab files from Lync share web folder 0000000\000000 folder and then run above command. that will create brand new set of
files. the delete the sip folder from client PC and then restart the client to force download the local copy. see if that fix your issue.
http://thamaraw.com
Hello,
I'm sure this option will work. But this means that we have to do this on a regulary basis.
Is there no option to "force" lync client to query Active Directory all the time ? Not only for users. -
"Domain Users" group in Active Directory does not belong to any Group Membership in LC
Active Directory user belonging to "Domain Users" group does not belong to any Group Membership in LC, why does it not belong to "Domain Users" group?
Any way to correct this issue, without changing group membership on AD side?
If Active Directory user is member of "Domain Admins" or "Users" then these show same group membership in LC.
Thanks.If you want to use the Domain Users group for the purpose of representing all the users then you can use the "All principals in domain xxx" group which is created by UM.
Coming back to Domain Users group. For determining group membership in AD UM uses "member" attribute of the group object. "Domain Users" group is treated differently by AD. It is the default primary group for all the users and normally members of the primary group are not specified using the member attribute.So when we sync the data from AD "Domain Users" membership does not get completed. -
Word 2013 and Active Directory attribut
Hi,
I'm working with WS2008R2 SP1 AD and Office standard 2013 and W7 SP1 x64. Our compagny wants to create .dotm/.dotx with automatic fields.
For example, we want that when a user opens a .dotx his name appears automatically. This one is easy it's the {AUTHOR \*MERGEFORMAT}.
But What we want to do is to do the same for the:
- street adress
- email adress
- the job title
All informations are in our Active Directory, but it seems that Word does not read directly the Active Directory info but some cached info on the computer.
So, is there a way or workaround to create some .dotx with the possibility to extrat some AD fields attribut attached with some user and at the end to build a semi automatic doc with the information of the user who has open this .dotx/.dotm?
So far, clues say that I have to write some vba script and 2 kind of solution/workaround:
The first lead is:
To retrieve the user account properties from Active Directory, we have to turn to some VBA scripts, no way to achieve this via any built-in features.
As far as I know, you can bind to the user account object by using the
GetObject function and the LDAP provider.
Then use the GetInfo method to initialize the local cache with attributes of the user account object. This step will ensure that the most up-to-date attribute values of the ADSI object are retrieved.
For example:
Set objUser = GetObject _
("LDAP://...")
objUser.GetInfo
If you want to get this attributes when you create a new document based on a template (.dotx/.dotm), you'll need to use the
AutoNew macro.
the second lead is:
http://heureuxoli.developpez.com/office/word/creermodele/#L2-G
Thank you in advance for any king od answer.
best regardsHello,
Have you tried these two methods? What is the result and what is your decision?
If you're familiar with Visual Studio IDE and .Net Framework, I would recommend that you create a application-level or document-level Add-In for word. Because it's easy to access the AD with managed code, and it's suitable in your case. You can check the
MSDN document here for the related objects you need to use in .Net Framework to access AD:
https://msdn.microsoft.com/en-us/library/gg145037(v=vs.110).aspx
But if you just want to use VBA for Word, this kb article tells you how to do this via ADO connection:
https://support.microsoft.com/kb/187529/en-us?wa=wsignin1.0
If you want to know something about Active Directory itself, then it's not the correct forum, you can open up new thread in the AD forums for help.
Thanks for your understanding.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Update users in Active Directory form SQL query update
I need to update the fields in the
Active Directory 2003 users from a
SQL Server 2003 query. Any idea plissss???This is an powershell example to create AD users from SQL Server.
The Powershell cmdlet Set-ADUser will update the AD User fields.
$SQLText = "SELECT e.BusinessEntityID, p.Title, p.FirstName, p.MiddleName, p.LastName, p.Suffix, "+
"e.JobTitle, d.Name AS Department, d.GroupName, edh.StartDate, e.LoginID"+
" FROM HumanResources.Employee AS e"+
" INNER JOIN Person.Person AS p ON p.BusinessEntityID = e.BusinessEntityID"+
" INNER JOIN HumanResources.EmployeeDepartmentHistory AS edh ON e.BusinessEntityID = edh.BusinessEntityID"+
" INNER JOIN HumanResources.Department AS d ON edh.DepartmentID = d.DepartmentID"+
" WHERE (edh.EndDate IS NULL)"+
" AND (p.FirstName ='Brian')"
$SqlCon = New-Object System.Data.SqlClient.SqlConnection
$SqlCon.ConnectionString = "Server=localhost;Database=AdventureWorks2012;Trusted_Connection=yes;;"
$SqlCon.Open()
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.Connection = $SqlCon
$SqlCmd = $SqlCon.CreateCommand()
$SQLCmd.CommandText = $SQLText
$Result = $SQLCmd.ExecuteReader()
$Table = New-Object System.Data.DataTable
$table.Load($Result)
$SqlCon.Close()
$Password = "P@assword1"
foreach($Item in $Table)
$newUserID=@{
Name=$item.FirstName+$Item.LastName
Description="This is a test of a bulk user add"
GivenName=$item.FirstName
Surname=$item.LastName
DisplayName=$item.FirstName+" "+$Item.LastName
UserPrincipalName="$($item.FirstName+"."+$Item.LastName)@corp.contoso.com"
EmployeeID=$item.BusinessEntityID
ScriptPath='login.cmd'
Company="Contoso"
Department=$Item.Department
EmailAddress="$($item.FirstName+"."+$Item.LastName)@corp.contoso.com"
Title=$Item.JobTitle
$TargetOU="OU="+$item.Department+",DC=corp,DC=contoso,DC=com"
Try{
$newUserID
New-ADUser @newUserID -Path $TargetOU -ErrorAction Stop -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Passthru
Enable-ADAccount -Identity $newUserID.Name
Set-ADUser -Identity $newUserID.Name -ChangePasswordAtLogon $true
Write-Host "UserID $($newUserID.Name) created!" -ForegroundColor green
Catch{
Write-Host "There was a problem creating UserID $($item.UserID). The account was not created!" -ForegroundColor Red -
Portal Active directory attributes mapping
Hi All.
I am trying to map additional fields from the Active Directory to fields located within the Portal User Administration area.
I added the new fields within the XML file dataSourceConfiguration_ads_readonly_db.xml, and then uploaded this file using the config tool.I then configured SAP Portal to use the newly uploaded XML file. I then restarted the SAP Server.
Here is how I added new fields Zip and City to the XML file:
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection>
</privateSection>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user"/>
<attribute name="logonalias"/>
<attribute name="j_password"/>
<attribute name="userid"/>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal"/>
<attribute name="realm"/>
<attribute name="domain"/>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="email"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
<attribute name="Zip"/>
<attribute name="City"/>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER"/>
</nameSpace>
</principal>
<principal type="group">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="displayname" populateInitially="true"/>
<attribute name="description" populateInitially="true"/>
<attribute name="uniquename"/>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attribute name="dn"/>
</nameSpace>
</principal>
</responsibleFor>
<attributeMapping>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="logonalias">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="realm">
<physicalAttribute name="*null*"/>
</attribute>
<attribute name="domain">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="facsimiletelephonenumber"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="*null*"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephonenumber"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetaddress">
<physicalAttribute name="postalAddress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
<attribute name="Zip">
<physicalAttribute name="postalCode"/>
</attribute>
<attribute name="City">
<physicalAttribute name="l"/>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="memberof"/>
</attribute>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</nameSpace>
</principal>
<principal type="group">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="uniquename" populateInitially="true">
<physicalAttribute name="cn"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="member"/>
</attribute>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="memberof"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attribute name="dn">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
</principal>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
</privateSection>
</dataSource>
</dataSources>
I am not able to see the values for Zip and City inside the User Administration section of the Portal.
Please advise,
Thanks in advanceHi,
Apart from doing the XML file configuration, you would need to add the custom attributes to the UME.
Kindly read the following link for the same:
http://help.sap.com/saphelp_nw70/helpdata/EN/44/0316d50bbe025ce10000000a1553f7/frameset.htm
Thanks,
GLM
Maybe you are looking for
-
- My computer does not communicate with icloud
-
Apple's New Remote with PowerBooks?
Hello, I really love the new remote from Apple for their iMac. But, can I use the remote and the new software to control my PowerBook? I would love to control my iTunes on my computer while sitting across the room. Thanks! Michael
-
How to use accessible highlighting in HTML?
I developing HTML5 web app and have a case when some parts of sentence should be highlighted. For example, "Your search for blac was adjusted to black". In markup i have something like that: <span> You search for <b>blac</b> was adjusted to <b>black<
-
Hi! Does anybody know which packages to install and how to install JAI (java advanced imaging) documentation on Netbeans? The idea is to have the information about the methods while programming on Netbeans, as it happens with standard JAVA. Thanks
-
Hi I edited some Idocs and reprocessed them after editing. Is there any way we can find after reprocessing what changes were made to Idoc. Also another Idoc is showing an error, example company code does not exist.But the segments are not in red. Usu