Idm with LDAP as repository

Hi,
Does idm supports as LDAP as repostiory ??
Regards,
madhusrinivas

That is logical also. since IDM does so many read write operations if we start using LDAP for that it will be very slow as write operation in any hiererchical database is slow.

Similar Messages

  • Expert pls help: Sun IDM with ldap active sync

    Hi all,
    Currently i am configuring Sun IDM 6.0 SP1 to active sync with Sun directory server. I have enabled Retro Change Log but yet i cant find my changeNumber in directory server. Could anyone show me a way (search?) to get what changeNumber directory server currently running?

    Check the account used by IDM to access DS can search cn=changelog branch. If he is not Directory Manager, you probably need to set an ACI on that branch.
    HTH

  • Sun Idm with LDAP failover

    Hi All,
    Not sure if anyone encountered this issue.
    I m using Sun Idm version 7.1 and sun one directory server 5.2 as corp ldap. I want to configure failover for ldap. I have setup master-master replication between ldaps. Now in idm on resource configuration page for ldap, I specified url of failover server. I brought down current ldap server and checked the connection. It shows successful because it picked failover one.
    Now, after this stage I am not able to create/modify accounts on ldap (now running on failover) and its giving me the error "javax.naming.NameNotFoundException. [LDAP error code 32- No such object]"
    Any suggestions, please provide.

    Hi
    Came across this issue myself (just now) and fixed it so thought I'd comment. I appreciate this post is quite old now but this might help anyone else who has this issue.
    We are using IDM 8.1 and have 2 DSEE 6.3 instances - one master and one replica. In the help description for Failover Server on the LDAP resource configuration page it says:
    "List all servers in the form of "ldap://ldap.example.com:389/o=LdapFailover" which follows the standard LDAP v3 URLs described in RFC 2255. Only the host, port, and dn parts of the URL are relevant in this setting."
    We originally listed our second server as above and included the "/o=LdapFailover" bit on the end and we got the same error. We removed the "/o=LdapFailover" and just left "ldap://<host>:<port>" there and it all works.
    Hope this helps someone.

  • IDM with SQL server Error: Cannot find columns for the table...

    Hi all,
    I am Configuring IDM with SQL Server repository and ran into this error.
    'Cannot find columns for the table 'object'
    .....jdbc...[SQL Server]Invalid object name 'object'
    Can anybody please help me!!
    G

    Yes, permissions are very important. I ran into a similar problem because I didn't have the correct permissions. Make sure the user has the following permissions:
    CREATE ANY TABLE
    ALTER ANY TABLE
    DROP ANY TABLE
    CREATE ANY PROCEDURE
    EXECUTE ANY PROCEDURE
    DROP ANY PROCEDURE
    Also, make sure there is enough space in the default tablespace of that user.
    HTH
    ~Suvesh

  • IdM SPE Ldap SSL operations hang

    Hi all,
    We're having a problem with IdM SPE hanging while doing LDAP operations over SSL. Has anyone encountered this before? We're under a tight deadline and any inputs/suggestions would automatically make the contributor my hero.
    Description:
    Our application is hanging when we try to use SPE's APIs to add some users to an LDAPS resource. We see these connections being logged in the LDAP logs, however binding never occurs. Instead these LDAP connections from SPE seem to sit until timeout.
    Environment:
    IdM 6.0 SPE SP1
    AIX 5.2
    J2RE 1.4.2 IBM AIX SP7
    BEA WebLogic 8.1 SP5
    SunOne Directory Server 5.2
    Evaluation:
    After a long period of time we see the following exception in our application logs:
    javax.naming.CommunicationException: Request: 1 cancelled
            at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java(Inlined Compiled Code))
            at com.sun.jndi.ldap.Connection.readReply(Connection.java(Compiled Code))
            at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:357)
            at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:210)
            at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2657)
            at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:307)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190)What we noticed is that LDAP connection (no SSL) seem to be okay. We have verified that connections can be made from our app server box to our LDAP server on the ssl port. We've also created a simple java servlet that makes LDAPS using JNDI and put this in the same container as IdM and this seems to connect okay as well. This seems to indicate that the hanging is not a SSL issue but an SPE one.
    We do notice from examining the LDAP logs that the same connections are being used over and over. This is expected connection pooling behavior, but could this be an issue if we switch our connection from LDAP to LDAPs? Does the pool not get purged when we switch on SSL?

    Updated findings:
    We were able to duplicate this on a windows sand box environment. Again it breaks when SPE tries to do an LDAPS operation. Here's what we figured out so far.
    a.) Definately not a certificate issue
    b.) Almost definately not a JDK/JCE/JSSE issue
    c.) Definately not an LDAP issue
    d.) Not an IdM 6.0 issue (Can provision users from IdM console)
    e.) Not a connection pooling issue (Turned off pooling and it still hung)
    f.) Not a network issue.
    It seems at this stage that the problem stems from SPE, has anyone ever gotten SPE to work with LDAP over ssl? Any suggestions?

  • Declarative ADF Security with LDAP provider other than OID possible  ?

    All samples I found regarding declarative security in ADF are done with an .xml repository or mention the possible use of OID as such repository.
    Thing is that client will not have OID but other LDAP v3 compilant provider.
    In this scenario is it possible to use the ADF Declarative Security or should we have to implement a custom module for the interaction ?
    Thanks,
    Claudio.

    You are right, in this article:
    http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
    says:
    In Oracle Containers for J2EE 10.1.3, users can also be defined in 3rd party LDAP servers.
    However it doesn't give any concrete sample.
    Question is: can I say the client that we can develop based on .xml or OID and then change to other 3rd party LDAP server without changing code ?
    Thanks,
    Claudio.

  • Push User account from IDM to LDAP

    Hi,
    I need to push the new users created in IDM to LDAP. I created a rule library specifying the attributes that need to bu pushed and am calling that library in create user workflow.
    However, the new user and related attributes are not being pushed to LDAP. Can somebody point out the mistake in my code?
    Here is the Rule Library:
    <Extension>
    <Library>
    <Comments>rule library that contains all rules</Comments>
    <Rule name='RULE_create_LDAP_Acct'>
    <RuleArgument name=''/>
    <block trace='true'>
    <set name='user.accounts[LDAP1].firstname'>
    <ref>firstname</ref>
    </set>
    <set name='user.accounts[LDAP1].lastname'>
    <ref>lastname</ref>
    </set>
    <set name='user.accounts[LDAP1].accountId'>
    <ref>accountId</ref>
    </set>
    <set name='user.accounts[LDAP1].email'>
    <ref>user.waveset.email</ref>
    </set>
    </block>
    </Rule>
    </Library>
    </Extension>
    <MemberObjectGroups>
    <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
    </MemberObjectGroups>
    </Configuration>
    Here is the change i made to provision activity in create user workflow:
    <Activity id='4' name='Provision'>
    <Comments>&#xA; Perform the standard Lighthouse provisioning process.&#xA; </Comments>
    <Action id='0' process='Data Transformation'>
    <Comments>Apply any defined data transformations</Comments>
    <Argument name='ruleName'>
    <ref>transforms.preProvisionRule</ref>
    </Argument>
    <Argument name='formName'>
    <ref>transforms.preProvisionForm</ref>
    </Argument>
    </Action>
    <Action id='1'>
    <expression>
    <cond>
    <eq>
    <ref>sunrise.createResourceAccounts</ref>
    <s>true</s>
    </eq>
    <block>
    <set name='options.targets'>
    <List>
    <String>LDAP1</String>
    </List>
    </set>
    <set name='user.waveset.resources'>
    <filterdup>
    <appendAll>
    <ref>user.waveset.resources</ref>
    <list>
    <s>LDAP1</s>
    </list>
    </appendAll>
    </filterdup>
    </set>
    </block>
    </cond>
    </expression>
    </Action>
    <Action id='2' name='Create LDAP Account'>      
    <rule name='RULE-LIB-xxx:RULE_create_LDAP_Acct'>
    <argument name ='firstname' value='$(firstname)'/>
    <argument name='lastname' value='$(lastname)'/>
    <argument name='email' value='(email)'/>
    </rule>
    </Action>
    Any help is appreciated.
    Thanks,

    Ankush,
    I am having this problem only when trying to assign LDAP to a user through the WF. No problems whatsoever while doing it manually.
    I tried creating a contained users under people and modified identity template accordingly. But no luck..the same Error Code 32.
    I have 3 required attributes in the mapping, cn,sn and uid. The obejct classes i ahve are top,person,organizational person and inetOrgPerson.
    The only modification i made to create user WF is add this action under provision:
    <Action id='2' name='Create LDAP Account'>      
    <rule name='Create LDAP Account'>
    <argument name ='firstname' value='$(firstname)'/>
    <argument name='lastname' value='$(lastname)'/>
    <argument name='email' value='$(email)'/>
    </rule>
    </Action>
    The Rule is as follows:
    <block>
    <set name='user.waveset.accountId'>
    <ref>accountId</ref>
    </set>
    <set name='user.accounts[Lighthouse].accountId'>
    <ref>accountId</ref>
    </set>
    <set name='user.waveset.resources'>
    <filterdup>
    <appendAll>
    <ref>user.waveset.resources</ref>
    <s>LDAP1</s>
    </appendAll>
    </filterdup>
    </set>
    <set name='user.waveset.assignedLhPolicy'>
    <s>LighthouseAccountPolicy</s>
    </set>
    <set name='user.waveset.firstname'>
         <ref>firstname</ref>
    </set>
    <set name='user.waveset.lastname'>
         <ref>lastname</ref>
    </set>
    <!-- <set name='user.waveset.email'>
         <ref>email</ref>
    </set> -->
    <set name='user.waveset.organization'>
    <s>Top</s>
    </set>
    <set name='user.waveset.accounts[LDAP1].created'>
    <s>true</s>
    </set>
    </block>
    </Rule>
    Please let me know if something is wrong with this.
    Thanks,

  • Login Error from Users machine into BO Desktop Applications With LDAP user

    Hi All,
    I am getting a strange error and got stucked.I have searched in the forums and tried every possible thing but the problem remains same.
    I am not able to login into any Client application using LDAP account.
    The setup is:
    Machine 1: Webserver
    Machine 2: CMS and other servers
    Machine 3: Clustered CMS server
    LDAP is implemented and SSL is enabled between Machine 2 and LDAP server.
    Now when i am into Machine2 and try to login into Client application using LDAP it works for me also for Web Application(CMC, Infoview)
    When i am into user machine I am able to login into Client Application (Designer, Desktop Intelligence etc) using enterprise account, but not with LDAP account. However i am able to login to web Application using LDAP account from users machine.
    All the ports are open and can connect to CMS machine and database repository connectivity is also OK.
    One interesting thing i would like to share that if i am login into Infoview using LDAP account and If i go for editing a report it opens Desktop Intelligence for me (LDAP user) and there is a entry in System name when i login into Deski.That entry in system name is CMS Machine name,Port number, full domain, (J2EE Portal) written in last.
    Using this entry in System I can Login using LDAP account but first should do the process (Login to Infoview, Edit The Report) for every user machine.
    Please help me out where i am getting wrong.
    The error with Client application and LDAP user is USR0013. Can not Access the repository.

    My guess would be that client apps don't have access to the SSL directory defined in the LDAP config but the web/app does. When you edit a report it launches deski in 3-tier mode still using the web/app so this isn't surprising behavior. There are SAP notes on this in SMP key words LDAP SSL deski should return  the result. The link to SMP is in the forum sticky at the top of the administration forum.
    Regards,
    Tim

  • Untrusted server cert chain - while connecting with ldap

    Hi All,
    I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
    javax.naming.CommunicationException: hostname:636 [Root exception is ja
    vax.net.ssl.SSLException: untrusted server cert chain]
    javax.naming.CommunicationException: hostname:636. Root exception is j
    avax.net.ssl.SSLException: untrusted server cert chain
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
    275)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
    at java.io.OutputStream.write(Unknown Source)
    at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.<init>(Unknown Source)
    at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
    at Test2.getProxyDirContext(Test2.java:66)
    at Test2.main(Test2.java:40)
    Any help would be appreciated
    Thanks in Advance
    Somu

    This got resolved when in the code the following
    System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
    where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
    in X509 format

  • Problem with LDAP in BEA Portal

    Problem with LDAP in BEA Portal
    I have a list of 50 user which should be cerated in portal staging(devlopment) machine and should be transfered to
    production machine using LDAP
    Steps which i followed to create Users
    1.Create User Profile with 2 parameters branch and Role
    2.I have list user in the Xls file with Username,password ,branch and Role
    3.Write a java File which will read the Xls File
    4.The users are created in the staging machine for the portal
    Steps which i followed in LDAP to tranfer the created User form Devlopment to Production
    1.Export the created user from Devlopment (which was moved as .DAT in my local directory)
    2.import the user from local direcory to production machine
    The Users are imported in the production machine with username and password but the role and branch values are empty
    We need a solution for importing the user with role and branch corresponding to each user.
    Thanks in Adv
    Suresh

    In Portal 8.1, user name and password in stored in LDAP where as user profile values are stored in database. That is the reason you are not able to see the user profile values.
    Check once again whether you can see these values through admin tool. In case,it is not(after confirmation again),you might have to use APIs to do this for you incase you dont want to manage through Admin Tool.
    Thanks,
    Prashanth Bhat.

  • How can I create a universe with the BO repository tables?

    Hi. I need make a universe with the BO repository tables, in order to get user information .
    But, when I try to insert tables in designer, using a new conecction to BO repository. I can't see tables.
    Someone can help me?

    The CMS repository is organized into both physical and virtual tables. Only the CMS can access the virtual tables, therefore you cannot create a universe on the CMS repository. You can access the CMS repository information through the Enterprise SDK.
    https://www.sdn.sap.com/irj/boc/businessobjects-sdklibrary

  • Error in authentication with ldap server with certificate

    Hi,
    i have a problem in authentication with ldap server with certificate.
    here i am using java API to authenticate.
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
    I issued the new certificate which is having the up to 5 years valid time.
    is java will authenticate up to one year only?
    Can any body help on this issue...
    Regards
    Ranga

    sorry i am gettting ythe same error
    javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
    here when i am using the old certificate and changing the system date means i can get the authentication.
    can you tell where we can concentrate and solve the issue..
    where is the issue
    1. need to check with the ldap server only
    2. problem in java code only.
    thanks in advance

  • Problem with users in portal - login conflict with LDAP.

    Hi.
    Let me describe our problem:
    We've a EP5 portal with LDAP conected to a central LDAP server, users access with the same user and password to all the different systems.
    The problem happens to users who have theyr passwords expired. We already set to 0 the password expiration days to avoid future problems but that didn't applied to the already expired ones.
    This affected users cannot change the password due to problems with the connection rights to LDAP server.
    We're trying to find the place there it's set that the user is in some kind of "password expired" status, directly in a database table if neccesary, to change the status manually, as system does not allow os to set it by user administration in portal.
    Any suggestions would be appreciated.

    Restoring expired Portal passwords
    Solved

  • EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

    Hello everyone,
    Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
    Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
    I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
    Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
    However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
    This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
    Here's what happens:
    1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
    2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
    3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
    4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
    5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
    Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
    http://discussions.apple.com/thread.jspa?messageID=5967023
    http://discussions.apple.com/message.jspa?messageID=5982070
    these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
    If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
    Thanks,
    Andrew

    Hard to tell what is happening without looking at the application
    source, knowing what OS & hardware you're using etc. You might want to
    try running with different JVM versions to see if it's actually the VM
    that is the problem. If you have a support contract with BEA you could
    ask support to help you diagnose this.
    Regards,
    /Helena
    Ayub Khan wrote:
    I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
    application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
    seems to happen on loading the machine..the performance progressively gets worse
    and after a couple of seconds, all the threads stop responding. I checked the
    heap, cpu and the idle threads in the execute queue and there is nothing there
    to trigger alarms...there are quite a few idle threads still and the heap and
    the cpu utilization seem OK. On doing a thread dump, Is see that all the other
    threads seem to be in a state where they are waiting for data from LDAP and it
    is basically read only data that they are waiting on.
    Does anyone know what it is going on and help point me in the right direction.
    -Ayub

  • SUN IDM with Windows Vista

    Hello,
    Has anybody tried installing SUN IDM with windows vista
    I tried IDM 7.1 with vista home premium and doesnt seem to work. Curious to know if any body has success with vista
    Awaiting replies
    Thanks,

    What error message are you getting?
    Have you installed Java and an apllication servers as requested?
    1) Set Up a Java Virtual Machine Software Development Kit and Java Compiler
    The application requires a Java compiler and a Java Virtual Machine (JVM) to run the Java classes that perform actions within Identity Manager. Both of these can be found in a Java SDK. Download from or http://java.sun.com/javase/downloads/index_jdk5.jsp *** You should add JAVA_HOME to your list of system environment variables and to your system path. To do this, add JAVA_HOME to your system environment and JAVA_HOME\bin to your path, making sure to list it before any other Java environment variables.
    2) Install Tomcat application server from official http://tomcat.apache.org/ to local hard drive. Configure Tomcat memory requirements and restart. Min: 256k

Maybe you are looking for

  • Help in the query

    hi folks, Help me to build the query here. Tables BKPF - fields belnr, blart        BSEG - fields kunnr,wrbtr, zuonr I need to get the data into a single internal table whose strucutre consists of fields kunnr, blart,wrbtr and zuonr the common field

  • ESB and one-way messaging

    When I create a one-way message (Ie. a message with no response) the esb has to return a message according to the http protocol. However the content type of this is 'application/soap+xml' when i talk SOAP 1.1 to the ESB. As far as I know the content-

  • Why does my iTunes hang every time when using automatic device detect?

    Why does my iTunes hang every time that I connect either of my devices (iTouch-4th Gen, iPod Nano-5th Gen), to my Win 7 (64-bit) PC desktop?  By the way, this does not happen if I open iTunes first, and then connect the device.  So my workaround was

  • PCI 7830R series DAQ card with SCB 68

    Can anybody how to mapp PCI 7830R card with SCB68, which was connected in 0 connector? is thier any VI as an example for this

  • Issue with Exchange email on Bold 9930

    I had my email all set, multiple gmail accounts, a yahoo account, and an Exchange account.  I had some issues and needed to wipe my device.  When I restarted everything, I was able to add back my accounts, but not the Exchange email.  It was SO EASY