Impossible to create LDAP SYNC user on CUCM with Prime Collab Provisioning

Similar Messages

• After Effects (alert) : Impossible to create the file '/Users/JY/Library/Preferences/Adobe/After Effects/13.0/dummy'.

  Hello everybodyI have few problems.
  1. when I try to launch after effects (juste after the installation), I have this message and I don't know how to fix it 
  After Effects (alert) : Impossible to create the file '/Users/JY/Library/Preferences/Adobe/After Effects/13.0/dummy'.
  2 I just dowload AE CC 2014 fort the first time and It say to me The trial version is over....
  thank you

  if your trial is over, it's over.  there's no easy way to re-start a 30 day trial even if it ends before 30 days, Adobe trial software expired early
  if you only had problem 1, you could probably resolve it by right clicking ae and clicking 'run as administrator'.

• Ldap Sync: User is not able to create in Active Directory through OIM

  Hi ,
  I have enabled the ldap sync between OIM and Active Directory.
  Option 1: with password
  While creating the new user in OIM , I am getting the below error .
  80eeb34d89d5ed80:18bc05bb:1403be9d7e6:-8000-000000000008f710,0] [APP: oim#11.1.2.0.0] Could not modify entry.[[
  javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
  remaining name 'cn=ADTESTLDAp10F ADTESTLDAp10LL,cn=Users,dc=cgtest,dc=adtest,dc=com'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
    at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1458)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
    at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
    at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.modify(ConnectionHandle.java:301)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.modify(BackendJNDI.java:781)
  [2013-08-04T17:06:58.840-07:00] [oim_server1] [ERROR] [OVD-60600] [oracle.ods.virtualization.engine.util.ADUtilities] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 80eeb34d89d5ed80:18bc05bb:1403be9d7e6:-8000-000000000008f710,0] [APP: oim#11.1.2.0.0] Cannot set password : LDAP Error 53 : [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0[[
  Looks like password is not able to set properly. But I am able to create the same user in AD using the same password.
  Option 1: without password
  Another testing, I have also tried to create user without password.  There is no error coming to log file. and I am able to see the below message in log file
  oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPreProcessHandler] [APP: oim#11.1.2.0.0] [SRC_METHOD: createUser] User created in LDAP with GUID 9dc8f6f4b8564216a5d75d86f7cad0a2
  But user is not created in AD . this is another issue.
  Thanks,
  Amit

  Thanks for your reply.
  I have seen sample xml and my target looks the same
  <wlserver dir="${weblogic.domain.dir}"
                           port="${weblogic.domain.admin.server.port}"
                           servername="${weblogic.domain.admin.server.name}"
                           username="${weblogic.domain.admin.user}"
                           domainname="${weblogic.domain.name}"
                           password="${weblogic.domain.admin.password}"
                           configFile="config.xml"
                           generateConfig="true"
                           action="start"
                           beahome="${env.BEA_HOME}"/>
  my requirement is to use ant task.. otherwise I am able to create through configuration wizard
  Thanks

• [CUC] Convert Subscriber from AXL CCM User to LDAP Sync User

  I want to know if it's supported, and if so, how, to convert from AXL to LDAP when talking about subscribers in Unity Connection.
  I have found this post, which asks the question, but does not actually "convert", as it requires deleting and re-creating.
  https://supportforums.cisco.com/message/4044114#4044114
  I want to know about a true conversion.  As you do when you go from a local CUC subscriber to an LDAP Synced subscriber.
  I have tried using the store procedure: csp_subscribermodify, supplying the following params: pobjectid = the object id, palias = my AD user ID, pldapccmuserid = my AD user ID, pldaptype = 3, pccmid = null, and pccmidtype = 0.
  While the stored procedure looks like it worked, the web page for the subscriber looks a bit odd.  The alias changed, and the ldap sync status changes, but the normally greyed out fields, like alias, are still editible.  Also, none of the other LDAP attributes sync.  So, I'm convinced it didn't actually work.
  What am I missing to make this work?  Thanks.
  PS Jeff, if you see this, I enjoy your training videos.  "Easy Peasy!"
  Anthony Holloway

  Hi Anthony-
  Check out my answer to this thread:
  https://supportforums.cisco.com/message/3963782#3963782
  Please remember to rate helpful responses and identify helpful or correct answers.

• Netweaver UME and LDAP sync ( user data)

  Hi Experts,
     We have a requirement to support the offiline availability for one of the netweaver servers in the landscape . We are planning to integrate all the java netwevaer systems with LDAP and is there any possibility to sync all the user data including password to the netweaver UME in case of LDAP not available. So, users can do some tasks in offline mode with LDAP .
  Any information regarding would be greatly appreciated.

  This tool looks interesting, and might be useful to Rao, but it would need some improvements to make it secure. I suggest using cryptographically secured session between the domain controller and the SAP system so that password changes can be send to SAP, and then captured by an RFC function module, and written into SAP user store. Since RFCs in SAP can be secured using SNC, and AD uses Kerberos, it would be good/easy to use Kerberos to secure the session between the DC and SAP ABAP when passing the password over the network. Then, the J2EE engine can be configured to use ABAP as the user store via UME. The end result is that Active Directory can be used to authenticate to SAP, and if AD is not available, or wide area network is not available the ABAP/UME password can be used locally.
  One issue worth considering, is what happens when there is no network connection from the domain controller to the SAP system ? The software would have to queue the request so that when network connection is back, the password change is pushed to SAP system, and then the two password stores will be in sync at all times. Without this queuing system there is a chance the password will get out of sync.
  Obviously, a lot of work to do in order to make this work, especially if you want it to work securely and reliably. However, it has some possibilities.
  Take care,
  Tim

• LDAP Sync causes fields in DEV_OIM.SVP to be plain text

  In OAM 11g , there is the OIM console. In there you can create users, organizations, roles, etc... When a user is created in the OIM console in 11g, that user is visible in the OID directory via ODSM.
  If I create a user in OID via ODSM, the reverse in not true. That user is not visible within the OIM console whereas in OAM 10.1.4.3 a user created in OID was visible in the Identity Server.
  I realize there is no "Identity Server" in 11g, but there is OIM which seems to serve a similar purpose (i.e. creation/modificaiton of users, etc).
  We have been told to use LDAP Sync. The problem with LDAP Sync is that when we have executed LDAP Sync steps and have tried to follow the steps outlined in Note: 1272682.1, the fields entered are no longer encrypted -- includes password, url, etc. This then causes an issue with modifying IT resources and the ability to create users in OIM.
  My question is simply if we change or add a user in our OID directory (or AD or other ldap directory), how do we make it visible in OIM? Has anyone had the issue with LDAP Sync not encrypting the values entered? If so, how did you get past this? I believe the steps in Note: 1272682.1 are probably correct but if the values entered during LDAP Sync are not encrypted, then the synchronization will not complete properly and subsequently any users created in OID will not appear in OIM.
  installed components:
  OS: RHEL 5.5 with 64bit Intel
  DBS: 11gR2 (11.2.0.1)
  RCU: 11.1.1.3.3
  IDM: 11.1.1.3
  SOA: 11.1.1.3
  WLS: 10.3.3
  IDAM: 11.1.1.3

  This has been answered in:
  Re: System error occured when trying to edit IT Resource in OIM 11g Console

• Force Resync of Users between CUCM & CUPS

  On my CUPS server, I've got some users who were deleted from CUCM, but the deletion has not propagated to CUPS.
  There's no "Delete" function for a user in CUPS admin.
  I tried a SQL DELETE at the CLI, but that failed.
  I re-created it on CUCM and then re-deleted it, but the re-created one didn't even sync any details (Probably because the PKIDs were different)
  I manually re-created the user in CUCM with the same PKID as CUPS. I then deleted this from CUCM, but it still didn't delete from CUPS.
  I've tried rebooting the CUPS server.
  None of the above worked
  How can I force CUPS to re-sync its list of users from CUCM? (This is on CUPS/CUCM 9.1)
  Thanks,
  GTG

  Hi Gordon
  Do you mean end user listed on End User page of both CUCM and Presence.
  If yes try to go to System --> CUCM Publisher on CUPS Admin Page and see if there all is ok.
  The propagation should be immediate.
  Let me know
  Regards
  Carlo

• How to Sync User attributes between local forests?

  Hi
  We are currently migrating three AD domains to one.
  We are migrating users and distrubution groups with ADMT to the new domain, and stating to move services to the new domain. starting with sharepoint.
  But for some time, some services will remain in the three old domains. To avoid maintaining user attributes like phonenumber, address etc multiple places, I would like to schedule a sync of some user attributes from the old domains to the
  new.
  Just like DirSync between a local directory to office 365 - but how is it done with local domains and not with office365?
  So if a helpdesk user is updating a users phonenumber i one of the three old AD, it should be synced to the new domain after. I would like to run this as a schedule task every 15 minute or so.
  ADMT is like a one time migrating tool to create the users in the new domain, but I can't see that it will support user attribute
  synchronisation.
  Do you have any suggention on how I can solve this task?
  Best Regards, Steffen. 

  ADMT is like a one time migrating tool to create the users in the new domain, but I can't see that it will support user attribute
  synchronisation.
  I am not sure about the schedule task and if it is available to use in this scenario or not. You have two different security boundaries, so it is not easy as setting up a scheduled task to sync data. Even if it is possible, it would be very hard to established.
  For selected users you have to define what to sync and what not to sync and etc.
  I believe on of the things you can do is to use FIM 2010 in order to have a synchronized directory. That is the best thing you can do AFAIK.
  Sync Users between domains with Forefront 2010
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or
  to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.

• Transformation during LDAP Sync reconciliation in OIM 11g

  Does anyone know if the use of transformations is supported in LDAP Sync reconciliation in OIM 11g?
  The reconciliation of LDAP User records is defined in /db/LDAPUser in the OIM metadata. The default version of this file has entries to specify OneToOne transformations, e.g.
  <Transformation name="OneToOne">
  <Parameter name="givenname" fieldname="givenname"/>
  </Transformation>
  For one of my attributes I wish to perform a custom transformation, and have implemented a transformation method as a GC provider (i.e. developed a Java class implementing the TransformationProvider interface and defined this Transformation in an xml file in the metadata path /db/GTC/ProviderDefinitions. I have uploaded a new version of LDAPUser that references my custom transformation provider for one of the LDAP attributes.
  When I try and perform an LDAP Sync user reconciliation, my custom class does not seem to be getting called when I generate a reconciliation event for the affected attribute. I also do not see any logs indicating a failure to load my provider. I have also turned up all the relevant log levels I can identify, and can see no record of OIM doing anything related to transformationat all (e.g. even calling the standard OneToOne transformation provider).
  I am suspicious that although LDAPUser has transformation entries, this may be misleading and transformation is not being performed at all for LDAP Sync.
  Does anyone else have experience of using transformation providers during LDAP Sync reconciliation?

  Thanks for your reply Nishith
  I need some suggestion from you.I have installed OID 11.1.1.6.0 and OIAM 11G R2(not configured ).
  while performing the OIM configuration can I use Enable Ldap sync or I need to finish the OIM configuration first and then do the ldap sync.
  Regards
  sri

• Lobby admin cannot create the guest User

  Impossible to create a guest user with the same name sa previously "the user already exist". Although the validity of the account has expired.
  Even if the user does not appaer on the list of the user who still access the wlan, but the same user still have access to the network.
  WLC2112, soft version: 7.0.98.
  in advance THX.
  cheers.

  Just to verify.. please do tha testing..
  1>> Create a new user Lobby Admin account..
  2>> Create a new local net user for life time 2 minutes.
  3>> Check on the WLC if the user exists.
  4>> Wait for 2 minutes till the user expires.
  5>> AT the time the user gets deleted, create the same usename from the Lobby admin account that you have created in the First step and see if we see any problem.
  I just recreated the same and its working fine for me..
  Lemme me know how this works out for you!!
  Regards
  Surendra

• Problems creating a new user in SAP EP 6.0

  Good mornig for all.
  We have a problem when in SAP EP 6.0 I try to create a new user.
  I am connected how superuser and this one has all authorities.
  When I input all fields to create a new user system response with "could not create user".
  I see logs fields in support frame and not found nothing.
  Can anyone help us please?.
  Thanks and best regards.
  Julián.

  Hi,
  If you configured portal with ABAP, just follow below steps, issue will be resolve
  In case of ABAP+ Java stack; you should follow below steps:
  1. Open Config tool:
  C:\usr\sap\<SYSTEM ID>\JCxx\j2ee\configtool --> configtool.bat
  Example: C:\usr\sap\Y76\JC03\j2ee\configtool --> configtool.bat
  2. In Config tool: cluster-data>Global Server configuration>services--> com.sap.security.core.ume.service
  3. set the values for below ume properties:
  ume.persistance.data_source_configuration = dataSourceConfiguration_abap.xml
  r3.connection.master.ashost = <backend system hostname>(ex: ls4079.wdf.sap.corp)
  r3.connection.master.client = <enter clint number> (ex: 000)
  r3.connection.master.sysnr = <system number>(ex: 09)
  r3.connection.master.user = <comuser>(the sapjsf or communication user which we created in backend system)
  r3.connection.master.password = <enter comuser password> ((it is the password of the comuser which is in the backend system)
  ume.login.guest_user.uniqueids = <J2EE_GUEST>
  login.ticket_portalid = yes (If administrator id length is more than 12 charcters ex: administrator)
  : No (If administrator id length is less than 12 charcters ex: j2ee_admin)
  Notes:
  Creating users
  J2EE_ADMIN,J2EE_GUEST and communication user(called as comuser).
  User Name: -
  User Type:
  J2EE_ADMIN -
  Diallog user
  J2EE_GUEST -
  Diallog user
  COMUSER -
  Communication user
  NOTE 2:
  User Name: -
  Roles
  J2EE_ADMIN -
  SAP_BC_AI_ADMIN
  J2EE_GUEST -
  SAP_J2EE_GUEST
  COMUSER -
  SAP_BC_JSF_COMMUNICATION;SAP_BC_JSF_COMMUNICATION_RO
  I think it is more helpfull for you; Please let me know if you have any doubts on this.
  Thansk,
  Nagaraju Parlapalli

• Create logon for users to see the application only?

  Hello,
  I just built my application and I want to create a logon for only the user to see the application. I created a new user under Admin with no developer and administrator priveleges. I logout and when I logon as the new user, there is nothing on that page. How do I link the application that I built from developer logon to the new user's logon page. Basically, I want to logon as the new user and just see the application that was built. Any help would be appreciated.

  Dung,
  To run the application, do not use the URL that takes you to the Application Builder. Start a new browser session and use a URL like http://host:port/pls/DAD/f?p=5000:1, where 5000 is your application's ID (example only) and page 1 is the page to display after login. Your application will probably have the default HTML DB authentication scheme so that you'll see a login page first, then go to page 1 after authentication.
  Scott

• CUCM 8.6.2 LDAP User Delete Pending LDAP Sync Status Inactive

  BE6K ver 8.6.2
  Client has a user who recently got married.  They changed her account information in Active Directtory to reflect her new last name. At that point CUCM shows her as
  Delete Pending
  LDAP Sync Status Inactive
  CUC shows
  LDAP User has been deleted.
  The user still exists in both CUC and CUCM and is actively takign and receiving calls.  User has VM access.
  Shorrt of deleting the user in AD and recreating her, is there a way to force this to re-sync?
  Thanks
  Matt

  Then that's expected to happen, for all purposes to CUCM/CUC eyes, msmith no longer exists and will be deleted, and a new user mjones now will be imported.
  Depending on when the change was done and when CUCM detected this, it might take up to 48 hours maximum to delete the user
  You'll need to associate everything to the new user, and also add that new user into CUC.
  Or switch back her userID to the old one, and just change the surname for directory purposes.
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• Adding phones and users with bat and LDAP sync

  What are the various ways of importing users with phones when the Communications Manager 9.0 is sync'd with LDAP.  Also, what method is the easiest and fastest?
  For example, I could do the following steps:
  Sync CUCM with LDAP to import new users, add phones using bat files, manually update users to associate devices etc
  I believe I should also be able to do the above method and use a bat file to update the users to associate devices etc.  This method still involves 2 steps and the creation of 2 seperate bat files.
  In CUCM version 9 it is possible to have local and LDAP users, so is it possible to add the phones and users using the phones/users tab of the bat file and have them beocme LDAP users?
  Thank you,
  Danny

  #1 Remove this embedded CSS code from your HTML document(s).  You don't need it.
  body {
      background-color: #CCC;
  body,td,th {
      color: #FFF;
      font-size: 14px;
  #2 Open  PW.css file and add this to the top:
  body {
  font-family: Arial, Helvetica, sans-serif;
  font-size: 14px;
  background-color: #CADFEB;
  /**or insert a background-image using the CSS editor**/
  #3 Remove font-family and font-size from all your other CSS selectors.  You don't need to duplicate styles on every element. 
  #4 Replace this:
  #content {
      position:absolute;
      left:199px;
      top:10px;
      width:860px;
      z-index:1;
      right: auto;
      background-color: #FFF;
      text-align: center;
      color: #000;
      height: auto;
  with this:
  #content {
       width:860px;
       margin: 20px auto;
       border: 4px solid silver;
       background-color: #FFF;
       text-align: center;
       color: #000;
       -moz-box-shadow: 5px 5px 5px #888;
       -webkit-box-shadow: 5px 5px 5px #888;
       box-shadow: 5px 5px 5px #888;
  #5 Save your PW.css file and upload to server.
  Nancy O.
  Alt-Web Design & Publishing
  Web | Graphics | Print | Media  Specialists 
  http://alt-web.com/
  http://twitter.com/altweb

• LDAP Sync - Syncing users from OID

  We have an instance running the IAM/IDM Suite 11.1.1.5. We have enabled LDAP Sync successfully between OIM and OID. In terms of LDAP Sync functionality, I was wondering whether users in OID can be created in OIM upon a sync. I know updates and deletes in OID can be reflected in OIM. What about creates?
  For example, we have a new OIM instance deployed with no users. We have LDAP Sync enabled to an OID instance with users populatd in the LDAP-configured OU. Assuming all attributes are mapped correctly, can OIM bring these users in through the LDAP Sync?

  If you look at the xml file for LDAPUser, the recon action rules at the bottom, it contains a rule to create when a user is not found. So when you perform the LDAP Sync recon, so long as the changelog picks up the full list of user attributes on creation by a user not in the modifydnfilter, then you will get a new oim user.
  -Kevin