Integrating 10g and MS Active Directory for user authentication

Similar Messages

• Oracle Discoverer 10G and mapping Active Directory to use SSO/OID

  Could anybody point me please to the right direction?
  1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
  2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
  Thanks you in advance

  Hi Randy;
  As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
  Regard
  Helios

• Adding a listener to Active directory for user creation using Java

  Hi,
  I would like to add a listener to active directory such that when a user is created to the "Users" container, I should be notified or informed. I would like to do this with Java. What should I do ?
  Regards,
  Anand Kumar D

  You should add a NamingListener or a NamespaceChangedListener.

• LEAP - ACS Authen. against active directory for users of another domain

  We installed ACS 3.0 on W2000 server, member of a domain. When we tried
  to authenticate users from another domain, but it failed.
  We achieved to find out the problem. First, the server tries to find the PDC of the other domain (DNS request : _ldap._tcp.pdc._msdcs.domain). The DNS
  server answer with the full name and IP address. But afterwards, instead of using the DNS answer, the server make a new request with the PCD name
  and appending its own domain. The DNS request fails, and the user is not authenticated. A workaround consists in chaging the DNS search-list for the server, but I'm intersted if anyone had a better solution, or if the new release (ACS 3.1) solves this issue.

  Your case looks similair to this bug CSCdy18833, the bug has a work around also check it out.

• User login report in Active Directory for specific date and time

  I want to get User login report in Active Directory for specific date and time e.g user logged in at15-01-2015 from 8:00am to 4:00pm
  Is any query, script or any tool available?
  Waiting for reply please

  You can identify the last logon date and time using my script here: https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771
  If you would like to get back in time and see when the user did a logon / logoff then you need to have auditing enabled. Once done, you can records from Security log in the event viewer: https://social.technet.microsoft.com/Forums/windowsserver/en-US/98cbecb0-d23d-479d-aa65-07e3e214e2c7/manage-active-directory-users-logon-logoff-events
  I have started a Wiki about how to track logon / logoff and it can help too: http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Integration of sap R/3 (4.7) and Microsoft active directory (2003)

  Hi All,
  I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
  Pls help me with this issue.
  Thanks in advance,
  Regards,
  Raghav.

  Hi,
  First You should read:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
  Regards,
  Jarek

• Use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature?

  Dear all,
  I am looking to setup the use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature. We SSO to the backened ABAP AS via an SAP NW Portal to which SPNEgo kerberos authentication is setup. Today we specify R3 user id/password to digitally approvae a lot release. The idea is to have users maintain one AD password and don't have to remember the R/3 password anymore and also our Security team to avoid password maintenance.
  I know there are 3 options for digital signature and
  System signature with authorization by user ID and password (We use this currently)
  Digital User signature with verification - (We would like to use this with AD userid/password, so the system still ask the users their AD userid/password for the authentication when they try to "sign" a document.)
  User signature without verification
  Do you think there is a way to configure the system in order to ask and check the active directory userid/password instead of SAP R/3 password? Where can I found documentation about it ?
  I have several different versions of AS ABAP starting from NW 7.02 to NW 7.31.
  My active directory is based on Windows 2008.
  Thanks in advance!!
  Dhee

  Actually enabling Kerberos for SSO purposes and enabling Kerberos for digital signatures are two different topics although the latter is because of the former. I'm interested in the topic as well and I'm currently looking at different options. SAP provides a BAdI for the digital signature API which can be used for external authentication but they do not provide the solution to invoke Kerberos authentication based on username and password. SAP provides a semi solution with NWSSO 2.0 SP2 which works only on Windows with classic dynpros meaning SAP GUI for Windows is assumed. The solution is based on an ActiveX component which does the actual Kerberos authentication using the Secure Login Client which is part of the NWSSO suite. Extending that implementation to non-Windows and non-GUI applications would require some sort of web enabled service that could be used to authenticate the user with username and password. In case authentication is successful, a Kerberos token would be returned to SAP which would then be validated. All the required pieces are there since SAP has Kerberos support now in both stacks of the NetWeaver Application Server, some bits are still missing though which leaves customers looking at 3rd party or custom solutions.

• Impact on roaming profile accounts if we Change User logon Name to Employee Number format in Active Directory for all User accounts

  I want to understand if we change User logon Name to Employee Number format in Active Directory for all User accounts, then what would be the impact on existing profile. Whether we need to change it manualy or it will connect to same profiles in terminal
  session.
  As i observed it create new profile after logon name changed to employee number where existing users profile settings get fails to load and prompt for new settings (such as outlook reconfiguration, share drive mapping etc.).
  Kindly let me know the proper process to overcome with this, how to connect same existing roaming profile with employee number format change.

  Hi,
  What if we change the user name of user account, will it have impact on roaming profiles.
  Yes, it will affect roaming profiles. Please rename the roaming profile folder as the new user account name, in addition, change the profile path in ADUC.
  Here is an related article below for you:
  How to Rename a Windows 7 User Account and Related Profile Folder
  http://social.technet.microsoft.com/wiki/contents/articles/19834.how-to-rename-a-windows-7-user-account-and-related-profile-folder.aspx
  Best Regards,
  Amy

• User base Synchronization between SAP and MS Active Directory Server

  Dear all!
  I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
  i successfully implemented the synchronization of user data between SAP and the ADS.
  My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
  Currently I don't have a clue how to do this.
  Regards,
  Christoph

  Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
  The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
  Regards,
  Marc g

• SCCM report to show last logged on user and the Active Directory department attribute of that user.

  I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.

  You problem is here.
  right
  join v_R_User USR on USR.ResourceID
  = CS.ResourceID
  USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
  end up with unreliable results.
  Anyways you need to make these changes to your query.
  left
  join v_R_User USR on USR.Unique_User_Name0
  = CS.UserName0
  http://www.enhansoft.com/

• Oracle Linux and Windows Active Directory

  I am looking for a good article on joining an Oracle Linux server to a Windows Active directory domain.
  We are primarily a Windows shop but need to bring up a couple of Oracle Linux servers (VM Server and VM Manager). I would like to use the existing Windows domain controller for user authentication.

  I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
  Perhaps the following links are useful:
  http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
  http://www.linuxmail.info/active-directory-integration-samba-centos-5/
  http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

• Integrating Oracle Portal & Microsoft Active Directory

  Dear friends
  I Integrated Oracle Portal & Microsoft Active Directory without any error or problems but it just integrate the users under Users Container in active directory, I have some OU,Groups and policies and I categorized my users under them, so when I run "sh oidspadi.sh" and set "cn=...." with other values except "Users" it can not add all of the users under specific groups or policies.
  Please let me know how can I add all of my users in active directory to OID?
  Thanks
  Babak Saraie

  I'm not familiar with iPlanet, but if it can allow basic
  authentication and connect to AD, it should be possible to do what
  you want.
  Personally, I would rather that the browser did not
  automatically log me in. For example, if someone was having
  problems with their "view" on the intranet web site, if they
  visited your office, you would have to log off, let them log on
  (and wait while their profile was created) just to let them open a
  browser.
  Is it really asking too much for them to enter their
  username/password into a browser prompt once each day? Heck, most
  browsers will remember usernames and passwords so you don't have to
  type it. You just click OK.
  That's just my perspective.
  M!ke

• Sharepoint 2013 - Active Directory Import User Profile Property manager fields

  Hi there,
  I juste encountered actually a little issue regarding the Active Directory Import User Profil.
  Importation seems to work well but I have a little problem regarding the Manager field.
  When I verify a user profil through the sharepoint admin page ("Manage user profil") , I can see the manager field is correctly populated, but if I want to check my profil as a user (personal information), the manager field is not visible.
  With Sharepoint Admin and Manage Profil Properties, I haven't the possibility to modify some settings for the manager.
  For example, Policy parameters is greyed.
  The only way I found to show this field in a user profil is to give the permission "allow users to Edit values ...".... setting I don't want to set.
  Have you already this sort of issue ?
  Thanks for your help/idea.

  Hi Michael,
  I don't remember well what I did exactly regarding this issue because I played a lot with user profil.
  I know I used this powershell script from Sheyia which in fact help me a lot to clean and create a good profil setting.
  http://blogs.technet.com/b/sheyia/archive/2013/10/09/sharepoint-2013-another-way-to-change-order-for-user-profile-properties-via-powershell.aspx
  For example, this script help me to resolve some double entries.
  Let-me know if it help you (or not of course)

• WLS6.0 sp1 and MS Active Directory

  Hi,
  Is it possible to configure WLS' LDAP security realm to use MS' Active
  Directory to authenticate users? A quick yes or no would be appreciated -
  I'll worry about the finer details of how later!!
  Regards
  Laura Allen

  Custom realm of course with the weblogic....ldaprealmv2.LDAPRealm
  implementation class.
  We did not use Kerberos authentication - just the plain password
  authentication in "cleartext". Our servers are inside a secure data center -
  no encryption required. That's why we did not need jdk1.4.
  "Marc Carrion" <[email protected]> wrote in message
  news:[email protected]...
  >
  Are you telling that you configured the ldap realm of WL to use activedirectory?
  or you used your custom realm?
  To use the authentication with Kerberos you need to use GSS-API and it'snot
  included in jdk1.3 neither in jaas, that's why I needed to use jdk1.4
  Can you explain how did you do that?
  Thanks,
  Marc
  "Roy Cornell" <[email protected]> wrote:
  Hi Laura:
  No, BEA did not confirm the compatibility. We did our own investigation
  and
  found that the two systems work well together. One of the highlights
  of the
  research was the fact that the configuration of the WLS custom realm
  for
  Active Directory was more similar to Netscape Directory or Open LDAP
  than to
  the MS Site Server.
  I am attaching the sample settings for the LDAP realm:
  server.host=<some-ip-or-name>
  server.principal=CN=wlsadmin001,OU=WLSMEMBERS1,DC=company,DC=com
  user.filter=(&(cn=%u)(objectclass=user))
  user.dn=OU=WLSMEMBERS1,DC=company,DC=com
  group.filter=(&(cn=%g)(objectclass=group))
  group.dn=OU=WLSGROUPS1,DC=company,DC=com
  membership.filter=(&(member=%M)(objectclass=group))
  We used the AD for authenticating the users and for authorizing the EJB
  methods. AD contained the users and their security roles and the
  deployment
  descriptiors of the EJB's contained the permissions for the security
  roles.
  We ran repeated tests and were more or less satisfied.
  Regards
  P.S.
  we used WLS 6.1 Jdk 1.3
  ----- Original Message -----
  Sent: Tuesday, September 18, 2001 5:40 AM
  Subject: WLS6.0 and Active Directory
  Forgive me contacting you directly, but did you recieve a reply fromBEA
  as
  to whether WLS supports interaction with Active Driectory? And wereyou
  attempting to use Active Directory just for user authentication? Anyinfo
  on how WLS and Active Directory interact would be appreciated!
  Regards
  Laura Allen
  The information in this e-mail and any attached files is confidential.It
  is intended solely for the use of the addressee. Any unauthorised
  disclosure or use is prohibited. If you are not the intended
  recipient
  of
  the message, please notify the sender immediately and do not disclosethe
  contents to any other person, use it for any purpose, or store or copythe
  information in any medium. The views of the author may not necessarily
  reflect those of the Company.
  "Laura Allen" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  Is it possible to configure WLS' LDAP security realm to use MS' Active
  Directory to authenticate users? A quick yes or no would be
  appreciated
  I'll worry about the finer details of how later!!
  Regards
  Laura Allen

• OID and MS Active Directory  LDAP information Synchronization

  Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?

  Hi, I have the same question.
  Thanks,
  Malin