Iplanet ldap authentication

In my web application running under Iplanet webserver with LDAP authentication, how would I retrieve the ID of the user currently using my webapp (he's sure to have passed the authentication since he's already insed my app)
Thanks for any info!
Francis

Hi,
if this is a Web based application, then the req.getRemoteUser() should return you the authenticated user. or if it is an application, the getID() method in Attribute or Attributes class should give you the persons ID.
Hope this helps,
Regards,
Sathya Sayee.S

Similar Messages

  • WLST IPlanet LDAP configuration

    Is it possible to configure IPlanet LDAP Authenticator using WLST offline mode ? If so, can any one say how to configure it in offline mode.
    Thanks,
    Gopal

    No this is not supoorted in Offline mode, you should use online WLST.
    Thanks,
    -satya

  • Oracle Portal for LDAP Authentication using Iplanet directory server

    I have oracle portal on solaries machine and Iplanet directory server 5.1 on windows NT,
    Can i user portal user authentication Iplanet LDAP.
    Regards
    srinivas

    Yes You can. You have to provide the necessary info while running the ssoldap.sql.
    Vinodh R.

  • Oracle Portal for LDAP Authentication(Iplanet)

    Oracle portal installed on Solaries machine and LDAP (iplanet) installed on windows NT machine.I am able to take ldif file from portal30 user and add to ldap.( under o=oracle tree)
    Completed all step mentioned in document conf_ldap.pdf as follows
    1. created library pointing to ssoxldap.so in portal30_sso schema
    2. made change to listner.ora and tnsnames.ora file and able tnsping also.
    - tnsping extproc_connection_data
    3. ssoldap.sql also ran in portal30_sso schema with all LDAP information.
    (like ----
    Host: challasv
    Port: 389
    Search Base: cn=Login Server (portal30_sso),o=oracle
    Unique Attribute: cn
    Bind DN: cn=Portal Login
    Bind Password: portal30
    If I am try to login through browser in say Unexpected errors (WWC-41400). Is I am doing any thing wrong.
    Also i am albe run ldapsearch from another machines working fine.user following command
    - ldapsearch -b "cn=Login Server (portal30_sso),o=oracle" -h challasv -p 389 -D "cn=Poral Login" -w portal30 cn=portal30
    my questions is Iplanet(LDAP) can integrate with Portal or any steps missed.
    Please help in this regard,
    Challa

    You may want to use ssoxoid.pkb package that comes with Portal/Login Server 3.0.9 which simplifies the configuration.
    Also, you will not have to run the external procdure listener. Please refer to the Login Server Admin. guide for more details.
    NOTE:
    the 3.0.9.8.0 version of ssoxoid.pkb is not good. You need to download 3.0.9.8.2 patch and get the ssoxoid.pkb file from there.
    Also, you may want to turn on debug for SSO Server to see debug msg.
    DEBUG
    ========
    You need to loginto the Login Server schema and run following commands to see debug msg.
    sqlplus portal30_sso/password
    TO TURN ON DEBUG
    1. Create debug proceure
    CREATE OR replace PROCEDURE debug_print (str VARCHAR2) AS
    PRAGMA autonomous_transaction;
    BEGIN
    INSERT INTO wwsso_log$ VALUES
    (wwsso_log_pk_seq.nextval,
    substr(str, 1, 1000),
    sysdate,
    dbms_session.unique_session_id
    commit;
    END debug_print;
    show errors;
    TO SEE THE DEBUG LOG
    2. Try to login using portal login link
    and see the error msg from the log table
    select msg from wwsso_log$ order by id;
    TO STOP THE DEBUG LOG
    3. Delete the log
    delete from wwsso_log$ ;
    commit;
    4. Turn off debugging
    CREATE OR replace PROCEDURE debug_print (str VARCHAR2)
    AS
    BEGIN
    null;
    END debug_print;
    show errors;

  • ERROR: Ldap Authentication failed for dap during installation of iAS 6.0 SP3

    I am attempting to install ias Enterprise Edition (6.0 SP3) on solaris 2.8 using typical in basesetup. I am trying to install new Directory server as I don't have an existing one.
    During the installation I got the following error.
    ERROR: Ldap Authentication failed for url ldap://hostname:389/o=NetScape Root user id admin (151: Unknown Error)
    Fatal Slapd did not add Directory server information to config Server.
    Warning slapd could'nt populate with ldif file Yes error code 151.
    ERROR:Failure installing iPlanet Directory Server.
    Do you want to continue: ( I entered yes )
    Configuring Administration Server Segmentation fault core dumped.
    Error: Failure installing Netscape Administration Server.
    Do you want to continue:( I responded with yes).
    And during the Extraction I got the following
    ERROR:mple_bind: Can't connect to the LDAP server - No route to host
    ERROR: Unable to connect to LDAP Directory Server
    Hostname: hostname
    Port: 389
    User: cn=Directory Manager
    Password: <password-for-cn=Directory Manager
    Please make sure this Directory Server is currently running.
    You might need to run 'stop-slapd' and then
    'start-slapd' in the Directory Server home directory, in order to restart
    LDAP. When finished, press ENTER to continue, or S to skip this step:
    Start registering Bootstrap EJB...
    javax.naming.NameNotFoundException
    at java.lang.Throwable.fillInStackTrace(Native Method)
    at java.lang.Throwable.fillInStackTrace(Compiled Code)
    at java.lang.Throwable.<init>(Compiled Code)
    at java.lang.Exception.<init>(Compiled > Code)
    at javax.naming.NamingException.<init>(NamingException.java:114)
    at javax.naming.NameNotFoundException.<init>(NameNotFoundException.java: 48)
    at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
    "ldaperror" 76 lines, 2944 characters
    at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
    at com.netscape.server.jndi.RootContext.bind(Unknown Source)
    at com.netscape.server.jndi.RootContext.bind(Unknown Source)
    at javax.naming.InitialContext.bind(InitialContext.java:371)
    at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown Source)
    at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
    at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
    at com.netscape.server.deployment.EjbReg.run(Compiled Code)
    at com.netscape.server.deployment.EjbReg.main(Unknown Source)
    Start registering iAS 60 Fortune Application...
    Start iPlanet Application Server
    Start iPlanet Application Server
    Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
    warning: daemon is running as super-user
    [LS ls1] http://gedemo1.plateau.com, port 80 ready
    to accept requests
    startup: server started successfully.
    After completion of installation, I tried to start the console. But I got the following error;
    "Cant connect ot the admin server. The url is not correct or the server is not running.
    Finally,when I started the admintool(iASTT),it shows the iAS1
    was registered( marked with a red cross mark) and says "cant login. make sure the user
    name & passwdord are correct" when i click on it.
    Thanks in advance for any help
    Madhavi

    Hi,
    Make sure that the directory server is installed first. If it is running
    ok, then you can try adding an admin user, please check the following
    technote.
    http://knowledgebase.iplanet.com/ikb/kb/articles/4106.html
    regards
    Swami
    madhavi korupolu wrote:
    I am attempting to install ias Enterprise Edition (6.0 SP3) on
    solaris 2.8 using typical in basesetup. I am trying to install new
    Directory server as I don't have an existing one.
    During the installation I got the following error.
    ERROR: Ldap Authentication failed for url
    ldap://hostname:389/o=NetScape Root user id admin (151: Unknown
    Error)
    Fatal Slapd did not add Directory server information to config
    Server.
    Warning slapd could'nt populate with ldif file Yes error code 151.
    ERROR:Failure installing iPlanet Directory Server.
    Do you want to continue: ( I entered yes )
    Configuring Administration Server Segmentation fault core dumped.
    Error: Failure installing Netscape Administration Server.
    Do you want to continue:( I responded with yes).
    And during the Extraction I got the following
    ERROR:mple_bind: Can't connect to the LDAP server - No route to host
    ERROR: Unable to connect to LDAP Directory Server
    Hostname: hostname
    Port: 389
    User: cn=Directory Manager
    Password: <password-for-cn=Directory Manager
    Please make sure this Directory Server is currently running.
    You might need to run 'stop-slapd' and then
    'start-slapd' in the Directory Server home directory, in order to
    restart
    LDAP. When finished, press ENTER to continue, or S to skip this
    step:
    Start registering Bootstrap EJB...
    javax.naming.NameNotFoundException
    at java.lang.Throwable.fillInStackTrace(Native Method)
    at java.lang.Throwable.fillInStackTrace(Compiled Code)
    at java.lang.Throwable.<init>(Compiled Code)
    at java.lang.Exception.<init>(Compiled > Code)
    at javax.naming.NamingException.<init>(NamingException.java:114)
    at
    javax.naming.NameNotFoundException.<init>(NameNotFoundException.java:
    48)
    at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
    "ldaperror" 76 lines, 2944 characters
    at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
    at com.netscape.server.jndi.RootContext.bind(Unknown Source)
    at com.netscape.server.jndi.RootContext.bind(Unknown Source)
    at javax.naming.InitialContext.bind(InitialContext.java:371)
    at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown
    Source)
    at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
    Code)
    at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
    Code)
    at com.netscape.server.deployment.EjbReg.run(Compiled Code)
    at com.netscape.server.deployment.EjbReg.main(Unknown Source)
    Start registering iAS 60 Fortune Application...
    Start iPlanet Application Server
    Start iPlanet Application Server
    Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
    warning: daemon is running as super-user
    [LS ls1] http://gedemo1.plateau.com, port 80 ready
    to accept requests
    startup: server started successfully.
    After completion of installation, I tried to start the console. But I
    got the following error;
    "Cant connect ot the admin server. The url is not correct or the
    server is not running.
    Finally,when I started the admintool(iASTT),it shows the iAS1
    was registered( marked with a red cross mark) and says "cant login.
    make sure the user
    name & passwdord are correct" when i click on it.
    Thanks in advance for any help
    Madhavi
    Try our New Web Based Forum at http://softwareforum.sun.com
    Includes Access to our Product Knowledge Base!

  • IPlanet LDAP configuration in Weblogic 8.1 SP3

    We use iPlanet LDAP provider for app authentication. We need only the authentication and no authorization. However when we do not specify information in Groups and Membership tabs, and provide only User information, authentication fails. Does iPlanet provider need Group and Membership information for simple authemtication?

    We use iPlanet LDAP provider for app authentication. We need only the authentication and no authorization. However when we do not specify information in Groups and Membership tabs, and provide only User information, authentication fails. Does iPlanet provider need Group and Membership information for simple authemtication?

  • Using iPlanet LDAP to just authenticate name/pwd

    I'm experimenting with setting up an LDAPAuthenticator, using iPlanet LDAP, for
    some application security. Our LDAP record has a name and password, but nothing
    about groups or roles. It's likely that I won't be able to add any fields to
    our LDAP structure in order to support the LDAPAuthenticator.
    The application I'm targeting will allow anyone in the LDAP directory into the
    application, but one part of the application will only be available for a select
    few (also in the LDAP directory).
    I'm looking for options for how to arrange this. It almost appears that I'll need
    a custom authenticator that merges the LDAPAuthenticator with a database lookup,
    or perhaps merging the external LDAP with the WL internal LDAP, where the only
    records in the internal LDAP will be ones with "special" access.
    What are straightforward and/or correct ways to get this done?

    I'm experimenting with setting up an LDAPAuthenticator, using iPlanet LDAP, for
    some application security. Our LDAP record has a name and password, but nothing
    about groups or roles. It's likely that I won't be able to add any fields to
    our LDAP structure in order to support the LDAPAuthenticator.
    The application I'm targeting will allow anyone in the LDAP directory into the
    application, but one part of the application will only be available for a select
    few (also in the LDAP directory).
    I'm looking for options for how to arrange this. It almost appears that I'll need
    a custom authenticator that merges the LDAPAuthenticator with a database lookup,
    or perhaps merging the external LDAP with the WL internal LDAP, where the only
    records in the internal LDAP will be ones with "special" access.
    What are straightforward and/or correct ways to get this done?

  • How can i config WLS7 and iPlanet LDAP

    How can i config WLS7 and iPlanet LDAP?
    failed during initialization. Exception:java.lang.SecurityException: Authenticat
    ion for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:978)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1116)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
    at weblogic.Server.main(Server.java:31)
    >

    Yos:
    Series of steps to get WLS working with some external LDAP server follows:
    I. create a new domain /mydomain
    II. start server
    III. open WebLogic console in a browser
    IV. in left frame, go to
    security->realms->myrealm->providers->AuthenticationProviders and click
    V. in right frame, click on “Configure a new iPlanet Authenticator”
    VI. In the new screen, under General, make sure the Control Flag is set to Required,
    select a name for this authenticator, and click Create.
    VII. Select iPlanet LDAP tab and fill in values for Host, Port, Principal where
    these values reflect the settings for your LDAP server. (Note: the default
    principal for an iPlanet LDAP server is uid=admin, ou=Administrators,
    ou=TopologyManagement, o=NetscapeRoot). Click Apply.
    VIII. Click on Credential: Change. At the new screen, enter the credential
    associated with the Principal that you entered in step VII in both boxes. This will
    be the password that is used to do a bind to your LDAP server with the principal.
    Click Apply.
    IX. Select Users tab and make sure these properties accurately reflect the structure
    of your LDAP server. Most of the time the only property that needs to be changed is
    the User Base DN property, from ou=people,o=example.com to
    ou=people,o=myCompany.com. Click Apply.
    X. Select Groups tab and make sure these properties accurately reflect the structure
    of your LDAP server. Most of the time the only property that needs to be changed is
    the Groups Base DN property, from ou=people,o=example.com to
    ou=groups,o=myCompany.com. Click Apply.
    XI. Now, the boot identity of your server absolutely must be a user that exists on
    your LDAP server. You must also have an “Administrators” group on your LDAP server,
    and the boot identity must be a user that exists in this “Administrators” group, or
    the server will not start. So open your LDAP console (this will be a console that
    is specific to the LDAP server you are using) and use the management tools to create
    the “Administrators” group and a user that you place in the “Administrators” group
    that is the boot identity that you use to start WebLogic.
    XII. Make these changes and restart the server.
    XIII. You can verify that the LDAP setup is correct by doing a thread dump. You
    should see a thread like:
    “LDAPConnThread localhost:389" daemon prio=5 tid=0x8d9b308 nid=0x8f8 runnable
    [0x9e2f000..0x9e2fdbc]
    at java.net.SocketInputStream.socketRead(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:86)
    at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
    at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
    - locked <3281d98> (a java.io.BufferedInputStream)
    at netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
    at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:420)
    where “localhost:389” is the server name and port of your LDAP
    server. This means that your Authenticator has been set up correctly.
    XIV. Now you can delete your default authenticator. Open the WebLogic console and
    go to security->realms->myrealm->providers->AuthenticationProviders in the left
    frame, and click
    XV. In the right frame, look for DefaultAuthenticator and click on the trash can to
    the far right. Say “Yes” when it asks if you are sure, then click Continue.
    XVI. Restart the WebLogic server. If the server boots correctly, you’re done.
    Everything is working correctly.
    Please note that the "default authenticator" refers to the embedded LDAP server that
    ships with WebLogic.
    Hope this helps.
    Joe Jerry
    Yos wrote:
    How can i config WLS7 and iPlanet LDAP?
    failed during initialization. Exception:java.lang.SecurityException: Authenticat
    ion for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:978)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1116)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
    at weblogic.Server.main(Server.java:31)
    >

  • I'm having iPlanet LDAP problems too! Can someone give this admin a hand?

    I've created the iPlanet Authenticator in my existing "myrealm" and have configured
    everything. Now when I startup my Weblogic 7, I don't see anything related to
    the initialization of the external iplanet LDAP directory server. Can someone
    help? I just see one thing,
    ####<Oct 16, 2003 5:39:05 PM PDT> <Info> <Security> <serverr> <myadmin_svr> <Execut
    eThread: '1' for queue: '__weblogic_admin_html_queue'> <kernel identity> <> <0905
    16> <The Authenticator provider has preexisting LDAP data.>
    What are my next steps to make WLS 7.0 to iplanet directory a reality?

    "VetteMan" <[email protected]> wrote:
    >
    "Kai" <[email protected]> wrote:
    Hi,
    Check if you can see users and groups from the directory server in the
    console.
    Kai
    "VetteMan" <[email protected]> wrote:
    I've created the iPlanet Authenticator in my existing "myrealm" andhave
    configured
    everything. Now when I startup my Weblogic 7, I don't see anything
    related
    to
    the initialization of the external iplanet LDAP directory server. Can
    someone
    help? I just see one thing,
    ####<Oct 16, 2003 5:39:05 PM PDT> <Info> <Security> <serverr> <myadmin_svr>
    <Execut
    eThread: '1' for queue: '__weblogic_admin_html_queue'> <kernel identity>
    <> <0905
    16> <The Authenticator provider has preexisting LDAP data.>
    What are my next steps to make WLS 7.0 to iplanet directory a reality?Kai, should I be able to go to the "Users" for that realm and seach the
    LDAP server?
    Didn't think that was possible. If I had multiple authentication providers,
    how
    would WL know which provider to use?
    Also, I looked at my config.xml and it doesn't seem to have the changes....should
    it be in there?
    thanks,
    mr. C5
    Hi,
    The users page lists all users and provides in an additional column the source
    (auth.prov.) from where the user has been sourced. If you don't see the users
    from the LDAP directory it's not working properly. There is also a bug where the
    users page is not loading if the number of users is too big. I'm working with
    8 at the moment, but it should be the same with 7. The authentication provider
    configuration of the default provider by BEA are stored in the internal LDAP.
    Kai

  • IPLANET LDAP config

    I'm trying to connect to an Iplanet 4.1 from wls7, i configured it everything, but
    I couldn't see groups or users...I read in older posts here that talk about the config.xml,
    but there´s nothing in there, where wls save the info about ldap config?
    besides..is necesary to setup below Providers all the items..or just the Authentication
    providers?
    I'm using Directory manager by principal.
    people -> base dn=o=sunat.gob.pe, ou=People
    groups -> base dn=o=sunat.gob.pe, ou=Groups
    thanks by any help...

    Hi Amitabha,
    I have faced the same problem some time back. Weblogic keeps it security information
    under
    "%BEA_HOME%\user_projects\zionsbank\userConfig\Security" directory. You must must
    have known the time you created the new realm, remove all the folders under security/
    created at that time. You configuration will be restored back to the one you had
    before creating the new realm.
    Hope it will work.
    Amir
    "Amitabha Mitra" <[email protected]> wrote:
    >
    Hi,
    We have created a new realm with the provider as the iplanet LDAP. There
    was no
    problem creating the realm. We have set this realm as the default realm
    for the
    domain. But when we start up the server(with userid and password as weblogic
    the default administrator uid/pwd with which it was working fine before
    changing
    the default realm) is now giving the following error :
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:978)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1116)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
    at weblogic.Server.main(Server.java:31)
    The server is thus not starting up.
    We tried with creating a user called 'weblogic' under a group called
    'Administrators'
    in the iPlanet LDAP but it is giving the same error.
    Is there any other configuration that needs to be done ?
    Is the Administrator,developer and application level security controlled
    from
    the same place.
    Rgds,
    Amitabha

  • SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

    One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
    Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
    I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
    In the Membership provider name text box I entered "LdapMember"
    In the Role provider name  text box I entered "LdapRole"
    In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="((ObjectClass=group)"
    userFilter="((ObjectClass=person)"
    scope="Subtree" />
    </providers>
    </roleManager>
    I modified the SecurityTokenServiceApplication web.config with these details
    <system.web>
    <membership>
    <providers>
    <add name="LdapMemebr"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true">
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    </system.web>
    I modified the web.config of the test application I created with these details
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
    <providers>
    <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="cn"
    dnAttribute="dn"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    <membership defaultProvider="i">
    <providers>
    <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    useDNAttribute="true"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
    The server could not sign you in. Make sure your user name and password are correct, and then try again.
    I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
    8306 - SharePoint Foundation - The security token username and password could not be validated.
    in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
    then this:
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
    The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
    The LDAP server tells the SharePoint server it is ready to communicate
    the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
    The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
    The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
    The SharePoint server acknowledges the connection is closing
    ... and then nothing happens, except the error on SharePoint
    What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
    specified in the web.config). That part does not seem to be happening.
    I am at a standstill on this and any help would be greatly appreciated.

    OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
    is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
    for enabling Forms Based Authentication:
    "ASP.NET Membership provider name"
    "ASP.NET Role manager name"
    We entered a name for Membership provider, and left Role manager blank.
    In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword="validpassword"
    useDNAttribute="false"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager>
    <providers>
    </providers>
    </roleManager>
    useDNAttribute="false" turned out to be important as well.
    So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
    leave anything related to the role provider blank
    configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
    Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
    Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
    a non-existent role manager.

  • How to get user attributes from LDAP authenticator

    I am using an LDAP authenticator and identity asserter to get user / group information.
    I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
    Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
    Any help would be appreciated

    Hi Julián,
    in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
    A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
    Beginner
    Medium
    Advanced
    Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
    Hope it helps
    Detlev

  • How to use two different LDAP authentication for my Apex application login

    Hi,
    I have 2 user groups defined in the LDAP directory and I provided the DN string for apex authentication something like the below
    cn=%LDAP_USER%,ou=usergrp1,dc=oracle,dc=com
    cn=%LDAP_USER%,ou=usergrp2,dc=oracle,dc=com
    The problem is I couln't pointout both the groups in DN string, I am trying to allow both usergroups to access the application.
    Does anyone know how to define both the group in LDAP DN String ?.
    Thanx in advance
    Vijay.

    Vijay,
    I don't think you'll be able to use the built-in LDAP authentication scheme. Just create a new authentication scheme that has its own authentication function. In that function code your calls to dbms_ldap however you need. Search the forum for dbms_ldap.simple_bind_s to find examples.
    Scott

  • LDAP Authentication - Multiple Domains

    I want to be able to use the built in LDAP Authentication scheme to allow authentication against multiple AD Domains... each with it's own separate Host IP/Server, and LDAP DN String. The User ID is formated the same among all Domains, so that is not a concern. I am currently authenticating against one Domain and it scans the tree successfully.
    Host: xx.xx.xx.xx
    DN String: %LDAP_USER%@amer.globalco.net
    (amer.globalco.net is the domain)
    How can this be accomplished? Is it possible all you guru's out there?
    I saw one forum thread discussing how to add a drop down list to the login page, then use the value of the page item in the DN String to specify Domain... That makes sense - HOWEVER - I also have to use a different Host Server / IP address for each domain as well.... Now that is 2 fields that need updating based on one select list.
    I can build the select list using "IP/Domain" - but how do I separate the two data bits in the ITEM Value into their own field values?
    Can I use the ldap_dnprep function to do text editing to create two field values from one ITEM value that I can use in the standard LDAP authentication form fields?
    As you can tell - I am not a SQL/PLSQL person... and I want to avoid creating my own LDAP scheme.
    Please include example/suggested SQL -
    Thanks in advance...
    Rich
    Apex v3.2.1
    Oracle 10G Express

    Based on prior post I had similar question and the result was to write custom auth scheme to read the values from the login page, perform auth against appropriate ldap, then return a valid session to proceed with login in apex app. In our case, the issue was having users is different branch nodes on the same ldap server but not being able to search from a common higher-level branch for some reason...
    Another option you could try, not recommended as it would mean multiple pages to maintain, would be a separate login page per ldap/domain, maybe would even have to multiple apps with just a login page and then redirect to the main app... been a really long time since i've tried anything like it, just giving some options to try.

  • LDAP Authentication Scheme - Multiple LDAP Servers?

    How to set up ldap authentication so that multiple ldap servers are available? Scenario: ldap service is replicated through several servers, but does not sit behind a common dns/reverse proxy connection, so applications would list each ldap server and attempt to contact each in order if one or more ldap servers is unreachable.

    How to set up ldap authentication so that multiple ldap servers are available? Scenario: ldap service is replicated through several servers, but does not sit behind a common dns/reverse proxy connection, so applications would list each ldap server and attempt to contact each in order if one or more ldap servers is unreachable.

Maybe you are looking for

  • How can I found my old Apple ID if I deleted ?

    How can I rest my old password if I deleted ? i Have this question also?

  • ICal lost end dates and ∞ sync conflicts after iOS4 upgrade

       After upgrading my sacrificial iPod 3 (I'm waiting to upgrade my main iPhone 3GS) and synchronizing it to my home MacBook Pro 2007 17", I got huge numbers of old repeating meeting which seem to have lost their end-date, e.g., "Palm-size PC Porting

  • Variables in WAD

    Hi gurus I have created variables for Calender Year and posting periods for the value ranging from and to. Now i have created a web template for this query and i want to see the variables in my web template. Please can anyone tell me how to do this.

  • Authorizations-Security based on BP relationships

    Dear Experts, In a generic sense We could control which BP could be maintained using Authorization Groups (Obj:B_BUPA_GRP), which is not sufficient for us. We have a situation,Users should be able to view and modify those BPs who are in some relation

  • Customer Calls and AR Notes

    Do we have any API for Customer Calls and AR Notes conversion?