Is it possible to change ldap search attribute telephonenumber to an other

Similar Messages

• Changing LDAP "Search Attribute"

  Hello:
  I am authenticating against LDAP as such:
  Hashtable authEnv = new Hashtable();
  String dn =
  "CN=" + userAuth.getFirstName() + " " + userAuth.getLastName() +
  ",OU=zzzzzzzz,DC=yyyyy,DC=xxx";
  authEnv.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  authEnv.put(Context.PROVIDER_URL, "ldap://999.999.199.999:389");
  authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
  authEnv.put(Context.SECURITY_PRINCIPAL, dn);
  authEnv.put(Context.SECURITY_CREDENTIALS, password);
  I am using the user's first and last name to authenticate. Now, I want to use their login id to authenticate. I was told "to change the Search Attribute from 'uid' to 'sAMAccountName'". I don't know what this refers to. Does anybody have any ideas?
  Thanks
  Eric

  A call to Apple support helped solve this problem, especially to deal with a typo in the Apple Snow Leopard Server documentation:
  1. Export all of your users, groups, etc. to files. Passwords will be reset but everything else will work.
  2. In OD, change the server to be "stand alone" (basically turning off OD).
  3. From the command line run the following command, noting that you literally put the string "HostName" in the position specified, not the old host name specified in the documentation:
  sudo scutil --set HostName <fully qualified domain name>
  4. Reboot
  5. Restart Server Admin and recreate the OD master using the fully qualified name.
  6. Go to KeyChain and look for the entries for system -> com.apple.opendirectory. One should point to your server and one should be blank. Delete the bank entry.
  Done!

• Is it possible to change the search help to have Scroll capability instea

  I am using ABAP Webdynpro.  is it possible to change the search help to have Scroll capability instead of Next Page/Next line/Last line.  We would rather use a search help to do this as the user wants to have their own personal value list.

  Found the answer on SDN

• Adding Another LDAP Search Attribute

  Hi,
  Can you please point me to any document for adding another ldap search attribute apart from uid.
  Regards,
  Edited by: IDM1312 on Jun 9, 2008 4:28 PM

  Yes, here is what happens when your user tries to login:
  They enter some username & password. The username can be any attribute you wish it to be (email, UID, cn, etc). The actual authentication is not done using the value the user enters. This is because you need to authenticate with the user's DN. To get the DN, access manager does a lookup on the directory server to see if what the user entered exists in any of the attributes in the search alias list. If the search is successful, it returns the user's DN. Access Manager then uses the DN and password to authenticate the user.
  So, if you expect your users to enter their email address, you will want your email attribute in this list. You can have multiple values in the list, if for example you want to allow users to enter uid OR email address. I would be careful about allowing this flexibility if you are in a large organization because this will bring increased overhead to both AM & DS.
  Also, be sure that whatever attribute you use is indexed!!
  I hope this helps,
  Eric

• Change LDAP search path

  When I built our CallManager 8.6 enviornment, I mirroed the way our 7.3 was set up.  We had set up our LDAP search space at the root of our domain.  The problem is that includes all kinds of sub directories we dont want.  I want to now change our LDAP to look deeper in our hiarchy.  What I dont know though is will it then see every person as a new user.  If so, it would break UCCX and Presence.

  Yep they do stay the same.  And the way I know it worked is if I look up a user I wanted to keep it shows "Ldap Active".  For the users I wanted gone they now show "delete pending".

• Change LDAP Search Base:  Is archive/recreate required?

  This is the gist of the message that I'm getting while searching for an answer, but I wanted to ask it here just in case.
  I have a MacOS X server (10.4.9) that I need to join to an Active Directory... it was originally on it's own domain (xserve.mydomain.ca) and will now be on the corporate domain (xserve.myorg.ca).
  I've run changeip to change the IP address and switch over all the domain information. The forward and reverse lookups are happy and working and while I had to recreate home directories for some users, in the end, everything worked fairly well.
  Now I need to take the next step in the integration and get LDAP changed over to reflect the new FQDN. It is current dc=xserve, dc=mydomain, dc=ca ... so it needs to be dc=xserve, dc=myorg, dc=ca
  Is archiving the LDAP database... switching to Standalone... and recreating the OD Master with new LDAP search base the only way to make the change?
  And if so... does it actually work? (Home Directories don't matter too much.. but recereating 200 users, obviously would suck).
  Thank you very much.
  Chris Alemany
  Computer Technician
  Malaspina U-C
  Nanaimo, BC

  I'm hoping for a little detail here.
  The LDAP archive that is created through Server Admin
  is... comprehensive... ie. there are a LOT of
  different files in there.
  Of course as it isn't only a LDAP archive but contains the PasswordServer database, the kerberos database, server settings ...
  Where do I start in terms of "mangling" the data
  (which I assume means redoing all references to the
  old LDAP domain?
  You would need to export only the LDAP database via the appropiate ldapsearch command.
  As you begin to see this task is quite complex and without some decent knowledge about Mac OS X Server in general and specifically LDAP this task is doomed to fail. :o/
  You can start your way with this book:
  http://www.amazon.com/Apple-Training-System-Administration-Reference/dp/03213698 4X/ref=pdbbs_sr1/103-1936572-6371849?ie=UTF8&s=books&qid=1177352316&sr=8-1
  Sorry for the bad news,
  -Ralph

• Ldap search attribut result "cn=Klaus", I want this only "Klaus"

  Hello,
  of course i could remove the position 0-2 from the String "cn=Klaus" to get a substring like "Klaus" but i don`t wanna use an extra "for loop" if there maybe exists another possibility to get a clean output like "Klaus"
  someone knows an ldap method to get ONLY the pure value of the cn attribute?

  A picture says more then 1000 words ;-)
  http://666kb.com/i/aq0uxeznt366h8z2b.jpg
  check out my both JList filled with return attribut "cn"
  The full string always has the "cn:" included which i have to remove with the following code:
  String realCN = attrb.toString().substring(4);
  well this line of code doesnt matter much but well its additional work :D

• Is it possible to change the placeholder '?' in PreparedStatement

  PreparedStatement pstmt = con.prepareStatement("UPDATE MPLOYEES
  SET SALARY = ? WHERE ID = ?");here '?' is a placeholder, is it possible to change it to something like '*'

  No.

• Photoshop Elements9 has a dark background which makes it difficult to use for a sight impaired person. Is it possible to change it to a light background.

  Photoshop Elements9 has a dark background which makes it difficult to use for a sight impaired person. Is it possible to change it to a light background.

  Photoshop Elements9 has a dark background which makes it difficult to use for a sight impaired person. Is it possible to change it to a light background.

• LDAP search cannot find entry by user "defined attribute"  or  "sounds like

  Hi, I have an JSP program that searches an LDAP Sun One Directory Server.
  All of my search filters ( by givenname,sn,mail and phone #) work fine with the search base set at the very top (root ) of my DIT tree.
  However with the same search base, searching by an "User Defined Attribute" fails to return anything (and note that my search filter includes the objectclass that goes with this user defined attribute)?
  Yet, if I change the search base so it points all the way down the DIT tree (maybe near RDN?), the "User Defined Attribute" search works fine ?
  Additionally, "sounds like" search filter (givenname~=) fails to find anything at
  the upper root search base of DIT. If I change the search base to point down in the DIT tree as I did above, the "sounds like" filter will work?
  I've tried everything I know?

  Hi Dora9,
  Thanks for your reply.
  I am glad that you have solved the problem and thanks for your share us the solution
  here, so it would be helpful for other members who get the same issue
  and we will close this case.
  In addition, I suggest you could try to get
  the issue confirmed and diagnose by product team. Would you please create connect report for it? You will get email notification for update from the product team experts:
  http://connect.microsoft.com/VisualStudio/feedback/CreateFeedback.aspx,
  if you submit it, you could share us the link here, so we could know the latest information from the Product team expert. And I will help you to vote it.
  Thanks for your understanding.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Using LDAP to search attribute bit flags using attribute OID values

  Hello everyone,
  My question stems from trying to understand the OID and syntax behind this classic LDAP search to find disabled users:
  "(useraccountcontrol:1.2.840.113556.1.4.803:=2)"
  What I am interested in is the value 1.2.840.113556.1.4.803, specifically how it differentiates from the value 1.2.840.113556.1.4.8, which is the OID of the useraccountcontrol attribute:
  http://msdn.microsoft.com/en-us/library/ms680832(v=vs.85).aspx
  Now, this website below says that the 03 and 04 are designators of the AND and OR operations, respectively, and are added on to the end of the OID:
  https://www.appliedtrust.com/blog/2011/04/keeping-your-active-directory-pantry-order
  However, using this logic, I can't get these 03 and 04 operators to work with other attribute OID's that use flags as values, such as the "searchflags" attribute, e.g. a LDAP search of "(searchflags:=1.2.840.113556.1.2.33404:=0)
  returns nothing, using the OR (04) operation at the end of the "searchflags" OID of 1.2.840.113556.1.2.334.
  So back to my original question, for the useraccountcontrol OID of 1.2.840.113556.1.4.8, is this OID at all related to the bitwise AND extensible match of 1.2.840.113556.1.4.803 (like just adding a 03 to designate an AND operation), or is this
  extensible match
  value of 1.2.840.113556.1.4.803 completely separate from the useraccountcontrol OID of 1.2.840.113556.1.4.8?
  If I have my terms mixed up, please feel free to correct me on what the proper terms are.
  Thanks!

  Hmm yeah I posted that link above in my OP as well, and I was hoping that the OID values of these bitwise filters were somehow related to the shorter OID of the "useraccountcontrol" attribute, but it looks like it's just a coincidence.
  So I wonder if the "useraccountcontrol" section of
  this article from my OP is a little misleading when it says:
  To make a comparison, we either need to use the LDAP_MATCHING_RULE_BIT_AND rule (1.2.840.113556.1.4.803), or the LDAP_MATCHING_RULE_BIT_OR rule (1.2.840.113556.1.4.804) for our attribute OID (the AND rule adds a 03 suffix to denote the AND operation,
  and the OR rule adds a 04 suffix).
  Following this logic, I should be able to use the "03" and "04" in other bitwise operations with different OID's to search "AND" or "OR", but as I pointed out in my OP above, I can't seem to make this work with adding the 
  "03" and "04" onto the end of other OID's. So I will go with Christoffer that these bitwise OID's (1.2.840.113556.1.4.803 and 1.2.840.113556.1.4.804) are unique in themselves, and the fact that they are 2 characters away from the OID of the "useraccountcontrol"
  attribute (1.2.840.113556.1.4.8) is just coincidence.
  This does seem strange however, and it seems like there should be some correlation here....
  If anyone has any more info, I would love to hear it!

• Is it possibly to change file attributes for files in the Program Files directory?

  Hi,
  I wonder if it is possible to change file time atributes for a file that is in the same folder as the exe file inside the Program File folder. I have the following code that gives System Error Code 5.
  SHGetFolderPath(0, CSIDL_PROGRAM_FILES, 0, SHGFP_TYPE_CURRENT, programpath);
  PathAppend (programpath, TEXT("Testprogram/gnsh.dat"));
  hFile = CreateFile(programpath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
  If this had worked, I would for instance have done like this
  GetSystemTime(&st); SystemTimeToFileTime(&st, &ft);
  timeresult = SetFileTime(hFile2, NULL, NULL, &ft);
  I am programming in C with WIndows Api.
  Thanks in advance for answer.
  Best regards

  Hi Vahmat,
  System error code 5 :
  ERROR_ACCESS_DENIED
  5 (0x5)
  Access is denied.
  I have tested your code on my side, it will get a error code 5 if you have no permission to access a file. Please try to run VS as a administrator and rebuild your project, after this , you code works well on my side.
  Best regards,
  Shu Hu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Is it possible to change attributes data in role or resource task?

  Hi!
  we have requirement to change some data after user generate role or resource request. I mean when the approver is looking at request details is it possible to change some data? for example account name in case of resource request?
  Best
  mp

  Which OIM version are you using ?
  If 10g then you can set Object permissions for Form
  If OIM 11g, Not possible in current release. You can achieve in some other way.
  Workaround:
  You have a field say "ROLE" on Request Dataset
  End User will select value for ROLE while raising request.
  Create one more field say "APPROVER ROLE". It would be "approver-only" field (It is a property in Request Dataset"
  If approver wants to change some data then he'll select some value in "APPROVER ROLE" field.
  In you approval workflow you can handle if "APPROVER ROLE" is not NULL then use this field else use ROLE field.
  It is just a wrokaround.

• Changing LDAP roles programmatically

  Does anyone know if it´s possible to change a LDAP user role programmatically? I´ve searched for hours, but I didn´t find any information about it. I Only found classes on weblogic api to change user attributes.
  Is there any api on weblogic to do that? Or any documentation that talks about it?
  Thanks in advance.
  Hevert Brito
  Edited by: user12966611 on 09/04/2010 15:16
  Edited by: user12966611 on 09/04/2010 15:16
  Edited by: user12966611 on 09/04/2010 15:17

  Faisal,
  I´m trying to use the method createRole the same way you´re doing in you example but i´m getting this error:
  Caused by: java.lang.NoSuchMethodException: createRole(java.lang.String,java.lan
  g.String,java.lang.String,) for Security:Name=myrealmDefaultAuthenticator
  ... 117 more
  When I use the method createUser as you did in your example it works perfectly.
  Do you have any idea why is that happening?
  This is my code:
  try{
       System.out.println("Creating role : testrole");
       wls.invoke(roleEditor,"createRole",new Object[] {null,"testrole",null},new String[] {"java.lang.String", "java.lang.String","java.lang.String"});
       System.out.println("Created role : testrole");          
  catch(Exception e){
       e.printStackTrace();
  }

• Ldif import change the userPassword attribute

  Hi all,
  I post a message here because i am facing an obstacle.
  I made an migration from Sun directory server 6 on sun sparc server to an linux server with directory server 7.
  I have got an issue about the ldif import.
  When i export ldap data from my old server, i have got ldif-export.ldif file and when i import it i have no error :
  Started initialization of "xxx.xxx.xxx.xxx:389"; Apr 29, 2013 10:14:12 AM
  Sent 1314 entries...
  Sent 3794 entries...
  Sent 3795 entries.
  Completed initialization of "xxx.xxx.xxx.xxx:389"; Apr 29, 2013 10:14:16 AM
  But when i do an ldap search i can see that my new dsee server does not contain the same password than my old server for the users password attribute .
  and this in spite of the ldif-export file contain exacly the same password than the old server in production.
  I think when i do an import the new server change the pasword or something like this.
  for example on my old server my user teo
  userPassword:: teo
  cn: neo
  uid: neo
  objectClass: top
  objectClass: neoDevice1
  and on my new server i have got :
  userPassword:: bmVv
  cn: neo
  uid: neo
  objectClass: top
  objectClass: neoDevice1
  i took the precaution to change the server propertie with this command to be sure to respect the same config than the old server
  ./dsconf set-server-prop pwd-storage-scheme:CLEAR
  I can't find where the issue is or what propertie to change for fix it.
  Otherwise there is no other problem in my ldif import all seems to be correct except userPassword attibute.
  Thanks for your help

  Hello,
  sorry for this late reply...
  as far as I understand, you would like to use the export/import mechanism to turn in clear all the passwords, is that correct?
  Unfortunately I'm afraid that what you're asking is not possible...
  If the userPassword attribute is "encrypted" in the original Directory Server instance database, then regardless of what you set in the 'encryption-scheme', in the export.ldif file you will still have the attribute encrypted.
  The same thing happens when you try to import from an ldif file: regardless of what you have set in the 'encryption-scheme' in the Directory Server, if the attribute in the ldif file is 'encrypted', it will stay 'encrypted' also in the database.
  The only way to have the userPassword attribute in clear is change the encryption-scheme and update the userPassword field of every entry.
  HTH,
  Marco