Is it possible to change ldap search attribute telephonenumber to an other
Hello, I have a directory that holds the users phones number in an alternate ldap attribute "numeroCourt".
The default Directory search asp files are displaying the content of the telephonenumber attribute in the LDAP Directory.
What do I need to edit to change "telephonenumber" with "numeroCourt"?
Thanks in advance.
Since telephone number is not populated the logical thing for the CorpDir application to do would be to see that the
"ciscoatUserProfileString" has a value and go retrieve the extension information from there.
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a0080094493.shtml
Similar Messages
-
Changing LDAP "Search Attribute"
Hello:
I am authenticating against LDAP as such:
Hashtable authEnv = new Hashtable();
String dn =
"CN=" + userAuth.getFirstName() + " " + userAuth.getLastName() +
",OU=zzzzzzzz,DC=yyyyy,DC=xxx";
authEnv.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, "ldap://999.999.199.999:389");
authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
authEnv.put(Context.SECURITY_PRINCIPAL, dn);
authEnv.put(Context.SECURITY_CREDENTIALS, password);
I am using the user's first and last name to authenticate. Now, I want to use their login id to authenticate. I was told "to change the Search Attribute from 'uid' to 'sAMAccountName'". I don't know what this refers to. Does anybody have any ideas?
Thanks
EricA call to Apple support helped solve this problem, especially to deal with a typo in the Apple Snow Leopard Server documentation:
1. Export all of your users, groups, etc. to files. Passwords will be reset but everything else will work.
2. In OD, change the server to be "stand alone" (basically turning off OD).
3. From the command line run the following command, noting that you literally put the string "HostName" in the position specified, not the old host name specified in the documentation:
sudo scutil --set HostName <fully qualified domain name>
4. Reboot
5. Restart Server Admin and recreate the OD master using the fully qualified name.
6. Go to KeyChain and look for the entries for system -> com.apple.opendirectory. One should point to your server and one should be blank. Delete the bank entry.
Done! -
Is it possible to change the search help to have Scroll capability instea
I am using ABAP Webdynpro. is it possible to change the search help to have Scroll capability instead of Next Page/Next line/Last line. We would rather use a search help to do this as the user wants to have their own personal value list.
Found the answer on SDN
-
Adding Another LDAP Search Attribute
Hi,
Can you please point me to any document for adding another ldap search attribute apart from uid.
Regards,
Edited by: IDM1312 on Jun 9, 2008 4:28 PMYes, here is what happens when your user tries to login:
They enter some username & password. The username can be any attribute you wish it to be (email, UID, cn, etc). The actual authentication is not done using the value the user enters. This is because you need to authenticate with the user's DN. To get the DN, access manager does a lookup on the directory server to see if what the user entered exists in any of the attributes in the search alias list. If the search is successful, it returns the user's DN. Access Manager then uses the DN and password to authenticate the user.
So, if you expect your users to enter their email address, you will want your email attribute in this list. You can have multiple values in the list, if for example you want to allow users to enter uid OR email address. I would be careful about allowing this flexibility if you are in a large organization because this will bring increased overhead to both AM & DS.
Also, be sure that whatever attribute you use is indexed!!
I hope this helps,
Eric -
When I built our CallManager 8.6 enviornment, I mirroed the way our 7.3 was set up. We had set up our LDAP search space at the root of our domain. The problem is that includes all kinds of sub directories we dont want. I want to now change our LDAP to look deeper in our hiarchy. What I dont know though is will it then see every person as a new user. If so, it would break UCCX and Presence.
Yep they do stay the same. And the way I know it worked is if I look up a user I wanted to keep it shows "Ldap Active". For the users I wanted gone they now show "delete pending".
-
Change LDAP Search Base: Is archive/recreate required?
This is the gist of the message that I'm getting while searching for an answer, but I wanted to ask it here just in case.
I have a MacOS X server (10.4.9) that I need to join to an Active Directory... it was originally on it's own domain (xserve.mydomain.ca) and will now be on the corporate domain (xserve.myorg.ca).
I've run changeip to change the IP address and switch over all the domain information. The forward and reverse lookups are happy and working and while I had to recreate home directories for some users, in the end, everything worked fairly well.
Now I need to take the next step in the integration and get LDAP changed over to reflect the new FQDN. It is current dc=xserve, dc=mydomain, dc=ca ... so it needs to be dc=xserve, dc=myorg, dc=ca
Is archiving the LDAP database... switching to Standalone... and recreating the OD Master with new LDAP search base the only way to make the change?
And if so... does it actually work? (Home Directories don't matter too much.. but recereating 200 users, obviously would suck).
Thank you very much.
Chris Alemany
Computer Technician
Malaspina U-C
Nanaimo, BCI'm hoping for a little detail here.
The LDAP archive that is created through Server Admin
is... comprehensive... ie. there are a LOT of
different files in there.
Of course as it isn't only a LDAP archive but contains the PasswordServer database, the kerberos database, server settings ...
Where do I start in terms of "mangling" the data
(which I assume means redoing all references to the
old LDAP domain?
You would need to export only the LDAP database via the appropiate ldapsearch command.
As you begin to see this task is quite complex and without some decent knowledge about Mac OS X Server in general and specifically LDAP this task is doomed to fail. :o/
You can start your way with this book:
http://www.amazon.com/Apple-Training-System-Administration-Reference/dp/03213698 4X/ref=pdbbs_sr1/103-1936572-6371849?ie=UTF8&s=books&qid=1177352316&sr=8-1
Sorry for the bad news,
-Ralph -
Ldap search attribut result "cn=Klaus", I want this only "Klaus"
Hello,
of course i could remove the position 0-2 from the String "cn=Klaus" to get a substring like "Klaus" but i don`t wanna use an extra "for loop" if there maybe exists another possibility to get a clean output like "Klaus"
someone knows an ldap method to get ONLY the pure value of the cn attribute?A picture says more then 1000 words ;-)
http://666kb.com/i/aq0uxeznt366h8z2b.jpg
check out my both JList filled with return attribut "cn"
The full string always has the "cn:" included which i have to remove with the following code:
String realCN = attrb.toString().substring(4);
well this line of code doesnt matter much but well its additional work :D -
Is it possible to change the placeholder '?' in PreparedStatement
PreparedStatement pstmt = con.prepareStatement("UPDATE MPLOYEES
SET SALARY = ? WHERE ID = ?");here '?' is a placeholder, is it possible to change it to something like '*'No.
-
Photoshop Elements9 has a dark background which makes it difficult to use for a sight impaired person. Is it possible to change it to a light background.
Photoshop Elements9 has a dark background which makes it difficult to use for a sight impaired person. Is it possible to change it to a light background.
-
LDAP search cannot find entry by user "defined attribute" or "sounds like
Hi, I have an JSP program that searches an LDAP Sun One Directory Server.
All of my search filters ( by givenname,sn,mail and phone #) work fine with the search base set at the very top (root ) of my DIT tree.
However with the same search base, searching by an "User Defined Attribute" fails to return anything (and note that my search filter includes the objectclass that goes with this user defined attribute)?
Yet, if I change the search base so it points all the way down the DIT tree (maybe near RDN?), the "User Defined Attribute" search works fine ?
Additionally, "sounds like" search filter (givenname~=) fails to find anything at
the upper root search base of DIT. If I change the search base to point down in the DIT tree as I did above, the "sounds like" filter will work?
I've tried everything I know?Hi Dora9,
Thanks for your reply.
I am glad that you have solved the problem and thanks for your share us the solution
here, so it would be helpful for other members who get the same issue
and we will close this case.
In addition, I suggest you could try to get
the issue confirmed and diagnose by product team. Would you please create connect report for it? You will get email notification for update from the product team experts:
http://connect.microsoft.com/VisualStudio/feedback/CreateFeedback.aspx,
if you submit it, you could share us the link here, so we could know the latest information from the Product team expert. And I will help you to vote it.
Thanks for your understanding.
Best Regards,
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Using LDAP to search attribute bit flags using attribute OID values
Hello everyone,
My question stems from trying to understand the OID and syntax behind this classic LDAP search to find disabled users:
"(useraccountcontrol:1.2.840.113556.1.4.803:=2)"
What I am interested in is the value 1.2.840.113556.1.4.803, specifically how it differentiates from the value 1.2.840.113556.1.4.8, which is the OID of the useraccountcontrol attribute:
http://msdn.microsoft.com/en-us/library/ms680832(v=vs.85).aspx
Now, this website below says that the 03 and 04 are designators of the AND and OR operations, respectively, and are added on to the end of the OID:
https://www.appliedtrust.com/blog/2011/04/keeping-your-active-directory-pantry-order
However, using this logic, I can't get these 03 and 04 operators to work with other attribute OID's that use flags as values, such as the "searchflags" attribute, e.g. a LDAP search of "(searchflags:=1.2.840.113556.1.2.33404:=0)
returns nothing, using the OR (04) operation at the end of the "searchflags" OID of 1.2.840.113556.1.2.334.
So back to my original question, for the useraccountcontrol OID of 1.2.840.113556.1.4.8, is this OID at all related to the bitwise AND extensible match of 1.2.840.113556.1.4.803 (like just adding a 03 to designate an AND operation), or is this
extensible match
value of 1.2.840.113556.1.4.803 completely separate from the useraccountcontrol OID of 1.2.840.113556.1.4.8?
If I have my terms mixed up, please feel free to correct me on what the proper terms are.
Thanks!Hmm yeah I posted that link above in my OP as well, and I was hoping that the OID values of these bitwise filters were somehow related to the shorter OID of the "useraccountcontrol" attribute, but it looks like it's just a coincidence.
So I wonder if the "useraccountcontrol" section of
this article from my OP is a little misleading when it says:
To make a comparison, we either need to use the LDAP_MATCHING_RULE_BIT_AND rule (1.2.840.113556.1.4.803), or the LDAP_MATCHING_RULE_BIT_OR rule (1.2.840.113556.1.4.804) for our attribute OID (the AND rule adds a 03 suffix to denote the AND operation,
and the OR rule adds a 04 suffix).
Following this logic, I should be able to use the "03" and "04" in other bitwise operations with different OID's to search "AND" or "OR", but as I pointed out in my OP above, I can't seem to make this work with adding the
"03" and "04" onto the end of other OID's. So I will go with Christoffer that these bitwise OID's (1.2.840.113556.1.4.803 and 1.2.840.113556.1.4.804) are unique in themselves, and the fact that they are 2 characters away from the OID of the "useraccountcontrol"
attribute (1.2.840.113556.1.4.8) is just coincidence.
This does seem strange however, and it seems like there should be some correlation here....
If anyone has any more info, I would love to hear it! -
Is it possibly to change file attributes for files in the Program Files directory?
Hi,
I wonder if it is possible to change file time atributes for a file that is in the same folder as the exe file inside the Program File folder. I have the following code that gives System Error Code 5.
SHGetFolderPath(0, CSIDL_PROGRAM_FILES, 0, SHGFP_TYPE_CURRENT, programpath);
PathAppend (programpath, TEXT("Testprogram/gnsh.dat"));
hFile = CreateFile(programpath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
If this had worked, I would for instance have done like this
GetSystemTime(&st); SystemTimeToFileTime(&st, &ft);
timeresult = SetFileTime(hFile2, NULL, NULL, &ft);
I am programming in C with WIndows Api.
Thanks in advance for answer.
Best regardsHi Vahmat,
System error code 5 :
ERROR_ACCESS_DENIED
5 (0x5)
Access is denied.
I have tested your code on my side, it will get a error code 5 if you have no permission to access a file. Please try to run VS as a administrator and rebuild your project, after this , you code works well on my side.
Best regards,
Shu Hu
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Is it possible to change attributes data in role or resource task?
Hi!
we have requirement to change some data after user generate role or resource request. I mean when the approver is looking at request details is it possible to change some data? for example account name in case of resource request?
Best
mpWhich OIM version are you using ?
If 10g then you can set Object permissions for Form
If OIM 11g, Not possible in current release. You can achieve in some other way.
Workaround:
You have a field say "ROLE" on Request Dataset
End User will select value for ROLE while raising request.
Create one more field say "APPROVER ROLE". It would be "approver-only" field (It is a property in Request Dataset"
If approver wants to change some data then he'll select some value in "APPROVER ROLE" field.
In you approval workflow you can handle if "APPROVER ROLE" is not NULL then use this field else use ROLE field.
It is just a wrokaround. -
Changing LDAP roles programmatically
Does anyone know if it´s possible to change a LDAP user role programmatically? I´ve searched for hours, but I didn´t find any information about it. I Only found classes on weblogic api to change user attributes.
Is there any api on weblogic to do that? Or any documentation that talks about it?
Thanks in advance.
Hevert Brito
Edited by: user12966611 on 09/04/2010 15:16
Edited by: user12966611 on 09/04/2010 15:16
Edited by: user12966611 on 09/04/2010 15:17Faisal,
I´m trying to use the method createRole the same way you´re doing in you example but i´m getting this error:
Caused by: java.lang.NoSuchMethodException: createRole(java.lang.String,java.lan
g.String,java.lang.String,) for Security:Name=myrealmDefaultAuthenticator
... 117 more
When I use the method createUser as you did in your example it works perfectly.
Do you have any idea why is that happening?
This is my code:
try{
System.out.println("Creating role : testrole");
wls.invoke(roleEditor,"createRole",new Object[] {null,"testrole",null},new String[] {"java.lang.String", "java.lang.String","java.lang.String"});
System.out.println("Created role : testrole");
catch(Exception e){
e.printStackTrace();
} -
Ldif import change the userPassword attribute
Hi all,
I post a message here because i am facing an obstacle.
I made an migration from Sun directory server 6 on sun sparc server to an linux server with directory server 7.
I have got an issue about the ldif import.
When i export ldap data from my old server, i have got ldif-export.ldif file and when i import it i have no error :
Started initialization of "xxx.xxx.xxx.xxx:389"; Apr 29, 2013 10:14:12 AM
Sent 1314 entries...
Sent 3794 entries...
Sent 3795 entries.
Completed initialization of "xxx.xxx.xxx.xxx:389"; Apr 29, 2013 10:14:16 AM
But when i do an ldap search i can see that my new dsee server does not contain the same password than my old server for the users password attribute .
and this in spite of the ldif-export file contain exacly the same password than the old server in production.
I think when i do an import the new server change the pasword or something like this.
for example on my old server my user teo
userPassword:: teo
cn: neo
uid: neo
objectClass: top
objectClass: neoDevice1
and on my new server i have got :
userPassword:: bmVv
cn: neo
uid: neo
objectClass: top
objectClass: neoDevice1
i took the precaution to change the server propertie with this command to be sure to respect the same config than the old server
./dsconf set-server-prop pwd-storage-scheme:CLEAR
I can't find where the issue is or what propertie to change for fix it.
Otherwise there is no other problem in my ldif import all seems to be correct except userPassword attibute.
Thanks for your helpHello,
sorry for this late reply...
as far as I understand, you would like to use the export/import mechanism to turn in clear all the passwords, is that correct?
Unfortunately I'm afraid that what you're asking is not possible...
If the userPassword attribute is "encrypted" in the original Directory Server instance database, then regardless of what you set in the 'encryption-scheme', in the export.ldif file you will still have the attribute encrypted.
The same thing happens when you try to import from an ldif file: regardless of what you have set in the 'encryption-scheme' in the Directory Server, if the attribute in the ldif file is 'encrypted', it will stay 'encrypted' also in the database.
The only way to have the userPassword attribute in clear is change the encryption-scheme and update the userPassword field of every entry.
HTH,
Marco
Maybe you are looking for
-
Copying a page from one InDesign document to another
I have a page in an InDesign document (which contains graphics) that I would like to copy to another InDesign document, but Copy / Past does not work.
-
I recently upgraded my macbook to mountain lion. Before doing so I used time machine to back up my entire laptop with an external hard drive. When I got my computer back it was clean....all pics, music, documents, bookmarks etc. are gone. How do I
-
I have just updated to Yosemite on my 2009 MBP and am informed that I have an Apple Remote Desktop update to apply in the App Store. Product was purchased as shrink wrap a few years ago with 3 user licences. However I can't apply the update Looking a
-
C# VisualWebpart get Images from a specific Image Library.
Hello, I'm working on a VisualWebpart Project in VS2013. Are there any possibilities, where I can get the Images from a Image Library? Like this: //pseudocodeSPLibrary imagesLib = new SPLibrary("mySite\Library") var imageList = imagesLib.GetContent("
-
Military Time in Calendar?
Has anyone discovered how to use military time - 1500 instead of 3 pm - in Calendar?