ISE with Domino LDAP Integration

Similar Messages

• LDAP integration - "LDAP Import adapter warning: No LDAP entry was defined"

  Hi,
  I am trying to integrate ETPM with LDAP (Microsoft AD). I have successfully connected Weblogic and can see the AD users there; I followed the instructions in the "Oracle Utilities Application Framework Administartion User's Guide" on how to integrate with LDAP:
  1) I defined the JNDI server
  2) I created a mapping file as described
  3) registered the file within XAIParameterInfo.xml and MPLParamaterInfo
  WHen i try to import users via the LDAP Import menu the reponse is empty, in the logs I see the following message: "LDAP Import adapter warning: No LDAP entry was defined". Does anybody have had similar issues and maybe a solution to this issue?
  My versions:
  Customer Release V4.1.0 000 000
  Oracle Enterprise Taxation Management V2.3.1.1.0 001 001
  Oracle Utilities Application Framework V4.1.0.1.0 001 000
  My assumption is there is something wrong with the config, as all other connection (including the one from Weblogic) are successful.
  I appreciate any feedback on this.
  Best regards,
  Sebastian

  Would have liked to post an update in my other post, but that one is locked. I found so many problems with the LDAP integration but eventually managed. If anyone runs into similar issues, here is what you need to check:
  1) AD admin user password - is limited to 8 characters (nowhere mentioned in the docs!!!)
  2) Be careful using cases; do NOT rely on the documentation, it is wrong! here is a sample ldapdef.xml (I highlighted the changes you need to make in comparison to the documentation):
  <LDAPEntries>
  <LDAPEntry name="User" baseDN="CN=Users,DC=yourdomain,DC=com" cdxEntity="User" searchFilter="(&amp;(objectClass=user)(name=%searchParm%))">
  <LDAPCDXAttrMappings>
  <LDAPCDXAttrMapping ldapAttr="name" cdxName="*user*" />
  <LDAPCDXAttrMapping cdxName="LanguageCode" default="ENG" />
  <LDAPCDXAttrMapping cdxName="FirstName" default="fn1" />
  <LDAPCDXAttrMapping cdxName="LastName" default="fn2" />
  <LDAPCDXAttrMapping cdxName="DisplayProfileCode" default="NORTHAM" />
  <LDAPCDXAttrMapping cdxName="ToDoEntries" default="1" />
  <LDAPCDXAttrMapping cdxName="TD_ENTRY_AGE_DAYS2" default="12" />
  </LDAPCDXAttrMappings>
  <LDAPEntryLinks>
  <LDAPEntryLink linkedToLDAPEntity="Group" linkingLDAPAttr="memberOf" />
  </LDAPEntryLinks>
  </LDAPEntry>
  <LDAPEntry name="Group" baseDN="OU=Groups,OU=yourgroup,DC=yourdomain,DC=com" cdxEntity="*Group*" searchFilter="(&amp;(objectClass=group)(name=%searchParm%))">
  <LDAPCDXAttrMappings>
  <LDAPCDXAttrMapping ldapAttr="name" cdxName="*group*" />
  <LDAPCDXAttrMapping ldapAttr="description" cdxName="Description" default="Unknown" />
  </LDAPCDXAttrMappings>
  <LDAPEntryLinks>
  <LDAPEntryLink linkedToLDAPEntity="User" linkingSearchFilter="(&amp;(objectClass=user)(memberOf=%distinguishedName%))" linkingSearchScope="onelevel" />
  </LDAPEntryLinks>
  </LDAPEntry>
  </LDAPEntries>
  Oracle OUAF, update your documentation, please.
  Regards,
  Seb

• LDAP integration with ISE

  We are doing an LDAP integration with ISE but we are getting following error. We are not able to identiry the problem when we tested the following scenirios.
  1. When we check with Anonymous access we are successful and we get the message “ Bind Successful to gluetest.systems.XXXX:3269”
  2. When we use the user name and password CN=GRHIIISEPOC,OU=,XXXX, DC=YYYY, DC=ADROOTTEST,DC=YYYY. We are not successful and we get the message “ Test Failed: Invalid Admin Credentials or Security Settings: Check Admin Username and Password and make the security settings are compatible with the server:”
  Please confirm is the user id what i am using is not having an admin preveliages or i am entered the parameters correctly.
  Thanks

  Did you use softerra or an ldap browser to pull the dn of this user account.
  Thanks
  Sent from Cisco Technical Support Android App

• ISE and LDAP Integration

  Hello,
  I have a question about the LDAP integration with the ISE:
  Since the ISE has a limitation of reading only 100 groups, I cannot find the groups that I need to use on the authorization, and also the ISE cannot find group if I search for it directly.
  What I mean here, that I can fetch the first 100 groups from the top of the directory, but when I search as example for any group (appear on the list or not) the ISE did not find it.
  Even I tried to change the base DN and the search DN but without luck.
  The ISE version is 1.1.4 installed on VM and the LDAP schema is AD.
  Is there any missing information/tips required in such integration?

  Hello,
  I found a cisco doc that provides resolution of Key Features of Integration of Cisco ISE and LDAP .I hope this helps!
  This section contains the following:
  •Directory  Service
  •Multiple  LDAP Instances
  •Failover
  •LDAP  Connection Management
  •User  Authentication
  •Authentication  Using LDAP
  •Binding  Errors
  •User  Lookup
  •MAC  Address Lookup
  •Group  Membership Information Retrieval
  •Attributes  Retrieval
  •Certificate  Retrieval
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1059913

• LDAP Integration with CUCM 9.0

  We would like to use LDAP to sync all of our users from Active Directory.  All of our current CM Users are local, the problem is that they have the same user names as our Active Directory users.  From what I understand this is going to be a problem because:
  "If accounts from LDAP match an existing Unified CM account that is not marked as an LDAP synchronized account, then these accounts are ignored."
  Does that mean we will have to delete all our existing CM users in order to sync the LDAP users correctly?  Is there a best practice for this?  Once we syncronize the LDAP users how to I ensure that the user gets associated with the proper phone?  Or do I have to visit each user individually? 

  I just did a quick test for this, my lab CUCM 9 is already LDAP integrated, but I created a local user, then I created that same local user in my LDAP OU, and performed a full sync.
  The user is no longer showing as a local active user, but as an active LDAP synchronized user.
  Which was my thought, there's only one conversion, from LDAP to local.
  The behavior is just as with any previous release, local users who match an LDAP user after you enable it, are just updated, and kept with all their configurations.
  I checked the option to turn it back again into a local user, did a full sync, and it's again an active LDAP user.
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• XML Publisher 5.6.2 with LDAP integration

  Hi,
  I have XMLP 5.6.2 installed on a tomcat instance.
  I wish to integrate the same with a LDAP source - Sun Iplanet directory server.
  For the user docs that I read, it is for Oracle LDAP and it is different for Iplanet.
  Is XMLP not supported for Iplanet directory server?

  Just to add some more context here:
  Using the SUN One console, I created all the roles mentioned (XMLP_ADMIN, XMLP_DEVELOPER...etc) in the user doc, and added users from the directory server to these roles.
  Then, I modified the xmlp-config file like:
  <property name="LDAP_PROVIDER_URL" value="ldap://millvalley:2389/"/>-->
  <property name="LDAP_PROVIDER_ADMIN_USERNAME" value="cn=Directory Manager"/>
  <property name="LDAP_PROVIDER_ADMIN_PASSWORD" value="oracle"/>
  <property name="LDAP_PROVIDER_USER_DN" value="cn=Rohit Valiveti, ou=Sales, ou=Dealer1k1, ou=Latin America, ou=Ford, o=company,c=us"/>
  The DS is working, I can connect via any LDAP client.
  I also restarted the tomcat and the Iplanet Directory Server.
  But now i am unable to login at all. The catalina.out file says:
  javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]

• EP60 and LDAP integration with Micosroft AD- Issues

  Hello,
  We have configured EP6 SP11 and Microsoft AD for the user authentication as below.
  MsAD:
  AD_Compass_Domain
  OU= Accounts
      OU=CORPORATE
            OU=IT
                  User1 (User master record)
                   User2 (User master record)
              OU=FI
                   User3 (User master record)
  OU=SAP_Portal
         OU=Corp_LDAP
               OU= Groups
                        SAP_Portal (Group Object and users are member of this group object as a link from all different OUs -user1,user2,user3)
                OU= Users
  EP6 LDAP config:
  Data Sources: Microsoft ADS (Flat Hierarchy) + Database
  (We also tried Deep hierarchy didn't work)
  LDAP Server:
  User Path : OU=SAP_Portal,DC=NA,DC=CompassDev,DC=Corp
  Group Path :
  OU=Groups,OU=Corp_LDAP,OU=SAP_Portal,DC=NA,DC=CompassDev,DC=Corp
  The issues:
  1- SAP Portal could not see the group object when I browse the LDAP from portal.
  2- SAP Portal is not allowing users (User1, User2, User3 etc which are member of the group object) to log in to the portal unless I put users directly under OU level like OU=Groups or if I point the path to the
  OU=Accounts level which we do not want to do that because we have 50,000 users defined under OU=Accounts and we want just some of them like 3000 users. Portal gives the message
  “user authentication failed”
  Note: I checked the UME and I don’t see the users listed in the group objects. Group object "SAP_Portal" is Universal Group object. (We also tried the global type)
  3- When we put user directly under OU level, then users can log in but they are not able to change their password. We also can not change the user passwords through the Portal admin tools(UME or Visual Admin). I
  have heard that without SSL, MsAD would not allow portal users to change their password.
  a. (Portal internal user, [email protected], has
  only read access on MsAD)
  Note: We use 3268 as an AD port and 389 is also active I tried both of them but no chance.
  Thanks for your help in advance.

  Sasikanth,
  Usually before you switch UME to AD, you would read it with an LDAP web compliant browser, to check if you could access your OU, Group, and Users. Are you sure you can read the complete LDAP structure on AD?
  Kindly re-check the process, to see if you missed out on any steps.
  http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
  Check note 772620 - UME 4.0: Create Groups on Microsoft Active Directory Server
  Regards,
  James

• Integrating BIP with multiple LDAP servers

  Hi,
  my question is very simple. In Admin->Security Configuration->Security Model section i've setted Security model combobox with LDAP value. Then i've filled all LDAP information field (for example:URL). All works. But in my rpd i 've multiple LDAP servers (multiple URL) and in the form i can insert information about only one LDAP server.
  Is it possible configure BIP with multiple LDAP servers?
  Thanks
  Giancarlo
  P.S. I'm using OBIEE 10g

  Hi,
  my question is very simple. In Admin->Security Configuration->Security Model section i've setted Security model combobox with LDAP value. Then i've filled all LDAP information field (for example:URL). All works. But in my rpd i 've multiple LDAP servers (multiple URL) and in the form i can insert information about only one LDAP server.
  Is it possible configure BIP with multiple LDAP servers?
  Thanks
  Giancarlo
  P.S. I'm using OBIEE 10g

• Integration of CQ 5.5 with open LDAP

  Hi Team,
  I am trying to integrate cq 5.5 with open ldap. i am able to see ldap entry in jmx console .
  But here the problem is the users in LDAP are not imported to CQ users.
  Below are methods in com.adobe.granite.ldap tools section in jmx console.
  [Ljava.lang.String;
  listOrphanedUsers()
  retrieves a list of users not present in the LDAP directory anymore
  java.lang.Void
  syncAllUsers()
  updates all local user informations based on the LDAP directory
  [Ljava.lang.String;
  syncUser(java.lang.String user)
  updates the local user information for a specific LDAP entry
  [Ljava.lang.String;
  syncUserList([Ljava.lang.String; userlist)
  updates the local user information for a list of LDAP entries
  [Ljava.lang.String;
  purgeUsers()
  removes the local user information for all users removed from the LDAP server
  using these methods also am unable to import my ldap users to cq.
  Please guide me on the same.
  Thanks & Regards,
  Prasad.

  please refer to the master guide available for the SRM 5.0 --> which has got details of the R/3 system which you can use with SRM 5.0.
  I have seen the guide and according to it , you can use R/3 3.1i - SAP ECC 6.0.
  and also there should be no limitation as far as i know , if you are able to use R/3 4.6B  , you should be able to use all the functionality.

• Unity Connection 8.5 with Domino\Notes & Active Directory

  A question has emerged in light of the LDAP integration issue Unity Connection lacks with the IBM Domino LDAP Database.  The customer was planning on testing a 2008 AD Domain this coming year and would be willing to set up 2008 DC’s in two locations to support the HA configuration we are installing for them. 
  The question “will they lose any integration  / features / usability if they pursue this approach?  IE:  the CUCM / CUCXN / CUPS servers would leverage the AD LDAP directory for user authentication, but the end user would still be using the Domino LDAP directory for the Lotus NOTES client and other applications.  IF the users on CUCM authenticate against the AD Domain, and the Notes clients Authenticate against the Domino domain, will the plug-ins still function properly? 
  I no NOTES/Domino experience.  Additionally the customer currently has no domain structure to speak of; all workstations are in (if you can believe it) Workgroups.
  Thanks All,
  Matt

  to keep things moving...
  This is an answer I got from a Cisco SE:
  "If they are not doing anything with CUP’s then I don’t see an issue. They don’t even need to use a Unity Connection plug-in since they are using IMAP. They can double click on the .wav file that’s in their IMAP inbox and it will play.  Now the real question is if they want to do more integration with Notes and CUPC. So if they want to click to call from Notes, will the Jabber application recognize a name pulled in from domino? These types of scenarios is what we would need to figure out. Hopefully by that time they will have everything moved over to AD.  For just voicemail with an IMAP connection I don’t see how we are doing anything special."
  That being said, does anyone else have any input?

• UCCX 7.0.1SR5 to 8.0 upgrade while also adding LDAP integration for CUCM - what happens to agents and Historical Reporting data?

  Current State:
  •    I have a customer running CUCM 6.1 and UCCX 7.01SR5.  Currently their CUCM is *NOT* LDAP integrated and using local accounts only.  UCCX is AXL integrated to CUCM as usual and is pulling users from CUCM and using CUCM for login validation for CAD.
  •    The local user accounts in CUCM currently match the naming format in active directory (John Smith in CUCM is jsmith and John Smith is jsmith in AD)
  Goal:
  •    Upgrade software versions and migrate to new hardware for UCCX
  •    LDAP integrate the CUCM users
  Desired Future State and Proposed Upgrade Method
  Using the UCCX Pre Upgrade Tool (PUT), backup the current UCCX 7.01 server. 
  Then during a weekend maintenance window……
  •    Upgrade the CUCM cluster from 6.1 to 8.0 in 2 step process
  •    Integrate the CUCM cluster to corporate active directory (LDAP) - sync the same users that were present before, associate with physical phones, select the same ACD/UCCX line under the users settings as before
  •    Then build UCCX 8.0 server on new hardware and stop at the initial setup stage
  •    Restore the data from the UCCX PUT tool
  •    Continue setup per documentation
  At this point does UCCX see these agents as the same as they were before?
  Is the historical reporting data the same with regards to agent John Smith (local CUCM user) from last week and agent John Smith (LDAP imported CUCM user) from this week ?
  I have the feeling that UCCX will see the agents as different almost as if there is a unique identifier that's used in addition to the simple user name.
  We can simplify this question along these lines
  Starting at the beginning with CUCM 6.1 (local users) and UCCX 7.01.  Let's say the customer decided to LDAP integrate the CUCM users and not upgrade any software. 
  If I follow the same steps with re-associating the users to devices and selecting the ACD/UCCX extension, what happens? 
  I would guess that UCCX would see all the users it knew about get deleted (making them inactive agents) and the see a whole group of new agents get created.
  What would historical reporting show in this case?  A set of old agents and a set of new agents treated differently?
  Has anyone run into this before?
  Is my goal possible while keeping the agent configuration and HR data as it was before?

  I was doing some more research looking at the DB schema for UCCX 8.
  Looking at the Resource table in UCCX, it looks like there is primary key that represents each user.
  My question, is this key replicated from CUCM or created locally when the user is imported into UCCX?
  How does UCCX determine if user account jsmith in CUCM, when it’s a local account, is different than user account jsmith in CUCM that is LDAP imported?
  Would it be possible (with TAC's help most likely) to edit this field back to the previous values so that AQM and historical reporting would think the user accounts are the same?
  Database table name: Resource
  The Unified CCX system creates a new record in the Resource table when the Unified CCX system retrieves agent information from the Unified CM.
  A Resource record contains information about the resource (agent). One such record exists for each active and inactive resource. When a resource is deleted, the old record is flagged as inactive; when a resource is updated, a new record is created and the old one is flagged as inactive.

• Enterprise Portal - MDM - LDAP integration

  We are succesfully able to integrate Portal to MDM with a trusted connection and with portal users existing in LDAP and mdm users existing in MDM console.
  We also successfully integrated MDM with LDAP so that we dont have to store users in console, but manage them in LDAP. But once we did the LDAP integration, portal to MDM connection was lost saying mdm user details could not be retrieved.
  Has anybody faced this issue? what key steps to taken care during MDM-LDAP integration.

  Hi goerge,
  When ever we integrate MDM with LDAP, we need to make a setting in MDS.ini file.
  Please check the "User Identifier" setting in MDS.ini file.
  Typically this should be The name of the LDAP id field which will match the value the user provides as the Username at logon.
  Make the entry in MDS.ini like User Identifier = cn or SamAccountName.
  If that is done, please verify other parameters corresponding to LDAP in MDS.ini as per the table 91 in Page no 291 in MDM Console referece guide.
  Or refer to the SAP note 1635338 for reference which is pointing to same issue.
  This should solve your problem.
  Regards,
  Sravan

• Portal KM and Domino Doc Integration

  Hi
  Is there anyway I can Integrate Portal Knowledge Management with domino doc.
  Regards
  Senthil

  Hello Senthil,
  yes, for the integration of the user interface of any Lotus Notes/Domino application you have the following options:
  1: Rendering on Domino
  - URL iViews to Domino Web App
  - leveraging Enterprise Portal eventing for communication between the Domino iViews and other portal iViews
  - leveraging Enterprise Portal styles for consistent look and feel
  2: Rendering on Enterprise Portal
  - using XSLT and ?ReadViewEntries to render NotesViews (flat and categorized)
  - using XSLT and ?ReadEntries to render Outlines for Navigation. Also the assignment of such an iView to a pages dynamic navigation is possible. Navigation events are communicated through portal eventing
  - using SOAP or web agents and DXL to render documents
  SAP Consulting has alredy implemented all those options mentioned in customer projects. Please get back to me if you need more information or samples.
  Regards
  Michael

• How to integrate with lotus entrerprise integrator.

  Hi guys,
  Any one can give assist to integrate sap with lotus enterprise integrator.
  regards,
  Sathis

  1) I haven't integrated BPEL with Lotus Notes, but have integrated with Lotus Notes using its Java API's and now Lotus Notes/Domino 7 also supports Web Services. You can integrate with BPEL using that.
  HTH
  Satish Paul

• DIP synchronization from Domino LDAP to OID

  Hi,
  has anyone tried using DIP to synchronize users and groups from Lotus Domino LDAP to OID?
  There is a connector available with OIM, but since I don't need provisioning was hoping to get away without extra OIM infrastructure. (I will use OIM if I have to).
  My attempts are still in the early stage, and wanted to make sure I was going down the right road.
  Using 10.1.4.3 OID, creating an import connector using the import openLDAP template.
  Looks like I can get the mapping down and a manual bootstrap does work.
  1) Can I adapt elements of the OIM adapter to work within the DIP connector?
  2) Domino seems to store groups at the root DSE. The DIP connector does not accept empty or "" as a source domain to search for the groups. It needs that the source groups be stored in a container. Anyone run into this type of thing? Is there something to enter into the DIP connector config that will allow using the ROOT DSE of the target as search source?
  3) When I enable the connector, Synchronization delivers a success status. Reconcile is errored and unsuccessful. Can I get by with only synchronization working?
  4) Going outside of Oracle here...but is anyone aware if Lotus Domino LDAP maintains a changelog? Or does it use modify timestamps as attributes of users/groups?
  5) In the eventuality that I need to write a custom agent for Domino or custom 'Reader' or reconcile agent. Has anyone done this or have sample code to look at? Even if not for Domino, but custom for other LDAP?
  Thanks

  it's either DIP via LDAP or OIM connector via Lotus Java API. I'd go with LDAP...if DIP doesn't work, it's pretty simple to write a script to export records and then import them into OID. There are a lot of LDAP utilities, google is your friend.