Large LDAP directories ( 10K users)

Similar Messages

• LDAP Directories not working at work

  I've used LDAP directories in Address Book at home but when I'm at work the same configurations do not work, only my company LDAP works. This seems odd as I am able to add these LDAP servers and use them at home. Id there some sort of blocking being done? How is that possible? An example is Stanford:
  ldap.stanford.edu
  cn=people,dc=stanford,dc=edu
  port 389

  I had our IT guys come down here once again to try to explain the problem to them. They sort of just stood there slack-jawed, not understanding and told me that Mac Mail won't run on our Exchange server. Well, Mac Mail IS currently running in conjunction with our Exchange server, I need the info for the LDAP server! They act like everything is classified information and that I'm just some crazy Mac-user. I just don't understand how Entourage can access this LDAP server, and Mac Mail can't.
  I tried putting "cn=gravity.com" in the Search Base box but it didn't fix the problem. And what do I put for Scope: Base, One Level, or Subtree? I know what to put for my authentication, but is the server called ldap//:auntie.gravity.gravitymail.com or is it just auntie.gravity.gravitymail.com? Or is it ldap.auntie.gravity.gravitymail.com? I'm just not sure what the problem is. I feel like I'm just trying an infinite number of combinations until it works....

• Integrating EP with R/3, BW & third party systems such as LDAP directories

  Hi Expersts,
     I am looking for Integrating EP with R/3, BW & third party systems such as LDAP directories and Portal application development using HTMLB. Can any one send the related information. if you send the detailed documents with real time scenarios it could be very useful for me. Please send the docs to [email protected]
  Thanks in advance.

  hi praveen,
  refer to this links of integrating EP with BW.it will be useful....
  <b>https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/a5067965-0901-0010-6f8a-bbf0b7424283,
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/6b1472a7-0301-0010-64bd-dc96509db6f7,
  The Architect's World - Episode 23>
  /* points r welcome for a helpful answer*/

• Multiple LDAP directories for authentication

  Hi,
  I just upgraded to GroupWise 2014 (from 2012). In GW2012 I used LDAP authentication against eDir. In GW2014, I associated the GW mailboxes to Active Directory. I tested a few accounts and I can login just fine. However I also have mailboxes that have to authenticate to eDir, because (for now) they don't have AD equivalent accounts.
  To achieve this, I also added the eDirectory as a directory in the GW admin console. I then enabled LDAP authentication in the Post Office security settings, without adding the "Available LDAP Servers" to the "Selected LDAP Servers" box.
  When I logon to a mailbox that is associated to eDir, it allows me to logon. I do have a mailbox that doesn't allow me to logon, although it is associated to eDir. When I re-associate (remove-add) it, it works for a while only to stop working again. It's not entirely stable.
  In the POA log, I see the following message: Alert: Utilize LDAP server which is not in the pool configuration! So it would seem it doesn't particularly like my setup.
  Questions:
  * Is what I'm trying to achieve not supported or am I configuring it wrong?
  * If I add the "Available LDAP Servers" to the "Selected LDAP Servers" box will it use it a failover pool and thus mess up my mixed-directory authentication?
  * Is it possible to use GroupWise authentication for some mailboxes and AD authentication for others. If so, it would take away the need to use eDir.
  Iwan

  It's not an error, just informational. The LDAP AUTH code for the POA has changed somewhat in 2014. Before, it used to only use LDAP servers in a pool, but now, it will first try any LDAP servers/directories in it's "Preferred list", but if it can't not find the user using that list, it will then proceed to try all other LDAP servers that are configured.
  --Morris
  >>> iwan<[email protected]> 1/9/2015 5:16 AM >>>
  Hi,
  I am able to authenticate to AD en edir within the same PO. I would like
  to phase out edir as maintaining two directories is not ideal. The only
  reason I still use edir is for those few GW accounts that do not have AD
  counterparts and for which I do not want to create AD accounts. So using
  LDAP(AD) together with GW auth would be ideal for me. I'll look into
  creating a second PO for this purpose.
  I just wonder why the POA log keeps displaying the following message, if
  having multiple directories in a single PO is supported: "Utilize LDAP
  server which is not in the pool configuration!"
  Iwan
  iwan
  iwan's Profile: https://forums.novell.com/member.php?userid=5639
  View this thread: https://forums.novell.com/showthread.php?t=481102

• ARD 3 Kills LDAP and NetHome Users

  We recently deployed ARD 3 on our network of close to 600 Macs; close to 200 of which are Net-Home users. (users with home directories mounted from an XServe) We have 7 XServes with the Net-Home users distributed between them.
  Our problem is, with ARD 3, whenever we open the ARD Admin application on any of our administrative workstations and it polls our networks, it causes the clients to bombard our LDAP server with lookups, which in turn, causes all our Net-Home users to get the color wheel/beach ball/etc, as the XServes are very dependent upon LDAP access.
  We did not experience this problem with previous versions of ARD.
  iMac G5 20"   Mac OS X (10.4.6)  

  We originally thought the usage data reporting / reporting to a task server was causing this problem, however, disabling all reporting, task server services, and schedules on the clients did not resolve this problem.

• Certified LDAP Directories

  I am told that Oracle only certify OID and MAD for use with Portal and Application Server. Of course, most of us already have invested in companywide directories using industry strength products such as iPlanet, eDirectory, Critical Path, etc.
  It shouldn't be too hard to connect one of these directories up but what does "uncertified" really mean? What is the actual risk if we do?
  Secondly, does anyone think Oracle will relent (pull their head in) and realise that there are other directories in use out there?

  I had our IT guys come down here once again to try to explain the problem to them. They sort of just stood there slack-jawed, not understanding and told me that Mac Mail won't run on our Exchange server. Well, Mac Mail IS currently running in conjunction with our Exchange server, I need the info for the LDAP server! They act like everything is classified information and that I'm just some crazy Mac-user. I just don't understand how Entourage can access this LDAP server, and Mac Mail can't.
  I tried putting "cn=gravity.com" in the Search Base box but it didn't fix the problem. And what do I put for Scope: Base, One Level, or Subtree? I know what to put for my authentication, but is the server called ldap//:auntie.gravity.gravitymail.com or is it just auntie.gravity.gravitymail.com? Or is it ldap.auntie.gravity.gravitymail.com? I'm just not sure what the problem is. I feel like I'm just trying an infinite number of combinations until it works....

• How to maintain the dimension member that had large amount (over 10K)

  Hi, all,
  I am now doing a Project Planning using BPC and had some questions as follows:
  1. the total amount of the project memeber is huge (exceeding 10K in total). it will be crazy for the Administrator to maintain it only by himself. Is it possible that we can find a workaround method to let the end user to do the restricted work of administrator. in another word, can we find a way that prevent the end user to enter the Administration interface but can add the member themselves through the front end. the process work can be done in shcedule or by manually by the administrator?  Anybody had the experience on this? Or do you have any alternative and workaround way to solve the problem?
  2. the project memeber adding is not finished within one time. that means, in the first time, maybe only add the highest level. and later, adding the members under it. how can we manage it? Dynamic Hierachy or the others?
  Thanks

  You could also have the end user update a regular excel spreadsheet with the same column format as a membersheet.  Easiest would be to save off the membersheet in another location accessible to the end user.  Then it can be modified using excel.  Or have the end user maintain a delimited flat file containing all the information included in a membersheet.
  Using the bpc makedim package as a starting point, you can create a custom version that takes the user updated document as input and updates the bpc sql mbr table for that dimension then process the dimension. As long as the member list does not exceed the excel limitations, I would also suggest updating the membersheet in bpc.  In previous implementations this has meant taking a copy of the membersheet, deleting it, coping a template with the correct columns, then adding the members into it.  Updating excel spreadsheets from SSIS can be challenging if you have to deal with deleted members.
  Also if you have the potential of deleted members that might have associated facts, I have another post concerning that issue, but have not had time to try any of  the suggestions.
  Now, the end user is responsible for updating the member list without having access to BPC Admin tool, but someone with access to run datamanager packages would have to execute the datamanager package to process the dimension.

• Can't create or modify ldap group or user

  I have a web proxy 4.0.6 (ans i try with 4.0.7)server link with 2003 active directory server
  But I cannot create or manage group
  The BaseDN is OU=company,DC=ssc,DC=com
  The BindDN is CN=Administrator,CN=Users,DC=ssc,DC=com
  The web proxy server can add organization into active directory
  But cannot create group and user, Error:
  Adding group3... Problem
  An error occurred while contacting the LDAP server.
  (No such attribute)
  The server was unable to process the request, because the request referred to an attribute which does not exist in the entry.
  Adding user3... Problem
  An error occurred while contacting the LDAP server.
  (Naming violation)
  The search of group have a bug too i can' find any group but i can find users or OU
  So how can we say that it's LDAP compatible, there is a bug in this module ?
  Merci
  Edited by: killa74 on Mar 29, 2008 10:49 AM

  Strange but the problem seems to have just gone away on its own!

• Problem with LDAP authentication for users in a group

  I've gone through several forums attempting to find a solution, but I still can't get authentication to work for users in a particular group within AD. Our ASA is running 9.1(2), and the domain controller is a Windows Server 2012 R2.
  I can configure the VPN connection, so that all users can authenticate just fine; however, when I setup the group, there appears to be success, but I'm reprompted to authenticate, and it eventually fails:
  [6707]  memberOf: value = CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com
  [6707]          mapped to IETF-Radius-Class: value = GroupPolicy_COMPANY_SSL_VPN
  [6707]          mapped to LDAP-Class: value = GroupPolicy_COMPANY_SSL_VPN
  [6707]  msNPAllowDialin: value = TRUE
  I'd be grateful if anyone can point me into the right direction and show me what I'm doing wrong. Thank you.
  ldap attribute-map AuthUsers
    map-name  memberOf IETF-Radius-Class
    map-value memberOf "CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com" GroupPolicy_COMPANY_SSL_VPN
  aaa-server LDAP protocol ldap
  aaa-server LDAP (COMPANY_PROD_INTERNAL) host 10.10.100.110
   ldap-base-dn DC=COMPANY,DC=com
   ldap-scope subtree
   ldap-naming-attribute sAMAccountName
   ldap-login-password *****
   ldap-login-dn CN=LDAPAuth,CN=Users,DC=COMPANY,DC=com
   server-type microsoft
   ldap-attribute-map AuthUsers
  group-policy NOACCESS internal
  group-policy NOACCESS attributes
   vpn-simultaneous-logins 0
   vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
   webvpn
    anyconnect ask none default anyconnect
  group-policy GroupPolicy_COMPANY_SSL_VPN internal
  group-policy GroupPolicy_COMPANY_SSL_VPN attributes
   wins-server none
   dns-server value 10.10.100.102
   vpn-tunnel-protocol ikev1 ikev2 ssl-client
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value SPLIT-TUNNEL
   default-domain value net.COMPANY.com
   webvpn
    anyconnect profiles value COMPANY_SSL_VPN_client_profile type user
  tunnel-group COMPANY_SSL_VPN type remote-access
  tunnel-group COMPANY_SSL_VPN general-attributes
   address-pool COMPANY-SSL-VPN-POOL
   authentication-server-group LDAP
   authorization-server-group LDAP
   authorization-server-group (COMPANY_PROD_INTERNAL) LDAP
   default-group-policy NOACCESS
   authorization-required
  tunnel-group COMPANY_SSL_VPN webvpn-attributes
   group-alias COMPANY_SSL_VPN enable
  tunnel-group COMPANY_SSL_VPN ipsec-attributes
   ikev1 pre-shared-key *****

  I just figured it out. Under "group-policy GroupPolicy_COMPANY_SSL_VPN attributes", I had to add "vpn-simultaneous-logins 15". Apparently, it was using the value "vpn-simultaneous-logins 0" under the NOACCESS group policy.

• 10g w/ASM on RHEL4 with LDAP/AD db user

  Hi folks,
  I'm a bit green at all this Oracle stuff (though I'm pretty experienced with Linux) and I'm currently trying to install Oracle 10g on a 64-bit RHEL 4 AS box, using ASM. This box is currently also running 9i happily. I am running into a couple of problems which may or may not be related:
  Firstly, I've installed the asmlib stuff and it will all run fine (pick up and configure disks on my SAN over fibrechannel etc.) apart from the service/interface configuration - for various reasons I need to have my oracle DB user authenticate against LDAP (active directory in this instance) like all my other users do (and this works fine in 9i) - I don't expect this is a problem for the DB install itself (though I've not gotten that far - I don't have a 10g DB installed yet.) but the config script for ASM will not accept any of my LDAP users as valid, and hence won't set the appropriate permissions on the /dev/oracleasm stuff etc (and doing so manually doesn't seem to solve problem 2) - is there a way around this? Is it a restriction just of the config script or can the service just not cope with non-local users?
  The second problem is that even with ASM disks configured, when I go to do an install with runInstaller, and select the configuration of ASM, it can't find any disks to add regardless of what path I give it to look in. I assume this is related to the problems with ASM above, but perhaps there's something else going on?
  Hope y'all can help.
  Thanks,
  -Nathan

  There are no users for ASM per se. You don't connect as Fred/fred since no-one ever logs into it directly. It's only a storage subsystem.
  the only time you would connect is if you needed to go in as the SYSDBA or SYSOPER role to start it up, shut it down or do maintenance.
  When it is up and running and doesn't see your disks there is a good troubleshooting note
  457369.1 which might help. usually diskstring needs to be set.

• URGENT! I need help on LDAP - Finding deleted users Attribute "sAMAccount"

  Hi,
  I am trying to get deleted users from Active Directory after a certain interval. Every time only the differences in the result will be shown. Also I need to get the value of the specific attribute called "sAMAccount" every time for each user(in the result).
  I am using polling here.
  *if (localCookie == null) {*
                      // Specify the DirSync Control
                      *Control[] ctls = new Control[] { new DirSyncControl() };*
                      ctx.setRequestControls(ctls);
                 *} else {*
                      // Specify the DirSync Control with cookie
                      *Control[] ctls = { new DirSyncControl(1, Integer.MAX_VALUE, localCookie, true) };*
                      ctx.setRequestControls(ctls);
  rspCtls = ctx.getResponseControls();
  *if (rspCtls != null) {*
                 *for (int i = 0; i < rspCtls.length; i++) {*
                      *if (rspCtls[i] instanceof DirSyncResponseControl) {*
                           *DirSyncResponseControl rspCtl = (DirSyncResponseControl) rspCtls;*
                           localCookie = rspCtl.getCookie();
  The typical problem I am facing here is 2nd iteration onwards the result is not fetching the attribute "sAMAccount".
  Please suggest the possible reason and solution.

  String searchBase = "DC=test,DC=com";
  String searchString = "(&(objectClass=user)(|(givenName=*)(isDeleted=TRUE)))";
  String url = "ldap://jbaitest.test.com:389";
  String initCntxtFact = "com.sun.jndi.ldap.LdapCtxFactory";
  String login= "CN=Administrator,CN=Users,DC=TEST,DC=COM";
  String passwd = "welcome@1";
  byte[] localCookie = AdPolling.getCookie();
  try {
      Hashtable<String, String> env = new Hashtable<String, String>();
      env.put(Context.INITIAL_CONTEXT_FACTORY, initCntxtFact);
      env.put(Context.SECURITY_AUTHENTICATION, AdConstant.SECURITY_AUTH_TYPE_SIMPLE);
      env.put(Context.SECURITY_PRINCIPAL, login);
      env.put(Context.SECURITY_CREDENTIALS, passwd);
      env.put(Context.PROVIDER_URL, url);
      LdapContext ctx = new InitialLdapContext(env, null);
      SearchControls searchCtls = new SearchControls();
      String returnedAtts[] = null;
      searchCtls.setReturningAttributes(returnedAtts);
      searchCtls.setReturningObjFlag(true);
      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
      if (localCookie == null) {
          Control[] ctls = new Control[] { new DirSyncControl() };
          ctx.setRequestControls(ctls);
      } else {
       // Specify the DirSync Control with cookie
       Control[] ctls = { new DirSyncControl(1, Integer.MAX_VALUE, localCookie, true) };
       ctx.setRequestControls(ctls);
      NamingEnumeration enumSearchResult = ctx.search(searchBase, searchString, searchCtls);
      AdRestClientConnector adRestCon = populateUsers(enumSearchResult); // Method to get the different  attribute values
      rspCtls = ctx.getResponseControls();
      if (rspCtls != null) {
       for (int i = 0; i < rspCtls.length; i++) {
           if (rspCtls[i] instanceof DirSyncResponseControl) {
            DirSyncResponseControl rspCtl = (DirSyncResponseControl) rspCtls;
            localCookie = rspCtl.getCookie();
  AdPolling.setCookie(localCookie);
  } catch (NamingException e) {
       log.error(AdConstant.ERROR_SEARCHING_DIR_PROBLEM + e);
  } catch (Exception e) {
       log.error(AdConstant.ERROR_SEARCHING_DIR_PROBLEM + e);

• LDAP Authentication Failed :user is not a member in any of the mapped group

  Hi,
  I tried to set up the LDAP Authentication but I failed.
  LDAP Server Configuration Summary seems to be well filled.
  I managed to add a Mapped LDAP member Group: This group appears correctly in the Group list. 
  But itu2019s impossible to create a User. Although this user is a member of the mapped group (checked with LDAP Brower) , an error message is displayed when I tried to create it (There was an error while writing data back to the server: Creation of the user User cannot complete because the user is not a member in any of the mapped groups)
  LDAP Hosts: ldapserverip:389
  LDAP Server Type: Custom
  Base LDAP Distinguished Name: dc=vds,dc=enterprise
  LDAP Server Administration Distinguished Name: CN=myAdminUser,OU=System Accounts,OU=ZZ Group Global,ou=domain1,dc=vds,dc=enterprise
  LDAP Referral Distinguished Name:
  Maximum Referral Hops: 0
  SSL Type: Basic (no SSL)
  Single Sign On Type: None
  CMS Log :
  trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
  trace message: LDAP: LdapQueryForEntries: QUERY base: dc=vds, dc=enterprise, scope: 2, filter: (samaccountname=KR50162), attribute: dn objectclass
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 2453 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
  trace message: GetParents from plugin for cn=huh\,chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise.
  trace message: LDAP: De-activating query cache
  trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
  trace message: LDAP: query for DSE root returned 89
  trace message: LdapQueryForEntries: incr. retries to 1
  trace message: LDAP: Updating the graph
  trace message: LDAP: Starting Graph Update...
  trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
  trace message: LDAP: query for DSE root returned 89
  trace message: LdapQueryForEntries: incr. retries to 1
  trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
  assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
  trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
  trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (&(cn=gp-asia)(objectclass=group)(member=cn=huh
  , chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise)), attribute: objectclass
  trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
  assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
  trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
  trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (cn=gp-asia), attribute: member objectclass samaccountname cn
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 3109 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
  trace message: LDAP: query for DSE root returned 0
  trace message: Failed to commit user 'KR50162'. Reason: user is not a member in any of the mapped groups.
  trace message: [UID=0;USID=0;ID=79243] Update object in database failed
  trace message: Commit failed.+
  Can you please help?
  Joffrey

  Please do this after you verify all permission settings for all the groups the account is associated with. Also, make sure you check the NTFS folder permissions before doing this as well.
  Since the same result happens on multiple computers, it is not the profile.
  I am recommending you delete the AD account (or rename to backup the account).
  It will not effect the users Exchange account, but you will need to link it back to the new AD user account. 
  You can also delete her profile just to remove it, for the "just in case" scenario.
  Don't forget to mark the post that solved your issue as &quot;Answered.&quot; By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional

• LDAP as a user source in UME

  Hi all,
  We have a concern regarding the user source to be selected at UME level.
  At CUP level you can also set the user source for user details.
  Our questions here:
  1) Is there any relationship between such user source configuration?
  2) Which is the best practice here?
  Many thanks in advance. Best regards,
     Imanol

  Imanol,
  if you're setting up UME to use ActiveDirectory as a data source you can set the CUP data source to UME and get at the AD users from CUP.
  While I would advise linking UME to AD usually (if you do that there's no need to create users and passwords for new approvers), I would still create an LDAP connector for AD directly in CUP.
  Only the LDAP connector will alllow you to use ALL ActiveDirectory fields for custom fields and/or provisioning extended data into your ERP systems (location, room, department etc.).
  Frank.

• LDAP connection for user attribute via webdynpro code

  Hello,
  Kindly help for below issue
  point1
  While connecting to LDAP exception of simple bind failed is coming. code is as below
            try {
                 Hashtable env = new Hashtable();
                 env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                 env.put("java.naming.provider.url", "ldap://10.77.16.220");
                 env.put("java.naming.security.authentication", "simple");
                 env.put(Context.SECURITY_PROTOCOL,"ssl");
                 env.put("java.naming.security.principal", "sapuser");
                 env.put("java.naming.security.credentials", "voda@12345");
                 DirContext ctx;
                 ctx = new InitialDirContext(env);
                 // Create search controls
                 SearchControls controls = new SearchControls();
                 controls.setCountLimit(0);
                 controls.setTimeLimit(0);
                 controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                 // Create filter
                 String filter = "(sAMAccountName= *)";
                 // Run search
                 NamingEnumeration results = ctx.search("OU=OUs,DC=mycomp,DC=com", filter, controls);
                 //wdComponentAPI.getMessageManager().reportSuccess(results);
            } catch (NamingException e) {
                 // TODO Auto-generated catch block
                 //e.printStackTrace();
                 wdComponentAPI.getMessageManager().reportSuccess(e.getMessage());
  point 2
  is there any method available in this API to reset pasword of user in LDAP ?
  thank you in advance
  B

  Hello,
  If you need this info, you will have to create a password policy that log last logon time.
  But be carefull with this function, it can create a lot of cpu load.
  <http://docs.sun.com/app/docs/doc/820-4809/fhkrj?l=en&n=1&a=view>
  Regards
  Eric.

• Mapping User Language vom LDAP to Portal Users

  Hi,
  Anyone knows how to map the user language available in an attribut from LDAP to the portal user language?
  (Working on NW04)
  Regards,
  Martin

  HI,
  For 2004s SP10,
  althought the manual tells you to use the preferredlanguage attribute in the datasource. Use the attribute 'locale' to map to your LDAP specific language attribute.
  example <attribute name="locale">
  <physicalAttribute name="preferredLanguage"/>
  </attribute>
  Use the 2-characters ISO language code set. For example en for English, nl for Dutch and de for German.
  Works fine for us.
  good luck,
  Joachim van Essen