LDAP attribute for user's last login time?
Hi all,
Is there an LDAP attribute that I could return (via an "ldapsearch" query) that would contain the user's last login time?
We have:
Directory Server Version: 5.2_Patch_2 ; Build number: 2004.107.0034
other...
Identity Server 2004Q2
sparc-sun-solaris2.9
Thanks in advance!
Hello,
If you need this info, you will have to create a password policy that log last logon time.
But be carefull with this function, it can create a lot of cpu load.
<http://docs.sun.com/app/docs/doc/820-4809/fhkrj?l=en&n=1&a=view>
Regards
Eric.
Similar Messages
-
Sunone Messaging Server 6.1--How to list all mail user's last login time
hi,i want to know how to list all the mail user's last login time.
There are more than 100000 mailbox accounts on our mail server,
i want to know which account is not used for more than 2 or 3 years.
thanks.http://wikis.sun.com/display/CommSuite/imsconnutil
Somchai. -
I'm trying to use DS6 built-in functionality for tracking user's last login time. I created a new password policy and enabled pwdKeepLastAuthTime attribute. Then I tried signing into Access Manager.
According to the documentation, an attribute pwdLastAuthTime should be added to the user entry, but it is not there.
Any ideas how I can get this to work?Last login time is a feature provided with the new Directory Server password policy implementation introduced in DS 6 and is not part of the compatibility mode. Check the Directory Server password policy compatibility mode:
$ dsconf get-server-prop ... | grep 'pwd-compat'
pwd-compat-mode : DS5-compatible-mode
The Directory Server password policy compatibility mode must be advanced past DS5-compatible-mode:
$ ldapmodify ...
dn: cn=Password Policy,cn=config
changetype:modify
replace:pwdkeeplastauthtime
pwdkeeplastauthtime:TRUE
modifying entry cn=Password Policy,cn=config
ldap_modify: DSA is unwilling to perform
ldap_modify: additional info: (Password Policy: modify policy entry) "pwdKeepLastAuthTime: TRUE" is not supported in server mode DS5-compatible-mode ("cn=config" pwdCompat: 0).
$ dsconf pwd-compat ... to-DS6-migration-mode
$ dsconf get-server-prop ... | grep 'pwd-compat'
pwd-compat-mode : DS6-migration-mode
Now it should work. If not, please try binding directly to the directory server as the user (e.g., do an ldapsearch as that user) and check the entry. -
Hi Friends,
I wanted to know the name of dictionary view which keep the user login details iee. login date and time. I want to check that what was the last login time of user. So that if user has not logged in since 30 days then his acccount must be locked.
Plz let me know if someone has any idea on this
Regards
AlokHi Guys
Thanks for your response. Let me more clear you what i m looking for.
I have 100s of developers working with me. I keep on maintaining data which user is being used by whom. I am using product/project based username. I want to achieve the following.
1) Find the users those are not using their login since X nos of days ie. to know who all are in use. Objective of this to know if any developer has swiched or quite from project.
2)I will lock those account and notify those owner that account has been locked considering that they are not using.
3)now these accounts can be allocated to some other developers on need basis.
This will give me flaxibility of using my existing resource and better management.
I hope i m clear with what all i need.
Please suggest best way to do this :)
Thanks a lot.
Alok -
Oblix audit logs to track last login time in Sun DS
Hi,
I would like to use oblix audit logs to track last login time in Sun DS.
Is there a straightforward procedure to do that other than parsing the logs and using custom script to update Sun DS.
Please advice.
Thanks.Hi,
In OAM you can define your own plugins to run during the authentication (you include them in the relevant authentication schemes) - you could write one that updates the user profile of the logged-in user. You would be pretty much on your own, though, all that OAM would give you is the DN of the logged in user. You would need to include libraries that connect to ldap (or maybe the plugin could send a web service call) and perform the necessary attribute updates. Authn plugins are documented in the Developer Guide: http://docs.oracle.com/cd/E15217_01/doc.1014/e12491/authnapi.htm#BABDABCG (actually that's for 10.1.4.3).
Regards,
Colin -
Error - The attributes for user could not be determined
When I login as a Buyer (with role ZTSX_EC_BBP_PURCHASER - copy of SAP_EC_BBP_PURCHASER), I get the foll. error while trying to Process Purchase Orders:
The attributes for user could not be determined
It does not happen on other transactions (like Sourcing or Issue POs).
The buyer is in the org. plan and I have checked the attributes and they seem ok.
What could be the issue ???
Thanks
-BakuleshHi
<b>Please go through these links -></b>
The attributes for user could not be determined --
'Error in writing attributes' when using function tab
Company code for system missing in user attributes
BBP_POC not working in SRM 5.0
Re: urgent: regarding ATTRIBUTES
Regards
- Atul -
Attribute for user contains errors. Inform system admin
Hello,
We've got an issue with shopping carts created by a user that was deleted from system. When trying to see in Monitoring Shopping Carts header or item details of a given sc. A web error occurs:
The URL http://srp.srm.gruposalinas.com.mx:8000/sap/bc/gui/sap/its/bbpsc11/! was not called due to an error.
Note
The following error text was processed in the system SRP : Attribute for user contains errors. Inform system admin.
The error occurred on the application server srm-pro_SRP_00 and in the work process 2 .
The termination type was: TH_RES_FREE
The ABAP call stack was:
Form: OUTPUT_EXPRESS_MESSAGES of program SAPLBBP_SC_UI_ITS
Form: EXTERNAL_SCREEN_DETERMINE of program SAPLBBP_SC_UI_ITS
Module: EXTERNAL_SCREEN_DETERMINE of program SAPLBBP_SC_UI_ITS
We've cheked SAP NOTE 312058-BBPPU99: Error: Attribute for ... is missing. Inform ...
But it seems that none of the information applies to us, since this issue is only present for Shopping carts that were created by this deleted user.
So we tried to re-assing one of this sc, chaning PARTNER_NO,ADDR_NR
ADDR NP data in table CRMD_PARTNER according to a new given user, but it didn't work. So we need to know how to re-assing this sc or perhaps how to find what specific attribute is missing.
Any advice is welcome.
Thanks in advance.Hi
<b>Which SRM version are you using ? This is an SRM error message.</b>
The manager role should be enough to change user attribute. The transaction is BBPATTRMAINT. Employee role should have BBPUM02 or BBPAT05 to change their own attribute.
<u>Please check whether the User ID you are using to Log into BBP_PD (and seems to be assigned in the org structure also)is consistent and has no errors in tcode USERS_GEN. You should check the user, it's not set up properly in USERS_GEN Transaction, Else repair the user.
To maintain the user attributes you must have the Administrator role.. Your user should have role SAP_BBP-STAL_ADMINISTRATOR and be integrated in the org structure. your user must be integrated in SRM organizational structure. To see which attributes are missing, you can click on the user in PPOMA_BBP to see details, and go to last tab "Check". This will list all required attributes depending on used scenarios (so you may not require all of them). You can also use transaction BBP_ATTR_CHECK to check user's attributes for a particular scenario.</u>
<b>Please go through the following links as well -></b>
bbp_mon_sc attributes
Re: FM for attribute's value assignation in PPOMA ?
Note 751022 - Monitor Shopping Cart: Item deletion causes termination
Re: User Settings are not saved
Re: Not able to generate user users_gen
Re: SRM organization plan...
Re: User creation error
<u>Hope this will definitely help. Do let me know.</u>
Regards
- Atul -
Re: check last login time
Dear all,
How to check the last login time in Sun Solaris 8. Any command or file that records it?
Thanks,
JoeHave a look at the man page for last?
-
HOWTO: Control Printer Attributes for a Report at Run Time Reports 6i
HOWTO: Control Printer Attributes for a Report at Run Time
Like page width , height etc
my problem is i had installed a printer and it is set for
printing different reports ( like invoice slips , legal size ,
A3 etc ) each time i have to manually set the page settup from
printer folder .instead if there is an option to set the printer
attributes from Reports 6i it is great
rajeshAll the Printer Setup(Page Height and Page Width) must be set in
the Reprot Program. These can be set at the Layout-Main Section
in the Object Navigator.
hth -
The attributes for user could not be determined --
Hi,
Our is extended classic scenario:srm5.0 & ECC6.0
we are getting the following error in the org plan:
"The attributes for user could not be determined "
The error is occuring , when we log into the web browser.
we also have a error in the org plan, under the user at the check tab,"No attribute found for scenario BBP".
when we run the BBP_ATTR_CHECK & BBP_BP_OM_Integrate, we have no errors...
Thanks in advance,
RK.Hi All,
Thanks for your support...
I check the T-code:BBP_ATTR_CHECK & BBP_BP_OM_INTEGRATE.
I also checked the attributes for the CP are ok,still i had the error appearing in the WEB.
The solution:
The CP has been deleted from the org plan.
Once again,we generated the users from USERS_GEN and assign CP to the org plan again at the same.Now the Attributes error is gone.... and the issue is resolved.
Thanks and Regards,
RK. -
Add a new attribute for user provisioining on SAP R3
Hi,
I want to add a new attribute for user provisioining on SAP R3.
- I have added new attribute in Process form and Resource form
- I think i need to add this attribute in lookup definition of SAP attributes also need to do mapping
but i am not finding lookup definition of SAP attributes .
What will be name of lookup definition of SAP attributes? (In case of AD, we have AtMap.AD).
Can any body please help me?
ThanksHi,
You cannot add custom fields and do provision or recon for it.I have opened the SR with Oracle and this facility will be available in 9.1. which is launching after 4 months.You need to request the source code and modify it to get the custom fields.
Thanks -
Sql statement for retrieving the last update time of a table
Hello all,
Can somebody give me an example of sql statement for retrieving the last update time of an oracle table.
Thank you
IlThanks for the fast replies. It works great when I test it as a sql statement but when trying to populate a datalist with it it raises the following exception:
Exception Details: System.ArgumentException: SCN_TO_TIMESTAMP(MAX(ORA_ROWSCN is neither a DataColumn nor a DataRelation for table DefaultView
Part of the Datalist Code:
ItemTemplate>
Line 12: SCN_TO_TIMESTAMP(MAX(ORA_ROWSCN)):
Line 13: <asp:Label ID="SCN_TO_TIMESTAMP_MAX_ORA_ROWSCN__Label" runat="server" Text='<%# Eval("[SCN_TO_TIMESTAMP(MAX(ORA_ROWSCN))]") %>'>
Line 14: </asp:Label><br/>
Line 15: <br/>
{code}
Why is this happening? Any ideas?
Il -
LDAP connection for user attribute via webdynpro code
Hello,
Kindly help for below issue
point1
While connecting to LDAP exception of simple bind failed is coming. code is as below
try {
Hashtable env = new Hashtable();
env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
env.put("java.naming.provider.url", "ldap://10.77.16.220");
env.put("java.naming.security.authentication", "simple");
env.put(Context.SECURITY_PROTOCOL,"ssl");
env.put("java.naming.security.principal", "sapuser");
env.put("java.naming.security.credentials", "voda@12345");
DirContext ctx;
ctx = new InitialDirContext(env);
// Create search controls
SearchControls controls = new SearchControls();
controls.setCountLimit(0);
controls.setTimeLimit(0);
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// Create filter
String filter = "(sAMAccountName= *)";
// Run search
NamingEnumeration results = ctx.search("OU=OUs,DC=mycomp,DC=com", filter, controls);
//wdComponentAPI.getMessageManager().reportSuccess(results);
} catch (NamingException e) {
// TODO Auto-generated catch block
//e.printStackTrace();
wdComponentAPI.getMessageManager().reportSuccess(e.getMessage());
point 2
is there any method available in this API to reset pasword of user in LDAP ?
thank you in advance
BHello,
If you need this info, you will have to create a password policy that log last logon time.
But be carefull with this function, it can create a lot of cpu load.
<http://docs.sun.com/app/docs/doc/820-4809/fhkrj?l=en&n=1&a=view>
Regards
Eric. -
Problem with LDAP authentication for users in a group
I've gone through several forums attempting to find a solution, but I still can't get authentication to work for users in a particular group within AD. Our ASA is running 9.1(2), and the domain controller is a Windows Server 2012 R2.
I can configure the VPN connection, so that all users can authenticate just fine; however, when I setup the group, there appears to be success, but I'm reprompted to authenticate, and it eventually fails:
[6707] memberOf: value = CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com
[6707] mapped to IETF-Radius-Class: value = GroupPolicy_COMPANY_SSL_VPN
[6707] mapped to LDAP-Class: value = GroupPolicy_COMPANY_SSL_VPN
[6707] msNPAllowDialin: value = TRUE
I'd be grateful if anyone can point me into the right direction and show me what I'm doing wrong. Thank you.
ldap attribute-map AuthUsers
map-name memberOf IETF-Radius-Class
map-value memberOf "CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com" GroupPolicy_COMPANY_SSL_VPN
aaa-server LDAP protocol ldap
aaa-server LDAP (COMPANY_PROD_INTERNAL) host 10.10.100.110
ldap-base-dn DC=COMPANY,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=LDAPAuth,CN=Users,DC=COMPANY,DC=com
server-type microsoft
ldap-attribute-map AuthUsers
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
webvpn
anyconnect ask none default anyconnect
group-policy GroupPolicy_COMPANY_SSL_VPN internal
group-policy GroupPolicy_COMPANY_SSL_VPN attributes
wins-server none
dns-server value 10.10.100.102
vpn-tunnel-protocol ikev1 ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
default-domain value net.COMPANY.com
webvpn
anyconnect profiles value COMPANY_SSL_VPN_client_profile type user
tunnel-group COMPANY_SSL_VPN type remote-access
tunnel-group COMPANY_SSL_VPN general-attributes
address-pool COMPANY-SSL-VPN-POOL
authentication-server-group LDAP
authorization-server-group LDAP
authorization-server-group (COMPANY_PROD_INTERNAL) LDAP
default-group-policy NOACCESS
authorization-required
tunnel-group COMPANY_SSL_VPN webvpn-attributes
group-alias COMPANY_SSL_VPN enable
tunnel-group COMPANY_SSL_VPN ipsec-attributes
ikev1 pre-shared-key *****I just figured it out. Under "group-policy GroupPolicy_COMPANY_SSL_VPN attributes", I had to add "vpn-simultaneous-logins 15". Apparently, it was using the value "vpn-simultaneous-logins 0" under the NOACCESS group policy.
-
CSV file for users who have one-time password email address
Hi Guys,
I am trying to extract the list of users who have one-time password email address in FIM or users who have registered with one-time password reset authentication workflow. I need to get their email addresses in CSV file.
Regards
Sarwar
SarwarTake a look at:
http://social.technet.microsoft.com/wiki/contents/articles/3616.how-to-use-powershell-to-export-all-users-who-have-registered-for-self-service-password-reset-sspr.aspx
The script queries a WorkFlow called "Password Reset AuthN Workflow" and returns its ObjectID, then uses it to do a new query searching for "Users" with these parameters:
AuthN WorkFlow Registered = ObjectID of "Password Reset AuthN Workflow"
The script exports these details to a CSV.
Also, all OTP email addresses should be stored in the "msidmOneTimePasswordEmailAddress" attribute in the FIM Portal.
Maybe you are looking for
-
Slow speed during peak hours for over a year
For over a year now my connection speed has slowed during peak hours, at first it would start around 6pm and drop to 5meg or so untill midnight at which point it would go back up to 8meg all night and morning. As the year has gone on it has gotten wo
-
Displaying Open Office word doc in browser using JavaFX
My requirement is to display open office doc in my application for modification
-
Hi I would like to buy for a MBP an External Desktop Drive. This will be my first one. Could you please recommend me some good quality hard drive. Also could you please tell me when I am choosing what options to look for please? For example I would l
-
FV60 and MIRO -duplicate invoice doent chk for diff inv dates
In ecc 6.0 ,We use FV60 and MIRO to enter all invoices. We have config (under MM) for duplicate invoice check against "ref field" only. When we enter an invoice with the same ref field value, it gives error message as expected. However, when we cha
-
How to read value within XML Tag data using IO Stream in Java
We have xml data into a Stream and we need to extract values again into a Stream from the particular XML tag <Data> inside the Stream. PFB the sample XML which will be contained inside the stream and can someone help us to hint the java code for this