LDAP Auth Rewrite Rule in Mapping file

Hi,
We are trying to set LDAP Auth Rewrite rule in mapping file to get users First Name & Last Name or Display name & Mail Address from LDAP Server instead of users individual client settings.
In Messaging 5.2 we had the follwoing setting, but it does not work any more for Messaging 6.2:
LDAP Auth Rewrite Entry in mapping file:
AUTH_REWRITE
*|*|*|*@* $]ldap:///dir1.domain.com:389/o=domain.com?cn?sub?(uid=$3)[$ <$]ldap:///dir1.domain.com:389/o=domain.com?mail?sub?(uid=$3)[>$Z
We are running:
Sun Java(tm) System Messaging Server 6.2-3.04 (built Jul 15 2005)
libimta.so 6.2-3.04 (built 01:43:03, Jul 15 2005)
SunOS mta 5.10 Generic_118833-03 sun4u sparc SUNW,Sun-Fire-V240
ll appreciate for any help or clue
Thanks

Thanks Jay,
Well, here is what we want to achieve.
We are looking for re-writing the FROM address of Sender against the LDAP Entry as cn <[email protected]>. This should solve problem of where users have entered wrong FROM information on their clients or trying to spoof FROM address to other users.
Currently, The system delivers e-mail with FROM headers as per client entry instead of re-writing it against AUTHENTICATED userid.
Following is the IMTA.CNF and MAPPINGS lines:
IMTA.CNF
! ims-ms
ims-ms defragment subdirs 20 notices 1 3 backoff "pt5m" "pt10m" "pt30m" "pt1h" "pt2h" "pt4h" maxjobs 2 pool IMS_POOL fileinto
$U+$S@$D
! tcp_local
tcp_local smtp mx single_sys remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver
maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 mailfromdnsverify dropblank vrfyhide
! tcp_intranet
tcp_intranet smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel sasls
witchchannel tcp_auth missingrecipientpolicy 4 mailfromdnsverify dropblank vrfyhide
! tcp_extranet
tcp_extranet smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL mustsaslserver allowswitchchannel saslswitchcha
nnel tcp_auth vrfyhide dropblank mailfromdnsverify dropblank missingrecipientpolicy 4
! tcp_submit
tcp_submit submit smtp mx single_sys mustsaslserver maytlsserver missingrecipientpolicy 4
! tcp_auth
tcp_auth smtp mx single_sys mustsaslserver missingrecipientpolicy 4 authrewrite 3
MAPPINGS file
AUTH_REWRITE
*|*|*|*@* $]ldap:///dir.domain.edu:389/o=domain.edu,dc=domain,dc=edu?cn?sub?(uid=$3)[$ <$]ldap:///dir.domain.edu:389
/o=domain.edu,dc=domain,dc=edu?mail?sub?(uid=$3)[>$Z
Thanks for your help

Similar Messages

Rewrite rule in mappings file

hi all,
in iMS 5.2, can any one suggest me how to write a rule in mapping file so that any mail sent from a particular user (say [email protected]) is also sent (i.e. Bcc 'd ) to [email protected] in addition to the "To:" address which the mail actually goes.
this is required to monitor all mails originating from the address [email protected]
regards,
rajesh.

Yeah, no.
1. there is no such thing as a "rewrite rule" in the mappings file.
2. Likely, what you want is a sieve rule, or a "capture" rule.
3. Or, perhaps save the files to disk, like this:
for capturing all messages to disk files (this doesn't mail the messages, just saves 'em on disk, invisibly)
Add to your mappings file like this:
MESSAGE-SAVE-COPY
tcp_local|*@your_domain|D|/usr/ip lanet/server5/msg-dusty/imta/queue/tcp
local/*/* $Y/usr/iplanet/server5/msgsave/$1/$2
Add more lines to capture both inbound and outbound. The above line captures mails sent to the internet.
files get written to the desination directory, for your examination. Since there's no "message" sent, if the destination account gets full, no message gets sent back to give you away. Less performance impact, too.
I have 4 lines in my MESSAGE_SAVE_COPY area, to capture messages for specific people. . You may need fewer or more, depending on your exact needs.

Allowing access for few emails through mapping file.

Hi All,
First of all thank God for this forum, was so badly stuck.
I have iplanet messaging server 5.2 i know its old but i need to find a way out.
We have recently migrated few users of our domain to different server, lets say domain name is domain1.com
I have a rule in mapping file under Send_Access section.
tcp_noscan|*|tcp_intranet|*@domain1.com $N$D30|Relaying$ blocked
Now this rules kills all the mails going out of the server.
I tried adding the migrated users as
tcp_noscan|*|tcp_intranet|[email protected] $Y
I tried adding this line above as well as below the blocking rule but it doesn't work.
Please can someone help me out.
Edited by: Ramraj-2407 on Dec 16, 2009 10:43 PM

I tried sending mail locally from server using telnet.
=========================================
17-Dec-2009 16:54:18.09 tcp_intranet tcp_scan E 1 [email protected] rfc822;[email protected] @mail.domain1.com:[email protected]
17-Dec-2009 16:54:18.59 tcp_scan D 1 [email protected] rfc822;[email protected] @mail.domain1.com:[email protected] dns;127.0.0.1 (inet01.domain1.com SMTP; Thu, 17 Dec 2009 16:54:17 +0800) smtp;250 <[email protected]>... Recipient ok
17-Dec-2009 16:54:19.75 tcp_noscan J 0 [email protected] rfc822; [email protected] 550 5.7.1 Relaying not allowed: [email protected]
17-Dec-2009 16:54:20.57 tcp_noscan J 0 [email protected] rfc822; [email protected] 550 5.7.1 unknown host or domain: [email protected]
====================================
I also tested it by using
imsmta test -rewrite -debug -source_channel=tcp_noscan -destination_channel=tcp_intranet [email protected]
and it gave error "Rellaying Not allowed"
I have refered your both links
http://docs.sun.com/app/docs/doc/819-4428/bgauo?a=viewand one more you had given in the forum
but I fail to understand the flow of rules.
Can you pls explain me as in which order does the rule flow, as in iptables or any firewall rules the rule which matches first is accepted.
But it seems to be different in this case.
Also do I need to add $E at the end of the rule. Pls explain

IAS 6.0 and Rewrite rules

Hi,
I have worked with Apache JServ in which you have the concept of Rewrite
rules in one of the property files.
How does the same concept work with iAS 6.0?
Thanks
Uzma

Based on my (limited) understanding of JServ rewrite rules, rewrite rules
are essentially a regex tool for URL modification that takes place at the
webserver tier before the servlet engine sees the request.
So, you should be able to implement something similar in an NSAPI plug-in at
the webserver tier. Or by using an ISAPI plug-in if you are using IIS, or
mod_rewrite if you are using Apache. (I don't know if anyone has already
implemented such a plug-in in NSAPI or ISAPI). Just make sure that the
re-write plug-in is before the iAS plug-in.
You could try to do something similar with servlet mapping at the iAS tier,
but that route is much more limited. Wildcards as opposed to regular
expresssions. And you ability to map servlets would be limited to URL's that
are already in the context of the webapp.
David
Uzma Siddiqui wrote:
Hi,
I have worked with Apache JServ in which you have the concept of Rewrite
rules in one of the property files.
How does the same concept work with iAS 6.0?
Thanks
Uzma

IP-specific MTA rewrite rule

Hello,
I'm having a lot trouble understanding how to configure the iMS 6.2 MTA to do my will. I've read the MTA sections in the Messaging Server Administration Guide and still it seems that when I try to implement a rewrite rule, it doesn't work the way I thought it would.
So with that preface, I'd like to ask:
1) What would an imta.cnf rule look like that would route all incoming messages from a server at an IP (say 1.2.3.4) to a specific channel (say tcp_scan)?
2) Does anyone know of any good (or even marginal) books or other resources for learning how to program the iMS MTA?
Thank you,

Yes, there's a book on iMS. You can get it on amazon.com.
check out the unofficial page at:
http://ims.balius.com
as well.
No, you can't use a rewrite rule to route based on source ip.
You can use mapping file and channels for much of that. Far better to help me understand what your goal is, rather than for you to try to solve your problem by the wrong route....

URL Rewrite Rule: HTTP to HTTPS Not Working

Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
features.
I've trolled through the Internet for 2 days now for solutions to my problem, including the ones provided by the TechNet forums and by MVP Scott Forsyth. I've tried over 30 solutions, and none have resolved my issue. Granted some of the solutions I've tried
may have been repeats of others. After trying so many, I have had a hard time discerning the differences. Does it really matter, for instance if the pattern match for the {HTTPS} input is specified as
"^off$" or just "off"? I see this discrepancy (among others) everywhere. It seems like there are so many variations out there. It is quite confusing for the uninitiated and the newbies like myself to the
URL Rewrite technology. I have enabled and consulted my "Failed Request Tracing Rules" logs but cannot make any sense of the cryptic information it is providing.
I just cannot get my reverse proxy server to redirect http requests from the Internet to https to my internal web server. When a user specifies "https://server1.xxxxx.com". he is able to access the internal server via the reverse proxy (IIS) server.
But when he specifies "http://server1.xxxxx.com" he receives "Server Error 500 - Internal server error.There is a problem with the resource you are looking for, and it cannot be displayed."
At this point I am at my wits end, and am even considering configuring the protocol translation on our firewall. But this not my preference as it presents another layer of complexity, and device to troubleshoot later on. Below I've pasted my entire web.config
file with my most current version of the rule in question (in bold) for your review. I started to paste just the specific rule, but thought you might need to see the entire file in case something else may be conflicting with the rule.
Thank you in advance for your help.
Dave Robinson
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
 <system.webServer>
 <rewrite>
 <rules>
 <clear />
<rule name="HTTP to HTTPS Redirect" enabled="true" stopProcessing="true">
 <match url="(.*)" />
 <conditions>
 <add input="{HTTPS}" pattern="off" />
 </conditions>
 <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" redirectType="Found" />
 </rule>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
 <match url="(.*)" />
 <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
 <add input="{CACHE_URL}" pattern="^(https?)://" />
 </conditions>
 <serverVariables>
 <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
 <set name="HTTP_ACCEPT_ENCODING" value="" />
 </serverVariables>
 <action type="Rewrite" url="{C:1}://server1.xxxxx.com/{R:1}" />
 </rule>
 </rules>
 <outboundRules>
 <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
 <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
 <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
 </rule>
 <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
 <match filterByTags="A, Form, Img" pattern="^http(s)?://server1.xxxxx.com/(.*)" />
 <action type="Rewrite" value="http{R:1}://server1.xxxxx.local/{R:2}" />
 </rule>
 <preConditions>
 <preCondition name="ResponseIsHtml1">
 <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
 </preCondition>
 <preCondition name="NeedsRestoringAcceptEncoding">
 <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
 </preCondition>
 </preConditions>
 </outboundRules>
 </rewrite>
 <tracing>
 <traceFailedRequests>
 <add path="*">
 <traceAreas>
 <add provider="ASP" verbosity="Verbose" />
 <add provider="ISAPI Extension" verbosity="Verbose" />
 <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI,WebSocket"
verbosity="Verbose" />
 </traceAreas>
<failureDefinitions timeTaken="00:00:00" statusCodes="404" />
 </add>
 </traceFailedRequests>
 </tracing>
 <httpErrors errorMode="Custom" />
 <httpRedirect enabled="false" destination="" exactDestination="false" childOnly="false" httpResponseStatus="Permanent" />
 </system.webServer>
</configuration>

On Wed, 28 Jan 2015 17:53:41 +0000, dwrobins2000 wrote:
Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
features.
Web/IIS related issues are better posted where the IIS experts are:
http://forums.iis.net
Paul Adare - FIM CM MVP
"The equivalent of treating dandruff by decapitation"
-- Frank Zappa on the Parents Music Resource Center' censorship plans

ActiveDirectory mapping file, doesn't work for login

The mapping file below works.
Logged in as administrator, in the SAP NP administrator web tool,
I can see and edit users in the datasource (Active Directory).
However, when users in the AD try to login to the portal, they get "User authentication failed".
Default trace log show:
Authentication failed on LDAP server: back end message [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece]
and
java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key DS_AD_I
Any ideas on what in the configuration file below,
that could cause these errors ?
====================================
Configuration file
====================================
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
 <dataSource id="PRIVATE_DATASOURCE"
 className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
 isReadonly="false"
 isPrimary="true">
 <homeFor>
 <principals>
 <principal type="group"/>
 <principal type="user"/>
 <principal type="account"/>
 <principal type="team"/>
 <principal type="ROOT" />
 <principal type="OOOO" />
 </principals>
 </homeFor>
 <notHomeFor/>
 <responsibleFor>
 <principals>
 <principal type="group"/>
 <principal type="user"/>
 <principal type="account"/>
 <principal type="team"/>
 <principal type="ROOT" />
 <principal type="OOOO" />
 </principals>
 </responsibleFor>
 <privateSection>
 </privateSection>
 </dataSource>
 <dataSource id="AD_I"
 className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
 isReadonly="false"
 isPrimary="true">
 <homeFor/>
 <responsibleFor>
 <principal type="account">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attributes>
 <attribute name="j_user"/>
 <attribute name="logonalias"/>
 <attribute name="j_password"/>
 <attribute name="userid"/>
 </attributes>
 </nameSpace>
 </principal>
 <principal type="user">
 <nameSpaces>
 <nameSpace name="com.sap.security.core.usermanagement">
 <attributes>
 <attribute name="firstname" populateInitially="true"/>
 <attribute name="displayname" populateInitially="true"/>
 <attribute name="lastname" populateInitially="true"/>
 <attribute name="fax"/>
 <attribute name="email"/>
 <attribute name="title"/>
 <attribute name="department"/>
 <attribute name="description"/>
 <attribute name="mobile"/>
 <attribute name="telephone"/>
 <attribute name="streetaddress"/>
 <attribute name="uniquename" populateInitially="true"/>
 </attributes>
 </nameSpace>
 <nameSpace name="com.sap.security.core.usermanagement.relation">
 <attributes>
 <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
 </attributes>
 </nameSpace>
 <nameSpace name="$usermapping$">
 <attributes>
 <attribute name="REFERENCE_SYSTEM_USER"/>
 </attributes>
 </nameSpace>
 </nameSpaces>
 </principal>
 <principal type="group">
 <nameSpaces>
 <nameSpace name="com.sap.security.core.usermanagement">
 <attributes>
 <attribute name="displayname" populateInitially="true"/>
 <attribute name="description" populateInitially="true"/>
 <attribute name="uniquename"/>
 </attributes>
 </nameSpace>
 <nameSpace name="com.sap.security.core.usermanagement.relation">
 <attributes>
 <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
 <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
 </attributes>
 </nameSpace>
 <nameSpace name="com.sap.security.core.bridge">
 <attributes>
 <attribute name="dn"/>
 </attributes>
 </nameSpace>
 </nameSpaces>
 </principal>
 </responsibleFor>
 <attributeMapping>
 <principals>
 <principal type="account">
 <nameSpaces>
 <nameSpace name="com.sap.security.core.usermanagement">
 <attributes>
 <attribute name="j_user">
 <physicalAttribute name="samaccountname"/>
 </attribute>
 <attribute name="logonalias">
 <physicalAttribute name="samaccountname"/>
 </attribute>
 <attribute name="j_password">
 <physicalAttribute name="userPassword"/>
 </attribute>
 <attribute name="userid">
 <physicalAttribute name="null"/>
 </attribute>
 </attributes>
 </nameSpace>
 </nameSpaces>
 </principal>
 <principal type="user">
 <nameSpaces>
 <nameSpace name="com.sap.security.core.usermanagement">
 <attributes>
 <attribute name="firstname">
 <physicalAttribute name="givenname"/>
 </attribute>
 <attribute name="displayname">
 <physicalAttribute name="displayname"/>
 </attribute>
 <attribute name="lastname">
 <physicalAttribute name="sn"/>
 </attribute>
 <attribute name="fax">
 <physicalAttribute name="facsimiletelephonenumber"/>
 </attribute>
 <attribute name="uniquename">
 <physicalAttribute name="samaccountname"/>
 </attribute>
 <attribute name="loginid">
 <physicalAttribute name="null"/>
 </attribute>
 <attribute name="email">
 <physicalAttribute name="mail"/>
 </attribute>
 <attribute name="mobile">
 <physicalAttribute name="mobile"/>
 </attribute>
 <attribute name="telephone">
 <physicalAttribute name="telephonenumber"/>
 </attribute>
 <attribute name="department">
 <physicalAttribute name="ou"/>
 </attribute>
 <attribute name="description">
 <physicalAttribute name="description"/>
 </attribute>
 <attribute name="streetaddress">
 <physicalAttribute name="postaladdress"/>
 </attribute>
 <attribute name="pobox">
 <physicalAttribute name="postofficebox"/>
 </attribute>
 </attributes>
 </nameSpace>
 <nameSpace name="com.sap.security.core.usermanagement.relation">
 <attributes>
 <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
 <physicalAttribute name="memberof"/>
 </attribute>
 </attributes>
 </nameSpace>
 <nameSpace name="$usermapping$">
 <attributes>
 <attribute name="REFERENCE_SYSTEM_USER">
 <physicalAttribute name="sapusername"/>
 </attribute>
 </attributes>
 </nameSpace>
 </nameSpaces>
 </principal>
 <principal type="group">
 <nameSpaces>
 <nameSpace name="com.sap.security.core.usermanagement">
 <attributes>
 <attribute name="displayname">
 <physicalAttribute name="displayname"/>
 </attribute>
 <attribute name="description">
 <physicalAttribute name="description"/>
 </attribute>
 <attribute name="uniquename" populateInitially="true">
 <physicalAttribute name="cn"/>
 </attribute>
 </attributes>
 </nameSpace>
 <nameSpace name="com.sap.security.core.usermanagement.relation">
 <attributes>
 <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
 <physicalAttribute name="member"/>
 </attribute>
 <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
 <physicalAttribute name="memberof"/>
 </attribute>
 </attributes>
 </nameSpace>
 <nameSpace name="com.sap.security.core.bridge">
 <attributes>
 <attribute name="dn">
 <physicalAttribute name="null"/>
 </attribute>
 </attributes>
 </nameSpace>
 </nameSpaces>
 </principal>
 </principals>
 </attributeMapping>
 <privateSection>
 <ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
 <ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
 <ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
 <ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
 <ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
 <ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
 <ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
 <ume.ldap.access.server_name>machine.company.com</ume.ldap.access.server_name>
 <ume.ldap.access.user>[email protected]</ume.ldap.access.user>
 <ume.ldap.access.server_port>389</ume.ldap.access.server_port>
 <ume.ldap.access.base_path.user>OU=Users,OU=Company,DC=company-tst,DC=local</ume.ldap.access.base_path.user>
 <ume.ldap.access.password>$ume.ldap.access.additional_password.1</ume.ldap.access.password>
 <ume.ldap.access.base_path.grup>OU=Groups,OU=Company,DC=company-tst,DC=local</ume.ldap.access.base_path.grup>
 <ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
 <ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
 <ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>
 <ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
 <ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
 <ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
 <ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
 <ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
 <ume.ldap.unique_user_attribute>samaccountname</ume.ldap.unique_user_attribute>
 <ume.ldap.unique_uacc_attribute>samaccountname</ume.ldap.unique_uacc_attribute>
 </privateSection>
 </dataSource>
</dataSources>

<?xml version="1.0" encoding="UTF-8" ?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>WebApp</display-name>
- <welcome-file-list>
<welcome-file>login.html</welcome-file>
</welcome-file-list>
- <error-page>
<error-code>404</error-code>
<location>/Error.html</location>
</error-page>
<jsp-config />
</web-app>
This is a very simple war with no component and an error page is defined. But this doesn't work. When I type something like /loginnnn.htmllll, it doesn't give me the error page. That is my problem. Any idea???

Rule to Map Accounts into Financial Statements

Hi,
Is there any rule to map the natural accounts into BI APPs Fin statement codes via group accounts? the account qualifiers in EBS say Revenue,Liability,Expense,Asset,Owners Equity. How we can map these accounts into BI Apps Fin statement codes? like Liability will go to AP, Expense will go to OTHERS etc . Not sure about AR (as the accounts use for AR is qualified as Asset and Revenues in EBS), What about Owner's Equity and Asset?
Our Financial Contacts are not sure, as they are not aware what the FIN statements mean in OBI Apps w.r.t Qualifiers in EBS , like said above and not able to map.
Regards,
Krish

All liability accounts should go into AP Group Account and AP Fin Statement. Similarly, all receivable accounts should go into AR and all revenue accounts should go into REVENUE. Now, note that while you can change the out of the box group accounts, you should not change the Fin Statements. For example, if you want AP group accounts to be divided into two category, say, AP1 and AP2, for whatever reason. Map your liability accounts to either AP1 or AP2 (should be mapped to only one) based on whatever functional needs. But make sure both AP1 and AP2 group accounts are mapped to the single AP fin stmt in the grpacct_fstmt file. Ultimately all liability accounts should map to a single AP fin stmt. Same for receivables, revenue accounts etc.
For all other group accounts such as CASH, LONG TERM ASSETS, SHORT TERM ASSETS etc. which map to OTHERS fin stmt, map your accounts to these groups based on your companies accounting structure.
Edited by: user107339501 on Sep 16, 2011 9:29 AM

URL Rewrite Rules in 10.1.4

Hi,
I am having some trouble rewriting the urls, I can't make it work ...
What I want is to change the url:
http://www.mycompany.com/portal/page/portal/portal_sverige/
to
http://www.mycompany.com/sverige
Where "portal_sverige" is the page group.
What I did was:
Configure the properties in the page group:
Search pattern: /portal/page/portal/portal_sweden/
Replace pattern: /sweden/
And I went to enterprise manager, MT, http server, administration, advanced server properties, httpd.conf, and put in the lines:
RewriteEngine On
RewriteRule ^/sweden/(.*)$/portal/page/portal/portal_sweden/$1 [PT]
However, when I try to use navigator to edit a page in that group, I get:
http://www.mycompany.com/sweden/pagename?_mode=16
Returns:
Object not found. (WWC-50003)
And just typing in www.mycompany.com/sweden returns 404 error instead of the root page as I would have liked.
Any ideas about what to do? I can't really find any information ... is the change made in the MT ? IM ? Do I have to do it in some specific order? Is the syntax wrong?
Appreciate any help, thanks

Hello Sayeeas,
I posted an answer to this question a couple months back... check out the thread
Re: Portal URL Rewrite
Here is the answer:
In this example the name of the page group is "www":
Our rewrite rule is also set up in a virtual host section of the httpd.conf file as well so some of the options may not be required for your set up:
RewriteEngine on
RewriteOptions inherit
RewriteCond %{REQUEST_URI} !^/(portal|pls|images).*$
RewriteRule ^(.+) /portal/page/portal/www$1 [PT]
The rewrite condition allows us to ignore the rewrite for certain items in the path. This allows the portal navigator to work. There may be a couple more items that need to be added to the condition because I recently noticed that the help pages dont function properly.
In the portal configuration for the rewrite rule we specify:
Search pattern: /portal/page/portal/www
Replace pattern:
Thats right, the replace pattern is blank.
To see it in action check out http://www.sagelogix.com
-sean
Solutions Architect
http://www.sagelogix.com

Mapping file for Password Sync

The directions are -
Synchronizing Passwords from Oracle Internet Directory to Microsoft Active Directory - Before Active Directory Connector can synchronize passwords in this direction, do the following:
Add a mapping rule that enables password synchronization. For example:
Userpassword: : :inetorgperson:unicodepwd: :user
Req -
Can some one share there mapping file which they would have used for password Sync . you can mail it to me on [email protected]
Regards,
Rashid

Hi,
Below is the mapping I used :
DomainRules
cn=users,dc=test,dc=com:cn=users,dc=coreid,dc=test,dc=com
AttributeRules
# Organizational Unit Mapping
ou: : :organizationalunit:ou: : organizationalunit
# Container mapping
cn: : :orclcontainer: cn: :Container
#Domain cannot be exported
#name: : :domain: dc: :domain
cn:1: :inetorgperson:cn: :User
uid|cn: : :inetorgperson:SAMAccountName: :User
#orclSAMAccountName:1: :inetorgperson:SAMAccountName: :User: truncl(orclSAMAccountName,'$')
#cn:1: :inetortperson:SAMAccountName: :User
# attribute rule for mapping Active Directory LOGIN id
#mail: : :person:sn: :User:
mail: : :person:UserPrincipalName: :User:
# attribute rule for mapping entry and to create orclUserV2
# There should be a mapping rule with orcluserv2 objectclass
# without which the PORTAL may not function properly
sn: : :inetorgperson:sn: :person
givenname: : :inetorgperson:givenname: :person
cn: : :person:displayName: :person
# mail needs to be assigned valid value for default settings ing DAS
mail: : :inetorgperson:mail: :person
userpassword: : :inetorgperson:unicodepwd: :person:
cn: : :person:useraccountcontrol: :person:"512"
mobile: : :inetorgperson:mobile: :organizationalperson:
orclisenabled: : :inetorgperson:obuseraccountcontrol: :oblixOrgPerson:"ACTIVATED"
# GROUP ENTRY MAPPING RULES
cn: : :orclgroup:cn: :group:
# This will work successfully only when cn doesn't have any
# special characters associated with it.
cn: : :orclgroup:SAMAccountName: :group:
uniquemember: : :groupofuniquenames:member: :group:

Enhancing a class after changing its JDO mapping file.

Hi -
Once I enhance a class to make it persistence-capable, do I need to re-enhance it after I make
changes to its JDO mapping file (for example, adding a default-fetch-group attribute)?
Are there certain JDO mapping file changes for which I can forgo enhancement, or is it recommeneded
to always re-enhance?
Thanks,
Les

That depends on the nature of the change.
In general, a good rule of thumb is that changing any extensions does not
require re-enhancement.
On the other hand, most meaningful changes that you make to the standard
metadata tags require re-enhancement. This includes default-fetch-group
settings.
-Patrick
On Thu, 16 Jan 2003 16:32:59 -0500, Les Selecky wrote:
Hi -
Once I enhance a class to make it persistence-capable, do I need to
re-enhance it after I make changes to its JDO mapping file (for example,
adding a default-fetch-group attribute)?
Are there certain JDO mapping file changes for which I can forgo
enhancement, or is it recommeneded to always re-enhance?
Thanks,
Les--
Patrick Linskey
SolarMetric Inc.

Rewrite rule and dinamic group

I have put the rewrite rule
domain.com $A$E$F$[email protected]
In Java Enterprise System.
This way, mails send to or from [email protected] are routed to mailhost and that is ok, but when I send a mail to a dinamic group, the message is not sent.
the command imsimta test -rewrite [email protected] reports this at the end:
Address list error -- 5.1.1 unknown or illegal alias: [email protected]
What could be happening?
Thanks,

Your original rule is not the best way to go about routing to "domain.com"
I would start by removing that rule.
Then I would look at what you're really trying to do, here.
If you're trying to route mails to users that are in your ldap server, then they should be automatically routed, based on the value of "mailhost" you're put in for them.
If you're trying to route users that are not in your ldap, then you need to create a
domain smarthost
documentation in our provisioning guide, here:
http://docs.sun.com/source/816-6018-10/domains.htm#29147
Using rewrite rules for routing outside the MTA is a Bad Idea, as you've found.

Changing sender email address via rewriting rules

My objective is to change my sender email address. For example, suppose my OCS email address is [email protected] and I would to send an email to [email protected]
John logs into yahoo mail and would see my mail. Upon opening my email, I would like John to see that the sender email address to be [email protected] so that whenever John replies my mail, the replied mail would go to [email protected] and not to [email protected]
I read the email admin guide and I configure the Sender rewriting rules within SMTP_OUT. I have key in the following within the Sender rewriting rules: $*@test.abc.com.my,$[email protected]
I restart the SMTP_OUT services and I check the log files in MIDTIER_HOME/oes/log/um_system/SMTP_OUT/12345
I found out that the rewriting rules have take effect on one of the lines.
Then I log into OCS as user Andrew with test.abc.com.my domain and send an email to yahoo.
I open my yahoo mail, which I receive the email.
However the sender email address remains unchanged which is [email protected]
How can I change the sender email domain?
thanks;
andrew

Your observation is very correct in terms of symptoms, not of behaviour. We have numerous ER's there enabling header rewriting, too. Obviously for you, envelope rewriting works well, without to achieve the target you want to address. Please forward your request to Support Services with an Enhancement Request for native header rewriting.
Otherwise 3 ways:
1 Milter C-SDK
2 Milter general
3 relay accomplishing this task.
On 2,3 we have samples ready, for 3 in particular for postfix.

LDAP auth & limit logins per host

I'm using LDAP auth. using ldapclient init to setup the ldap auth. Have a SunOne LDAP server.
I'm interested in doing auth filters - like what Linux does with PAM. I've got PAM_LDAP to work, but since Sun does not use the OpenLDAP convention of /etc/ldap.conf - I can't setup the nss_user filters in there or nss_base_passwd dc=....
does anyone know how to do this in Solaris? Can I enter something into the ldap_cred file? I tried to do a serviceSearchDescriptor and put passwd:dc=x,dc=y?one?(|(uid=x)(uid=y)) in the ldapCredFile but that gave me a search filter error
I really do not want to use NetGroups.
Thanks in advance. I have seem a few posts for this questions but no real answers.
I can't believe that there is no way to do this...

I actually was able to solve my problem. What I did was the following
in my profile setup in the LDAP server I set
servieSearchDescriptor: passwd:dc=x,dc=y,dc=x?sub?|(attribute1=value)(attribute2=value)
This makes the password lookup look for the user only if a subsearch (sub) matches the attributes above.
For example - I could limit logins to only the people who have a shell=/bin/bash by saying ...sub?|(loginShell=/bin/bash)(loginShell=/usr/bin/bash)
I would also want to make a similar serviceSearchDescriptor line for shadow. So I would have two of these in my Profile on the LDAP server , one with passwd: and one with shadow:

REP-52005: The specified key userlogin does not exist in the key map file.

Hi,
I am using oracle 11g report server. I am getting the error of REP-52005: The specified key userlogin does not exist in the key map file.
I updated the user_string in cgicmd.dat file. My cgicmd.dat file content is below
; OracleAS Reports Services ;
; CGICMD.DAT ;
; Example CGICMD.DAT Mapping file ;
; Syntax:
; KEY : VALUE
; Where:
; KEY - the first argument of the rwservlet URL request (case sensitive).
; VALUE - command line parameters and/or special parameters.
; Keys can be referenced in the following ways:
; 1. Parameter on command line to the reports servlet
; e.g. http://machine/servlet/rwservlet?KEY
; 2. Parameter on command line to a reports jsp
; e.g. http://machine/mydir/myreport.jsp?KEY
; 3. Within a reports jsp - in the rw:report custom tag
; e.g. <rw:report parameters="KEY">
; In addition to the Reports Server command line parameters, VALUE can include special parameters
; represented as "%X", where X identifies the parameter. Currently recognized special
; parameters:
; %0 - %9 - 0..9 arguments from original rwservlet URL request. Note that %0 refers to the key itself.
; %* - entire contents (all arguments) of original rwservlet URL request.
; %D - request users to input database userid everytime they run the report.
; %P - request for report parameter form in HTML format. It generates the PARAMFORM=HTML
; construction on the first submission of the URL and PARAMFORM=NO upon parameter form submission.
; CGICMD.DAT Usage Notes
; 1. Multiple keys in this file MUST be separated by an EXTRA empty line.
; 2. Extra spaces are ignored. Multi-line entries allowed.
; 3. Lines starting with ";" character are treated as a comments.
; 4. Comments within a key or key value are NOT allowed.
; 5. NLS language support is provided and can be used (encoding should match the one
; used in HTML request - no language conversion of any kind is attempted.
; 6. For %P special parameter, HTML format is by default mapped to the HTMLTABLE format in this release.
; The HTML format in the future may be mapped to the HTMLCSS format.
;;;;;;;;;;;; Example Key Entries
; Example 1: Run a simple breakb report and output to HTML
orqa: report=breakb.rdf destype=cache desformat=html server=repserver
; Example 2: prompt for userid the first time, then use database userid stored in the cookie subsequently.
report_defaultid: report=breakb.rdf destype=cache desformat=html server=repserver
; Example 3: use %D to require user authentication every time
report_secure: report=breakb.rdf destype=cache desformat=html server=repserver1 %D
; Example 4: Take all arguments from URL and send it to the reports server
run: %*
; Example 5: Run breakb report with HTML parameter form.
breakbparam : report=breakb.rdf destype=cache desformat=html server=repserver userid=scott/tiger@mydb %P
; Example 6: take all URL arguments, and also generate a HTML parameter form
runp: %* %P
; Example 7: Run an Express Report. Replace <MYHOST> with the name of the machine running the Express server. The
; builder on-line help explains the rest of the parameters (the /sl, st etc. etc.)
express: report=my_expr_rep express_server="server=ncacn_ip_tcp:<MYHOST>/sl=1/st=1/ct=0/sv=1/" desformat=htmlcss userid=scott/tiger@mydb destype=cache server=repserver
;;;;;;;;;;;; Keys for Reports Demos
; Using default/in-process server.
; JSPs
;charthyperlink_ias: userid="scott/tiger@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=%DBHOSTNAME%)(PORT=%DBPORT%))(CONNECT_DATA=(SID=%DBSID%)))" %*
;charthyperlink_ids: userid=scott/tiger@ %*
;barcodeweb: userid=oe
;parmformjsp: userid=oe
;tutorial: userid=oe
; Paper Reports
;xmldata: userid=oe report=inventory_report.rdf destype=cache p_filelocation="http://%HOSTNAME%:%OC4JPORT%/reports/examples/xml_pds/scripts/" desformat=pdf
;barcodepaper: userid=oe report=shippingmanifest.rdf destype=cache desformat=pdf
;distributionpaper: userid=oe report=inventory_report_dist.rdf distribute=yes destination=exampledistribution.xml
;pdfenhancements: userid=oe report=utf8test.rdf destype=cache desformat=pdf
userlogin : userid=SYMFINBTOTEST@fin10r21 %*
As in the above file i have added a key as userlogin at the end of the file. But the reports server does not take the key that i have given. I followed the same steps provided in oracle docs. I used "showmap" to check the cgicmd file that is used by the reports
http://aspirevm8-17.aspiresys.com:9002/reports/rwservlet/showmap?server=bluQubeReportsAtLocalEnv&destype&userid=SYMFINBT…
It shows me the content of the cgicmd.dat file and it also shows my updations. But in the "Parsed Map File Entries" it does not show my key value pair
Parsed Map File Entries
Return to Top
Key Name
Value
runp
%* %P
breakbparam
report=breakb.rdf destype=cache desformat=html server=repserver userid=scott@mydb %P
report_defaultid
report=breakb.rdf destype=cache desformat=html server=repserver
run
report_secure
report=breakb.rdf destype=cache desformat=html server=repserver %D
express
report=my_expr_rep express_server="server=ncacn_ip_tcp:<MYHOST>/sl=1/st=1/ct=0/sv=1/" desformat=htmlcss userid=scott@mydb destype=cache server=repserver
orqa
report=breakb.rdf destype=cache desformat=html server=repserver
Please help me to to make the key being populated here and being used by the reports server.
Thanks,
Priya

uncomment #KEYPMAPFILE=CGICMD.DAT. remove the #
then for development set
reloadkeymap=yes (same file - rwservlet.properties).
Now it should reload everytime. (otherwise for every change u need to restart oc4j_bi_forms)
(For * production* may be you want to set reloadkeymap=no once all testing is done)
see cgicmd.dat for many examples of using keymap file
[ All Docs for all versions ]
http://otn.oracle.com/documentation/reports.html
[ Publishing reports to web - 10G ]
http://download.oracle.com/docs/html/B10314_01/toc.htm (html)
http://download.oracle.com/docs/pdf/B10314_01.pdf (pdf)
[ Building reports - 10G ]
http://download.oracle.com/docs/pdf/B10602_01.pdf (pdf)
http://download.oracle.com/docs/html/B10602_01/toc.htm (html)
[ Forms Reports Integration whitepaper 9i/10g ]
9i - http://otn.oracle.com/products/forms/pdf/frm9isrw9i.pdf
10g - http://www.oracle.com/technology/products/forms/pdf/10g/frm10gsrw10g.pdf
http://www.oracle.com/technology/products/forms/techlisting10g.html
---------------------------------------------------------------------------------

LDAP Auth Rewrite Rule in Mapping file

Similar Messages

Maybe you are looking for