LDAP authorization and AD

HI!
I am trying to authorize a user wit Active Directory via LDAP, the user logs in as user1 but if I use the uid as principal it doesn't work, I need to specify
principal = "CN=Name Surname(user1),OU=Users ..." -> works
principal = "CN=user1,OU=Users ..." -> does not work
Any help?
Thanks,
Iggy

If that's the way your LDAP is organized that's the only path that's going to work. If you want to find users etc. by some other property you'll need to use a the search function. Each context in the tree has a unique name.

Similar Messages

Using OWSM for SAML verification and LDAP authorization

I can verify SAML tokens by using EM security (verifying SAML tokens) but when I use OWSM I get this error at the proxy (by adding the step : SAML - Verify WSS 1.0 Token to the policy of a server agent)
Exception in thread "main" java.lang.NoSuchMethodError: oracle.security.wss.saml.SAMLAssertionIssuer.<init>(Ljavax/xml/rpc/handler/soap/SOAPMessageContext;Lorg/w3c/dom/Document;Loracle/security/wss/config/SamlTokenConfigType;Z)V
Also I need to LDAP authorize the subject of SAML after verification of SAML token. Is it just enough to put the LDAP authorize step after SAML verification?
Won't I need any EXTRACT CREDENTIAL step?
Regards
Farbod

When we were asked to combine OBIEE 10g with Active Directory, we chose external Table Authorization to get information on the groups, a user is part of.
In general, one could follow these articles to achieve AD Authentication:
[http://www.oraclebidwh.com/2008/10/obiee-ldap-authentication-using-microsoft-ad/|http://www.oraclebidwh.com/2008/10/obiee-ldap-authentication-using-microsoft-ad/]
[http://www.oraclebidwh.com/2008/11/obiee-ldap-authentication-using-microsoft-ad-2/|http://www.oraclebidwh.com/2008/11/obiee-ldap-authentication-using-microsoft-ad-2/]
To sum it up: Read User-information from AD. Knowing a user's login-name then, one could query an external table, which consists of user and group information. Everything is setup within initializationBlocks, which could be created in the administration tool.
Problem: As you already said, the problem is, that this external user--group table has to be filled and updated "manually". That is, someone has to input new users or at least assign them to the existing groups.
In our case, there's an admin who knows what sql is and how to work with it.
Another solution could be, to prepare a xml-file, containing user and group information and add it to your repository. The tables could then be queried, too. Although, xml files can become quite unhandy, if a lot of information is held within it, they can be edited via external tools or at least with a standard text editor.

EN4093R LDAP authentification and authorization

Hi,i want to configure ldap authentification and authorization. Can anyone help me to configure this. In my test environment – I want to give our Domain Admins access to our switches. I found only basic configuration in the user manual but I got now information to configure groups. Could I configure two or more groups to access the switch?

What thype of ldap server are you using? Microsoft Windows 2012 or 2008. I got a problem with 2012 not give the groups back with some users.
Same problem as
https://supportforums.cisco.com/message/3866327#3866327
debug ldap 255
shows correct value with one user that is workin:
[196] Authentication successful for Administrator to 192.168.20.80
[196] Retrieved User Attributes:
[196]   objectClass: value = top
[196]   objectClass: value = person
[196]   objectClass: value = organizationalPerson
[196]   objectClass: value = user
[196]   cn: value = Administrator
[196]   description: value = Vordefiniertes Konto f..r die Verwaltung des Computers bzw. der Dom..ne
[196]   distinguishedName: value = CN=Administrator,CN=Users,DC=xxxx,DC=local
[196]   instanceType: value = 4
[196]   whenCreated: value = 20081201134058.0Z
[196]   whenChanged: value = 20131126141559.0Z
[196]   displayName: value = Administrator
[196]   uSNCreated: value = 12298
[196]   memberOf: value = CN=G_SSLVPN,OU=Service,OU=Groups,OU=XXXXX,DC=XXXX,DC=local
[196]           mapped to Group-Policy: value = ssl_admin
[196]           mapped to LDAP-Class: value = ssl_admin
One user that is not working:
no entries with memberOf in debug
[190] Authentication successful for sdag to 192.168.20.80
[190] Retrieved User Attributes:
[190]   objectClass: value = top
[190]   objectClass: value = person
[190]   objectClass: value = organizationalPerson
[190]   objectClass: value = user
[190]   cn: value = sdag
[190]   distinguishedName: value = CN=sdag,OU=Lieferanten,OU=Users,OU=xxxx,DC=xxxxxx,DC=local
[190]   displayName: value = sdag
[190]   homeMTA: value = CN=Microsoft MTA,CN=SRVSBS01,CN=Servers,CN=erste administrative gruppe,CN=Admini
[190]   proxyAddresses: value = smtp:sdag@xxxx
[190]   proxyAddresses: value = SMTP:sdag@xxxxx

LDAP authorization for VPN

I am having problems getting the LDAP authorization to work. None of the instructions I find seem to coincide with my version of ASDM 5.0(7) and ASA 7.0(7).
SO if anyone has the right instructions for these version can you send me a link?
I get as far of testing it and it fails. When I test it asks for a user name but never a password. so I am not sure what I am doing wrong.
Any help appreciated.

Post your AAA & VPN profile config from the device please?

LDAP UID and local UID different

I have a 10.5 server running LDAP with a master and a replica. In the LDAP i have a user who was deleted and the readded to the LDAP to correct an issue. Now on the replica that users LDAP id and her id from the command line command id are different which is preventing her from syncing. I have tried to remove and readd her again but I can not get the local id to go away. There is no user id for this user in any of the local files or databases that I can find.
How do I delete the user so the command line command ID does not see her so I can create her account with the correct user id??

Hi Wajid,
I've done this by making the APEX ID a copy of the LDAP ID - then the APEX IDs are put in APEX Groups, which feed the Authorization Schemes that grant access to regions/tabs/fields, etc.
I no longer manage passwords, but the Apex Group still recognizes the :APP_USER.
Let me know if this doesn't make sense, or I need to get more detailed.
Rich

I am so angry - there has to be a misundering. my Itunes was disabled as there was a charge that I did not authorize and I cannot find the phone

I am so angry - there has to be a misunderstanding. my Itunes was disabled as there was a charge that I did not authorize and I cannot find the phone number for security and the dingbat girl who I'm emailing send me a link that does not work. And I am extremely frustrated. Please help. I need a phone # to contact security.

Contact Apple Support here:
ACCOUNT SECURITY CONTACT NUMBERS
Cheers,
GB

How can I authorize and access my itunes account on a new computer if I cant access my old computer to enable home sharing

How can I authorize and access my itunes account on a new computer if I cant access my old computer to enable home sharing

Authorization
Macs: iTunes Store- About authorization and deauthorization.
Windows: How to Authorize or Deauthorize iTunes | PCWorld.
In iTunes you use the Authorize This Computer or De-authorize This Computer option under the Store menu in iTunes' menubar. For Windows use the ALT-S keys to access it. Or turn on Windows 7 and 8 iTunes menus: iTunes- Turning on iTunes menus in Windows 8 and 7.
To deauthorize a computer you don't have:
De-authorizing Computers (contributed by user John Galt)
You can de-authorize individual computers, but only by using those computers. The only other option is to "de-authorize all" from your iTunes account.
1. Open iTunes on a computer
2. From the Store menu, select "View my Account..."
3. Sign in with your Apple ID and password.
4. Under "Computer Authorizations" select "De-authorize All".
5. Authorize each computer you still have, as you may require.
You may only do this once per year.
After you "de-authorize all" your authorized computers, re-authorize each one as required.
If you have de-authorized all computers and need to do it again, but your year has not elapsed, then contact: Apple - Support - iTunes - Contact Us.
For more information on authorization and de-authorization: iTunes Store- About authorization and deauthorization.

EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

Hello everyone,
Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
Here's what happens:
1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
http://discussions.apple.com/thread.jspa?messageID=5967023
http://discussions.apple.com/message.jspa?messageID=5982070
these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
Thanks,
Andrew

Hard to tell what is happening without looking at the application
source, knowing what OS & hardware you're using etc. You might want to
try running with different JVM versions to see if it's actually the VM
that is the problem. If you have a support contract with BEA you could
ask support to help you diagnose this.
Regards,
/Helena
Ayub Khan wrote:
I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
seems to happen on loading the machine..the performance progressively gets worse
and after a couple of seconds, all the threads stop responding. I checked the
heap, cpu and the idle threads in the execute queue and there is nothing there
to trigger alarms...there are quite a few idle threads still and the heap and
the cpu utilization seem OK. On doing a thread dump, Is see that all the other
threads seem to be in a state where they are waiting for data from LDAP and it
is basically read only data that they are waiting on.
Does anyone know what it is going on and help point me in the right direction.
-Ayub

I have purchased a song and my computer says it is unauthorized to play it. I give authorization and it says its already authorized. Then I try to play the song and it wont allow authorization.

I have purchased a song and my computer says it is unauthorized to play it. I give authorization and it says its already authorized. Then I try to play the song and it wont allow authorization.

Delete and redownload it if doing so is free in your country.
(71678)

Vendor, trading parner, authorization and corporate group

Hi experts!
Thank you for pay attention to my message! I have a question about the fields in customer master date.
What does it mean or what will happen to the customer master if I entry a vendor no. or a company ID for trading partner in the field vendor, trading parner, authorization and corporate group in the customer master general data?
In other words, in which business scenario or situation should I entry data in these fields:
vendor, trading parner, authorization and corporate group in the customer master general data?
Thank you for your help!
TangDark.

Hi,
Vendor- when the customer is also a vendor( i.e. supplying any form of product- raw material) you need to enter vendor no.
Trading partner- If this customer is trading with other company code of the same client.
Authorization- To protect access of the data maintained
Corporate group- If customer belongs to a group ,maintain group key here.
Thanks,
Vrajesh

LDAP groups and WebLogic Roles - Urgent ( weblogic 6.1 sp1, iPLanet 5.1)

I have 2 questions and these are very urgent :-
1. Where the mapping can be defined between LDAP groups and WebLogic Roles. I have
2 groups in iPLanet :- Contarctors and employees and I have 2 security roles in weblogic:-
contractactors and employess. How do I map LDAP group contractors to weblogic security
Role contractors? Similarly for employees ?
2. I have not defined contarctors and employeees under People container in IPlanet.
e.g. The RDN for contractor is
uid=1234,ou=dir,dc=orams,dc=com
Can I still use the defualt security realm of weblogic (the WebLogic Security Realm
under People ) OR I have to write my own custom code ?
3. I am planning to use Roles insetad of groups to manage the logical grouping in
iPLant. Can I still use the groups in WebLogic security realm ( in the configuratin
parameters ?)
This is very urgent ....so if any of you can throw any hints that will be greatly
appreciated.
--Sunita

Hi Ariel,
The driver is bundled with the product in WLS 6.1sp1. you don't have to
download any additional driver. Use it as you normally would only thing to
remember is if you are trying to write standalone java code then you have to
have weblogic.jar in your classpath. For the rest of the info follow the wls
docs for 6.1
HTH
sree
"Ariel" <[email protected]> wrote in message
news:3bb4a643$[email protected]..
We want to connect our Weblogic 6.1 sp1 server to a SQLServer 2000 db. We
downloaded the JDriver from bea.com, but all the istructions that camewith
it are for WLserver 5.1.
What has to be done to do this with 6.1 sp1?
Thanks,
Ariel

I purchased a book and downloaded the book on my pc, but I am unable to authorize and transfer this to my other devices

As mentioned above, I purchased a book and downloaded it on my pc, but I am unable to authorize and transfer this purchase to my other devices. I downloaded bluefire reader per online instructions and added the pdf book file to this app on itunes. When I attempt to authorize the purchase by entering my adobe id, it doesn't work, the authorization window clears the fields I just entered, I enter the information again and the same result.

I tried reviewing my account information but it just came out on itunes home page without showing any thing....

LDAP Users and Groups

Hi,

I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:

com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.


It seems that this needs to be setup. How do I do this?


Some general notes on LDAP:

I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.

Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.

It would be interesting to read what Bea and other developer think about this.

Kind regards,

Kai


Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)

MSS (non-webdynpro) Authorizations and Roles

Do you know the MSS 60.1 business package authorizations and roles that are required for the backend R/3 system? I noticed an SAP note exists for the webdynpro version (#798967) but didn't see a note for the old package.

Umair,
I know this auth object is required for webdynpros in new business package but does it apply for old traditional java MSS package too?
Thanks, John

Regarding Authorizations and Roles

Hi All,
Can anyone explain me about Authorizations and Roles ,in detail.
regards,
Ali

Links for Learning about Authorizations:
http://help.sap.com/saphelp_nw70/helpdata/en/44/599b3c494d8e15e10000000a114084/frameset.htm
http://help.sap.com/saphelp_bw33/helpdata/en/be/076f3b6c980c3be10000000a11402f/content.htm
http://help.sap.com/bp_biv235/BI_EN/documentation/Authorization_BW_Proj.pdf
http://help.sap.com/saphelp_nw04/helpdata/en/e3/e60138fede083de10000009b38f8cf/frameset.htm
Links to learn about Roles:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
http://www.bwexpertonline.com/archive/Volume_04_(2006)/Issue_10_(Nov_and_Dec)/V4I10A2.cfm?session=
Assign points if helpful,
Venkat

LDAP authorization and AD

Similar Messages

Maybe you are looking for