LDAP cfg for reliability MII 12
We have a Version 12 MII environment that is configured for authentication from Windows AD (LDAP). This morning the Windows domain server that LDAP was configured to use was rebooted for patches. This caused windows accounts to not be authenticated on the MII server for the duration of the ldap server reboot.
Is there a way to configure MII to use multiple LDAP Domain servers for authentication?
In the LDAP config screen in the UME the field is Server Name and Server Port.
Is it possible to use domain name only or multiple servers in the servername field.
This creates a reliability issue if a single windows domain server outage can interrupt MII server usage and processing.
How are others using LDAP and not being interrupted with a LDAP server outage?
Hi Robert,
I am not much of an LDAP expert, but you can specify multiple LDAPs in the data source configuration file. The documentation includes an [example|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm].
I'll try and find out if that covers different domains.
-Michael
Similar Messages
-
Error while doing the Ldap sync for UDFs
Hi All,
I am doing LDAP sync for UDFs,
Created users in OID.
assigned to orclIDXPerson object modified the ldapconfig.props and created the input file.
Now I am running the ldapsyncudf.sh then I getting the below error.
Exception in thread "main" java.lang.NullPointerException
at oracle.ods.virtualization.schema.AttributeTypeDefinition.getOID(AttributeTypeDefinition.java:117)
at oracle.ods.virtualization.jndi.OVDSchemaContext.convertAttrDefnToJNDIAttrs(OVDSchemaContext.java:655)
at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:137)
at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:109)
at oracle.iam.configservice.impl.LDAPUDFSyncImpl.isAttrExistsInLDAP(LDAPUDFSyncImpl.java:555)
at oracle.iam.configservice.impl.LDAPUDFSyncImpl.validateOVDSchema(LDAPUDFSyncImpl.java:519)
at oracle.iam.configservice.impl.LDAPUDFSyncImpl.addUDFwithLDAP(LDAPUDFSyncImpl.java:1082)
at oracle.iam.configservice.api.LDAPUDFSyncEJB.addUDFwithLDAPx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy631.addUDFwithLDAPx(Unknown Source)
can anyone please unblock me.
Thanks,
ValliHi,
Please see if these help (for 11gR2)
Export the LDAPUser.xml file from MDS using weblogicExportMetatdata.bat. This xml contains the attributes mapping between OIM and OID for LDAP synchronization.
Include the entry for OIM attribute (if entry does not exist for the attribute in the XML) under entity-attributes node. For e.g. use the following xml snippet to add the entry for ISD Code for Phone attribute
<entity-attributes><attribute name=”ISD Code for Phone”> <type>string</type> <required>false</required> <attribute-group>Extended </attribute-group> <searchable>true</searchable> </attribute> </entity-attributes>
Include the entry for OID attribute under target-fields node. For e.g. use the following xml snippet to add the entry for CountryCode
<target-fields><field name=”CountryCode”><type>String</type> <required>false</required> </target-fields>
Now map the OIM attribute with the OID attribute using the following xml snippet under attribute-maps node
<attribute-maps><attribute-map> <entity-attribute> ISD Code for Phone </entity-attribute> <target-field>CountryCode</target-field> </attribute-map></attribute-maps>
Save the changes and import the file back into MDS using WebLogic import utilities. -
Install a Test/Dev instance for SAP MII.
Hi,
I want to install a test/development instance for SAP MII on my laptop [2 GB RAM].
Per my understanding, for this i would need set up SAP NetWeaver CE instance and deploy SAP MII 12.1 component.
I also want do some custom development & integration with SAP through MII to SAP ME.
As per Master Guide SAP MII 12.1.pdf, we need to Install SAP NetWeaver CE 7.1 EHP1 SP03.
Since its a test/development instance can i install [SAP NetWeaver Composition Environment 7.2 Developer Edition|http://www.sdn.sap.com/irj/scn/downloads?rid=/library/uuid/a0a6bd7b-3dfc-2c10-eb95-aae0f777d4ab] and deploy MII.?
Or do i need to have some specific version of Netweaver CE.
Please let me know what are steps to install a Test/Dev environment for SAP ME/MII integration..
Please advice.
Thanks un advance.MII 12.1 has not been validated on NWCE 7.2. And MII 12.2 is validated on NW 7.3, skipping NWCE 7.2. It may install fine, but you will most likely run into problems executing some of the functions and features of MII.
Regards,
Mike -
Where can I find an LDAP Editory for Open LDAP
where can I find an LDAP Editory for Open LDAP... i was using LDAP Editor but it does seem to work any more... where can I find a free download for the LDAP editor for windows...
I put in the following info in the connection section for the
lDAPbrowser but am not able to connect to the server. I get error
saying Failed to connect to ldap://165.252.58.78:389/
Host: 165.252.58.78
Port: 389
Version: 3
Base DN: what do I put here
and do I select SSL
or Anoymous bind
User Info
User DN: what do I put here
and
I am connecting to ldap through my app with the following criteria:
url=ldap://165.252.58.78:389/
ldapHost=165.252.58.78
ldapPort=389
ldapVersion=LDAPConnection.LDAP_V3
ldaploginDN=cn=Manager,dc=accuserverx,dc=com
ldappassword=password -
LDAP realm for authentication and ACL in Database
We are thinking of using LDAP realm for authentication and we want to use ACL from a Database. But the documentation says: "WebLogic Server defers to the LDAP realm for authentication, but not for authorization. Authorization is accomplished with access control lists (ACLs), which are defined in the weblogic.properties file"
Can we use LDAP realm for authentication and manage our ACL from a Database? or do we have to use the weblogic.properties file? Do the weblogic security API help in the above scenario? Thanks RamUnfortunately, there is no easy way to do this in wls 6.0.
The only way to handle it is to write your own custom realm
that uses ldap for users and groups and a database for acls -
probably not a viable alternative.
-Tom
"kevin doherty" <[email protected]> wrote:
>
Jeffrey Hirsch <[email protected]> wrote:
You should be able to use the DelegatedRealm interface to utilize the authentication methods from LDAP and the authorization methods from RDBMSRealm...
I'm trying to do this too, but we are using WL6 and I see that the DelegatedRealm interface has been deprecated in this version. I'd greatly appreciate more information on doing this in WL6.
Thanks!
-kd -
LDAP Configuration for ECC 6.0 ( ABAP Stack only)
Hi,
Can any one guide me with the steps for the LDAP Configuration for ECC 6.0 ( Abap stack only).
Some of my observations are....
I can see the LDAP Support in the Installation master at the following path.
1. Additional Software Life cycle Tasks --> Application Server --> LDAP Support.
But the prerequisites for this task is given as "You must have extended the LDAP schema for the sap data types before.".
When i am goint thru service market place i came across the following note.
Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
Thanks,
TanujDear All,
We are trying to configure the LDAP using with active directory . In the
step of "Synchronization of SAP User Administration with LDAP
Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
error.
Please find the trace file and error screenshot in the attachment.Please help us on
priority.
Please find the Trace log in the below:
RFC destination : LDAP_LDAPSE-01
Tracelevel : 8,704
F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
[Wed Jun 26 11:15:38 2013]
Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
[Wed Jun 26 11:15:39 2013]
Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
[Wed Jun 26 11:15:40 2013]
Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
[Wed Jun 26 11:15:43 2013]
>>>>Required attributes table
Line 0: "CREATETIMESTAMP" (length 15)
Line 1: "MODIFYTIMESTAMP" (length 15)
Line 2: "SAPUSERNAME" (length 11)
<<<<Required attributes table
Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
>>> ldap_msgfree()
<<< ldap_msgfree()
Slot 0 (WIPROTECH): >>> ldap_unbind_s()
Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
Please find the error screenshot in the below.
Regards,
Dilip Sampath.CH
+91-9619735957. -
Using external LDAP server for WL JNDI lookups
I'm trying to find out if it is possible to re-direct JNDI calls to the WL
server to an external LDAP server. I know you can install an external LDAP
server for security purposes, but I would like to use an external LDAP
server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
Is this possible?You typically need to use our JNDI store. We strongly recommend this for
performance reasons..
You can use the JNDI To LDAP bridge which is available from the sun web
site.
Michael Girdley
BEA Systems Inc
"Jack Archer" <[email protected]> wrote in message
news:[email protected]..
I'm trying to find out if it is possible to re-direct JNDI calls to the WL
server to an external LDAP server. I know you can install an external LDAP
server for security purposes, but I would like to use an external LDAP
server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
Is this possible? -
Use of Lotus LDAP server for WLP 7 - LDAP experts ?
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
JP"JP" <[email protected]> wrote in message news:[email protected]..
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
Try setting the com.netscape.ldap.trace property.
\* When -D command line option is used, defining the property with
* no value will send the trace output to the standard error. If the
* value is defined, it is assumed to be the name of an output file.
* If the file name is prefixed with a '+' character, the file is
* opened in append mode.
This will create a ldap trace file of the requests that WLS is making on the
LDAP server. You can then see
where the filters are not returning the correct value for the group
membership. -
Use of Lotus LDAP server for WLP 7 - LDAP experts required
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
User and Groups are working fine, the membership of a user to a group is
not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn=
I know that this LDAP server supported, but id it could work at least
for some time, that would be great !
thanks for your help,
JP"JP" <[email protected]> wrote in message news:[email protected]..
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
Try setting the com.netscape.ldap.trace property.
\* When -D command line option is used, defining the property with
* no value will send the trace output to the standard error. If the
* value is defined, it is assumed to be the name of an output file.
* If the file name is prefixed with a '+' character, the file is
* opened in append mode.
This will create a ldap trace file of the requests that WLS is making on the
LDAP server. You can then see
where the filters are not returning the correct value for the group
membership. -
Migration tool for migrate MII objects from 11.5 to 12.1
Hi All,
We can use any of the tools SP01/02/03/04 for migrate MII objects from 11.5 to 12.0.
Our requirement is to migrate MII objects from 11.5 to 12.1.
Can we use the same tool to accomplish our requiremnt ? Or is there any other tool for this?
Please suggest me on this.Thanks in advance.
Regards,
ManishaThanks Jamie.I got it.upgrade guides located at http://service.sap.com/instguides -> SAP Business Suite Applications -> SAP Manufacturing -> SAP MII.
Thanks,
Manisha -
X.509 PKI LDAP Schema for OID
Hi,
my question is about availability X.509 PKI LDAP Schema for OID. Does anyone know if it is possible to import already predefined schema into OID?
Is it neccessary to folow RFC2587 and define the schema by hand?
Any response and advice appreciated.
Petr
P.S.
I am quite new in the area of OID so some my questions may seem incomrehensible.Hello Petr:
You most certainly can load your own custom schema items into OiD. A few things to keep in mind when you do this.
Make sure you load the attributes first.
Then your objectclasses.
Then your Catolog/indexes if you have any.
Then load your directory entries.
And last load any ACI's you may have.
If you give me a few of your schema definitions I would be happy to give you an example of how to do this.
There are many PKI venders out there and not all of them store certificates the same way. Some use standard schema attributes and others add their own custom attribute. -
LDAP client for solaris 9 with ds5.2 on other box
Hi
I have ds5.2 installed on Box1. I am trying to configure ldapclient on solaris 9 box. I want this to point to existing ldap server for authentication. Sun documentation is not clear about how to do that ? as some of the switches mentioned with ldapclient doesn't work. Most of the solutions I saw are on integrated solaris 9 ds server configuration. e.g idsconfig etc. I am not finding how to do basic authentication of solaris9 cient with any ldap server (ds5.2) installed on some other box.The syntax of ldapclient changed in Solaris 9 (at least by 9 12/03). You now specify it like this:
# ldapclient -v init -a profileName=cn=myProfile,ou=profile,dc=example,dc=comIf you're using Proxy Authentication add the following:
-a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com -a proxyPassword=ClearTextPWYou should have been able to create a profile (storing it in the DIT) when you ran idsconfig. If you took the default name of "default" (cn=default,ou=profile,dc=example,dc=com) you might not even have to specify the profile name to ldapclient.
To generate a new profile and store it in the DIT use:
$ ldapclient -vgenprofile -a profileName=cn=myProfile,ou=profile,dc=example,dc=com -a defaultSearchBase=dc=example,dc=com ...With your various attributes for your profile as specified in ldapclient(1M).
As for pam, you have to decide which you're going to use: pam_unix or pam_ldap. Note that the Solaris pam_ldap is very different from the PADL pam_ldap used under Linux and elsewhere (this makes it easy to find apparently conflicting advice). -
Multiple destination hosts in route.cfg for single domain
GW 8.0.2
We have route.cfg set up to send mail for some destination domains direct instead of through the default relay.
One of the destination domains we want to add to route.cfg has multiple MX hosts they can receive mail on.
Is it possible to add multiple host IP addresses for a single destination domain in route.cfg?
for example:
abc.com has mail receivers with MX records:
abc.com 3600 IN MX 9 10.0.0.25
abc.com 3600 IN MX 2 10.0.1.25
abc.com 3600 IN MX 2 10.0.2.25
abc.com 3600 IN MX 9 10.0.3.25
- is there a way to put all those into route.cfg for abc.com for resilience?
As I've read that route.cfg works in a similar manner to the hosts file, would a space separted list of IP addresses work?
AnthonyOn 8/5/2013 10:06 AM, laurabuckley wrote:
>
> Thanks Anthony.
>
> Please do post back your findings as even I am curious now. I,
> unfortunately, am not in a position to actually test this for you :(
>
> Cheers,
>
>
unless it has been changed, no
You get to list one and only one entry. No load balancing, no failover. -
Good afternoon everyone.
I am beginner and I've been reading about the eclipse plugin for SAP MII.
And I was with some doubt someone could help me?
1) This plugin is paid?
2) With the plugion I can have all the features that the SAP MII Workbench?
3) How can I get this plugin?
Thank U.Hi Carlos,
It should be available on your eclipse through this menu:
I have tried to find it but it's not available. This could be due to many reasons but I think it could be that:
a) I'm running Eclipse Luna so it might be possible that it is not listed because I'm using an unsupported version.
b) I don't have the correct marketplace in my list of available marketplaces and I should add the correct one. This one doesn't look likely but I can't tell for sure.
c) It has been discontinued and is no longer available for download in which case we won't be able to find it.
If I find out what the problem was I'll let you know.
Kind regards,
Ibai -
Using CUCM as LDAP Server for Jabber Phone
Hi All,
I have CUCM 9.1 and Jabber 9.1 for android, I want to configure the Directory search with CUCM as LDAP server, when all the End User automatically added to directory search on the Jabber because we don't have any ldap server, but until now I always got Directory status Disconnected or Error.
Thing that I"ve done :
1. Cofigure the LDAP server on phone configuration with CUCM ip address.
2. FIll the Username and Password with CUCM Username and Password. (don't work)
3. Create new Application User with AXL API Access that used to be the LDAP Username and password (don't work)
does anyone have done this?or the connection with another LDAP Server is mandatory for jabber application? becaus I know some 3rd party application that can done this.
please help me with this problem, any help or comment will be grateful
Regards,
YopieUDS does not work with Jabber for Android, you do need an LDAP
Requirements for Integration with Corporate Directory (Optional)
Use one of the following for Lightweight Directory Access Protocol (LDAP):
Microsoft Active Directory 2003
Microsoft Active Directory 2008
Open LDAP
http://www.cisco.com/en/US/partner/docs/voice_ip_comm/jabber/Android/9_1/JABA_BK_J0D6CD65_00_jabber-android-release-notes-9-1-1.html
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk
Maybe you are looking for
-
Using clips created in Flash Professional
Hello! A newbie question: When working with AS in Flash Builder, Is it possible to use a MovieClip that I have created in Flash Professional? How? I wrote a simple game in Flash Professional, 99% of it is pure code (AS3) but one of the building block
-
Photo Libaries not opening helpp
Hello, I have recently moved 3 different photo libraries from 2 different computers, all 10.5.7, I took one off a quad pro pc with ilife09 and the other a G5 with ilife09, to an external harddrive- I also moved my main libary on my macbookpro to it a
-
Where can I find the OAS 4.0.8.1 "Servlet Patch Set"?
As per the title - is the "OAS 4.0.8.1 Servlet Patch Set" something I can download? I'm having problems getting PTG 1.0.2 to work on OAS 4.0.8.1. Maybe I need this servlet patch. Where can I find it? Many thanks in advance, Mark
-
Hey there, I plan to write a program which uses a mathematical Tool called R-Cran ( http://www.r-project.org/ ) that runs in the background and is a console program. Now I'd like to connect my Java proggy with R and send it the following command: c(1
-
Blown out footage - Color Correction fix-it tips
I'm dealing with some DV footage that was shot about three or four stops open, daylight exterior, so everything is pretty blown out. Using the 3-way color correcting filter certainly helps take things out of the 'illegal zone', but it makes the skin