LDAP cfg for reliability MII 12

We have a Version 12 MII environment that is configured for authentication from Windows AD (LDAP).  This morning the Windows domain server that LDAP was configured to use was rebooted for patches.  This caused windows accounts to not be authenticated on the MII server for the duration of the ldap server reboot.
Is there a way to configure MII to use multiple LDAP Domain servers for authentication?
In the LDAP config screen in the UME the field is Server Name and Server Port.
Is it possible to use domain name only or multiple servers in the servername field.
This creates a reliability issue if a single windows domain server outage can interrupt MII server usage and processing.
How are others using LDAP and not being interrupted with a LDAP server outage?

Hi Robert,
I am not much of an LDAP expert, but you can specify multiple LDAPs in the data source configuration file. The documentation includes an [example|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm].
I'll try and find out if that covers different domains.
-Michael

Similar Messages

  • Error while doing the Ldap sync for UDFs

    Hi All,
    I am doing LDAP sync for UDFs,
    Created users in OID.
    assigned to orclIDXPerson object modified the ldapconfig.props and created the input file.
    Now I am running the ldapsyncudf.sh then I getting the below error.
    Exception in thread "main" java.lang.NullPointerException
    at oracle.ods.virtualization.schema.AttributeTypeDefinition.getOID(AttributeTypeDefinition.java:117)
    at oracle.ods.virtualization.jndi.OVDSchemaContext.convertAttrDefnToJNDIAttrs(OVDSchemaContext.java:655)
    at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:137)
    at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:109)
    at oracle.iam.configservice.impl.LDAPUDFSyncImpl.isAttrExistsInLDAP(LDAPUDFSyncImpl.java:555)
    at oracle.iam.configservice.impl.LDAPUDFSyncImpl.validateOVDSchema(LDAPUDFSyncImpl.java:519)
    at oracle.iam.configservice.impl.LDAPUDFSyncImpl.addUDFwithLDAP(LDAPUDFSyncImpl.java:1082)
    at oracle.iam.configservice.api.LDAPUDFSyncEJB.addUDFwithLDAPx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy631.addUDFwithLDAPx(Unknown Source)
    can anyone please unblock me.
    Thanks,
    Valli

    Hi,
    Please see if these help (for 11gR2)
    Export the LDAPUser.xml file from MDS using weblogicExportMetatdata.bat. This xml contains the attributes mapping between OIM and OID for LDAP synchronization.
    Include the entry for OIM attribute (if entry does not exist for the attribute in the XML) under entity-attributes node. For e.g. use the following xml snippet to add the entry for ISD Code for Phone attribute
    <entity-attributes><attribute name=”ISD Code for Phone”> <type>string</type> <required>false</required> <attribute-group>Extended </attribute-group> <searchable>true</searchable> </attribute> </entity-attributes>
    Include the entry for OID attribute under target-fields node. For e.g. use the following xml snippet to add the entry for CountryCode
    <target-fields><field name=”CountryCode”><type>String</type> <required>false</required> </target-fields>
    Now map the OIM attribute with the OID attribute using the following xml snippet under attribute-maps node
    <attribute-maps><attribute-map> <entity-attribute> ISD Code for Phone </entity-attribute> <target-field>CountryCode</target-field> </attribute-map></attribute-maps>
    Save the changes and import the file back into MDS using WebLogic import utilities.

  • Install a Test/Dev instance for SAP MII.

    Hi,
    I want to install a test/development instance for SAP MII on my laptop [2 GB RAM].
    Per my understanding, for this i would need set up SAP NetWeaver CE instance and deploy SAP MII 12.1 component.
    I also want do some custom development & integration with SAP through MII to SAP ME.
    As per Master Guide SAP MII 12.1.pdf, we need to Install SAP NetWeaver CE 7.1 EHP1 SP03.
    Since its a test/development instance can i install [SAP NetWeaver Composition Environment 7.2 Developer Edition|http://www.sdn.sap.com/irj/scn/downloads?rid=/library/uuid/a0a6bd7b-3dfc-2c10-eb95-aae0f777d4ab] and deploy MII.?
    Or do i need to have some specific version of Netweaver CE.
    Please let me know what are steps to install a Test/Dev environment for SAP ME/MII integration..
    Please advice.
    Thanks un advance.

    MII 12.1 has not been validated on NWCE 7.2.  And MII 12.2 is validated on NW 7.3, skipping NWCE 7.2.  It may install fine, but you will most likely run into problems executing some of the functions and features of MII.
    Regards,
    Mike

  • Where can I find an LDAP Editory for Open LDAP

    where can I find an LDAP Editory for Open LDAP... i was using LDAP Editor but it does seem to work any more... where can I find a free download for the LDAP editor for windows...

    I put in the following info in the connection section for the
    lDAPbrowser but am not able to connect to the server. I get error
    saying Failed to connect to ldap://165.252.58.78:389/
    Host: 165.252.58.78
    Port: 389
    Version: 3
    Base DN: what do I put here
    and do I select SSL
    or Anoymous bind
    User Info
    User DN: what do I put here
    and
    I am connecting to ldap through my app with the following criteria:
    url=ldap://165.252.58.78:389/
    ldapHost=165.252.58.78
    ldapPort=389
    ldapVersion=LDAPConnection.LDAP_V3
    ldaploginDN=cn=Manager,dc=accuserverx,dc=com
    ldappassword=password

  • LDAP realm for authentication and ACL in Database

    We are thinking of using LDAP realm for authentication and we want to use ACL from a Database. But the documentation says: "WebLogic Server defers to the LDAP realm for authentication, but not for authorization. Authorization is accomplished with access control lists (ACLs), which are defined in the weblogic.properties file"
    Can we use LDAP realm for authentication and manage our ACL from a Database? or do we have to use the weblogic.properties file? Do the weblogic security API help in the above scenario? Thanks Ram

    Unfortunately, there is no easy way to do this in wls 6.0.
    The only way to handle it is to write your own custom realm
    that uses ldap for users and groups and a database for acls -
    probably not a viable alternative.
    -Tom
    "kevin doherty" <[email protected]> wrote:
    >
    Jeffrey Hirsch <[email protected]> wrote:
    You should be able to use the DelegatedRealm interface to utilize the authentication methods from LDAP and the authorization methods from RDBMSRealm...
    I'm trying to do this too, but we are using WL6 and I see that the DelegatedRealm interface has been deprecated in this version. I'd greatly appreciate more information on doing this in WL6.
    Thanks!
    -kd

  • LDAP Configuration for ECC 6.0 ( ABAP Stack only)

    Hi,
    Can any one guide me with the steps for the LDAP Configuration for ECC 6.0 ( Abap stack only).
    Some of my observations are....
    I can see the LDAP Support in the Installation master at the following path.
    1. Additional Software Life cycle Tasks --> Application Server --> LDAP Support.
    But the prerequisites for this task is given as "You must have extended the LDAP schema for the sap data types before.".
    When i am goint thru service market place i came across the following note.
    Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
    Thanks,
    Tanuj

    Dear All,
    We are trying to configure the LDAP using with active directory .  In the
    step of "Synchronization of SAP User Administration with LDAP
    Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
    error.
    Please find the trace file and error screenshot in the attachment.Please help us on
    priority.
    Please find the Trace log in the below:
    RFC destination : LDAP_LDAPSE-01
    Tracelevel      :      8,704
    F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
    [Wed Jun 26 11:15:38 2013]
    Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
    [Wed Jun 26 11:15:39 2013]
    Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
    Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
    Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
    Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
    [Wed Jun 26 11:15:40 2013]
    Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
    [Wed Jun 26 11:15:43 2013]
    >>>>Required attributes table
    Line    0: "CREATETIMESTAMP" (length 15)
    Line    1: "MODIFYTIMESTAMP" (length 15)
    Line    2: "SAPUSERNAME" (length 11)
    <<<<Required attributes table
    Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
    Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
    >>> ldap_msgfree()
    <<< ldap_msgfree()
    Slot 0 (WIPROTECH): >>> ldap_unbind_s()
    Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
    Please find the error screenshot in the below.
    Regards,
    Dilip Sampath.CH
    +91-9619735957.

  • Using external LDAP server for  WL JNDI lookups

    I'm trying to find out if it is possible to re-direct JNDI calls to the WL
    server to an external LDAP server. I know you can install an external LDAP
    server for security purposes, but I would like to use an external LDAP
    server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
    Is this possible?

    You typically need to use our JNDI store. We strongly recommend this for
    performance reasons..
    You can use the JNDI To LDAP bridge which is available from the sun web
    site.
    Michael Girdley
    BEA Systems Inc
    "Jack Archer" <[email protected]> wrote in message
    news:[email protected]..
    I'm trying to find out if it is possible to re-direct JNDI calls to the WL
    server to an external LDAP server. I know you can install an external LDAP
    server for security purposes, but I would like to use an external LDAP
    server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
    Is this possible?

  • Use of Lotus LDAP server for WLP 7 - LDAP experts ?

    Hi,
    I'm looking for someone who has used the Lotus LDAP server for WLP7
    authentication.
    I connect my portal to the Domino LDAP, User and Groups are working
    fine, but the membership of a user to a group is not.
    I assume that it's related to the parameters I use (especially the
    membership.filter ?):
    "user.filter=(&(uid=%u)(objectclass=person));
    user.dn=O=Apac;
    membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
    group.filter=(&(cn=%g)(objectclass=groupOfNames));
    server.host=jpgal01.apac.bea.com;
    group.dn="
    Any help would be appreciate, because I just don't where to look for.
    JP

    "JP" <[email protected]> wrote in message news:[email protected]..
    Hi,
    I'm looking for someone who has used the Lotus LDAP server for WLP7
    authentication.
    I connect my portal to the Domino LDAP, User and Groups are working
    fine, but the membership of a user to a group is not.
    I assume that it's related to the parameters I use (especially the
    membership.filter ?):
    "user.filter=(&(uid=%u)(objectclass=person));
    user.dn=O=Apac;
    membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
    group.filter=(&(cn=%g)(objectclass=groupOfNames));
    server.host=jpgal01.apac.bea.com;
    group.dn="
    Any help would be appreciate, because I just don't where to look for.
    Try setting the com.netscape.ldap.trace property.
    \* When -D command line option is used, defining the property with
    * no value will send the trace output to the standard error. If the
    * value is defined, it is assumed to be the name of an output file.
    * If the file name is prefixed with a '+' character, the file is
    * opened in append mode.
    This will create a ldap trace file of the requests that WLS is making on the
    LDAP server. You can then see
    where the filters are not returning the correct value for the group
    membership.

  • Use of Lotus LDAP server for WLP 7 - LDAP experts required

    Hi,
    I'm looking for someone who has used the Lotus LDAP server for WLP7
    authentication.
    User and Groups are working fine, the membership of a user to a group is
    not.
    I assume that it's related to the parameters I use (especially the
    membership.filter ?):
    user.filter=(&(uid=%u)(objectclass=person));
    user.dn=O=Apac;
    membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
    group.filter=(&(cn=%g)(objectclass=groupOfNames));
    server.host=jpgal01.apac.bea.com;
    group.dn=
    I know that this LDAP server supported, but id it could work at least
    for some time, that would be great !
    thanks for your help,
    JP

    "JP" <[email protected]> wrote in message news:[email protected]..
    Hi,
    I'm looking for someone who has used the Lotus LDAP server for WLP7
    authentication.
    I connect my portal to the Domino LDAP, User and Groups are working
    fine, but the membership of a user to a group is not.
    I assume that it's related to the parameters I use (especially the
    membership.filter ?):
    "user.filter=(&(uid=%u)(objectclass=person));
    user.dn=O=Apac;
    membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
    group.filter=(&(cn=%g)(objectclass=groupOfNames));
    server.host=jpgal01.apac.bea.com;
    group.dn="
    Any help would be appreciate, because I just don't where to look for.
    Try setting the com.netscape.ldap.trace property.
    \* When -D command line option is used, defining the property with
    * no value will send the trace output to the standard error. If the
    * value is defined, it is assumed to be the name of an output file.
    * If the file name is prefixed with a '+' character, the file is
    * opened in append mode.
    This will create a ldap trace file of the requests that WLS is making on the
    LDAP server. You can then see
    where the filters are not returning the correct value for the group
    membership.

  • Migration tool for migrate MII objects from 11.5 to 12.1

    Hi All,
    We can use any of the tools SP01/02/03/04 for migrate MII objects from 11.5 to 12.0.
    Our requirement is to migrate MII objects from 11.5 to 12.1.
    Can we use the same tool to accomplish our requiremnt ? Or is there any other tool for this?
    Please suggest me on this.Thanks in advance.
    Regards,
    Manisha

    Thanks Jamie.I got it.upgrade guides located at http://service.sap.com/instguides -> SAP Business Suite Applications -> SAP Manufacturing -> SAP MII.
    Thanks,
    Manisha

  • X.509 PKI LDAP Schema for OID

    Hi,
    my question is about availability X.509 PKI LDAP Schema for OID. Does anyone know if it is possible to import already predefined schema into OID?
    Is it neccessary to folow RFC2587 and define the schema by hand?
    Any response and advice appreciated.
    Petr
    P.S.
    I am quite new in the area of OID so some my questions may seem incomrehensible.

    Hello Petr:
    You most certainly can load your own custom schema items into OiD. A few things to keep in mind when you do this.
    Make sure you load the attributes first.
    Then your objectclasses.
    Then your Catolog/indexes if you have any.
    Then load your directory entries.
    And last load any ACI's you may have.
    If you give me a few of your schema definitions I would be happy to give you an example of how to do this.
    There are many PKI venders out there and not all of them store certificates the same way. Some use standard schema attributes and others add their own custom attribute.

  • LDAP client for solaris 9 with ds5.2 on other box

    Hi
    I have ds5.2 installed on Box1. I am trying to configure ldapclient on solaris 9 box. I want this to point to existing ldap server for authentication. Sun documentation is not clear about how to do that ? as some of the switches mentioned with ldapclient doesn't work. Most of the solutions I saw are on integrated solaris 9 ds server configuration. e.g idsconfig etc. I am not finding how to do basic authentication of solaris9 cient with any ldap server (ds5.2) installed on some other box.

    The syntax of ldapclient changed in Solaris 9 (at least by 9 12/03). You now specify it like this:
    # ldapclient -v init -a profileName=cn=myProfile,ou=profile,dc=example,dc=comIf you're using Proxy Authentication add the following:
    -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com -a proxyPassword=ClearTextPWYou should have been able to create a profile (storing it in the DIT) when you ran idsconfig. If you took the default name of "default" (cn=default,ou=profile,dc=example,dc=com) you might not even have to specify the profile name to ldapclient.
    To generate a new profile and store it in the DIT use:
    $ ldapclient -vgenprofile -a profileName=cn=myProfile,ou=profile,dc=example,dc=com -a defaultSearchBase=dc=example,dc=com ...With your various attributes for your profile as specified in ldapclient(1M).
    As for pam, you have to decide which you're going to use: pam_unix or pam_ldap. Note that the Solaris pam_ldap is very different from the PADL pam_ldap used under Linux and elsewhere (this makes it easy to find apparently conflicting advice).

  • Multiple destination hosts in route.cfg for single domain

    GW 8.0.2
    We have route.cfg set up to send mail for some destination domains direct instead of through the default relay.
    One of the destination domains we want to add to route.cfg has multiple MX hosts they can receive mail on.
    Is it possible to add multiple host IP addresses for a single destination domain in route.cfg?
    for example:
    abc.com has mail receivers with MX records:
    abc.com 3600 IN MX 9 10.0.0.25
    abc.com 3600 IN MX 2 10.0.1.25
    abc.com 3600 IN MX 2 10.0.2.25
    abc.com 3600 IN MX 9 10.0.3.25
    - is there a way to put all those into route.cfg for abc.com for resilience?
    As I've read that route.cfg works in a similar manner to the hosts file, would a space separted list of IP addresses work?
    Anthony

    On 8/5/2013 10:06 AM, laurabuckley wrote:
    >
    > Thanks Anthony.
    >
    > Please do post back your findings as even I am curious now. I,
    > unfortunately, am not in a position to actually test this for you :(
    >
    > Cheers,
    >
    >
    unless it has been changed, no
    You get to list one and only one entry. No load balancing, no failover.

  • Eclipse Plugin for SAP MII

    Good afternoon everyone.
    I am beginner and I've been reading about the eclipse plugin for SAP MII.
    And I was with some doubt someone could help me?
    1) This plugin is paid?
    2) With the plugion I can have all the features that the SAP MII Workbench?
    3) How can I get this plugin?
    Thank U.

    Hi Carlos,
    It should be available on your eclipse through this menu:
    I have tried to find it but it's not available. This could be due to many reasons but I think it could be that:
    a) I'm running Eclipse Luna so it might be possible that it is not listed because I'm using an unsupported version.
    b) I don't have the correct marketplace in my list of available marketplaces and I should add the correct one. This one doesn't look likely but I can't tell for sure.
    c) It has been discontinued and is no longer available for download in which case we won't be able to find it.
    If I find out what the problem was I'll let you know.
    Kind regards,
    Ibai

  • Using CUCM as LDAP Server for Jabber Phone

    Hi All,
    I have CUCM 9.1 and Jabber 9.1 for android, I want to configure the Directory search with CUCM as LDAP server, when all the End User automatically added to directory search on the Jabber because we don't have any ldap server, but until now I always got Directory status Disconnected or Error.
    Thing that I"ve done :
         1. Cofigure the LDAP server on phone configuration with CUCM ip address.
         2. FIll the Username and Password with CUCM Username and Password. (don't work)
         3. Create new Application User with AXL API Access that used to be the LDAP Username and password (don't work)
    does anyone have done this?or the connection with another LDAP Server is mandatory for jabber application? becaus I know some 3rd party application that can done this.
    please help me with this problem, any help or comment will be grateful
    Regards,
    Yopie

    UDS does not work with Jabber for Android, you do need an LDAP
    Requirements for Integration with Corporate Directory (Optional)
    Use one of the following for Lightweight Directory Access Protocol (LDAP):
    Microsoft Active Directory 2003
    Microsoft Active Directory 2008
    Open LDAP
    http://www.cisco.com/en/US/partner/docs/voice_ip_comm/jabber/Android/9_1/JABA_BK_J0D6CD65_00_jabber-android-release-notes-9-1-1.html
    HTH
    java
    if this helps, please rate
    www.cisco.com/go/pdihelpdesk

Maybe you are looking for

  • Using clips created in Flash Professional

    Hello! A newbie question: When working with AS in Flash Builder, Is it possible to use a MovieClip that I have created in Flash Professional? How? I wrote a simple game in Flash Professional, 99% of it is pure code (AS3) but one of the building block

  • Photo Libaries not opening helpp

    Hello, I have recently moved 3 different photo libraries from 2 different computers, all 10.5.7, I took one off a quad pro pc with ilife09 and the other a G5 with ilife09, to an external harddrive- I also moved my main libary on my macbookpro to it a

  • Where can I find the OAS 4.0.8.1 "Servlet Patch Set"?

    As per the title - is the "OAS 4.0.8.1 Servlet Patch Set" something I can download? I'm having problems getting PTG 1.0.2 to work on OAS 4.0.8.1. Maybe I need this servlet patch. Where can I find it? Many thanks in advance, Mark

  • R-Cran

    Hey there, I plan to write a program which uses a mathematical Tool called R-Cran ( http://www.r-project.org/ ) that runs in the background and is a console program. Now I'd like to connect my Java proggy with R and send it the following command: c(1

  • Blown out footage - Color Correction fix-it tips

    I'm dealing with some DV footage that was shot about three or four stops open, daylight exterior, so everything is pretty blown out. Using the 3-way color correcting filter certainly helps take things out of the 'illegal zone', but it makes the skin