LDAP connection for user attribute via webdynpro code

Similar Messages

• FAQ: BC-LDAP-USR (Directory Interface for User Management via LDAP )

  Version: 20060317
  Q: Where can i find more information to the BC-LDAP-USR interface ?
  A: Have a look on our ICC webpage in the SDN:
  SAP NetWeaver AS - Directory Interface for User Management via LDAP (BC-LDAP-USR)[1] [original link is broken]
  Q: What costs a arising when we want our product to be certified ?
  A: See also our SDN page under the headline "Price List".
  Q: Is there a link/page for the already certified products for this interface ?
  A: Sure, have a look on our ICC page under the headline "Certified Solutions"
  Q: Who can we ask in case of general question ?
  A: Have a look at our general ICC forum:
  SAP Integration and Certification Center (SAP ICC)
  Of course, if you have urgent requests you can send them also directly to our local ICC's:
  ICC Walldorf in Germany: [email protected]
  ICC Palo Alto in USA: [email protected]
  ICC Bangalore in India: [email protected]
  Q: Who can we ask in case of technical questions ?
  A: This depends on the state of your certification project.
  1.) If the certification contracts have been signed then you can ask in this forum and if this does not solve your question go back to your assigned integration consultant.
  2.) When the certification contracts have not been signed then you can ask questions in this forum.

  I distinguish it using the passwordExpirationTime(or something like that, i don't have code here with me).
  This is possible if after password is expired user has at least one more access.It is a user policy that can be set in the Ldap server.
  If it is possible, user can still login and perform operations.You chan search the passwordExpirationTime attribute and determine if password is expired, and the send a message to the user, telling him to change it.(If only one access is allowed and you change the password with the same application or service then do not close context, else you should not be able to connect again.) Instead, if you use an external script, then the last acces should not give you problems.
  Hope i made myself clear.

• Problem with LDAP authentication for users in a group

  I've gone through several forums attempting to find a solution, but I still can't get authentication to work for users in a particular group within AD. Our ASA is running 9.1(2), and the domain controller is a Windows Server 2012 R2.
  I can configure the VPN connection, so that all users can authenticate just fine; however, when I setup the group, there appears to be success, but I'm reprompted to authenticate, and it eventually fails:
  [6707]  memberOf: value = CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com
  [6707]          mapped to IETF-Radius-Class: value = GroupPolicy_COMPANY_SSL_VPN
  [6707]          mapped to LDAP-Class: value = GroupPolicy_COMPANY_SSL_VPN
  [6707]  msNPAllowDialin: value = TRUE
  I'd be grateful if anyone can point me into the right direction and show me what I'm doing wrong. Thank you.
  ldap attribute-map AuthUsers
    map-name  memberOf IETF-Radius-Class
    map-value memberOf "CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com" GroupPolicy_COMPANY_SSL_VPN
  aaa-server LDAP protocol ldap
  aaa-server LDAP (COMPANY_PROD_INTERNAL) host 10.10.100.110
   ldap-base-dn DC=COMPANY,DC=com
   ldap-scope subtree
   ldap-naming-attribute sAMAccountName
   ldap-login-password *****
   ldap-login-dn CN=LDAPAuth,CN=Users,DC=COMPANY,DC=com
   server-type microsoft
   ldap-attribute-map AuthUsers
  group-policy NOACCESS internal
  group-policy NOACCESS attributes
   vpn-simultaneous-logins 0
   vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
   webvpn
    anyconnect ask none default anyconnect
  group-policy GroupPolicy_COMPANY_SSL_VPN internal
  group-policy GroupPolicy_COMPANY_SSL_VPN attributes
   wins-server none
   dns-server value 10.10.100.102
   vpn-tunnel-protocol ikev1 ikev2 ssl-client
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value SPLIT-TUNNEL
   default-domain value net.COMPANY.com
   webvpn
    anyconnect profiles value COMPANY_SSL_VPN_client_profile type user
  tunnel-group COMPANY_SSL_VPN type remote-access
  tunnel-group COMPANY_SSL_VPN general-attributes
   address-pool COMPANY-SSL-VPN-POOL
   authentication-server-group LDAP
   authorization-server-group LDAP
   authorization-server-group (COMPANY_PROD_INTERNAL) LDAP
   default-group-policy NOACCESS
   authorization-required
  tunnel-group COMPANY_SSL_VPN webvpn-attributes
   group-alias COMPANY_SSL_VPN enable
  tunnel-group COMPANY_SSL_VPN ipsec-attributes
   ikev1 pre-shared-key *****

  I just figured it out. Under "group-policy GroupPolicy_COMPANY_SSL_VPN attributes", I had to add "vpn-simultaneous-logins 15". Apparently, it was using the value "vpn-simultaneous-logins 0" under the NOACCESS group policy.

• "Password has expired" for user created via UME API

  Hi,
  I have written a service that processes new user accounts and uses the UME API to create them. The code works fine on my local Sneak Preview installation of EP6 SP16, allowing the created users to logon and forcing them to change their password on first login.
  When I try and run this code on EP6 SP14 it completes without generating any exceptions but when I try and login I get the message "Password has expired" and cannot login or change the users password.
  Does anyone know why?
  I have the following UME settings for both servers:
  ume.logon.security_policy.password_change_allowed = TRUE
  ume.logon.security_policy.password_change_required = TRUE
  ume.logon.security_policy.password_expire_days = 99999
  The SP14 server also uses LDAP to authenticate users primarily  and has the following setting:
  ume.persistence.data_source_configuration = dataSourceConfiguration_ads_deep_readonly_db.xml
  There are some other UME configuration differences but none that seem relevant to this problem.
  Can anyone suggest what the problem might be?
  Cheers,
  Steve Archer

  The Xp machine is fine acessing the mb
  its the macbook that is having a problem accessing the xp machine coz it says that the password has expired
  but there is no password for the user on the xp machine that i am trying to access from my mb
  so that would be:
  xp to mb = fine all working
  mb to xp = password expired even though no password required for the xp user

• How to access custom ume user attributes via VC?

  Hi guys,
  I configured a custom user attribute within the ume configuration:
  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/de/44/0316d50bbe025ce10000000a1553f7/frameset.htm">Adding Custom Attributes to the User Profile</a>
  Now, how can I access this attribute within my VC model (user data)?
  Thanks for your ideas
  Benny

  Hi,
  Regarding adding properties to user data control, i have the following information. But i am not sure, whether it will be helpful to you.
  You can add a personalise property/User mapping property into a user data control.
  Drag a User data component, go to configure and click the + sign at the bottom of User parameters.
  You can add any personalised properties to the user data (with valid data types and allowed values). Then can use the property in any formula.
  When iView is opened in portal, the personalise property of that particular iView is used to change the property value
  Hope it helps.
  Regards,
  Sooraj

• How to connect SAP user to a webdynpro and how to pass parameters ?

  Hello,
  I have two technical questions :
  1) How to recognize user from Portal and to get his pernr from SAP Backend (SSO to configure with SAP R/3 ?, use a bapi to get the pernr with the name and firstname of the portal user ?)
  2) How to open a new window in a webdynpro application (one view and you click on a row of a table, i have to open a new window (frame in my browser))
  Thanks a lot for your answers
  Cheers
  Aurelien

  Hi
  For ur Second Question if u want a popup Window this is how u do it.
  IWDWindowInfo windowInfo = wdComponentAPI.getComponentInfo().findInWindows(<<Window Name u have defined while creating component>>);
             IWDWindow window = wdComponentAPI.getWindowManager().createWindow(windowInfo,true);
             wdContext.currentVnControllerDetailsElement().setVaWindowInst(window);
             window.setWindowPosition(WDWindowPos.CENTER);
             window.setWindowSize(700,400);
             window.open();
  Here vaWindowInst is of type IWDWondow . This u can have in Java NAtive type
  com.sap.tc.webdynpro.services.session.api.IWDWindow
  If it is External Window Then i shall give u the code for the same.
  get Back

• URGENT! I need help on LDAP - Finding deleted users Attribute "sAMAccount"

  Hi,
  I am trying to get deleted users from Active Directory after a certain interval. Every time only the differences in the result will be shown. Also I need to get the value of the specific attribute called "sAMAccount" every time for each user(in the result).
  I am using polling here.
  *if (localCookie == null) {*
                      // Specify the DirSync Control
                      *Control[] ctls = new Control[] { new DirSyncControl() };*
                      ctx.setRequestControls(ctls);
                 *} else {*
                      // Specify the DirSync Control with cookie
                      *Control[] ctls = { new DirSyncControl(1, Integer.MAX_VALUE, localCookie, true) };*
                      ctx.setRequestControls(ctls);
  rspCtls = ctx.getResponseControls();
  *if (rspCtls != null) {*
                 *for (int i = 0; i < rspCtls.length; i++) {*
                      *if (rspCtls[i] instanceof DirSyncResponseControl) {*
                           *DirSyncResponseControl rspCtl = (DirSyncResponseControl) rspCtls;*
                           localCookie = rspCtl.getCookie();
  The typical problem I am facing here is 2nd iteration onwards the result is not fetching the attribute "sAMAccount".
  Please suggest the possible reason and solution.

  String searchBase = "DC=test,DC=com";
  String searchString = "(&(objectClass=user)(|(givenName=*)(isDeleted=TRUE)))";
  String url = "ldap://jbaitest.test.com:389";
  String initCntxtFact = "com.sun.jndi.ldap.LdapCtxFactory";
  String login= "CN=Administrator,CN=Users,DC=TEST,DC=COM";
  String passwd = "welcome@1";
  byte[] localCookie = AdPolling.getCookie();
  try {
      Hashtable<String, String> env = new Hashtable<String, String>();
      env.put(Context.INITIAL_CONTEXT_FACTORY, initCntxtFact);
      env.put(Context.SECURITY_AUTHENTICATION, AdConstant.SECURITY_AUTH_TYPE_SIMPLE);
      env.put(Context.SECURITY_PRINCIPAL, login);
      env.put(Context.SECURITY_CREDENTIALS, passwd);
      env.put(Context.PROVIDER_URL, url);
      LdapContext ctx = new InitialLdapContext(env, null);
      SearchControls searchCtls = new SearchControls();
      String returnedAtts[] = null;
      searchCtls.setReturningAttributes(returnedAtts);
      searchCtls.setReturningObjFlag(true);
      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
      if (localCookie == null) {
          Control[] ctls = new Control[] { new DirSyncControl() };
          ctx.setRequestControls(ctls);
      } else {
       // Specify the DirSync Control with cookie
       Control[] ctls = { new DirSyncControl(1, Integer.MAX_VALUE, localCookie, true) };
       ctx.setRequestControls(ctls);
      NamingEnumeration enumSearchResult = ctx.search(searchBase, searchString, searchCtls);
      AdRestClientConnector adRestCon = populateUsers(enumSearchResult); // Method to get the different  attribute values
      rspCtls = ctx.getResponseControls();
      if (rspCtls != null) {
       for (int i = 0; i < rspCtls.length; i++) {
           if (rspCtls[i] instanceof DirSyncResponseControl) {
            DirSyncResponseControl rspCtl = (DirSyncResponseControl) rspCtls;
            localCookie = rspCtl.getCookie();
  AdPolling.setCookie(localCookie);
  } catch (NamingException e) {
       log.error(AdConstant.ERROR_SEARCHING_DIR_PROBLEM + e);
  } catch (Exception e) {
       log.error(AdConstant.ERROR_SEARCHING_DIR_PROBLEM + e);

• See my code that i use for user login but my code not give me result

  sir i use oracle with vwp in netbeans 6.1
  i want creat a user login form
  i drop three textfield and one button
  in button i use this code for finding the user in database but this code not me result that go to catch (Exception e) all field in database is string
  public String button1_action() {
  try {
  RowKey userRowKey = luserDataProvider.findFirst
  (new String[] { "luser.username", "luser.pwd" },
  new Object[] { textField1.getText(), textField2.getText() });
  if (userRowKey == null) {
  textField3.setText("fahim");
  error("Invalid user id or password");
  return "case1";
  } else {
  textField3.setText("aamir");
  return "cust";
  catch (Exception e) {
  log("Cannot perform login for userid " + textField3.getText(), e);
  error("Cannot perform login for userid " + textField3.getText() + ": " + e);
  textField3.setText("NOOOO");
  return null;
  please give me idea how i find record from database
  thank you
  aamir

  These are user-to-user forums, you are not talking to Apple here - so I've asked the hosts to remove your email address from your post.
  The security code is the 3 or 4 digit code on your credit card, it's quite often on the back of the card on the signature strip, though on some cards it's on the front : credit card security code.

• Updating value of for taxonomy attributes via ABAP API

  Hi ,
  We have table Product hierarchy repository in that we have Products table and ProductHierarchy table which is of type taxonomy .
  The product hierarchy is assigned to each product as lookup taxonomy field.
  Can anyone please let me know how we can update the values assgined to the attribute throght ABAP API.
  Example we have the attribute called color which assigned to Product Hierarchy 'A' and this product hierarchy 'A' is attached to Material '111' and the attribute color will have value 'Blue' for material '111' now I want to update the value of color to 'Red' . How we can achieve this via the MDM ABAP API.
  Regards,
  Amar Kamat

  If your question is how to change the value of an attribute for a specific product this is the solution:
  Use IF_MDM_CORE_SERVICES->RETRIEVE( ) to retrieve the product record so that you have a populated structure of type MDM_PARAMETER. In this structure you will find the entry relating to the taxonomy field. The VALUE attribute of this line entry will be a reference to type MDM_TAXONOMY_ENTRY.
  At this point you will want to take the TAXONOMY_ENTRY_ID and TAXONOMY_TABLE_CODE of this structure to retrieve the attributes. Using IF_MDM_CORE_SERVICE->RETRIEVE_ATTRIBUTES( ) and the attributes mentioned before you will get the results into a table of line type MDM_ATTRIBUTE_INFORMATION_SL.
  Select the appropriate line from the result table based on the attribute name (ATTR_NAME). In the record of type MDM_ATTRIBUTE_INFORMATION_SL you will now want to select the appropriate line from the table found in field ATTR_FEATURE_DOMAIN. Find the appropriate attribute (in this case color) by VALUE_NAME and copy the VALUE_ID (type MDM_UNIQUE_ID).
  Now back to where we left off in the original record (MDM_PARAMETER), loop through the table found at field TAXONOMY_ATTRIBUTES of the MDM_TAXONOMY_ENTRY looking in ATTR_INFO for the correct ATTR_NAME. When the correct entry is found, update the ATTR_FEATURE_DOMAIN with the new VALUE_ID and viola, you've got a mdm record ready to be updated.
  Simply call IF_MDM_CORE_SERVICE-UPDATE( ) with the modified record and you've updated your attribute assignment.
  In short:
  Navigate to the MDM_TAXONOMY_ENTRY of the product record
  Retrieve the attributes from the corresponding taxonomy table and navigate to the unique ID of the desired attribute
  Navigate to the attribute within the record's MDM_TAXONOMY_ENTRY and update the VALUE_ID with the new unique ID
  Update the product record
  Regards,
  Brian Dennett

• Approval For User Attribute Change

  Hi All,
  In OIM is it possible that an approval process can be called on change of user's particular attribute (let's say Department and Location). Also is there any provision where we can defined a rule which is able to find out user's manager as per certain attributes while self registration so that no need to mention user's manager explicitly.
  Thanks!

  Hi,
  1. Find the Exit / BADI/ ENHANSMENT POINT in the mainprograme of the respective infotype.
  2. Create a custom table to temporarily store the data.
  3. From the EXIT trigger the workflow and save the data in the custom table.
  4. Approval from MANGER.
  5. Once the approval over then Write a background step in which it needs to retrive the data from the
  Custom table and Update the Infotype .
  6. Delete the data from custom table once the process is over.
  Reward points for useful answer.
  Richard A

• How to use multiple connections for xcelsius dashboard via toggle button

  Can anyone shed some light on how to apply a toggle button for multiple connections using xcelsius dashboard.
  I created two SAP connections in my xcelsius dashboard.  The first connection uses query 1 (bottom ten customers) and the second connection uses query 2 (top ten customers).  I wanted to use a toggle button where the user would click Top Ten customers versus Bottom Ten customers.  Which ever the user clicks in the toggle botton would run that query.
  If the toggle button is not the way to handle this can someone explain a better approach to run either query in the same dashboard.
  Thanks,
  Joe

  Hi,
  I've never had to do this so have no practical experience.  However in theory you should be able to do the following (assuming the data connection type youu2019re using has the "Usage" tab):
  Set up the two connections as normal - On the usage tab set the detail query to Refresh before components are loaded and make sure that this is unchecked for the other query.  Set both queries to populate the same range so that one query will overwrite the other in the Xcelsius spreadsheet.
  Bind a toggle button to a cell e.g. A1
  Back to the data connections again and set the "Refresh on trigger" trigger cell to A1.  And set the "When Value Becomes" to either "On" or "Off" dependent on how you've set up the toggle button.  Repeat for the other query.
  Hope this helps,
  Paul

• How to create a proxy object for MOSS integration via WebDynpro For ABAP

  Hello all,
  I have a question about the creation of an ABAP proxy class in SE80.
  When i follow this link:
  [https://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/6066fbe8-edc4-2910-9584-a9601649747d&overridelayout=true]
  i see on page 7 that there is: a tab under create called Enterprise Service/ Web Service with under this tab a tab called proxy object.
  When i do this in my SE80 i only see Enterprise Service and not proxy object.
  Screenshot
  [http://picasaweb.google.be/panneels.robin/SAPScreens#5377623235095894546]
  Is there a extra configuration or add-on needed to do this action? Or is there a work-arround for this?
  Because we need this for abap web dynpro for communication with MOSS.
  Thanks in advance for all your help.
  With kind regards,
  Robin Panneels

  Hi James,
  If you like to use SAP web dispatcher as a solution for load balancing portal application, you no need to create system object under systems..
  You have to install web dispatcher as separate instance where you need to configure portal apps into it..
  Configure web dispatcher like to hit the admin port, use http://<webdisp-server>:<adminport>/sap/admin
  For normal portal access, use http://<friendly URL>/irj/portal
  The good news is that the webdispatcher knows that the portal supports SSL
  Another advantage of this config, is the webdisp, will just replace the apache redirect server. Users will access mycompany.com, without any port number, since we are redirecting 80 to the backend j2ee. Also, https should work like in the normal world.
  Profile will be like below...
  SAPSYSTEMNAME = WEB
  SAPSYSTEM = 00
  INSTANCE_NAME = W00
  DIR_CT_RUN = $(DIR_EXE_ROOT)/run
  DIR_EXECUTABLE = $(DIR_CT_RUN)
  Accesssability of Message Server
  Message Server Parameters ##########
  NOTE: The "ms/http_port" must match the profile on the Central Instance
  rdisp/mshost = <FQDN of portal CI Host>
  ms/http_port = <Ms port of portal>
  SAP Web Dispatcher Ports
  #icm/server_port_0 = PROT=HTTP,PORT=81$$
  icm/server_port_0 = PROT=HTTP,PORT=80, TIMEOUT=3600, EXTBIND=1 (some OS will not allow to bind ports <1024)
  Admin port details
  icm/server_port_1 = PROT=HTTP,PORT=3200
  #, EXTBIND=1
  icm/HTTP/admin_0 =
  PREFIX=/sap/admin,DOCROOT=./admin,PORT=3200,AUTHFILE=/usr/sap/WEB/SYS/global/security/data/icmauth.txt
  SSL
  icm/HTTP/redirect_0 = PREFIX=/ , TO=http://<friendly URL name>/irj/portal
  WebAS Message Server Parameters
  rdisp/TRACE = 1
  icm/trace_secured_data = 1
  Regards
  Suresh

• External LDAP connection for Jive forum webcenter Discussion

  Hi All,
  We could successfully configure external LDAP with Webcenter Discussion forum. In turns Jive forum.
  Problem we are facing : It is authenticating for display name instead of actual userid.
  EX:
  John Paul (display name)
  [email protected] (email id)
  John.paul (userid)
  It is accepting John Paul as username instead of john.paul. This is issue as there can be duplicate display names.
  Which parameter and where to configure to make sure Authentication is done for userid only.

  I think jive is used in webcenter discussions?
  You may have the wrong forum... this is for Webcenter Interaction Products.
  For help with Webcenter Discussion, blogs, and wiki's (part of webcenter services), you want to ask your question here:
  http://forums.oracle.com/forums/forum.jspa?forumID=733

• Limited Connectivity for users

  Hi all,
  We have 2 WLC connected with 7 RAPs and 16 MAPs , but some users connected to some APs don't get the DHCP IP and showing limited connectivity.
  But when I restart the APs ,they are able to connect sucessfully.
  The configurations of CoreSwitch,Access Switches and WLC screenshots are herewith attached.
  Any help appreciated.
  Sudeesh

  Which APs are you restarting?  The Maps or the Raps?
  One thing you should check is the mesh path back to the RAP before & after the reboot of the AP.  That may shed some light on the issue if the MAP initially has an efficient path back to the RAP but then degrades after a while.  Is the issue happening in a specific area? 

• Query for user group

  Dear Team,
  When I am creating  Query for user group via T-code  SQ01.
  Query     ZDEMO1    then Create
  This messege is comming .
  System setting does not allow changes to be made to
  object AQQU /ISDFPS/OM  ZDEMO1
  Why this messege is comming .
  Thanks
  manu

  Dear Manu,
  Please check in SE06 >> change system options >> if the system and the relevant object is in modifiable status.
  Cheers,
  Jazz