LDAP Filter to exclude a sub OU?

Similar Messages

• Any way to use filter to exclude tables in navagation pane?

  Is there any way to use filter to exclude a set of tables from the table list in the navagation pane? I have a number of tables (15+) starting with the same prefix eg. AB123 that I would like eliminate from the list. They sort right to the top and I always have to scroll down, and go through the show more dialog to see the entire list.
  I am sure I'm missing something, but not sure what. Help Center has nothing to offer.
  Thanks
  Glenn

  This has been mentioned on the forum before - basically the need for more elaborate ways to filter (multiple conditions as well as 'not like'). It is on our list for future consideration, meaning post-production.
  -- Sharon
  Message was edited by:
  sbkenned

• Creating LDAP filter in authorization rule OAM 10G

  Hi,
  I want to set up a LDAP filter in Authorization rule based on which i will redirect users to specific URL's. what is the syntax to writing LDAP filters in OAM authorization policy. Any pointers to documentation will be appreciated.
  Also i want to know whether authorizations always follow authentication. i.e. my redirection will be successful only after a user is authenticated in end application based on the headers we send out after successful authentication.
  Please Help
  Thanks
  Edited by: 904630 on Dec 27, 2011 5:34 AM
  Edited by: 904630 on Dec 27, 2011 5:36 AM

  Open Identity server console and check the attribute's Display Name and type in Object classes section. I recently faced a similar issue and it got fixed after providing these two values.
  Hope it works for your as well :)

• VSOM 7.0.1 LDAP Filter AD

  Hello!
  LDAP server settings are as follows: 
  Name: SFC.LOCAL
  Host Name: 192.168.104.252
  port: 389
  Member of: %USERID%@sfc.local
  Database search for users: OU=Accounts,DC=sfc,DC=local
  User ID attribute: sAMAccountName
  How to create a filter selecting users from a specific location in aerarhii AD?
  People are on the way: 
  OU=SPK,OU=Offices,OU=Delegate,OU=Common,OU=Accounts,DC=sfc,DC=local
  try like this: 
  search path: OU=Accounts,DC=sfc,DC=local
  Filter: (&(sAMAccountName=%USERID%)(memberOf=CN=SPK,OU=Offices,OU=Delegate,OU=Common,OU=Accounts,DC=sfc,DC=local))
  Runtime Error: The user with the given name is not found in the LDAP filter by (&(sAMAccountName=drozdov.alexander)(memberOf=CN=SPK,OU=Offices,OU=Delegate,OU=Common,OU=Accounts,DC=sfc,DC=local))
  in it may be inaccurate filter configuration?

  Hello Alex,
  Here is the example to do LDAP serach filter configuration. Let me know if this help
  •General Settings
  Hostname: ds.cisco.com
  Port: 389
  Principal: %USERID%@cisco.com
  User Search Base: ou=Cisco Users,dc=cisco,dc=com
  Userid Attribute: sAMAccountName
  •LDAP Search Filter:
  Select a Cisco mailing list you are on from mailer.cisco.com, and substitute its name for <anyMailer> in the Filter below
  Search Path: ou=Cisco Users,dc=cisco,dc=com
  Filter: (&(sAMAccountName=%USERID%)(memberOf=CN=<anyMailer>,OU=Mailer,OU=Cisco Groups,DC=cisco,DC=com))
  Br,
  Nadeem Ahmed

• Smart Folders: Possible to exclude specific sub-folders?

  I want to create a smart folder that shows all documents opened in the past two weeks within my user folder, but I want to exclude my browser cache and various Library files.
  Is there a way to exclude certain sub-folders from a smart search? I'd like to figure this out because it would be really useful to me in other ways too.
  Thanks.

  Unless you have done a little hack you should not see any files from your ~/Library folder in a search, unless you explicitly tell Spotlight to display system files. Browser files are included if you start your search from the Spotlight icon. But if you start with a search window by invoking it with Command-F that won't happen. There is no way I know of to exclude sub-folders in a search. Try this and see if it returns what you want:
  1. Open your home folder
  2. Hit Command-F
  3. Select your home folder rather than the idiotic default of This Mac in the search toolbar
  4. Underneath that you should see Kind:is:Any--click the double arrows and change Any to Documents
  5. Click the + button
  6. Select "Last opened date" from the drop down menu, then "with last" and fill in 2, then select "weeks" from the final drop down menu
  Be aware that the definition of "Documents" is pretty much everything, from Word docs to html files, to jpegs, tiffs, text files, pdfs, and so on.
  Francine
  Francine
  Schwieder

• How to create LDAP filter-based rule to check Group membership in OAM

  Hi folks,
  I'm having hard time creating an authorization rule to verify ldap group membership. I've followed "Configure User Authorization" article from Oracle website (http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/b32420/v2authz.htm#BABHBFEJI) and created an Authorization scheme w ldap_attribute_name as User Parameter and ruleExpression as Required Parameter. Then, inside my policy I created an Authorization Rule based on my Authz scheme w Allow Access attrib filter-based Rule which looks like this:
  ldap://ldap_server:port/ou=People,o=Company,c=US??sub?(ldap_attribute_name=ldap_attribute_value)
  This works fine.
  Now, I've added another filter-based rule under the same Authz Rule/Allow Access:
  ldap://ldap_server:port/ou=Groups,o=Company,c=US?uniqueMember?sub?(&(objectClass=groupOfUniqueNames)(cn=ldap_group_name))
  While query looks somewhat correct and works as a command-line argument (slightly modified format), it does not work in OAM (meaning people w out req-d group membership can still login).
  Can someone steer me to the right direction as to what do I need to do:
  1. Change/fix the ldap query
  2. Create new Authz scheme with uniqueMember userParameter; create new Authz rule based on new authz scheme; create new Allow Access filter rule with the ldap query I have
  3. Do smth else
  Any help is greatly appreciated.
  Thank you, Roman

  You can create two authorization rules
  First for user with attribute
  and second for group
  and then in authorization expression you can have AND of these two.
  Regarding your query...
  First ... If your requirement is to give access to all the members of a particular group then you don't require any ldap filters
  All you have to do is in the authorization rule -> Allow access -> Select People (here you have to select group so click on the group tab, its little hard to see but its there in light blue color on dark blue tab) -> select the group you want to give access
  Second.. If your requirement is such that you want to give access to a member of a group which has certain attribute lets say group with status active ( In this case you are not aware of the name of the group because user can be a member of any group but you want to give access only to the group with specific attribute.) then you have to write custom authorization plugin.
  If the option is second let me know i can give you a solution which will work for a single domain without any effort of developing a major plugin.
  Hope this helps,
  Sagar

• How to Exclude a sub directorys from polling using FileAdapter of BPEL Proc

  Hi all,
  I have a BPEL process with file adapter which is polling to root folder .
  I want to exclude File polling for some of the sub folder of the BPEL process.
  How to exclude file polling for sub folder i know the option is available for file name not for folder.
  Thanks
  Phani

  dude, you have to give the exact name of the folder you want to poll to,
  you can also pass the location of the folder at runtime/dynamically.
  In 10 G only single location can be polled by single file adapter
  in 11 g we can poll different folders by single file adapter
  However I doubt that there can be selective polling to multiple folder.

• Functiion module for hierarchy of classes excluding a sub tree.

  Hi,
  I am working on a custom transaction for hierarchy of classes by cloning standard CLHP transction.
  There were some FMs which will give all the subclasses  of a class or all super classes of sub class.
  for ex.FM: CLHI_STRUCTURE_CLASSES.
  But my requirement is to get all the lower level classes except a specified class( excluding its subclasses also if any).
  Thanks in advance,
  Satya.

  Hi Stephen,
  Yes this is what the org unit I want to exclude is called. I'm actually wondering when the filtering is supposed to happen. Is it at the extraction of the data in the FM? I took a look at the FM  /NAKISA/OC_OU_STRUCTURE and I could not see a filtering logic anywhere in the code. I saw some authority checks though, and I'm wondering if the following method would work:
  - in the SAP side, exclude the org unit from the area of responsibility of the RFC user (an RFC user is used in all the data connections)
  - modify the parameters of the /NAKISA/OC_OU_STRUCTURE FM so that an area of responsibility check is performed (parameter AOR_CHECK set to 'X') on the RFC user (parameter IM_UNAME set to the RFC User's uname).
  What do you think?
  Thanks
  M.E.

• Building a report filter that excludes non-business hours and weekends

  Hi All,
  I need to know if this can be done in Answers:
  I have built a system in CRM that captures timestamps when SRs are moved into and out of stages in the SR resolution lifecycle. Then I have a report that uses timestampdiff to calculate the time that a SR spends in each SLA metric window (Respond, Diagnose, Resolve). The report currently displays only the hard difference based on a 24 hour clock.
  We need to be able to build a filter that will exclude any non-business hours (say outside of 9:00 to 5:00) and weekends, so that if my Respond window is 2 hours and an issue is recorded with a Response Start timestamp of 4:00pm, the report would show that if the Response Stop timestamp is at 9:30am the next business day, the SR met the required SLA.
  Does anyone know if this can be done? If so, any insight on how to build it? I've seen a document that explains how to exclude weekends from workflow, but can the same thing be done in reporting?
  This is a very urgent request and any help here is greatly appreciated.
  Thanks!

  Exclude weekends you can do but not business hours but perhaps you can create something....if timestampdiff(Days) greater than 1 then take off 16 hours....Mike Lairsons book has the formula for excluding weekends and I think someone may have posted it in this forum if you search for it.
  cheers
  alex

• Filter value - exclude option

  Hi,
  We have created a query with Vendor Number as Filter and We have excluded few vendor numbers (attributes). This query is working fine now.
  But, whenever any new vendor numbers are added, we would like to have automatic exclusion for any vendor number having the description for example
  " CHICAGO SUPPLIER ....".
  Regards,
  Murali

  Hi,
  It seems you already have 2 threads about the same issue...can you please close them with appropriate comments, or state why the suggestions provided are not working out for you:
  https://forums.sdn.sap.com/click.jspa?searchID=1389348
  https://forums.sdn.sap.com/click.jspa?searchID=1389348

• Filter value -  Exclude option -  Help urgently

  Hi,
  We have created a query with Vendor Number as Filter and We have excluded few vendor numbers (attributes). This query is working fine now.
  But, whenever any new vendor numbers are added, we would like to have automatic exclusion for any vendor number having the description for example
  " CHICAGO SUPPLIER ....".
  Please advise.
  Advance Thanks.
  BW Learner

  Ther is  something called text variable, which I never used might be of some help for you...
  http://help.sap.com/saphelp_nw04/helpdata/en/85/e0c73cccbdd45be10000000a114084/content.htm
  Using Text Variables
  Use
  Text variables represent a text and can be used in descriptions of queries, calculated key figures and structural components.
  When the system is replacing text variables, if it finds no values or multiple values for the reference characteristic and is thus unable to determine a unique value, the technical name is output as the result: &<technical name of the text variable>&
  Procedure
  Selecting existing text variables
  Choose  to select an existing text variable.
  Changing existing text variables
         1.      If want to change an existing text variable, select the text variable in the Description field and click with the left mouse button on the selected text variable.
         2.      From the context menu that appears below the field, choose Change Text Variable. The SAP BW Variables Editor appears.
  For more information, see Changing Variables in the Variable Editor.
  Creating new text variables
         1.      In the Description field, enter an ampersand &.
         2.      From the context menu that appears automatically, choose New Text Variable. The SAP BW Variables Wizard appears.

• How to setup an LDAP filter in OpenDirectory

  Hello,
  I hope I am posting to the right forum.
  I have an existing central directory managed by LDAP.
  The users can authenticate against my LDAP server.
  In the LDAP directory, the users have a special attribute, making a list of machines and services they can or cannot access.
  How to configure OpenDirectory to apply a filter to the LDAP records, so only users with a given value (lets say "macosx" in a given attribute) can authenticate?
  For example, on another machine (FreeBSD) I have the following in pal_ldap configuration:
  nssbasepasswd ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th?one?csimAccountPermission=sambalogin
  where csimAccountPermission=sambalogin is the filter and only users with that key will be able to use samba service.
  TIA,
  Olivier

  Please try this forum, its for OS X server.
  http://discussions.apple.com/category.jspa?categoryID=96

• Q: UCM Ldap filter not finding groups

  Hi There,
  I am setting up UCM and am having problems with group(roles) being set by the ldap provider.
  The users authorizes, but the ldap search returns no groups.
  LDAP mapping of roles gives the following error every time...
  userstorage 09.03 10:06:59.806 IdcServerThread-34 Loaded extended info for user ucm_user
  userstorage 09.03 10:06:59.806 IdcServerThread-34 Loading Attributes for user ucm_user
  userstorage 09.03 10:06:59.806 IdcServerThread-34 UseFullGroupName false
  userstorage 09.03 10:06:59.807 IdcServerThread-34 UseGroupFilter true
  userstorage 09.03 10:06:59.807 IdcServerThread-34 Searching for groups containing user CN=ucm_user,OU=city,OU=Users-Active,DC=abc,DC=com
  userstorage 09.03 10:06:59.807 IdcServerThread-34 Using search filter (&(objectclass=group)(member=CN\3ducm_user\2cOU\3dcityr\2cOU\3dUsers-Active\2cDC\3dabc\2cDC\3dcom))
  userstorage 09.03 10:06:59.807 IdcServerThread-34 Searching for groups based at DN ou=Users-Active,dc=abc,dc=com
  userstorage 09.03 10:06:59.904 IdcServerThread-34 No groups found for user CN=ucm_user,OU=city,OU=Users-Active,DC=abc,DC=com
  userstorage 09.03 10:06:59.905 IdcServerThread-34 Adding default network account '#none" to CN=ucm_user,OU=city,OU=Users-Active,DC=abc,DC=com
  userstorage 09.03 10:06:59.905 IdcServerThread-34 Attributes loaded
  userstorage 09.03 10:06:59.905 IdcServerThread-34 LdapProvider.checkCredentials() finished in 0.182 seconds.
  Using a freeware ldap gui (ldapadmin.exe), I can run the query just fine, the groups are found.
  Has anyone seen this before?
  Thanks

  Please see the attached link under primaryGroupID, which states that the
  Domain Users group is not part of the memberOf attribute.
  http://msdn.microsoft.com/en-us/library/ms677943.aspx
  That explains why the mapping fails for any Domain Users as seen in the debugs

• LDAP - Filter on groups (iPlanet)

  We connected Weblogic to our LDAP server (iPlanet type) and successfully imported all users and groups.
  No we want to filter on the users being in one group (we are not interested in all users)
  With an ActiveDirectory LDAP Provider you can set at the All Users filter & User From Name filter:
  (&(sAMAccountName =*)(memberOf= CN=OBIEE,OU=Security,OU=Groups,OU=COMP1,DC=COMPANY,DC=com)(objectclass=person))
  With this filter in place, only users that are member of "CN=OBIEE,OU=Security,OU=Groups,OU=COMP1,DC=COMPANY,DC=com" will be able to login.
  Now we are migrating the LDAP server from ActiveDirectory to iPlanet.
  The structure of this system is:
  GROUPS
  GRP OBIEE
  uniqueMember:MVL
  uniqueMember:DFG
  USERS
  uniqueMember: MVL
  The relation between users and groups is stored on group level.
  Does anyone know if this is possible and what the structure of the filter is?
  Thanks in advance.

  Have you already found a work around?
  Depending on your DIT, I'd assume you could set your base lower, and just do a search for (!(objectclass=SAccount)).
  Also, you've probably checked it a number of times already, but could there be a spelling error? Have you tried using the wildcard on your ! filter, so that it reads:
  (&(objectclass=customAccount)(!(objectclass=customSA*)))
  Good luck!

• Hos to setup a LDAP filter in OpenDirectory

  Hello,
  I hope I am posting to the right forum.
  I have an existing central directory managed by LDAP.
  The users can authenticate against my LDAP server.
  In the LDAP directory, the users have a special attribute, making a list of machines and services they can or cannot access.
  How to configure OpenDirectory to apply a filter to the LDAP records, so only users with a given value (lets say "macosx" in a given attribute) can authenticate?
  For example, on another machine (FreeBSD) I have the following in pal_ldap configuration:
  nssbasepasswd ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th?one?csimAccountPermission=sambalogin
  where csimAccountPermission=sambalogin is the filter and only users with that key will be able to use samba service.
  TIA,
  Olivier

  Please try this forum, its for OS X server.
  http://discussions.apple.com/category.jspa?categoryID=96