LDAP members of groups

Hello. I am using Iplanet Directory Service. I have set up my LDAP schema like:
dc = edu
dc = test
ou = state
ou = city
cn = university
cn = students
cn = volunteers
The actual student names are defined at state level, so the dn for student1 would be:
uid=student1,ou=state,dc=test,dc=edu
I can get all the attributes for student1 but if I want to see what groups student1 is part of, what do I need to do? In example above, student1 happens to be part of subgroup student and sub group volunteer. This is what I have so far and it never goes in the while loop.
Attributes at = new BasicAttributes(true);
at.put(new BasicAttribute("uniquemember",
"uid=student1,ou=state,dc=test,dc=edu"));
NamingEnumeration ne = ctx.search("dc=test,dc=edu", at);
while (ne.hasMore()) {
SearchResult sr = (SearchResult) answer.next();
String GroupName = sr.getName();
System.out.println("GroupName: " + GroupName);
}

Hi
this is eliyas here can you please help me out for the following. For SunOne Directory Server
1) To connect and Authenticate with Sunone Directory server using simple as realm using JNDI
2) After authentication. I would like to have the Groups that the user is member of (group membership)
if any code snippet would be a great help to me
thanks
eliyas

Similar Messages

LDAP- large dynamic groups - performance

A dynamic group is to a static group what a view is to a table
A group is to its members what a table or view is to its records.
When the memebrs of a dynamic group is very large are there any performance problems or is that eliminatable by some indexing means?

Just an FYI ...
I found out from iPlanet that this is a bug in SP3 and will be fixed in SP4.
In the meantime, you can call tech support and get a patch.
Matt
"Matt Raible" <[email protected]> wrote in message
news:9nldgs$[email protected]..
I discovered today that the dynamic group does not seem to work for
form-based authentication with iPlanet App Server. I have a group,
Employees, in my LDAP server, and it has a dynamic group configured as
ldap:///o=douglas.co.us??sub?dcRoles=ttEmployee, where each user has a
custom attribute, dcRoles. I can test this dynamic group and expectedusers
are found.
However, I cannot authenticate with a user in this group when "Employees"is
my configured role to authenticate with.
If I open the group Employees in my LDAP Server, and under the Members,
Static Group tab - I add a user, I can authenticate with them.
I also tried adding "ttEmployee" as well as "Employee" to my deployment
descriptors - but no luck. The method of adding a user (above) is the only
way I found to work.
Can someone shed some light on this?
Thanks,
Matt

LDAP Users and Groups

Hi,

I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:

com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.


It seems that this needs to be setup. How do I do this?


Some general notes on LDAP:

I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.

Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.

It would be interesting to read what Bea and other developer think about this.

Kind regards,

Kai


Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)

Cannot retrieve Members of Group

Hi ,
I am new to Active Directory. I have the following code to retrieve members of a group (in Active Directory) which does not work.
InitialLdapContext ctx = null;
String[] MY_ATTRS = attr.split(",");
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
constraints.setReturningAttributes(MY_ATTRS);
ctx.search("DC=nam,DC=corp,DC=mg,DC=com", "(memberOf=OU=Moved IDs,OU=People,OU=Common,OU=ME,OU=BP,OU=USA,DC=nam,DC=corp,DC=mg,DC=com)", constraints);
(does not work)
However, we have another group as follows and it works.
CN=NAMMEMovedIDs,OU=SG,OU=Process,OU=Common,OU=ME,OU=BP,OU=USA,DC=nam,DC=corp,DC=mg,DC=com
ctx.search("DC=nam,DC=corp,DC=mg,DC=com", "(memberOf=CN=NAMMEMovedIDs,OU=SG,OU=Process,OU=Common,OU=ME,OU=BP,OU=USA,DC=nam,DC=corp,DC=mg,DC=com)", constraints);
(works)
I am not sure what is the difference between OU and CN groups ? Why am I not able to retrieve members of OU ? Any ideas please.
Thanks

I was able to retrieve Members of Group using the following code.
SearchControls constraints = new SearchControls();
constraints.setSearchScope (SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.list("OU=ME,OU=BP,OU=USA,DC=nam,DC=corp,DC=mg,DC=com");
// List users
while (results.hasMore())
NameClassPair ncp = (NameClassPair) results.next();
String userName = ncp.getName();
System.out.println("User: "+userName);
}

Combing members to group on one line

HI,
I am running into a problem that I hope somebody can help with. I am using CR 2008 with BW as a datasource. What I am attempting to do is combine multiple members from one dimension and then group on that set in one line. I have been able to combine the members using both the concatenate function and also a combination of text variables but when I group on the set what I get is (assuming the set is members A,B,C)
Key Figure
GH1 Member A      10
GH1 Member B       20
GH1 Member C       40
What I am looking for is
Key Figure
GH1 Member A,B,C            70
It seem like the makearray function might work but when I try to do that I get an error message saying that "the result of a formula cannot be an array".
As always, any help would be greatly appreciated.
Thanks,
Andy
Edited by: Andrew Mast on Feb 12, 2010 3:27 PM
Edited by: Andrew Mast on Feb 12, 2010 3:36 PM
Edited by: Andrew Mast on Feb 12, 2010 3:37 PM

Hi Jason,
Thanks for the info. I am very new to crystal reports so please forgive me if I am readng the formula incorrectly but I do not think that variable will work for what I am trying to do. It appears that variable is building an array of all customer ids that resets each time the group data item(country changes). I am trying to combine two specific members and group them on one line with a total for both members.
The report I am building requires a crosstab set up with each line being a specifc node (and in one case 2 nodes) on a hierarchy. The problem is that the layout is not the same as the hierarchy layout so that node 14 of the hierarchy is placed after node 18 so I can't just group on the hierarchy. Grouping by specified order isn't working for me (or I can't make it work for me) for a host of reasons.
Anyway, I have been able to specify the individual nodes by creating a variable to pull the hierachy node names. I then created a series of If then statements like
If {node variable} = "Node 14" then "Node 14" else null. I then group on each of the individual formulas and suppress null values. This works great except for the one row that is comprised of 2 nodes.
Like I said I can write a statement that pulls both nodes together but when I group on that item they get split back into 2 seperate rows rather than just one with the total for both members .
Once again, thanks for your input.

Get members by group from a forest

I have multiple domains in our forest and I'm trying to pull a list (csv) of all the members of groups with a PCSupport in the name.
I've been able to get the groups or members of the group in my specific domain but not the others.
One or the other and haven't been able to put it all together. This has gotten me the farthest along, I've got all the groups listed, but I don't know how to feed this into additional scripting to get the groups and members into a csv.
Thanks in advance for any help
$forestName = ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Name
$ADsPath = [ADSI]"GC://$forestName"
$Search = New-Object System.DirectoryServices.DirectorySearcher($ADsPath)
$Search.Filter = "(&(objectCategory=group)(SamAccountName=*PCSupport))"
$Search.FindAll()
Path
Properties
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain1,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=Co-_PCSupport,OU=Groups-Reserved,OU=ServerWorkstations,D... {info, samaccountname, objectsid, instancetype...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain2,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain3,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain4,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain5,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain6,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain7,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain8,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain9,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain10,DC=mycompany,DC=com {samaccountname, objectsid, instancetype, objectclass...}
GC://mycompany.com/CN=PCSupport,OU=Groups,DC=domain11,DC=mycompany,DC=com {proxiedobjectname, samaccountname, objectsid, instancetype...}
Tom

Hi Tom,
For example I use this expression to get members from a group and works fine for the CSV.
Import-Module ActiveDirectory
Get-ADGroupMember -identity "<group>" | select name | Export-csv -path C:\output\members.csv -NoTypeInformation
I think the | Export-csv -path is what you are looking for

Add/Remove members from groups

Does anyone have a sample ldif entry to add/remove members from groups?

I am not exactly getting what you said here.
Basically if your intention is to rename RDN and reflect the changes in the group membership, you have to do totally 2 operations:
1) update your uid on the user entries.
2) update your membership on the group entry: remove the uid first, then add it:
updateM.ldif
dn: cn=groupA,ou=groups,ou=xxxxxxxxxxxxxxxxxxxxx
changetype: modify
delete: uniqueMember
uniqueMember: uid=1111,ou=people,ou=xxxxxxxx
add: uniqueMember
uniquMember: uid=zz1111,ou=people,ou=xxxxxxx
save it
run:
ldapmodify -v -D xxx -w xxx -h xxx -p xxx -f <PATH>/updateM.ldif

LDAP user and group configuration in ADF application

Hi All,
I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
I am using JDeveloper 11.1.1.5.
Thanking you all in advance.
Mukesh.

I have below changes in files
1] In jps-config.xml
-- Added identity store and selected it from drop down in Security Context tab.
2] In weblogic-application.xml
In Security tab --> Role assignment mapped valid-users to principle name.
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>DERDev</principal-name>
</security-role-assignment>
</security>
3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
4] Added security role "DERDev" along with the default/automatically added role "valid users"
<security-role>
<role-name>DERDev</role-name>
</security-role>
Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
Mukesh

Retrieve members of group in Active Directory

Anyone who knows how to retrieve all the members of a group in AD? We have a single sign on using AD accounts but I want to specify users that will be given access using security group if AD.
I've tried to list all the groups and determine the membership of a user but listing all the members of a group confuses me and I'm stacked.
Please help.
Thanks.

Look for postings/replies of user "steve_adler"
In one of his posts about paging and range Ldap Queries he explains how to find all members of a group.

SUN One LDAP Retrieving Dynamic group

Hi, I would like to know how can I retrieve the groups a user belongs to, if the groups are of dynamic type.
can I use the attribute memberOf?
//Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,*null*);
//Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter = "(&(objectClass=user)(CN=Andrew Anderson))";
//Specify the Base for the search
String searchBase = "DC=antipodes,DC=com";
//initialize counter to total the group members
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={"*memberOf*"};
searchCtls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);

Hello Vinay,
when configuring multiple Ldap directories, There are a number of prerequisities that you need to
consider.
For example, One prerequisite for Multi domains is that logon IDs must be unique across mutliple LDAP datasources. This will cause issue if duplicate IDs exist.
Please see the following Documentation and notes for more information on this.
Examples of Data Source Configuration Files - Identity Management - SAP Library
Example: Configuration of Multiple LDAP Data Sources - Identity Management - SAP Library
1618342 - Multiple LDAP Datasources - Active Directories where logon IDs
are not unique
762419 - Multi-Domain Logon Using Microsoft Active Directory
Please have a look at the above notes which documet this and also tells
you what to do in these situations.
Regards,
David

Non-existent uid show as members of group

I'm thinking this might be a manual process, but I'll pose the question anyway.
I have a GroupOfNames - cn=group, ou=mygroups, dc=mydomain, dc=com
This group has many uniqueMembers and is forever changing - additions, deletions happen every day.
My question is: When I delete a user account from the LDAP, there is really nothing within that record to indicate that the user is a member of a group. So, I could have potentially hundreds of non-existent users listed as members of a group, with no way other than a manual process to go in and clean things up.
Is this the dumbest question of all time? or do I have a valid concern?
TIA
Rick

http://docs.sun.com/app/docs/doc/820-2763/fsush
Your concern is quite valid and this plugin handles it for you. Play with it on a test instance and make sure the indexes are done correctly as it causes a lot of problems if misconfigured.

LDAP/AD Role group user login issue in sharepoint 2010 FBA with LDAP

Hi.
I created sharepoint 2010 site with LDAP FBA.If I add the AD user as form based user and try to login to my site its working very well but if I add a AD Group in to my site and try to login with one of the AD user of this group its say "Access
Denied".
In my project we want add AD group in sharepoin Groups not a individual AD users.
Can anyone help me with this please its urgant?

I added both LDAP membership and LDAP Role provider.And I can also find groups in people picker in my Central Admin and FBA Web app site colleciton.
<add name="ADMembers"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
server="company.com"
port="389"
useSSL="false"
userNameAttribute="sAMAccountName"
userContainer="DC=company,DC=com"
userObjectClass="person"
userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
userDNAttribute="distinguishedName"
scope="Subtree"
enableSearchMethods="true"
otherRequiredUserAttributes="sn,givenname,cn"
/>
<add name="ADRoles"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="Company.com"
port="389"
useSSL="false"
groupContainer="DC=Company,DC=com"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
userFilter="(ObjectClass=person)"
scope="Subtree" />

How to get members in group

Hi,
How can i get the members in a group using java mail API
I have used:
InternetAddress internetAddress = new InternetAddress("[email protected]");
InternetAddress.getGroup(true);
it is not working .....
Note: XXX is the group name
whether i have to change the config property file
Can anyone help me out ..
Regards
Ganesan S

Get the "uniquemember" attribute of this entry..

Since OES 11 SP2 computer members of groups are not shown in AD Users and Computers mmc snapin

I have several groups of computers in my DSfW Domain, They are mainly
used to apply different GPOs to different groups.
If you look via iManager or C1 at the properties of the groups you see
the computers, which are members of the groups on the membership and
security self equivalancy pages.
If you use the MS AD snapin the memberlist of the group shows not any
computer - but the computer(user) template shows, that the computer is
member of the groups in question. It seems as if the GPOs are applied
correctly using the group membership.
But the question remains, why are the computer members not shown in the
group template. They did show up there before OES 11SP2, so it seems
some attribute got lost or is not correctly interpreted on the AD side.
W. Prindl

Originally Posted by W_Prindl
I have several groups of computers in my DSfW Domain, They are mainly
used to apply different GPOs to different groups.
If you look via iManager or C1 at the properties of the groups you see
the computers, which are members of the groups on the membership and
security self equivalancy pages.
If you use the MS AD snapin the memberlist of the group shows not any
computer - but the computer(user) template shows, that the computer is
member of the groups in question. It seems as if the GPOs are applied
correctly using the group membership.
But the question remains, why are the computer members not shown in the
group template. They did show up there before OES 11SP2, so it seems
some attribute got lost or is not correctly interpreted on the AD side.
W. Prindl
This might be the side-effect of some bug fix we did in oes11sp2, and will require deeper debugging. Please raise the SR with appropriate priority so that we give greater attention.

LDAP and Notes Group Security Authentication Troubles

First, my apologies if this is in the wrong forum, but after looking at the forum names a few times this seemed the most appropriate.
I have a PDF file that I would like to have access restricted to a certain group on my organization's directory server. I'm kind of the new guy here, so I'm not 100% certain on this, but I'm pretty sure that our setup is:
A Lotus Domino LDAP server storing the directory information in a Lotus Notes database. Each user has a Notes certificate stored on the server for authentication to various databases we have on our intranet.
I've entered the LDAP server information in the Security Settings... window in Acrobat, and I'm sure its correct as I can use the same information to browse the LDAP server with Softerra LDAP browser. There is no authentication required, but the server might restrict access based on domain; I'm not sure (shouldn't matter). Anyway, when I go to Manage Trusted Identities... then Add Contacts, then Search, I can never get any results to return.
I wish to only allow users in a certain group, CN=ALLOWED - GROUP, to have access to the PDF. I feel that there should be a way to accomplish this with the Notes certificates. Anyone know what I'm doing wrong or need to do?
If something I've said is wrong or unclear, I'd be happy to try again; this sort of thing isn't my forte.
Thanks in advance,
Mark

> I guess the CA is the machine that's hosting the Lotus notes database
No, the CA is merely an "entity". It's your Certificate Authority, the master certificate used to sign and authenticate all subsidiary certificates. You are talking about setting this up as a PKI for signature validation and managed security, right? Or am I way off base with your workflow and leading you away from where you should be (if so, feel free to ignore me - lots of people do)?
Leonard is right though, for securing individual PDFs to a specific group you would need LiveCycle Rights Management ES. The security needs to be in the PDF itself otherwise its useless. Say you configure your security at an application level, as you are trying to do, and then someone copies the PDF to a USB key and takes it home. No longer on your network, so they can now freely open the document.

LDAP members of groups

Similar Messages

Maybe you are looking for