LDAP on wls6.1

Does wls6.1 sp1 support dynamic LDAP groups?
Thanks,
Jeff Cabuhat

Hi,
For Dynamic groups you can make your custom realm. that should solve
your problem. we have done smthg similer.
Hope it helps..!!
-aseem
Jeff Cabuhat wrote:
Does wls6.1 sp1 support dynamic LDAP groups?
Thanks,
Jeff Cabuhat

Similar Messages

  • Domino Notes / Ldap connection Wls6.1

    hi all,
    is there a way to connect Wls 6.1 sp1 with Domino Notes 5 Ldap Server ?
    Can we do an authentification login for groups and user?
    If you did it can you reply me with a sample of connection parameters.
    thanks
    Hugues Simonnet
    Consultant Principal
    BEA Systems SA
    Tel :+33(0)141457034
    Fax: +33(0)141458408
    Mob:+33(0)619023104
    Tour Manhattan
    6 place de l'Iris
    F-92095 Paris la Défense 2 Cedex
    http://www.bea.fr
    http://www.bea.com

    hi all,
    is there a way to connect Wls 6.1 sp1 with Domino Notes 5 Ldap Server ?
    Can we do an authentification login for groups and user?
    If you did it can you reply me with a sample of connection parameters.
    thanks
    Hugues Simonnet
    Consultant Principal
    BEA Systems SA
    Tel :+33(0)141457034
    Fax: +33(0)141458408
    Mob:+33(0)619023104
    Tour Manhattan
    6 place de l'Iris
    F-92095 Paris la Défense 2 Cedex
    http://www.bea.fr
    http://www.bea.com

  • Wls6.0 ldap configuration

    I've got the same problem as the college from Thu Jun 28 2001:
    I have configured weblogic 6.0 with the netscape directory server 4.1 but still
    there is a warning message in weblogic "every new user will be added to the file
    realm". I suppose my ldap config. However becaus e the configuration is ok weblogic starts but still there is this warning message and the user that I add is added to the file realm and not in the ldap server. The same problem with Group which I wanted to add.
    There is a group with members defined in LDAP. On the Admin Console I've got the group but without members. Why ??
    H E L P.

    Dear All,
    We are trying to configure the LDAP using with active directory .  In the
    step of "Synchronization of SAP User Administration with LDAP
    Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
    error.
    Please find the trace file and error screenshot in the attachment.Please help us on
    priority.
    Please find the Trace log in the below:
    RFC destination : LDAP_LDAPSE-01
    Tracelevel      :      8,704
    F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
    [Wed Jun 26 11:15:38 2013]
    Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
    [Wed Jun 26 11:15:39 2013]
    Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
    Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
    Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
    Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
    [Wed Jun 26 11:15:40 2013]
    Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
    [Wed Jun 26 11:15:43 2013]
    >>>>Required attributes table
    Line    0: "CREATETIMESTAMP" (length 15)
    Line    1: "MODIFYTIMESTAMP" (length 15)
    Line    2: "SAPUSERNAME" (length 11)
    <<<<Required attributes table
    Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
    Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
    >>> ldap_msgfree()
    <<< ldap_msgfree()
    Slot 0 (WIPROTECH): >>> ldap_unbind_s()
    Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
    Please find the error screenshot in the below.
    Regards,
    Dilip Sampath.CH
    +91-9619735957.

  • How to configure Netscape LDAP realm for WLS6.1

    I 've installed NDS 3.1 on my machine & created users & groups using Netscape admin
    console.
    dn='uid=abc,ou=AMITOrg,o=Airius.com'
    What information should be entered in the 'Properties' of V2 LDAP realm?
    Where should i specify server, port of my NDS?
    Please let me know the sample settings.
    Thanks & regards,
    Amit

    Which version of Netscape Directory Server ?
    NDS development has stopped several years ago.
    Regards,
    Ludovic.

  • Problem with ADS and LDAP

    Problem with ADS and LDAP
    I have installed Win2000 + sp1 and ADS on a computer. This computer is PDC.
    After connection via LDAP I cann't get any object ( users or goups etc. ).
    I try connect to ADS by java ( JNDI ).
    When I use another clients of LDAP ( eg. Maxware Directory Explorer) I have
    the same problem - no objects.
    Can anybody help me?
    Grzegorz Pszona
    my e-mail: [email protected]

    Thanks a lot.
    Softerra's browser is really good.
    Thanks
    Rashmi
    "Anant Kadiyala" <[email protected]> wrote:
    >
    I used Softerra's LDAP browser. The browser is free. There is also a
    java baded
    LDAP browser from Univ of Michigan. I found the Softerra browser to be
    more easier
    to use.
    -anant
    "rashmi" <[email protected]> wrote:
    Hi,
    Can you please let me know which exact ADS tool that you used to examine
    the
    DN. I have Active Directory Users and Computers, Sites and Servicesand
    Domain
    and Trusts installed on my machine but I am not able to figure out how
    to get
    the DN?
    Thanks
    Rashmi
    for Stephen Davies <[email protected]> wrote:
    Grzegorz,
    I have had WLS6.1 & ADS working ok using LDAP V2. Mind you it did take
    a
    fair bit of messing around to get it going. MS does have a few oddities,
    for example the Administrators DN might look something like this:
    cn=Administrator,cn=Users,dc=eglobal,dc=net
    One tool that I found invaluable came with the additional support tools
    for Windows 2000. The 'Active Directory Administration Tool' made it
    easy to list the directory contents and examine the DNs.
    Regards,
    Steve
    Stephen Davies
    Principal Consultant
    eGlobal Services Pty. Ltd.
    Sydney, Australia
    Ph. +61 2 9283 1033
    http://www.eglobal.net/

  • Trying to setup a LDAP Realm

    I'm runing WLS6.0 SP2 and I'm trying to set up a LDAP realm to talk to a openldap
    server. I'm on Win2k and have it installed as a service.
    I can connect to the server via a ldap browser, and I have a user in the ldap
    tree with a clear text password.
    I created a LDAP realm but I can't find where to configure WebLogic to use that
    LDAP realm for authentication.
    thanks
    joe

    I guess they don't use the LDAP Realm in Weblogic, you should create your custom
    realm that access to AD and return user/group enumerations, acl's, etc...
    I'm able to access to AD using jdk1.4, and I have my custom realm, the only
    problem is wl uses jdk1.3 (+jaas) and I couldn't connect to AD with the old jaas,
    because it didn't support kerberos authentication. A more complete jaas it's included
    in jdk1.4
    Regards,
    Marc
    "Roy Cornell" <[email protected]> wrote:
    Great news, Scott. I hope you don't mind answering the three questions
    below:
    1. Which LDAP realm ***version*** did you use : V1 or V2?
    2. Which LDAP realm type did you specify during the configuration: "MS
    Site
    Server" or other ?
    3. Did you encounter any problems during the integration?
    Thanks a lot.
    Roy
    "Scott Harger" <[email protected]> wrote in message
    news:3b794a7c$[email protected]..
    We have been able to get the LDAP realm (6.0 SP1) to work with Active
    Directory.
    Scott
    "Roy Cornell" <[email protected]> wrote in message
    news:3b72eb32$[email protected]..
    I've got the same question (posted it yesterday). Please, Please,
    Please,
    could somebody reply.
    "Andrew Wallace" <[email protected]> wrote in message
    news:3b72ce38$[email protected]..
    Somehow my last message got truncated. Here's the full deal:
    We're trying to setup an LDAP realm in a microsoft-centric environment
    (Windows 2000). All the documentation from BEA that I've found
    talks
    about MS Site Server, which, as near as I can find, is not an LDAPserver.
    So - can I use MS Active Directory on Win2k? Is it functionally
    the
    same
    thing? Does the MS template in LDAP Realm V2 support it? Does anyone
    have success or horror stories about using AD?
    thanks,
    andy

  • WLS6.0 sp1 and MS Active Directory

    Hi,
    Is it possible to configure WLS' LDAP security realm to use MS' Active
    Directory to authenticate users? A quick yes or no would be appreciated -
    I'll worry about the finer details of how later!!
    Regards
    Laura Allen

    Custom realm of course with the weblogic....ldaprealmv2.LDAPRealm
    implementation class.
    We did not use Kerberos authentication - just the plain password
    authentication in "cleartext". Our servers are inside a secure data center -
    no encryption required. That's why we did not need jdk1.4.
    "Marc Carrion" <[email protected]> wrote in message
    news:[email protected]...
    >
    Are you telling that you configured the ldap realm of WL to use activedirectory?
    or you used your custom realm?
    To use the authentication with Kerberos you need to use GSS-API and it'snot
    included in jdk1.3 neither in jaas, that's why I needed to use jdk1.4
    Can you explain how did you do that?
    Thanks,
    Marc
    "Roy Cornell" <[email protected]> wrote:
    Hi Laura:
    No, BEA did not confirm the compatibility. We did our own investigation
    and
    found that the two systems work well together. One of the highlights
    of the
    research was the fact that the configuration of the WLS custom realm
    for
    Active Directory was more similar to Netscape Directory or Open LDAP
    than to
    the MS Site Server.
    I am attaching the sample settings for the LDAP realm:
    server.host=<some-ip-or-name>
    server.principal=CN=wlsadmin001,OU=WLSMEMBERS1,DC=company,DC=com
    user.filter=(&(cn=%u)(objectclass=user))
    user.dn=OU=WLSMEMBERS1,DC=company,DC=com
    group.filter=(&(cn=%g)(objectclass=group))
    group.dn=OU=WLSGROUPS1,DC=company,DC=com
    membership.filter=(&(member=%M)(objectclass=group))
    We used the AD for authenticating the users and for authorizing the EJB
    methods. AD contained the users and their security roles and the
    deployment
    descriptiors of the EJB's contained the permissions for the security
    roles.
    We ran repeated tests and were more or less satisfied.
    Regards
    P.S.
    we used WLS 6.1 Jdk 1.3
    ----- Original Message -----
    Sent: Tuesday, September 18, 2001 5:40 AM
    Subject: WLS6.0 and Active Directory
    Forgive me contacting you directly, but did you recieve a reply fromBEA
    as
    to whether WLS supports interaction with Active Driectory? And wereyou
    attempting to use Active Directory just for user authentication? Anyinfo
    on how WLS and Active Directory interact would be appreciated!
    Regards
    Laura Allen
    The information in this e-mail and any attached files is confidential.It
    is intended solely for the use of the addressee. Any unauthorised
    disclosure or use is prohibited. If you are not the intended
    recipient
    of
    the message, please notify the sender immediately and do not disclosethe
    contents to any other person, use it for any purpose, or store or copythe
    information in any medium. The views of the author may not necessarily
    reflect those of the Company.
    "Laura Allen" <[email protected]> wrote in message
    news:[email protected]...
    Hi,
    Is it possible to configure WLS' LDAP security realm to use MS' Active
    Directory to authenticate users? A quick yes or no would be
    appreciated
    I'll worry about the finer details of how later!!
    Regards
    Laura Allen

  • WL6.0 LDAP Realm problems

    I'm trying out WL6.0 (eval version) LDAP realm support and having trouble
    getting it to work - basic auth just keeps popping the window up 3 times and
    then giving up. Only pertinent message in the log is:
    ####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security> <FOOBAR>
    <examplesServer> <ExecuteThread: '11' for queue: 'default'> <> <> <090021>
    <Locking account, user jdoe.>
    No obvious LDAP info or errors in the log, despite adding the following two
    to the startup script cmd line and restarting the server:
    -Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose=t
    rue
    The HTTP basic-auth dialog box is correctly showing me that I'm trying to
    authenticate to: MyLDAPRealm
    Here's the config info for MyLDAPRealm
    <LDAPRealm AuthProtocol="simple"
    Credential="myserverpasswd"
    GroupDN="o=mycompany,c=us" GroupIsContext="false" GroupNameAttribute="cn"
    GroupUsernameAttribute="uniquemember"
    LDAPURL="ldap://tug:390"
    Name="MyLDAPRealm"
    Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
    UserAuthentication="local"
    UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
    It's a Netscape 4.1 Directory server, and I've verified that the above
    server account exists AND can authenticate and retrieve account
    userpasswords (yes, the server account is "cn=" while the user accounts are
    "uid=" - don't ask :-)....
    I've tried both "bind" and "local" and get the same results both ways.
    Any ideas???

    Did you use the most recent ldap patch? I could not get it to work fine
    with the default wls6.0sp1, but with the ldap-patch it works fine.
    AND probably even more important... change
    <Realm FileRealm="..." Name=".....">
    to
    <Realm CachingRealm"MyCachingRealm" FileRealm="..." Name=".....">
    Hope this helps...
    Ronald
    Sushil Pulikkal wrote:
    Hi Tom,
    I am using iPlanet Directory server with WL6.0 (which I presume is supported as
    Netscape's is) and facing the same problem as Mike was i.e account locking after
    three attempts(bottom of the message). I have created my own caching realm with
    the basic realm being MyLDAPRealm.
    The log gives no info other than the one about account locking.
    My config.xml looks something like this -
    <CachingRealm BasicRealm="MyLDAPRealm" CacheCaseSensitive="true" Name="MyCachingRealm"/>
    <PasswordPolicy Name="wl_default_password_policy"/>
    <LDAPRealm AuthProtocol="simple" Credential="enslaved"
    GroupDN="ou=Aussies,dc=timerasolutions,dc=com"
    GroupUsernameAttribute="uniquemember"
    LDAPURL="ldap://DJ-SUSHILP.timerasolutions.com:389"
    Name="MyLDAPRealm"
    Principal="uid=admin, ou=Administrators,
    ou=TopologyManagement, o=NetscapeRoot"
    UserAuthentication="bind"
    UserDN="ou=Aussies,dc=timerasolutions,dc=com"
    UserNameAttribute="uid"/>
    The browser window does pop up, but the user id doesn't get authenticated. Is
    there a way to know whether WLS is actually going to the LDAP server for authentication?
    Any insight into this?
    Thanks in advance,
    Sushil
    "Tom Moreau" <[email protected]> wrote:
    Mike,
    I haven't had any trouble getting the LDAPRealm to work
    in WLS 6.0. Could it be that while you've created the LDAPRealmMBean,
    you haven't told WLS to use it?
    In other words, you can create many realm configurations then
    you need to activate the one you want. If you haven't, the
    we just use the file realm. The file realm won't be able
    to authenticate you (since you put the info in LDAP!) and
    after 3 failures, will lock out the account.
    The instructions for selecting the realm are at:
    http://e-docs.bea.com/wls/docs60/adminguide/index.html
    See:
    12. Managing Security
    Specifying a Security Realm
    Configuring the Caching Realm
    The basic idea is:
    1) create your LDAP Realm (you've already done this)
    2) create a CachingRealm
    3) set the CachingRealm's BasicRealm to your LDAP Realm
    4) set the Security Realm's CachingRealm to your Caching Realm
    5) reboot
    It's pretty easy to do this through the admin console.
    Otherwise, you can edit config.xml by hand.
    Here's how:
    <Domain>
    <Security
    Name="mydomain"
    Realm="myRealm"
    />
    <Realm
    Name="myRealm"
    FileRealm="myFileRealm"
    CachingRealm="myCachingRealm"
    />
    <FileRealm
    Name="myFileRealm"
    />
    <CachingRealm
    Name="myCachingRealm"
    BasicRealm="myLDAPRealm"
    />
    <LDAPRealm
    Name="myLDAPRealm"
    />
    -Tom
    "Mike" <[email protected]> wrote:
    BTW, before someone suggests it, I found Tom Moreau's
    suggestion to use:
    <ServerDebug Name="examplesServer" DebugSecurityRealm="true"
    />
    under the <Server> element in config.xml and restarted
    with this and still
    no additional
    info from the LDAP realm printed about why it's not working
    (nothing but the
    same
    locking account message mentioend below).
    Is the source for the LDAP realm available so I can debug
    it myself or has
    anybody
    written their own LDAP realm that they'd be willing to
    share with the group?
    Thanks again,
    ...Mike
    "Mike" <[email protected]> wrote in message
    news:[email protected]...
    Ok I've verified that the -Dweblogic.security.ldaprealm.verbose
    probably
    won't
    work with 6.0 (old 5.x and previous style property),
    but I can't figure
    out
    what
    replaced it, to figure out why the LDAP realm isn't
    working for me...
    The property mapping guide at:
    http://e-docs.bea.com/wls/docs60///////config_xml/properties.html
    shows that things like weblogic.security.ldaprealm.url
    changed to LDAPURL in config.xml (without telling
    you that this resides as an XML attribute of
    <Domain><LDAPRealm ... /></Domain> although that's
    easy enough to find by looking through the example
    LDAP realm.
    It then says that weblogic.security.ldaprealm.verbose
    has changed to "Debug" in config.xml, but doesn't
    say whether that's a "Debug" XML attribute on one
    of the XML elements in there, or whether it's an
    XML node itself, or where in the config.xml doc
    it goes... It doesn't work as an attribute of
    <LDAPRealm ...> (server won't start with it there)
    and it doesn't show up at all in the DTD for config.xml
    so I'm assuming the mapping doc at the above url is
    wrong. Anybody know what this really became in 6.0?
    I've tried setting StdoutDebugEnabled="true" in config.xml
    and turning the logging level all the way up to see
    everything, but even
    then all I
    get is the account locked message, not why it's failing
    to authenticate
    via
    LDAP...
    Any other ideas?
    "Mike" <[email protected]> wrote in message
    news:[email protected]...
    I'm trying out WL6.0 (eval version) LDAP realm support
    and having
    trouble
    getting it to work - basic auth just keeps popping
    the window up 3 times
    and
    then giving up. Only pertinent message in the log
    is:
    ####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security>
    <FOOBAR>
    <examplesServer> <ExecuteThread: '11' for queue: 'default'>
    <> <>
    <090021>
    <Locking account, user jdoe.>
    No obvious LDAP info or errors in the log, despite
    adding the following
    two
    to the startup script cmd line and restarting the
    server:
    -Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose
    =t
    rue
    The HTTP basic-auth dialog box is correctly showing
    me that I'm trying
    to
    authenticate to: MyLDAPRealm
    Here's the config info for MyLDAPRealm
    <LDAPRealm AuthProtocol="simple"
    Credential="myserverpasswd"
    GroupDN="o=mycompany,c=us" GroupIsContext="false"
    GroupNameAttribute="cn"
    GroupUsernameAttribute="uniquemember"
    LDAPURL="ldap://tug:390"
    Name="MyLDAPRealm"
    Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
    UserAuthentication="local"
    UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
    It's a Netscape 4.1 Directory server, and I've verified
    that the above
    server account exists AND can authenticate and retrieve
    account
    userpasswords (yes, the server account is "cn=" while
    the user accounts
    are
    "uid=" - don't ask :-)....
    I've tried both "bind" and "local" and get the same
    results both ways.
    Any ideas???

  • Authenticate user by LDAP server

    Environment: WLS6.0 Netscape Directory Server 4.1
    I have successful protect a servlet and authenticate user by "File Realm". But I can't authenticate user by "Security Realm(LDAP). Pls tell me any configure I miss.
    ======weblogic.xml entites========
    <security-rike-assignment>
    <role-name>manager</role-name>
    <principal-name>joan</principal-name>
    <principal-name>awang</principal-name>
    </security-role-assignment>
    (the user joan has defined in "File Realm", and there is a user in LDAP: uid=awang, ou=IT, dc=CMD)
    And why the user "awang" can't access the servlet (the username field enter "awang"; the password filed enter "awang123")
    =====config.xml entities=====
    <LDAPRealm AuthProtocol="simple" Crdential="awang123" GroupDN="dc=CMD" GroupIsContext="false" LDAPURL="ldap://127.0.0.1:389" Name="defaultLDAPRealmForNetscapeDirectoryServer" Principal="uid=awang, ou=IT, dc=CMD" UserAuthentication="local" UserDN="dc=CMD" UserNameAttribute="uid"

    You can use jsp's and servlets.
    Have a .jsp (i.e. login.jsp) that has 2 fields username / password and a submit button i.e.
    <form method="post" action="/servlet/LoginServlet">
    <input type="text" size="15" name="username" value="">
    <input type="password" size="15" name="password" value="">
    <input type="submit" name="Submit" value="Authenticate">
    </form>In your servlet (i.e. LoginServlet) is where you retrieve the username / password by doing something like:
    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
      String username = request.getParameter("username");
      String password = request.getParameter("password"); 
    }You would now do your LDAP authentication. see http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html
    Depending on whether the authentication was successful or not you would redirect the user to an error page or to the next .jsp (i.e changePassword.jsp) where they can change their password.

  • WebLogic 6.1 and iPlanet LDAP v5

    Per a proof of concept, I am having trouble getting WL6.1 to see
    group members as defined in iPlanet LDAP. I can see the groups,
    but modifies to create groups only create them in the local DB.
    Created users also only get placed in the local DB. I can bind
    for searches as Directory Manager via ldapsearch and run queries,
    and the DS gateway works fine. I can dump the LDIF file and the
    entries look fine.
    I copied and modified the template for the Netscape server and
    have the realm setup per the GUI.
    For sanity, everything is very generic as:
    the Root DN is "o=test.org"
    and my "Configuration" part from the config.xml looks like:
    server.authprotocol=simple;
    server.host=localhost;
    membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
    server.port=390;
    group.dn=o=test.org;
    group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
    server.principal=cn=Directory Manager;
    user.dn=o=test.org;
    server.groupiscontext=false;
    user.filter=(&(uid=%u))
    I added the "authprotocol" as a guess. Note that the server is
    running on port 390, this is not a typo.
    Any ideas what is going wrong?

    hi,
    there are two versions of ldap supported in wls6.1 , ldapv1 and ldavp2
    ldap v1 only has the functionality of listing groups.
    but where ldapv2 doesn't have that functionality,
    by looking at your config , it seems you are using ldap v2..
    if u need that functionality u can use ldapv1.
    thanks
    kiran
    "Bert Cliche" <[email protected]> wrote in message
    news:[email protected]..
    Per a proof of concept, I am having trouble getting WL6.1 to see
    group members as defined in iPlanet LDAP. I can see the groups,
    but modifies to create groups only create them in the local DB.
    Created users also only get placed in the local DB. I can bind
    for searches as Directory Manager via ldapsearch and run queries,
    and the DS gateway works fine. I can dump the LDIF file and the
    entries look fine.
    I copied and modified the template for the Netscape server and
    have the realm setup per the GUI.
    For sanity, everything is very generic as:
    the Root DN is "o=test.org"
    and my "Configuration" part from the config.xml looks like:
    server.authprotocol=simple;
    server.host=localhost;
    membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
    server.port=390;
    group.dn=o=test.org;
    group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
    server.principal=cn=Directory Manager;
    user.dn=o=test.org;
    server.groupiscontext=false;
    user.filter=(&(uid=%u))
    I added the "authprotocol" as a guess. Note that the server is
    running on port 390, this is not a typo.
    Any ideas what is going wrong?

  • Jabber Windows - no phone control with LDAP Custom filter

    I am unable to control the desktop phone from the Jabber 9.1 Windows client when the CallManager LDAP Directory uses a Custom Filter.
    Has anyone else experienced this?
    If I set the LDAP Custom Filter to <none> and save, then Desktop Phone control works great.
    If I set it to use my custom filter, then trying to enable Desktop control just gives me the spinning circle, then times out to the Red X symbol.
    I do not need to resync the LDAP Directory to get the error, just enable/disable the custom filter and save.
    In both cases calling from the Computer works great.
    This is an On-Prem deployment with full MS-AD LDAP integration.
    Versions are:
    Jabber - 9.1.0 build 12296
    CUPC - 8.6.4.11900-1
    CUCM - 8.6.2.22900-9
    I upgraded to CUCM 8.6.2 SU2 last night hoping that would fix the problem, but no luck.
    The LDAP filter is one I have used in numerous other clusters with no CTI issues.
    It allows me to sync to the root directory, but only import active user accounts with an entry in the ipPhone AD attribute:
    (&((objectclass=user)(ipPhone=*))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
    Thanks, Randy

    Hi Randy,
    Have you specified this base filter in jabber-config.xml file? As per Admin Guide:
    "In some cases, base filters do not return query results if you specify a closing bracket in your Cisco Jabber for Windows  configuration file. For example, this issue might occur if you specify  the following base filter: (&(memberOf=CN=UCFilterGroup,OU=DN))
    To resolve this issue, remove the closing bracket; for example, (&(memberOf=CN=UCFilterGroup,OU=DN)"
    Thanks,
    Maqsood

  • How get all sAMAccountName from LDAP?

    Good day ... i'm find this ...
    declare
    -- Adjust as necessary.
    l_ldap_host VARCHAR2(256) := &&;
    l_ldap_port VARCHAR2(256) := &&;
    l_ldap_user VARCHAR2(256) := &&;
    l_ldap_passwd VARCHAR2(256) := &&;
    l_ldap_base VARCHAR2(256) := 'dc=&&,dc=&&,dc=&&';
    l_filter varchar2(100) := '(&(sAMAccountName=*))';
    l_retval pls_integer;
    l_session dbms_ldap.session;
    l_attrs dbms_ldap.string_collection;
    l_message dbms_ldap.message;
    l_entry dbms_ldap.message;
    l_attr_name varchar2(256);
    l_ber_element dbms_ldap.ber_element;
    l_vals dbms_ldap.string_collection;
    l_raw dbms_ldap.binval_collection;
    l_result varchar2(100);
    begin
    -- Choose to raise exceptions.
    dbms_ldap.use_exception := true;
    dbms_ldap.utf8_conversion := false;
    -- Connect to the LDAP server.
    l_session := dbms_ldap.init(hostname => l_ldap_host, portnum => l_ldap_port);
    l_retval := dbms_ldap.simple_bind_s(ld => l_session, dn => l_ldap_user, passwd => l_ldap_passwd);
    -- Get all attributes
    l_attrs(1) := 'sAMAccountName'; -- retrieve all attributes
    l_retval := dbms_ldap.search_s(ld => l_session
    ,base => l_ldap_base
    ,scope => dbms_ldap.scope_subtree
    ,filter => l_filter
    ,attrs => l_attrs
    ,attronly => 0
    ,res => l_message);
    if dbms_ldap.count_entries(ld => l_session, msg => l_message) > 0
    then
    -- Get all the entries returned by our search.
    l_entry := dbms_ldap.first_entry(ld => l_session, msg => l_message);
    <<entry_loop>>
    while l_entry is not null
    loop
    -- Get all the attributes for this entry.
    dbms_output.put_line('---------------------------------------');
    l_attr_name := dbms_ldap.first_attribute(ld => l_session
    ,ldapentry => l_entry
    ,ber_elem => l_ber_element);
    <<attributes_loop>>
    while l_attr_name is not null
    loop
    -- Get all the values for this attribute.
    l_vals := dbms_ldap.get_values(ld => l_session, ldapentry => l_entry, attr => l_attr_name);
    <<values_loop>>
    for i in l_vals.first .. l_vals.last
    loop
    dbms_output.put_line('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || substr(l_vals(i), 1, 200));
    end loop values_loop;
    l_attr_name := dbms_ldap.next_attribute(ld => l_session
    ,ldapentry => l_entry
    ,ber_elem => l_ber_element);
    end loop attibutes_loop;
    l_entry := dbms_ldap.next_entry(ld => l_session, msg => l_entry);
    end loop entry_loop;
    end if;
    -- Disconnect from the LDAP server.
    l_retval := dbms_ldap.unbind_s(ld => l_session);
    dbms_output.put_line('L_RETVAL: ' || l_retval);
    end;
    If i use filter '(&(sAMAccountName=*))' (me need get all 'sAMAccountName')
    ERROR at line 1:
    ORA-31202: DBMS_LDAP: LDAP client/server error: Sizelimit exceeded
    ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
    ORA-06512: at "SYS.DBMS_LDAP", line 1457
    ORA-06512: at "SYS.DBMS_LDAP", line 234
    ORA-06512: at line 28
    How fix it ?
    Thanks all.
    p.s. I'm beginner Developer Oracle 10g

    Probably some workaround needed. Hopefully this one works: http://www.freelists.org/archives/oracle-l/04-2006/msg01100.html

  • Questions on LDAP w.r.t XML Publisher 5.6.2

    Hi all,
    I have 2 questions on LDAP integration w.r.t XML P 5.6.2
    1) Is OID the only supported LDAP repository? I tried to set up a Iplanet directory server against XMLP, but could not. Did I miss something, or it is not supported?
    Other than OID, any other LDAP supported?
    2) Suppose, my use-case is: I want to show some values from the database, and also in the same report, print out the user attributes from the LDAP (like email id of the user, for example) who fired the report, then is this possible?
    Thanks,
    Ambarish,

    Ok. Question 1 - I have answered myself. I could not set up SunONE Directory server against XMLP :-(
    But I could set up against openldap. :-)
    I plan to contribute to the blog in 2/3 days time on how this can be done.
    But I still need some help on the question 2. How can I create a report which has all the data from both the backend database, and well as from the LDAP repository. For example, report like:
    Report Fired By:
    EMAIL id:
    Mobile:
    (data1, data2...)
    where data1, data2 comes from the database, and email id, mobile from the LDAP.

  • LDAP supporting multiple DNS domains

    I have an environment with multiple DNS domains, and am configuring a Directory server (DS 6.3.1) to centralize various OS configuration maps including user authentication. None of the DNS domains have unique data, so I'd like to do something like storing all the real data in one suffix, then somehow have all clients look to that primary suffix. I am aware that the Solaris Native LDAP client wants to bind to a nisDomainObject that matches its DNS domain. I'm just having a hard time believing that I really need to manage all those individual suffixes when they don't have unique data requirements.
    Take as an example the following domains to be supported: foo.example.com, bar.example.com, dev.example.com, qa.example.com, prd.example.com (no hosts are actually in "example.com", they are all in subdomains). Again, all share common configuration data, same user IDs, etc - no unique maps are required.
    I created a suffix, "dc=example, dc=com", set it up with idsconfig. All is well there.
    [A] My first thought is to bind all Solaris clients, regardless of their DNS domain, to the baseDN of "dc=example, dc=com" in order to avoid having a separate suffix for each DNS domain. I tried to do this using "-a defaultSearchPath=dc=example,dc=com" with ldapclient init, but it failed with an error indicating it wants to see the nisDomainObject of its real DNS domain.
    The second though I had, which I don't believe is possible, is to find some sort of a LDAP equivalent of a symbolic link so that I could actually have an object for each DNS domain, but it would simply point back to "dc=example,dc=com". I can't find anything in the documentation which suggests this is possible, but I'd love to be wrong!
    [C] Perhaps this could be somehow done with a rats nest of SSDs, but that really seems unwieldy, right? I plan on using a fair amount of the available objects, so it would be many SSDs per suffix. Yuck.
    Can anyone comment on my above thoughts, or provide how they would go about supporting multiple DNS domains that have common configuration data?
    Thank you,
    Chris

    Ok, I answered my own question. Turns out it's pretty easy. Just use the "-a domainName=example.com" option with `ldapclient` then make sure that the FQDN of the LDAP server is available (or use its IP address). My problem was that the ldapclient overwriting nsswotch.conf was clobbering the SSL session because I used the FQDN which couldn't resolve.
    This leaves an interesting condition of having the output of "domainname" not match the DNS domain. I'm testing now to see if this causes any unexpected issues with our environmnet, but I suspect it's not a problem.

  • Untrusted server cert chain - while connecting with ldap

    Hi All,
    I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
    javax.naming.CommunicationException: hostname:636 [Root exception is ja
    vax.net.ssl.SSLException: untrusted server cert chain]
    javax.naming.CommunicationException: hostname:636. Root exception is j
    avax.net.ssl.SSLException: untrusted server cert chain
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
    275)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
    at java.io.OutputStream.write(Unknown Source)
    at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.<init>(Unknown Source)
    at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
    at Test2.getProxyDirContext(Test2.java:66)
    at Test2.main(Test2.java:40)
    Any help would be appreciated
    Thanks in Advance
    Somu

    This got resolved when in the code the following
    System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
    where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
    in X509 format

Maybe you are looking for

  • Best way to transfer large datasets between actors (Actor framework)

    Hi everyone I am in the planning / design phase of a larger application for which I wish to use the Actor Framework. It seems like a good "design pattern", easy for multiple developers to work on, easy to expand and easy to maintain. In this applicat

  • Map downloading issue

    I notice that Nokia Support site mentioned that we can downloading Map easily via Nokia suite, but somehow there is an issue... I can only download the Map application ie Map loader and etc..  If I need to the Map, I need to use the Map Loader to Add

  • Combining multiple .vhd files

    Hello  I am new to vhdl and xilinx too..Here I want to combine multiple .vhd files Can anyone please give me suggestion...??? Thanks in advance..

  • About SAP function CONVERT_OTF

    Dear Experts,     When I used function  "CONVERT_OTF" to convent smartforms to PDF, Italic and  bold  and font size can not be shown correctly . font size is not same as po preview.   i want to show same layout as po preview. who can tell me how to d

  • Como pongo Video en una Pagina

    Soy nuevo en esto, tengo una pagina desarrollada con Dreamwaver, necesito poner un video en la misma y no tengo idea de como se hace. El video en la pagina debe tener controles para que arranque en forma automatica, Utilize el Flash encoder, pero me