LDAP on wls6.1

Does wls6.1 sp1 support dynamic LDAP groups?
Thanks,
Jeff Cabuhat

Hi,
For Dynamic groups you can make your custom realm. that should solve
your problem. we have done smthg similer.
Hope it helps..!!
-aseem
Jeff Cabuhat wrote:
Does wls6.1 sp1 support dynamic LDAP groups?
Thanks,
Jeff Cabuhat

Similar Messages

Domino Notes / Ldap connection Wls6.1

hi all,
is there a way to connect Wls 6.1 sp1 with Domino Notes 5 Ldap Server ?
Can we do an authentification login for groups and user?
If you did it can you reply me with a sample of connection parameters.
thanks
Hugues Simonnet
Consultant Principal
BEA Systems SA
Tel :+33(0)141457034
Fax: +33(0)141458408
Mob:+33(0)619023104
Tour Manhattan
6 place de l'Iris
F-92095 Paris la Défense 2 Cedex
http://www.bea.fr
http://www.bea.com

hi all,
is there a way to connect Wls 6.1 sp1 with Domino Notes 5 Ldap Server ?
Can we do an authentification login for groups and user?
If you did it can you reply me with a sample of connection parameters.
thanks
Hugues Simonnet
Consultant Principal
BEA Systems SA
Tel :+33(0)141457034
Fax: +33(0)141458408
Mob:+33(0)619023104
Tour Manhattan
6 place de l'Iris
F-92095 Paris la Défense 2 Cedex
http://www.bea.fr
http://www.bea.com

Wls6.0 ldap configuration

I've got the same problem as the college from Thu Jun 28 2001:
I have configured weblogic 6.0 with the netscape directory server 4.1 but still
there is a warning message in weblogic "every new user will be added to the file
realm". I suppose my ldap config. However becaus e the configuration is ok weblogic starts but still there is this warning message and the user that I add is added to the file realm and not in the ldap server. The same problem with Group which I wanted to add.
There is a group with members defined in LDAP. On the Admin Console I've got the group but without members. Why ??
H E L P.

Dear All,
We are trying to configure the LDAP using with active directory . In the
step of "Synchronization of SAP User Administration with LDAP
Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
error.
Please find the trace file and error screenshot in the attachment.Please help us on
priority.
Please find the Trace log in the below:
RFC destination : LDAP_LDAPSE-01
Tracelevel      :      8,704
F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
[Wed Jun 26 11:15:38 2013]
Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
[Wed Jun 26 11:15:39 2013]
Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
[Wed Jun 26 11:15:40 2013]
Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
[Wed Jun 26 11:15:43 2013]
>>>>Required attributes table
Line    0: "CREATETIMESTAMP" (length 15)
Line    1: "MODIFYTIMESTAMP" (length 15)
Line    2: "SAPUSERNAME" (length 11)
<<<<Required attributes table
Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
>>> ldap_msgfree()
<<< ldap_msgfree()
Slot 0 (WIPROTECH): >>> ldap_unbind_s()
Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
Please find the error screenshot in the below.
Regards,
Dilip Sampath.CH
+91-9619735957.

How to configure Netscape LDAP realm for WLS6.1

I 've installed NDS 3.1 on my machine & created users & groups using Netscape admin
console.
dn='uid=abc,ou=AMITOrg,o=Airius.com'
What information should be entered in the 'Properties' of V2 LDAP realm?
Where should i specify server, port of my NDS?
Please let me know the sample settings.
Thanks & regards,
Amit

Which version of Netscape Directory Server ?
NDS development has stopped several years ago.
Regards,
Ludovic.

Problem with ADS and LDAP

Problem with ADS and LDAP
I have installed Win2000 + sp1 and ADS on a computer. This computer is PDC.
After connection via LDAP I cann't get any object ( users or goups etc. ).
I try connect to ADS by java ( JNDI ).
When I use another clients of LDAP ( eg. Maxware Directory Explorer) I have
the same problem - no objects.
Can anybody help me?
Grzegorz Pszona
my e-mail: [email protected]

Thanks a lot.
Softerra's browser is really good.
Thanks
Rashmi
"Anant Kadiyala" <[email protected]> wrote:
>
I used Softerra's LDAP browser. The browser is free. There is also a
java baded
LDAP browser from Univ of Michigan. I found the Softerra browser to be
more easier
to use.
-anant
"rashmi" <[email protected]> wrote:
Hi,
Can you please let me know which exact ADS tool that you used to examine
the
DN. I have Active Directory Users and Computers, Sites and Servicesand
Domain
and Trusts installed on my machine but I am not able to figure out how
to get
the DN?
Thanks
Rashmi
for Stephen Davies <[email protected]> wrote:
Grzegorz,
I have had WLS6.1 & ADS working ok using LDAP V2. Mind you it did take
a
fair bit of messing around to get it going. MS does have a few oddities,
for example the Administrators DN might look something like this:
cn=Administrator,cn=Users,dc=eglobal,dc=net
One tool that I found invaluable came with the additional support tools
for Windows 2000. The 'Active Directory Administration Tool' made it
easy to list the directory contents and examine the DNs.
Regards,
Steve
Stephen Davies
Principal Consultant
eGlobal Services Pty. Ltd.
Sydney, Australia
Ph. +61 2 9283 1033
http://www.eglobal.net/

Trying to setup a LDAP Realm

I'm runing WLS6.0 SP2 and I'm trying to set up a LDAP realm to talk to a openldap
server. I'm on Win2k and have it installed as a service.
I can connect to the server via a ldap browser, and I have a user in the ldap
tree with a clear text password.
I created a LDAP realm but I can't find where to configure WebLogic to use that
LDAP realm for authentication.
thanks
joe

I guess they don't use the LDAP Realm in Weblogic, you should create your custom
realm that access to AD and return user/group enumerations, acl's, etc...
I'm able to access to AD using jdk1.4, and I have my custom realm, the only
problem is wl uses jdk1.3 (+jaas) and I couldn't connect to AD with the old jaas,
because it didn't support kerberos authentication. A more complete jaas it's included
in jdk1.4
Regards,
Marc
"Roy Cornell" <[email protected]> wrote:
Great news, Scott. I hope you don't mind answering the three questions
below:
1. Which LDAP realm ***version*** did you use : V1 or V2?
2. Which LDAP realm type did you specify during the configuration: "MS
Site
Server" or other ?
3. Did you encounter any problems during the integration?
Thanks a lot.
Roy
"Scott Harger" <[email protected]> wrote in message
news:3b794a7c$[email protected]..
We have been able to get the LDAP realm (6.0 SP1) to work with Active
Directory.
Scott
"Roy Cornell" <[email protected]> wrote in message
news:3b72eb32$[email protected]..
I've got the same question (posted it yesterday). Please, Please,
Please,
could somebody reply.
"Andrew Wallace" <[email protected]> wrote in message
news:3b72ce38$[email protected]..
Somehow my last message got truncated. Here's the full deal:
We're trying to setup an LDAP realm in a microsoft-centric environment
(Windows 2000). All the documentation from BEA that I've found
talks
about MS Site Server, which, as near as I can find, is not an LDAPserver.
So - can I use MS Active Directory on Win2k? Is it functionally
the
same
thing? Does the MS template in LDAP Realm V2 support it? Does anyone
have success or horror stories about using AD?
thanks,
andy

WLS6.0 sp1 and MS Active Directory

Hi,
Is it possible to configure WLS' LDAP security realm to use MS' Active
Directory to authenticate users? A quick yes or no would be appreciated -
I'll worry about the finer details of how later!!
Regards
Laura Allen

Custom realm of course with the weblogic....ldaprealmv2.LDAPRealm
implementation class.
We did not use Kerberos authentication - just the plain password
authentication in "cleartext". Our servers are inside a secure data center -
no encryption required. That's why we did not need jdk1.4.
"Marc Carrion" <[email protected]> wrote in message
news:[email protected]...
>
Are you telling that you configured the ldap realm of WL to use activedirectory?
or you used your custom realm?
To use the authentication with Kerberos you need to use GSS-API and it'snot
included in jdk1.3 neither in jaas, that's why I needed to use jdk1.4
Can you explain how did you do that?
Thanks,
Marc
"Roy Cornell" <[email protected]> wrote:
Hi Laura:
No, BEA did not confirm the compatibility. We did our own investigation
and
found that the two systems work well together. One of the highlights
of the
research was the fact that the configuration of the WLS custom realm
for
Active Directory was more similar to Netscape Directory or Open LDAP
than to
the MS Site Server.
I am attaching the sample settings for the LDAP realm:
server.host=<some-ip-or-name>
server.principal=CN=wlsadmin001,OU=WLSMEMBERS1,DC=company,DC=com
user.filter=(&(cn=%u)(objectclass=user))
user.dn=OU=WLSMEMBERS1,DC=company,DC=com
group.filter=(&(cn=%g)(objectclass=group))
group.dn=OU=WLSGROUPS1,DC=company,DC=com
membership.filter=(&(member=%M)(objectclass=group))
We used the AD for authenticating the users and for authorizing the EJB
methods. AD contained the users and their security roles and the
deployment
descriptiors of the EJB's contained the permissions for the security
roles.
We ran repeated tests and were more or less satisfied.
Regards
P.S.
we used WLS 6.1 Jdk 1.3
----- Original Message -----
Sent: Tuesday, September 18, 2001 5:40 AM
Subject: WLS6.0 and Active Directory
Forgive me contacting you directly, but did you recieve a reply fromBEA
as
to whether WLS supports interaction with Active Driectory? And wereyou
attempting to use Active Directory just for user authentication? Anyinfo
on how WLS and Active Directory interact would be appreciated!
Regards
Laura Allen
The information in this e-mail and any attached files is confidential.It
is intended solely for the use of the addressee. Any unauthorised
disclosure or use is prohibited. If you are not the intended
recipient
of
the message, please notify the sender immediately and do not disclosethe
contents to any other person, use it for any purpose, or store or copythe
information in any medium. The views of the author may not necessarily
reflect those of the Company.
"Laura Allen" <[email protected]> wrote in message
news:[email protected]...
Hi,
Is it possible to configure WLS' LDAP security realm to use MS' Active
Directory to authenticate users? A quick yes or no would be
appreciated
I'll worry about the finer details of how later!!
Regards
Laura Allen

WL6.0 LDAP Realm problems

I'm trying out WL6.0 (eval version) LDAP realm support and having trouble
getting it to work - basic auth just keeps popping the window up 3 times and
then giving up. Only pertinent message in the log is:
####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security> <FOOBAR>
<examplesServer> <ExecuteThread: '11' for queue: 'default'> <> <> <090021>
<Locking account, user jdoe.>
No obvious LDAP info or errors in the log, despite adding the following two
to the startup script cmd line and restarting the server:
-Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose=t
rue
The HTTP basic-auth dialog box is correctly showing me that I'm trying to
authenticate to: MyLDAPRealm
Here's the config info for MyLDAPRealm
<LDAPRealm AuthProtocol="simple"
Credential="myserverpasswd"
GroupDN="o=mycompany,c=us" GroupIsContext="false" GroupNameAttribute="cn"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://tug:390"
Name="MyLDAPRealm"
Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
UserAuthentication="local"
UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
It's a Netscape 4.1 Directory server, and I've verified that the above
server account exists AND can authenticate and retrieve account
userpasswords (yes, the server account is "cn=" while the user accounts are
"uid=" - don't ask :-)....
I've tried both "bind" and "local" and get the same results both ways.
Any ideas???

Did you use the most recent ldap patch? I could not get it to work fine
with the default wls6.0sp1, but with the ldap-patch it works fine.
AND probably even more important... change
<Realm FileRealm="..." Name=".....">
to
<Realm CachingRealm"MyCachingRealm" FileRealm="..." Name=".....">
Hope this helps...
Ronald
Sushil Pulikkal wrote:
Hi Tom,
I am using iPlanet Directory server with WL6.0 (which I presume is supported as
Netscape's is) and facing the same problem as Mike was i.e account locking after
three attempts(bottom of the message). I have created my own caching realm with
the basic realm being MyLDAPRealm.
The log gives no info other than the one about account locking.
My config.xml looks something like this -
<CachingRealm BasicRealm="MyLDAPRealm" CacheCaseSensitive="true" Name="MyCachingRealm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<LDAPRealm AuthProtocol="simple" Credential="enslaved"
GroupDN="ou=Aussies,dc=timerasolutions,dc=com"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://DJ-SUSHILP.timerasolutions.com:389"
Name="MyLDAPRealm"
Principal="uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot"
UserAuthentication="bind"
UserDN="ou=Aussies,dc=timerasolutions,dc=com"
UserNameAttribute="uid"/>
The browser window does pop up, but the user id doesn't get authenticated. Is
there a way to know whether WLS is actually going to the LDAP server for authentication?
Any insight into this?
Thanks in advance,
Sushil
"Tom Moreau" <[email protected]> wrote:
Mike,
I haven't had any trouble getting the LDAPRealm to work
in WLS 6.0. Could it be that while you've created the LDAPRealmMBean,
you haven't told WLS to use it?
In other words, you can create many realm configurations then
you need to activate the one you want. If you haven't, the
we just use the file realm. The file realm won't be able
to authenticate you (since you put the info in LDAP!) and
after 3 failures, will lock out the account.
The instructions for selecting the realm are at:
http://e-docs.bea.com/wls/docs60/adminguide/index.html
See:
12. Managing Security
Specifying a Security Realm
Configuring the Caching Realm
The basic idea is:
1) create your LDAP Realm (you've already done this)
2) create a CachingRealm
3) set the CachingRealm's BasicRealm to your LDAP Realm
4) set the Security Realm's CachingRealm to your Caching Realm
5) reboot
It's pretty easy to do this through the admin console.
Otherwise, you can edit config.xml by hand.
Here's how:
<Domain>
<Security
Name="mydomain"
Realm="myRealm"
/>
<Realm
Name="myRealm"
FileRealm="myFileRealm"
CachingRealm="myCachingRealm"
/>
<FileRealm
Name="myFileRealm"
/>
<CachingRealm
Name="myCachingRealm"
BasicRealm="myLDAPRealm"
/>
<LDAPRealm
Name="myLDAPRealm"
/>
-Tom
"Mike" <[email protected]> wrote:
BTW, before someone suggests it, I found Tom Moreau's
suggestion to use:
<ServerDebug Name="examplesServer" DebugSecurityRealm="true"
/>
under the <Server> element in config.xml and restarted
with this and still
no additional
info from the LDAP realm printed about why it's not working
(nothing but the
same
locking account message mentioend below).
Is the source for the LDAP realm available so I can debug
it myself or has
anybody
written their own LDAP realm that they'd be willing to
share with the group?
Thanks again,
...Mike
"Mike" <[email protected]> wrote in message
news:[email protected]...
Ok I've verified that the -Dweblogic.security.ldaprealm.verbose
probably
won't
work with 6.0 (old 5.x and previous style property),
but I can't figure
out
what
replaced it, to figure out why the LDAP realm isn't
working for me...
The property mapping guide at:
http://e-docs.bea.com/wls/docs60///////config_xml/properties.html
shows that things like weblogic.security.ldaprealm.url
changed to LDAPURL in config.xml (without telling
you that this resides as an XML attribute of
<Domain><LDAPRealm ... /></Domain> although that's
easy enough to find by looking through the example
LDAP realm.
It then says that weblogic.security.ldaprealm.verbose
has changed to "Debug" in config.xml, but doesn't
say whether that's a "Debug" XML attribute on one
of the XML elements in there, or whether it's an
XML node itself, or where in the config.xml doc
it goes... It doesn't work as an attribute of
<LDAPRealm ...> (server won't start with it there)
and it doesn't show up at all in the DTD for config.xml
so I'm assuming the mapping doc at the above url is
wrong. Anybody know what this really became in 6.0?
I've tried setting StdoutDebugEnabled="true" in config.xml
and turning the logging level all the way up to see
everything, but even
then all I
get is the account locked message, not why it's failing
to authenticate
via
LDAP...
Any other ideas?
"Mike" <[email protected]> wrote in message
news:[email protected]...
I'm trying out WL6.0 (eval version) LDAP realm support
and having
trouble
getting it to work - basic auth just keeps popping
the window up 3 times
and
then giving up. Only pertinent message in the log
is:
####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security>
<FOOBAR>
<examplesServer> <ExecuteThread: '11' for queue: 'default'>
<> <>
<090021>
<Locking account, user jdoe.>
No obvious LDAP info or errors in the log, despite
adding the following
two
to the startup script cmd line and restarting the
server:
-Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose
=t
rue
The HTTP basic-auth dialog box is correctly showing
me that I'm trying
to
authenticate to: MyLDAPRealm
Here's the config info for MyLDAPRealm
<LDAPRealm AuthProtocol="simple"
Credential="myserverpasswd"
GroupDN="o=mycompany,c=us" GroupIsContext="false"
GroupNameAttribute="cn"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://tug:390"
Name="MyLDAPRealm"
Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
UserAuthentication="local"
UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
It's a Netscape 4.1 Directory server, and I've verified
that the above
server account exists AND can authenticate and retrieve
account
userpasswords (yes, the server account is "cn=" while
the user accounts
are
"uid=" - don't ask :-)....
I've tried both "bind" and "local" and get the same
results both ways.
Any ideas???

Authenticate user by LDAP server

Environment: WLS6.0 Netscape Directory Server 4.1
I have successful protect a servlet and authenticate user by "File Realm". But I can't authenticate user by "Security Realm(LDAP). Pls tell me any configure I miss.
======weblogic.xml entites========
<security-rike-assignment>
<role-name>manager</role-name>
<principal-name>joan</principal-name>
<principal-name>awang</principal-name>
</security-role-assignment>
(the user joan has defined in "File Realm", and there is a user in LDAP: uid=awang, ou=IT, dc=CMD)
And why the user "awang" can't access the servlet (the username field enter "awang"; the password filed enter "awang123")
=====config.xml entities=====
<LDAPRealm AuthProtocol="simple" Crdential="awang123" GroupDN="dc=CMD" GroupIsContext="false" LDAPURL="ldap://127.0.0.1:389" Name="defaultLDAPRealmForNetscapeDirectoryServer" Principal="uid=awang, ou=IT, dc=CMD" UserAuthentication="local" UserDN="dc=CMD" UserNameAttribute="uid"

You can use jsp's and servlets.
Have a .jsp (i.e. login.jsp) that has 2 fields username / password and a submit button i.e.
<form method="post" action="/servlet/LoginServlet">
<input type="text" size="15" name="username" value="">
<input type="password" size="15" name="password" value="">
<input type="submit" name="Submit" value="Authenticate">
</form>In your servlet (i.e. LoginServlet) is where you retrieve the username / password by doing something like:
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
}You would now do your LDAP authentication. see http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html
Depending on whether the authentication was successful or not you would redirect the user to an error page or to the next .jsp (i.e changePassword.jsp) where they can change their password.

WebLogic 6.1 and iPlanet LDAP v5

Per a proof of concept, I am having trouble getting WL6.1 to see
group members as defined in iPlanet LDAP. I can see the groups,
but modifies to create groups only create them in the local DB.
Created users also only get placed in the local DB. I can bind
for searches as Directory Manager via ldapsearch and run queries,
and the DS gateway works fine. I can dump the LDIF file and the
entries look fine.
I copied and modified the template for the Netscape server and
have the realm setup per the GUI.
For sanity, everything is very generic as:
the Root DN is "o=test.org"
and my "Configuration" part from the config.xml looks like:
server.authprotocol=simple;
server.host=localhost;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
server.port=390;
group.dn=o=test.org;
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.principal=cn=Directory Manager;
user.dn=o=test.org;
server.groupiscontext=false;
user.filter=(&(uid=%u))
I added the "authprotocol" as a guess. Note that the server is
running on port 390, this is not a typo.
Any ideas what is going wrong?

hi,
there are two versions of ldap supported in wls6.1 , ldapv1 and ldavp2
ldap v1 only has the functionality of listing groups.
but where ldapv2 doesn't have that functionality,
by looking at your config , it seems you are using ldap v2..
if u need that functionality u can use ldapv1.
thanks
kiran
"Bert Cliche" <[email protected]> wrote in message
news:[email protected]..
Per a proof of concept, I am having trouble getting WL6.1 to see
group members as defined in iPlanet LDAP. I can see the groups,
but modifies to create groups only create them in the local DB.
Created users also only get placed in the local DB. I can bind
for searches as Directory Manager via ldapsearch and run queries,
and the DS gateway works fine. I can dump the LDIF file and the
entries look fine.
I copied and modified the template for the Netscape server and
have the realm setup per the GUI.
For sanity, everything is very generic as:
the Root DN is "o=test.org"
and my "Configuration" part from the config.xml looks like:
server.authprotocol=simple;
server.host=localhost;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
server.port=390;
group.dn=o=test.org;
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.principal=cn=Directory Manager;
user.dn=o=test.org;
server.groupiscontext=false;
user.filter=(&(uid=%u))
I added the "authprotocol" as a guess. Note that the server is
running on port 390, this is not a typo.
Any ideas what is going wrong?

Jabber Windows - no phone control with LDAP Custom filter

I am unable to control the desktop phone from the Jabber 9.1 Windows client when the CallManager LDAP Directory uses a Custom Filter.
Has anyone else experienced this?
If I set the LDAP Custom Filter to <none> and save, then Desktop Phone control works great.
If I set it to use my custom filter, then trying to enable Desktop control just gives me the spinning circle, then times out to the Red X symbol.
I do not need to resync the LDAP Directory to get the error, just enable/disable the custom filter and save.
In both cases calling from the Computer works great.
This is an On-Prem deployment with full MS-AD LDAP integration.
Versions are:
Jabber - 9.1.0 build 12296
CUPC - 8.6.4.11900-1
CUCM - 8.6.2.22900-9
I upgraded to CUCM 8.6.2 SU2 last night hoping that would fix the problem, but no luck.
The LDAP filter is one I have used in numerous other clusters with no CTI issues.
It allows me to sync to the root directory, but only import active user accounts with an entry in the ipPhone AD attribute:
(&((objectclass=user)(ipPhone=*))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
Thanks, Randy

Hi Randy,
Have you specified this base filter in jabber-config.xml file? As per Admin Guide:
"In some cases, base filters do not return query results if you specify a closing bracket in your Cisco Jabber for Windows configuration file. For example, this issue might occur if you specify the following base filter: (&(memberOf=CN=UCFilterGroup,OU=DN))
To resolve this issue, remove the closing bracket; for example, (&(memberOf=CN=UCFilterGroup,OU=DN)"
Thanks,
Maqsood

How get all sAMAccountName from LDAP?

Good day ... i'm find this ...
declare
-- Adjust as necessary.
l_ldap_host VARCHAR2(256) := &&;
l_ldap_port VARCHAR2(256) := &&;
l_ldap_user VARCHAR2(256) := &&;
l_ldap_passwd VARCHAR2(256) := &&;
l_ldap_base VARCHAR2(256) := 'dc=&&,dc=&&,dc=&&';
l_filter varchar2(100) := '(&(sAMAccountName=*))';
l_retval pls_integer;
l_session dbms_ldap.session;
l_attrs dbms_ldap.string_collection;
l_message dbms_ldap.message;
l_entry dbms_ldap.message;
l_attr_name varchar2(256);
l_ber_element dbms_ldap.ber_element;
l_vals dbms_ldap.string_collection;
l_raw dbms_ldap.binval_collection;
l_result varchar2(100);
begin
-- Choose to raise exceptions.
dbms_ldap.use_exception := true;
dbms_ldap.utf8_conversion := false;
-- Connect to the LDAP server.
l_session := dbms_ldap.init(hostname => l_ldap_host, portnum => l_ldap_port);
l_retval := dbms_ldap.simple_bind_s(ld => l_session, dn => l_ldap_user, passwd => l_ldap_passwd);
-- Get all attributes
l_attrs(1) := 'sAMAccountName'; -- retrieve all attributes
l_retval := dbms_ldap.search_s(ld => l_session
,base => l_ldap_base
,scope => dbms_ldap.scope_subtree
,filter => l_filter
,attrs => l_attrs
,attronly => 0
,res => l_message);
if dbms_ldap.count_entries(ld => l_session, msg => l_message) > 0
then
-- Get all the entries returned by our search.
l_entry := dbms_ldap.first_entry(ld => l_session, msg => l_message);
<<entry_loop>>
while l_entry is not null
loop
-- Get all the attributes for this entry.
dbms_output.put_line('---------------------------------------');
l_attr_name := dbms_ldap.first_attribute(ld => l_session
,ldapentry => l_entry
,ber_elem => l_ber_element);
<<attributes_loop>>
while l_attr_name is not null
loop
-- Get all the values for this attribute.
l_vals := dbms_ldap.get_values(ld => l_session, ldapentry => l_entry, attr => l_attr_name);
<<values_loop>>
for i in l_vals.first .. l_vals.last
loop
dbms_output.put_line('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || substr(l_vals(i), 1, 200));
end loop values_loop;
l_attr_name := dbms_ldap.next_attribute(ld => l_session
,ldapentry => l_entry
,ber_elem => l_ber_element);
end loop attibutes_loop;
l_entry := dbms_ldap.next_entry(ld => l_session, msg => l_entry);
end loop entry_loop;
end if;
-- Disconnect from the LDAP server.
l_retval := dbms_ldap.unbind_s(ld => l_session);
dbms_output.put_line('L_RETVAL: ' || l_retval);
end;
If i use filter '(&(sAMAccountName=*))' (me need get all 'sAMAccountName')
ERROR at line 1:
ORA-31202: DBMS_LDAP: LDAP client/server error: Sizelimit exceeded
ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
ORA-06512: at "SYS.DBMS_LDAP", line 1457
ORA-06512: at "SYS.DBMS_LDAP", line 234
ORA-06512: at line 28
How fix it ?
Thanks all.
p.s. I'm beginner Developer Oracle 10g

Probably some workaround needed. Hopefully this one works: http://www.freelists.org/archives/oracle-l/04-2006/msg01100.html

Questions on LDAP w.r.t XML Publisher 5.6.2

Hi all,
I have 2 questions on LDAP integration w.r.t XML P 5.6.2
1) Is OID the only supported LDAP repository? I tried to set up a Iplanet directory server against XMLP, but could not. Did I miss something, or it is not supported?
Other than OID, any other LDAP supported?
2) Suppose, my use-case is: I want to show some values from the database, and also in the same report, print out the user attributes from the LDAP (like email id of the user, for example) who fired the report, then is this possible?
Thanks,
Ambarish,

Ok. Question 1 - I have answered myself. I could not set up SunONE Directory server against XMLP :-(
But I could set up against openldap. :-)
I plan to contribute to the blog in 2/3 days time on how this can be done.
But I still need some help on the question 2. How can I create a report which has all the data from both the backend database, and well as from the LDAP repository. For example, report like:
Report Fired By:
EMAIL id:
Mobile:
(data1, data2...)
where data1, data2 comes from the database, and email id, mobile from the LDAP.

LDAP supporting multiple DNS domains

I have an environment with multiple DNS domains, and am configuring a Directory server (DS 6.3.1) to centralize various OS configuration maps including user authentication. None of the DNS domains have unique data, so I'd like to do something like storing all the real data in one suffix, then somehow have all clients look to that primary suffix. I am aware that the Solaris Native LDAP client wants to bind to a nisDomainObject that matches its DNS domain. I'm just having a hard time believing that I really need to manage all those individual suffixes when they don't have unique data requirements.
Take as an example the following domains to be supported: foo.example.com, bar.example.com, dev.example.com, qa.example.com, prd.example.com (no hosts are actually in "example.com", they are all in subdomains). Again, all share common configuration data, same user IDs, etc - no unique maps are required.
I created a suffix, "dc=example, dc=com", set it up with idsconfig. All is well there.
[A] My first thought is to bind all Solaris clients, regardless of their DNS domain, to the baseDN of "dc=example, dc=com" in order to avoid having a separate suffix for each DNS domain. I tried to do this using "-a defaultSearchPath=dc=example,dc=com" with ldapclient init, but it failed with an error indicating it wants to see the nisDomainObject of its real DNS domain.
The second though I had, which I don't believe is possible, is to find some sort of a LDAP equivalent of a symbolic link so that I could actually have an object for each DNS domain, but it would simply point back to "dc=example,dc=com". I can't find anything in the documentation which suggests this is possible, but I'd love to be wrong!
[C] Perhaps this could be somehow done with a rats nest of SSDs, but that really seems unwieldy, right? I plan on using a fair amount of the available objects, so it would be many SSDs per suffix. Yuck.
Can anyone comment on my above thoughts, or provide how they would go about supporting multiple DNS domains that have common configuration data?
Thank you,
Chris

Ok, I answered my own question. Turns out it's pretty easy. Just use the "-a domainName=example.com" option with `ldapclient` then make sure that the FQDN of the LDAP server is available (or use its IP address). My problem was that the ldapclient overwriting nsswotch.conf was clobbering the SSL session because I used the FQDN which couldn't resolve.
This leaves an interesting condition of having the output of "domainname" not match the DNS domain. I'm testing now to see if this causes any unexpected issues with our environmnet, but I suspect it's not a problem.

Untrusted server cert chain - while connecting with ldap

Hi All,
I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
javax.naming.CommunicationException: hostname:636 [Root exception is ja
vax.net.ssl.SSLException: untrusted server cert chain]
javax.naming.CommunicationException: hostname:636. Root exception is j
avax.net.ssl.SSLException: untrusted server cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
275)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
at java.io.OutputStream.write(Unknown Source)
at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at Test2.getProxyDirContext(Test2.java:66)
at Test2.main(Test2.java:40)
Any help would be appreciated
Thanks in Advance
Somu

This got resolved when in the code the following
System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
in X509 format

LDAP on wls6.1

Similar Messages

Maybe you are looking for