Ldap schema extension to control which users / group are imported

Similar Messages

• AD users/groups are "Not Found"

  Have some issues with our Mac OS X Server (10.5.6).
  I completed the initial setup of the "golden triangle" just fine--and our Open Directory is completely integrated into our Active Directory.
  I logged in today into the server today only to find that all of the AD users and groups are listed as "Not Found" in Workgroup manager. Active Directory authentication still works but the server can't seem to pull names from AD anymore. I checked the AD directory though Workgroup manager and it didn't list any users.
  However, when I logged in to the Replica and attempted the same steps, the AD users and groups were listed, just like nothing happened. Logged back into the Master and all of the AD users are still listed as "Not Found".
  I checked all of the settings and nothing has been changed since last week (and it was working last week). However when I open Directory Utility it says on both the Replica and the Master that the Local Server isn't responding.
  Thought that a restart would do the trick but the server is being heavily used at the moment. Is there a way to restart just the LDAP server without restarted the entire server? And has anyone else had this ran into this problem before?

  Got it working by clicking twice the checkbox in front of the field  "Use UME Unique with LDAP unique".
  This updated the value from uid to samaccountname (which it should have read from the config xml file allready)

• Saprouter service on windows -  which user rights are required?

  Hi,
  We have the saprouter service running in a windows 2003 server, this service is started by a user account named 'saprouter' which has its password set to never expires.
  Due to security concerns, our IT Security Deparment have ask us to apply all the following restrictions to the 'saprouter' user:
     1) 'Logon locally' user right is disabled
     2) Userid is not a member of the Administrators group
     3) Deny access to the user rights: 'Access this computer from network' and      'Logon through Terminal Services'
  As per our security policy, non-expiring passwords are allowed only for users that can meet all the conditions listed above.
  The questions are ¿Which user rights should be granted to the user account that starts the saprouter service? ¿Could we apply the conditions listed above without impact the saprouter service?
  Thank you for your kind attention.
  Sokram

  following permissions are required to set SAPRouter working :
  1. password never expires
  2. user never change the password
  3. should be member of administrator
  4. profile --> home folder :c:\user\sap\saprouter (path of instllables)
  5. end disconnected session : never , active session limit : never , idle session limit : never
  check if you can apply above points for your users
  Regards,

• My server is sending SPAM - how do I find out which user(s) are sending it?

  I just received a notice from my ISP that some SPAM was sent by my email server. He included samples of the spam. Unfortunately I can't find any info in the spam to tie it to an IP number that would help me find if one of my users is infected.
  I think I have the SMTP set so that it can only be used with authentication. We have had this set up for some time now (over two years at least) and this is our first instance.
  I'm concerned that one of my users on a PC is infected and using their smtp authentication to send this stuff.
  Any advice on where to go from here?
  I have included the results of postconf -n to see if I have any configuration problems.
  Thanks.
  alias_maps = hash:/etc/aliases
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  enableserveroptions = yes
  inet_interfaces = all
  mail_owner = postfix
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  mapsrbldomains =
  messagesizelimit = 15728640
  mydestination = $myhostname,localhost.$mydomain,localhost,zeryn.com
  mydomain = zeryn.com
  mydomain_fallback = localhost
  myhostname = mail.zeryn.com
  mynetworks = 127.0.0.1/32,65.39.65.22
  mynetworks_style = host
  newaliases_path = /usr/bin/newaliases
  ownerrequestspecial = no
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = postdrop
  smtpdclientrestrictions = permit_mynetworks rejectrblclient sbl-xbl.spamhaus.org permit
  smtpdpw_server_securityoptions = login,cram-md5,plain
  smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
  smtpdsasl_authenable = yes
  smtpduse_pwserver = yes
  unknownlocal_recipient_rejectcode = 550
  virtualaliasmaps = hash:/etc/postfix/virtual
  virtualmailboxdomains = hash:/etc/postfix/virtual_domains
  virtual_transport = lmtp:unix:/var/imap/socket/lmtp
  xserve Mac OS X (10.4.9)

  A list of the emails was sent to me, but I'm not sure there is enough header info in them to tell me what I want. However, I searched the log for the "from email" and found some at about the same time in the log. Here is the header and the parts of the log dealing with this email address:
  Email header? -------------
  From: "alisander gianni" <[email protected]>
  To: <Undisclosed Recipients>
  Subject: RE: Get the size that kills with enlargement pills. Try Advanced Gain Pro ***** Enlargement Pills.
  Date: Sun, 6 May 2007 07:43:43 -0700
  Message-ID: <357701c78fec$f1ee7960$0801010a@lye>
  MIME-Version: 1.0
  Content-Type: text/plain;
  charset="koi8-r"
  Content-Transfer-Encoding: 7bit
  X-Mailer: Microsoft Outlook Express 6.00.2900.2527
  Thread-Index: AceP7S2xF77i9UyvRp6aehJVe3GLbg==
  X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
  X-Sieve: CMU Sieve 2.2
  X-AOL-IP: 65.39.65.21 (<-- this is my server ip)
  SMTP log entries ------------
  May 6 07:44:49 zeryn postfix/smtpd[2846]: warning: 60.48.247.22: hostname tm.net.my verification failed: Host not found
  May 6 07:44:49 zeryn postfix/smtpd[2846]: connect from unknown[60.48.247.22]
  May 6 07:44:50 zeryn postfix/smtpd[2846]: 0621623D6EDE: client=unknown[60.48.247.22]
  May 6 07:44:50 zeryn postfix/cleanup[2850]: 0621623D6EDE: message-id=<357701c78fec$f1ee7960$0801010a@lye>
  May 6 07:44:50 zeryn postfix/qmgr[118]: 0621623D6EDE: from=<[email protected]>, size=1847, nrcpt=1 (queue active)
  May 6 07:44:50 zeryn postfix/smtpd[2853]: connect from localhost[127.0.0.1]
  May 6 07:44:50 zeryn postfix/smtpd[2853]: EC70A23D6EE1: client=localhost[127.0.0.1]
  May 6 07:44:50 zeryn postfix/cleanup[2850]: EC70A23D6EE1: message-id=<357701c78fec$f1ee7960$0801010a@lye>
  May 6 07:44:50 zeryn postfix/qmgr[118]: EC70A23D6EE1: from=<[email protected]>, size=2231, nrcpt=1 (queue active)
  May 6 07:44:50 zeryn postfix/smtpd[2853]: disconnect from localhost[127.0.0.1]
  May 6 07:44:51 zeryn postfix/smtp[2851]: 0621623D6EDE: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 2.6.0 Ok, id=02590-09, from MTA: 250 Ok: queued as EC70A23D6EE1)
  May 6 07:44:51 zeryn postfix/qmgr[118]: 0621623D6EDE: removed
  May 6 07:44:51 zeryn postfix/pickup[2343]: 2501123D6EE5: uid=77 from=<[email protected]>
  May 6 07:44:51 zeryn postfix/lmtp[2854]: EC70A23D6EE1: to=<[email protected]>, relay=/var/imap/socket/lmtp[/var/imap/socket/lmtp], delay=1, status=sent (250 2.1.5 Ok)
  May 6 07:44:51 zeryn postfix/qmgr[118]: EC70A23D6EE1: removed
  May 6 07:44:51 zeryn postfix/cleanup[2850]: 2501123D6EE5: message-id=<357701c78fec$f1ee7960$0801010a@lye>
  May 6 07:44:51 zeryn postfix/qmgr[118]: 2501123D6EE5: from=<[email protected]>, size=2510, nrcpt=1 (queue active)
  May 6 07:44:51 zeryn postfix/smtpd[2846]: disconnect from unknown[60.48.247.22]
  May 6 07:44:51 zeryn postfix/smtpd[2853]: connect from localhost[127.0.0.1]
  May 6 07:44:51 zeryn postfix/smtpd[2853]: 3949F23D6EE8: client=localhost[127.0.0.1]
  May 6 07:44:51 zeryn postfix/cleanup[2850]: 3949F23D6EE8: message-id=<357701c78fec$f1ee7960$0801010a@lye>
  May 6 07:44:51 zeryn postfix/qmgr[118]: 3949F23D6EE8: from=<[email protected]>, size=2874, nrcpt=1 (queue active)
  May 6 07:44:51 zeryn postfix/smtpd[2853]: disconnect from localhost[127.0.0.1]
  I'm not sure how to read the log file. Is there something here out of the ordinary? Does the server consider these valid users/email?

• How do I change the setting that remembers which user names are typed within the user name tabs of given websites?

  When I am typing in my user name for a website, a bunch of previously typed user names pop up. I Do not want those other names to pop up, and/or I just want my own user name to appear when I begin to type it.

  When the unwanted name pops up and is highlighted hit the delete key on your keyboard and it will be removed and not pop up again.
  For more details see [[Form autocomplete#w_deleting-individual-form-entries]] Note you can scroll up and down that page
  You may also be interested in looking at [[Location bar autocomplete]]

• How to see which methods/classes are important?

  Hi Everyone,
  I am a beginner writing one of my first applications and I have a very newby question. How do I organize and manage many methods (and classes) to see which are the important ones and which are not?
  The questions arised for me because I noticed that I am a bit reluctant to introduce new helper private methods in a class, because I fear there would be too many methods and I couldn’t handle/oversee them... I know it’s probably very wrong and stupid. That’s why I would really like to put it right in me.
  So for example I create a class with a few public methods that are of course the most important part of the class. Those public methods need some more private methods that still do something important and maybe complex thing. But then I stilll need more methods to make clear code in the previous methods. Finally I end up with 20-30 methods in a supposed to be simple class. If I just look into it in Eclipse I have to scroll up and down a lot and even in the package explorer I can’t tell the importants methods apart from the rest. Is this normal?* (Please confirm it is; it would bring relief to me :))
  I thought some kind of method hierarchy shown in the package explorer and expressed in the indentation of the code would help. It would be based on the call hierarchy, but I realize that may be ambiguous. Still, do you know if there is any tool, plugin, solution for this?
  I mean something like this:
  SomeClass:
  ..-veryImportantMethod
  ....-importantMethod
  ....-imprtantMehtod2
  ........-method
  ........-method2
  ........-method3
  ............-reallyNotImportanMethod
  The same thing goes for classes. I start with a few important ones and introduce many less important later. I guess I can’t organize them into different packages based on importance because packages are not for that. It’s just looks strange for me to see a small unimportant helper class opened in the tab next to my main delagator class. (I'm not sure I know correclty what delegator means but that's not important at the moment :))
  I am really just a beginner (needless to say probably :)) but I think it would be easier to intellectually manage the code if there would be some importance hierarchy. It doesn’t even have to be unambiguous as it would only be a way to display the code by the IDE; it wouldn’t affect the program in any way.
  If you have any comments about why this whole thing is not important “because when you write your code..... “ or why I am totally lost and wrong here; I would really appreciate that as well :)
  Thanks in advance,
  lemonboston

  lemonboston wrote:
  Hi Everyone,
  I am a beginner writing one of my first applications and I have a very newby question. How do I organize and manage many methods (and classes) to see which are the important ones and which are not?
  The questions arised for me because I noticed that I am a bit reluctant to introduce new helper private methods in a class, because I fear there would be too many methods and I couldn’t handle/oversee them... I know it’s probably very wrong and stupid. That’s why I would really like to put it right in me.
  So for example I create a class with a few public methods that are of course the most important part of the class. Those public methods need some more private methods that still do something important and maybe complex thing. But then I stilll need more methods to make clear code in the previous methods. Finally I end up with 20-30 methods in a supposed to be simple class. If I just look into it in Eclipse I have to scroll up and down a lot and even in the package explorer I can’t tell the importants methods apart from the rest. Is this normal?* (Please confirm it is; it would bring relief to me :))
  I thought some kind of method hierarchy shown in the package explorer and expressed in the indentation of the code would help. It would be based on the call hierarchy, but I realize that may be ambiguous. Still, do you know if there is any tool, plugin, solution for this?
  I mean something like this:
  SomeClass:
  ..-veryImportantMethod
  ....-importantMethod
  ....-imprtantMehtod2
  ........-method
  ........-method2
  ........-method3
  ............-reallyNotImportanMethod
  The same thing goes for classes. I start with a few important ones and introduce many less important later. I guess I can’t organize them into different packages based on importance because packages are not for that. It’s just looks strange for me to see a small unimportant helper class opened in the tab next to my main delagator class. (I'm not sure I know correclty what delegator means but that's not important at the moment :))
  I am really just a beginner (needless to say probably :)) but I think it would be easier to intellectually manage the code if there would be some importance hierarchy. It doesn’t even have to be unambiguous as it would only be a way to display the code by the IDE; it wouldn’t affect the program in any way.
  If you have any comments about why this whole thing is not important “because when you write your code..... “ or why I am totally lost and wrong here; I would really appreciate that as well :)
  Thanks in advance,
  lemonbostonI think you would benefit from this http://en.wikipedia.org/wiki/Domain-driven_design

• Deletion of user group

  hello,
  I created a new user group ,i am trying to delete that group but it is showing the error like
  user group XXXXX still used in master records.
  thanks and regards
  patan thavaheer

  Hi Thavaheer,
  which user group are you referring to? there are user groups in Ad Hoc queries, user Ids etc.
  In case, its Ad Hoc query, then you can delete the user group only if no query is saved in the user group.
  In case of user group of user IDs, if any user exists in the user group you won't be able to delete it.
  Regards,
  Ajinkya

• Controlling which RED audio tracks to import

  Is there any way to control which audio tracks are imported when working with RED R3D files?
  This is probably user error, but the company that we use for Red shoots has their camera set up so that the talent audio is on track 2 (with track 1 and 3 being empty, but still active). So I get three mono tracks for each clip I import.

  After you import, and before you use any of the clips in a sequence, select them and go to Clip > Modify > Audio Channels. There are a number of options in that dialog for mapping source audio channels as you need.

• Which table/view stores information on APEX user groups?

  Hi All,
  I need to list all the APEX users, their roles(i.e. IS_ADMIN or IS_DEVELOPER) and the user groups they belong to.
  Can some one kindly share the information on which tables/views will have all this information?
  I am aware of apex_workspace_users which tells me about the roles (i.e. IS_ADMIN or IS_DEVELOPER).
  Thanks in advance.
  Annie

  Thanks jari for your help.
  I did manage to get the information on user groups by using APEX_UTIL.get_groups_user_belongs_to function.
  However there are two issues in that:
  Firstly, the requirement is that i should be able to retrieve this details by executing queries in SQLPPlus and not APEX WS. However, executing APEX_UTIL.get_groups_user_belongs_to function in sqlplus returns no data. That means there are certain permission issues on the underlying tables.
  Secondly, the user groups are listed in a single row and I'd like the result in the multiple rows.

• WLCS USer/Group Management

  Hi,
  I am having a problem with the WLCS3.1 UserManagement part.
  The application we are buildin basically consists of two pieces, Internet
  and extranet( site
  accessible to our customers/partners by logging in).
  The internet part has couple of forms that our prospect customers submit and
  this user profile information gets stored in Oracle.
  The second piece isour extranet, which works in sync with our Customer
  Relationship Management appliction. The users information is put into
  Netscape DirectoryServer(NDS) by our CRM application ans we just use it for
  authentication and single sign on into both the application.
  Since the User Management system works in conjunction with the WebLogic
  Server's security realm (which happens to be LDAP for us), we cannot store
  user/groupes anymore into oracle by using JSP taglibraries.
  My question is, if we can store just the user (and password) in NDS LDAP and
  the
  GROUP and profile in WebLogic and personalize the content based on this
  info.?
  If so, what is the best workaround for this..
  Any help is greatly appreciated.
  Thanks
  -sarath

  Hi Tracy,
  Are you trying to create property sets?
  If you are trying to create a user/group property set, then you do that with the EBCC tool. See the "Site Infrastructure" tab and
  use
  File --> New --> Site Infrastructure --> User Profile to create a new one. See "Creating a Property Set Definition" at
  http://edocs.bea.com/wlp/docs70/dev/usrgrp.htm#998997 .
  Tracy Ward wrote:
  How do you assign Property sets in the user group management - the set shows in users and groups - but not in the management window--
  Ture Hoefner
  BEA Systems, Inc.
  4001 Discovery Drive
  Suite 340
  Boulder, CO 80303
  www.bea.com

• AE 5.2: Using user groups as a dropdown function

  Hi All
  We would like to use the user group functionality on CUP but the client does not have the same user groups across all systems.
  Our suggestion is that they have all user groups defined across all the systems.
  Is there a way that we could accomodate the client as per the current set-up where not all user groups are defined on all systems?
  Any assistance on this matter will be appreciated.

  Hi,
  I'm not sure of all the complexities around this but we had a similar problem where the user respository we used could not be connected using LDAP.
  The solution that was implemented was to create an ADAM (Active Directory Application Mode) directory, which is connected to the user repository - ADAM is then connected the UME for AE as the LDAP server.
  Probably not the most elegant solution, but we have been using this in  PRD environment for a couple of months now without any performance issues.
  Unfortunately I don't have all the details to guide you through all the config that was required, but perhaps you could investigate this as an alternative solution.
  Regards

• LDAP Groups are empty

  Hello Forum,
  I have a teaming 2.1 installation up and running and it synchronizes well with the ldap-server except for one thing: All groups are empty. users are synced and operable, groups are also there but empty.
  I'm not sure how to have teaming extract the group members.
  Any thoughts?
  TIA,
  MKramer

  Originally Posted by ksiddiqui
  Kramer,
  Is there are reason why you use posixgroup and not the default filter which is:
  (|(objectClass=group)(objectClass=groupOfNames)(ob jectClass=groupOfUniqueNames))
  -- Khurram
  Yes, our directory tree does not have the objectClass group. Groupnames are have the objectClass posixgroup. Groupmembers have the attribute memberUid.
  the default filter cannot (at least does not) extract any data from our tree.
  The box syncronize group membership is checked and I suspect that teaming tries to extract the group members via a different attribute than memberUid. Unfortunately I have not found information about how specifically the group member sync takes place.
  Thanks in advance,
  M. Kramer

• SQ03 - User Groups missing after Upgrade

  Hi,
  Recently we have upgraded to ECC 6. We have noticed that our SAP Query user groups are missing. We have some reports which we need to access. Any clue?
  Thanks in advance
  Regards
  GB

  http://help.sap.com/saphelp_me52/helpdata/EN/47/1e533e5ff4d064e10000000a114084/frameset.htm

• Importing Roles-User Groups Mapping from one Environment to Another

  Hi,
  I have this situation. I am using WLP8.1 SP4
  I have two environments (E1 and E2)and I have 2 MS Active Directory server (MS1 and MS2). The LDAP authenticator in E1 is configured to use MS1 and the LDAP authenticator in E2 is configured to use MS2. The user groups are stored in the Active Directory servers and the role-user groups mappings are done within the Weblogic.
  I imported the role-user groups mappings from E1 to E2 and it works. After that, if I map another user group to an existing role and do an import again from E1 to E2, it does not take any effect. Why is it so? Any kind soul can help me? I am very lost now.?:|

  Hello! :)
  Unfortunately, I'm already using Catalog Manager in transferring files. I'd really like to find out if there is a particular file that defines the permissions of the objects that I should also transfer, or if I should really do that manually for each of the objects?
  Thanks for the reply! :)

• AD Schema Extension Updates?

  Hi,
  I was wondering whether anyone had any idea if Apple have any plans to update the AD schema extensions to support Apple Computer Groups rather than just Computer Lists? Lists are pretty old and the extra flexibility that comes with Computer Groups would be welcomed.
  Thanks in advance.
  Bobby

  As I understand it, the main roadblock is that the Active Directory connector (essentially a directory service plug-in that translates AD-speak to Apple's internal format) doesn't computer groups, just computer lists. This could be added in future versions of the AD connector (I have no idea if there are any plans for this), but even then if you built computer groups in AD, they'd only work with Mac clients that had the newer version of the connector...
  BTW, I've never seen much difference between computer groups vs. lists (probably because I don't use either one very much). What extra flexibility are you wishing for?