LDAP search from an Express Rule
Hi,
I need to do a simple search in a LDAP directory from inside a Rule. I�m trying to do this from Express code but i�m not able and dont find any info about it in the forum.
I�m trying to do it with a code like:
<block>
<setvar name='context'>
<new class='javax.naming.ldap.InitialLdapContext'/>
</setvar>
<invoke name='search'>
<ref>context</ref>
<s>c=es</s>
<s>(cn=*)</s>
<s>null</s>
</invoke>
</block>
I dont know if i have to use javax.naming.ldap.InitialLdapContext or maybe the com.sun.jndi.ldap that comes with idM.
Any clue? Any sample code to do it?
Regards,
Here is a simple example of calling a custom Java Class to retrieve a users phone number from LDAP. Hope someone can return the favor by answering some of my posts.
<invoke class="JNDIutility" name="getUsersPhoneNumber">
<ref>:variables.employeeID</ref>
<s>ou=NonEmployees,ou=People,dc=xxx,dc=xxx</s>
</invoke>Here is the simple Java class:
* @(#)JNDIutility.java 1.0 07/16/2007
* Author: Larry L. Viars
* Perform an Enterprise Directory search by specifying a set of
* search attributes to be matched.
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
import java.util.ArrayList;
import java.util.StringTokenizer;
import java.util.*;
public class JNDIutility {
static public DirContext context;
static private Hashtable env;
public JNDIutility ()
public static DirContext connect()
// Set up the environment for creating the initial context
env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=Directory Manager");
env.put(Context.SECURITY_CREDENTIALS, "Y0urP@ssw0rd");
env.put(Context.PROVIDER_URL, "ldap://yourservername.xxx.xxx:389");
try
context = new InitialDirContext(env);
catch(NamingException e)
System.out.println("Directory server binding error");
e.printStackTrace();
// logging code goes here
return context;
* Perform an Enterprise Directory search by specifying a set of
* search attributes to be matched.
* Search Attributes: (userID)
* Returns a Users Phone Number from LDAP.
public static String getUsersPhoneNumber(String userID, String contextToSearch) {
List InitList = new ArrayList();
String searchType;
String rc = "false";
try {
// Create initial context
context = connect();
// Specify the ids of the attributes to return
String[] attrIDs = {"TelephoneNumber"};
// Specify the attributes to match
// Ask for objects that have the attribute
Attributes matchAttrs = new BasicAttributes(true); // ignore case
matchAttrs.put(new BasicAttribute("enterpriseid", userID));
// Search for objects that have those matching attributes
NamingEnumeration answer = context.search(contextToSearch, matchAttrs, attrIDs);
while (answer != null && answer.hasMore())
SearchResult sr = (SearchResult) answer.next();
String TelephoneNumber = sr.getName();
Attributes attrs = sr.getAttributes();
for (NamingEnumeration ne = attrs.getAll(); ne.hasMoreElements();) {
Attribute attr = (Attribute) ne.next();
String attrID = attr.getID();
for (Enumeration vals = attr.getAll(); vals.hasMoreElements();) {
InitList.add(vals.nextElement());
} // End while loop displaying list of attributes
// Close the context when we're done
context.close();
} catch (Exception e) {
e.printStackTrace();
String UsersPhoneNumberToString = (InitList.toString());
String UsersPhoneNumberWithLeftBracketRemoved = UsersPhoneNumberToString.replaceAll("(?:\\[)+", "");
String UsersPhoneNumberWithBothBracketsRemoved = UsersPhoneNumberWithLeftBracketRemoved.replaceAll("(?:])+", "");
return UsersPhoneNumberWithBothBracketsRemoved;
}
Similar Messages
-
How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird?
How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird? We have a super awesome contacts server that works great for our Mac users. About 30% of our company are on PCs, and I would like to use the Mozilla Thunderbird mail client for them. I see that in Thunderbird I can set up LDAP searching, and would like to have this feature point to our contacts server. I've tried several different settings, and looked all over the web, but could not find the proper way to configure this. Does anyone know if this can be done, or if not, would have a better suggestion? Thank you for your time!!
try double clicking keychain acces should launch and ask if you want to install login, system, System roots
A dialog box will launch asking where to install the cert since your configuring a vpn I would put the certificate it in system. -
Hi community,
I set up search server 2010 express on a windows 2008 r2 server.
The Adobe PDF iFilter 9 64 bit is installed and search is correctly configured to find PDF-files.
When doing a search and clicking on a link of the result page, the PDF is not opened in the browser, instead the adobe reader XI client application (11.0.04) is invoked and an error raised like "could not open document .. check syntax of url..."
Right click on a link to open in new tab works fine. And PDF-Files from other arbitrary Internet Sites opens in browser correctly. Moreover when configure Adobe Acrobat Pro 9 as default application on the client it also open in Browser correctly.
I noticed googling the web there are several challenges when dealing with PDF-files in sharepoint. The following settings are made so far:
1. In IE: Add-On to open PDF in Browser is enabled for all sites.
2. Client Integration is enabled
3. The OpenControl attribute in the DOCICON.xml is left empty OpenControl="" for the pdf entry.
4. The Browser File Handling is set to "Permissive".
Please feel free to ask for more information if needed.
I appreciate any help on this. I don't know what to do further.
Thanks in advance.Thanks for the reply.
Before responding to your points I want to give a little more context:
We have an intranet based on pure html and a little aspx containing many of those pdf- files. By clicking on the links in the intranet the files open correctly in browser handled by the adobe plugin. Now we set up this search server crawling the file system
accessed through a share to the root folder of the intranet. In the search server settings a host mapping rule is applied to replace the file://[share] with http://[intranet host+domain+port] to access files over http.
And now to answer your question. The resulting urls are the same, copying the link from intranet and copying the link from the search result (except some case issues).
The event viewer not seem to show any errors on this, though I'm not very familiar using it.
If any further information are from interest and any ideas come to your mind - please let me know.
Thanks. -
Sun idm LDAP Search Filter, logical operations.
Hi
Can any body please give me the solution on LDAP Search Filter
I need to get all the users from a LDAP
Whose attribute1 contains any of the values like (abc, bbc)
OR
Whose attribute2 contains any of the values like (xyz, yxz)we got the solution
(|(|(attr1=abc)(attr1=bbc))(|(attr2=xyz)(attr2=yxz)))
finally this worked. -
Ldap search query takes more than 10 seconds
LDAP query takes more than 10 seconds to execute.
For validating the policy configured, the Acess Manager(Sun Java System Access Manager) contacts the LDAP (Sun Java System Directory Server 6.2) to get the users in a dynamic group. The time out value configured in Access Manager for LDAP searches is 10 seconds.
Issue : The ldap query takes more than 10 seconds to execute at some times .
The query is executing with less than 10 seconds in most of the cases, but it takes more than 10 seconds in some cases. The total number of users available in the ldap is less than 1500.
7 etime =1
6 etime =1
102 etime=4
51 etime=5
26 etime=6
5 etime=7
4 etime=8
From the ldap access logs we can see the following entry,some times the query takes more than 10 seconds,
[28/May/2012:14:21:26 +0200] conn=281 op=41433 msgId=853995 - SRCH base="dc=****,dc=****,dc=com" scope=2 filter="(&(&(***=true)(**=true))(objectClass=vfperson))" attrs=ALL
[28/May/2012:14:21:36 +0200] conn=281 op=41434 msgId=854001 - ABANDON targetop=41433 msgid=853995 nentries=884 etime=10
The query was aborted by the access manger after 10 seconds.
Please post your suggestions to resolve this issue .
1.How we can find out , why the query is taking more than 10 seconds ?
2.Next steps to resolve this issue .Hi Marco,
Thanks for your suggestions.
Sorry for replying late. I was out of office for few weeks.
1) Have you already tuned the caches? (entry cache, db cache, filesystem cache?)
We are using db cache and we have not done any turning for cache. The application was working fine and there was no much changes in the number of users .
2) Unfortunately we don't have direct access to the environment and we have contacted the responsible team to verify the server health during the issue .
Regarding the IO operations we can see that, load balancer is pinging the ldap sever every 15 seconds to check the status of ldap servers which yields a new connection on every hit. (on average per minute 8 connections - )
3) We using cn=dsameuser to bind the directory server. Other configuration details for ldap
LDAP Connection Pool Minimum Size: 1
LDAP Connection Pool Maximum Size:10
Maximum Results Returned from Search: 1700
Search Timeout: 10
Is the Search Timeout value configured is proper ? ( We have less than 1500 user in the ldap server).
Also is there any impact if the value Maximum Results Returned from Search = set to 1700. ( The Sun document for AM says that the ideal value for this is 1000 and if its higher than this it will impact performance.
The application was running without time out issue for last 2 years and there was no much increase in the number of users in the system. ( at the max 200 users added to the system in last 2 years.)
Thanks,
Jay -
Can't import from OUTLOOK EXPRESS 5 to Mail
I was trying to import contacts and e-mails from OUTLOOK EXPRESS and somehow all my information seemed to be erased from OUTLOOK.
When I try to open it up it doesn't have all my emails and addresses. It's as if it just got installed. I don't know where to look for this info in my hard drive.
Called APPLE and they told me that it could be that it got corrupted and deleted.
I have years of information in there. Any suggestions?Outlook 5 -> Mail
You can't go directly from Outlook 5 to Mail but you can do Outlook 5 -> Entourage -> Mail and that works very well
Your mail in Outlook 5 (I am assuming you're running Outloook Express 5.x under OS 9.2.x) is in the MUD folder. You'll find it in Documents > Microsoft User Data > Identities > Main Identity
If the Main identity is empty do a search for "Main Identity" and see if there are any other folders of the same name
If you can't locate it, restore it from a backup, import it into Entourage and then into Mail -
Open Directory, third party LDAP search path problem on Snow Leopard
Happy new year folks,
I ran into an interesting problem this past week in regards to a third party LDAP directory in the Search path (which used to work on previous versions). The issue brings the server to its knees eventually. I'm still digging through the logs, but here's the general breakdown...
1. Add third-party LDAP to the OD node list. This has always worked on previous versions, and appears to still work at the most basic level. I can navigate the node with DSCL, read records, etc.
1. Add third-party LDAP to the OD search path.
2. Wait a few minutes....
3. The server begins to slow down. Apache, SSH, ServerAdmin service stop responding. I'm able to run "top" briefly, which shows an increase of threads.
4. Restart the server and quickly remove the directory from the OD search path
5. Server goes back to being rock solid with very nice response times for Apache, SSH, ServerAdmin, etc.
If anyone has any debugging suggestions, or has seen this before, let me know.
Jaime
--- Below is some console output leading up to the chaos. Before adding to search path, everything looks good --------------------
bash-3.2# dscl
Entering interactive mode... (type "help" for commands)
read /LDAPv3/ldap.itd.umich.edu/Users/jaimelm cn
dsAttrTypeNative:cn:
Jaime Magiera
Jaime L Magiera 1
Jaime L Magiera
--- Add to Search Path, which hangs ------------------------------------------------------------------------------
bash-3.2# dscl /Search -append / CSPSearchPath /LDAPv3/ldap.itd.umich.edu
--- DSCL in debug mode contains the following ----------------------------------------------
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: ipfw, PID: 1097, API: libinfo, Server Used : libinfomig DAR : Procedure = getprotobynumber (13) : Result code = 0
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: sso_util, PID: 1103, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779669 : Requested nodename = /Search
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Plug-in call "dsDoPlugInCustomCall()" failed with error = -14292.
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Port: 27151 Call: dsDoPlugInCustomCall() == -14292
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
707 : Requested nodename = /LDAPv3/ldap.itd.umich.edu
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779707 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 167797072010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707
: Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAC : Dir Ref 16779707 :
Data buffer size = 1282010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
707 : Requested nodename = ConfigNode2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779
707 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: Requesting dsOpenDirNode with PID = 1114, UID = 0, and EUID = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAC : Dir Ref = 16779707 : Node Name = /Configure
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAR : Dir Ref = 1677970
7 : Node Ref = 33556926 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 16779707
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAC : Node Ref = 33556926 : Requested Attrs = dsAttrTypeStandard:OperatingSystemVersion : Attr Type Only Flag = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAR : Node Ref = 33556926 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33556924 : Requested Attrs = dsAttrTypeStandard:LSPSearchPath : Attr Type Only Flag = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAR : Node Ref = 33556924 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsDoPlugInCustomCall(), Search Used : DAC : Node Ref = 33556924 : Request Code = 444
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Checking for Search Node XML config file:
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfig.plist
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Have written the Search Node XML config file:
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfigBackup.plist
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Setting search policy to Custom search
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CSearchPlugin::SwitchSearchPolicy: switch - reachability of node </LDAPv3/127.0.0.1> retained as <true>
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: checking network node reachability on search policy 0x0000000000002201
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CCachePlugin::EmptyCacheEntryType - Request to empty all types - Flushing the cache
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/127.0.0.1
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAR : Dir Ref = 16777216 : Node Ref = 33556929 : Result code = 0
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: calling dsOpenDirNode succeeded on node </LDAPv3/127.0.0.1>
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAC : Node Ref = 33556929
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAR : Node Ref = 33556929 : Result code = 0
2010-01-01 19:26:36 EST - T[0x0000000103181000] - mbr_mig - dsFlushMembershipCache - force cache flush (internally initiated)
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
2010-01-01 19:26:36 EST - T[0x0000000103181000] - Membership - dsNodeStateChangeOccurred - flagging all entries as expired
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/ldap.itd.umich.edu
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::InternalEstablishConnection - Node ldap.itd.umich.edu - Connection requested for read
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::FindSuitableReplica - Node ldap.itd.umich.edu - Attempting Replica connect to 141.211.93.133 for read
2010-01-01 19:26:36 EST - T[0x0000000102481000] - CCachePlugin::SearchPolicyChange - search policy change notification, looking for NIS
2010-01-01 19:26:36 EST - T[0x0000000102481000] - Internal Dispatch, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:SearchPath : Attr Type Only Flag = 0
------- From another screen, I do "id jaimelm", which hangs ------------------------------------------------------------------------
: Requested Rec Names = jaimelm : Rec Name Pattern Match:8449 = eDSiExact : Requested Rec Types = dsRecTypeStandard:Users
2010-01-01 19:36:55 EST - T[0x00000001082A2000] - Internal Dispatch, API: dsGetRecordList(), Search Used : DAC : 2 : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:RecordName;dsAttrTy peStandard:Password;dsAttrTypeStandard:UniqueID;dsAttrTypeStandard:GeneratedUID; dsAttrTypeStandard:PrimaryGroupID;dsAttrTypeStandard:NFSHomeDirectory;dsAttrType Standard:UserShell;dsAttrTypeStandard:RealName;dsAttrTypeStandard:Keywords : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = 0
2010-01-01 19:37:03 EST - T[0x0000000108325000] - Client: httpd, PID: 157, API: mbr_syscall, Server Used : process kauth result 0x0000000102022B30
2010-01-01 19:37:03 EST - T[0x00000001083A8000] - Client: httpd, PID: 151, API: mbr_syscall, Server Used : process kauth result 0x0000000102022C50
2010-01-01 19:37:05 EST - T[0x000000010842B000] - Client: httpd, PID: 203, API: mbr_syscall, Server Used : process kauth result 0x0000000102022D70
2010-01-01 19:37:15 EST - T[0x00000001084AE000] - Client: httpd, PID: 994, API: mbr_syscall, Server Used : process kauth result 0x0000000102023890
2010-01-01 19:37:26 EST - T[0x0000000108531000] - Client: httpd, PID: 198, API: mbr_syscall, Server Used : process kauth result 0x0000000102023980
2010-01-01 19:37:31 EST - T[0x00000001085B4000] - Client: httpd, PID: 161, API: mbr_syscall, Server Used : process kauth result 0x0000000~Hi
I'm in agreement with harry here but what I'm struggling to understand is why you are seeing this as a problem? I'm also struggling to see this as being a possibility in a single server environment if I understand your post correctly?
Promotion to OD Master with all that entails absolutely rests on a properly configured and tested internal DNS Service. The Kerberos Realm's foundation (and with that the ability of the server to perform its function as KDC and offer LDAP services) entirely depends on what is configured in the DNS Service. This will include the server name, domain name and tld. The Kerberos Realm automatically configures itself using that information. Likewise the searchbase.
Its more than possible to change the Realm name and with it the LDAP search base (in certain circumstances) and have an OD Master, however Kerberos won't start it won't need to as the KDC will be elsewhere. You generally see this when augmenting Windows AD with MCX. In that situation Realm name and search base will reflect what is set on the Active Directory. Client computers will use what is set there for contact and authentication information before looking at the OD Master for anything else.
Does this help? Tony -
Hi..
i am trying to use LDAP search qpac.I have the provider url and i gave the username as admin and password as password.when i drag the ldap search qpac into my workflow and refreshing for the baseDN, it is giving an error saying that "cannot instantiate class com.sun.jndi.ldap.LdapCtxFactory"
wht do the DC,CN mean?
plzz help me if there are any demos for understandin the ldap search qpac more.. have already read the topic given by marc szulc regarding ldap search qpac.
thanks..
Raghava Kumar V.S.S.I started getting this error when I mistakenly changed a search filter from (&(uid=james)(objectclass=Staff)) to (uid=james)(objectclass=Staff)). It is complaining about the unbalanced parenthesis.
-
How can I perform LDAP searches in BPEL?
Hello,
I'm trying to search an LDAP directory from a BPEL process.
There is a "ldap:search" XPath extension which appears to do this, but how do I specify which server to use. Just calling this function in an Assign produces an error message referring to a file called "directories.xml". Can anyone tell me what format this file should have (or how I automatically generate it)? I can't see it mentioned anywhere in the documentation.
Thanks for your help.Did you ever get to know the location of this file?-directories.xml?
-
URGENT : EP LDAP Search Problem
Guys....any inputs ?????
Dear Portal Gurus,
We have connected LDAP To EP 6.0 SP12.
LDAP is ADS 2003 with two forests.(Deep Hierarchy)
I have created a XML config file for LDAP (UME Config. file) which connects to both the forests.
Everything works fine except when I navigate to Groups (say GROUPABC) and then from inside the group search for a USER (say USER001)who shows up as being in that group from a LDAP Browser (like Softerra) the search does NOT result in any match.
The group displays only 200 users even though there are more than 5000 users in it.The message we get is " the search hit is limited to 200 hits."
This user (USER001) does NOT show up in those 200 users.Now if I search for another user (say USER002) who is not in those 200 users but can be still seen from LDAP Browser (exactly like the last user I.E. USER001),that user (002) is being found as a result of a search from inside that group (GROUPABC).
There is a parameter in UME Properties file where we can change the max. search hits value from 200 to anything.
Will changing this value make EP to find USER001 in groupABC.
Pls note when USER001 and USER002 are searched as USERs (search users link) in EP they are seen to be assigned to the group GROUPABC.
Am told that windows has a limitation of showing only 1500 users inside a group.
To summarise : <b>my questions are :
1) How to find USER001 from inside GROUPABC &
2) How to display more than 1500 users inside that
GROUP in EP.</b>
Greatly appreciate your inputs.
Thanks.
Josh
Message was edited by: Josh Mannings
Message was edited by: Josh ManningsHi,
What you can do is
Go to -->config tool.bat
-->click on pencil icon
-->cluster_data
-->server
-->cfg
-->services
-->property sheet of com.sap.security.core.ume.service
-->find the property ume.superadmin.activate = TRUE
Now logon to your portal with admin credentials and once you logged in again come here and make this property = FALSE
This is known as SAP* user
NOTE: Please keep atleast one user with super admin role assigned when such thing happens again so that you can unlock it from portal itself and your work wont get stopped.
Regards,
Ameya -
Paged LDAP Search Results Question
Greetings,
I have some code that does a dbms_ldap.search_s to create a view of all users. Everything was working fine until last week when got an error and I realized the results return exceeded the LDAPS MaxPageSizeLimit (was set to 2000, we now have 2000+ users). I was able to get the sys admins to increase the size temporarily until I can modify my code to page the search results. I've been doing some research on Page LDAP Search Results and am not finding much for dbms_ldap. Perhaps my research skills are not up to snuff. In any case, I found on oracle docs (http://docs.oracle.com/cd/E17904_01/oid.1111/e10186/ext_ldap.htm#CEGJJIAF) where it references:
"As of Oracle Internet Directory 10g (10.1.4.0.1), you can obtain paged results from an LDAP search, as described by IETF RFC 2696. You request sorted results by passing a control of type 1.2.840.113556.1.4.319 to the search function. Details are described in RFC 2696."
However, I'm not finding much on how to implement this using dbms_ldap.
Can anyone point me somewhere that I can found how to implement returning pagedResults using ldap with Oracle 11g?
Best,
Nat
Edited by: 899806 on Jan 10, 2012 10:23 AMYes, I did read that but I don't see in that file where it references anything about dbms. I see the section on:
RFC 2696 LDAP Control Ext. for Simple Paged Results September 1999
pagedResultsControl ::= SEQUENCE {
controlType 1.2.840.113556.1.4.319,
criticality BOOLEAN DEFAULT FALSE,
controlValue searchControlValue
However, when I look at oracle docs, I don't see where in dbms_ldap you can specify this config. any pointers? -
I'm trying to create an authentication function that can perform a search/bind.
The algorithm for this is as follows:
1) Bind to the LDAP server as the application (ie: admin username and password)
2) Search the LDAP directory for the sign-in username %userid%
3) Get the DN of that entry
4) Unbind as the application
5) Bind as the sign-in username %userid% with the DN from above
I'm pretty sure that this is possible with the DBMS_LDAP and DBMS_LDAP_UTL packages, but I'm not sure how to put it all together. Does anyone out there know if a function such as this already exists?
Thanks,
LoganWell, I figured it out.
create or replace FUNCTION F_Authenticate (p_username in varchar2, p_password in varchar2)
RETURN BOOLEAN
IS
CURSOR ldap_param_cur
IS
SELECT *
FROM ldap_parameters;
ldap_param_rec ldap_param_cur%ROWTYPE;
l_session DBMS_LDAP.SESSION;
l_srch_attr DBMS_LDAP.STRING_COLLECTION;
l_attr_values DBMS_LDAP.STRING_COLLECTION;
l_result DBMS_LDAP.MESSAGE;
l_entry DBMS_LDAP.MESSAGE;
l_dn VARCHAR2 (200);
l_retval PLS_INTEGER;
multiple_uid EXCEPTION;
no_ldap_entry EXCEPTION;
BEGIN
-- get parameters from uvic_ldap_parameters table
OPEN ldap_param_cur;
FETCH ldap_param_cur
INTO ldap_param_rec;
-- if the cursor returns no records display error message and exit
IF ldap_param_cur%NOTFOUND
THEN
DBMS_OUTPUT.PUT_LINE
( 'LDAP Parameters not configured in UVIC_LDAP_PARAMETERS table'
CLOSE ldap_param_cur;
RETURN FALSE;
END IF;
CLOSE ldap_param_cur;
DBMS_LDAP.use_exception := TRUE;
BEGIN
-- open session to ldap server
l_session :=
DBMS_LDAP.init (ldap_param_rec.ldap_host,
ldap_param_rec.ldap_port
-- bind with credentials from cursor
l_retval :=
DBMS_LDAP.simple_bind_s (l_session,
ldap_param_rec.search_credential,
ldap_param_rec.search_passwd
-- run ldap search
l_retval :=
DBMS_LDAP.search_s (l_session,
ldap_param_rec.search_base,
DBMS_LDAP.SCOPE_SUBTREE,
ldap_param_rec.search_filter || p_username,
l_srch_attr,
0,
l_result
-- count the search result records
l_retval := DBMS_LDAP.count_entries (l_session, l_result);
-- if multiple search result records raise exception
-- the userid should be unique and only return 1 search record
IF l_retval > 1
THEN
RAISE multiple_uid;
ELSIF NVL (l_retval, 0) = 0
THEN
RAISE no_ldap_entry;
END IF;
-- select first entry from ldap search record
l_entry := DBMS_LDAP.first_entry (l_session, l_result);
-- get the distinguished name from the ldap record
l_dn := DBMS_LDAP.get_dn (l_session, l_entry);
-- close ldap session used to retrieve search results
l_retval := DBMS_LDAP.unbind_s (l_session);
-- open session to ldap server
l_session :=
DBMS_LDAP.init (ldap_param_rec.ldap_host,
ldap_param_rec.ldap_port);
-- bind using ldap search results distinguished name and password
-- if the bind is successful the user can login
l_retval := DBMS_LDAP.simple_bind_s (l_session, l_dn, p_password);
-- close ldap session
l_retval := DBMS_LDAP.unbind_s (l_session);
RETURN TRUE;
EXCEPTION
WHEN multiple_uid
THEN
l_retval := DBMS_LDAP.unbind_s (l_session);
DBMS_OUTPUT.PUT_LINE('Multiple LDAP entries found.'
RETURN FALSE;
WHEN no_ldap_entry
THEN
l_retval := DBMS_LDAP.unbind_s (l_session);
DBMS_OUTPUT.PUT_LINE ('No LDAP records found.'
RETURN FALSE;
WHEN OTHERS
THEN
l_retval := DBMS_LDAP.unbind_s (l_session);
DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
RETURN FALSE;
END;
EXCEPTION
WHEN OTHERS
THEN
l_retval := DBMS_LDAP.unbind_s (l_session);
DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
RETURN FALSE;
END F_Authenticate; -
Metadata from Media Expression 2
Hi, I am considering switching from Media Expression to Aperture. How do I transfer all of the metadata that I have produced in media expression to my imported folders in Aperture. Of particular importance are the colored labels and star ratings. The library includes just under 100k images and I want to be very careful about moving forward.
I understand that the labels and ratings do not necessarily compare apples to apples, but I need that information.
This would convert me to Aperture,
Thanks,
PeterI understand that the labels and ratings do not necessarily compare apples to apples, but I need that information.
Not a solution, but a way of doing it: Convert that data to Keywords: Write the keywords to the files, import them, search on these keywords (five for five star or whatever) and batch change the files to the Aperture version.
Regards
TD -
Trouble exporting Quicktimes from Avid Express Pro?
Hello! I'm operating Avid Express Pro version 4.3.0 on a G5 Mac OS 10.3.9 and I recently upgraded to QuickTime 7.1.5. I can no longer export quicktimes from Avid Express Pro because it is not compatible with this version of Quicktime. It's only compatible with QT 6.5.2. I've tried to use the reinstaller 6.5.2 and it doesn't work as it cannot seem to find 6.5.2 on my system. I now can't load 6.5.2 as I already have a higher version of quicktime on my system. I've tried deleting QuickTime files and starting from scratch and did delete a few items, but dragged the majority back into my computer from the trash as I realized I didn't know what I was doing and which 3rd party programs also utilized QuickTime.
If I wish to reinstall QuickTime 6.5.2 but the reinstaller won't work, what would you recommend?
HUGE thanks!
Mac G5 Mac OS X (10.3.9) Avid Express Pro 4.3.0Not sure that anyone in the iPod Nano forum can help you. You might try searching/posting in the Quicktime Forum
http://discussions.apple.com/category.jspa?categoryID=122 -
What are attributes we can use in LDAP query in server derivation rules
Q: What are attributes we can use in LDAP query in server derivation rules
A: Server derivation rules can be defined for an LDAP server in the same way as that for a Radius server. As opposed to a Radius server, where the list of attributes that are defined for a server are standard, for an LDAP server, the attributes depend on the type of the server.
The following table contains the list of attributes that are available for an Active Directory implementation. The server may maintain only a subset of these attributes, depending on how the user entries have been configured.
Attribute Name:
==============
sAMAccountname
userPrincipalName
givenName
sn
initials
description
physicalDeliveryOfficeName
telephoneNumber
mail
wwwHomePage
url
logonHours
logonWorkstation
userAccountControl
pwdLastSet
userAccountControl
accountExpires
streetAddress
postOfficeBox
postalCode
memberOf
primaryGroupID
title
department
company
manager
directReports
profilePath
scriptPath
homeDrive
homeDirectory
HomeDirDrive
telephoneNumber
otherTelephone
pager
pagerOther
mobile
otherMobile
fascimileTelephoneNumber
otherFascimileTelephoneNumber
ipPhone
otherIpPhone>
praveen.tecnics wrote:
> hi experts
>
> what are mapping rules in sap xi/pi ? how we can use this rules for special charters mapping .
to map special characters you need to use an element called CDATA in your mapping
a special character causes an error....as XI wont be able to read it (as it is not in a proper XML format)...so to parse this character through XI without causing an eror use the CDATA....just make a search on SDN and you will find the proper use of it....
For your info: http://www.w3schools.com/XML/xml_cdata.asp
Regards,
Abhishek.
Edited by: abhishek salvi on May 20, 2009 8:52 AM
Maybe you are looking for
-
MapiExceptionJetErrorPageNotInitialized: Unable to mount database. (hr=0x80004005, ec=-1019)
Hi, Can any one help to resolve the database dismount error fixing? MapiExceptionJetErrorPageNotInitialized: Unable to mount database. (hr=0x80004005, ec=-1019) Tried..rebooted server and then tried to set-adserversettings -preferredtargetserver with
-
HTML anchor links not working (won't scroll down to content). Why?
Hi. We have a portlet that simply pulls in an external web site so it can be viewed and accessed within our portal. The navigation bar within this website using HTML anchors ("a href='#stuff' and "a name='stuff'") to let the user jump/scroll to a par
-
All photos from last month automatically deleted
I put some new music on my Nokia lumia 920 and while it was uploading it deleted all my most recent pics on my camera roll , but not all of them plus deleted random pics from my saved pics folder...
-
Holding Idocs in XI and processing at once
Hi I need to do a scenario where I need to collect all the Idocs from the sender system in the XI system at once and process them into only 1 XML file to the target system. can anyone tell me how can i hold all the idocs from the sender system in XI?
-
A problem no one seems to be able to have an answer for
Im still having the problem of not being able to retreve my emails because of a port 110 problem. I think it is probably because of the internet settings that i have no control over but it did work until around the time i installed the 2007 security