LDAP User attribute in VC

Similar Messages

• Editing LDAP User attributes from UME interface

  Hi Gurus,
  We want to develop a solution with user management screens in WD. These screens will provide password reset and unlock functionality for users. Our users are stored in LDAP. Current connection to LDAP is in Read Only manner.
  I want to know
  1. How to enable the connection from UME to LDAP in read/write manner?
  2. What certificates need to be exchanged for write access? if any?
  3. What changes needs to be done in config file of UME?
  4. Which permissions should be granted for communication user to edit LDAP user attributes?
  Even after performing the change to read LDAP in read/write manner, will it be sure: If we lock user from UME, it will lock LDAP user? please comment.
  regards
  Kedar Kulkarni

  Hi,
  We are half way into our application between UME and LDAP. We have developed screens and tested in our internal server. In internal landscape, UME is connected to LDAP in read only fashion. So when we try to create User, it gets created in UME.
  But when we deploy same application into client landscape, we receive error as below:
  No data source feels responsible for principal. Please check the data source configuration
  Now we are not sure why this error is getting displayed.
  In client landscape there are 2 LDAPs connected to UME, with only one LDAP in read/ write access.
  Is there any way we can check which LDAP is being accessed by our code? Is there any concept of Default LDAP?
  Any code to access LDAP details will help us lot.
  regards
  Kedar Kulkarni

• How to get user attributes from LDAP authenticator

  I am using an LDAP authenticator and identity asserter to get user / group information.
  I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
  Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
  Any help would be appreciated

  Hi Julián,
  in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
  A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
  Beginner
  Medium
  Advanced
  Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
  Hope it helps
  Detlev

• User attributes for LDAP

  Hi guys,
  Currently we have an error for LDAP attribute .
  distinguishedName = (String) user.getTransientAttribute("ldap.distinguished_name");
  user is of type IUser.
  and it return null
  where could i find the list of user attributes in LDAP? currently we have LDAP 8.8.1.

  Don,
  you might should have a look at a LDAP Browser (eg. http://www-unix.mcs.anl.gov/~gawor/ldap/ ) which helps a lot to find out how the structure of your LDAP server is and which attributes you can access.
  1) Start the tool
  2) click onto the "Quick Connect"
  3) enter you LDAP server
  4) press "Fetch DNs"
  5) Uncheck "Anonymous bind"
  6) Enter your user credentials
  7) Browse your LDAP structure
  It helped me a lot to get the correct settings for the DBMS_LDAP calls.
  Patrick
  My APEX Blog: http://www.inside-oracle-apex.com
  The ApexLib Framework: http://apexlib.sourceforge.net
  The APEX Builder Plugin: http://apexplugin.sourceforge.net/ New!

• Server App not seeing external LDAP users & groups

  I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
  When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
  I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
  Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
  This is all so much more opaque than our superbly reliable Snow Leopard servers!
  TIA

  Ok, and again:
  You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
  Connect the third party ldap to your server
  Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
  When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
  Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
  To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
  Feel lucky
  And there ist ist; now you are able to use The accounts taken from an external LDAP.

• OIF11g - Help on sending user attributes in HTTP header

  Hello, I have a OIF11g setup configured for both IdP and SP. Upon successfull authentication against LDAP, I need to end some user attributes on the HTTP header to the SP application. I do no have OAM in my setup, so there is no option of Webgate or Policy Manager to do that. As far as I read the config doc, I'm in the impression that we need to write a custom authentication engine to accept user credentials and code to authenticate against LDAP and also add attributes to the response header.
  Before I go down that path, just wanted to confirm if anybody has done this with OIF?
  Thanks,
  Sunil.

  Bernhard:
  Actually the headers are not set to null. I have an intermediate index.jsp page which is the first page that is redirected to by the AM - it is this page which calls my LoginServlet.
  The value appears consistently on this index.jsp page but after it is forwarded to the LoginServlet it starts behaving inconsistently. I check the system.out log in my websphere /logs folder and that tells me that LoginServlet does not consistenly get these values from the header.
  The wierd part is that if I use cookies or attributes, it works perfectly - each time every time. However, only in the case of headers (which is the method i am required to do) it behaves inconsistently.
  ANY feedback/help on this would be really appreciated bern.. thanks..
  ~saahil

• All the steps involved in creating user attributes

  where is it documented on how to create user attributes that are stored in the ldap?
  I created a jspprovider channel, and I can get data out of the user attributes in the samplecontent.jsp by:
  JSPProvider p = (JSPProvider)pageContext.getAttribute("JSPProvider");
  SSOTokenManager mgr = SSOTokenManager.getInstance();
  SSOToken token = mgr.createSSOToken(request);
  AMStoreConnection dpc = new AMStoreConnection(token);
  String name = token.getPrincipal().getName();
  AMUser user = dpc.getUser(name);
  Map attMap = user.getAttributes();
  Collection valueCollection = attMap.values();
  Iterator valueIterator = valueCollection.iterator();
  int iSize = attMap.size();
  Set attKeySet = attMap.keySet();
  Iterator keyIterator = attKeySet.iterator();
  and then iterate through to display them all.
  I then tried to store a value using the sampledoedit.jsp file:
  JSPProvider p = (JSPProvider)pageContext.getAttribute("JSPProvider");
  SSOTokenManager mgr = SSOTokenManager.getInstance();
  SSOToken token = mgr.createSSOToken(request);
  AMStoreConnection dpc = new AMStoreConnection(token);
  String name = token.getPrincipal().getName();
  AMUser user = dpc.getUser(name);
  String aname = request.getParameter("attributeName");
  Object aval = request.getParameter("attributeValue");
  HashMap attMap = new HashMap();
  attMap.put(aname,aval);
  user.setAttributes(attMap);
  user.store(true);
  response.sendRedirect((String)pageContext.getAttribute("url"));
  For whatever reason, I get an error, and in the debug I just get couldn't set attributes.
  Then, when I try to retreive the list of attributes, the new name/value pair is created, but the value is blank.....
  Any ideas? Or a link on a step by step process on how to create user attributes?

  BTW, here is the error I get in the debug log:
  01/06/2005 12:43:47:232 PM AST: Thread[service-j2ee,5,main]
  ERROR: DesktopServlet.handleException()
  com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=doedit.jsp, com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp, com.iplanet.am.sdk.AMException: Unable to set attribute(s) com.sun.portal.desktop.taglib.DesktopTaglibException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp,
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:880)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:644)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:320)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
  at com.iplanet.ias.web.WebContainer.service(WebContainer.java:586)
  com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp, com.iplanet.am.sdk.AMException: Unable to set attribute(s) com.sun.portal.desktop.taglib.DesktopTaglibException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp,
  at com.sun.portal.desktop.taglib.provider.ProcessEditTag.doStartTag(ProcessEditTag.java:28)
  at jsps.etc._opt._SUNWps._desktop._AnyWarePortal_en_CA._JSPEditContainer._html._doedit_jsp._jspService(_doedit_jsp.java:193)
  at com.sun.portal.providers.jsp.jasper3.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:863)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:644)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:320)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
  at com.iplanet.ias.web.WebContainer.service(WebContainer.java:586)
  com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=sampledoedit.jsp, com.iplanet.am.sdk.AMException: Unable to set attribute(s)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:880)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.taglib.provider.ProcessEditTag.doStartTag(ProcessEditTag.java:26)
  at jsps.etc._opt._SUNWps._desktop._AnyWarePortal_en_CA._JSPEditContainer._html._doedit_jsp._jspService(_doedit_jsp.java:193)
  at com.sun.portal.providers.jsp.jasper3.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:863)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:644)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:320)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
  at com.iplanet.ias.web.WebContainer.service(WebContainer.java:586)
  com.iplanet.am.sdk.AMException: Unable to set attribute(s)
  at com.iplanet.am.sdk.AMDirectoryManager.processInternalException(AMDirectoryManager.java:247)
  at com.iplanet.am.sdk.AMDirectoryManager.setAttributes(AMDirectoryManager.java:2151)
  at com.iplanet.am.sdk.AMCacheManager.setAttributes(AMCacheManager.java:867)
  at com.iplanet.am.sdk.AMObjectImpl.store(AMObjectImpl.java:1573)
  at jsps.etc._opt._SUNWps._desktop._AnyWarePortal_en_CA._WebFolders._html._sampledoedit_jsp._jspService(_sampledoedit_jsp.java:118)
  at com.sun.portal.providers.jsp.jasper3.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:863)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.taglib.provider.ProcessEditTag.doStartTag(ProcessEditTag.java:26)
  at jsps.etc._opt._SUNWps._desktop._AnyWarePortal_en_CA._JSPEditContainer._html._doedit_jsp._jspService(_doedit_jsp.java:193)
  at com.sun.portal.providers.jsp.jasper3.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:863)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:777)
  at com.sun.portal.providers.jsp.JSPProvider.processEdit(JSPProvider.java:673)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:644)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:320)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
  at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
  at com.iplanet.ias.web.WebContainer.service(WebContainer.java:586)

• Error while configuring external LDAP user store with weblogic

  Hi,
  I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
  To do this, I have configured authentication provider and provided all the required details to connect to ldap.
  For example:
  Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
  User DN: ou=People,dc=test,dc=com
  Group DN: ou=Groups,dc=test,dc=com
  This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
  In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
  password=xxxxxxx
  username=admin
  Now while starting the admin weblogic server, I am getting the below error:
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
  Regards,
  Neeraj Tati.

  Hi,
  Please refer the below content that I found for Oracle 11g in the docs.
  "If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
  By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
  The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
  If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
  Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
  The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
  When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
  Here not sure what to do.
  Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
  Regards,
  Neeraj Tati.

• Essbase 9.3.1 and problem with LDAP users

  Essbase 9.3.1 users externalized to Shared Services. Windows boxes. LDAP users set in Shared users. Provisioned with Essbase rights (administration and speciific cube access). Then in EAS have refreshed security from Shared Services. LDAP users show up now in EAS.
  However when attempting to connect through excel add-in or through EAS or through Financial reports to any Essbase app receving and error message that "login fails due to invalid credentials".
  Users setup in Shared services as Native Users are able to access Essbase apps.
  any ideas?

  It came down to a Novell E Directory LDAP setting. ID Attribute. We had it set to CN (based on a recommendation by a LDAP resource, although the default is GUID and GUID is recommended by the documentation).
  Turns out that Essbase when authenticating the LDAP user was forcing it back to GUID and causing some sort of mismatch.
  Setting the ID Attribute in the LDAP Configuration back to GUID resolved the issue.

• HOW-TO specify database credentials in LDAP user

  Hi:
  I want to know how can i specify oracle database credentials (oracle database usernname) that one specific user will use to connect to the database for instance when using Oracle Forms.
  I saw in OID some "tags" like orcluserv1, etc... is this ? how can i do it ?
  For instance i want that:
  LDAP user Database user
  user00001 dbuserA
  user00002 dbuserA
  user00003 dbuserA
  user00004 dbuserB
  user00005 dbuserB
  So ldap user00001 will connect to the database with dbuserA ..
  Thanks in advance,
  Ricardo

  Hi Ashish:
  I've succesfully created an user with OIDDAS and assign it a "resource acess information" of type OracleDB.
  So, when creating this user i specified the username in db that this user will use to access database. Until now, it's all perfect. But, where's this information is stored ?
  I've access OID Manager and see that user is create in the Entry Management, but the DB information is not stored in any of the properties of this user.
  This is a problem, because I want to make an APP that will use DBMS_LDAP pack to create user dynamically, so I have to know what attributes/classes/properties that user needs for assign it to a specific DB user.
  Can you help ?
  Thanks The information is stored in an Oracle Specific container called 'cn=oracleContext' in the default subscriber.
  You can use the DBMS_LDAP_UTL package (shipped in iAS 902) to query these Resource Access Descriptors. Directly
  storing these from PL/SQL is not presently supported. OIDDAS is the only interface through which you can get this done.

• LDAP Operational Attribute Names

  Hey,
  I have been searching extensively for certain LDAP operational attributes.
  I need to know the uniqueId , modifiyTimeStamp and an attribute to signify if a user is active or for the following servers
  1. Netscape
  2. Novell
  3. IBM Tivoli.
  For Netscape if it has the same as attributes as its free version Fedora then I hope the attributes are nsuniqueid , modifyTimeStamp , nsaccountlock respectively.
  For Novell it seemed more on the line for Active Directory for uniqueid and modifytimestamp still looking for active users.
  For IBM I obtained that the unique id is ibm-entryUuid.
  Help on this would be greatly appreciated.

  Hi,
  Actually I was also looking for deleting the operation attributes.
  As in case of user Account Lock, pwdAccountLockedTime & pwdFailureTime will be set. But, Again to unlock the account I need to delete these entries. Now the problem is, these operational attributes are being maintained by server itself. and not visible to client program until and unless specified explictly. I was usinf modificationItem with REMOVE_ATTRIBUTE, but it doesn't work as its not be able to identify the attribute in the directory.
  I am using IBM Tivoli directory server. I can unlock the user account(delete these entry thru the command line) but I need to delete it thru Java program.
  Please help !
  Any suggestion will be welcome.
  Archit

• Use resource user attributes while creating a user

  Hi All,
  I'm developing a resource adapter for our rescource, and need to input attribute to real create that user in the rescoure. by modify skeleton resource adapter I have no where to fonud the field to input attributes for my resorce user, but for ldap there is form in tab Attribute for ldap user create, how can I do same thing in my adapter?
  Thanks a lot,
  Alice
  Message was edited by:
  Alice_1234

  If you are creating PO in foreground, you dont have the option of giving user id.
  But if you create POs in background using a scheduled job, then when you are scheduling the job, you can overwrite the default user id and give the user id you want. In this case all the POs created by the job, will have the user id created by you.
  But if you have to create a PO through background job, you have to give the inputs to PO through some programs may be BDCs or LSMW.
  Reward if this helps. you

• Sync LDAP users with ECC - Mapping required field

  Hello,
  I want to synchronize SAP ECC users with LDAP users.
  At this moment I succeed to synchronize all users existing from the LDAP to the ECC.
  But I want to filter users which need to be created by a specific attribute added in the LDAP.
  I changed the LDAP mapping to add the "required" check on the corresponding to the specific attribute field. But when I use the RSLDAPSYNC_USER program, this required attribute is not considered.
  What can I do to synchronize user which have the specific attribute filled. And not all users ?
  Thanks for regards.
  Edited by: Gaetan Bourgneuf on Jun 18, 2008 11:27 AM

  In detailled:
  - in the LDAP we have created a specific attribute name "SAP FIELD" (technical name is extensionAttribute10)
  - in the LDAPMAP transaction in the ECC I modified the following entry:
  " USERNAME    |    BAPIBNAME    |    sAMAccountName    | X | X | X | X |   | X |    |"
  By the following new:
  " USERNAME    |    BAPIBNAME    |    extensionAttribute10    | X | X | X | X |   | X |    |"
  So when I synchronize the LDAP, the LDAP specific extension is required (because linked to the SAP username). And if user doesn't has this specific attribute filled, it's not synchronized.

• JNDI LDAP Simple attribute storave via DirContext extended class

  I just started looking into JNDI today to manipulate and view LDAP directories. I have been following this tutorial:
  http://www.javaworld.com/javaworld/jw-03-2000/jw-0324-ldap.html?page=4
  The use an example where they just would like to create a context with simple attributes. This seems to work well with my project - having to interact with LDAP user/user group/host store, where the LDAP objects have already been implemented, and populated for that matter.
  I can see how you would create a User DirContext object that would be used to bind, and then actually create that user in the LDAP store. My problem is that when you do the reverse, and get the information from a user that already exists. Is it possible to re-use that User DirContext class? The only way I have seen to do it was is doing a search, or a getAttributes. I could see it working if you have another User class on top of the UserDircontext class, and then some sort of conversion, but it seems like there would be an easier way. Any thoughts? Thanks.

  at least you need cn= in front of the name.
  Here some more questions you may ask yourself:
  How do you know, that the requested object is in the database?
  What is its DN?
  Can you retrieve it using the ldap command line utilities like ldapsearch?
  What does context.list("") return?

• Adding object classes when creating ldap user in workflow

  I'm creating ldap users in a workflow and when I assign the object classes in the workflow I get an object class violation. It seems that when I call check in view and when my break point stops in Update User the default object classes on the resource have been removed from the user.accounts[LDAP].objectClass attribute which I just set. Not sure what's going on here. Is there another way to assign more than just the default object classes to a new ldap user through the workflow? Thanks in advance.

  Multiple things I can think of
  1) put all the object classes you may be expecting with the user account in the resource configuration panel. LDAP is smart enough to assign the related object classes to the object based on the attributes assigned to the user.
  2) Check if you have the object class in the schema of LDAP.