LDAP users and Delivers

Hi,
I am using OBI 11.1.1.6.0 and i am using LDAP authentication through initialization block. Now when i want to create Agent i can't see users from ldap (i think those who are not currently logged). I also noticed that when i have configured SA System i can see users added to it. Is SA System the only way to be able to select them in Delivers?
Thanks,

HI Adman,
Now when i want to create Agent i can't see users from ldap (i think those who are not currently logged). ?
A. User should be login at least one time.
Note: Create same user in your rpd without password then try to login same id one time you will get user id in your sa system table then remove user in your rpd which you have created for login purpose -- I know this is stupid method.
2. I also noticed that when i have configured SA System i can see users added to it. Is SA System the only way to be able to select them in Delivers?
A. If you want to deliver repot to mail -- The only best option SA System only.
Hope this help's
Thanks,
Satya

Similar Messages

LDAP Users and Groups

Hi,

I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:

com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.


It seems that this needs to be setup. How do I do this?


Some general notes on LDAP:

I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.

Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.

It would be interesting to read what Bea and other developer think about this.

Kind regards,

Kai


Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)

LDAP user and group configuration in ADF application

Hi All,
I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
I am using JDeveloper 11.1.1.5.
Thanking you all in advance.
Mukesh.

I have below changes in files
1] In jps-config.xml
-- Added identity store and selected it from drop down in Security Context tab.
2] In weblogic-application.xml
In Security tab --> Role assignment mapped valid-users to principle name.
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>DERDev</principal-name>
</security-role-assignment>
</security>
3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
4] Added security role "DERDev" along with the default/automatically added role "valid users"
<security-role>
<role-name>DERDev</role-name>
</security-role>
Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
Mukesh

LDAP User and Group import

My client has OAM as SSO provider. They want the LDAP Agent to import only users and groups but not the group memberships.
What setting should I Use for LDAP authentication ?

I have below changes in files
1] In jps-config.xml
-- Added identity store and selected it from drop down in Security Context tab.
2] In weblogic-application.xml
In Security tab --> Role assignment mapped valid-users to principle name.
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>DERDev</principal-name>
</security-role-assignment>
</security>
3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
4] Added security role "DERDev" along with the default/automatically added role "valid users"
<security-role>
<role-name>DERDev</role-name>
</security-role>
Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
Mukesh

Example of creating a valid LDAP user and group in the Portal tree

I need to create (via bulk LDIP or API) fresh users AND groups into OID that can be used by Portal. In theory it sounds easy - just create an appropriate LDIF file.
What is the best way to achieve this?
I don't the know the structure that should be used in the LDIF file that would create the correct structure held for all the Portal users and groups in OID.
I've looked through the OID admin and dev guides but am still confused as to what exactly I have to do. It seems that Portal accounts are synchronised by a method called Provisioning.
All I want to do is bulk upload Portal compatible users into the repository.
Can somebody please assist.
Cheers,
John

I have below changes in files
1] In jps-config.xml
-- Added identity store and selected it from drop down in Security Context tab.
2] In weblogic-application.xml
In Security tab --> Role assignment mapped valid-users to principle name.
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>DERDev</principal-name>
</security-role-assignment>
</security>
3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
4] Added security role "DERDev" along with the default/automatically added role "valid users"
<security-role>
<role-name>DERDev</role-name>
</security-role>
Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
Mukesh

Assigning roles to LDAP users through BIP API

Hi.
My customer has BIP 11g and OIM 9.1.0.2 running on the same weblogic server (11g). Both authenticate against the same LDAP server.
One of our desired next steps is to provision from OIM the BIP roles to each LDAP user so every user gets the correct roles (and access to the correct reports) according to the groups he has on OIM.
I've been searching for info regarding this without success. The BIP API doc does not show any info about assigning roles to users.
We don't need to manage LDAP users, BIP roles, etc... through OIM. We only need to assign BIP roles to LDAP users.
Is it possible to make that assignments through BIP API?
If not, any other ideas? New ideas or different approaches are welcome.
Thanks in advance.

In OBIEE 11g which includes BIP the application roles are applied to LDAP users and groups using the Enterprise Manager Fusion Control.
During the upgrade process from OBIEE 10g to OBIEE 11g the groups do get assigned to these roles transparently so there must be some API to leverage this functionality.
I would start there, http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10541/admin_api.htm
There are no specific instructions on accomplishing what you seek but if you have some WLST or Java Skills you should be able to get something prototyped.
Let me know if that helps.

Server App not seeing external LDAP users & groups

I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
This is all so much more opaque than our superbly reliable Snow Leopard servers!
TIA

Ok, and again:
You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
Connect the third party ldap to your server
Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
Feel lucky
And there ist ist; now you are able to use The accounts taken from an external LDAP.

How to authenticate AD LDAP user in Oracle ADF login?

Hi All,
I have some requirement in ADF web-application.here one simple adf application they want to authenticate with AD LDAP user, and they want to see logged user details from LDAP.
for example after user logged in from adf login page, in next page he can able to see his details like first name,last-name,email,group,role, working phone like some details in next page.
let me know possibles, to active this requirements.give me some solution to make this simple.
Thanks,
Siva

thanks for quick reply!
yeah just now i went through the same blow.so i decided to follow java base integration.here we need to pass username and password from UI right,while i am trying the something. I had some here with rich text binding.
I am unable to set the username and password dynamic if I use Richtext type input text in ADF login page.
I am newable to this integration.can you please point to some example to LDAP integration with adf using java. or if not complex can you please send me LDAP integration example which u executed(to my mail) u can get from my profile.
thanks & Regards
Siva

Sharing the LDAP user database with Cisco ASA5510

Hi all,
We have recently purchased a Cisco ASA5510 security appliance which acts as our VPN gateway. This device can authenticate using either Radius or TACACS protocols (or have its own internal data base).
Can we share in some way the internal LDAP users and authentication data base with our Cisco device?
Thanks,
Ziv

Good question! I am trying to do VPN authentication via Radius on our D-Link DFL-800. It worked well in 10.4 with a custom freeRadius, but now it's not working with the bundled freeRadius (it's not issuing MPPE keys). But yes, it does try to authenticate, I just added the firewall IP and shared secret in the Radius settings in SA.

Login Error from Users machine into BO Desktop Applications With LDAP user

Hi All,
I am getting a strange error and got stucked.I have searched in the forums and tried every possible thing but the problem remains same.
I am not able to login into any Client application using LDAP account.
The setup is:
Machine 1: Webserver
Machine 2: CMS and other servers
Machine 3: Clustered CMS server
LDAP is implemented and SSL is enabled between Machine 2 and LDAP server.
Now when i am into Machine2 and try to login into Client application using LDAP it works for me also for Web Application(CMC, Infoview)
When i am into user machine I am able to login into Client Application (Designer, Desktop Intelligence etc) using enterprise account, but not with LDAP account. However i am able to login to web Application using LDAP account from users machine.
All the ports are open and can connect to CMS machine and database repository connectivity is also OK.
One interesting thing i would like to share that if i am login into Infoview using LDAP account and If i go for editing a report it opens Desktop Intelligence for me (LDAP user) and there is a entry in System name when i login into Deski.That entry in system name is CMS Machine name,Port number, full domain, (J2EE Portal) written in last.
Using this entry in System I can Login using LDAP account but first should do the process (Login to Infoview, Edit The Report) for every user machine.
Please help me out where i am getting wrong.
The error with Client application and LDAP user is USR0013. Can not Access the repository.

My guess would be that client apps don't have access to the SSL directory defined in the LDAP config but the web/app does. When you edit a report it launches deski in 3-tier mode still using the web/app so this isn't surprising behavior. There are SAP notes on this in SMP key words LDAP SSL deski should return the result. The link to SMP is in the forum sticky at the top of the administration forum.
Regards,
Tim

Problem with Afaria and LDAP user authentication in Android device

Hi all,
I have a server with Afaria 7 (SP4, hotfix3) installed. In this Afaria there is a tenant (system) without LDAP/AD integration working correctly. I need to have other tenant with LDAP integration in which the users must be authenticated.
I know that for iOS devices is necessary reinstall the iphoneserver selecting "Afaria Server managed authentication" but at first I want to make run the Android devices. For this reason I don't do this yet.
I follow the next steps:
1-Create a new tenant
2- Configure LDAP integration
3-Create a inventory policy with authentication required
4-Create a static group associated to the inventory policy
5-Create a enrolment policy associated to the static group.
When I launch the Afaria agent on the device, the user/password parameters are required. After fill the user/password parameters, the device connect to the server and then is show the message "user or password incorrects".
I have seen the log and seem the problem is that Afaria can't authenticate this user.
I validate that Afaria can "see" the LDAP users creating a user group that contains this user(JimenM99)
The problem is autentication, because if I remove "autentication required" of the inventory policy, the device enrol correctly.
Could you please help to solve this problem?
Thanks in advance.

Hi all,
I have a server with Afaria 7 (SP4, hotfix3) installed. In this Afaria there is a tenant (system) without LDAP/AD integration working correctly. I need to have other tenant with LDAP integration in which the users must be authenticated.
I know that for iOS devices is necessary reinstall the iphoneserver selecting "Afaria Server managed authentication" but at first I want to make run the Android devices. For this reason I don't do this yet.
I follow the next steps:
1-Create a new tenant
2- Configure LDAP integration
3-Create a inventory policy with authentication required
4-Create a static group associated to the inventory policy
5-Create a enrolment policy associated to the static group.
When I launch the Afaria agent on the device, the user/password parameters are required. After fill the user/password parameters, the device connect to the server and then is show the message "user or password incorrects".
I have seen the log and seem the problem is that Afaria can't authenticate this user.
I validate that Afaria can "see" the LDAP users creating a user group that contains this user(JimenM99)
The problem is autentication, because if I remove "autentication required" of the inventory policy, the device enrol correctly.
Could you please help to solve this problem?
Thanks in advance.

Creation of user and roles in ldap using jldap api

Please help me in creating user and roles in ldap through java api.
I am able to manupulate the existing user and role in ldap. Please give
me some steps or some sample code for creating user
satyanandasahu
satyanandasahu's Profile: http://forums.novell.com/member.php?userid=89095
View this thread: http://forums.novell.com/showthread.php?t=414763

Thanks Jim..
this is doing the work. Here we have a custimised class with customised
attributes I am looking how to do that.
Can you give your mail id.
thanks again
Jim Willeke;1995096 Wrote:
> Have you seen these samples:
> 'Novell Documentation'
> (http://developer.novell.com/document...mple/index.htm)
>
> See the AddEntry.java
> -jim
>
> On 7/2/2010 9:36 AM, satyanandasahu wrote:
> >
> > Please help me in creating user and roles in ldap through java api.
> > I am able to manupulate the existing user and role in ldap. Please
> give
> > me some steps or some sample code for creating user
> >
> >
satyanandasahu
satyanandasahu's Profile: http://forums.novell.com/member.php?userid=89095
View this thread: http://forums.novell.com/showthread.php?t=414763

Creating OAAM users and groups in external LDAP i.e. OID

Hi Experts,
I am looking for the procedure to create OAAM users and groups in external LDAP i.e. OID.
I am using 11gR2.
Any pointers would be appreciated.
Regards,
Subin

Check this link http://docs.oracle.com/cd/E27559_01/dev.1112/e27206/lcm.htm#autoId3

Essbase 9.3.1 and problem with LDAP users

Essbase 9.3.1 users externalized to Shared Services. Windows boxes. LDAP users set in Shared users. Provisioned with Essbase rights (administration and speciific cube access). Then in EAS have refreshed security from Shared Services. LDAP users show up now in EAS.
However when attempting to connect through excel add-in or through EAS or through Financial reports to any Essbase app receving and error message that "login fails due to invalid credentials".
Users setup in Shared services as Native Users are able to access Essbase apps.
any ideas?

It came down to a Novell E Directory LDAP setting. ID Attribute. We had it set to CN (based on a recommendation by a LDAP resource, although the default is GUID and GUID is recommended by the documentation).
Turns out that Essbase when authenticating the LDAP user was forcing it back to GUID and causing some sort of mismatch.
Setting the ID Attribute in the LDAP Configuration back to GUID resolved the issue.

Retrieving user and group information from LDAP using j_securrity_check

Hi
I am using j_security_check to authenticate users against LDAP. I have made all necessary configuration for the server to perform LDAP group search as well as mentioned in the WAS documentation of LDAP settings. Now, how can I retrieve the user and the user group info after the j_secuirty_check. Apart from the UserPrincipal object which I can get from the request which just has the user name, is there any other object which will give me the user and user group info by which I need to connect to LDAP using my java code to retrieve these informations?
Regards
Deepak

Hi
I am using j_security_check to authenticate users
against LDAP. I have made all necessary configuration
for the server to perform LDAP group search as well
as mentioned in the WAS documentation of LDAP
settings. Now, how can I retrieve the user and the
user group info after the j_secuirty_check.
Apart
from the UserPrincipal object which I can get from
the request which just has the user name, is there
any other object which will give me the user and user
group info by which I need to connect to LDAP using
my java code to retrieve these informations?Hmm, you don't need the user group info to connect to the LDAP server, right? You would need the user's Id (which you have) and password (which you don't). You could use the LDAP credentials and bind as that to look up the user info via the user id. Or if the server is set up to allow anonymous bind you could do it without credentials. But if all you want is group info then you should be able to call Security.getCurrentSubject().getPrincipals() to get the user principal as well as all groups (this is true in BEA WebLogic at least).
Good Luck
Lee

LDAP users and Delivers

Similar Messages

Maybe you are looking for