LDAP Users and Groups

Similar Messages

• LDAP user and group configuration in ADF application

  Hi All,
  I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
  However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
  Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
  Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
  I am using JDeveloper 11.1.1.5.
  Thanking you all in advance.
  Mukesh.

  I have below changes in files
  1] In jps-config.xml
  -- Added identity store and selected it from drop down in Security Context tab.
  2] In weblogic-application.xml
  In Security tab --> Role assignment mapped valid-users to principle name.
  <security>
  <realm-name>myrealm</realm-name>
  <security-role-assignment>
  <role-name>valid-users</role-name>
  <principal-name>DERDev</principal-name>
  </security-role-assignment>
  </security>
  3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
  4] Added security role "DERDev" along with the default/automatically added role "valid users"
  <security-role>
  <role-name>DERDev</role-name>
  </security-role>
  Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
  Mukesh

• LDAP User and Group import

  My client has OAM as SSO provider. They want the LDAP Agent to import only users and groups but not the group memberships.
  What setting should I Use for LDAP authentication ?

  I have below changes in files
  1] In jps-config.xml
  -- Added identity store and selected it from drop down in Security Context tab.
  2] In weblogic-application.xml
  In Security tab --> Role assignment mapped valid-users to principle name.
  <security>
  <realm-name>myrealm</realm-name>
  <security-role-assignment>
  <role-name>valid-users</role-name>
  <principal-name>DERDev</principal-name>
  </security-role-assignment>
  </security>
  3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
  4] Added security role "DERDev" along with the default/automatically added role "valid users"
  <security-role>
  <role-name>DERDev</role-name>
  </security-role>
  Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
  Mukesh

• Example of creating a valid LDAP user and group in the Portal tree

  I need to create (via bulk LDIP or API) fresh users AND groups into OID that can be used by Portal. In theory it sounds easy - just create an appropriate LDIF file.
  What is the best way to achieve this?
  I don't the know the structure that should be used in the LDIF file that would create the correct structure held for all the Portal users and groups in OID.
  I've looked through the OID admin and dev guides but am still confused as to what exactly I have to do. It seems that Portal accounts are synchronised by a method called Provisioning.
  All I want to do is bulk upload Portal compatible users into the repository.
  Can somebody please assist.
  Cheers,
  John

  I have below changes in files
  1] In jps-config.xml
  -- Added identity store and selected it from drop down in Security Context tab.
  2] In weblogic-application.xml
  In Security tab --> Role assignment mapped valid-users to principle name.
  <security>
  <realm-name>myrealm</realm-name>
  <security-role-assignment>
  <role-name>valid-users</role-name>
  <principal-name>DERDev</principal-name>
  </security-role-assignment>
  </security>
  3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
  4] Added security role "DERDev" along with the default/automatically added role "valid users"
  <security-role>
  <role-name>DERDev</role-name>
  </security-role>
  Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
  Mukesh

• Creating OAAM users and groups in external LDAP i.e. OID

  Hi Experts,
  I am looking for the procedure to create OAAM users and groups in external LDAP i.e. OID.
  I am using 11gR2.
  Any pointers would be appreciated.
  Regards,
  Subin

  Check this link http://docs.oracle.com/cd/E27559_01/dev.1112/e27206/lcm.htm#autoId3

• Unable to initialize LDAP (No LDAP server is configured)show in the admin server of iWS6.0 users and group

  When I goto web server administration in users and group tab it alway show me Unable to initialize LDAP (No LDAP server is configured) Is it cause the effect to use web server because I use iWS with ias .
  If it cause some effect ,Please let me know how to configured LDAP server.

  Run this Command from the Exchange Server
  Net time \\ADServerName /Set
  and confirm the action,
  and then you need to restart the service
  Microsoft Exchange Active Directory Topology Service
  and confirm you are not getting the Error 4001 in the event Viewer.
  Thank you, it resolved my issue after being sweating looking for solution.
  How can I prevent this from happening? I cannot restart services on each server reboot nor lose 5 years of my life!!!
  Sokratis Laskaridis MCP, MCTS, MCITP, Small Business Specialist Netapp ASAP, Symantec STS

• Using users and groups from LDAP in ADF application

  Hi there,
  I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
  I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
  Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
  But I can't find proper/up-to-date info about how to do this.
  I tried 2 major things:
  1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
  Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
  2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
  Any help or documentation that could help me?

  Since we aren't using EM I had to find an other way. And I found it.
  In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
  Thanks for the help.

• Admin Console not displaying new Users and Groups from LDAP

  We created a new Realm in WebLogic, which specifies the location of the Netscape
  LDAP server. Our Weblogic application, called TGSLC, is able to find the ldap
  server to use for authentication. My problem is this- the Admin Console is not
  displaying the new users and groups from the LDAP server. Shouldn't the WebLogic
  Admin Console display any users and groups specified in the ldap server, which
  is referenced in the customized Realm?

  Hi Andy,
  I am not sure why you are unable to see the users and groups through the
  console., you should be able to. Can you post the config.xml?
  thanks,
  -satya
  Andy Levy <[email protected]> wrote in message
  news:3b700c36$[email protected]..
  >
  We're running WLS 6.0 Sp2 on Windows 2000 Professional.
  "Satya Ghattu" <[email protected]> wrote:
  Andy,
  Could you please tell us what Version of Weblogic you are running?
  thanks,
  -satya
  Andy Levy <[email protected]> wrote in message
  news:[email protected]..
  We created a new Realm in WebLogic, which specifies the location ofthe
  Netscape
  LDAP server. Our Weblogic application, called TGSLC, is able to findthe
  ldap
  server to use for authentication. My problem is this- the Admin
  Console
  is not
  displaying the new users and groups from the LDAP server. Shouldn'tthe
  WebLogic
  Admin Console display any users and groups specified in the ldap
  server,
  which
  is referenced in the customized Realm?

• User and group handling in LDAP Realm

  Hi,
  I'm currently using an LDAP Realm for storing users and groups, which I need to be able to add, amend and remove at runtime.
  I understand that in earlier versions of Weblogic, the methods to do the add/remove/modify were not implemented but I was told that this may change in WL6. If so, is there any documentation or examples about these methods ? If not, would I need to extend ManageableRealm to create a custom realm ?
  Any help much appreciated.
  Dave

  Hi Dave:
  In our project, we use security realm (LDAP realm) for Users and Groups authentication. We turned the CacheRealm on to optimize performance. To add and amend Users and Groups, we use a stateless EJB to talk to LDAP server. This kind of partition works fine for us to separate the user authentication
  logic and user management logic.
  Fun
  Dave Horner wrote:
  Hi,
  I'm currently using an LDAP Realm for storing users and groups, which I need to be able to add, amend and remove at runtime.
  I understand that in earlier versions of Weblogic, the methods to do the add/remove/modify were not implemented but I was told that this may change in WL6. If so, is there any documentation or examples about these methods ? If not, would I need to extend ManageableRealm to create a custom realm ?
  Any help much appreciated.
  Dave

• How to change default /Users and /Groups to different Volume?

  Users are created in /Volumes/<boot>/Users and groups in /Volumes/<boot>/Groups.
  We need these to be created on a different volume, eg., /Volumes/External/Users, and /Volumes/External/Groups.
  Setup Assistant correctly put user Backups into */Volumes/External/Shared Items/Backups* and also correctly put web services on /Volumes/External/ServiceData -- we want to do the same for Groups and Users.
  Groups are the most critical, as the group needs bulk storage. Users we could leave as is if it can't be done.
  How can this be configured? We've read File Server Admin, Open Directory Admin, and Advanced Server admin from http://www.apple.com/server/macosx/resources/documentation.html without finding an answer.
  Thanks in advance.

  1. Create new folders on the external volume to hold users and groups, but to prevent confusion name them something other than "Users" and "Groups". /Volumes/External/NetUsers and /Volumes/External/NetGroups would be reasonable choices.
  2. Share both of these folders (in Server Admin -> server name in sidebar -> File Sharing -> Volumes & Browse modes -> select each folder -> click Share near the top right).
  3. Enable both folders for automounting on clients (Server Admin -> server name in sidebar -> File Sharing -> Share Points-> select each folder -> Share Point tab under that -> Enable Automount option) with the default options (Directory: /LDAPv3/127.0.0.1, Protocol: AFP, Use for: User home folders and group folders). Be sure to click Save (not just OK in the dialog).
  4. To migrate users, run Workgroup Manager, and change the home location for the users you want to move (select Accounts in the toolbar -> /LDAPv3/127.0.0.1 from the hidden pop-up menu under that -> User icon tab at the left -> select the user(s) you want to change -> Home tab on the right -> select the NetUsers option from the "Where" list). Then, for each user, run this command on the server: "sudo cp -Rp /Users/username /Volumes/External/NetUsers".
  5. Similarly, move Group folders in WGM (Accounts -> /LDAP... -> Groups icon on left -> select groups to move -> Group Folder tab on right -> NetGroups in the list). Then, for each group, run "sudo cp -Rp /Groups/groupname /Volumes/External/NetGroups".
  6. Test to make sure all is working before deleting the old user and group folders from /Users and /Groups (do NOT delete /Users and /Groups themselves, just the individual folders from under them).

• Assigning Roles to Users and Groups

  Hi,
  We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
  it is an urgent assignment for me..help can be appreciated...
  sudhir

  Sudhir,
  You can assign the roles to users and groups as below.
  1. Select the System Administration in the top level navigtion
  2. Select user administration
  3. You can search for a specific user or a group from this iView.
  4. Use the edit button to edit the profie of the user or group.
  5. Search for the role in the search iView.
  6. Add the role to the user of group and save.

• Users and Group in OBIEE 11g

  Hi,
  I am trying to bind LDAP with OBIEE 11G. I am using following Rittman Blog
  http://www.rittmanmead.com/2010/11/oracle-bi-ee-11g-security-integration-with-microsoft-active-directory/
  whenever i click USERs and GROUPs it takes a hell of time(more than 30 mins) to display users and groups, Please suggest if any thing can be done abou it
  All other tabs and setting are working fine.
  I did not find any thing in Adminserver.log
  Please suggest
  Regards
  Saurabh

  Hi Kishore,
  In 'All User Filter' field is left blank
  In 'User Name Attribute' I filled sAMAccountName.
  Also i check Adminserver-stdout log, the one which we create after we create windows services. There i can see following error
  Jan 18, 2012 6:00:16 PM GMT+05:30> <Error> <Console> <BEA-240003> <Console encountered the following error java.lang.RuntimeException: netscape.ldap.LDAPException: Server or network error (81); Cannot contact LDAP server     
  I guess its not able to connect LDAP server. But I checked all the attribues twice (on 10G LDAP configuration) they are working. I am not sure if there is problem in attributes or there is some setting I am not aware about.
  Please suggest!

• Event ID 1085 on DC - Failed to Apply the Group Policy Local Users and Groups Settings

  I have a domain with 2 DCs.  The primary DC is running Server 2012 and is raising Event ID 1085 every 10 minutes and 20 seconds.
  Windows failed to apply the Group Policy Local Users and Groups settings. Group Policy Local Users and Groups settings might have its own log file. Please click on the "More information" link.
  System
  - Provider
  [ Name] Microsoft-Windows-GroupPolicy
  [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
  EventID 1085
  Version 0
  Level 3
  Task 0
  Opcode 1
  Keywords 0x8000000000000000
  - TimeCreated
  [ SystemTime] 2014-10-20T20:09:03.706992400Z
  EventRecordID 130087
  - Correlation
  [ ActivityID] {FDDFB8C5-9ECF-41B9-B2B4-3AD0B345A37A}
  - Execution
  [ ProcessID] 1000
  [ ThreadID] 3280
  Channel System
  Computer SERVER.DOMAIN.NAME
  - Security
  [ UserID] S-1-5-18
  - EventData
  SupportInfo1 1
  SupportInfo2 4404
  ProcessingMode 0
  ProcessingTimeInMilliseconds 10343
  ErrorCode 183
  ErrorDescription Cannot create a file when that file already exists.
  DCName \\SERVER.DOMAIN.name
  ExtensionName Group Policy Local Users and Groups
  ExtensionId {17D89FEC-5C44-4972-B12D-241CAEF74509}
  Everything I look up for Event ID 1085 seems to be about a different cause.
  Any ideas?

  I enabled tracing on a domain gpo and I still get the error when running gpupdate /force .
  I'm also still getting Event 1085.  Here's the trace file.  I've anonymized the site/domain and the GUIDs.
  2014-10-21 11:16:54.003 [pid=0x3e8,tid=0xcd0] Entering ProcessGroupPolicyExLocUsAndGroups()
  2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{GUID-1}
  2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] BackgroundPriorityLevel ( 0 )
  2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] DisableRSoP ( 0 )
  2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] LogLevel ( 2 )
  2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Background priority set to 0 (Idle).
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ----- Parameters
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] CSE GUID : {GUID-1}
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
  2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Token (computer or user SID): S-1-5-18
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Abort Flag : Yes (0x313be090)
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] HKey Root : Yes (0x80000002)
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Deleted GPO List : No
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Changed GPO List : Yes
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Asynchronous Processing : Yes
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Status Callback : No (0x00000000)
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] WMI namespace : Yes (0x32273740)
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] RSoP Status : Yes (0x320cc7f4)
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Planning Mode Site : (none)
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Computer Target : No (0x00000000)
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] User Target : No (0x00000000)
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Calculated list relevance. [SUCCEEDED(S_FALSE)]
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ----- Changed - 0
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Version : 19267878 (0x01260126)
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-2},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-2}\Machine
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Policy
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-2}
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkDomain - The GPO is linked to a domain.
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
  2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
  2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
  2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Prev GPO : No
  2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Next GPO : Yes
  2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-4}{GUID-5}{GUID-6}{GUID-7}{GUID-8}][{GUID-9}{GUID-10}][{GUID-11}{GUID-5}{GUID-6}]
  2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam2 : 0x3146f978
  2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Link : LDAP://DC=SITE,DC=DOMAIN
  2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-2}\Machine\Preferences\Groups\Groups.xml
  2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ----- Changed - 1
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Version : 1245203 (0x00130013)
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-12},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-12}\Machine
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Controllers Policy
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-12}
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkDomain - The GPO is linked to a domain.
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Prev GPO : Yes
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Next GPO : No
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-9}{GUID-10}]
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam2 : 0x324e8198
  2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Link : LDAP://OU=Domain Controllers,DC=SITE,DC=DOMAIN
  2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-12}\Machine\Preferences\Groups\Groups.xml
  2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
  2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Completed get next GPO. [SUCCEEDED(S_FALSE)]
  2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{GUID-1}"
  2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Purged 2 old RSoP entries.
  2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Logging 2 new RSoP entries.
  2014-10-21 11:16:54.159 [pid=0x3e8,tid=0xcd0] RSoP Entry 0
  2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] RSoP Entry 1
  2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] Completed get GPO list. [SUCCEEDED(S_FALSE)]
  2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] IsRsopPlanningMode() [SUCCEEDED(S_FALSE)]
  2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed settings update (csePostProcess). [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
  2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed CSE post-processing. [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
  2014-10-21 11:17:04.267 [pid=0x3e8,tid=0xcd0] Leaving ProcessGroupPolicyExLocUsAndGroups() returned 0x000000b7

• What is the SYNTAX for the user and group filters??? Is the HTML Ampersand token Amper A m p semicolon required in the filter

  There seems to be quite a bit of confusion over the actual syntax for the user and group filters on the Forms Based Authentication  Ldap Role and membership providers.. MSFT isn't really clear and there is a universal confusion in the blogsphere.
  I the filters should the prefix be the ACTUAL Ampersand or the HTML token for an AMPERSAND.. I realize the in many cases the blogger might have inadvertently specified the html token when the bare naked ampersand was intended..   The question
  therefore is : can a filter be taken directly from and ADSIEdit query and used as a filter or must the filter be made HTML safe by swapping out the AMERSAND with the HTML Token for AMERSAND before putting it into the configuration
  for the LDAPRole/membership provider...
  All science is either physics or stamp collecting

  Hi GUYO,
  I am not quite sure how we implement this on sharepoint side, as I did research and sharepoint may not have this feature to do this.
  most of the LDAP for sharepoint may need to follow these steps in this article:
  http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
  http://blogs.msdn.com/b/sridhara/archive/2010/01/07/setting-up-fba-claims-in-sharepoint-2010-with-active-directory-membership-provider.aspxhttp://blogs.msdn.com/b/kaevans/archive/2013/01/31/configuring-ldap-for-fba-in-sharepoint-2010-or-sharepoint-2013-with-powershell.aspx
  here is an example :
  http://blogs.msdn.com/b/sharepoint__cloud/archive/2011/12/20/achieving-fba-with-adlds-amp-sharepoint-2010.aspx
  if should this questions was at the ADSIEdit part, perhaps you can help us by opening a new thread at the AD foum
  https://social.technet.microsoft.com/Forums/en-US/home?category=windowsserver
  Regards,
  Aries
  Microsoft Online Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• User and Group Recon Error with OID

  On a new development installation of OID and OIM, I am getting the following error while trying to run either User or Group reconciliations:
  LDAP: error code 53 - Function Not Implemented, search filter attribute modifytimestamp is not indexed/cataloged
  How can I add the appropriate index to allow these tasks to run?
  Kerry

  Have you tried:
  4.3 Using Custom Attributes in Oracle Internet Directory
  You can search for an attribute in Oracle Internet Directory only if the attribute is indexed. By default, standard attributes of the user and group entries are indexed. If you use a custom attribute, you can index it by using the catalog command. For example, if you migrate automount data to be used by automount programs such as amd or autofs, index the automountKey attribute by using the catalog command, as follows:
  catalog connect="connect_str" add="TRUE" attribute="automountKey"
  (from http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/e12023/migrate.htm)
  Hope this helps
  Martin