Managing users passwords with ADF

Similar Messages

• How to change Analyzer user password with Administration API?

  Hi,<BR>I would like to change Analyzer user password with Administration API. Can someone post some sample commands to do the task?<BR><BR>I would just like to write an application to change end user's Analyzer password.<BR>As I see I would need to do the following:<BR>1. login with admin userid/password<BR>2. execute some method to change password for required userid. I think the input parameter should be userid (of the user I would like to change password) and new password (the new password for the user).<BR>3. logout<BR><BR>Can someone post some sample code (commands to execute)?<BR><BR>Thanks,<BR>grofaty<BR><BR>My system:<BR>Analyzer Server 7.0.1.<BR>Essbase server 7.1<BR>Windows XP SP2<BR>

  <blockquote>quote:<br><hr><i>Originally posted by: <b>knightrich</b></i><BR>Hello Mr. Jordan.<BR><BR>I would like to exchange some thoughts about "housekeeping" Analyzer reports in preparation for migration from Analyzer 7.0.0.0.01472 to 9.x:<BR><BR>...<BR><BR>Did you solved such a problem or do you have an idea if it could be solved with the Admin API methods?<BR> ...<BR>Migration from 7.00 to 9.x: As we heard last week the "Migration Wizard for Reports" in 9.3 should be able to migrate reports. Do you have experience or more detailed information about that Wizard?<BR><BR>Many thanks in advance<BR><BR>knigthrich<hr></blockquote><BR><BR>knighrich, <BR>I'd like to be more help, but I have no experience with System 9. I did substantial cleanup when we migrated from Analyzer 6 to Analyzer 7.1, and even more cleanup when moving up to 7.2, but our installation is smaller in scale than yours and we didn't need to automate report cleanup.<BR><BR>You might be able to get the ownership information you need through the back door, doing a direct query on the database, but simpler might be an export users, at least from 7.0. (This facility probably doesn't exist in system 9; it was dropped in 7.2 in favor of an undocumented API) The export file is an xml file that could easily be parsed to identify reports that have the administrator as user and then a second pass to delete those with otuer ownership as well. As previously suggested, you might be able to get this by a well crafted SQL query against the repository.<BR><BR>Procedurally, we have both public reports that have the blessing of management and are widely available, owned by a "public owner", and private reports developed by indivdual users and shared or not. Our team maintains the public reports, but not the private reports. We may be asked to make a previously private report public and take over maintenance of it. <BR><BR>I hope that you can find a solution that meets your needs. Certainly a call to customer support to identify a poorly documented feature would be in order.<BR>

• Manage user certificates with UE-V?

  Is it possible to manage user certificates with UE-V?  I wish to store/manage Personal Certificates with UE-V but can't seem to find information about how to achieve this.  Are Roaming Profiles still needed to have user certificates follow users
  or can this be hacked into UE-V.  I tried to create a template which handles the HKCU and User AppData paths which store Certificates but have not been able to get this to work.
  Windows 7/Windows 8 Server 2008R2/Server2012
  Any insight would be appreciated.
  Thanks,
  Mark Ringo

  Hi Mark
  Certificates are currently not supported with UE-V 1.0 / 1.0 SP1. Just saving HKCU keys and the RSA / System Certificate files in APPDATA does not work any more since Windows Vista. You have to use a logon / logoff script which does the trick via Microsoft
  CryptoAPI (Export / Import).
  I have included exampled with Powershell below.
  Cheers
  Michael
  ExportCert.ps1
  # Scriptname: ExportCert.ps1
  # Author: Michael Rüefli
  # Purpose: Export certificates local certificate store (Machine or User) to a PKCS12 file format
  # Version: 1.0.1
  # Fixed Issues / Changes:
  # V 1.0.1 / Fixed Export where no filter has been specified. Changed the autogenerated password strenght
  function ConvertToSid([STRING]$NtAccount)
  $result = (New-Object system.security.principal.NtAccount($NTaccount)).translate([system.security.principal.securityidentifier])
  return $result.value
  #Get the Arguments
  $exportpath = $args[0]
  $certstore = $args[1]
  $issuer_filter = $args[2]
  #Check the Args
  If ($args.count -lt 2)
  Write-host "Too less arguments! Usage: ExportCert.ps1 <exportpath> <certstore> [<filter> optional>" -ForegroundColor red
  write-host "Example: Powershell.exe ExportCert.ps1 H:\Certs CurrentUser DC=LOC" -ForegroundColor blue
  exit
  #Error Handler
  Trap [Exception]{continue}
  #Check Exportpath, if not there create it
  If ((Test-Path -Path $exportpath) -ne $True)
  New-Item -Path $exportpath -ItemType Directory
  #Get certificates in store
  If ($issuer_filter)
  $HKCUCerts = (dir cert:\$certstore\My | ? { $_.Issuer -notmatch $issuer_filter})
  Else
  $HKCUCerts = (dir cert:\$certstore\My)
  #process each certificate
  Foreach ($cert in $HKCUCerts)
  $friendlyname = $cert.FriendlyName
  $type = [System.Security.Cryptography.X509Certificates.X509ContentType]::pfx
  $username = $env:USERNAME
  $sid = ConvertToSid $username
  $pass = 'Letmein$$Cert2012'
  $pass_secure = ConvertTo-SecureString -AsPlainText $pass -Force
  $bytes = $cert.export($type, $pass)
  [System.IO.File]::WriteAllBytes("$exportpath\$friendlyname.pfx", $bytes)
  ImportCert.ps1
  # Scriptname: ImportCert.ps1
  # Author: Michael Rüefli
  # Purpose: Import PKCS12 certificates from a file share into local certificate store (Machine or User)
  # Version: 1.0
  # Fixed Issues / Changes:
  # V 1.0.1 / Changed the autogenerated password strenght
  function ConvertToSid([STRING]$NtAccount)
  $result = (New-Object system.security.principal.NtAccount($NTaccount)).translate([system.security.principal.securityidentifier])
  return $result.value
  #Get the Arguments
  $importpath = $args[0]
  $certstore = $args[1]
  #Check the Args
  If ($args.count -lt 2)
  write-host "Too less arguments! Usage: ImportCert.ps1 <importpath> <certstore>" -ForegroundColor red
  write-host "Example: Powershell.exe ImportCert.ps1 H:\Certs CurrentUser" -ForegroundColor blue
  exit
  #Error Handler
  Trap [Exception]{continue}
  function Import-PfxCertificate
  param([String]$certPath,[String]$certRootStore,[String]$certStore,$pfxPass = $null,[String]$KeySet)
  #Error Handler
  Trap [Exception]{continue}
  if ($args[0] -eq "-h")
  Write-Host "usage: Import-509Certificate <Filename>,<certstore>,<cert root>,<keyset> `n `
  Valid certstores: LocalMachine,CurrentUser `n `
  Valid cert root: My,AuthRoot,TrustedPublisher `n `
  Valid Keysets: MachineKeySet,UserKeySet"
  break
  write-host "Importing Certificate: $certPath"
  $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
  if ($pfxPass -eq $null) {$pfxPass = read-host "Enter the pfx password" -assecurestring}
  $pfx.import($certPath,$pfxPass,"MachineKeySet,Exportable,PersistKeySet")
  $store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
  $store.open("MaxAllowed")
  $store.add($pfx)
  $store.close()
  $username = $env:USERNAME
  $certs = Get-ChildItem $importpath -Filter "*.pfx"
  Foreach ($item in $certs)
  $item
  $friendlypath = $item.FullName
  $friendlyname = ($item.Name).replace(".pfx","")
  $sid = ConvertToSid $username
  "$friendlyname-$username"
  $pass = 'Letmein$$Cert2012'
  $pass_secure = ConvertTo-SecureString -AsPlainText $pass -Force
  Import-PfxCertificate "$friendlypath" "$certstore" "My" $pass_secure

• Input user password with AR?

  Hi,
  I've read http://www.adobe.com/products/acrobat/acrrfaq.html and other sources regarding commenting PDFs with the Acrobat Reader.
  There are tools out there to encrypt a pdf-file and set a user password. If I do this the document security shows, that it is possible to add comments to the document (with the user password).
  But how do I enter the user password with AR? If a master password is set, a popup windows appears after opening the document, but what is the user password good for?
  There is a plugin in my AR9.0 which is for commenting PDFs.
  greetings from germany
  Stefan K.

  Hi,
  thanks Bernd,
  "There are a permission password and a open password."
  ok
  "Owners of the open password can open the PDF document."
  ok
  "Owners of the permission password can change the security settings."
  ok, but
  - changing the permissions requires Adobe Acrobat, right? not the AReader?
  - why are the document properties different in the document properties screen in AR?
  see: http://users.minet.uni-jena.de/~zsk/pdfs/StundenplanAR813.png
  this suggests that the permission password (user password?) is for protecting the document properties, which are listet there - not - for protecting the change of the security settings.
  - why are the document properties(*) different when opening the same document via Adobe Acrobat?
  see: http://users.minet.uni-jena.de/~zsk/pdfs/StundenplanA812std.png
  (*) this looks like the so called document properties are not properties of the document but properties of the adobe appl. I use to open it.
  this is all really confusing.
  Here is my questiong again: Is it possible to add comments to a document via AR if it has a user password? -> (why does the document security window in StundenplanAR813.png show a Commenting: Allowed?? and why does a Addon in AR exisist that is called Comments??)
  greetings
  Stefan K.

• Developing a User Interface with ADF Faces - Tutorial - Questions

  Hello everybody,
  I am a forms developer and I am totally new to ADF.
  I started from the tutorials : Developing Business Services with ADF BC and Developing a User Interface with ADF Faces...
  Everything was easy and very clear, as far as the material covered in the tutorial is concerened.
  But when I tried to modify a little bit the application, to perform a different task... disaster!!! :-)
  One of the "simple" things that I tried to do -for example- is :
  In the login.jspx, where we have created an ADF Parameter form (that accepts as a parameter the customer ID) and
  retrieves in the next page the Orders of the specific customer.... to Display a message, such as "+Customer Does Not Exist+"
  if the user types in the parameter form an not existent customer ID...
  I understand that I should use a validator.... But I cannot find the list validator (from query) in the bind variables not in the ADF Parameter Form Fields....
  Does anyone know?
  Regards,
  Maira Kotsovoulou

  Dear Grant,
  CustomerID is in the UI Project, and appears as a part of an ADF Parameter Form... and I can not find key exists in the UI Validators....
  CustomerID in the .entities is a bind variable in a query. select ... from customers where customer_id = :p_customer_id. Again KEYEXISTS validator is not available in the bind variables sections... Only in the attributes!!!
  I understand that the "normal" behavior in a query with bind variables where there is no match is to display nothing as it does!!!
  But I was just wondering, if I could even trap that before I display the empty form...? Or could I display a text in my ADF form, that says no rows... (as I can do in an ADF Table???)

• How can i add a new user and change user'password with javamail?

  how can i add a new user and change user'password from a mailserver with javamail?
  email:[email protected]

  Well user creation and updation is a system property..U need to go through that part...as it depends on the system you are hosting pout your application...
  if it is linux...u have to use some shell programming\
  bye for now let me know if this guides you or if you need some more stuff.
  bye

• How to manage User Session in Adf ?

  Is there any guide line to manage the user session in adf ?

  View layer Http session if it is not a desktop based application. Model layer also you can store session using
  getSession().getUserData()But before that the information you provided is not enough. You need to describe in more detail of what session and what exactly are you looking for

• Dir Sync is not syncing On-premises AD user Password with Windows Azure AD (Office365)

  Hi All,
  I have one situation to sync on-premises AD user and their password with Windows Azure AD. Following is the detailed scenario:
  I have one parent Domain : parent.edu and other is child domain : child.parent.edu
  I am moving Child domain users into office365. I am using Dir Sync with Password sync approach to achieve this. My dir Sync server belongs to parent domain. I have followed all guidelines step-by-step to sync user and Password with office365.
  I am successfully able to sync Users to office365 but unable to sync on -premises passwords. When i am trying to run profiles event viewer is showing following error:
  Please suggest !!!!!
  Thanks~ Giriraj Singh Bhamu

  Have you seen this two:
  http://social.technet.microsoft.com/Forums/en-US/4e07658b-420c-4c95-bcc6-70c16176128a/password-sync-has-stopped-working
  and
  http://community.office365.com/en-us/forums/156/t/172670.aspx
  It seems your are not the only one which this Problem can occur. Have you had a Domain rename? And is the replication in the forest ok?
  www.sccmfaq.ch

• Change Users Password within ADF Application

  We are trying to update a users password within a webcenter based ADF app but are struggling as the operations on the UserProfile seem to be locked down for read -only access
  oracle.security.idm.UserProfile userProfile = null;
  userProfile = WCSecurityUtility.getUserFromUserName(userName).getUserProfile();
  userProfile.setPassword(oldPassword.toCharArray(), newPassword.toCharArray());
  Gives the following error:
  oracle.security.idm.OperationNotSupportedException: WebCenterUser supports only read operations
  at oracle.webcenter.framework.security.idm.WebCenterUserImpl.setPassword(WebCenterUserImpl.java:101)
  Does this mean we have to use LDAP API's to establish a connection and set the password that way? I dont really want to have to store the connection details within the ADF app for the the LDAP.
  Regards
  Jason

  I think this is using that exact method:
  user.getUserProfile().setPassword("old".toCharArray(), "new".toCharArray());
  its this that falls over.
  I have a feeling that its mandatory to use this method over SSL

• Change user password with CUA

  When I attempt to change a password on a CUA child, I enter tocde SU01 and enter the account. The I was to reset password via the icon. When I select the change password icon (shift+ F8) and then the popup window appear to prompting you to enter and reenter password.
  After I enter new pwd twice the screen stays nothing happen pop screen stay up and no status is reported back on the status bar at the bottom.
  If I open up the account and change it via logon data table the change.reset password works fine.
  Any ideas?
  Mikie B.

  There was a similar (unconclusive) discussion recently ( Screen not getting refreshed after reseting password ), for which I found the following thread:
  Password generation problem
  Maybe that can help.

• Managing User Photos with On Premise Lync 2013 & Office 365

  Hello, I'm just looking for a little clarity in terms of expected behavior when using the various methods of modifying user images on these systems.
  For example, I've read that Lync 2013 can utilize the high resolution photo that is stored within the user's Exchange mailbox. That would work good in theory, but what about Lync users who do not have an Exchange mailbox (or UM voicemail box)? Presumably
  in that case you could use one of the AD attributes, thumbnailPhoto or jpegPhoto, the latter being preferred as it allows for higher resolution images. However in my experience, when using the jpegPhoto attribute, dirsync does successfully replicate the photo
  and it shows up on the O365 portal, but the on-premise Lync server/clients have inconsistent success displaying them. Some user's can see other user's photos, but they can see eachothers or vice versa and eventually the Lync client stops displaying any of
  these photos. 
  Ideally for us, if we could use the jpegPhoto attribute for all users, as opposed to using exchange attributes for some, that would be best, but is it designed to work this way?

  Hi FuzzMunk,
  I don’t think that Lync Server will
  synchronize the photo from
  JPEGPhoto attribute, as I know
  it only synchronizes the photo from
  thumbnailPhoto attribute in Active Directory.
  You can see the photo displayed on Office365 portal
   because it synchronizes the photo from both the
  thumbailphoto and jpegphoto attributes.
  Some related articles and cases for your reference.
  http://blogs.technet.com/b/nexthop/archive/2010/11/22/microsoft-lync-2010-photo-experience.aspx
  https://technet.microsoft.com/en-us/library/jj688150.aspx
  https://social.technet.microsoft.com/Forums/lync/en-US/3ffc4fcd-eefc-4eca-bc7e-bcd007157199/lync-photo-from-active-directory
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/53859480-a345-4ce0-a04e-9f1fc7a947c2/what-is-the-difference-between-jpegphoto-and-thumbnailphoto-attribute-in-ad?forum=winserverDS
  Best regards,
  Eric

• Managed users with Active Directory?

  Hi guys
  I was wondering if any of you can help me out. I'm looking to get a OS X Server 10.4 to act as a managed user server, with all the pros of Open Directory (ie Finder restrictions etc) and user home directories on the Xserve's HD, but to authenticate through a Windows 2003 Active Directory Server.
  I have been reading a number of sites and there seams to be two ways to do it.
  1) Bind the Xserve and the client Macs to the Active Directory and then on the PC server specify the home folders as a share point on the Xserve. Ie \\Xserve\Users\Tom
  This way the Xserve is basically a file server.
  2) And I'm cutting this story short because I've only briefly read this one. But you can set the Xserve as an Open Directory master, some how import the users and then remove the directory master roll.
  I really need to be able to have the usernames and passwords live from the Windows Server due to passwords being changed every 30 days blah blah blah so I guess point 2 is out of the question.
  To be honest a yay or nay to the above would be a good start, could obviously save a lot of wasted time, but if anyone can recommend me a website or a pdf that will walk me through it.
  I've managed to get my laptop to authenticate to AD but cant get the home directories to work. Every time I log in with a user account it creates it locally on my HD. I do not have "Force local home directory" checked. I guess I need to configure LDAP to the AD server as well? I gave it a go an managed to get Address Book pulling users and emails from the AD sever. I then preformed a lookupd lookup on a user bob and found that the home directory was set to /Users/bob even though on my AD server I've set it to \\Xserve\Users\bob is this something I'm doing wrong with LDAP? If thats all it is I'll be able to get point 1 above working and it will all be good.
  I hope I've made this clear enough for someone to be able to help me.
  Thanks in advance for any help you might be able to give me.
  Tom
  1.25GHz PowerBook G4   Mac OS X (10.4.4)  

  With an OD master you could manage your clients at the group and computer list level.
  So when you setup the user's profile in AD, you mapped a network drive and provided the UNC path \\Xserver\Users\bob. You did bind the OD Master with the name Xserve? Also, by default it will use smb to connect, which you can change to afp instead in the AD plugin. smb will not create the home folder for you. You could try to create the home folder yourself in advance. (sudo createhomedir -a may do the trick)
  For troubleshooting purposes, you could create a share on the AD server and adjust the user's profile to point to it instead of the OD Master. Try and login and see what you get.

• Allow a windows non-administrator user to run cmd.exe as administrator without sharing administrator password with the user

  I have standalone Windows 2003 and 2008 Oracle database servers (they are not in a Windows domain environment ). The Oracle DBAs can perform all their routine activities from command line with administrator privileges. For this i've to either share administrator
  user password with the Oracle DBAs or add their windows login user to Administrators group. If i can give the DBA user permission to run windows command prompt without sharing administrator password, i can give them non-administrator login access to Windows
  2003/2008 server. Normally when a non administrator user would try to run a program as administrator on Windows 2008, the user is prompted to input administrator username/password. Is it possible to give non-admin user access to run a program/application (cmd.exe
  in this case) on Windows 2003/2008 without sharing administrator credentials with them?

  With the OTORISER application I developed, normal users can run applications with admin privilege …  
  Otoriser is totally free ! Applications, mmc consoles, control panel cpl files can be run under admin and system context with Otoriser. Let’s say you donot want your users to be admin in their machines, but want them to run some applications with admin rights.
  If this is the case then you are on the right blog.
  There are two components for Otoriser. Management and client components. There are no complex implementation and no frustrating steps to be performed. Within 10 minutes you can start testing the results
  After you download the setup files, install client components in the client by running it directly (or any deployment method you have), it will take about 5 seconds to install it. Then, let’s say you want your user to change system properties of the machine.
  With the tool provided in Admin package produce the hash of system.cpl file and enter that hash into the group policy (details are provided in documentation). When policies are applied for that user then he or she can run that control panel applet under admin
  context but donot forget that the user is still an ordinary user.
  download link :
  http://burakuysaler.wordpress.com/2013/02/21/with-the-otoriser-application-that-i-developed-normal-users-can-run-applications-with-admin-priviledges

• Weblogic Portal 10.3.5 using JSF 1.2 portlets with ADF faces

  We are developing Portal site using Weblogic Portal 10.3.5 with JSF portlet 1.2 and ADF faces (ADF Application runtime 11.1.1.5 ). But the JSF portlets not supporting ADF faces. Please let me know how we use ADF faces in JSF portlet 1.2 in Weblogic Portal.

  Hi Murthy,
  We did a detailed analysis.
  (1) How do we add ADF taskflows, JSF in to weblogic portal desktop/pages? Do we create portlet out of JSF, and display on desktop/page? If this is the case, what about ADf task flows?
  --> Taskflows can be deployed as WSRP2.0 portlets. Note 2 options are there JSF page as portlet or taskflow itself as portlets.
  (2) How do we integrate weblogic user profiles and UUP (unified user profiles) with ADF and JSF?
  --> ADF Security can use Weblogic Server realm as the security provider. Entitlements in WLP will have to be provided based on Weblogic Server roles. In case you are using external LDAP then both can be integrated withe external LDAP
  (3) Can anybody shed some light which this better?
  (a) weblogic portal with JPF (Java page flows), NetUI --Legacy approach
  Pros:
  -Easy Development
  -Well tested integrated
  Cons:
  -Future support
  -Enhancements may not be available
  -Not really portable or standards based
  (b) weblogic portal with ADF, JSF?
  Pros:
  -If your on Oracle stack then great
  -Standards based
  Cons:
  -JSF Portlet bridge issues
  -ADF Faces does not work on IE6!
  Well what we are going for is JSR 286, Trinidad components (Supports IE6), JSF.
  Difficult choice.
  Venkat

• Use port 50013 (Management Console) with User/password

  Hello,
  I have a problem. We had a security auditory of SAP systems. They have seen that the port 50013 (Management Console) has not any security with user /password.
  Is there a way to put a security before the information?
  Best Regards.
  Pablo Mortera.

  Hi Pablo
  The SAP Managment Console is a UI (Applet) to access the functionality of the sapstartsrv process, This process is used for montioring and administration of SAP instances and listens on port 5nn13 (or 5nn14 for https)
  It is expected that you can access the UI without authentication but to carry out administrative functions (which are sapstartsrv webservice method calls) , such as shutting down an instance for example, authentication is required.
  By default only the most critical of these web service methods require authentication but the list of protected webmethods can be modified. Please see note 927637 for more details