Mapping users from ActiveDirectory

Hello,
I'm trying to build a prototype using WebLogic that uses the Negotiate Identity Assertion provider for SSO with IE clients. According to the documentation at http://e-docs.bea.com/wls/docs100/dvspisec/ia.html#ia300, the provider maps the token to a WebLogic User. My big hurdle at the moment: How do I get WebLogic to read it's users from ActiveDirectory?
I'd like to make a role (SSORole) which would include all the users that exists in the ActiveDirectory. Is there a ututorial for this somewhere?
I'm using BEA WebLogic 10.0
Thanks.

Hi,
You have to create a Authentication provider (active directory authentication provider) and then reorder it to be above default or sql authentication provider.
This authentication provider will read the users from active directory. Your IA will talk to AP.
If you dont want to use AP then you have to write your login module in the IA itself.
Search for SimpleSampleAuthenticationProvider in the code samples
Thanks
Vishnu

Similar Messages

Mapping users from resources to user in IDM

Hi
I have a user say tom123 in Windows NT and the same user also exists in LDAP with accountid tom1. How do i load them into IDM as a single user with different resources?
Any ideas are appreciated

VIXik,
Lets say the primary source of data is a FlatFile from an HR system. Data from this would enter IdM via the FF active Sync mechanism.
The other resources such as AD and LDAP and Mail exist but are untrustworthy they contain many out-of-date entries for example which we want to identify and remove!
The situation is that we want to name the IDM account by the HR systems key and then reconcile the correct LDAP/AD resource accounts to these. We dont want the initial IDM account creation to make resource accounts.
Is is best to load the IDM entries from File (same file as used in FF activesync) with a Form that doesnt create/link resources and then reconcile accounts and then start the FF active sync process...
OR...
remove the resources from the FFactive sync form for initial FF active sync cycle.. create IDM accounts... reconcile resource accounts... edit FFactivesync form to readd resource account creation.. and restart FF active sync.
Which is better? Any pros and cons for either.

How to prevent a rdp user from mapping drives on the server ?

Hi,
User A from Domain A (using Win7 pro) is able to rdp to Server Z (Windows Server 2008) which is in Domain Z and is able to map drive.
My question is : How do I prevent User A from mapping any drive in Server Z ?
Please advise. TIA !

Hi,
if a user has access to the other share there is no way to prevent that user from mapping a drive.
However, you can remove the "map Network drive" functionality via policy, please see
http://msdn.microsoft.com/en-us/library/ms812045.aspx
That does not prevent users from mapping their drive manually using the "net use ..." command from a shell. While it is possible to restrict running of the net command, I do not recommend that (see
http://social.technet.microsoft.com/Forums/windowsserver/en-US/b5012142-cfe9-4b24-99b9-d7ff3b84f0f4/what-security-policy-blocks-use-of-the-net-command-for-nonadmin-users?forum=winserverGP).
( What you may consider when having Shares cross-forest, you can remove that authorized users permission from the share replacing it by DOMAIN\Domain users groups, etc. So access to the share is limited instead of using a share that a user has access to.
Please Keep in mind that even when you remove the Network drives a user can still Access the resource via UNC. )
Regards,
Martin

How to tranport the users from SAP R/3 to portal ?

Hi All,
I had connected to SAP R/3 system from portal. I am trying to tranport the users from SAP development server . So that everyuser can enter through the portal only and work on SAP.
Please guide me the procudure how can i tranport the users from SAP system to portal.
Please urgent replies are appreciated .

Hi Abhishek,
Thanks for your information.
please let me tell you the detailed information. My basis guy had configured the system for me as i didnt have any idea on installation procedure. So i am facing th e fallowing problems.
 First Problem
I am not able to create the user from portal directly. Its showing the fallowing error.
An error occurred in the persistence; contact your system administrator.
so i had created the users in WAS by SU01.
Second
We have some users at production server ( Assume 5 users ). and those users need to be mapped at portal. So that those users can directly enter into portal and operate on SAP system .
If u dont mine Please provide with me the steps to fallow
Third
i had created some transactional Iviews that are working fine when i am log in with Administrator( super administrator role). The problem is that the reports are not showing when i am log in with general user ( with out super administrator role ) .
Its showing the error
Could not able to look up the system.
And the problem with user mapping also .
For aministrator its working fine .and for a general end user ( created on WAS )
i am not able to provide user mapping. Its showing
There are no systems available for user mapping for the selected principal
wat could be the problem ?
Your solutions will be appreciated .please urgent

Date parse error while importing users from OIM to OIA (SRM 5.0.3)

Hi All,
Env Details:
OIA (SRM 5.0.3), Weblogic and Oracle 10g DB
We have integrated OIM to OIA with extended attributes mapping by modifying iam-context.xml file to load users. Its done successfully. But when we map "Date" related attribute, its giving "Date Parsing error" and its not loading the users.
We have tried loading users using flatFile mechanism, its also giving same result.
Please suggest me. Thanks in Advance !!!
Regards,
Ravi G.

Hi,
Its a problem with OOB's OIMIAMSolution.class file, which is called while importing users from OIM. It used DateParse () conversion method only for all attributes which OIA attributes' name is ends with "Date". It defined, the conversion of date from (yyyy-MM-dd). So its expecting the input value should be in defined format(yyyy-MM-dd), if not, it gives a parse error.
We found work around for this as follows,
We have used other related OIA attribute which name ends other than "Date" string.
Thanks,
Ravi G.

OIA-OIM Integration, Error while trying to import users from OIM to OIA

Hi Experts,
I have used depreciation method to integrate OIA 11gR1 with OIM 9.1.0.2 BP13.
When I am trying to import Users from OIM to OIA, I am getting the following error: " failed reading the magic number mapping file"
Here are logs. Can anyone tell me what is this error about?
12:28:33,000 DEBUG [QuartzJobListener] OIM1: job about to be executed
12:28:33,000 DEBUG [IAMJob] ******* executing job OIM1 *******
12:28:33,000 INFO [DefaultRemoter] Exec: dwrSchedulerService.getJobStatus()
12:28:33,000 DEBUG [DefaultRemoter] --Object created, not stored. id=0
12:28:33,000 DEBUG [DebuggingPrintWriter] out(46): throw 'allowScriptTagRemoting is false.';
12:28:33,000 DEBUG [DebuggingPrintWriter] out(46): //#DWR-INSERT
12:28:33,000 DEBUG [DebuggingPrintWriter] out(46): //#DWR-REPLY
12:28:33,000 DEBUG [DebuggingPrintWriter] out(46): var s0={};var s1={};s0.currentCount=0;s0.groupName="IAM";s0.job=null;s0.jobName="OIM1";s0.jobStatusId=null;s0.jobType="Import/Export Progress";s0.lastAccessedTime=0;s0.launcher=null;s0.monitorMap=s1;s0.status=1;s0.timeElapsed=0;s0.totalCount=0;
dwr.engine._remoteHandleCallback('20','0',[s0]);
12:28:33,015 DEBUG [IAMJob] ---> executing job 'OIM1' using IAMJobExecutor
12:28:33,015 DEBUG [IAMJobExecutor] found valid iam service
12:28:33,015 DEBUG [IAMJobExecutor] looking for iam server connection 'OIM1'
12:28:33,031 DEBUG [IAMJobExecutor] ----> adding connection defined in config files [dbIAMConnection, fileIAMConnection]
12:28:33,031 DEBUG [IAMJobExecutor] found 3 iam server connections
12:28:33,031 DEBUG [IAMJobExecutor] checking iam server connection 'OIM1'
12:28:33,031 DEBUG [IAMJobExecutor] found matching iam server connection 'OIM1'
12:28:33,031 DEBUG [IAMJobExecutor] found valid iam server OIM1
12:28:33,031 DEBUG [IAMJobExecutor] IAM action specified is ACTION_IMPORT_USERS[2]
12:28:33,031 DEBUG [OIMIAMSolution] In Read Users ...
12:28:33,031 DEBUG [OIMIAMSolution] publishing import starting event...
12:28:33,031 DEBUG [OIMIAMSolution] Starting import run id ---> null
12:28:33,031 DEBUG [OIMIAMSolution] Trying to establish a connection with OIM Server...
12:28:33,031 DEBUG [OIMIAMSolution] ************** OIM Connection Params *************
12:28:33,031 DEBUG [OIMIAMSolution] XL Home ---> E:\Middleware10G_Home\xellerate
12:28:33,031 DEBUG [OIMIAMSolution] login config ---> E:\Middleware10G_Home\xellerate\config\auth.config
12:28:33,031 DEBUG [OIMIAMSolution] Naming Factory Initial ---> : weblogic.jndi.WLInitialContextFactory
12:28:33,031 DEBUG [OIMIAMSolution] Provider URL --> t3://vkalyan-in:7001
12:28:33,031 DEBUG [OIMIAMSolution] ****************************************************
12:28:33,031 DEBUG [OIMIAMSolution] ********** Connecting to OIM Server **********
12:28:33,031 DEBUG [DefaultIAMListener] storing new ImportRun
12:28:33,109 DEBUG [SrmIndexDaemon] Checking Imports or Re-Indexing Activity...
12:28:33,109 INFO [SrmIndexDaemon] Imports or Re-Indexing are Running. Stopping online indexing
12:28:33,156 ERROR [JobRunShell] Job IAM.OIM1 threw an unhandled Exception:
java.lang.ExceptionInInitializerError
at org.jgroups.conf.ClassConfigurator.<clinit>(ClassConfigurator.java:46)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at org.jgroups.stack.ProtocolStack.<init>(ProtocolStack.java:88)
at org.jgroups.JChannel.init(JChannel.java:1568)
at org.jgroups.JChannel.<init>(JChannel.java:257)
at org.jgroups.JChannel.<init>(JChannel.java:240)
at org.jgroups.blocks.NotificationBus.<init>(NotificationBus.java:69)
at com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener.initialize(JavaGroupsBroadcastingListener.java:113)
at com.opensymphony.oscache.base.AbstractCacheAdministrator.configureStandardListeners(AbstractCacheAdministrator.java:328)
at com.opensymphony.oscache.general.GeneralCacheAdministrator.createCache(GeneralCacheAdministrator.java:305)
at com.opensymphony.oscache.general.GeneralCacheAdministrator.<init>(GeneralCacheAdministrator.java:99)
at com.thortech.xl.cache.OSCacheProvider.initialize(Unknown Source)
at com.thortech.xl.cache.CacheFactory.getCacheProvider(Unknown Source)
at com.thortech.xl.cache.CacheUtil.<clinit>(Unknown Source)
at Thor.API.tcUtilityFactory.getPropertyValue(Unknown Source)
at Thor.API.tcUtilityFactory.<init>(Unknown Source)
at com.vaau.rbacx.iam.oracle.OIMIAMSolution.getUtilityFactory(OIMIAMSolution.java:2542)
at com.vaau.rbacx.iam.oracle.OIMIAMSolution.readUsers(OIMIAMSolution.java:754)
at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.importUsers(RbacxIAMServiceImpl.java:119)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy116.importUsers(Unknown Source)
at com.vaau.rbacx.scheduling.executor.iam.IAMJobExecutor.execute(IAMJobExecutor.java:121)
at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:534)
Caused by: org.jgroups.ChannelException: failed reading the magic number mapping file
at org.jgroups.conf.ClassConfigurator.init(ClassConfigurator.java:101)
at org.jgroups.conf.ClassConfigurator.<clinit>(ClassConfigurator.java:43)
... 38 more
Caused by: java.io.IOException
at org.jgroups.conf.MagicNumberReader.parseClassData(MagicNumberReader.java:89)
at org.jgroups.conf.MagicNumberReader.parse(MagicNumberReader.java:69)
at org.jgroups.conf.MagicNumberReader.readMagicNumberMapping(MagicNumberReader.java:57)
at org.jgroups.conf.ClassConfigurator.init(ClassConfigurator.java:73)
... 39 more
Caused by: java.lang.NullPointerException
at org.jgroups.conf.MagicNumberReader.parseClassData(MagicNumberReader.java:84)
... 42 more
12:28:33,156 ERROR [ErrorLogger] Job (IAM.OIM1 threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: java.lang.ExceptionInInitializerError]
at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:534)
Caused by: java.lang.ExceptionInInitializerError
at org.jgroups.conf.ClassConfigurator.<clinit>(ClassConfigurator.java:46)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at org.jgroups.stack.ProtocolStack.<init>(ProtocolStack.java:88)
at org.jgroups.JChannel.init(JChannel.java:1568)
at org.jgroups.JChannel.<init>(JChannel.java:257)
at org.jgroups.JChannel.<init>(JChannel.java:240)
at org.jgroups.blocks.NotificationBus.<init>(NotificationBus.java:69)
at com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener.initialize(JavaGroupsBroadcastingListener.java:113)
at com.opensymphony.oscache.base.AbstractCacheAdministrator.configureStandardListeners(AbstractCacheAdministrator.java:328)
at com.opensymphony.oscache.general.GeneralCacheAdministrator.createCache(GeneralCacheAdministrator.java:305)
at com.opensymphony.oscache.general.GeneralCacheAdministrator.<init>(GeneralCacheAdministrator.java:99)
at com.thortech.xl.cache.OSCacheProvider.initialize(Unknown Source)
at com.thortech.xl.cache.CacheFactory.getCacheProvider(Unknown Source)
at com.thortech.xl.cache.CacheUtil.<clinit>(Unknown Source)
at Thor.API.tcUtilityFactory.getPropertyValue(Unknown Source)
at Thor.API.tcUtilityFactory.<init>(Unknown Source)
at com.vaau.rbacx.iam.oracle.OIMIAMSolution.getUtilityFactory(OIMIAMSolution.java:2542)
at com.vaau.rbacx.iam.oracle.OIMIAMSolution.readUsers(OIMIAMSolution.java:754)
at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.importUsers(RbacxIAMServiceImpl.java:119)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy116.importUsers(Unknown Source)
at com.vaau.rbacx.scheduling.executor.iam.IAMJobExecutor.execute(IAMJobExecutor.java:121)
at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
... 1 more
Caused by: org.jgroups.ChannelException: failed reading the magic number mapping file
at org.jgroups.conf.ClassConfigurator.init(ClassConfigurator.java:101)
at org.jgroups.conf.ClassConfigurator.<clinit>(ClassConfigurator.java:43)
... 38 more
Caused by: java.io.IOException
at org.jgroups.conf.MagicNumberReader.parseClassData(MagicNumberReader.java:89)
at org.jgroups.conf.MagicNumberReader.parse(MagicNumberReader.java:69)
at org.jgroups.conf.MagicNumberReader.readMagicNumberMapping(MagicNumberReader.java:57)
at org.jgroups.conf.ClassConfigurator.init(ClassConfigurator.java:73)
... 39 more
Caused by: java.lang.NullPointerException
at org.jgroups.conf.MagicNumberReader.parseClassData(MagicNumberReader.java:84)
... 42 more
12:28:33,156 DEBUG [QuartzJobListener] OIM1: job was executed
12:28:33,156 DEBUG [VaauSchedulerEventListenerImpl] Processing VaauSchedulerEvent
12:28:33,156 INFO [VaauSchedulerEventListenerImpl] Job executed: OIM1, IAM
12:28:33,156 INFO [VaauSchedulerEventListenerImpl] Job run time: 0s
12:28:33,156 INFO [VaauSchedulerEventListenerImpl] Next Run: null
Regards
Kalyan

I solved the above error by removing oscache***.jar file and keeping only oscache.jar in lib directory.
However I am getting some other error this time. Let me know if you have any suggestions:
11:27:08,015 DEBUG [QuartzJobListener] job1: job about to be executed
11:27:08,015 DEBUG [IAMJob] ******* executing job job1 *******
11:27:08,046 DEBUG [IAMJob] ---> executing job 'job1' using IAMJobExecutor
11:27:08,046 DEBUG [IAMJobExecutor] found valid iam service
11:27:08,046 DEBUG [IAMJobExecutor] looking for iam server connection 'OIM1'
11:27:08,078 DEBUG [IAMJobExecutor] ----> adding connection defined in config files [dbIAMConnection, fileIAMConnection]
11:27:08,078 DEBUG [IAMJobExecutor] found 3 iam server connections
11:27:08,078 DEBUG [IAMJobExecutor] checking iam server connection 'OIM1'
11:27:08,078 DEBUG [IAMJobExecutor] found matching iam server connection 'OIM1'
11:27:08,078 DEBUG [IAMJobExecutor] found valid iam server OIM1
11:27:08,078 DEBUG [IAMJobExecutor] IAM action specified is ACTION_IMPORT_USERS[2]
11:27:08,078 DEBUG [OIMIAMSolution] In Read Users ...
11:27:08,078 DEBUG [OIMIAMSolution] publishing import starting event...
11:27:08,078 DEBUG [OIMIAMSolution] Starting import run id ---> null
11:27:08,078 DEBUG [OIMIAMSolution] Trying to establish a connection with OIM Server...
11:27:08,078 DEBUG [OIMIAMSolution] ************** OIM Connection Params *************
11:27:08,078 DEBUG [OIMIAMSolution] XL Home ---> E:\Middleware10G_Home\xellerate
11:27:08,078 DEBUG [OIMIAMSolution] login config ---> E:\Middleware10G_Home\xellerate\config\auth.config
11:27:08,078 DEBUG [OIMIAMSolution] Naming Factory Initial ---> : weblogic.jndi.WLInitialContextFactory
11:27:08,078 DEBUG [OIMIAMSolution] Provider URL --> t3://vkalyan-in:7001
11:27:08,078 DEBUG [OIMIAMSolution] ****************************************************
11:27:08,078 DEBUG [OIMIAMSolution] ********** Connecting to OIM Server **********
11:27:08,078 DEBUG [DefaultIAMListener] storing new ImportRun
11:27:08,156 INFO [DefaultRemoter] Exec: dwrSchedulerService.getJobStatus()
11:27:08,156 DEBUG [DefaultRemoter] --Object created, not stored. id=0
11:27:08,156 DEBUG [DebuggingPrintWriter] out(35): throw 'allowScriptTagRemoting is false.';
11:27:08,156 DEBUG [DebuggingPrintWriter] out(35): //#DWR-INSERT
11:27:08,156 DEBUG [DebuggingPrintWriter] out(35): //#DWR-REPLY
11:27:08,156 DEBUG [DebuggingPrintWriter] out(35): var s0={};var s1={};s0.currentCount=0;s0.groupName="IAM";s0.job=null;s0.jobName="job1";s0.jobStatusId=null;s0.jobType="Import/Export Progress";s0.lastAccessedTime=0;s0.launcher=null;s0.monitorMap=s1;s0.status=1;s0.timeElapsed=0;s0.totalCount=0;
dwr.engine._remoteHandleCallback('139','0',[s0]);
11:27:11,187 ERROR [JobRunShell] Job IAM.job1 threw an unhandled Exception:
java.lang.AssertionError: Failed to generate class for com.thortech.xl.ejb.beans.tcUnauthenticatedOperationsSession_j7uqe_EOImpl_1032_WLStub
 at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:790)
 at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:779)
 at weblogic.rmi.extensions.StubFactory.getStub(StubFactory.java:74)
 at weblogic.rmi.internal.StubInfo.resolveObject(StubInfo.java:226)
 at weblogic.rmi.internal.StubInfo.readResolve(StubInfo.java:207)
 at sun.reflect.GeneratedMethodAccessor81.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at java.io.ObjectStreamClass.invokeReadResolve(ObjectStreamClass.java:1061)
 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1762)
 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
 at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
 at weblogic.rmi.extensions.server.CBVInputStream.readObject(CBVInputStream.java:64)
 at weblogic.rmi.internal.ServerRequest.unmarshalReturn(ServerRequest.java:100)
 at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
 at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
 at com.thortech.xl.ejb.beans.tcUnauthenticatedOperationsSession_j7uqe_HomeImpl_1032_WLStub.create(Unknown Source)
 at Thor.API.tcUtilityFactory.getUnauthenticatedOperations(Unknown Source)
 at Thor.API.tcUtilityFactory.getPropertyValue(Unknown Source)
 at Thor.API.tcUtilityFactory.<init>(Unknown Source)
 at com.vaau.rbacx.iam.oracle.OIMIAMSolution.getUtilityFactory(OIMIAMSolution.java:2542)
 at com.vaau.rbacx.iam.oracle.OIMIAMSolution.readUsers(OIMIAMSolution.java:754)
 at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.importUsers(RbacxIAMServiceImpl.java:119)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
 at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
 at $Proxy114.importUsers(Unknown Source)
 at com.vaau.rbacx.scheduling.executor.iam.IAMJobExecutor.execute(IAMJobExecutor.java:121)
 at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
 at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
 at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:534)
Caused by: java.lang.reflect.InvocationTargetException
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
 at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:788)
 ... 37 more
Caused by: java.lang.ArrayIndexOutOfBoundsException: 20
 at com.thortech.xl.ejb.beans.tcUnauthenticatedOperationsSession_j7uqe_EOImpl_1032_WLStub.ensureInitialized(Unknown Source)
 at com.thortech.xl.ejb.beans.tcUnauthenticatedOperationsSession_j7uqe_EOImpl_1032_WLStub.<init>(Unknown Source)
 ... 42 more
11:27:11,203 ERROR [ErrorLogger] Job (IAM.job1 threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: java.lang.AssertionError: Failed to generate class for com.thortech.xl.ejb.beans.tcUnauthenticatedOperationsSession_j7uqe_EOImpl_1032_WLStub]
 at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
 at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:534)
Caused by: java.lang.AssertionError: Failed to generate class for com.thortech.xl.ejb.beans.tcUnauthenticatedOperationsSession_j7uqe_EOImpl_1032_WLStub
 at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:790)
 at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:779)
 at weblogic.rmi.extensions.StubFactory.getStub(StubFactory.java:74)
 at weblogic.rmi.internal.StubInfo.resolveObject(StubInfo.java:226)
 at weblogic.rmi.internal.StubInfo.readResolve(StubInfo.java:207)
 at sun.reflect.GeneratedMethodAccessor81.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at java.io.ObjectStreamClass.invokeReadResolve(ObjectStreamClass.java:1061)
 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1762)
 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
 at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
 at weblogic.rmi.extensions.server.CBVInputStream.readObject(CBVInputStream.java:64)
 at weblogic.rmi.internal.ServerRequest.unmarshalReturn(ServerRequest.java:100)
 at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
 at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
 at com.thortech.xl.ejb.beans.tcUnauthenticatedOperationsSession_j7uqe_HomeImpl_1032_WLStub.create(Unknown Source)
 at Thor.API.tcUtilityFactory.getUnauthenticatedOperations(Unknown Source)
 at Thor.API.tcUtilityFactory.getPropertyValue(Unknown Source)
 at Thor.API.tcUtilityFactory.<init>(Unknown Source)
 at com.vaau.rbacx.iam.oracle.OIMIAMSolution.getUtilityFactory(OIMIAMSolution.java:2542)
 at com.vaau.rbacx.iam.oracle.OIMIAMSolution.readUsers(OIMIAMSolution.java:754)
 at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.importUsers(RbacxIAMServiceImpl.java:119)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
 at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
 at $Proxy114.importUsers(Unknown Source)
 at com.vaau.rbacx.scheduling.executor.iam.IAMJobExecutor.execute(IAMJobExecutor.java:121)
 at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
 at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
 ... 1 more
Caused by: java.lang.reflect.InvocationTargetException
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
 at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:788)
 ... 37 more
Caused by: java.lang.ArrayIndexOutOfBoundsException: 20
 at com.thortech.xl.ejb.beans.tcUnauthenticatedOperationsSession_j7uqe_EOImpl_1032_WLStub.ensureInitialized(Unknown Source)
 at com.thortech.xl.ejb.beans.tcUnauthenticatedOperationsSession_j7uqe_EOImpl_1032_WLStub.<init>(Unknown Source)
 ... 42 more
11:27:11,203 DEBUG [QuartzJobListener] job1: job was executed
11:27:11,203 DEBUG [VaauSchedulerEventListenerImpl] Processing VaauSchedulerEvent
11:27:11,203 INFO [VaauSchedulerEventListenerImpl] Job executed: job1, IAM
11:27:11,203 INFO [VaauSchedulerEventListenerImpl] Job run time: 3s
11:27:11,203 INFO [VaauSchedulerEventListenerImpl] Next Run: null

Can't Provision user from OIM to AD (manaul provis

can't Provision user from OIM to AD (manual provisioning ) failed with Error
the following is connector server log
==========================================
DateTime=2012-07-18T08:39:32.8713100Z
ConnectorServer.exe Error: 0 : System.ArgumentNullException: Value cannot be null.
Parameter name: Parameter 'uid' must not be null.
at Org.IdentityConnectors.Common.Assertions.NullCheck(Object o, String param)
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.ValidateInput(ObjectClass objclass, Uid uid, ICollection`1 attrs, Boolean isDelta) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1568
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.Update(ObjectClass objclass, Uid uid, ICollection`1 replaceAttributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1365
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
at ___proxy1.Update(ObjectClass , Uid , ICollection`1 , OperationOptions )
at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
DateTime=2012-07-18T08:39:37.8558126Z
1- iam using OIM 11.1.1.5 / applied patch p13704894_111150
2- this the target system LDAP on Windows Server 2008 R2 Entrprise version 6.1(7601) , Service Pack 1
3- and the connector server and connector version , activedirectory-11.1.1.5.0 , Connector_Server_111150
i noticed that for any user i create on OIM objectGUID is 0 , i can read groups and organizations from LDAP with no errors
please support

This issue is coming because your object guid is not getting synchronized properly. Login to design console and open AD User form. Go to pre-populate tab. Open prepop adapter for User Principal name. Here bydefault IT resource name passed is Active Directory whereas you should have your IT server name which I think bydefault is AD Server. In the Mapto section select Process data and qualifier field will have AD server. Click on save button. Save your form.
Retry your test case now. This will resolve your problem.
regards,
GP

Problem in provisioning user from oim to active directory using ssl

hi,
problem in provisioning user from oim to active directory using ssl i am getting following error while provisioning user to AD.
15:18:12,984 ERROR [ADCS] Communication Errorsimple bind failed: 172.16.30.35:636
15:18:12,984 ERROR [ADCS] The error occured in tcADUtilLDAPController::connectTo
AvailableAD():simple bind failed: 172.16.30.35:636
15:18:13,015 ERROR [SERVER] Class/Method: tcProperties/tcProperties encounter so
me problems: Must set a query before executing
com.thortech.xl.dataaccess.tcDataSetException: Must set a query before executing
at com.thortech.xl.dataaccess.tcDataSet.checkExecute(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.<init>(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.initialize(Unknown Source)
at Thor.API.tcUtilityFactory.getLocalUtility(Unknown Source)
at Thor.API.tcUtilityFactory.getUtility(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.co
nnectToAvailableNextAD(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.se
archResultPageEnum(Unknown Source)
at com.thortech.xl.schedule.tasks.ADLookupRecon.performReconciliation(Un
known Source)
at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Sour
ce)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionActi
on.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown S
ource)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:520)
can any one help.
Thanks and Regards,
praveen,

Are you able to connect to AD over SSL through some LDAP Browser ?
Check the validity of Certificate ?
Does your certificate appear in the list ?

Bulk Create Users from CSV: Error: "Put": "There is no such object on the server."?

Hi,
I'm using the below PowerShell script, by @hicannl which I found on the MS site, for bulk creating users from a CSV file.
I've had to edit it a bit, adding some additional user fields, and removing others, and changing the sAMAccount name from first initial + lastname, to firstname.lastname. However now when I run it, I get an error saying:
"[ERROR] Oops, something went wrong: The following exception occurred while retrieving member "Put": "There is no such object on the server."
The account is created in the default OU, with the correct firstname.lastname format, but then it seems to error at setting the "Set an ExtensionAttribute" section. However I can't see why!
Any help would be appreciated!
# ERROR REPORTING ALL
Set-StrictMode -Version latest
# LOAD ASSEMBLIES AND MODULES
Try
Import-Module ActiveDirectory -ErrorAction Stop
Catch
Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
Exit 1
#STATIC VARIABLES
$path = Split-Path -parent $MyInvocation.MyCommand.Definition
$newpath = $path + "\import_create_ad_users_test.csv"
$log = $path + "\create_ad_users.log"
$date = Get-Date
$addn = (Get-ADDomain).DistinguishedName
$dnsroot = (Get-ADDomain).DNSRoot
$i = 1
$server = "localserver.ourdomain.net"
#START FUNCTIONS
Function Start-Commands
Create-Users
Function Create-Users
"Processing started (on " + $date + "): " | Out-File $log -append
"--------------------------------------------" | Out-File $log -append
Import-CSV $newpath | ForEach-Object {
If (($_.Implement.ToLower()) -eq "yes")
If (($_.GivenName -eq "") -Or ($_.LastName -eq ""))
Write-Host "[ERROR]`t Please provide valid GivenName, LastName. Processing skipped for line $($i)`r`n"
"[ERROR]`t Please provide valid GivenName, LastName. Processing skipped for line $($i)`r`n" | Out-File $log -append
Else
# Set the target OU
$location = $_.TargetOU + ",$($addn)"
# Set the Enabled and PasswordNeverExpires properties
If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }
If (($_.ChangePasswordAtLogon.ToLower()) -eq "true") { $changepassword = $True } Else { $changepassword = $False }
# A check for the country, because those were full names and need
# to be land codes in order for AD to accept them. I used Netherlands
# as example
If($_.Country -eq "Netherlands")
$_.Country = "NL"
ElseIf ($_.Country -eq "Austria")
$_.Country = "AT"
ElseIf ($_.Country -eq "Australia")
$_.Country = "AU"
ElseIf ($_.Country -eq "United States")
$_.Country = "US"
ElseIf ($_.Country -eq "Germany")
$_.Country = "DE"
ElseIf ($_.Country -eq "Italy")
$_.Country = "IT"
Else
$_.Country = ""
# Replace dots / points (.) in names, because AD will error when a
# name ends with a dot (and it looks cleaner as well)
$replace = $_.Lastname.Replace(".","")
$lastname = $replace
# Create sAMAccountName according to this 'naming convention':
# <FirstName>"."<LastName> for example
# joe.bloggs
$sam = $_.GivenName.ToLower() + "." + $lastname.ToLower()
Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" -Server $server }
Catch { }
If(!$exists)
# Set all variables according to the table names in the Excel
# sheet / import CSV. The names can differ in every project, but
# if the names change, make sure to change it below as well.
$setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
Try
Write-Host "[INFO]`t Creating user : $($sam)"
"[INFO]`t Creating user : $($sam)" | Out-File $log -append
New-ADUser $sam -GivenName $_.GivenName `
-Surname $_.LastName -DisplayName ($_.LastName + ", " + $_.GivenName) `
-StreetAddress $_.StreetAddress -City $_.City `
-Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
-Company $_.Company -Department $_.Department `
-Title $_.Title -AccountPassword $setpass `
-PasswordNeverExpires $expires -Enabled $enabled `
-ChangePasswordAtLogon $changepassword -server $server
Write-Host "[INFO]`t Created new user : $($sam)"
"[INFO]`t Created new user : $($sam)" | Out-File $log -append
$dn = (Get-ADUser $sam).DistinguishedName
# Set an ExtensionAttribute
If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null)
$ext = [ADSI]"LDAP://$dn"
$ext.Put("extensionAttribute1", $_.ExtensionAttribute1)
Try { $ext.SetInfo() }
Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" }
# Move the user to the OU ($location) you set above. If you don't
# want to move the user(s) and just create them in the global Users
# OU, comment the string below
If ([adsi]::Exists("LDAP://$($location)"))
Move-ADObject -Identity $dn -TargetPath $location
Write-Host "[INFO]`t User $sam moved to target OU : $($location)"
"[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append
Else
Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!"
"[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append
# Rename the object to a good looking name (otherwise you see
# the 'ugly' shortened sAMAccountNames as a name in AD. This
# can't be set right away (as sAMAccountName) due to the 20
# character restriction
$newdn = (Get-ADUser $sam).DistinguishedName
Rename-ADObject -Identity $newdn -NewName ($_.LastName + ", " + $_.GivenName)
Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n"
"[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append
Catch
Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n"
Else
Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n"
"[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append
Else
Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n"
"[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append
$i++
"--------------------------------------------" + "`r`n" | Out-File $log -append
Write-Host "STARTED SCRIPT`r`n"
Start-Commands
Write-Host "STOPPED SCRIPT"

Here is one I have used. It can be easily updated to accommodate many needs.
function New-RandomPassword{
$pwdlength = 10
$bytes = [byte[]][byte]1
$pwd=[string]""
$rng=New-Object System.Security.Cryptography.RNGCryptoServiceProvider
while (!(($PWD -cmatch "[a-z]") -and ($PWD -cmatch "[A-Z]") -and ($PWD -match "[0-9]"))){
$pwd=""
for($i=1;$i -le $pwdlength;$i++){
$rng.getbytes($bytes)
$rnd = $bytes[0] -as [int]
$int = ($rnd % 74) + 48
$chr = $int -as [char]
$pwd = $pwd + $chr
$pwd
function AddUser{
Param(
[Parameter(Mandatory=$true)]
[object]$user
$pwd=New-RandomPassword
$random=Get-Random -minimum 100 -maximum 999
$surname="$($user.Lastname)$random"
$samaccountname="$($_.Firstname.Substring(0,1))$surname"
$userprops=@{
Name=$samaccountname
SamAccountName=$samaccountname
UserPrincipalName=“$[email protected]”)
GivenName=$user.Firstname
Surname=$surname
SamAccountName=$samaccountname
AccountPassword=ConvertTo-SecureString $pwd -AsPlainText -force
Path='OU=Test,DC=nagara,DC=ca'
New-AdUser @userprops -Enabled:$true -PassThru | |
Add-Member -MemberType NoteProperty -Name Password -Value $pwd -PassThru
Import-CSV -Path c:\users\administrator\desktop\users.csv |
ForEach-Object{
AddUser $_
} |
Select SamAccountName, Firstname, Lastname, Password |
Export-Csv \accountinformation.csv -NoTypeInformation
¯\_(ツ)_/¯

How to deploy jar file for use within mapping user-defined fcn

Hi all,
I have a java class I'd like to called from a mapping user-defined function.
Here's what I've done (but hasn't worked)
1. Added 'package com.<mycompany>.xi.util.base64 to the source class file and compiled it.
2. Created a sda with a plain provider.xml file, i.e. no references were made to any other library files.
3. Deployed the sda to the xi 3.0 j2ee server successfully using SDM.
4. Under the Visual Admin tool, I see that the library was deployed successfully.
5. In the import text box in the user-defined function (design time), I enter com.<mycompany>.xi.util.base64.*.
A syntax check returns an error indicating the package could not be found.
Can anyone give me pointers as to how I can get this working?
Thanks,
--jtb

Hey James,
No! That's not the right way!
What you have done is for accessing external JMS & JDBC drivers in their corresponding adapters. For the access inside a mapping user defined function, it's enough if you import the jar files.
Look at this blog and you will be very clear!
/people/divya.vidyanandanprabhu/blog/2005/06/28/converting-xml-to-pdf-using-xi
regards,
Felix

Erorr in while mapping users to role

in Jdeveloper . When we assign names to role in Organization, it is unable to retrieve roles form the connection. We have installed the jar file availbe in demo community . The connection to Application Server is successful. Is any body can help to overcome this issue.
Edited by: Venkat Ram on May 14, 2010 6:14 AM

Hi,
I am also facing the same issue while trying to map the users to the Role. What I am doing is:
1) Open the Organization from BPM Navigator.
2) Select Roles tab and try to add the Members to the Role.
3) Choose option User from the Type drop down.
4) Click on Add icon (+).
5) Create server connection. (Tests successful)
Once done, the realms do not get retrieved in the Realm drop down. When I click the search icon I get an error in pop up saying "Server Exception: Connection Refused from server". I can not see a stack trace in the JDeveloper's Messages/Log section
I am using the BPM11g VM and the Lab guide says, roles seeding and user seeding is already done for the VM image so I did not attempt that.
Venkat are you facing the same problem?
Edited by: user12272414 on May 14, 2010 10:54 AM

How to set users from AD as UCM administrators

Hi
I need to set group from Active Directory as UCM administrators
We have configured AD provider on WLS and group named MyGroup in AD
I created role MyGroup in UCM and users from this AD group can login to UCM.
I tried to create credentials map named "MyMap" with "MyGroup,admin" values,
add "ProviderCredentialsMap=MyMap" to <domain>/ucm/cs/data/providers/jpsuserprovider/provider.hda
and restart UCM
But it not works.
Please advice
Thanks
Leon

Leon wrote:I created role MyGroup in UCM and users from this AD group can login to UCM.Try removing the role "MyGroup" you've defined in UCM from the User Admin applet. It's not needed in this case. The "MyGroup" should just "come over" from AD as a role, if you've configured the WLS AD provider correctly.
Otherwise the mapping itself looks ok.

How to add user from domain A to a group in domain B

How would you acheive adding a user from domain A to a group that is in domain B via powershell without the Quest cmdlets? I've been trying to figure this out for about a week now. Please let me know if the scripting guy has seen this issue before.
LittleTech

Hello jrv,
Here's what i was trying to do. The two domains im working with have a trust between them.
1. Create a user in External.Domain.Com
2. Add the user in External.Domain.Com to GroupOne in ExternalDomain2.Domain.com
3. The only knowledge that ExternalDomain2.Domain.Com would have about the account in External.Domain.Com is whatever is in the Global Catalog. Here is what im trying, but it isn't working.
#Connecting to domain PSDrive
New-PSDrive
-Name
ExternalDomain
-PSProvider
ActiveDirectory
-Root
-Server
DC01.Domain.com
cd
ExternalDomain:
#Create user
#Add to ExternalDomain Groups
$UserDN=Get-ADUser-LDAPFilter"(sAMAccountName=$UserID)"
#Connecting to domain2 PSDrive
cd
AD:
$GroupDN="CN=Wireless
Device Users,OU=Wireless,OU=Systems and Technology,DC=External,DC=Domain2,DC=Com"
Add-ADGroupMember-Identity$GroupDN-Members(Get-ADObject-Identity$UserDN.DistinguishedName
-Server"DC01.Domain.com:3268")
Connecting via port 3268 allows me to talk to the global catalog instead of LDAP.
I receive the following message: A Referral was returned from the server
I know that if i connect using [ADSI] i am able to specify that the connection follows referrals, the AD cmdlets seem to not have that function. The Quest AD cmdlets do... I just dont want to have to use third party cmdlets to do what the AD cmdlets should
be able to do in the first place.
THanks,
LittleTech

Get the mapping values from one message mapping into another message mappin

Hi All,
I created two graphical message mappings. In first message mapping i created one user defined function and set one global container parameter and I need to use this parameter in my second message mapping user defined function. But the global container parameters can be used in different user defined functions in same message mapping. So is there any way to use the values which are set in one message mapping into another message mapping. If yes, please help me how to get?

Hi Koteswara rao,
As you said global container parameters from first message mapping are not accessible from second message mapping program.
i haven't faced situation like this.but, if you have some unmapped field in target message in first message mapping,you can put global variables data in that unmapped field.
anyway the output of first message mapping would be input for 2nd messages mapping,so you can access global data(unmapped field filled with global data in 1st MM) from 2nd mapping program..
Cheers,
Jag

How to map user-defined fields in XML communication on SRM site

Hi All!
We use the External sourcing scenario and we transfer requirements from ERP in SRM through XI (PurchaseRequestERPSourcingRequest_In)
We should transfer the user-defined fields, but we can not map it in SRM site.
We have enhanced enterprise service in XI, have realized BADI PUR_SE_PRERPSOURCINGRQCO_ASYN on ERP site.
I see the XML message with ours z-fields in tr. SXI_MONITOR (into SRM), but I can not find it in BBP_PDISC.
We try to use BADI BBP_SAPXML1_IN_BADI (there is no method for SC), and BADI /SAPSRM/BD_SOA_MAPPING (z-fields is empty)
Someone can tell how to map user-defined field for SC?
Thanks in advance
Evgeny Ilchenko

Hello, Julia
We have found solution our problem
We have enhanced standard service in a new enhancement name space and defined own enhancement elements in our namespaces. Then these enhancement elements refered to the SAP standard Enterprise Service.
But In our new interfaces were different XML namespaces
When we have correct an error we could use the next BADI
on ERP site: PUR_SE_PRERPSOURCINGRQCO_ASYN
on SRM site: /SAPSRM/BD_SOA_MAPPING
BR,
Evgeny

Mapping users from ActiveDirectory

Similar Messages

Maybe you are looking for