Multi level attribute form LDAP

multi level attribute form LDAP
I am trying to write an custom mapping to use to retrieve a value from a multialued field in LDAP (nsRole). Has anyone done this before?
Rigth now all my mappings are 1:1. However the goal is to get a 1 : M and parse thru it till i get the desied value (1:1)

Darwin Hammons - Assurant
2:44pm, May 17
Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location) queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location) queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
Anthony Erickson
2:52pm, May 18
Hi Darwin,
We're about to embark on a piece of work with newScale which would be similar to this to support our Multilingual catalogue. I'll provide any updates I'm able.
Thanks,
Ant
Darwin Hammons - Assurant
3:25pm, May 18
Great, Thanks Anthony ! I hope our bringing up this topic will spark a bit of interest. The Custom Java Mapping / Directory integration is documented more with RC 9.1. It will be good to hear more about your project and use of Java mappings with LDAP Directories.

Similar Messages

EAS load rule (multi level attributes)

Hi All,
I'm trying to build multi level attributes at the same time associating it to the base dimension same time building the base dimension.
because I'm building the multi level attributes...I specified all levels of attributes then base dimension then associations!!
The question is how to set the dimension build property?
whether I need to set it as building the base dimension or attribute dimension!!
I studied the Dbag page 308...
but getting the verification error!!
suggestions pls!!
Thanks,
Jeeth

Hi Glenn,
I was able to create a multiple level attribute hierarchy, base dimension and its associations in the same load rule.
I created attribute dimension and its descendents in the load rule it self!!
may be I'm not clear before!!
I found a way to create as per Rahul's post!!
I'm facing another issue over here!!
I successfully created multi level numeric attribute but not able to create multilevel text attribute!!
getting the following error!!
*\\ATTRPARENT column 8 must precede a numeric or date/time attribute association column\\Column 8 Validation* Failure
Thanks,
Jeeth
Edited by: Jeeth on May 18, 2010 10:04 AM

Create multi level fillable forms

I need to create a form that would be sent to my boss to complete part of it and once she has completed her part, it needs to be sent to another party to complete the content, but I need for my boss' input to be locked. Is there a way to do that?

If I have my boss digitally sign the form, can I have only certain fields locked and then have an additional signature field for our client to sign when other items are completed?

How to commit primary key in a multi level form

Hi ,
I am using Jdeveloper 10.1.2.3. ADF - Struts jsp application.
I have an application that has multiple levels before it finally commits, say:
Level 1 - enter name , address, etc details -- Master Table Employee
Level 2 - Add Education details -- Detail Table Education
Level 3 - Experience -- Detail Table Experience.
Level 4 - adding a Approver -- Detail Table ApplicationApproval
In all this from Level 1 I generate a document number which is the primary key that links all these tables.
Now if User A starts Level 1 and moves to level 2,he gets document no = 100 and then User B starts Level 1 and also gets document no = 100 because no commit is executed.
Now I have noticed that system crashes if User B calls a vo.validate().
How can I handle this case as Doc no is the only primary key.

Hi,
This is what my department has been doing even before I joined and its been working for our multi user environment for these many years.
We have a table called DOC_SRNO which will hold a row for our start docno , next number in running sequence. the final number. We have this procedure that returns next num to calling application and increments the next num by 1 in the table. and final commit on the application commits all this.
I am not sure how this was working so far but each of those applications were for different employees. I am assuming this is how it worked.
Now in the application that I am working on, has no distinct value. So two users could generate the same docno and proceed.
I will try the DB sequence but here is what I tried. I call the next num from DOC_SRNO and I commit this table update and then proceed with this docno so at a time both gets different docno's.
But my running session crashes when I go to next level to insert into the detail table of my multi level form. Here when I try to get the current row from the vo which is in context, it crashes.
Here's the steps.
Three tables : voMainTable1 and voDetailTable1 and voDetailTable2.
voMainTable1 on create row1- I generate new docno - post changes
voMainTable1 on create row2- I genrate another docno - post changes
set voMainTable1 in context
Now I call voDetailTable1 and to get the docno to join master detail, I try to get voMainTable1.getCurrentRow. Here it crashes.
How can I avoid this

Pre-populate a multi-valued attribute on target?

Hi. I am working on pre-populating our I-Planet target resource with data we are storing in OIM User(Address data). it is a requirement by the AD group to store the data as a multi-valued attribute in the LDAP attribute postaladdress. I have tried setting up the resource form to use a pre-populate adapter to populate each line of the address, but I can only add the adapter once for the attribute. Any ideas on how to do this with a pre-populate adapter?
rkimbal45

You will probably need to write your own custom code to connect to your ldap directory and perform any actions needed when the field is updated. So you'll need a pre-populate to fill in the date with some sort of delimiter. Then on provisioning, you'll want to trigger this task after the create user. Then when any updates are performed, you'll need to completely refresh the multivalue attribute in the target. I would suggest one function to be called in your custom code, then query ldap for what exists, and parse your data for any updates neccessary, and then do as needed based on what exists and what needs to be added/deleted/updated.
-Kevin

Handling Multi-Valued attribute in trusted reconciliation

Hi,
We have a requirement where an attribute is multi-valued in LDAP(Sun One Directory Server) which is a trusted source for OIM. We wanted to use oracle Out-of-the-Box connector for Sun Java System Directory Server. We wanted to bring in this multi-valued attribute into OIM, concatenate everything and populate it to a OIM User form attribute. Hence though the value is multi-valued in trusted source, we process it and populate as a single valued attribute in OIM. Since we run trusted reconciliation we are unable to bring this multivalued attribute for the user into OIM.
Can anybody suggest any other workaround available to achieve this functionality without touching connector source code?
Any help would be greatly appreciated.
Regards
Deepa

I would highly suggest writing your own custom code.
You'll need to create a UDF that is large enough to handle your concatenated value. A resource object marked as trusted object. A provisioning process defintion to map the value to the field.
Then write a custom scheduled task that will connect to the LDAP directory, perform your search using the modifytimestamp attribute to get all the values. Concatenate them together in your code and create the reconciliation event.
It will turn out to be smoother than dealing with an entity adapter that runs everytime an event occurs which might not be related to this item.
-Kevin

ActiveSync and multi-value attributes

I'm a litte bit lost in trying to create an adapter and associated forms for populating an ldap directory with multi-valued attributes. What is the 'prescribed' process for dealing with attributes that could have 1 or more values?

Did you ever get anything like this.
when I try to deal with this in a user form, it can detect and display the mv attribute, and the User View clearly shows it as an array, but it seems that the system basically does a toString() on it as one I try to save back it collapses the mv attribute into one instance of comma separated values.
Z

How to create multi level reports?

The report I have created contains 25 columns and is to wide. I would like to create a multi level report in the fashion of below:
Col 1 Col 2 Col 3
Row1 Row1 Row1
Row2 Row2 Row2
Col 5 Col 6 Col 7
Row1 Row1 Row1
Row2 Row2 Row2
I am assuming this needs to be done by modifying html in a template.
I have cut up a normal report to try and illistrate what I am thinking.
http://i71.photobucket.com/albums/i124/breinhar/multirow.jpg
I greatly appreciate the help. Thanks.

Hi,
OK - I've put together a horizontal scrolling report template for a Theme 12/Standard report: [http://apex.oracle.com/pls/otn/f?p=33642:198]
To create this, you need to:
1 - Through Shared Components, Templates - create a new Report Template based on a copy of the existing Standard report template.
2 - When you have your new template, edit it.
3 - In the template's "Before Rows" setting, replace what's there with the following:
<style type="text/css">
#table1 th {white-space: nowrap}
#table1 td {white-space: nowrap}
#table2 th {white-space: nowrap}
#table2 td {white-space: nowrap}
</style>
<table cellpadding="0" cellspacing="0" summary="" style="padding:0px; border-collapse:collapse;">#TOP_PAGINATION#
<tr><td>
<tr>
    <td style="vertical-align:top; background-color:#EFEFEF; padding:0px; border:1px solid darkgray;">
      <div id="d1" style="background-color:white; margin:0px; border:0px; padding:0px;">
      </div>
    </td>
    <td style="vertical-align:top; padding:0px; border:1px solid darkgray;">
      <div id="d2" style="overflow-X:scroll; margin:0px; border:0px; padding:0px; border-right:1px solid darkgray;">
<table cellpadding="0" border="0" cellspacing="0" summary="" class="t12Standard" id="table2">4 - In the template's "After Rows" setting, replace what's there with the following:
      </div>
    </td>
</tr>
</table><div class="t12bottom">#EXTERNAL_LINK##CSV_LINK#</div></td></tr>#PAGINATION#</table>
<script type="text/javascript">
var d1 = document.getElementById("d1");
var t2 = document.getElementById("table2");
var t1 = t2.cloneNode(false);
t1.style.width = "100%";
t1.id = "table1";
d1.appendChild(t1);
var t2Rows = t2.rows;
var k;
var r;
var c;
for (k = 0; k < t2Rows.length; k++)
r = document.createElement("TR");
t1.appendChild(r);
c = t2Rows[k].cells[0].cloneNode(true);
r.appendChild(c);
t2Rows[k].deleteCell(0);
d1.innerHTML += "";
</script>5 - On your report's Report Attributes, change the template used for the report from "Standard" to your new one
6 - Also on the report's Report Attributes, set "Enable Partial Page Refresh" to No - this is required as we need the javascript in the template to be run whenever pagination happens and Partial Page Refresh does not seem to allow us the means to trigger javascript
7 - Finally, on the report region's Region Footer, add in:
<style type="text/css">
#d1 {width:75px;}
#d2 {width:500px;}
</style>#d1 refers to the width of the frozen column and #d2 is the width of the rest of the report - you can adjust these figures as required.
The template contains two DIV tags - d1 and d2. Initially, d1 is empty and d2 contains the report. The javascript moves the first cell in each row from d2 to d1. The styles then add the scrolling functionality.
Andy

How to create multi-level style pulling in a .jpg image as a bullet?

From within RoboHelp 8 HTML, when creating/editing a 3-tier multi-level style, I want to use a .jpg image for the bullet(s). I can not find a way to point to the image while in Edit mode. My only choices are predefined bullets for the List Style.
When searching for an answer within the forum, I noticed mention of a Baggage folder in RoboHelp. I do not have a Baggage folder. I do have links to websites accessible from within the web-based Help file I've created beneath the URLs folder in the Project Manager.
Thank you for any help you can provide.

Hi there
I never really played much with adding images to the oddly formatted Multi-list styles.
The Project Manager has two views. Sounds like you are using the new "global" view. In that view you don't see a special area labeled Baggage Files. In this view the files are simply listed among the other content. If you change the view to Classic (I think it's the first icon on the left of the pod toolbar) you will then see the Baggage Files folder.
Cheers... Rick
Helpful and Handy Links
RoboHelp Wish Form/Bug Reporting Form
Begin learning RoboHelp HTML 7 or 8 within the day - $24.95!
Adobe Certified RoboHelp HTML Training
SorcerStone Blog
RoboHelp eBooks

Rules based on multi-level categorization

Hi all,
I want to create a rule for service requests in the rule modeler based on multilevel-categorization. According to help.sap.com this should be possible.
But in the context SERVICEREQUEST there is no attribute for multi-level categorization and therefore I can't select it when creating my rule. I have assigned my categorization schema to the application area for the rule modeler. I have checked the other context areas as well, but I don't see anything that looks like multi-level categorization.
Does anyone have experience with this ? If the attribute should be created from scratch please guide me to how it should be configured.
Best regards
Annette

Hello Annette,
Can you help me on this, how did you got the option for multilevel-categorization as attribute?
Even i am trying the same. This is critical for my project, any help wold be appreciated.
Thanks.
Regards,
Abhishek

Multi value attribute question

Hello there,
Our application would like to have a multi value attribute in DS11.1.1.7.0 on SLES platform. But here is my question..
1. Can i have a one single attribute with value like companyCode: ABC,XYZ,QWE,RTY
2. OR , can i have like below..
CompayCode: ABC
CompanyCode: XYZ
CompanyCode: QWE
CompanyCode: RTY
which is the best method for LDAP server performance?
Thanks

Hi,
Multi-valued attribute is supported OOTB by LDAP and it seems simpler&better (possibility to have better indexing, more efficient to add/delete values) to use the second option, especially if you need to search for entries based on one of the attribute value. By default, LDAP attributes are multi-valued in the LDAP schema so you can store several values for companyCode.
Note: attribute values in an LDAP attribute are unordered, so choose the primary option if you need to maintain ordering across attribute values.
HTH
-Sylvain

How does IDP handle multi-value attributes in directory?

I have a directory referenced by the IDP where the mail attribute is multi-value. Assertions being received by the SP are indicating that the mail attribute is null or empty. How does the Oracle IDP handle multi-value attributes from a directory? Is there a way to select the first entry in an array of multi-values?

On the IdP side, passing of multi-valued attributes is supported. Read this section:
http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/configuring.htm#BCGCGFCJ
Snippet (under 'Delimited Data'):
"In addition to supporting and passing multi-valued attributes, Oracle Identity Federation can also support delimited data to provide multiple values for assertion attributes ......"
This information is also available on the OIF screen for 'Add Assertion Profile'.
On the SP side, mapping a multi-valued assertion attribute to a local user attribute is NOT supported. Read this section:
http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/configuring.htm#BCGGEAEA
Snippet (under Submit/Reset button):
"Note: Mapping an assertion attribute containing multiple values to a local user is not supported."
So, basically, there is no way to send only the first value of an LDAP attribute.
-shetty2k

How to handle multi valued attributes

Hi All,
I am supposed to populate multivalued attributes for a field in oim resource profile. Lets assume the field is mailbox. The issue is that I am supposed to reconcile this field from the directory server during initial load. The mailboxes are fetched from the DS based on organization. For provisioning I have to get the mailboxes from the database and these mailboxes are based on the role a user has. At the time of provisioing, I am supposed to populate the mailbox field with values the user already has been provisioned with and also display the mailboxes that he can get access to. I have created the mailbox as a resource with id and name as two of its fields. Could someone please tell me how do I handle this?
Thanks,
Supreetha

I am not sure if I could follow the same thing as mentioned in the link above. Here is my case, Role is a multi valued attribute which i need to handle in oim and is very different from the usual roles. For this purpose, I have created roles as a resource object with role_id as field in its process form.When an admin logs in to assign a new role_id, he should be able to see only those roles for assignment that the admin's org has. I have these org and role mappings in a custom table that I have created in the oim schema. How will I able to display only these available role_ids so that the admin can choose them and assign for the role resource.
Could you please let me know how do I do the config in oim?
Thanks,
supreetha
Edited by: Supreetha on Nov 13, 2010 2:54 AM

OAM multi-level authentication with an OIF SP

As background, we have 16 Shibboleth IdPs in a federation and users need to access a couple of applications that are protected by OAM (10.1.4.3) using OIF (11g) as the SP. We have a requirement to force re-authentication for a set of URLs protected by OAM. So, if a user accesses application, let's call it LOW, and then attempts to access application called HIGH, we need to reauthenticate the user at the IdP. In OAM, this is the classic use case for multi-level authentication, I think.
Since OIF acts as a gateway, all of the applications "behind" OIF/OAM use the same authentication scheme in OAM, so I can't use OAM's multi-level authentication as we are configured now. I was told by an OIF person at OracleWorld that a possible approach would be to configure a custom authentication engine in OIF that is basically a copy of the OAM authentication engine and set that up at a different authentication level in OAM. However, looking through the documentation, it looks like the authentication engines are only used when OIF is used as an IdP. Perhaps the person meant that I need to set up a custom SP Integration Module? Or am I misunderstanding the role of the auth engine?
The OAM SP Integration Module lets me specify Authentication Schemes and Authentication Scheme Levels. We currently are set up to use OIF-unspecified with a level of 1. Since we want to re-authenticate, however, we really want to use the same authentication scheme but at a different authentication level. Is there a way to achieve that? Can I set up a second OAM SP Integration Module with a different policy domain and set the OIF-unspecified authentication scheme to level 2 on that one? How would I go about doing that -- as a custom SP engine?
Has anyone done anything similar or found a way to force reauthentication using the same authenticator for some applications behind an OIF SP but not others?
Thanks for any help you can provide.
--Mike

Hi,
Thanks for the reply.
“In fact there is not one use case. There are 5 use cases for which we need to provide Second Level of Authentication functionality. And that also with the flexibility of switching this on/off.
Now as per my understanding we should achieve this through the following flow :
Store one extra attribute in OID per user per service. And that attribute will store the enable/disable information for that particular service and for that particular user.
Now ObAuthentication Scheme class of Access Manager API needs to be used for enabling or disabling the Level 2 authentication scheme as per that attribute.
Is this flow possible.”
Cheers,
Sunny

Updating attributes in LDAP during a disable

I am having trouble with a disable workflow for an LDAP resource. I need to modify an attribute in LDAP when performing the disable.
So, I have a modified disable user form that adds a "reason" from a textbox and also sets the date of the disble.
The account is being disabled in LDAP, but the attributes "reason" and "date" are not being pushed.
I am looking for the specific order in which I should call workflow to accomplish this task.
Should I:
checkout a userview
modifiy attributes
checkin userview
checkout disable view
checkin disable view
reprovision???
notification
Thanks for your help in advance.
C.

The reason they aren't being pushed is because they are not attributes associated with the Disable View.
You can extend the view to include these attributes and then the disable form can include reference these as fields as
resourceAccounts.currentResourceAccounts[ResourceTypeName].attribute.
The view can be extended globally for all all resources of a specified type (e.g. LDAP 1, LDAP2) or for a specific resource.
The Deployment Guide has a chapter on Views and how to extend them. Refer there first, and if you have any followup questions post them here.

Multi level attribute form LDAP

Similar Messages

Maybe you are looking for