ODI Integration With Microsoft Active Directory to bring User id to Table

Similar Messages

• Portal Integration with Microsoft Active Directory

  We are working on a project to integrate Oracle9iAS Portal with Microsoft Active Directory. I am wondering if anyone has any experience with this and hence suggestions. Particularly, I'm wondering if its possible and how to use Active Directory to manage the Portal user accounts and group relationships?

  Please note that we finally got this working. For Active Directories sake, I would suggest using userPrincipalName or sAMAccountName as the Unique Attribute. Also, note that Active Directory uses OUs for organization, not CNs, so the search base should be either just the DN of the domain or an OU in the domain. Also, be sure to specify the full DN of the Bind DN as in CN=Administrator,CN=Users,DN=domain,DN=com

• ACS Integration with Microsoft Active Directory Services

  Hello Everyone,
  I've been tasked to design the integration of ACS with MS AD. What I want to know is the below assuming I have a software ACS or a ACS device and the protocol for authentication is Radius
  - What is the criteria for the AD to integrate with ACS software of appliance
  - Should that AD be hosted on the domain controller or not?
  - If not, on what (Domain Controller, Tree, Forest, Branch, Flower, Fruit  ) should the AD be hosted on?
  - What will I have to do to authenticate users logging into Cisco Security Manager with ACS integrated with AD?
  - Are there any other dependencies that I will have to categorically mention in my design document?
  Thanks,
  Rishi

  In ACS v5.x, there is a screen for integrating the ACS with AD. 
       (Users and Identity Stores > External Identity Stores > Active Directory)
  Just enter the local domain name (domain.com) and a valid AD administrator account username and password, and the ACS will connect to the domain.  This allows you to use existing AD credentials to login and administer your network devices. 
  Tying the ACS to AD really only takes one screen and less than a minute, but you will still have to tell the ACS which AD groups get which permissions (for example, read-only or read-write access), and you will have to setup a search sequence (Users and Identity Stores > Identity Store Sequences) to tell ACS to first look at AD for credentials, then check the local ACS user database for valid accounts.  The permissions part is still fairly quick, and it only takes me about 45 minutes to build an ACS from scratch including all AD integration and custom RADIUS attributes for some of our devices. 
  The authentication would occur like this:
  User SSH/telnet/console to device
  Device contacts ACS using TACACS or RADIUS
  User receives login prompt and enters AD credentials
  Devices sends credentials to ACS
  ACS validates credentials in AD
  ACS sends authentication OK message to Device
  Device logs user in.
  Command Authorization looks something like this:
  User enters a command
  Device sends command authorization request to ACS
  ACS looks at which AD group the user belongs to and looks up permissions configured in ACS for that group
  Based on the permissions you have assigned, ACS either sends an allow or deny message to the Device
  Device allows or denies the user command.
  Criteria:  We use an ACS 5.2 virtual machine and have had it work perfectly with Server 2003 and Server 2008.
  AD is hosted on our local domain controller (Bonus:  no planting of flowers required!)
  Dependencies: 
  Issue:  The Device looks to ACS.  ACS looks to AD.  If AD fails, users cannot use their AD credentials to login.
            Device ---> ACS ---> AD
  Solution:  Configure the Device to look at ACS first, then a local table if ACS is not available.  Also, configure the ACS to look at AD first, then a local ACS account list if AD is not available.  (You can configure local user accounts on the Device and in the ACS) 
            Device ---> ACS ---> AD
            Device ---> ACS ---> AD ---> ACS local
            Device ---> ACS ---> AD ---> ACS local ---> Device local
  The new version of Cisco ACS is UNIX-based, and you can download a free trial to load up and try before you buy.  It is far FAR superior to the old ACS v3.3 that we had for years.
  I hope this helps for your design document!
  --Chris

• OracleApps HRMS-R12.1.3 Integration with MS Active Directory (win 2008 R2)

  Dear Friends,
  we are using Oracle Apps R12.1.3 and the Microsoft Active Directory : Windows 2008 R2
  we have the following requirement:
  (1)From Oracle Apps to Active Directory.
  -Employee master information needs to be interfaced to Active Directory on a regular interval which should be updated in the active directory.
  (2)From Active Directory to Oracle system.
  -Whenever new email address for an employee is created in Active directory, the information needs to flow to Oracle HRMS.
  Please let us know the method to achieve with minimal latest oracle softwares?
  can it be done over coding from oracle apps without new softwares?
  Is Oracle Apps R12.1.3 certified with Windows 2008 R2 Active Directory?
  Regards,
  DB

  user564706 wrote:
  Dear Friends,
  we are using Oracle Apps R12.1.3 and the Microsoft Active Directory : Windows 2008 R2
  we have the following requirement:
  (1)From Oracle Apps to Active Directory.
  -Employee master information needs to be interfaced to Active Directory on a regular interval which should be updated in the active directory.
  (2)From Active Directory to Oracle system.
  -Whenever new email address for an employee is created in Active directory, the information needs to flow to Oracle HRMS.
  Please let us know the method to achieve with minimal latest oracle softwares?
  can it be done over coding from oracle apps without new softwares?
  Is Oracle Apps R12.1.3 certified with Windows 2008 R2 Active Directory?
  Regards,
  DBPlease update your original thread(s) instead of creating new one(s) -- Integrate Oracle Apps R12 with Microsoft Active Directory
  Thanks,
  Hussein

• Integrate Oracle Apps R12 with Microsoft Active Directory

  Dear Friends,
  I am using Oracle Apps R12.1.3 and alsoo we have Microsoft Activity Directory.
  we need to integrate both so that any employee cretaed in Oracle Apps HRMS will be replicated in Microsoft Directory.
  Please let us know the oracle 10g and 11g products we have to use to achieve this.
  Please let us know both 10g and 11g products and is 10g products covered in Oracle support?
  Regards,
  DB

  Please see these docs/links.
  Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On 10gR3 (10.1.4.3) [ID 376811.1]
  Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite [ID 876539.1]
  Registering Oracle E-Business Suite Release 12 with Oracle Internet Directory 11gR1 and Single Sign-On [ID 1370938.1]
  External Authentication To Active Directory Integration With E-Business Suite [ID 429020.1]
  Re: Integrating Active directory  with oracle EBS 12.1.3 with 11g R2 database
  Re: Oracle EBS with SSO
  Re: Need to integrate AD with R12.1.3 with the most simplest architecture.
  Re: EBS R12,how to use OID implement SSO without OAM/OID(with 3rd product)?
  Thanks,
  Hussein

• SSO (single sign on) on NetWeaver 7.0 Enterprise Portal based on spnego with Microsoft Active Directory

  Hi,
  we are using SAP Netweaver Enterprise Portal 7.0 (SP25) based on Windows 2008 R2/Oracle 11g.
  When we setup the Portal, we used the UME of the ECC - ABAP.
  The portal is used internally only.
  Now we want to provide SSO.
  User authenticate against Windows Active Directory (Windows 2003).
  We thought SSO via spnego would be the best solution.
  Any better alternates, we should use?
  We are following the SAP documentation:
  SAP-Bibliothek - Benutzerauthentifizierung und Single Sign-On
  We still want to create users in ABAP and assign them the portal roles. LDAP access should only have read access, to verify the security token from Active Directory.
  When we setup the portal from scratch using ABAP as its UME, in the system configuration, LDAP can't be selected/add as data source.
  In case we understand the documentation correctly, we would now need to add LDAP via the configtool for read access.
  What is not clear to us, when we active now LDAP via config tool, if we would now lose the ABAP connection.
  Is there a tutorial for SSO Netweaver 7.0 EP, like for EP 7.3, available?
  In 7.3 SSO is pretty simple to get it running, thanks to the many tutorials here and on the internet.
  Thanks for your help.
  Best regards
  Carlos Behlau

  Hi,
  I was able to generate the key via ktab program.
  But when I am enable SSO, nothing is happening when I try to log-on via SSO to the portal.
  I installed WebDiag tool on the portal server and ran trace.
  The users are located in domain: company.com of activate directory.
  The Java AS are located in domain: sap.company.com of activate directory.
  The sap.company.com domain acts as child of company.com.
  When I check the WebDiag trace, I see for the SPNegoLoginModule - the entry "... no key (etype: 23) for realm sap.company.com available ..."
  I would except company.com as realm key, as the keytabs have been generated on the domain controller of company.com.
  Is it possible to get SSO with child domain running?
  Based on the statement of the network folks, child and father domain having a trust.
  Thanks for your help.
  Best regards
  Carlos

• HTML DB with Microsoft Active Directory access

  HTML DB Authentication works fine, but autherization gives the following error. We hope someone has similar experience in this forum. The following error we got after we added password to the is_member function. If use NULL for password it always gives No autherization to page error.
  Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid
  credentials. 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext
  error, data 525, vece
  Exception encountered .. exiting

  Thanks Scott, We got answers from your earlier discussion on following threads.. We are posting the points in your discussion again and it may help others..
  LDAP Setup - How ?
  Let's focus on authentication first. I assume you have a login page in the app. Create a new authentication scheme based on the LDAP model (follow the wizard.) Edit the scheme, changing the authentication function from -LDAP- to: return function_name;, giving the name of a function in your schema which does the ldap authentication. This function must have the signature(p_username in varchar2, p_password in varchar2) return boolean. Null out any other ldap-related fields in this new authentication scheme and make sure it points to the login page in your app for the Invalid Session Page attribute. Save changes and then make this the current scheme. Your login page is already set up to call the HTML DB login API and because your authentication scheme specifies an authentication function, that's what it will use to check credentials when the login page which captured username and password is submitted. If the credentials check out, the login API will redirect to the page specified in the login pages login process' p_flow_page argument, e.g., p_flow_page=>&APP_ID.:1, for page 1. Change this page ID as required.
  Authorization schemes are simpler. They will probably be of type PL/SQL function returning boolean which will use the current value of :APP_USER to consult the LDAP directory for specific information. After creating the schemes, you can attach them to whatever components you need to, e.g., regions, buttons, processes.
  function userInGroup(p_username in varchar2,p_group in varchar2)
  return boolean
  as
  l_retval PLS_INTEGER := -1;
  l_session DBMS_LDAP.session;
  l_attrs DBMS_LDAP.string_collection;
  l_message DBMS_LDAP.message;
  l_entry DBMS_LDAP.message;
  l_attr_name VARCHAR2(256);
  l_ber_element DBMS_LDAP.ber_element;
  l_vals DBMS_LDAP.string_collection;
  l_found boolean := false;
  begin
  DBMS_LDAP.use_exception := false;
  --connect to LDAP and authenticate
  l_session := DBMS_LDAP.init(hostname => g_host,
  portnum => g_port);
  l_retval := DBMS_LDAP.simple_bind_s(ld => l_session,
  dn => g_ldap_user,
  passwd => g_ldap_pwd);
  --Get Group Membership
  l_attrs(1) := 'memberOf';
  l_retval := DBMS_LDAP.search_s(ld => l_session,
  base => g_ldap_user_base,
  scope => DBMS_LDAP.SCOPE_SUBTREE,
  filter => 'cn='||p_username||'*',
  attrs => l_attrs,
  attronly => 0,
  res => l_message);
  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
  -- Get all the entries returned by our search.
  l_entry := DBMS_LDAP.first_entry(ld => l_session,
  msg => l_message);
  l_attr_name := DBMS_LDAP.first_attribute(ld => l_session,
  ldapentry => l_entry,
  ber_elem => l_ber_element);
  l_vals := DBMS_LDAP.get_values (ld => l_session,
  ldapentry => l_entry,
  attr => l_attr_name);
  << values_loop >>
  FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
  if l_vals(i) like '%'||p_group||'%' then
  l_found := true;
  exit; --exit if found
  end if;
  END LOOP values_loop;
  END IF;
  --must unbind from LDAP
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  if l_found then
  return true;
  else
  return false;
  end if;
  exception
  when others then
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  return false;
  end userInGroup;

• E-Business suite r12 login through Microsoft Active Directory

  I integrated E-business suite release 12.1 with SSO and OID and i want to integrate OID with Microsoft Active Directory. how is this possible?

  804050 wrote:
  I integrated E-business suite release 12.1 with SSO and OID and i want to integrate OID with Microsoft Active Directory. how is this possible?Yes, it is possible. The basic idea is EBS 12.1 will use OID, which will be configured to use third party external authentication, like Microsoft AD.
  Please see this document:
  Oracle® Identity Management Integration Guide
  10g (10.1.4.0.1)
  Part Number B15995-01
  Chap 19 Integrating with Microsoft Active Directory
  HTH
  AMN

• Does Sun Messaging Server support Microsoft Active Directory

  Hello,
  I just got this qustion. Does Sun Messaging Server work with Microsoft Active Directory?
  Thanks.

  Please post in the messaging server forum: [http://forums.sun.com/forum.jspa?forumID=708|http://forums.sun.com/forum.jspa?forumID=708]

• Can Microsoft active directory integrated with Oracle Applications

  Hi,
  Can anyone provide me any document on Microsoft Active Directory Integration with Oracle Applications(12.0.6)
  Manish

  Hi,
  It is possible, please refer to the following documents for details.
  Note: 376811.1 - Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
  Note: 415007.1 - Oracle Application Server with Oracle E-Business Suite Release 12 FAQ
  Regards,
  Hussein

• Integration of sap R/3 (4.7) and Microsoft active directory (2003)

  Hi All,
  I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
  Pls help me with this issue.
  Thanks in advance,
  Regards,
  Raghav.

  Hi,
  First You should read:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
  Regards,
  Jarek

• Integrating Oracle Portal & Microsoft Active Directory

  Dear friends
  I Integrated Oracle Portal & Microsoft Active Directory without any error or problems but it just integrate the users under Users Container in active directory, I have some OU,Groups and policies and I categorized my users under them, so when I run "sh oidspadi.sh" and set "cn=...." with other values except "Users" it can not add all of the users under specific groups or policies.
  Please let me know how can I add all of my users in active directory to OID?
  Thanks
  Babak Saraie

  I'm not familiar with iPlanet, but if it can allow basic
  authentication and connect to AD, it should be possible to do what
  you want.
  Personally, I would rather that the browser did not
  automatically log me in. For example, if someone was having
  problems with their "view" on the intranet web site, if they
  visited your office, you would have to log off, let them log on
  (and wait while their profile was created) just to let them open a
  browser.
  Is it really asking too much for them to enter their
  username/password into a browser prompt once each day? Heck, most
  browsers will remember usernames and passwords so you don't have to
  type it. You just click OK.
  That's just my perspective.
  M!ke

• Problem with Oracle external procedures and Microsoft Active Directory

  Hi,
  Our server was recently updated to use Microsoft Active Directory. However, we noticed that all external procedure calls keeps on failing with ORA-28575: unable to open RPC connection external procedure agent. Everything was working fine before we migrated to Active Directory which is why we can say that the listener is configured correctly.
  Any idea on how we can make extproc calls with Active Directory?
  thanks.

  Michael,
  Oracle Forms does support Single Sign-On (SSO). Take a look at Oracle Containers for J2EE Security Guide: OC4J Java Single Sing-On. Also take a look at the Oracle Forms 10g Sample Code and scroll to the SSO demo under the Forms Services Demo section. There are also, numerous other documents available via Google. ;-)
  Craig B-)
  If someone's response is helpful or correct, please mark it accordingly.

• Single sign on and microsoft active directory

  Hi,
  I have EBS 12.1.3 on linux. I know that I can implement single sign on to login to EBS. Now the question is: can I integrate this single sign on with my existing Microsoft Active Directory? Can you send me some links or documentation?

  Self-reply:
  http://blogs.oracle.com/stevenChan/2006/05/indepth_using_thirdparty_ident.html
  Thanks

• ECC 6.0 integration with Microsoft Dynamics CRM

  Hi All
  I am working on a ECC 6.0 integration with Microsoft Dynamics CRM. I need to send the customer master data, va01/va02, vl01n/vl02n/ vf01/vf02 to CRM system. One option I have is to send in the form of IDOC with TRFC - TCP/IP. But looks like this needs a middleware like Biztalk.
  Is there a way I can send this data using a Internet service in ECC 6.0 ??? As this would cut the cost of the Biztalk.
  I really appriciate your thoughts on this. We don't have XI either.
  Thanks a lot
  Van

  HI Van Dan Jan,
  We have just implemented integarion of SAP with Microsoft stack (Microsoft CRM, Share point and Axapta), But in all integration BizTalk as a middleware used.
  There is two way requirements :
  1. whenever Most of the control are at the Microsoft level like : Customer creation, Creation of orders, which need to be synchronus activity we have used RFC which internally calls BAPI. (So SAP adapter Configured at BizTalk). and whenever Biztalk receives request file from CRM or share point to there location they call SAP RFC's.
  2. When DATA is needed from SAP to microsoft stack like to syncronize the missing transaction like customer pad and all.
  Scheduled job at BizTalk end which call SAP to get the DATA via RFC mode :
  In SAP we have two things
  1.  if DATA size is small (below 2 MB) like  in last 1 hrs what are the sales contract created in SAP that need to updated in Microsoft other system than Biztalk will trigger a job at 1 hr interval or on deemand to get the detail which directly we pick from data base or using BAPI to get the detail via RFC.
  2. If Data Size is large (more than 2 MB)  like total transation happened in a day for all customers: then we wriiting the data in OS or application server  and that job also get initiated from Biztalk end by sending any parameter to SAP.
  advantage of using BizTalk is most of the control you can give it to them so they can run there job on deemand basis.
  There is a something known as web service we can use to avoid Interfacing tool, but I dont have much Idea about that,
  and  please check how many interfacing point is there with SAP in your project, because if Interfacing points are more then I think it is not good to write a web services for so many things.
  do let me know if you need further information.