OID and MS Active Directory  LDAP information Synchronization

Similar Messages

• OID and MS Active directory integration in 9ias

  How to integrate OID with MS Active directory ?
  We have 9ias and Portal . How to use the username/password in MS AD for Portal authentication ? As far as I know 9ias is using OID , so the question comes down to how to replicate MS AD information to OID ?

  Hi, I have the same question.
  Thanks,
  Malin

• OID and MS Active Directory Synchronization

  Hi,
  I've read that these 2 LDAP services can be synchronized with the "Active Directory Connector" SO does this mean that if users and groups are stored in the MS active directory it is possible to have the users and groups synchronized with the OID so that these are available directly in Oracle Portal or do they still need to be added manually somehow into portal ??
  Thanks in advance,
  Brandon

  You can find documentation at :
  - http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/basics01.htm
  - http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/basics02.htm
  - Note 267153.1 (How To Setup OID Synchronization with Microsoft Active Directory Quick Start Guide) with related docs
  Best regards,
  Nicolas Stiévenard

• MS Active Directory (LDAP) and SAP Integration

  Hi all!
  don't know if I'm right here in this forum, but:
  I'm using MS Windows Server 2003 and installed Active Directory as LDAP-System on the one hand side, on the other I'm using a 6.20 ABAP Web AS.
  I'd like to synchronize the User Storage on these two systems.
  Does anyone have experience in doing this? I'm facing a tricky exception in depth of my customizing too complex to explain right now. The problem concerns the mapping of LDAP-Fields and SAP-Fields.
  Thankx,
  Christoph

  Hi Christoph,
  This is the mySAP ERP forum. Perhaps you can post your question in the Web AS forum (SAP NetWeaver Application Server).
  For now: here is a link to a video regarding SAP Active Directory integration:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap active directory integration,%20SSO%20and%20User%20Management%20Webinar.wrf
  I found it by searching on Active Directory here on sdn:
  https://www.sdn.sap.com/sdn/search.sdn?contenttype=url&content=/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fSDN!2fiViews!2fFramework!2fcom.sap.sdn.advsearch%3Fprttheme%3DCSIN%26QueryString=active%20directory%26searchDatasource=SDNContent
  Cheers,
  Noel

• User base Synchronization between SAP and MS Active Directory Server

  Dear all!
  I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
  i successfully implemented the synchronization of user data between SAP and the ADS.
  My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
  Currently I don't have a clue how to do this.
  Regards,
  Christoph

  Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
  The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
  Regards,
  Marc g

• Which domain and forest functional level is supportted for the "Active Directory Resource Pool Synchronization"?

  Hi all,
  I'd like to confirm which Domain/Forest functional levels of Active Directory is supported for "Active Directory Resource Pool Synchronization" in Project Server 2013.
  I guess that 2003 or later is supported, but my customer required reliable sources.
  I googled and searched article at TechNet, but I couldn't find.
  Could anyone inform me the article about that?
  Thank you in advance.
  Kaori.

  Hi Michael and all,
  Anyway I solved this issue.
  I couldn't find article that I desired, so I asked advice to my colleagues and they told that the functional level 2003 or later are supported in their experience.
  In addition, I found these articles about SharePoint sync limitations.
  Members of the domain local group cannot view a Microsoft Office SharePoint Server 2007 Web site
  http://support.microsoft.com/kb/932378/en-us
  SharePoint supportability of Read only Domain controllers
  http://support.microsoft.com/kb/970612

• Oracle Non-Windows DB and MS Active Directory

  Question:
  How can one configure a Microsoft Active Directory (LDAP-compliant directory
  service) with an Oracle Database when the Database resides on a unix server
  without the need of the Oracle LDAP? Is it possible ? If yes, please explain.

  Question: I have been looking at examples of using the LDAP packages but I am not sure if the examples are explaining the ldap_base and groups for MS AD OR an example for Oracle OID.
  Can you explain is this Oracle OID
  GC$ldap_user VARCHAR2(256) := 'cn=orcladmin';
  GC$ldap_passwd VARCHAR2(256) := 'welcome1';
  GC$ldap_base VARCHAR2(256) := 'cn=my_cn,dc=my_dc,dc=fr';
  Can you give an example for MS AD?

• SCCM report to show last logged on user and the Active Directory department attribute of that user.

  I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.

  You problem is here.
  right
  join v_R_User USR on USR.ResourceID
  = CS.ResourceID
  USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
  end up with unreliable results.
  Anyways you need to make these changes to your query.
  left
  join v_R_User USR on USR.Unique_User_Name0
  = CS.UserName0
  http://www.enhansoft.com/

• Getting User Attributes from an Active Directory LDAP

  Hello all.
  I want to extract attributes assigned to a user in the Active Directory LDAP and make them available through the getPropertyValue property in Javascript. I know that a user's System Attributes can be accessed with getPropertyValue but I have not found a way to get specific attributes from the LDAP and make them available as specific attributes in xMII. System attributes like "EmailAddress1" seem to transfer from the LDAP but others don't. Anyone have any ideas?
  Thanks.
  ...Sparks

  Sparks,
  If you're using 11.5 or 12 actually they should all map into the system as session properties.  You can use the following URL to verify your session properties:
  http://<xMIIServer>/Lighthammer/PropertyAccessServlet?Mode=List
  If you are not seeing the attributes you expect then your Attribute Query for User or Role is incorrect for your LDAP system and you need to change the LDAP configuration queries.
  -Sam

• Integrating Active Directory LDAP in OBIEE 11g

  Hi All,
  I Have Configured Active Directory LDAP in OBIEE.
  Steps i have Followed are,
  1) configured Active Directory in providers under Scurity Releam.
  2) Restarted BI Services to Load the Ldap Users.
  3) login to the EM under bifoundation domain selected securitues->security configuration provider.created user.login.attr and username.attr.
  4) under Credentials->oracle.bi.system map->system.user->deleted BISystemUser and Created key with the Existing name in Active Directory.
  5) assigned System user to BISystem role in em.
  6) in Console Roles and Polocies->Global Roles->Roles->Admin->view Role Condition (User = Active Directory User or Group=Administrators).
  7) Restarted BI Server and Presentation Services.
  Now I am Unable to Login to Presentation Services.
  Please Reply ASAP.
  Thanks and Regards
  Kiran Kumar

  Kiran, Is there a specific reason for using RPD for LDAP authentication? From 11g onwards, the best practice is to use Weblogic (or external Authentication providers). Is it correct to say that for "Authentication' without proper RPD LDAP config for "USER" variable, users cannot login via presentation layer?
  Cheers!
  BK

• Integration of sap R/3 (4.7) and Microsoft active directory (2003)

  Hi All,
  I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
  Pls help me with this issue.
  Thanks in advance,
  Regards,
  Raghav.

  Hi,
  First You should read:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
  Regards,
  Jarek

• Oracle Discoverer 10G and mapping Active Directory to use SSO/OID

  Could anybody point me please to the right direction?
  1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
  2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
  Thanks you in advance

  Hi Randy;
  As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
  Regard
  Helios

• SJSAS7 - Access to Active Directory LDAP

  Hi All
  Is it possible to connect SJSAS7 to Active Directory via LDAP. I know that this can be done with other app servers like WebSphere 4 & 5.
  I would like to use our existing Active Directory infrastructure for authentication of Admin and Application users.
  Does anyone have information how to configure this or can point me to some documents with this info.
  Any help would be much appreciated.
  TIA
  Tony Hawes

  Although I haven't tried it, I would guess that this is possible. We are using the LDAP realm with Sun's directory server and a few years ago I used the standard LDAP provider in the JDK to connect to Active Directory. The only problem I had was that I had to connect with a user that had the form "domain/user" instead of a common name. The online help in the admin console describes the properties you can use.
  HTH,
  Gunnar

• MS Active Directory LDAP Authentication/Locking Issue.

  Dear All,
  We are a software company; we have implemented feature of LDAP Authentication in our product using Java API and its working fine from our network environment.
  We have used following things with LDAP feature.
  1. User Authentication.
  2. Locking account after exceed the maximum attempts that has configured in window server.
  Main our issue is: The LDAP feature is not working properly from our client side. They are able to authenticate their LDAP user but do not able to lock user account however they have exceeded the maximum attempts from login dialog of our products but it still working in our side.
  If anybody has any experienced about it then please reply with positvie solution or any other information like require do the specific configuration for different version of Windows and Active Directory Server etc.
  Can any body know what are the possibilities for identifying and resolving this issue?
  Please help us if anybody has any experienced about it.
  Please do the needful.
  Thanks,
  Mehul.

  Hi,
  Thanks for your reply.
  We have used java package of javax.naming.* and javax.naming.directory.* for LDAP Authentication.
  Following code for checking whether ADS User is valid or not.
  * Function checks whether ADSUser is valid user or not
  * @returns int value indicating result.
  public int isValidADSUser() {
  Hashtable env = new Hashtable(5);
  Vector adsInfoVec = getADSInfo();
  env.put("java.naming.referral", "ignore");
  // env.put("java.naming.security.authentication", "simple");
  env.put(Context.SECURITY_AUTHENTICATION,"simple");
  String provider = "com.sun.jndi.ldap.LdapCtxFactory";
  env.put("java.naming.factory.initial", provider);
  //For handling Uncontinued reference found message of partial result exception
  env.put(Context.REFERRAL, "follow");
  env.put("java.naming.ldap.derefAliases", "always");
  env.put("java.naming.ldap.deleteRDN", "false");
  env.put("java.naming.ldap.attributes.binary", "");
  env.put(Context.PROVIDER_URL,
  "ldap://" + (String) adsInfoVec.elementAt(0) + ":" +
  (String) adsInfoVec.elementAt(1));
  // env.put("java.naming.security.principal",
  // userNameStr + "@" + (String) adsInfoVec.elementAt(0));
  env.put(Context.SECURITY_PRINCIPAL,
  userNameStr + "@" + (String) adsInfoVec.elementAt(0));
  if (userPassStr == null) {
  userPassStr = "";
  // env.put("java.naming.security.credentials", userPassStr);
  env.put(Context.SECURITY_CREDENTIALS, userPasswordStr);
  try {
  DirContext ctx = new InitialDirContext(env);
  ctx.lookup("");
  //System.out.println(ctx.lookup(""));
  ctx.close();
  catch (javax.naming.AuthenticationException ex) {
  //System.out.println();
  ex.printStackTrace();
  return AUTHENTICATION_ERROR;
  catch (javax.naming.PartialResultException pex) {
  pex.printStackTrace();
  return COMMUNICATION_ERROR;
  catch (javax.naming.CommunicationException pex) {
  pex.printStackTrace();
  return COMMUNICATION_ERROR;
  catch (NamingException e) {
  System.out.println("Failed to connect to ");
  e.printStackTrace();
  return COMMUNICATION_ERROR;
  return SUCCESS;
  Result of this code from our company: We are able to Authenticate LDAP user and also Lock User Account after exceed the Max Failure Attempt that configured from Windows Server.
  Result of this code from our client side: They are able to Authenticate LDAP user but they can't User Accout Lock however exceed the Max Failure Attemp that configured from their Windows Server.
  Can u please help us if any experience about it and suggest if any other configuration require from Windows Server / Active Directory Server OR also if some other implementation require for resolving this issue.
  Your optimistic reply is much appreciated.
  Thanks,
  Mehul Garnara.
  Edited by: [email protected] on Mar 6, 2008 10:24 PM
  Edited by: [email protected] on Mar 6, 2008 10:25 PM
  Edited by: [email protected] on Mar 6, 2008 10:25 PM

• WLS6.0 sp1 and MS Active Directory

  Hi,
  Is it possible to configure WLS' LDAP security realm to use MS' Active
  Directory to authenticate users? A quick yes or no would be appreciated -
  I'll worry about the finer details of how later!!
  Regards
  Laura Allen

  Custom realm of course with the weblogic....ldaprealmv2.LDAPRealm
  implementation class.
  We did not use Kerberos authentication - just the plain password
  authentication in "cleartext". Our servers are inside a secure data center -
  no encryption required. That's why we did not need jdk1.4.
  "Marc Carrion" <[email protected]> wrote in message
  news:[email protected]...
  >
  Are you telling that you configured the ldap realm of WL to use activedirectory?
  or you used your custom realm?
  To use the authentication with Kerberos you need to use GSS-API and it'snot
  included in jdk1.3 neither in jaas, that's why I needed to use jdk1.4
  Can you explain how did you do that?
  Thanks,
  Marc
  "Roy Cornell" <[email protected]> wrote:
  Hi Laura:
  No, BEA did not confirm the compatibility. We did our own investigation
  and
  found that the two systems work well together. One of the highlights
  of the
  research was the fact that the configuration of the WLS custom realm
  for
  Active Directory was more similar to Netscape Directory or Open LDAP
  than to
  the MS Site Server.
  I am attaching the sample settings for the LDAP realm:
  server.host=<some-ip-or-name>
  server.principal=CN=wlsadmin001,OU=WLSMEMBERS1,DC=company,DC=com
  user.filter=(&(cn=%u)(objectclass=user))
  user.dn=OU=WLSMEMBERS1,DC=company,DC=com
  group.filter=(&(cn=%g)(objectclass=group))
  group.dn=OU=WLSGROUPS1,DC=company,DC=com
  membership.filter=(&(member=%M)(objectclass=group))
  We used the AD for authenticating the users and for authorizing the EJB
  methods. AD contained the users and their security roles and the
  deployment
  descriptiors of the EJB's contained the permissions for the security
  roles.
  We ran repeated tests and were more or less satisfied.
  Regards
  P.S.
  we used WLS 6.1 Jdk 1.3
  ----- Original Message -----
  Sent: Tuesday, September 18, 2001 5:40 AM
  Subject: WLS6.0 and Active Directory
  Forgive me contacting you directly, but did you recieve a reply fromBEA
  as
  to whether WLS supports interaction with Active Driectory? And wereyou
  attempting to use Active Directory just for user authentication? Anyinfo
  on how WLS and Active Directory interact would be appreciated!
  Regards
  Laura Allen
  The information in this e-mail and any attached files is confidential.It
  is intended solely for the use of the addressee. Any unauthorised
  disclosure or use is prohibited. If you are not the intended
  recipient
  of
  the message, please notify the sender immediately and do not disclosethe
  contents to any other person, use it for any purpose, or store or copythe
  information in any medium. The views of the author may not necessarily
  reflect those of the Company.
  "Laura Allen" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  Is it possible to configure WLS' LDAP security realm to use MS' Active
  Directory to authenticate users? A quick yes or no would be
  appreciated
  I'll worry about the finer details of how later!!
  Regards
  Laura Allen