OpenSSO user search bug

Hi, I have installed OpenSSO Enterprise 8.0 with Sun DSEE 6.3 as User DataStore.
The root suffix of DataStore is dc=example,dc=ru.
I have created new Realm named test and configured the following attributes of the generic ldap datastore in the DataStore tab in newly created Realm:
LDAP Organization DN: ou=test,dc=example,dc=ru
LDAP People Container Naming Attribute: ou
LDAP People Container Value: People
LDAP Groups container Naming Attribute: ou
LDAP Groups Container Value: GroupsNow I can create users in the Subjects tab in the my Realm and see them created in LDAP in branch ou=People,ou=test,dc=example,dc=ru.
The problem is: I cannot log in to OpenSSO using these accounts in my Realm. In LDAP logs I see OpenSSO trying to search for accounts only in the root suffix dc=example,dc=ru with SCOPE=ONE so it cannot find anything. Is this behavior expected? And how can I make users from my Realm login to OpenSSO?

You can do either:
- Add realm=Name_of_the_new_realm_created in opensso login URL
- Check and make the appropiate changes in the core service and/or ldap auth chain.
Regards

Similar Messages

  • User Interface bug when renaming tracks in list views

    When renaming tracks in the list views, there is a user interface bug that makes it impossible to see what you're doing.  When you select a track in the list view, this is what it looks like:
    Note how the text is white on the darker blue background.  When you click again, to open the inline text editor to rename, this is what you get:
    The background color of the text editor is white, just like the text, so when you type, you can't see what you're typing, nor can you see where in the original text your text insertion cursor is located.
    Thanks!
    Steve.

    I'm frustrated with this same problem. In my case this happens only in my 10.5 macbook air and not in my 10.4 macbook pro. I've been renaming files in the same way in 10.2/10.3 and this never happened. Should be a bug. I've been searching for this issue and found this post at last - I really wonder why there aren't so many people mentioning this.

  • UserIdentityStores Creation fails in case large number at User Search Base

    ou=users1,o=test contains 300 000 users.
    ou=users2,o=test contains 10 users.
    ou=users3,o=test contains 10 users.
    If i create UserIdentityStores with ou=users1, OAM shows fails "
    Failed to connect to User Identity Store.
    URL or Credentials specified are invalid.
    No entries were found under the User Search Base : username with attribute : ou=users1,o=test.
    If i create UserIdentityStores with ou=users2, OAM shows successfully"
    If i create UserIdentityStores with ou=users3, OAM shows successfully"
    Configuration:
    * User Name Attribute : username
    * User Search Base : ou=users1,o=test
    User Filter Object Classes : sso
    * Group Search Base : cn=sso-group,o=test
    This is ODSEE:
    o=test
    -- ou=users2
    ---- username=123
    ---- username=456
    -- ou=users3
    ---- username=abc
    ---- username=123
    -- ou=users4
    -- cn=sso-group
    -- ou=users1
    Is it a bug with OAM when users1 had too much DN inside. I stuck 2 weeks at this step. Any advices is apprecited.
    Thank you!

    Thanks.
    Yes, I know of that 100 column limitation.  But notice that I had 79 columns. Also, it doesn't mention the fact that you can display a certain amount a column, but you are then not able to use the search bar fully.
    "One interactive report per page.
    100 columns can be seen using report columns. You can edit additional columns using Tree view or paginating through Report Column Attributes.
    1,000,000 rows per column heading filter (if no custom LOV is specified in the column attributes).
    You can edit additional columns using Tree view or paginating through Report Column Attributes."
    So the issue that I have is a non documented issue, unless I'm missing something.

  • User Search

    Hi
    In R17, any user could search for another user from the Search section in the Action Ba, Without having the privilege of User Management access. But now with R18 we see that when a user searches for another user the access denied error comes in. Has anyone faced the similar issue. IF so , have you raised it with Oracle. Kindly let me know. As this is a very imp functionality for us.
    Thanks
    Meena

    Hi,
    is it possible to remove "User" from the QuickSearch? AFAIK the objects you do not have access to do not appear in QuickSearch, but User does. I do not have a problem if you cannot search for users, but if you have the option and you get "access denied. contact your system administrator" this looks like a bug and users start complaining...
    Kind regards
    Michael

  • OIM 11g r1 custom field in simple user search result

    Good morning,
    i need to visualize a custom field in the OIM simple user search result table. At the moment, when a simple user search is performed, the returned attribute is only the "Display Name".
    For the advanced user search result table, is possible to add other fields modifying the Search Results table configuration in Advanced->User configuration->Search Configuration.
    How can i do the same the for simple user search result?
    Thank you.

    Yes, i tried to add my custom attribute to both Simple and Adv search result table, but without luck. Only Display Name column attribute is shown when a simple search is performed.

  • Problem with users search

    Hello,
    I'm trying use the tasks functionality in portal however when I try to get the user to assign te task the search don't returns anything.
    I've used the standard demo also and it doesn't work, has somebody got this problem?
    thanks
    Wagner Moreira

    Hi Wagner,
    Typically you can do a wildcard search (using *) for first/last name and user ID, based on the attribute values defined for the user search. Please note that the return key on your keyboard does not start the search, but serves as a separator between multiple entries (you have to click "Select" to start the user search).
    You can change the configuration of the user search function delivered by SAP – the assignment of attributes to system users and the definition of the attributes relevant for the search – to suit the requirements of your company.
    For more details, take a look at http://help.sap.com/saphelp_nw04s/helpdata/en/b1/6a55422f4d3830e10000000a155106/frameset.htm
    Hope this helps
    Christian Stadler
    SAP NetWeaver Product Management

  • KM Search iView for User Search

    Hello,
    I am trying to create a new iView for User Search based on the KM Search iView Template. However, in the properties of the iView (Property Editor) there is no option to assign the ume index (contains users) to the iView. I previewed the iView, entered just a "normal" search term assuming that the iView would at least search for something, but the following error message occured. "TemplateError during search occurred - com.sapportals.wcm.WcmException: Index is corrupted, rollback required;index=ume,location=iwdf0003:39103 (Errorcode 2008)"
    Does anyone know how to solve this problem?
    Thanks a lot,
    Katharina

    Hi Katharina,
    now I understand. The problem is that you can't just use the KM search iView, you need to use a special iView based on com.sap.netweaver.coll.WhoIsWho or com.sap.netweaver.coll.WhoIsWhoNarrow. The configuration to be done (if you named the index for example not "ume") is described <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/05/a62c42de59da2ce10000000a1550b0/content.htm">here</a>.
    You can also find this iView in the com.sap.netweaver.coll.demo.CollaborationDemoRole role by navigating to Collaboration Demo -> People-Centric -> Who's Who.
    The steps on how to create the ume index are described <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/21/ac21410bc3ef23e10000000a155106/content.htm">here</a>.
    Hope this helps,
    Robert

  • Add user search functionality in a custom form

    Hi,
    I am new to IDM . I have two doubts regarding search functionality. Please help me out.
    1.     I want to add a user search option for a field and populate the value(user name ) from the searched result to that filed. The search option should have some search criteria like firstname ,lastname ,userid etc; depending on which we can search a particular user and after selecting one record that data should populate to that filed. Please let me know how can I archive that functionally? Is it possible to use the existing (out of box) search operation for it.
    2.     When we use selector, is it possible to change the default search option. I want to search depending on some criteria like firstname,lastname ,userid etc.
    Thank in advance.
    Regards,
    Nirupam

    I know this is old post - but I dealed with this requirement one and I knew it's pain. So, I just want to share my little expereinced here if someone else needed it.
    For this requirement - I have to customed the jsp pages. The file is tjspSearchUserTiles.jsp in the xlWebApp war file under tiles folder. What I did is check the current loging user's group. If he/she belong to Manager group, I set the search value Users.Manager Login equal to the username (this user name attribute alway available in the selvet section throught the USR BEAN.
    If you could make this cutomization work from your OIM env you then could customize alot more.
    Let me know if you need help - [email protected]

  • OAM Identity Server user search is very slow after upgrading to 10.1.4.2

    We recently upgraded Identity-Server from 7.0.4 to 10.1.4.2 + BP10. The new webpass (version 10.1.4.2) is on iPlanet webserver, which does not have any bundled patch available. After this upgrade, we found the user search is very slow. It is taking double the time compare to version 7.0.4. The search performance for NetPoint admin users is fine.
    The new version is connecting to the same LDAP (Sun 5.2) as the old one. The 7.0.4 version was well tuned (like Ldap connections, caching, etc) for the performance. The migration suppose to carryover those performance configuration to the new version. Is there any new parameter (related to performance) I should look for in version 10 ? Anybody have faced these issues after migration and found a fix for it ?
    Thanks!
    Kabi

    More in this thread - Re: OAM- "You do not have sufficient access rights" message with Master Adm
    -Vinod

  • RE: (forte-users) search and replace within aTextData

    Welll, you're both right. The MoveToChar makes it unnecessary (if a little
    sloppy) to MoveNext as long as you've changed the character. thus,
    outStr: TextData = new;
    outStr.SetValue(inStr);
    while (outStr.MoveToChar(' ')) do
    outStr.ReplaceRange('_', outStr.Offset, outStr.Offset+1);
    end while;
    return outStr;
    works fine to change blanks to underscores.
    Regards,
    David
    -----Original Message-----
    From: Campbell, Dave [mailto:DCampbellpurolator.com]
    Sent: Friday, 14 January 2000 0:58
    To: 'Matthew Middleton'
    Cc: kamranaminyahoo.com
    Subject: RE: (forte-users) search and replace within a TextData
    If you do not use the MoveNext method to skip beyond the "found" character,
    a subsequent invocation of MoveToChar will find the same character, located
    at exactly the same offset.
    If there is no match, MoveToChar returns FALSE and the current offset does
    not change.
    ----- Original Message -----
    From: Matthew Middleton <mathew.middletonlawpoint.com.au>
    To:kamranaminyahoo.com
    Unless I'm missing something here...you needn't go through every
    character...use MoveToChar()...as per Help...
    while (TextdataObj.MoveToChar (' ')) do
    end while;
    Regards,
    Dave Campbell
    Consultant,
    Caro Systems Inc.
    Mailto:Dave.CampbellCaroSys.com
    For the archives, go to: http://lists.sageit.com/forte-users and use
    the login: forte and the password: archive. To unsubscribe, send in a new
    email the word: 'Unsubscribe' to: forte-users-requestlists.sageit.com

    Why not this:
    while myText.moveToString(' ') do
    myText.ReplaceRange('-', myText.Offset, myText.Offset+1);
    end while;
    or if you prefer verbosity:
    while myText.moveToString(source=' ') do
    myText.ReplaceRange(source='-', startOffset=myText.Offset,
    endOffset=myText.Offset+1);
    end while;
    -----Original Message-----
    From: FatchJeBAM.com [mailto:FatchJeBAM.com]
    Sent: Wednesday, January 12, 2000 2:51 PM
    To: Troy.Burnsvacationclub.com; kamranaminyahoo.com
    Subject: RE: (forte-users) search and replace within a TextData
    How about this?? May have to play with start/end on ReplaceRange as I
    didn't really test this
    Anybody got a better way??
    -- replace space with underscore
    For x in 1 to myTextdata.LengthToEnd() do
    If myTextData.IsSpace() then
    MyTextdata.ReplaceRange('_'. Startoffset=myTextdata.offset,
    endoffset=myTextdata.offset+1);
    End if;
    MyTextdata.MoveNext;
    End for;
    Jerry Fatcheric
    -----Original Message-----
    From: Burns, Troy [mailto:Troy.Burnsvacationclub.com]
    Sent: Wednesday, January 12, 2000 9:40 AM
    To: kamranaminyahoo.com
    Subject: (forte-users) search and replace within a
    TextData
    Hello all,
    I need to search within a textdata object, replacing all
    occurrances of a
    space
    with another character. Can you give a quick code example
    of how I would do
    this?
    Thanks in advance,
    Troy
    Troy Burns
    Marriott Vacation Club Intl.
    E-mail: troy.burnsvacationclub.com
    Phone: (941) 688-7700 ext. 4408
    For the archives, go to: http://lists.sageit.com/forte-users
    and use
    the login: forte and the password: archive. To unsubscribe,
    send in a new
    email the word: 'Unsubscribe' to:
    forte-users-requestlists.sageit.com
    For the archives, go to: http://lists.sageit.com/forte-users and use
    the login: forte and the password: archive. To unsubscribe, send in a new
    email the word: 'Unsubscribe' to: forte-users-requestlists.sageit.com

  • GRC AC - HCM as user search data source

    Hello all,
    I´ve configured GRC AC to user HCM as user search data source and also user details data source. During my user change tests through the "Access Request" function, I noticed that only existent users at SU01 and HCM (checked through PA30) appear in the access request User Selection. Existent users at HCM but not at SU01 doesn´t appear.
    Someone can tell me why? I mean, if I configured the user search to use HCM as data source, shoudn´t it bring all HCM users regardless of his existence at SU01?
    Thanks in advance,
    Pedro

    Hi Pedro,
    You only have confirmed that 2 accounts are maintained in HCM and in SU01 as well, so you would be able to see these accounts' details both ways.
    Yes, you are right about user account maintenance first in HCM at the time of new hire, then you can manually raise the access request to grant them access to various SAP systems. Or in order to automate this process as Prasahant suggested, you can take help from HR Triggers.
    You can refer: GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki
    But responding to your original discussion, whatever user accounts are maintained in HCM you would see those details provided you define HR for the "user search data source" AND from SU01 for "user detail data source"
    In your case you have 2 accounts which have been maintained in HCM as well as SU01, so that is what creating confusion for you.
    Let us know if you need any more clarifications.
    Regards,
    Ameet

  • Why OID Connector User Search Reconciliation Sch. Job  Does Not Link Users?

    Hi,
    I provisioned a user to the resource successfully; then I ran OID Connector User Search Reconciliation Sch. Job sucessfully. When i check the Reconcillation Event results, i can see the event related with my Sch. Job but in the details of the event Linked To part is empty. I am expecting to see linking result but unfortunately no linking result represented. It says Not linked to any user as result of Linked User field.
    Do u have any idea?

    In Form, i have the following Additional Column with the following Field Label --> KK
    In the ReconAttrMap, i have the following mapping --> Code: KK Decode: uid
    In the Reconcillation Rule, i have the following Rule --> User Profile Data: User Login
    Operator: Equals
                                                 Attribute: Kullanici Kodu
                                                      Transform: None
                                                      Case-Sensitive: Unchecked
                                                      Properties Set: Checked
    Rule is Valid and Active and Using AND Operator
    In the Resource Object, i have the following Reconcillation Field --> *KK [String], Required*
    In the Resource Object, i have the following Reconcillation Action Rules --> Rule Condition: One Entity Match Found Action: Establish Link
                                                                          Rule Condition: One Process Match Found Action: Establish Link
    Then i click to the Create Reconcillation Profile.
    Job still does not link Users. Any missing settings?

  • User search in AD

    I have a question on AD user search. In AD, I have created OU and under OU, again created two sub OU's for Users and groups. I have 10000 users If I want to search for 500 users, How do I achieve it?
    Where do we specify mutliple OU? Under User Base DN or Group Base DN? Will it be something like uid=xxx,ou=OU1,ou=OU1,dc=BDC1?
    What will be my serach string in WLS to search for 500 users which are under OU of OU.
    Edited by: user734247 on Feb 24, 2012 6:53 AM
    Edited by: user734247 on Feb 24, 2012 6:56 AM

    I have a question on AD user search. In AD, I have created OU and under OU, again created two sub OU's for Users and groups. I have 10000 users If I want to search for 500 users, How do I achieve it?
    Where do we specify mutliple OU? Under User Base DN or Group Base DN? Will it be something like uid=xxx,ou=OU1,ou=OU1,dc=BDC1?
    What will be my serach string in WLS to search for 500 users which are under OU of OU.
    Edited by: user734247 on Feb 24, 2012 6:53 AM
    Edited by: user734247 on Feb 24, 2012 6:56 AM

  • UME user search with multiple search fields (AND / OR search)

    Hi,
    I'm struggling with a UME user search problem. I have multiple search fields: lastname, firstname, department
    Searching in this fields is working with the default IPrincipalSearchFilter.SEARCHMETHOD_AND (default)
    <a href="http://help.sap.com/javadocs/NW04/current/um/com/sap/security/api/IPrincipalSearchFilter.html#setSearchMethod(int)">JavaDocs SearchMethod_AND</a>
    Now I would like to add an additional search field for searching in telephone, cellphone as well. BUT searching for a phone number with searching for one of the other fields should not be a AND search. Is this possible?
    Here is the actual non-working code:
         Vector retVector = new Vector();
         //get Userdata with IUserFactory
         IResourceFactory resourceFactory = ResourceFactory.getInstance();
         IURLGeneratorService urlGen = (IURLGeneratorService)resourceFactory.getServiceFactory().getService(IServiceTypesConst.URLGENERATOR_SERVICE);
         IUserFactory userFac = UMFactory.getUserFactory();                    
         IUserSearchFilter srcFilter = null;          
         try
              srcFilter = userFac.getUserSearchFilter();
         } catch (UMException e)
              // TODO Auto-generated catch block
              e.printStackTrace();
         if(lastName.length() > 0)
              srcFilter.setLastName(lastName + "*",ISearchAttribute.LIKE_OPERATOR, false);
         if(firstName.length() > 0)
              srcFilter.setFirstName(firstName + "*",ISearchAttribute.LIKE_OPERATOR, false);
         if(department.length() > 0)
              srcFilter.setDepartment(department + "*", ISearchAttribute.LIKE_OPERATOR, false);
    //Here I need help!!!!!!! Please advice!!!
         if(telephone.length() > 0)
              srcFilter.setTelephone("*" + telephone, ISearchAttribute.LIKE_OPERATOR, false);
              srcFilter.setCellPhone("*" + telephone, ISearchAttribute.LIKE_OPERATOR, false);
         //if(mobil.length() > 0)
         //     srcFilter.setCellPhone("*" + mobil, ISearchAttribute.LIKE_OPERATOR, false);
         //Set maxium value for Result and thus limit the static variable SIZE_LIMIT_EXCEEDED
         //This method can only be used, if only one search attribute is specified -> thanks SAP
         if(srcFilter.getElementSize() <= 1)
              srcFilter.setMaxSearchResultSize(300);
         ISearchResult srcResult = null;
         try
              srcResult = userFac.searchUsers(srcFilter);
         } catch (UMException e1)
              // TODO Auto-generated catch block
              e1.printStackTrace();
    Thanks for any help...
    Stefan

    Hello,
    I could still need some help. Is there no one who could give me a tip? Could I explain my problem clearly enough or do you need some more information about my problem?
    Or is the search topic with searchFilter not a very common used thing?
    Is there a possibility to do a search in the received search result? Can anyone explain how this would work?
    Any ideas are welcome.
    Regards,
    Stefan

  • How to add user search  in adf application?

    hi,iam using jdeveloper 11.1.2.3.0 my requirement as follows ....i have a form ex:company_master in this form i need to search relavent data to master / user need to search the data in internet how to achieve this requirement in adf

    The question is about adding "user search  in adf application?"
    "You can create search forms that allow users to enter search criteria into input fields for known attributes of an object. "
    Creating ADF Databound Search Forms - 11g Release 1 (11.1.1.5.0)

Maybe you are looking for

  • Apple Id has become corrupt and I can't fix it

    One of my Apple Ids is demanding a password and the one I have always used doesn't work any more.  I suspect it has been hacked because when I try to fix it I can't get past the security questions as it won't recognise my birth date.  Moreover, when

  • Magic mouse  on xp pro

    hello i have done the new updates and the magic mouse has the touch scroll feature that works on the window side but it's locking up like the mouse is falling asleep. has any one ran into this problem yet ?

  • Rescue

    I was trying to clean up my hard drive to make my computer a little faster because it was running terribly slow.  In doing so, I somehow - with one keystroke - completely wiped out my operating system.  And to make it worse, I cannot find my Lenovo r

  • How to execute the valuechangelistener thru javascript ?

    Hi, JDev 11.1.1.6 How to execute the valuechangelistener thru javascript ? Regards, Gopi

  • Portal dynamic navigation width

    Hi, We have a fixed size for the dynamic navigation column in the portal page. When the text within this page is longer then the length of this column, a scrollbar is presented. Is there a way to wrap menu items within the navigation column? Thanks,