Password retrieval from LDAP
Hi Guys,
I am trying to retrieve the password field from ldap and then send the same to the requested user ( forgotten password functionality ).
I am able to retrieve the password from LDAP in encrypted form(which is in md4 format) but not being able to get it in the clear text format from a ldap.
If anyone has successfully done the same, I would greatly appreciate
if he/she could help me out .
Thanks
Bindu
My getpass.cmd script extracts the PORTAL, ORASSO, ORASSO_PA, and ORASSO_PS passwords from OID. Take a look at that and you should be able to see a way to get what you need...
Look up my contributions in the Knowledge Exchange under BRUSARDL
HTH
LLB
Similar Messages
-
Hi,
Does OIM not support recon of passwords from the Sun Java Directory Server? I am doing a trusted recon from the DS and would like to reconcile the passwords from DS as well during initial load. Can someone please tell me how can I achieve this?
Also, I was able to reconcile users with blank passwords into OIM. How does OIM allow this, since password is a mandatory field while creating any user. How does OIM populate the passwords in this case?
Thanks,
SupreethaBeing able to pull passwords from a target system is a big no no. This would create a huge risk in your targets. Also, if you recon the passwords, they would be available in plain text in the recon manager events. When you implement a system like OIM, and use OIM as the authenticator, you need to perform the registration process of some sort. Typically, you are integrating with a directory that already exists to provide your Single Sign on Access into your system, so the existing passwords will continue to work.
-Kevin -
How to retrieve all the users along with their password from LDAP
Hello,
Can anyone let me know how to retrieve and list all the user along with their password from LDAP.
ThanksHi Prashant,
I have limited experience with Synchronization, but I agree with you - if you need to synchronize Passwords, you need to have the Password in clear Text.
If you trying to build your own Synchronization Solution using any of the avaliable LDAP APIs, I don't think you can ever retrieve a user's Password in clear text.
However, I did come across an interesting article & I hope you find it useful :-
http://www.oracle.com/technology/obe/obe_as_10g/im/configssl/configssl.htm
I am not sure if SSL is necessary - If you have a look at Metalink Note 277382.1 ( How to Configure OID External Authentication Plug-In for Authentication Via Microsoft Active Directory (MS AD) ), teh question asked by oidspadi.sh for the same is asnwered as "N".
Regards,
Sandeep -
LDAP : retreive the password from LDAP
Hi,
I am trying to authenticate the user with the password that is entered by him with the password in LDAP. Basically i have to do a String comparison. I am able to retreive all the attributes set for that user but the password is retrieved as:
[B@867e89
I did a toString() for that but no change.
String s=attr.get().toString();I even tried to convert this String to a byte and then compare:
byte[] newUnicodePassword=null;
try {
newUnicodePassword = s.getBytes("UTF-16LE");
System.out.println("Checking 2 :" + newUnicodePassword.toString());
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}But of no use.When i converted this byte array to a string it is the same encrypted characters.
So i could not compare with the password that is entered by the user.
Can anyone please tell why this is happening. And how i have to get the password from LDAP.
Thanks in advance.You do not retrieve you passcode.
Connect the iOS device to your computer and restore via iTunes. Place the iOS device in Recovery Mode if necessary to allow the restore.
If recovery mode does not work try DFU mode.
How to put iPod touch / iPhone into DFU mode « Karthik's scribblings
For how to restore:
iTunes: Restoring iOS software
To restore from backup see:
iOS: How to back up
If you restore from iCloud backup the apps will be automatically downloaded. If you restore from iTunes backup the apps and music have to be in the iTunes library since synced media like apps and music are not included in the backup of the iOS device that iTunes makes.
You can redownload iTunes purchases by:
Downloading past purchases from the App Store, iBookstore, and iTunes Store -
Need help in retrieving attributes from LDAP using JNDI
I am trying to retrieve attributes from LDAP using JNDI, but I'm getting the following error when I try to run my Java program.
Exception in thread "main" java.lang.NoClassDefFoundError: javax/naming/NamingException
I have all the jar files in my classpath: j2ee.jar, fscontext.jar and providerutil.jar. The interesting thing is that it gets compiled just fine but gives an error at run-time.
Could anyone tell me why I'm getting this error? Thanks!
Here's my code:
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
import java.io.*;
class Getattr {
public static void main(String[] args) {
// Identify service provider to use
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// user info
String userName = "username";
String password = "password";
// LDAP server specific information
String host = "ldaphostname";
String port = "portnumber";
String basedn = "o=organization,c=country";
String userdn = "cn=" + userName + "," + basedn;
env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port + "/" + basedn);
env.put(Context.SECURITY_PRINCIPAL, userdn);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
System.setErr(new PrintStream(new FileOutputStream(new File("data.txt"))));
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of the object
Attributes attrs = ctx.getAttributes("cn=" + userName);
NamingEnumeration ne = attrs.getAll();
while(ne.hasMore()){
Attribute attr = (Attribute) ne.next();
if(attr.size() > 1){
for(Enumeration e = attr.getAll(); e.hasMoreElements() ;) {
System.err.println(attr.getID() + ": " + e.nextElement());
} else {
System.err.println(attr.getID() + ": " + attr.get());
// Close the context when we're done
ctx.close();
} catch(javax.naming.NamingException ne) {
System.err.println("Naming Exception: " + ne);
} catch(IOException ioe) {
System.err.println("IO Exception: " + ioe);That doesn't work either. It seems its not finding the NamingException class in any of the jar files. I don't know why? Any clues?
-
Retrieve multiple user's DisplayName values from LDAP server
Hi,
I have a report in answers, which will show the UserIds information pulling from a database table. These users information is stored in the LDAP server and I want to retrieve the DisplayName or FirstName-LastName (if possible) of the userids that I have in the report.
Any pointers on how can I implement that in the repository by using IB, by defining variables etc?
Thanks in advance.
Rajesh GurramI created PL/SQL table function to get users from ldap and view based on it (Oracle database).
create or replace
type ldap_users_t as object(
dn varchar2(200),
full_name varchar2(200),
user_name varchar2(200),
reg_number number,
email varchar2(200)
create or replace
TYPE ldap_users_t_ct as table of ldap_users_t;
create or replace
function get_ldap_users return ldap_users_t_ct PIPELINED
is
out_rec ldap_users_t := ldap_users_t (null,null,null,null,null);
retval PLS_INTEGER;
ldap_session DBMS_LDAP.SESSION;
ldap_attrs DBMS_LDAP.string_collection;
ldap_message DBMS_LDAP.MESSAGE;
ldap_entry DBMS_LDAP.MESSAGE;
ldap_dn VARCHAR2 (256);
ldap_attr_name VARCHAR2 (256);
i PLS_INTEGER;
user_name DBMS_LDAP.string_collection;
full_name DBMS_LDAP.string_collection;
reg_number DBMS_LDAP.string_collection;
email DBMS_LDAP.string_collection;
ldap_host VARCHAR2 (256);
ldap_port VARCHAR2 (256);
ldap_user VARCHAR2 (256);
ldap_passwd VARCHAR2 (256);
ldap_base VARCHAR2 (256);
BEGIN
retval := -1;
ldap_host := '********************';
ldap_port := '********************';
ldap_user := '********************';
ldap_passwd := '********************';
ldap_base := '********************';
DBMS_LDAP.use_exception := TRUE;
ldap_session := DBMS_LDAP.init (ldap_host, ldap_port);
retval := DBMS_LDAP.simple_bind_s (ldap_session, ldap_user, ldap_passwd);
ldap_attrs (1) := '*';
retval :=DBMS_LDAP.search_s (ldap_session, ldap_base,DBMS_LDAP.scope_subtree,
'objectclass=*',ldap_attrs,0,ldap_message);
ldap_entry := DBMS_LDAP.first_entry (ldap_session, ldap_message);
WHILE ldap_entry IS NOT NULL
LOOP
ldap_dn := DBMS_LDAP.get_dn (ldap_session, ldap_entry);
user_name := DBMS_LDAP.get_values (ldap_session, ldap_entry, 'uid');
full_name := DBMS_LDAP.get_values (ldap_session, ldap_entry, 'cn');
reg_number := DBMS_LDAP.get_values (ldap_session, ldap_entry, 'employeeNumber');
email := DBMS_LDAP.get_values (ldap_session, ldap_entry, 'mail');
out_rec.dn:=ldap_dn;
out_rec.user_name:=null;
out_rec.full_name:=null;
out_rec.reg_number:=null;
out_rec.email:=null;
IF user_name.COUNT > 0
THEN out_rec.user_name:=user_name(0);
END IF;
IF full_name.COUNT > 0
THEN out_rec.full_name:=full_name(0);
END IF;
IF reg_number.COUNT > 0
THEN out_rec.reg_number:=reg_number(0);
END IF;
IF email.COUNT > 0
THEN out_rec.email:=email(0);
END IF;
ldap_entry := DBMS_LDAP.next_entry (ldap_session, ldap_entry);
pipe row(out_rec);
END LOOP;
retval := DBMS_LDAP.msgfree (ldap_message);
retval := DBMS_LDAP.unbind_s (ldap_session);
END;
create or replace view scr_ldap_users_v as select * from table(get_ldap_users); -
Retrieve parameters from LDAP using authentication module
I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
If the forwarding is not possible what is the next best alternative ?OpenSSO forum is quite silent so I'm back with you guys.
I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
My LDAP looks like this:
# testuser, pollo.fi
dn: cn=testuser,dc=pollo,dc=fi
cn: testuser
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Test
sn: User
ou: People
uid: testuser
mail: [email protected]
And my datastore configuration:
LDAP server->localhost:389
LDAP bind DN->cn=admin,dc=pollo,dc=fi
LDAP organization DN->dc=pollo,dc=fi
Attribute name mapping->empty
LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
LDAP3 Plugin search scope->scope_sub
LDAP Users Search Attribute->uid
LDAP Users Search Filter->(objectclass=inetorgperson)
LDAP User Object Class->organizationalPerson
LDAP User Attributes->uid, userpassword
Create User Attribute Mapping->empty
Attribute Name of User Status->inetuserstatus
User Status Active Value->Active
User Status Inactive Value->inactive
LDAP Groups Search Attribute->cn
LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
LDAP Groups container Naming Attribute->ou
LDAP Groups Container Value->groups
LDAP Groups Object Class->top
LDAP Groups Attributes->cn,description,dn,objectclass
Attribute Name for Group Membership->empty
Attribute Name of Unqiue Member->uniqueMember
Attribute Name of Group Member URL->memberUrl
LDAP People Container Naming Attribute->ou
LDAP People Container Value->people
LDAP Agents Search Attribute->uid
LDAP Agents Container Naming Attribute->ou
LDAP Agents Container Value->agents
LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
LDAP Agents Object Class->sunIdentityServerDevice,top
LDAP Agents Attributes->empty
Identity Types That Can Be Authenticated->Agent,User
Authentication Naming Attribute->uid
Persistent Search Base DN->dc=pollo,dc=fi
Persistent Search Filter->(objectclass=*)
Persistent Search Maximum Idle Time Before Restart->0
Should I enable some setting still to get the forwarding going on? Any ideas for debugging? -
How i get user info from ldap using java after authenticating user with SSO
Hi
I have one jsp/bean application as a partner application with SSO.
It works fine.
Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
using SSO java APIs i only get username, userDN, subscriber info.
To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
so here i my question, how do i get user password after he has logged in thro SSO.
regards..
and thanking u in advance
samirValentina,
there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
--Olaf -
How to get user information from ldap - bpm11g
hi all,
i need know how to do get information from ldap, but using adf bean for show user data in adf form.
anyone knows about this ?
tks.Neal wrote:
>
Hi,
I am using WLS default authentication to protect my JSP pages. Can someone tell
me if it is possible to add more fields to the default login box (in addition
to login and password boxes, I want to ask user the department name). In additional,
can WLS propogate this information (department name) along with other security
credentails to other J2EE components such as EJBs? In my EJBs I want to be able
to get the department name that user provided during login and then use that for
conditional business logic.
Any insights on this subject will be greatly appreciated.
TIA,
-NealYou can't do this with the default simple authentication. That can only handle a
username / password combination.
You should be able to do this with JAAS. You could write a LoginModule that
populates the department as a Principal or public Credential on the Subject in
addition to the normal authentication. You would have to do a callback handler
that passed through the department info to it.
This link has more on WLS's stab at JAAS:
http://e-docs.bea.com/wls/docs61/security/prog.html#1039659
Once you have associated the Subject with the access control context by invoking
a doAs() you should be able to get it back at any point with
Subject.getSubject(AccessController.getContext()) to get access to the
department info.
It will all be a bit of a chore, mind. -
Problem with activesync provisioning user from ldap to red hat
hello,
i am using activesync to provision the user from ldap to red hat linux . i am getting the following error message
An error occurred adding user '#########' to resource 'Red Hat Linux'.
Script failed waiting for " PASSWORD:" in response "passwd: Only one user name may be specified.
_,)#+(:"
Script processor timed out with nothing to read and the following unprocessed text: "passwd: Only one user name may be specified.
_,)#+(:".
when to try to assign redhat resource to a user from the idm the user is getting provisioned to redhat successfully .active sync form is working for all the other resource except the redhat.
can anyone give me solution for the above problem
thanks in advance.Have you set the xhost as ROOT (xhost +hostname), and then as the ORACLE user type "export DISPLAY:0.0" (without the quotes of course) ? This needs to be done prior to running the installer. Try this site for further information - http://www.puschitz.com/OracleOnLinux.shtml
-
Connect to R/3 failed. USERID and/or PASSWD could not be retrieved from SSFS
Dear All,
Solman installation 7.1 fails with Error in the Start instance phase.
Database : Oracle
OS: AIX 6100-07-02-1150
Oracle version: 11.2.0.3
Kernel version: 720 patch number is 114
I have checked the SAP Note #1639578 - SSFS as password storage for primary database connect .
The below values has alreadt been set in default profile and in environment variables also
RSEC_SSFS_DATAPATH=/usr/sap/SMI/SYS/global/security/rsecssfs/data
RSEC_SSFS_KEYPATH=/usr/sap/SMI/SYS/global/security/rsecssfs/key
rsdb_ssfs_connect=1
2. The Permission of the Global directory
solmantrg:smiadm 13> ls -all
total 0
drwxr-xr-x 5 smiadm sapsys 256 Apr 18 17:37 .
drwxr-xr-x 5 smiadm sapsys 256 Apr 19 21:51 ..
drwxr-xr-x 3 smiadm sapsys 256 Apr 18 17:37 exe
drwxr-xr-x 3 smiadm sapsys 256 Apr 18 17:37 gen
lrwxrwxrwx 1 smiadm sapsys 18 Apr 18 17:37 global -> /sapmnt/SMI/global
Permission Of security Folder:
solmantrg:smiadm 17> ls -all
total 8
drwx------ 5 smiadm sapsys 256 Apr 22 13:25 .
drwxr-xr-x 5 smiadm sapsys 256 Apr 18 17:37 ..
-rw-r--r-- 1 smiadm sapsys 0 Apr 22 13:25 ABAPPROT
drwxr-xr-x 8 smiadm sapsys 256 Apr 18 17:39 SDT
-rw-r--r-- 1 smiadm sapsys 272 Apr 18 17:37 ms_acl_info
drwxr-xr-x 2 smiadm sapsys 256 Apr 22 13:26 sapcontrol
drwx------ 5 smiadm sapsys 256 Apr 18 17:37 security
Permission Of rsecssfs:
solmantrg:smiadm 20> ls -all
total 0
drwx------ 5 smiadm sapsys 256 Apr 18 17:37 .
drwx------ 5 smiadm sapsys 256 Apr 22 13:25 ..
drwx------ 2 smiadm sapsys 256 Apr 19 21:01 data
drwx------ 3 smiadm sapsys 256 Apr 18 17:37 lib
drwx------ 4 smiadm sapsys 256 Apr 18 17:37 rsecssfs
permission Of data & Key
solmantrg:smiadm 22> ls -all
total 0
drwx------ 4 smiadm sapsys 256 Apr 18 17:37 .
drwx------ 5 smiadm sapsys 256 Apr 18 17:37 ..
drwx------ 2 smiadm sapsys 256 Apr 22 12:42 data
drwx------ 2 smiadm sapsys 256 Apr 18 17:37 key
permission Of SSFS_SMI.DAT
solmantrg:smiadm 24> pwd
/sapmnt/SMI/global/security/rsecssfs/data
solmantrg:smiadm 25> ls -all
total 8
drwx------ 2 smiadm sapsys 256 Apr 22 12:42 .
drwx------ 4 smiadm sapsys 256 Apr 18 17:37 ..
-rw------- 1 smiadm sapsys 972 Apr 22 12:42 SSFS_SMI.DAT
No key for File ( SSFS_SMI.KEY ) IN PATH ( /sapmnt/SMI/global/security/rsecssfs/key) Exists
solmantrg:smiadm 28> cd key
solmantrg:smiadm 29> ls -altr
total 0
drwx------ 4 smiadm sapsys 256 Apr 18 17:37 ..
drwx------ 2 smiadm sapsys 256 Apr 18 17:37 .
3. From smiadm, R3trans -x shows 0000. BUT from ora>sid>, R3trans -x shows 0012
solmantrg:orasmi 2> R3trans -x
This is R3trans version 6.22 (release 720 - 26.10.11 - 13:00:00).
unicode enabled version
2EETW169 no connect possible: "DBMS = ORACLE --- dbs_ora_tnsname = 'SMI'"
R3trans finished (0012).
4. Output Of Trans.log from Ora<SID> User
solmantrg:orasmi 3> more trans.log
4 ETW000 R3trans version 6.22 (release 720 - 26.10.11 - 13:00:00).
4 ETW000 unicode enabled version
4 ETW000 ===============================================
4 ETW000
4 ETW000 date&time : 22.04.2014 - 14:41:32
4 ETW000 control file: <no ctrlfile>
4 ETW000 R3trans was called as follows: R3trans -x
4 ETW000 trace at level 2 opened for a given file pointer
4 ETW000 [ dev trc,00000] Tue Apr 22 14:41:32 2014 145 0.000145
4 ETW000 [ dev trc,00000] db_con_init called 41 0.000186
4 ETW000 [ dev trc,00000] set_use_ext_con_info(): ssfs will be used to get connect information
4 ETW000 91 0.000277
4 ETW000 [ dev trc,00000] determine_block_commit: no con_hdl found as blocked for con_name = R/3
4 ETW000 84 0.000361
4 ETW000 [ dev trc,00000] create_con (con_name=R/3) 40 0.000401
4 ETW000 [ dev trc,00000] Loading DB library '/usr/sap/SMI/SYS/exe/run/dboraslib.o' ... 74 0.000475
4 ETW000 [ dev trc,00000] DlLoadLib() success: dlopen("/usr/sap/SMI/SYS/exe/run/dboraslib.o"), hdl 0
4 ETW000 31906 0.032381
4 ETW000 [ dev trc,00000] Library '/usr/sap/SMI/SYS/exe/run/dboraslib.o' loaded 49 0.032430
4 ETW000 [ dev trc,00000] function DbSlExpFuns loaded from library /usr/sap/SMI/SYS/exe/run/dboraslib.o
4 ETW000 61 0.032491
4 ETW000 [ dev trc,00000] Version of '/usr/sap/SMI/SYS/exe/run/dboraslib.o' is "720.00", patchlevel (0.114)
4 ETW000 493 0.032984
4 ETW000 [ dev trc,00000] function dsql_db_init loaded from library /usr/sap/SMI/SYS/exe/run/dboraslib.o
4 ETW000 55 0.033039
4 ETW000 [ dev trc,00000] function dbdd_exp_funs loaded from library /usr/sap/SMI/SYS/exe/run/dboraslib.o
4 ETW000 108 0.033147
4 ETW000 [ dev trc,00000] New connection 0 created 264 0.033411
4 ETW000 [ dev trc,00000] 0: name = R/3, con_id = -000000001, state = DISCONNECTED, tx = NO , bc = NO , hc = NO , perm = YES, reco = NO , frco = NO , timeout = 00
0, con_max = 255, con_opt = 255, occ = NO , prog =
4 ETW000 79 0.033490
4 ETW000 [ dev trc,00000] db_con_connect (con_name=R/3) 79 0.033569
4 ETW000 [ dev trc,00000] determine_block_commit: no con_hdl found as blocked for con_name = R/3
4 ETW000 53 0.033622
4 ETW000 [ dev trc,00000] find_con_by_name found the following connection: 35 0.033657
4 ETW000 [ dev trc,00000] 0: name = R/3, con_id = 000000000, state = DISCONNECTED, tx = NO , bc = NO , hc = NO , perm = YES, reco = NO , frco = NO , timeout = 000
, con_max = 255, con_opt = 255, occ = NO , prog =
4 ETW000 74 0.033731
4 ETW000 [ dev trc,00000] read_con_info_ssfs(): reading connect info for connection R/3 36 0.033767
4 ETW000 [ dev trc,00000] read_con_info_ssfs(): DBSL supports extended connect protocol 49 0.033816
4 ETW000 ==> connect info for default DB will be read from ssfs
4 ETW000 [ dev trc,00000] read_con_info_ssfs(): register callback ssfs_dbi_trace and max level 2
4 ETW000 88 0.033904
4 ETW000 [ dev trc,00000] function DbSlExpFuns loaded from library /usr/sap/SMI/SYS/exe/run/dboraslib.o
4 ETW000 61 0.032491
4 ETW000 [ dev trc,00000] Version of '/usr/sap/SMI/SYS/exe/run/dboraslib.o' is "720.00", patchlevel (0.114)
4 ETW000 493 0.032984
4 ETW000 [ dev trc,00000] function dsql_db_init loaded from library /usr/sap/SMI/SYS/exe/run/dboraslib.o
4 ETW000 55 0.033039
4 ETW000 [ dev trc,00000] function dbdd_exp_funs loaded from library /usr/sap/SMI/SYS/exe/run/dboraslib.o
4 ETW000 108 0.033147
4 ETW000 [ dev trc,00000] New connection 0 created 264 0.033411
4 ETW000 [ dev trc,00000] 0: name = R/3, con_id = -000000001, state = DISCONNECTED, tx = NO , bc = NO , hc = NO , perm = YES, reco = NO , frco = NO , timeout = 00
0, con_max = 255, con_opt = 255, occ = NO , prog =
4 ETW000 79 0.033490
4 ETW000 [ dev trc,00000] db_con_connect (con_name=R/3) 79 0.033569
4 ETW000 [ dev trc,00000] determine_block_commit: no con_hdl found as blocked for con_name = R/3
4 ETW000 53 0.033622
4 ETW000 [ dev trc,00000] find_con_by_name found the following connection: 35 0.033657
4 ETW000 [ dev trc,00000] 0: name = R/3, con_id = 000000000, state = DISCONNECTED, tx = NO , bc = NO , hc = NO , perm = YES, reco = NO , frco = NO , timeout = 000
, con_max = 255, con_opt = 255, occ = NO , prog =
4 ETW000 74 0.033731
4 ETW000 [ dev trc,00000] read_con_info_ssfs(): reading connect info for connection R/3 36 0.033767
4 ETW000 [ dev trc,00000] read_con_info_ssfs(): DBSL supports extended connect protocol 49 0.033816
4 ETW000 ==> connect info for default DB will be read from ssfs
4 ETW000 [ dev trc,00000] read_con_info_ssfs(): register callback ssfs_dbi_trace and max level 2
4 ETW000 88 0.033904
4 ETW000 [ dev trc,00000] RSecSSFs: Entering function "RSecSSFsGetRecord" [rsecssfs.c 836] 84 0.033988
4 ETW000 [ dev trc,00000] RSecSSFs: Configuration data read from environment parameters [rsecssfs.c 3664]
4 ETW000 11463 0.045451
4 ETW000 [ dev trc,00000] RSecSSFs: Data file "/usr/sap/SMI/SYS/global/security/rsecssfs/data/SSFS_SMI.DAT" cannot be opened for read [rsecssfs.c 2198]
4 ETW000 174 0.045625
4 ETW000 [ dev trc,00000] RSecSSFs: Exiting function "RSecSSFsGetRecord" with return code 1 (message: Data file "/usr/sap/SMI/SYS/global/security/rsecssfs/data/SS
FS_SMI.DAT" cannot be opened for read) [rsecssfs.c 897]
4 ETW000 91 0.045716
4 ETW000 [ dbcon.c ,00000] *** ERROR => read_ssfs_record(): RSecSSFsGetRecord(DB_CONNECT/DEFAULT_DB_USER)=1 : Data file "/usr/sap/SMI/SYS/global/security/rsecssfs/
data/SSFS_SMI.DAT" cannot be opened for read
4 ETW000 82 0.045798
4 ETW000 [ dev trc,00000] read_con_info_ssfs(): deregister callback ssfs_dbi_trace 37 0.045835
4 ETW000 [ dbcon.c ,00000] *** ERROR => Connect to R/3 failed. USERID and/or PASSWD could not be retrieved from SSFS
4 ETW000 68 0.045903
2EETW169 no connect possible: "DBMS = ORACLE --- dbs_ora_tnsname = 'SMI'"
trans.log: END
Kindly help us to fix the error ""ERROR => read_ssfs_record(): RSecSSFsGetRecord(DB_CONNECT/DEFAULT_DB_USER)=1 : Data file "/usr/sap/SMI/SYS/global/security/rsecssfs/
data/SSFS_SMI.DAT" cannot be opened for read"
Thanks and Regards,
Gayathri.KHi Deepak,
Now my installation failed with "Start Java engine "phase as in the attached screenshot.
scs00 instance is failing and i am unable to start it.
ERROR 2014-04-22 18:28:50.499 [sixxcstepexecute.cpp:899]
FCO-00011 The step startSCS with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|onehost|0|NW_CI_Instance|ind|ind|ind|ind|ci|0|NW_CI_Instance_Configure_Java|ind|ind|ind|ind|javaconfig|0|startSCS was executed with status ERROR ( Last error reported by the step: Instance 'SCS00/solmantrg' of SAP system SMI is in an inconsistent state: the processes do not seem to have been started within the instance.).
when i checked in getprocess list
solmantrg:smiadm 56> sapcontrol -prot NI_HTTP -nr 00 -function GetProcessList
22.04.2014 18:29:43
GetProcessList
OK
name, description, dispstatus, textstatus, starttime, elapsedtime, pid
msg_server, MessageServer, GRAY, Stopped, , , 13631618
enserver, EnqueueServer, GRAY, Stopped, , , 11468864
have attached the screenshot and sapinst.dev.log
Please assist
regards,
gayathri.K -
Logical identifiant for User Notes synchronized from LDAP
After a synchronization from LDAP to Notes,
The user entry is created, all attributes are OK
The certificate is created and named with %uid%.id
BUT the logical name of the user in the Notes database is constructed as "%givenname%SPACEd/DOMAIN".
I don't understand the SPACE and the character d ?
Thanks for your help !
BRs
VincentFor analyze, we have synchronized 15 LDAP Users to Notes
FirstName, Lastname and login attributes are from 1 to 15 characters lenght as following :
givenname, lastname, UID
1,1,1
F2,L2,ID
F33,L33,ID3
F444,L444,ID44
F5555,L5555,ID555
F66666,L66666,ID6666
F777777,L777777,ID77777
F8888888,L8888888,ID888888
F99999999,L99999999,ID9999999
Faaaaaaaaa,Laaaaaaaaa,IDaaaaaaaa
Fbbbbbbbbbb,Lbbbbbbbbbb,IDbbbbbbbbb
Fccccccccccc,Lccccccccccc,IDcccccccccc
Fdddddddddddd,Ldddddddddddd,IDddddddddddd
Feeeeeeeeeeeee,Leeeeeeeeeeeee,IDeeeeeeeeeeee
Fffffffffffffff,Lffffffffffffff,IDfffffffffffff
Between 6 and 8 characters, le logical Name of the user is correct
He is constructed as %fistname% %lastname%/DOMAIN
Less than 6 or more than 8 characters, the logical name is not correct
We can show the partial path of the lotus's data directory.
I can send screenshot to an email Adress if you want
Why this ? It's not usable
PS : All certificates can be viewed without provide password !
Why the LDAP password of the user's entry is not used to open the ID ?
Thanks for your help.
BRs
Vincent -
Using UME to read binary attribute from LDAP (objectSID)
Hi,
I am trying to read the ObjectSID of an LDAP user (from MS Active directory) from an IUser object. This attribute is binary retrieved from the LDAP and if I defined a normal extra attribute in the datasourceconfiguration file and retrieve it as a String the value is wrong.
So my question is how can I define this as a binary attribute?
From the file C:\usr\sap\EWD\JC00\j2ee\configtool\dataSourceConfiguration.dtd you get the specification of the xml format for the datasourceconfiguration.
The Attribute element has the following specification:
<!ATTLIST attribute name CDATA #REQUIRED populateInitially (true|false) #IMPLIED
readonly (true|false) #IMPLIED
type (string|blob) #IMPLIED
cacheTime CDATA #IMPLIED>
Since you have type here, I tried setting it to blob under the user object as such:
For user:
<attribute name="guid" type="blob" populateInitially="true"/>
For attribute mapping:
<attribute name="guid">
<physicalAttribute name="objectSid"/> </attribute>
However, I still get the following error when calling
iuser.getBinaryAttribute(UME_NAMESPACE,UME_GUID_NAME ):
Caused by: com.sap.security.api.UMRuntimeException: String attribute "com.sap.security.core.usermanagement"-->"guid" must be read using IPrincipal.getAttribute(com.sap.security.core.usermanagement,guid)
at com.sap.security.core.imp.AbstractPrincipal.getBinaryAttribute(AbstractPrincipal.java:300)
at com.sap.security.core.imp.UserWrapper.getBinaryAttribute(UserWrapper.java:261)
at com.bouvet.portal.login.UserIntegrityLoginModule.getStatoilUser(UserIntegrityLoginModule.java:430)
at com.bouvet.portal.login.UserIntegrityLoginModule.login(UserIntegrityLoginModule.java:255)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
... 41 more
This error indicates that the attributes is a string and not a binary attribute.
Anyone?Create OSS and initial message is that this is not supported eventhough some of the configuration files point that direction. It's really easy to implement so maybe if I am lucky I'll get a hotfix.
Dagfinn
btw the field was objectGUID not objectSID -
OIM AD reverse password sync from one AD instance to multiple OIM instances
Hi All,
I have a followind scenario. My client is having multiple offices across the globe. They have OIM installed and configured in each location in each country to manage there local applications. Client also has a Global LDAP which is common across all the offices worldwide.
My requirement is then i need to setup reverse password sync from Global LDAP to all the OIM sysem across the Globe. As per the reverse password sync connector i can only define one OIM system to sync the password.
Can you please suggest me some way to achieve this functionality? Is it possible to install more than one password sync connector and configure them with different OIM systems?
Thanks
YogeshI have one AD instance and n OIM instances. Can i install multiple AD-OIM passwordd sync components on the same AD machine and configure each component with various OIM's?
-
How to delete the user permanently from LDAP. I want to delete the user's mail and calendar services also.
Hi,
It is generally not a best practice to touch your directory server directly. If you're just playing around for learning purposes its ok. Otherwise, from an implementation perspective, do not try accessing DS directly.
I will try giving u a solution if u use legacy mode of AM. I'm still learning about realm mode, but i guess such scenarios are mostly common between the two.
You can use the amadmin command found in /opt/SUNWam/bin or in windows c:\program files\sun\javaes5\identity\bin. You have sample XML file pcDeleteRequests. You could use this to delete just one or few users.
The sample is
<Requests>
<PeopleContainerRequests DN="ou=People1,dc=example,dc=com">
<DeleteUsers>
<DN>uid=dpUser,ou=People1,dc=example,dc=com</DN>
</DeleteUsers>
</PeopleContainerRequests>
</Requests>
Make an XML, run this command : amadmin -u "uid=amadmin,ou=people,dc=example,dc=com" -w <password> -t <your_file>
Maybe you are looking for
-
http://jhilwig.com/xml_page/ Source Flash files to take standard XML and parse to mobile pages suitable for Symbian and Windows Mobile devices. There is some device resolution independence built in, but this could be improved upon. Any feedback appre
-
New Ipod Mini (2nd Generation) Unrecognized by Windows XP Pro
I'm beside myself with frustration after two days of trying to get this to work. Three XP Pro computers tell me "USB Device not recognized - One of the USB devices attached to this computer has malfunctioned - Windows does not recognize it. For assis
-
We have an ECC user who do not require ESS and another ESS user who do not require ECC. Can we use the license of the first person to account for the second person's ESS license.?
-
Black lines at top and bottom of quicktime
idvd is adding black lines to the top and bottom of my 4:3 quicktime movies... i wouldn't mind so much except that it is adding more at the top than the bottom and looks funny on a regular t.v. screen... any ideas...?
-
"blue screen" at startup- still stuck!
So for some reason or another, I've ended up with the "blue screen" at startup problem. when I start my macBook in Leopard, after the apple logo, I get stuck permanently at a blue screen. The first thing I did was to repair the disk but the disk util