Platform 7.x and ldap

I am currently running portal 4.0 sp2 in production. We are thinking about converting
to an LDAP (maybe openldap) as our security realm and uup storage area. We believe
that we will get some better performance; also we are getting ready to go from
25k users to 4 million users. We are also thinking about upgrading to portal
7.x here really soon. I have read the portal 7.x's edocs and see many references
to portal and rdbms but nothing about portal and ldap even the uup information
in edocs only references the rdbms realm.
Does anyone know of any issues with portal 7.x and using ldap as the realm and
uup storage area? Does anyone see any gotcha’s in the above scenario?
Thanks
Travis Wissink

Based on your response to Eugene Khosid's post "WL 7.0 and MS Active
Directory" I went and checked to see if the user I was using to boot
weblogic was a member of "Administrators" in the domain, it wasn't. I will
test this further this afternoon.
With regards to the configuration, am I correct in thinking that the default
settings are inadequate to for accessing a default Active Directory
installation?
I changed the following:
User Name Attribute: sAMAccountName
User Dynamic Group NC Attribute: memberOf
User Base DN: cn=users, dc=<my_domain>,dc=com
Group Base DN: cn=users,dc=<my_domain>,dc=com
I was at a total loss for the membership properties.
Thanks for your help,
-Jacob
"Vimala Ranganathan" <[email protected]> wrote in message
news:[email protected]..
Do you get any errors or you have issues configuring the active directory
itself?
Vimala Ranganathan
Jacob Meushaw wrote:
I have unsuccessfully been trying to set up weblogic server 7.0 (and
eventually portal) to authenticate my users against our NT Active
Directory
using the Active Directory Authenticator. I have had no success and canfind
no resources to point me in the right direction.
I have managed to log into the Active Directory using Softerra LDAPBrowser
2.3 to scout out the ldap schema. Our Active Directory uses defaultsettings
and it looks as though these default settings do not match the default
settings of the Active Directory Authenticator.
Has anyone had any luck with this setup?
Thanks,
-Jacob

Similar Messages

  • Directory server and ldap TLS on windows platform

    Any body, tested "sun directory server" and "ldap tls" on windows platform"??? cause I tried it, and I cant established a secure connection. On other platform, and I speack about solaris 9, evry thing is ok. Some comments??

    It's a rather unusual way to use attribute subtypes. You may be able to do something with the mapping engine in DPS - I'll wait for Sylvain or someone else who knows DPS really well to answer that. But from the perspective of the information model, I have some doubts about this approach. For instance, what happens if you have multiple subtypes on a single-valued attribute?
    Usually, for example, if there is a "preferred" common name as opposed to some other common names, it would be modeled in an entirely different attribute type, such as "preferredName". The subtypes are almost exclusively used for language specification nowadays. That's another question - what happens if you ever need to store multiple languages in your Directory?
    Do you know of anyone else who is using this kind of information model in their Directory?

  • Problem with ADS and LDAP

    Problem with ADS and LDAP
    I have installed Win2000 + sp1 and ADS on a computer. This computer is PDC.
    After connection via LDAP I cann't get any object ( users or goups etc. ).
    I try connect to ADS by java ( JNDI ).
    When I use another clients of LDAP ( eg. Maxware Directory Explorer) I have
    the same problem - no objects.
    Can anybody help me?
    Grzegorz Pszona
    my e-mail: [email protected]

    Thanks a lot.
    Softerra's browser is really good.
    Thanks
    Rashmi
    "Anant Kadiyala" <[email protected]> wrote:
    >
    I used Softerra's LDAP browser. The browser is free. There is also a
    java baded
    LDAP browser from Univ of Michigan. I found the Softerra browser to be
    more easier
    to use.
    -anant
    "rashmi" <[email protected]> wrote:
    Hi,
    Can you please let me know which exact ADS tool that you used to examine
    the
    DN. I have Active Directory Users and Computers, Sites and Servicesand
    Domain
    and Trusts installed on my machine but I am not able to figure out how
    to get
    the DN?
    Thanks
    Rashmi
    for Stephen Davies <[email protected]> wrote:
    Grzegorz,
    I have had WLS6.1 & ADS working ok using LDAP V2. Mind you it did take
    a
    fair bit of messing around to get it going. MS does have a few oddities,
    for example the Administrators DN might look something like this:
    cn=Administrator,cn=Users,dc=eglobal,dc=net
    One tool that I found invaluable came with the additional support tools
    for Windows 2000. The 'Active Directory Administration Tool' made it
    easy to list the directory contents and examine the DNs.
    Regards,
    Steve
    Stephen Davies
    Principal Consultant
    eGlobal Services Pty. Ltd.
    Sydney, Australia
    Ph. +61 2 9283 1033
    http://www.eglobal.net/

  • Single sign-on using Kerberos and Ldap

    I am currently setting up single sign-on using Kerberos for authentication and Ldap for authorization and information store.
    The setup includes several Solaris 8 & 9 workstations, a couple of SGI's, as well as a M$ terminal server farm, several WinXP desktops and their associated Active Directory.
    I am required to authenticate etc against the AD. (which has M$ SFU3.5 installed)
    I have the Kerberos authentication and part of the Ldap service working via pam & nss.
    ie. I can logon to the solaris worksatations using the AD username and password, mount the home directory from a M$ NFS server.
    BUT...
    id gives:- userID, groupID (primary group only)
    groups :- primary group only. (no secondary groups are listed)
    Question: what additional configuration information do I need in the pam, nss &/or ldap config files, so that I can list the secondary groups.
    Thanks in advance for any help.

    After evaluating (giving up on, and finally throwing out) the Sun Directory server it looks like we are going to endup with a similar solution..
    Sadly enough, the MS AD seems much more stable and easier to handle than Suns DS, kerberos and associated services.
    Anyway, currently we are evaluating a product called vintela ( www.vintela.com ), and it seems very promising; its easy, robust, stable and does what we require it to do, as well as more :) It comes with an additional nss module called 'vas', so you easily can retrieve data like hosts/groups from your AD.
    //M.

  • How do I change platform for downloading and installing Photoshop Elements from Windows to Mac?

    How do I change platform for downloading and installing Photoshop Elements from Windows to Mac?

    As long as your license supports both platforms you should only have to download the Mac version and install/activate using your serial number.  If you need help finding a link to download the file, please indicate the PSE version you need.

  • Adding phones and users with bat and LDAP sync

    What are the various ways of importing users with phones when the Communications Manager 9.0 is sync'd with LDAP.  Also, what method is the easiest and fastest?
    For example, I could do the following steps:
    Sync CUCM with LDAP to import new users, add phones using bat files, manually update users to associate devices etc
    I believe I should also be able to do the above method and use a bat file to update the users to associate devices etc.  This method still involves 2 steps and the creation of 2 seperate bat files.
    In CUCM version 9 it is possible to have local and LDAP users, so is it possible to add the phones and users using the phones/users tab of the bat file and have them beocme LDAP users?
    Thank you,
    Danny

    #1 Remove this embedded CSS code from your HTML document(s).  You don't need it.
    body {
        background-color: #CCC;
    body,td,th {
        color: #FFF;
        font-size: 14px;
    #2 Open  PW.css file and add this to the top:
    body {
    font-family: Arial, Helvetica, sans-serif;
    font-size: 14px;
    background-color: #CADFEB;
    /**or insert a background-image using the CSS editor**/
    #3 Remove font-family and font-size from all your other CSS selectors.  You don't need to duplicate styles on every element. 
    #4 Replace this:
    #content {
        position:absolute;
        left:199px;
        top:10px;
        width:860px;
        z-index:1;
        right: auto;
        background-color: #FFF;
        text-align: center;
        color: #000;
        height: auto;
    with this:
    #content {
         width:860px;
         margin: 20px auto;
         border: 4px solid silver;
         background-color: #FFF;
         text-align: center;
         color: #000;
         -moz-box-shadow: 5px 5px 5px #888;
         -webkit-box-shadow: 5px 5px 5px #888;
         box-shadow: 5px 5px 5px #888;
    #5 Save your PW.css file and upload to server.
    Nancy O.
    Alt-Web Design & Publishing
    Web | Graphics | Print | Media  Specialists 
    http://alt-web.com/
    http://twitter.com/altweb

  • OBIEE and LDAP problem

    Hi all!
    After connecting our OBIEE 11.1.1.5 to LDAP we faced with a strange problem: after one user enters the system any next user logged in has the same privileges in OBIEE as the first one.
    We turned off the following caches:
    - WebLogic Principal Validator Cache in a security realm Performance section
    - Group Membership Lookup Hierarchy Caching in our LDAP authentication provider Performance section
    But the problem still occurs. Does anyone have any suggestions on this?

    Hi I was having endless issues with OBIEE and LDAP, I followed the exact steps here:
    http://docs.oracle.com/cd/E17904_01/web.1111/e13707/atn.htm#SECMG169
    These worked for me, so you could check for a start these recommended setting are same in your environment.
    Thanks

  • XI 3.1 Client Tools and LDAP Authentication

    I have Business Objects XI 3.1 SP2 installed.  For the web clients (InfoView) single sign on and LDAP authentication are working correctly.  However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
    [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
    Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?

    Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
    Take a look at note 1272536 (http://service.sap.com/notes)
    Regards,
    Stratos

  • I want to see list of Disabled user from AD and LDAP

    Hi
    i wan see the list of disabled user from AD and LDAP and it shows in the next page as Tabular format
    having all the details of AD (Attributes)

    Hi
    i wan see the list of disabled user from AD and LDAP and it shows in the next page as Tabular format
    having all the details of AD (Attributes)

  • Connected MDM and LDAP, but but now what? Why user mapping?

    Hi Gurus,
    In my last thread, I posted that I was not able to connect MDM with LDAP. I was finally able to.
    My problem now is I have to define user mapping in SAP Portal for the MDM business iViews to work.
    By connecting MDM and LDAP, I got the benefit that now the authentication and authorization is happening via LDAP.
    But this does eliminate the need for user mapping. If this is the case then why the real benefit of using LDAP?
    In this case this becomes worse as I need to know the user's LDAP Password which no body will share for sure.
    Any ideas? I want to get rid off this user mapping stuff.
    Warn Regards,
    Karan

    without knowing specifics of ur architecture, i can quickly point out two things:
    1)  LDAP is primarily used for authentication, true.
    2) Portal User mapping should not be an issue if u already have portal tied up to the active directory or some kind of single sign on?
    So portal knows the users who has logged it, polls the Active directory for authentication and Active directory logs into MDM with that users role.
    -Sudhir

  • ISE and LDAP Integration

    Hello,
    I have a question about the LDAP integration with the ISE:
    Since the ISE has a limitation of reading only 100 groups, I cannot find the groups that I need to use on the authorization, and also the ISE cannot find group if I search for it directly.
    What I mean here, that I can fetch the first 100 groups from the top of the directory, but when I search as example for any group (appear on the list or not) the ISE did not find it.
    Even I tried to change the base DN and the search DN but without luck.
    The ISE version is 1.1.4 installed on VM and the LDAP schema is AD.
    Is there any missing information/tips required in such integration?

    Hello,
    I found a cisco doc that provides resolution of Key Features of Integration of Cisco ISE and LDAP .I hope this helps!
    This section contains the following:
    •Directory  Service
    •Multiple  LDAP Instances
    •Failover
    •LDAP  Connection Management
    •User  Authentication
    •Authentication  Using LDAP
    •Binding  Errors
    •User  Lookup
    •MAC  Address Lookup
    •Group  Membership Information Retrieval
    •Attributes  Retrieval
    •Certificate  Retrieval
    http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1059913

  • Database Table and LDAP Authentication in the same repository?

    I'm wondering if it's possible to authenticate through database tables for some users and LDAP for other users. I can configure each one separately but I'm curious if anyone has ever successfully done both in the same repository.
    Thanks,
    -Matt

    Another thing to try is this. I don't have an LDAP server here but it worked for me without LDAP. I think it should also work with LDAP as it is the same idea. I don't think there is a way to have a conditional Init Blocks. Also you can't have two init blocks setting the same variable (USER in our case). But what you can do is to have two Init Blocks, one for LDAP authentication and the other one for table authentication. So you could have this scenario:
    1) LDAP "authentication" init block sets custom variable LDAP_USER
    2) Table "authentication" init block sets custom variable TABLE_USER
    3) Final authentication init block (the real one) sets USER variable using something like this:
    SELECT CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
    ELSE ':TABLE_USER'
    END
    FROM DUAL
    WHERE CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
    ELSE ':TABLE_USER'
    END = ':USER'
    Note how I use the CASE statement both to return the user value I want the USER variable to be set and also in the WHERE clause to make sure no rows are returned in case authentication fails (which should return no rows to denote a failed authentication). Obviously you need to set the init block dependancies correctly. I did a quick test with users coming from two separate Oracle tables in 2 init biocks and it worked fine for me. Give it a try and let me know how it goes.

  • How to config messaging 5.2 and ldap 5.2 with smtp auth?

    Hello.
    I want to config smtp auth for msg 5.2 and ldap 5.2.
    How to step of work.
    I config follow admin guide but it not work.
    Please help me and advice me.

    For your internal clients to be authenticated,
    replace "mustsaslserver" instead of "maysaslserver" in tcp_intranet channel on your imta.cnf file. Then all clients connecting from your internal IPs (listed on your mappings file) will be authenticated.
    Add the below two parameters for messenger express users to use the same system.
    configutil -o local.service.http.smtpauthuser -v "store admin user name"
    configutil -o local.service.http.smtpauthpassword -v "store admin password"
    All other external smtp connections (MX pointed) are not authenticated since they are directed to tcp_local channel.

  • OAS and LDAP or OAS and OID ???

    1) Is OAS and LDAP a good combination or OAS and OID ???
    how do we connect and make use of LDAP from OAS?
    please let me know
    thanks in advance

    Get hold of Whitepaper 774783.1 LDAP Integration for Oracle Utilities Application Framework based products from My Support

  • WLC and LDAP Groups

    Is there any way on an LDAP server to create an LDAP group that can be tied to the WLC for LDAP authentication.  I have this url that explains local authentication and LDAP...  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml .  That helps with local authentication but one thing I don't see is any guidance on how to create a group in a DC to communicate with anything on WLC.  Any ideas?

    You are right. You need a radius server overall that integrates with AD and do AD-to-radius group mapping. This way authentication is allowed/denied from radius, not WLC itself.
    If the user can get a radius server to achieve this that will be great (especially if the user is using 802.1x/EAP authenticaion). If not, what I described about OU mapping is the only solution to get the users classified as per what I understood from users requirements.
    The user is not only limited to Microsoft RADIUS (IAS or NPS). However, any radius server that supports AD group mapping can be used. with cisco ACS for example this is supported as well. I am not sure if this is also supported with open-source radius (openRadius for example). But if it is then openRadius can also be used.

Maybe you are looking for

  • Error while saving a Sales Order in the CRM Mobile Application

    Hi, I am facing issues while saving a Sales Order in the CRM Mobile Application. I am getting the error message "Value Field KvLangu is not valid (Error: 236 / 1102)". I would be very grateful if somebody had faced this issue before and this way coul

  • I can't download Photoshop CS2 on MacBook Air running Mac OS X

    So yeah, i've got troubles downloading Photoshop CS2. It's free, i belive. I have MacBook Air, and it just dont work. Idk what to do.

  • To Identify Relationship between records in a table

    Hi I need to write a query to identify what relationship exists between records in a table. For example,In our system a manager can have more than 1 subordinate as well as an employee can also have more than 1 manager. I need to provide the relations

  • Problem with rounding

    I have a problem whith a Float datatype. In my database i have a column with datatype NUMBER(9,2), in my Entity Object the column is defined like Float and also i use Hint format mask: #,###,##0.00. When i try to introduce the following number 9,999,

  • Statement is not valid in a namespace site

    i'm an amateur programming, and it's my 1st project!!  But the thing is I am having a problem . In error list it says "Statement is not valid in a namespace Need advise what to do with this error