Portal Integration with Microsoft Active Directory

Similar Messages

• ODI Integration With Microsoft Active Directory to bring User id to Table

  Hi All,
  I have to bring the USER Id of  Employees from the Microsoft Active Directory based on the Mai id of the user.
  I have a table like below:
  User_name
  Mail_id
  Vishwas
  [email protected]
  John
  [email protected]
  Depak
  [email protected]
  I need to bring the User id of that employees from Active Directory and load it to another table
  Now the Issues is What are the Things i have to perform in ODI to do this:
  I have gone through some of the Blogs for the same but every where i found using ODI for External Authentication.
  Can i get the User Ids in a relational tables so that i can join it with above table and load it to target ?
  Please let me know if any body have the solution for it
  Thanks
  Regards

  I think you can user ldap driver to read entries from your ldap server. Please check the documentation at LDAP Directories - 11g Release 1 (11.1.1)

• ACS Integration with Microsoft Active Directory Services

  Hello Everyone,
  I've been tasked to design the integration of ACS with MS AD. What I want to know is the below assuming I have a software ACS or a ACS device and the protocol for authentication is Radius
  - What is the criteria for the AD to integrate with ACS software of appliance
  - Should that AD be hosted on the domain controller or not?
  - If not, on what (Domain Controller, Tree, Forest, Branch, Flower, Fruit  ) should the AD be hosted on?
  - What will I have to do to authenticate users logging into Cisco Security Manager with ACS integrated with AD?
  - Are there any other dependencies that I will have to categorically mention in my design document?
  Thanks,
  Rishi

  In ACS v5.x, there is a screen for integrating the ACS with AD. 
       (Users and Identity Stores > External Identity Stores > Active Directory)
  Just enter the local domain name (domain.com) and a valid AD administrator account username and password, and the ACS will connect to the domain.  This allows you to use existing AD credentials to login and administer your network devices. 
  Tying the ACS to AD really only takes one screen and less than a minute, but you will still have to tell the ACS which AD groups get which permissions (for example, read-only or read-write access), and you will have to setup a search sequence (Users and Identity Stores > Identity Store Sequences) to tell ACS to first look at AD for credentials, then check the local ACS user database for valid accounts.  The permissions part is still fairly quick, and it only takes me about 45 minutes to build an ACS from scratch including all AD integration and custom RADIUS attributes for some of our devices. 
  The authentication would occur like this:
  User SSH/telnet/console to device
  Device contacts ACS using TACACS or RADIUS
  User receives login prompt and enters AD credentials
  Devices sends credentials to ACS
  ACS validates credentials in AD
  ACS sends authentication OK message to Device
  Device logs user in.
  Command Authorization looks something like this:
  User enters a command
  Device sends command authorization request to ACS
  ACS looks at which AD group the user belongs to and looks up permissions configured in ACS for that group
  Based on the permissions you have assigned, ACS either sends an allow or deny message to the Device
  Device allows or denies the user command.
  Criteria:  We use an ACS 5.2 virtual machine and have had it work perfectly with Server 2003 and Server 2008.
  AD is hosted on our local domain controller (Bonus:  no planting of flowers required!)
  Dependencies: 
  Issue:  The Device looks to ACS.  ACS looks to AD.  If AD fails, users cannot use their AD credentials to login.
            Device ---> ACS ---> AD
  Solution:  Configure the Device to look at ACS first, then a local table if ACS is not available.  Also, configure the ACS to look at AD first, then a local ACS account list if AD is not available.  (You can configure local user accounts on the Device and in the ACS) 
            Device ---> ACS ---> AD
            Device ---> ACS ---> AD ---> ACS local
            Device ---> ACS ---> AD ---> ACS local ---> Device local
  The new version of Cisco ACS is UNIX-based, and you can download a free trial to load up and try before you buy.  It is far FAR superior to the old ACS v3.3 that we had for years.
  I hope this helps for your design document!
  --Chris

• OracleApps HRMS-R12.1.3 Integration with MS Active Directory (win 2008 R2)

  Dear Friends,
  we are using Oracle Apps R12.1.3 and the Microsoft Active Directory : Windows 2008 R2
  we have the following requirement:
  (1)From Oracle Apps to Active Directory.
  -Employee master information needs to be interfaced to Active Directory on a regular interval which should be updated in the active directory.
  (2)From Active Directory to Oracle system.
  -Whenever new email address for an employee is created in Active directory, the information needs to flow to Oracle HRMS.
  Please let us know the method to achieve with minimal latest oracle softwares?
  can it be done over coding from oracle apps without new softwares?
  Is Oracle Apps R12.1.3 certified with Windows 2008 R2 Active Directory?
  Regards,
  DB

  user564706 wrote:
  Dear Friends,
  we are using Oracle Apps R12.1.3 and the Microsoft Active Directory : Windows 2008 R2
  we have the following requirement:
  (1)From Oracle Apps to Active Directory.
  -Employee master information needs to be interfaced to Active Directory on a regular interval which should be updated in the active directory.
  (2)From Active Directory to Oracle system.
  -Whenever new email address for an employee is created in Active directory, the information needs to flow to Oracle HRMS.
  Please let us know the method to achieve with minimal latest oracle softwares?
  can it be done over coding from oracle apps without new softwares?
  Is Oracle Apps R12.1.3 certified with Windows 2008 R2 Active Directory?
  Regards,
  DBPlease update your original thread(s) instead of creating new one(s) -- Integrate Oracle Apps R12 with Microsoft Active Directory
  Thanks,
  Hussein

• Integrate Oracle Apps R12 with Microsoft Active Directory

  Dear Friends,
  I am using Oracle Apps R12.1.3 and alsoo we have Microsoft Activity Directory.
  we need to integrate both so that any employee cretaed in Oracle Apps HRMS will be replicated in Microsoft Directory.
  Please let us know the oracle 10g and 11g products we have to use to achieve this.
  Please let us know both 10g and 11g products and is 10g products covered in Oracle support?
  Regards,
  DB

  Please see these docs/links.
  Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On 10gR3 (10.1.4.3) [ID 376811.1]
  Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite [ID 876539.1]
  Registering Oracle E-Business Suite Release 12 with Oracle Internet Directory 11gR1 and Single Sign-On [ID 1370938.1]
  External Authentication To Active Directory Integration With E-Business Suite [ID 429020.1]
  Re: Integrating Active directory  with oracle EBS 12.1.3 with 11g R2 database
  Re: Oracle EBS with SSO
  Re: Need to integrate AD with R12.1.3 with the most simplest architecture.
  Re: EBS R12,how to use OID implement SSO without OAM/OID(with 3rd product)?
  Thanks,
  Hussein

• SSO (single sign on) on NetWeaver 7.0 Enterprise Portal based on spnego with Microsoft Active Directory

  Hi,
  we are using SAP Netweaver Enterprise Portal 7.0 (SP25) based on Windows 2008 R2/Oracle 11g.
  When we setup the Portal, we used the UME of the ECC - ABAP.
  The portal is used internally only.
  Now we want to provide SSO.
  User authenticate against Windows Active Directory (Windows 2003).
  We thought SSO via spnego would be the best solution.
  Any better alternates, we should use?
  We are following the SAP documentation:
  SAP-Bibliothek - Benutzerauthentifizierung und Single Sign-On
  We still want to create users in ABAP and assign them the portal roles. LDAP access should only have read access, to verify the security token from Active Directory.
  When we setup the portal from scratch using ABAP as its UME, in the system configuration, LDAP can't be selected/add as data source.
  In case we understand the documentation correctly, we would now need to add LDAP via the configtool for read access.
  What is not clear to us, when we active now LDAP via config tool, if we would now lose the ABAP connection.
  Is there a tutorial for SSO Netweaver 7.0 EP, like for EP 7.3, available?
  In 7.3 SSO is pretty simple to get it running, thanks to the many tutorials here and on the internet.
  Thanks for your help.
  Best regards
  Carlos Behlau

  Hi,
  I was able to generate the key via ktab program.
  But when I am enable SSO, nothing is happening when I try to log-on via SSO to the portal.
  I installed WebDiag tool on the portal server and ran trace.
  The users are located in domain: company.com of activate directory.
  The Java AS are located in domain: sap.company.com of activate directory.
  The sap.company.com domain acts as child of company.com.
  When I check the WebDiag trace, I see for the SPNegoLoginModule - the entry "... no key (etype: 23) for realm sap.company.com available ..."
  I would except company.com as realm key, as the keytabs have been generated on the domain controller of company.com.
  Is it possible to get SSO with child domain running?
  Based on the statement of the network folks, child and father domain having a trust.
  Thanks for your help.
  Best regards
  Carlos

• Portal integration and Windows Active Directory

  Hello experts,
  We have a SAP Netweaver Portal SP14 and the UME is configure in one Active Directory of Windows 2003. The UME is working correctly but the SSL connection between the two system doesn't work.
  We have applied the help in the link:
  "http://help.sap.com/saphelp_nw70/helpdata/en/7d/77fa735e5f47a2a50b5336fd1b5a61/content.htm"
  but we got the error
  "Peer certificate is not trusted or expired".
  The Active Directory server has its own certificate.
  We think that the problem is with the trusted certificate but we have not correct it.
  In active directory server when we access to  https:
  myserverAD:636, we got the error that the page could not be show.
  Thanks in advanced.
  Paco Hernandis.

  >  https:
  myserverAD:636, we got the error that the page could not be show.
  The SAP Help is outdated: MS IE doesn't show those certs any more, as you have found.
  I'm sure there's a better way, but here's how I get that when I need it: install an OLD version of Firefox (I keep the install EXE for Firefox 1.5.0.8 around just for this) because v.2 responds with an error the same as IE. I use Firefox for this (rather than an old version of IE) so that it doesn't clobber my IE config. Since it's an old release there are many security problems: so don't use it for anything else, and uninstall it immediately afterwards.
  http://download.mozilla.org/?product=firefox-1.5.0.8&os=win&lang=en-US

• Portal Integration with Microsoft Exchange 2007

  Hi all,
  I would like to integrate MS Exchange 2007 with portal so that I can enable all the groupware services including calendar, emails, appointments, availability etc.
  Our Exchange landscape is integrated with our ADS, but portal uses its own user data store with a different set of User Ids.
  I need to implement SSO between both these systems, where the user id is different.
  I found few articles in SDN explaining how to configure SSO, but i couldn't quite find anything on how i can accomplish my objective here.
  Can any of you help me out?
  Thanks a lot
  Shobin

  Eduardo,
  Download the MS Exchange portlets here, and look at the documentation here.
  regards,
  Stewart

• HTML DB with Microsoft Active Directory access

  HTML DB Authentication works fine, but autherization gives the following error. We hope someone has similar experience in this forum. The following error we got after we added password to the is_member function. If use NULL for password it always gives No autherization to page error.
  Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid
  credentials. 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext
  error, data 525, vece
  Exception encountered .. exiting

  Thanks Scott, We got answers from your earlier discussion on following threads.. We are posting the points in your discussion again and it may help others..
  LDAP Setup - How ?
  Let's focus on authentication first. I assume you have a login page in the app. Create a new authentication scheme based on the LDAP model (follow the wizard.) Edit the scheme, changing the authentication function from -LDAP- to: return function_name;, giving the name of a function in your schema which does the ldap authentication. This function must have the signature(p_username in varchar2, p_password in varchar2) return boolean. Null out any other ldap-related fields in this new authentication scheme and make sure it points to the login page in your app for the Invalid Session Page attribute. Save changes and then make this the current scheme. Your login page is already set up to call the HTML DB login API and because your authentication scheme specifies an authentication function, that's what it will use to check credentials when the login page which captured username and password is submitted. If the credentials check out, the login API will redirect to the page specified in the login pages login process' p_flow_page argument, e.g., p_flow_page=>&APP_ID.:1, for page 1. Change this page ID as required.
  Authorization schemes are simpler. They will probably be of type PL/SQL function returning boolean which will use the current value of :APP_USER to consult the LDAP directory for specific information. After creating the schemes, you can attach them to whatever components you need to, e.g., regions, buttons, processes.
  function userInGroup(p_username in varchar2,p_group in varchar2)
  return boolean
  as
  l_retval PLS_INTEGER := -1;
  l_session DBMS_LDAP.session;
  l_attrs DBMS_LDAP.string_collection;
  l_message DBMS_LDAP.message;
  l_entry DBMS_LDAP.message;
  l_attr_name VARCHAR2(256);
  l_ber_element DBMS_LDAP.ber_element;
  l_vals DBMS_LDAP.string_collection;
  l_found boolean := false;
  begin
  DBMS_LDAP.use_exception := false;
  --connect to LDAP and authenticate
  l_session := DBMS_LDAP.init(hostname => g_host,
  portnum => g_port);
  l_retval := DBMS_LDAP.simple_bind_s(ld => l_session,
  dn => g_ldap_user,
  passwd => g_ldap_pwd);
  --Get Group Membership
  l_attrs(1) := 'memberOf';
  l_retval := DBMS_LDAP.search_s(ld => l_session,
  base => g_ldap_user_base,
  scope => DBMS_LDAP.SCOPE_SUBTREE,
  filter => 'cn='||p_username||'*',
  attrs => l_attrs,
  attronly => 0,
  res => l_message);
  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
  -- Get all the entries returned by our search.
  l_entry := DBMS_LDAP.first_entry(ld => l_session,
  msg => l_message);
  l_attr_name := DBMS_LDAP.first_attribute(ld => l_session,
  ldapentry => l_entry,
  ber_elem => l_ber_element);
  l_vals := DBMS_LDAP.get_values (ld => l_session,
  ldapentry => l_entry,
  attr => l_attr_name);
  << values_loop >>
  FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
  if l_vals(i) like '%'||p_group||'%' then
  l_found := true;
  exit; --exit if found
  end if;
  END LOOP values_loop;
  END IF;
  --must unbind from LDAP
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  if l_found then
  return true;
  else
  return false;
  end if;
  exception
  when others then
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  return false;
  end userInGroup;

• E-Business suite r12 login through Microsoft Active Directory

  I integrated E-business suite release 12.1 with SSO and OID and i want to integrate OID with Microsoft Active Directory. how is this possible?

  804050 wrote:
  I integrated E-business suite release 12.1 with SSO and OID and i want to integrate OID with Microsoft Active Directory. how is this possible?Yes, it is possible. The basic idea is EBS 12.1 will use OID, which will be configured to use third party external authentication, like Microsoft AD.
  Please see this document:
  Oracle® Identity Management Integration Guide
  10g (10.1.4.0.1)
  Part Number B15995-01
  Chap 19 Integrating with Microsoft Active Directory
  HTH
  AMN

• Does Sun Messaging Server support Microsoft Active Directory

  Hello,
  I just got this qustion. Does Sun Messaging Server work with Microsoft Active Directory?
  Thanks.

  Please post in the messaging server forum: [http://forums.sun.com/forum.jspa?forumID=708|http://forums.sun.com/forum.jspa?forumID=708]

• Integrating Oracle Portal & Microsoft Active Directory

  Dear friends
  I Integrated Oracle Portal & Microsoft Active Directory without any error or problems but it just integrate the users under Users Container in active directory, I have some OU,Groups and policies and I categorized my users under them, so when I run "sh oidspadi.sh" and set "cn=...." with other values except "Users" it can not add all of the users under specific groups or policies.
  Please let me know how can I add all of my users in active directory to OID?
  Thanks
  Babak Saraie

  I'm not familiar with iPlanet, but if it can allow basic
  authentication and connect to AD, it should be possible to do what
  you want.
  Personally, I would rather that the browser did not
  automatically log me in. For example, if someone was having
  problems with their "view" on the intranet web site, if they
  visited your office, you would have to log off, let them log on
  (and wait while their profile was created) just to let them open a
  browser.
  Is it really asking too much for them to enter their
  username/password into a browser prompt once each day? Heck, most
  browsers will remember usernames and passwords so you don't have to
  type it. You just click OK.
  That's just my perspective.
  M!ke

• Can Microsoft active directory integrated with Oracle Applications

  Hi,
  Can anyone provide me any document on Microsoft Active Directory Integration with Oracle Applications(12.0.6)
  Manish

  Hi,
  It is possible, please refer to the following documents for details.
  Note: 376811.1 - Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
  Note: 415007.1 - Oracle Application Server with Oracle E-Business Suite Release 12 FAQ
  Regards,
  Hussein

• Integration of sap R/3 (4.7) and Microsoft active directory (2003)

  Hi All,
  I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
  Pls help me with this issue.
  Thanks in advance,
  Regards,
  Raghav.

  Hi,
  First You should read:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
  Regards,
  Jarek

• Problem with Oracle external procedures and Microsoft Active Directory

  Hi,
  Our server was recently updated to use Microsoft Active Directory. However, we noticed that all external procedure calls keeps on failing with ORA-28575: unable to open RPC connection external procedure agent. Everything was working fine before we migrated to Active Directory which is why we can say that the listener is configured correctly.
  Any idea on how we can make extproc calls with Active Directory?
  thanks.

  Michael,
  Oracle Forms does support Single Sign-On (SSO). Take a look at Oracle Containers for J2EE Security Guide: OC4J Java Single Sing-On. Also take a look at the Oracle Forms 10g Sample Code and scroll to the SSO demo under the Forms Services Demo section. There are also, numerous other documents available via Google. ;-)
  Craig B-)
  If someone's response is helpful or correct, please mark it accordingly.