PPOMA_BBP attributes for user

Similar Messages

• Attribute for user contains errors. Inform system admin

  Hello,
  We've got an issue with shopping carts created by a user that was deleted from system. When trying to see in Monitoring Shopping Carts header or item details of a given sc. A web error occurs:
  The URL http://srp.srm.gruposalinas.com.mx:8000/sap/bc/gui/sap/its/bbpsc11/! was not called due to an error.
  Note
  The following error text was processed in the system SRP : Attribute for user contains errors. Inform system admin.
  The error occurred on the application server srm-pro_SRP_00 and in the work process 2 .
  The termination type was: TH_RES_FREE
  The ABAP call stack was:
  Form: OUTPUT_EXPRESS_MESSAGES of program SAPLBBP_SC_UI_ITS
  Form: EXTERNAL_SCREEN_DETERMINE of program SAPLBBP_SC_UI_ITS
  Module: EXTERNAL_SCREEN_DETERMINE of program SAPLBBP_SC_UI_ITS
  We've cheked SAP NOTE 312058-BBPPU99: Error: Attribute for ... is missing. Inform ...
  But it seems that none of the information applies to us, since this issue is only present for Shopping carts that were created by this deleted user.
  So we tried to re-assing one of this sc, chaning PARTNER_NO,ADDR_NR    
  ADDR NP data in table CRMD_PARTNER according to a new given user, but it didn't work. So we need to know how to re-assing this sc or perhaps how to find what specific attribute is missing.
  Any advice is welcome.
  Thanks in advance.

  Hi
  <b>Which SRM version are you using ? This is an SRM error message.</b>
  The manager role should be enough to change user attribute. The transaction is BBPATTRMAINT. Employee role should have BBPUM02 or BBPAT05 to change their own attribute.
  <u>Please check whether the User ID you are using to Log into BBP_PD (and seems to be assigned in the org structure also)is consistent and has no errors in tcode USERS_GEN.  You should check the user, it's not set up properly in USERS_GEN Transaction, Else repair the user.
  To maintain the user attributes you must have the Administrator role.. Your user should have role SAP_BBP-STAL_ADMINISTRATOR and be integrated in the org structure. your user must be integrated in SRM organizational structure. To see which attributes are missing, you can click on the user in PPOMA_BBP to see details, and go to last tab "Check". This will list all required attributes depending on used scenarios (so you may not require all of them). You can also use transaction BBP_ATTR_CHECK to check user's attributes for a particular scenario.</u>
  <b>Please go through the following links as well -></b>
  bbp_mon_sc attributes
  Re: FM for attribute's value assignation in PPOMA ?
  Note 751022 - Monitor Shopping Cart: Item deletion causes termination
  Re: User Settings are not saved
  Re: Not able to generate user users_gen
  Re: SRM organization plan...
  Re: User creation error
  <u>Hope this will definitely help. Do let me know.</u>
  Regards
  - Atul

• The attributes for user could not be determined --

  Hi,
  Our is extended classic scenario:srm5.0 & ECC6.0
  we are getting the following error in the org plan:
  "The attributes for user could not be determined "
  The error is occuring , when we log into the web browser.
  we also have a error in the org plan, under the user at the check tab,"No attribute found for scenario BBP".
  when we run the BBP_ATTR_CHECK & BBP_BP_OM_Integrate, we have no errors...
  Thanks in advance,
  RK.

  Hi All,
  Thanks for your support...
  I check the T-code:BBP_ATTR_CHECK & BBP_BP_OM_INTEGRATE.
  I also checked the attributes for the CP are ok,still i had the error appearing in the WEB.
  The solution:
  The CP has been deleted from the org plan.
  Once again,we generated the users from USERS_GEN and assign CP to the org plan again at the same.Now the Attributes error is gone.... and the issue is resolved.
  Thanks and Regards,
  RK.

• Error - The attributes for user could not be determined

  When I login as a Buyer (with role ZTSX_EC_BBP_PURCHASER - copy of SAP_EC_BBP_PURCHASER), I get the foll. error while trying to Process Purchase Orders:
  The attributes for user could not be determined
  It does not happen on other transactions (like Sourcing or Issue POs).
  The buyer is in the org. plan and I have checked the attributes and they seem ok.
  What could be the issue ???
  Thanks
  -Bakulesh

  Hi
  <b>Please go through these links -></b>
  The attributes for user could not be determined --
  'Error in writing attributes' when using function tab
  Company code for system missing in user attributes
  BBP_POC not working in SRM 5.0
  Re: urgent: regarding ATTRIBUTES
  Regards
  - Atul

• Add a new attribute for user provisioining on SAP R3

  Hi,
  I want to add a new attribute for user provisioining on SAP R3.
  - I have added new attribute in Process form and Resource form
  - I think i need to add this attribute in lookup definition of SAP attributes also need to do mapping
  but i am not finding lookup definition of SAP attributes .
  What will be name of lookup definition of SAP attributes? (In case of AD, we have AtMap.AD).
  Can any body please help me?
  Thanks

  Hi,
  You cannot add custom fields and do provision or recon for it.I have opened the SR with Oracle and this facility will be available in 9.1. which is launching after 4 months.You need to request the source code and modify it to get the custom fields.
  Thanks

• Modify Attributes for User Configuration Dumps Error

  Anyone have any ideas how to go about troubleshooting the following:
  When we Go to Identity System Console...User Manager Configuration...Tabs...Users and then click the
  "Modify Attributes" button we get the following error page:
  Bug Report Form
  An error has occurred while executing the application.
  Your browser doesn't support sending mail automatically!
  Please send E-Mail to <a ="">[email protected]</a> with the following information:
  Your Name
  Organization
  E-Mail Address
  Phone Number
  Comment
  Make sure to append the following traceback in the mail.
  Traceback data\module_main.cpp:565: Error: Exception re-thrown in HandleEvent.
  common\obprogram_registry.cpp:794: Error: Exception re-thrown in ObProgramRegistry::Execute.
  common\obprogramservice.cpp:314: Error: Exception re-thrown in ObProgramService::Execute.
  admin_console\acps_metaattribute.cpp:39: Error: Exception re-thrown in ACMetaAttributeProgram::Execute.
  admin_console\metaattribute.cpp:1513: Error: Exception re-thrown in ACPS::MetaAttributeGenTabMainMetaAttributePage().
  admin_console\metaattribute.cpp:1412: Error: No schema definition for attribute orclPassword was found.
  Product User Manager AdminVersion
  Platform Microsoft Windows

  Hi,
  I am afraid OVD is not present. I did looked at the 739067.1. (I couldnot not understand that fully as I could not find OVD GUI) But I do not know how to login into OVD GUI. What is the URL for it. How to check that OVD is present or not?
  We have Oracle COREId 7.0, identity and access. I do not get this error in my QA environment but I get this is dev and production.
  kapil

• LDAP attribute for user's last login time?

  Hi all,
  Is there an LDAP attribute that I could return (via an "ldapsearch" query) that would contain the user's last login time?
  We have:
  Directory Server Version: 5.2_Patch_2 ; Build number: 2004.107.0034
  other...
  Identity Server 2004Q2
  sparc-sun-solaris2.9
  Thanks in advance!

  Hello,
  If you need this info, you will have to create a password policy that log last logon time.
  But be carefull with this function, it can create a lot of cpu load.
  <http://docs.sun.com/app/docs/doc/820-4809/fhkrj?l=en&n=1&a=view>
  Regards
  Eric.

• OIM - Error updating the Teminal Services Attributes for a Users AD account

  Hi,
  I am trying to populate 'Terminal Profile Path', 'Terminal Home Directory' and 'Terminal Allow Login' attributes for a users Active DIrectory account from the OIM admin interface. and the request keeps getting rejected in OIM.
  *1) I get the below message in OIM -*
  Response: non-JRMP server at remote endpoint
  Response Description: Unknown response received
  Error Details
  Setting task status... "non-JRMP server at remote endpoint" does not correspond to a known Response Code. Using "UNKNOWN".
  *2) Below are the error messages from the logs:*
  2010-04-13 13:42:15,843 ERROR [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRemoteManagerInfo encounter some problems: No Remote Manager associated with current IT Resource.
  2010-04-13 13:42:15,843 ERROR [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRemoteManagerInfo encounter some problems: INTERNAL_ERROR
  com.thortech.xl.dataobj.util.tcAdapterTaskException: INTERNAL_ERROR
       at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRemoteManagerInfo(Unknown Source)
       at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSEXECUTEREMOTESCRIPT.EXECUTEREMOTESCRIPT(adpADCSEXECUTEREMOTESCRIPT.java:646)
       at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSEXECUTEREMOTESCRIPT.implementation(adpADCSEXECUTEREMOTESCRIPT.java:148)
       at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
       at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
       at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
       at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostUpdate(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
       at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
       at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
       at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
       at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
       at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
       at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
       at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
       at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
       at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
       at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
       at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
       at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
       at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
       at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
       at org.jboss.ejb.Container.invoke(Container.java:960)
       at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
       at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
       at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
       at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
       at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
       at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
       at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
       at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
       at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
       at $Proxy758.setProcessFormData(Unknown Source)
       at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
       at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
       at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
       at $Proxy801.setProcessFormData(Unknown Source)
       at com.thortech.xl.webclient.actions.UserDefinedFormAction.editForm(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
       at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
       at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
       at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
       at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
       at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
       at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
       at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
       at java.lang.Thread.run(Thread.java:619)
  2010-04-13 13:42:15,843 DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRemoteManagerInfo left.
  2010-04-13 13:42:15,843 DEBUG [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager entered.
  2010-04-13 13:42:15,843 DEBUG [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager Remote Manager Host Lookup URL is null
  2010-04-13 13:42:15,843 DEBUG [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager Remote Manager service name is null
  2010-04-13 13:42:15,843 INFO [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager Remote Manager full URL is null/null
  2010-04-13 13:42:15,843 ERROR [XELLERATE.REMOTEMANAGER] Class/Method: RemoteManagerSupport/getRemoteManager encounter some problems: non-JRMP server at remote endpoint
  java.rmi.ConnectIOException: non-JRMP server at remote endpoint
       at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:230)
       at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
       at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)
       at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
       at java.rmi.Naming.lookup(Naming.java:84)
       at com.thortech.xl.remotemanager.RemoteManagerSupport.getRemoteManager(Unknown Source)
       at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSEXECUTEREMOTESCRIPT.EXECUTEREMOTESCRIPT(adpADCSEXECUTEREMOTESCRIPT.java:649)
       at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSEXECUTEREMOTESCRIPT.implementation(adpADCSEXECUTEREMOTESCRIPT.java:148)
       at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
       at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
       at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
       at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostUpdate(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
       at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
       at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
       at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
       at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
       at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
       at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
       at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
       at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
       at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
       at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
       at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
       at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
       at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
       at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
       at org.jboss.ejb.Container.invoke(Container.java:960)
       at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
       at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
       at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
       at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
       at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
       at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
       at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
       at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
       at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
       at $Proxy758.setProcessFormData(Unknown Source)
       at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
       at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
       at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
       at $Proxy801.setProcessFormData(Unknown Source)
       at com.thortech.xl.webclient.actions.UserDefinedFormAction.editForm(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
       at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
       at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
       at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
       at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
       at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
       at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
       at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
       at java.lang.Thread.run(Thread.java:619)
  *3)* I confirmed that RemoteManager is running by going to the design console. Administration -> Remote Manager. And I see that RManager service has both Running and IT Resource to be selected.
  But, when I shutdown remote manager and look at the Remote Manager from design console it only has the IT Resource to be selected.
  So, I am assuming the OIM is seeing the RManager service to be active when it is running,
  Please let me know if you have any ideas of how I should go about resolving this issue.
  Thanks,
  Rohit P

  that�??s the output of the FIMADMIN. Can you exec that script for the user account you are having problems with?
  Cheers,
  (HOPEFULLY THIS INFORMATION HELPS YOU!)
  Jorge de Almeida Pinto | MVP Identity & Access - Directory Services
  * This posting is provided "AS IS" with no warranties and confers no rights!
  * Always evaluate/test yourself before using/implementing this!
  * DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/
  ################# Jorge's Quest For Knowledge ###############
  ###### BLOG URL: http://JorgeQuestForKnowledge.wordpress.com/ #####
  #### RSS Feed URL: http://jorgequestforknowledge.wordpress.com/feed/ ####
  -------------------------------------------------------------------------------------------------------<>
  "Raveendra Raju" wrote in message news:[email protected]...
  Hi,
  I have enable the
  attributes �??Domain�?�, �??AccountName�?� and �??ObjectSID�?�  and values are populated about that AD user account synched by the FIM Sync Engine".
  Please find the below attributes values
  Account Name: fimadmin
  Domain Name : TESTNET
  Object SID  : AQUAAAAAAAUVAAAAeZI7Xt/AsWwbRQVrlAQAAA==
  I have already validated the following:
  ·Grant Authenticated Users access to the FIM Portal
  Site (must be checked if you want to allow access to the FIM Portal)
  ·Grant Authenticated Users access to the FIM Password
  Reset Site (must be checked if you want to allow access to the FIM Password Portal)
  I have also run the PowerShell script to validate these settings:
  ·�?�General: Users can read non-administrative configuration
  resources�?�
  ·�??User management: Users can read attributes of
  their own�?�
  BUT STILL NOT ABLE TO LOGIN AS A REGULAR USER ... PLEASE HELP ME OR SUGGEST ME HOW TO DEBUG TO IDENTIFY THE ISSUE.  IF SOME ONE GIVE
  ME THE STEPS THAT WOULD BE GREAT HELP.
  Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/

• Problem in  maintain attributes for position in maintain user attributes

  Hi All ,
  I am facing a problem in Maintain User Attributes
  I should get only 5 values for any user in attributes dropdown of attributes for position
  But for some users I am getting as 10 values
  and for some users I am getting it as 20 values ..
  What my doubt is
  will it be based on role dependency or anyother one ..
  Pls let me know if u have any idea ..
  Thanks
  Kumar

  Hello,
  The ability of changing attributes via User settings depends on the role
  assigned to the user and whether this role has the appropriate rights to
  change the attributes.
  In this regard, check the customizing below:
  SRM -> SRM Server -> Cross Application Basic Settings -> Roles ->
  Maintain Attribute Access Rights by Role.
  Here you define which parameter can be changed depending on the role
  assigned to user in question.
  Regards,
  Ricardo

• Setting Application Context Attributes for Enterprise Users Based on Roles

  Hello,
  We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
  I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
  -- For each record in my RoleSitePrivileges table, set
  --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
  --   If the current user has been assigned a role matching
  --   the value in the 'RoleName' field, set the corresponding
  --   attribute to 'Y'... otherwise, set it to 'N'.
  FOR iPrivRec IN (SELECT RoleName, SiteID
                     FROM RoleSitePrivileges
                     ORDER BY SiteID)
     LOOP
        SELECT COUNT(*)
          INTO roleExists
          FROM dba_role_privs
          WHERE granted_role = UPPER(iPrivRec.RoleName)
            AND grantee = USER;
        IF roleExists > 0 THEN
           DBMS_SESSION.set_context(
                       namespace   => 'my_ctx',
                       attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                       value       => 'Y');
        ELSE
           DBMS_SESSION.set_context(
                       namespace   => 'my_ctx',
                       attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                       value       => 'N');
        END IF;
     END LOOP;To finish things off, I created a security policy function for the table which returns the following:
  RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                       FROM session_context
                       WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                          AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
  I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
  I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
  So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
  Thank you!

  Hello,
  We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
  I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
  -- For each record in my RoleSitePrivileges table, set
  --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
  --   If the current user has been assigned a role matching
  --   the value in the 'RoleName' field, set the corresponding
  --   attribute to 'Y'... otherwise, set it to 'N'.
  FOR iPrivRec IN (SELECT RoleName, SiteID
                     FROM RoleSitePrivileges
                     ORDER BY SiteID)
     LOOP
        SELECT COUNT(*)
          INTO roleExists
          FROM dba_role_privs
          WHERE granted_role = UPPER(iPrivRec.RoleName)
            AND grantee = USER;
        IF roleExists > 0 THEN
           DBMS_SESSION.set_context(
                       namespace   => 'my_ctx',
                       attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                       value       => 'Y');
        ELSE
           DBMS_SESSION.set_context(
                       namespace   => 'my_ctx',
                       attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                       value       => 'N');
        END IF;
     END LOOP;To finish things off, I created a security policy function for the table which returns the following:
  RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                       FROM session_context
                       WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                          AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
  I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
  I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
  So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
  Thank you!

• Size limitation for all attributes in user objects in Active Directory????

  hi geeks , i wanna know maximum size limit of an user objects attribute in   active directory ... like max amount of character first name attribute can hold ... Thank in advance..

  You can use ADSI Edit to view the properties of the attributes in the Schema container of your AD. In the Schema container you can select an attribute, like Company, right click, select properties, and find the rangeUpper property of the attribute. This
  is the maximum length in characters (or bytes). You can also use dsquery to retrieve rangeUpper for an attribute. For example:
  dsquery * "cn=Schema,cn=Configuration,dc=MyDomain,dc=com" -filter "(LDAPDisplayName=streetAddress)" -attr rangeUpper
  where your domain is MyDomain.com. This finds the maximum length for the "street address" attribute. A few values in my test domain (the values can be modified, so these are the defaults):
  company                      64
  streetAddress              1024
  physicalDeliveryOfficeName  128
  initials                      6
  st                          128
  postOfficeBox                40
  name                        255
  cn                           64
  You can use the first two spreadsheets on this page to help identify attributes in AD (with no Exchange):
  http://www.rlmueller.net/UserAttributes.htm
  The first spreadsheet documents the attributes corresponding to the fields on most of the tabs of ADUC. For example, "st" is the attribute for state, "physicalDeliveryOfficeName" for the field labeled "office". You need the
  LDAPDisplayName's of the attributes, like I used in the dsquery command above. The second spreadsheet documents all attributes in AD with more information, like the syntax and which class each applies to.
  Richard Mueller - MVP Directory Services

• Attribute group for user?

  Hi all,
  We're trying to migrate user data from an LDAP server to Active Directory running on Windows Server 2012.    Besides users objects, there are multi-value attribute "groups" objects in the LDAP server and I've no idea how to migrate to
  AD, e.g.
  For user uid=123456 who is a student with double major, there exists 3 objects for this user:
  1. the user object, contains: uid: 123456, name, contact, etc...
  2. 1st major object, contains: uid: 123456, major: Mathematics, year of attention (2010), faculty: Science
  3. 2nd major object, contains: uid: 123456, major: English, year of attention (2011), faculty, Arts
  Would anyone please help?   Thanks a lot.
  Regards
  /ST Wong

  So group objects can be a bear, primarily because a group can contain other groups in the AD world not sure about the LDAP server you are migrating from.
  So the first thing I would do is map all attributes that are in use on the ldap server to a corresponding AD attribute, once that's done a script could be built to populate those.
  This would also be true from the groups.
  Groups need a User or Group distinguished name to add  to the members attribute.
  So in your migration steps before the first user is migrated, I would create a corresponding group that matches the LDAP servers group. Then as you migrate them in what ever script or third part product you use would just add as a member to the pre-created
  group. FIM can do this but can be cumbersome to use.
  Another thing that needs to go into the planning in respect to groups is that security groups are only useful when they are used to apply permissions to something.
  So looking at your example
  UID does that correspond to the logon name in Active Directory - if so then the corresponding attribute would be sAMAccountName
  Name could correspond to displayName in Active Directory
  Contact would be dependent on the data that the field held
  The Major objects seem like groups to me
  So Group Name,cn, and sAMAccountAttribute would be something like Mathematics2010
  Another attribute on the group object, maybe department would hold Science
  A lot of this is dependent on what consumes the data and whether an attribute already exists, You can create attributes if they are needed but would recommend first mapping out between the 2 systems to see which ones fit and which ones do not.
  I know that is vague but here is some links that will let you know which attributes are defined by default in Active Directory
  User Objects (Broken up by DC OS version)
  http://msdn.microsoft.com/en-us/library/ms683980(VS.85).aspx
  Group Objects (Broken up by DC OS Version)
  http://msdn.microsoft.com/en-us/library/ms682251(v=vs.85).aspx
  As you do the mappings between systems it important to have the final picture in mind of how everything will work once the migration is complete. That way it will allow you to focus on the important things and leave the not so important things till later.
  Hopefully that helps!

• How to Update Extended Attributes For the Users in SRM Organization?

  Hi,
  I am using 'BBP_UPDATE_ATTRIBUTES' function module to load the Default Attributes for the users in a custom program. I am able to update many attributes like company code, Movement type, catalog id, material usage, shop on behalf of and address ship to. But I am having problem updating extended attributes Plants(Attribute ID 'WRK') and Storage Locations (Attribute ID 'LAG').
  Storage location and Plants has many values. Can anyone have experienced this problem before. I appreciate any help I get. I debugged enough and not able to find any other function module to do this.
  Thanks and Regards,
  Sreeni..

  Hi Sreeni,
  I'm stuck up in the same problem. Did you get any solution for this? If yes please provide the same.
  Regards,
  Gajendra
  Message was edited by: Gajendra Bhatt

• Trying to modify two AD User attributes for multiple users?

  Hello,
  I'm a newbie to Powershell and need some help.
  I have a 2008 R2 AD and need to modify two attributes for multiple users.
  The attributes include "homeDirectory" and "unixhomedirectory".
  I have started to go through Powershell in a month of lunches but need this solution quickly.
  I have been trying  number of scripts that I cannot get to work in our test AD lab.
  Is there anyone who can help with a simple script with explanations of each line so I know how it works please?
  help

  Thanks clayman2,
  Here is what's in my .csv below
  samaccountName
  homdedirectory
  unixhomedirectory
  testuser1
  \\servername\oldhimedir\%username%
  \\servername\oldhimedir\%username%
  testuser2
  \\servername\oldhimedir\%username%
  \\servername\oldhimedir\%username%
  This is the code below I'm trying to use.
  Import-Module ActiveDirectory
  $USERS = Import-CSV c:\users.csv
  $USERS|Foreach{Set-ADUSer -Identity $_.samaccountname -homdedirectory $_.\\servername\oldhimedir\%username% -unixhomedirectory $_.\\servername\oldhimedir\%username%}
  Please let me know if I have to put the pathing in any special brackets to have PS read it. I have tried {} around the field but I get "Missing property name after reference operator"
  Thank you

• Need to retrieve additional attributes for roles and users

  Hello
  We need to access some attributes for our application. This information is not accessible through the core API. The attributes we need are as follows
  User Account
       Password locked
                  Date account locked last
            Account locked last by
            Date account last unlocked
            Account last unlocked by
            Reason for last account unlock
  Roles
            Created By
            Person Responsible
            Changed By
  I know we can access this attributes using the IPCDAttribute. What i want to know are the namespaces and the corresponding attribute names. Could anybody point me in right direction? I have seen that IUserAccount API has a method called isPasswordLocked() which should return me the locked information, but i cannot access that method in the java code.
  Any help is very much appreciated.
  Regards
  Kalpesh
  Edited by: Kalpesh Shirodker on Aug 5, 2008 3:10 PM
  Edited by: Kalpesh Shirodker on Aug 5, 2008 3:11 PM

  Hi Apurva,
  This Srini, i need your help for Leave Encashment workflow Approval Process in 3levels of approval.
  r u worked on same proceed for that. i can see the your posted on 5 months back in sdn.
  i can implement the bidi. how to determine agent 3 levels and how to link to workflow template and which workflow step types are using one by one tell me.
  Please i need your help leave encashment approval process. plz give me u r GMAIL ID.
  Regards
  MSR