Prepopulating users LDAP Group Information

Hi
When i provsion a user using sun connector manually, i am having an option to select from lookup the group to which the user must be a member.
How do i prepoulate this information based on the users' organization
sas

refer to this link for the solution.
Provisioning OIM Users to LDAP Groups
Thank you
sas

Similar Messages

Retrieving user and group information from LDAP using j_securrity_check

Hi
I am using j_security_check to authenticate users against LDAP. I have made all necessary configuration for the server to perform LDAP group search as well as mentioned in the WAS documentation of LDAP settings. Now, how can I retrieve the user and the user group info after the j_secuirty_check. Apart from the UserPrincipal object which I can get from the request which just has the user name, is there any other object which will give me the user and user group info by which I need to connect to LDAP using my java code to retrieve these informations?
Regards
Deepak

Hi
I am using j_security_check to authenticate users
against LDAP. I have made all necessary configuration
for the server to perform LDAP group search as well
as mentioned in the WAS documentation of LDAP
settings. Now, how can I retrieve the user and the
user group info after the j_secuirty_check.
Apart
from the UserPrincipal object which I can get from
the request which just has the user name, is there
any other object which will give me the user and user
group info by which I need to connect to LDAP using
my java code to retrieve these informations?Hmm, you don't need the user group info to connect to the LDAP server, right? You would need the user's Id (which you have) and password (which you don't). You could use the LDAP credentials and bind as that to look up the user info via the user id. Or if the server is set up to allow anonymous bind you could do it without credentials. But if all you want is group info then you should be able to call Security.getCurrentSubject().getPrincipals() to get the user principal as well as all groups (this is true in BEA WebLogic at least).
Good Luck
Lee

How to get the user and groups information from http header

Hi All,
In my current scneario, we are using Siteminder for SSO setup.. And in this process, after authentication and authorization, they are going to append the user information and group information of the user into a HTTP header and it will be sent back to our presentation services.. We have to extract the user information and group information from the http header.
My HTTP header will look like as follows..
SM_USER XYZ
SM_USERDN CN=Firstname\, Lastname\, xyz, OU=GPO-Low Level Security,OU=Domain Users,OU=BU FDT,
SM_USERGROUPS CN=GG-CA-SiteminderAdmins, OU=Global,OU=Domain Groups, DC=com^CN=GG-ServiceDeskAdmin-TCCORPCEFS
And also if anyone explain me the overall working of SSO in detail like how presentation services will make a connection to BI server( I guess using Impersonator User), and also how our BI server will read the URL from presentation services and the over all working flow in our OBIEE..
Thanks a lot....

Please use the search! this topic has come up lots of times already.

User and Group information not updated in Sharepoint 2010

Hi,
Recently, our orgnisation has maked update of user and group in the Active Diractory. The information was not update in the site collection. I was try to :
-recreate and synchronize a new service application ( no effect)
- Delete old database synchronisation( stsadm -o sync -deleteolddatabases 5)
- stsadm -o sync -synctiming m:5 and stsadm -o sync -sweeptiming m:5 (No effect)
-I have no error or warning whn i make the synchronisation, all data bases is started.
Anyone can help me please??
Thks

Is User Profile to SharePoint Full Synchronization job up and running? Do you see any errors when this job runs? Turn on verbose logging to see details when this job runs.
This post is my own opinion and does not necessarily reflect the opinion or view of Slalom.

How to verify user LDAP group membership

Hi,
we are attempting to determine if a user is a member of a specific LDAP group in our directory and if the user is a member it should return TRUE else FALSE (this is done by defining the LDAP attribute 'CN' (property) which returns a result 'CN=<UserName> or returns 'getting 0 entries'. The query we have is
(&(cn=<username>)(memberOf=CN=<groupname>,DC=domain,DC=com)).
Any pointers on how to do this ?
Thank you.

You could do a couple of things...
1) Install dsquery (add remote AD tools to your box) and run something like
dsquery group -u <user name>
Username would be their login name, yours is "swaupadh" for example. This would return a listing of all the groups they are in and you could regex through that output for the group you are looking for. Use either the Execute Powershell or Execute Windows Command activity here.
2) Use powershell functions and powershell capability to check for group membership, something like this:
function Get-GroupMembership($DN,$group){
$objEntry = [adsi]("LDAP://"+$DN)
$objEntry.memberOf | where { $_ -match $group}
//EXAMPLE CALL
Get-GroupMembership "Cn=kazun,dc=contoso,dc=com" "Backup Operators"
Then you can regex through the output for the "True" or "False" word and run with that.
Either should get you what you want.

Creating OAAM users and groups in external LDAP i.e. OID

Hi Experts,
I am looking for the procedure to create OAAM users and groups in external LDAP i.e. OID.
I am using 11gR2.
Any pointers would be appreciated.
Regards,
Subin

Check this link http://docs.oracle.com/cd/E27559_01/dev.1112/e27206/lcm.htm#autoId3

LDAP Users and Groups

Hi,

I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:

com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.


It seems that this needs to be setup. How do I do this?


Some general notes on LDAP:

I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.

Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.

It would be interesting to read what Bea and other developer think about this.

Kind regards,

Kai


Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)

Cannot Add user to CMC Group when they are a member of LDAP group

On PreProduction Server CMC
Softerra LDAP browser used to verify user is a member of LDAP group
User does not show as a member of that group in the CMC
Cannot add user to LDAP group showing in CMC, the same group shows the member in LDAP browser
On Production Server CMC
For kicks I logged into the CMC on Production and I found the user is correctly showing as a member of the Group
Why doesn't the groups in CMC show what is actually showing in the LDAP browser?

Hi,
Check if you have also mapped in both servers the same groups. It might be that there are some groups missing in the Pre-prod.
Also, try restarting the CMS. I have seen similar issues that are solved after forcing the recreation of the graph.
If after the restart you still can't see the groups, check the mapping on the LDAP server. It might be that both servers do not use the same attribute mappings.
Regards,
Julian

Provision a user into an LDAP Group/Organisation

Is it possible to provision a user into a Role that is mapped to an LDAP Group/Organisation through Identity Manager? I've seen that you can add users directly into LDAP groups, but we would like to add users into groups where they already have an account in the Resource/Directory.
For example I want to allow an existing user;
uid=User1,ou=Users,o=mycompany
to access a resource protected by LDAP Group;
cn=AppGroup1,ou=Groups,o=mycompany
this group would be mapped to an Application or Business Role within Identity Manager.
Is this possible?

If I understand your problem correctly then there is no need for customizing the resource adapter java source code at all. You can "calculate" in which OU or O a user is created by customizing the resource's identity template. Just add a variable to the identity template DN and "calculate" that variable in either your form or map it to IGNORE_ATTR on the resource and then you could even set that value in a role.
Same for adding a user into a directory group. Map the respective groups attribute and create a role for that resource, then configure the role to set the group attribute or merge the values - as simple as that. Or did I misunderstand what you are trying to do?

Oracle.ldap.util - Add User to Group

Hi,
I am using the Subscriber to create a new User in the OID.
( User usr = subscriber.createUser(.....) )
Also I am getting a reference to the main group of the application.
Group appPublic = subscriber.getGroup(getCtx(), Util.IDTYPE_SIMPLE,"APP_PUBLIC" ,null);
Now I need to make the User "usr"member of the Group appPublic.
Can anyone help me find out how to do this?
I have read the User a Group API Reference but I can't find how to do this.
Any help would be really appreciated.

I have solved this problem using the metalink Note:277775.1
------- cut here -------
import oracle.ldap.util.*;
import oracle.ldap.util.jndi.*;
import javax.naming.NamingException;
import javax.naming.directory.*;
import java.io.*;
import java.util.*;
public class AddUserToGroup
final static String ldapServerName = "mlc2.acme.org";
final static String ldapServerPort = "3060";
final static String rootdn = "cn=orcladmin";
final static String rootpass = "welcome1";
final static String user_name = "cn=john.doe,cn=users,dc=acme,dc=org";
final static String group_name = "cn=mynewgroup,dc=acme,dc=org";
public static void main(String argv[]) throws NamingException
// Create the connectin to the ldap server
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx(ldapServerName,
ldapServerPort,
rootdn,
rootpass);
// Add the user to the group
try {
Group mygroup = new Group(Util.IDTYPE_DN,group_name);;
mygroup.addUniquemember(ctx, user_name);
catch (UtilException e) {
e.printStackTrace();
------- end cut --------

Unable to initialize LDAP (No LDAP server is configured)show in the admin server of iWS6.0 users and group

When I goto web server administration in users and group tab it alway show me Unable to initialize LDAP (No LDAP server is configured) Is it cause the effect to use web server because I use iWS with ias .
If it cause some effect ,Please let me know how to configured LDAP server.

Run this Command from the Exchange Server
Net time \\ADServerName /Set
and confirm the action,
and then you need to restart the service
Microsoft Exchange Active Directory Topology Service
and confirm you are not getting the Error 4001 in the event Viewer.
Thank you, it resolved my issue after being sweating looking for solution.
How can I prevent this from happening? I cannot restart services on each server reboot nor lose 5 years of my life!!!
Sokratis Laskaridis MCP, MCTS, MCITP, Small Business Specialist Netapp ASAP, Symantec STS

Using users and groups from LDAP in ADF application

Hi there,
I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
But I can't find proper/up-to-date info about how to do this.
I tried 2 major things:
1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
Any help or documentation that could help me?

Since we aren't using EM I had to find an other way. And I found it.
In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
Thanks for the help.

How to get logged-in user/group information in WebLogic Portal 10.3.2

Hi bros.
I have a codesnipet to get information about user who actually logged in weblogic portal:
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import com.bea.p13n.security.Authentication;
import com.bea.portal.tools.security.user.*;
public class UGMSummary {
     private static final String username = "weblogic";
     private static final String password = "webl0gic";
     public UGMSummary(){
     public void test(){
          try {
               Subject tmp = Authentication.authenticate(username, password);
               //PolicyItem pi = new PolicyItem();
               //System.out.println("######## " + Authentication.getCurrentSubject().toString());
               UserIDBuilder builder = new UserIDBuilder();
               UserID uid = builder.createResourceID();
               System.out.println("######## Admin ? " + Authentication.isAdministrator(tmp));
               System.out.println("######## Anonymous ? " + Authentication.isAnonymous(tmp));
               System.out.println(" ######## " + uid.getUserName());
          } catch (LoginException e) {
               System.out.println(e.getMessage());
               //e.printStackTrace();
}Some println commands above are used to mark in console. I can ensure that there is an user (admin) logged in weblogic system by executing command: Authentication.isAdministrator(tmp);
Output of codesnipet above is:
######## Admin ? true
######## Anonymous ? false
######## nullMy problem is impossible to use UserID object to get username of weblogic user. Output of command: uid.getUsername() is: null
Somebody tell me why my code doesn't work though it can authenticate an user.
Thank in advance.
ps:
Some Javadoc for UserID can be found here:
http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/index.html
http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/index.html

Hi, Kevin.
I'm glad to see your response again. I found some interesting information from your recommendation link. At this time, I know that impossible to get users/groups information by using DelegatedAtnProxyManagerControlFacade (ref: http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/com/bea/portal/tools/ugm/controls/DelegatedAtnProxyManagerControlFacade.html) interface.
But, I dont know how to get an instance of an object that implemented this interface. My friend give me a codesnipet that shown the way to get a DelegatedAtnProxyManagerControlFacade by using this codesnipet in a GlobalController:
      try
        DelegatedAtnProxyManagerControlFacade delegatedAtnProxyManager = (DelegatedAtnProxyManagerControlFacade)getControl(DelegatedAtnProxyManagerControlFacade.class);
      catch (PolicyRefException e)
        reportPolicyRefException(e);
      catch (OperationNotSupportedException e)
        reportOperationNotSupportedException(e);
      }But I dont know what global.GlobalController actually is ?
I've asked Google for information but I got nothing. Do you know any documentation that describes about this controller ?
Thanks, regards !
Doubt_Man.

LDAP groups from User View

Hi All,
Can anyone tell me how I can retrieve the LDAP groups from a User View? When I retrieve a user View I don't see where the LDAP groups are located on the View. Is there an attribute I'm missing or is there an alternative mechanism to retrieve the LDAP groups from a User view?

In the user view, you will have to customize the user view form per documentation. Add a multi-select field if editing, or a list/text area using the ldapGroups from the resource. You can find more on ldapGroups in the documentation for resource adapters. Sample code also helps.

Assigning Users to Groups on LDAP thru EP

Hi,
I have configured EP6 SP7 with multiple LDAP(MS-ADS)servers. I can read/write the groups and users to LDAP through EP. But i cannot assign the users to groups through Enterprise Portal. Also if i assign users to a group in LDAP on LDAP server itself, these assignments does not show up in the portal. do i have to configure my dataSourceConfiguration_multiLDAP_db.xml file? if so then which parameter?
Please advise.
regards,
Hassan

Dear Hassan,
Need a clarification. If users are assigned to a group in LDAP, Can you see the same thing reflecting in portal?
I have configured LDAP as UME and I am able to see a group of LDAP appearing in Portal. But when I see the list of users assigned to this group, its empty.
Any clues or suggestions.
Regards,
Sreeram

Prepopulating users LDAP Group Information

Similar Messages

Maybe you are looking for