Problem about BIEE Integration with LDAP

Similar Messages

• A problem about Portal integration with R/3 ?

  Hi everyone :
    We want implement that many Portal users(vendor user) mapping one R/3 user(vendor user),and the the Portal user(vendor user)could query R/3 report via Portal ,and everyone vendor user can query his data only,they can't query the other vendor's data.
    Of course ,we must do some develop.
    I think this problem is general, and most of Portal project would meet this problem.
    Is it possible ?
    Is there somebody had solved this problem ?
    Any discuss is welcome!
  Best Regards,
  Jianguo Chen

  Hi Chen,
  If u r going to call RFM ,u can pass the portal userid as a parameter in the function call and maintain a ztable on R/3 side having fields Portal user id and Vendor id.
  Based on that u can get the vendor id and filter the report data accordingly ,u may also display the Vendor id on the portal iview by passing the same from the R/3 side. I think this is possible u may try this out.
  Best Regards
  Anand

• Forte integration with LDAP

  Hi.
  Has anyone successfully integrated with LDAP using the C library from
  LDAP SDK?
  Currently I'm facing a problem when I tried to generate the C++ wrapper
  for the C library. The compiler is unable to resolved the data type of
  some data structs. This is because the definition for these structs are
  not defined in any of the include files provided. According to the LDAP
  SDK doc, this is because the fields for those data structs are not
  intended to be accessible to the clients.
  That is why in my wrapper project, I defined these struct, each has the
  property Opaque = TRUE.
  The following is the error message:
  BEGIN FILE
  Working directory is d:\forte\tmp\cg13\pc_nt\ldapsrch
  Processing BOM file: LDAPSrch.bom
  Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 11.00.7022 for
  80x86
  Copyright (C) Microsoft Corp 1984-1997. All rights reserved.
  LDAPSrch.cc
  LDAPSrch.cc(70) : error C2027: use of undefined type 'BerElement'
  LDAPSrch.cc(127) : error C2027: use of undefined type 'LDAP'
  LDAPSrch.cc(184) : error C2027: use of undefined type 'LDAPMessage'
  LDAPSrch.cc(203) : error C2733: second C linkage of overloaded function
  'ldap_init' not allowed
  LDAPSrch.cc(204) : error C2733: second C linkage of overloaded function
  'ldap_simple_bind_s' not allowed
  LDAPSrch.cc(205) : error C2733: second C linkage of overloaded function
  'ldap_perror' not allowed
  LDAPSrch.cc(206) : error C2733: second C linkage of overloaded function
  'ldap_search_s' not allowed
  LDAPSrch.cc(207) : error C2733: second C linkage of overloaded function
  'ldap_first_entry' not allowed
  LDAPSrch.cc(208) : error C2733: second C linkage of overloaded function
  'ldap_next_entry' not allowed
  LDAPSrch.cc(209) : error C2733: second C linkage of overloaded function
  'ldap_get_dn' not allowed
  LDAPSrch.cc(210) : error C2733: second C linkage of overloaded function
  'ldap_first_attribute' not allowed
  LDAPSrch.cc(211) : error C2733: second C linkage of overloaded function
  'ldap_next_attribute' not allowed
  LDAPSrch.cc(212) : error C2733: second C linkage of overloaded function
  'ldap_get_values' not allowed
  LDAPSrch.cc(213) : error C2373: 'ldap_value_free' : redefinition;
  different
  type modifiers
  LDAPSrch.cc(214) : error C2733: second C linkage of overloaded function
  'ldap_ber_free' not allowed
  LDAPSrch.cc(215) : error C2733: second C linkage of overloaded function
  'ldap_msgfree' not allowed
  LDAPSrch.cc(216) : error C2373: 'ldap_memfree' : redefinition; different
  type modifiers
  LDAPSrch.cc(217) : error C2733: second C linkage of overloaded function
  'ldap_unbind' not allowed
  cl /W3 /Gf /GX /MD /c /Ob1 /vmg /DSTRICT /DWIN32 /D__WIN32__
  /DLIBOO_DLL
  WIN32_LEAN_AND_MEAN /Id
  :\forte\install\inc\cmn /Id:\forte\install\inc\os
  /Id:\forte\install\inc\ds
  /Id:\forte\install\inc\handles /Id:\forte :\forte\LdapAPIs\include
  /FoLDAPSrch.obj /Tp LDAPSrch.cc
  So, please advise on how should I proceed.
  Thanks in advance.
  from: suen
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

  Hi Anoop,
  To adapt an SAP Workflow, you can create a configuration. In this configuration you can redefine values for steps of the workflow definition. These values are evaluated at runtime instead of the values originally defined.
  You can configure the following step types:
  Activity
  User decision
  Document from template
  Wait
  Moreover,Features
  You can set the following data individually in the step definition of the configurable step types:
  1)Responsible agents
  2)Excluded agents
  3)Message recipient for completion
  4)Priority
  5)Requested start
  6)Indicator denoting whether the step is included in the    workflow log
  7)Activation of a latest end, a latest start, or a requested end with the reaction Send mail
  This URL privides info about various workflow codes http://help.sap.com/erp2005_ehp_02/helpdata/en/9b/572614f6ca11d1952e0000e82dec10/content.htm
  Regds,
  Krutarth
  ·        Reference date/time for latest end, latest start, and requested end
  ·        Message recipient for missed deadline
  ·        Information about the work item display

• NAC integration with LDAP

  Is possible this integration?. The idea is that the agent will do authentication with LDAP directly

  Hi Anoop,
  To adapt an SAP Workflow, you can create a configuration. In this configuration you can redefine values for steps of the workflow definition. These values are evaluated at runtime instead of the values originally defined.
  You can configure the following step types:
  Activity
  User decision
  Document from template
  Wait
  Moreover,Features
  You can set the following data individually in the step definition of the configurable step types:
  1)Responsible agents
  2)Excluded agents
  3)Message recipient for completion
  4)Priority
  5)Requested start
  6)Indicator denoting whether the step is included in the    workflow log
  7)Activation of a latest end, a latest start, or a requested end with the reaction Send mail
  This URL privides info about various workflow codes http://help.sap.com/erp2005_ehp_02/helpdata/en/9b/572614f6ca11d1952e0000e82dec10/content.htm
  Regds,
  Krutarth
  ·        Reference date/time for latest end, latest start, and requested end
  ·        Message recipient for missed deadline
  ·        Information about the work item display

• CUP (AE) integrated with LDAP

  Hi GRC Guys,
  I had a question about the integration between CUP (AE) and LDAP.
  I know that with LDAP as the detail user source and Manager as the standard approver, AE will automatically find the manager and route the approval flow to this person. However my request is can we use this LDAP integration to automatically find the manager's manager, or more freely any person within the organization? Do we need to use some CAD to realize this?
  Thanks.
  Benny Ren From Deloitte GRC Team

  Dear Alpesh,
  Many thanks for your reply.
  Since LDAP is not able to achieve my goal, can HR system do that?
  I have very little information about the integration between HR system and CUP (AE). Can you shed me some light on where to find that?
  Best Regards,
  Benny Ren

• WLC integration with LDAP

  Hi all and thank you in advance for any you help/advice you might be able to offer....
  I'm having problems getting a WLC (7.0.220.0) working using LDAP (Windows 2008). This evening, in an effort to troubleshoot the problem further, I have configured the customer's ASA to use LDAP too and run a test....as you can see below, the test works flawlessly (on the ASA).
  aaa-server LDAP_TEST protocol ldap
  aaa-server LDAP_TEST host x.x.x.x
  server-port 389
  ldap-base-dn OU=Users,OU=IT Dept (South),DC=yyy,DC=co,DC=zzz
  ldap-scope subtree
  ldap-login-password *
  ldap-login-dn CN=ldap,OU=Users,OU=IT Dept (South),DC=yyy,DC=co,DC=zzz
  server-type microsoft
  ASA/act# test aaa-server authentication LDAP_TEST host x.x.x.x username ldap password password
  INFO: Attempting Authentication test to IP address <x.x.x.x> (timeout: 12 seconds)
  INFO: Authentication Successful
  ASA/act#
  Now, my understanding is that the ASA only supports PAP (clear text) as Authentication method when communicating to an LDAP server....while on the Controller, I am using EAP-FAST....so my understanding would be that only EAP-FAST/GTC or EAP-FAST/MSCHAPv2 (IF the LDAP server is setup to return a clear text password) are supported.
  On the Controller, I am using the very same settings as I have used on the ASA (for the LDAP server configuration). However, users are still unable to Authenticate....they Associate, but do not Authenticate. The clients are all Windows 7 and are setup to use the in-built Cisco EAP-FAST as Authentication method. We are not using certificates.
  The thing is that I'm pretty sure that both the Windows 7 clients and the Controller are setup correctly but, as I said, the clients are still unable to authenticate.
  I guess that my questions are these:
  - on the client side, you can setup the laptops to use "Any method" as authentication method...but how does this exactly work? do they try both EAP-GTC and EAP-MSCHAPv2 (i.e. if it can't authenticate through EAP-GTC will then try EAP-MSCHAPv2?)
  - is it better to hardcode the clients to use EAP-GTC or EAP-MSCHAPv2 (instead of default "Any method")....when working on an LDAP environment
  - how can I check that the MS 2008 server is indeed setup to "return a clear text password" if using EAP-FAST/MSCHAPv2 (and I do realize that this is probably a question for a Microsoft forum)
  - how can I check the the LDAP server is configured to support EAP-GTC and/or EAP-MSCHAPv2??
  Thanks again.

  This is not an acceptable answer.  Steve, do you work for Cisco, or are you commenting on personal experience & knowledge?
  I have had a working RADIUS configuration for 2 years+ of an ASA 5510 for authentication of AnyConnect SSL & IPSEC VPN clients with AD, and a WLC 2106 for authentication of WPA2-Enterprise w/802.1x certificates with AD.  Both were configured to communication to the same RADIUS server that is a Windows Server 2003 DC with IAS/RADIUS and a CA installed.  During the planning for installing a new Windows Server 2008 R2 DC, I decided to attempt to remove my reliance on RADIUS since authenticating directly with LDAP is becoming more common.  I was successfully able to configure our ASA to do direct LDAP queries to AD, but similar to "superduperlopez" and "rschwenderman", I have been unable to configure the WLC the same way.
  I feel like the following line in Cisco's documentation is unsatisfactory:  "For example, Microsoft Active Directory is not supported because it does not return a clear-text password."
  I would take this to mean that the ASA is working correctly due to either:
  A) The ASA is accepting clear-text passwords from AD, and AD is configured to pass clear-text passwords, or
  B) The ASA is not accepting clear-text passwords from AD, and AD is not configured to pass clear-text passwords
  Now this would lead me to the following:
  A) Cisco has not properly updated the WLC documentation to instruct users how to correctly configured the WLC to do backend LDAP queries, or
  B) Cisco has not implemented the technology changes that were made in the ASA to the WLC
  This frustrates the average network admin, as it is seen by us as "If the ASA can do it, why can't the WLC".  Also, don't get this confused with any "client" issues, as all that is being asked for is the WLC to using a different backend "authentication" server while not modifying the client side at all.  The concept of "Local EAP" seems to fit, but doesn't work.
  I would really appreciate someone giving some insight on this topic, as there are three customers on this forum post that have had the same problem withing the last 2 months.
  The previous posters, and myself, are not looking for someone to retype the documentation, but rather explain how it is working on one of Cisco's security products, but not the other.

• 4402 Integration with LDAP

  I need to integrate 4402 Controller with Active Directory.
  If I have two distinguished names, can I use two OU like:
  OU=HQ,OU=Branch1,DC=DC1,DC=com
  Is it OK???
  shall I use spaces between the patrs?
  Please any useful points I should consider them?

  Thank you,
  I already have the configuration guide,
  but this is the first time that I need to do the configuration between the LDAP and controller. and I did not find information about many things like:
  how to got the distinguished names?
  if I have more than one distinguished name, how I should deal with this issue?
  what about EAP configuration? Is there any recommended EAP with LDAP??

• Help! problem about jstl sql with "LIKE?" in query

  Hi All,
  I have a problem about getting data by using "LIKE" in my sql statment.
  here is my case:
  <sql:query var="tmp">
  SELECT ...... FROM ...
  WHERE a LIKE ?
  <sql:param value="%${param.a}%"/>
  </sql:query>
  Once I used "LIKE" keyword, the query failed to use this critica.
  and couldn't find any match cases
  thx or help
  Micheal

  besides, i found that:
  this works:
  "AND a.block LIKE '%' + 'a' + '%'"
  but these don't work:
  "AND a.block LIKE '%' + 'a' + '' + '%'"
  or
  "AND a.block LIKE '' + '%' + 'cp' + '%'"
  or
  "AND a.block LIKE '%' + 'cp' + '%' + ''"
  it seems '' is the casue of error... so strange, anyone has idea?
  micheal

• 10g BIEE integrated with 10.1.4.3 SSO problem

  I have an interesting issue. I am setting up 10g BIEE with SSO on Solaris. I have it working fine on Windows but customer is moving. When I log in, I get rediected to sso and authenticated as expected. My authentication init block works, it gets an atributure from LDAP. However on the Answers page I see errors and in the sawserver.out.log, I see that my session is being reassociated from the USER id that is set in the init block to the REMOTE_USER value. The log entry, with identifying names and IPs removed looks like:
  Type: Warning
  Severity: 30
  Time: <current time>
  File: project/websubsystems/checkauthentication.cpp Line: 520
  Properties: ThreadID-7;HttpCommand-Answers;Proxy-<correct name>;RemoteIP-XX.XX.XX.XX;User-<correct name>;HttpArgs-_scid='2ezRVzXDAD
  g';Impersonator-Impersonator
  Location:
  saw.httpserver.request
  saw.rpc.server.responder
  saw.rpc.server
  saw.rpc.server.handleConnection
  saw.rpc.server.dispatch
  saw.threadPool
  saw.threads
  The session (ID: 5607n8f4oph2khenp068d2athamisqtnqtcoumizOr07UFe9W00) previously associated with "<correct name>" is now associat
  ed with "<REMOTE_USER>" (via SSO identity assertion). The caller's session will be reset.
  It goes on to say Authentication context has changed. Clearing session ID cookie and redirecting. Recorded incident
  Has anyone seen this? I don't know why the session is being reassociated with the wrong name. we have lots of saved reports tied to the value of <correct name> so I need to make this configuration work. It's like it's losing the value set in the init block and defaulting back to the value in REMOTE_USER, which messes everything up.

  I am starting to agree, the authentication init block has no use to sso authentication it is only used if you want to authenticate users against OID. The errors on Solaris are probably expected behavior. We are doing it to ourselves, but in Windows it probably works because the UNIX/LINUX version was written after Oracle bought the product, Siebel only had it for Windows, that code is different and they either suppress the error or don't even do that authentication check at all.
  thanks, I'm going to close this one.

• About EP(on UNIX) UME integration with LDAP

  Hello guys,
  We want  that UME use LDAP(read-only) as data source  .
  Our EP installed on UNIX , LDAP on Windows.
  Connection data
  Server Name:    sapsso
  Server Port:      389
  User:               p106658 (an administrator user)
  Password:        ******
  User Path : ou=test,c=us,o=gnpjvc 
  Group Path:  ou=test,c=us,o=gnpjvc
  We fill the data reference document on help websit :Configuring the UME to Use an LDAP Directory as Data Source   .
  But test connection always failed.
  Is there any solution?
  Thank you!
  Louis

  Hi,
  check your JDK version, some SUN version (>1.4.2_13) won't work with Kerberos. Start with SAP Note 968191 to gain more information.
  For checking the Java JDK parameters and recommendations / bugs, take a look at these Notes:
  716604    for the Sun JDK (Windows, Linux, Solaris)
  716926    for the HP JDK (HP-UX)
  716927    for the IBM JDK (AIX)
  1234382   for the IBM JDK IT4J (IBM i, iSeries, OS/400)
  717376    for the IBM JDK Classic (IBM i, iSeries, OS/400)
  746299    for the IBM JDK (Linux for zSeries)
  810008    for the IBM JDK (Linux on POWER)
  861215    for the IBM JDK (Linux on AMD64/EM64T)
  br,
  Tobias

• SAP IDM Integration with LDAP VS Rest.

  Hi,
  I'm looking for an best approach through I can integrate my custom application with SAP IDM 7.2. I have read couple of article and found IDM is based on VDS and allow LDAP as well as Restful web services.
  Would like to know the best approach.
  Here what I want to achieve:
  1. Dynamic Schema detection for User, Role and Employee
  2. Get all User List and there corresponding Role.
  3. Password Reset/Set/Change
  Thanks
  Shital

  Hi Nits,
  This guide presents the official SAP Connectors for IdM. SAP and 3rd-party.
  It seems that are no official connector for ADOBE CQ and HYBRIS.
  But you can build you own connector. (JDBC, WebServices, LDAP)
  Using the same concept as the SAP Standard connectors, Folders (Aplication Actions, Plugins) HOOK Tasks.
  It will depended in what integration layer this solutions offer.

• The problem about the interMedia with JMF

  I have done the following things:
  1. Add jmfordim.jar into my client computer's CLASSPATH
  2. Using JMFRegistry, Add "oracle.ord" into both my client's "protocol Prefix List" and "Content Prefix List" in PackageManager tab, commit on both.
  My computer is a client, and the Oracle 9i database and the intermedia are installed on another server with the service name "CAO". I use the JMStudio on my computer.
  But when I use the URL :"im://oci8/CAO/scott:tiger/SELECT t.aud.getcontent(), t.aud.getmimetype() FROM TAUD t WHERE n = 1 " and add into the JMStudio's OpenURL,
  it can't work correctly.
  Would you please tell me the reason? Thank you very much!

  Can you post the error message? Or print out a java stack dump with the exception text?
  There can be problems in different areas, without the error information, I cannot hope to tell you why it does not work. Perhaps you don't have the orcale JDBC driver in your path?
  Larry

• About OLS integration with OID whitepaper on OTN...

  My OID Support customer tried to follow the steps in this how-to but it failed:
  http://www.oracle.com/technology/deploy/security/db_security/howtos/ols_oid-how-to.html
  PROBLEM:
  Encountered an error at step 13. on page 6. If the DB had OLS the error statement was:
  " Error updating provisioning profile -ERROR.
  Provisioning Profile Already Exists..
  The Provisioning Profile for the
  Application could not be created." ,
  else the error messages was,
  " Error updating provisioning profile -ERROR [LDAP:error code 50 - Insufficient  Access Rights]
  The Provisioning Profile for the Application could not be created.",
  CAUSE:
  That cn=dbcreator account in the how-to does not have priviledges to create prov profile.
  SOLUTION:
  The OLS doc's says to use "an admin" so my customer tried root "cn=orcladmin" instead and it worked. (I have no idea if using this account would present any problems for OLS later on though.)
  REQUEST:
  Whomever wrote that how-to - please modify the steps to avoid this problem.
  Tx

  Hi there,
  thanks for reporting this glitch; will take care of this shortly, Peter

• WLC integration with LDAP to authenticate domain users without Radius

  Dear All,
       I have a WLC 4404 with LWAPs, the customer has a microsoft LDAP and all users are joined to the domain and he wants the users to be authenticated against their domain accounts and this should be done automatically so that when users login to windows they are also authenticated and joined the WLAN.
  so how we can do that with the simplest way, without Radius server using only the LDAP and wwithout envolving any certificates.
  also i need to know when i add LDAP server to the WLC, how can i know that this LDAP is properly inegrated with the WLC ?
  thanks and BR

  Hi,
       I have followed the following document to make users authenticate against their AD domain accounts:
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml
  the device and the root of PKI certificates for the WLC were generated and installed successfully on the WLC, and now we are in the client (end user) part starting from the section "Generating a device certificate for the client" page 17, which as per the document to be done from the client PC using the client domain account, which consequently means this process is to be repeated for each end user separately, so my question is there any way to generate some sort of general certificate for all clients to be pushed through group policy to all client instead of making it PC by PC ?

• Problem in AD Integration with WLS

  Hello,
  I have successfully integrated Active directory with weblogic server. And i am able to see user list in security Realm -> myrealm -> Users and Groups. I am also able to login to webcenter spaces and also to content server.
  In my active directory there are different OUs. so i have created different Authentication Providers in Security Realms >myrealm >Providers depending upon the OUs. I have set control flag of all the providers to SUFFICIENT*. Even same for DefaultAuthenticator. And my sequence is
  DefaultAunthenticator*
  ADAuthenticatorOU1*
  ADAuthenticatorOU2*
  I am able to login with users from all the three providers.
  But whenever i tried to create a group space in webcenter spaces or even any other activity with AD users it throws error like User: XXXXXXXXX not found in identity store.
  When i tried to login using DefaultAuthenticator(Weblogic) I was able to create group spaces but not able to search users from AD. However i was able to search users from DefaultAutherticator.
  I have tried reordering the sequence and also changing the control Flag but it didn't work.
  What should be the sequence and what should be the control flag status ?_
  Please Help.
  Thanks
  Edited by: Navin K on Jan 20, 2011 11:50 AM

  Thanks for the reply.
  In my case both Webcenter spaces and UCM are part of the same domain. But still i'm getting the error.
  I'm able to login usnig AD user, Do i still need to configure JPS provider for webcenter spaces? Please help me what changes to be made to be able to search users while adding them to any newly created group space.
  Please help.
  Thanks