Problem with users in portal - login conflict with LDAP.

Similar Messages

• Not able to pass portal login page with valid credentials using WebDispatch

  Hi,
  We are implementing SAP BillerDirect Portal. To make BillerDirect Portal available over the internet, we Configured SAP WebDispatcher with SSL termination.  We followed the steps mentioned in SAP Help Documentaion for SAP WebDispatcher with SSL termination.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/76/6d4fa247d0d647b5bd40745400d873/frameset.htm
  We created certificate  and send it to CA (TrustCenter CA). We received the CA response and we imported the certificate.
  AS mentioned in the help document, we configured the SAP Web Dispatcher profile to support SSL termination
  We tried to access our BillerDirect Portal over the internet using below link
  https://company.com/bd
  We are getting login page, once we enter correct user ID and Password, portal is not loading (not going to next page) portal remains on same login page.
  If we enter invalid credentials portal login page is giving u201CUser Authentication Failedu201D error.
  If we try to access any portal login pages which brings a pop-up for login, login gets succeeded and we are able to see next pages
  Examples
  1)     https://company.com/bd/admin/xcm/init.do
  2)     https://company.com/monitoring/SystemInfo
  All pages which bring up portal login page without pop-up, not able to pass through portal login screen.
  We Tried the ProxyMapping option on Dispatcher using Visual admin. This option also didnu2019t work for us.
  Here is the WebDispatcher Profile
  SAPSYSTEMNAME = xxx
  SAPGLOBALHOST = xxxxx
  SAPSYSTEM = 00
  INSTANCE_NAME = W00
  DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTI386
  DIR_EXECUTABLE = $(DIR_CT_RUN)
  Accesssability of Message Server
  rdisp/mshost = hostnameofportalserver with FQDN
  ms/http_port = 8101
  Configuration for medium scenario
  icm/max_conn = 500
  icm/max_sockets = 1024
  icm/req_queue_len = 500
  icm/min_threads = 10
  icm/max_threads = 50
  mpi/total_size_MB = 80
  SAP Web Dispatcher Ports
  icm/server_port_0 = PROT=HTTPS,PORT=443
  icm/server_port_1 = PROT=HTTP,PORT=80
  icm/HTTPS/verify_client = 0
  SAP Web Dispatcher Web Administration
  icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=D:\usr\sap\xxx\W00\data\icmanroot\admin,AUTHFILE= D:\usr\sap\xxx\SYS\global\security\data\icmauth.txt
  Parameters for the SAP Cryptographic Library
  ssl/ssl_lib = D:\usr\sap\xxxW00\sapcrypto.dll
  ssl/server_pse = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
  ssf/name = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
  ssf/ssfapi_lib =  D:\usr\sap\xxx\W00\sapcrypto.dll
  sec/libsapsecu =  D:\usr\sap\xxx\W00\sapcrypto.dll
  wdisp/ssl_cred = D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
  Parameters for Using SSL to the backend server
  wdisp/ssl_encrypt = 1
  wdisp/ssl_auth = 1
  wdisp/ssl_cred = D:\usr\sap\xxxW00\sec\SAPSSLC.pse
  wdisp/ssl_certhost = hostnameofportalserver with FQDN
  wdisp/ssl_ignore_host_mismatch = true
  #ICM Parameters
  icm/HTTP/j2ee_0 = PREFIX=/, HOST =hostnameofportalserver with FQDN PORT=50000,SPORT=50001, SSLENC=1,TYPE=1, CRED =D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
  We also tried below options in WebDispatcher profile but we are getting same problem.
  wdisp/add_client_protocol_header = true
  wdisp/add_clientprotocol_header = 1
  wdisp/ssl_ignore_host_mismatch = true
  #ICM Parameters
  icm/HTTPS/forward_ccert_as_header = true
  icm/HTTPS/trust_client_with_issuer = *
  icm/HTTPS/trust_client_with_subject = *
  we also tried
  wdisp/ssl_encrypt = 0
  wdisp/ssl_auth = 0
  we also tried
  wdisp/ssl_encrypt = 2
  wdisp/ssl_auth = 2
  We are not able to resolve issue. Please help us on resolving this issue.
  Thanks
  Praveen

  ' in Host Names is not allowed. Our hosname has '_'.
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/67/be9442572e1231e10000000a1550b0/frameset.htm

• Will 2 routers running in server mode with no vtp domain defined conflict with each other when connecting over layer 2 sonet?

  Our remote site has a 3845 router running MPLS to connect back to our other 3845 locally. The ISP has provided us a layer 2 sonet connection with no other configurations necessary with the exception of configuring the layer 2 portion on our side. Both of these 3845 routers are in "server mode" with "no vtp domain" specified. Will this cause an issue/conflict when the remote router bypasses the MPLS for the faster 100MB layer 2 connection?

  Jon,
  Excellent answer. Our two 3845 routers are about 400 miles away and we're trying to bring up a layer 2 100MB sonet connection over fiber connected to the GIG0/1 port on each router. I was worried that essentially having these 2 routers back to back over layer 2 may cause issues since our remote site has a higher revision number than our local site. It appears since we're configuring an ip address on each router and then adding the network to ospf this shouldn't conflict with our 2 routers. Below is how each router VTP is configured with the exception our remote site has 1 extra VLAN and a higher revision number.
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 68
  Number of existing VLANs        : 5
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Enabled
  MD5 digest                      : 0xBF 0x86 0x94 0x45 0xFC 0xDF 0xB5 0x70

• Netboot logins conflict with real users - can I change the range?

  I'm starting to try to get Netboot/Netinstall up and working.
  I notice that it has gone and set up a bunch of logins like netboot101, netboot102, etc. using UID 101, 102, etc.
  The only problem is that we already have real users with these UIDs, as we have consistent UIDs across our company.
  Is there any way to tell the Netboot server to create its logins using a different range of UIDs?

  OK, let's back up here... What is your source for creating these NetBoot images? The network accounts with the conflicting UID's?
  Where are you seeing "netboot101, netboot102"? In Library/NetBoot/NetBootClients0? To the best of my knowledge, the only way to generate a name anything close to "netboot101" is to enable the "Diskless" checkbox on the server for the image in Server Admin. This causes the client to use the server for storing its shadowfile, rather than storing it locally.

• Problems with my online banking login and with sponsored links from google.

  I'm getting an error such as
  "Safari can’t open the page “https://home.ybonline.co.uk/ralu/loginmgr/loginSetup.ctl”. The error is: “unknown error” (kCFErrorDomainCFNetwork:303) Please choose Safari > Report Bugs to Apple, note the error number, and describe what you did before you saw this message."
  This error occurs after I enter the security login code and click on "next", so nobody else can try it. However, I have a friend who uses the same banking system, and their Safari logs in fine.
  I also get an error if I click on any of the sponsored ads on google.com - the ones at the top of the page, or down the left column:
  "Safari can’t open the page.
  Safari can’t open the page “http://www.google.co.uk/aclk?sa=l&ai=CB4mSUz5DSsHiPNiAjAfC54CZArHp95gBm6J4waDxeKsCggAEAEoA1CDr9bi-_____8BYLvGmoPQCqABg4HH_gPIAQGpAj8ptQTJlbs-qgQWT9CEfO TWNx_F8jlFL37uEIRGYIvrQ&sig=AGiWqtxzpQKj07KGtqZc7ozbMtYG3ll0sw&q=http://www.runningbare.co .uk/HOME/FITFLOPS/tabid/68/List/0/CategoryID/68/Level/a/Default.aspx%3FSortField %3DISBN,ProductName” because the page’s address isn’t valid."
  All of these work fine in Firefox. Safari is Version 4.0.1 (5530.18).
  Any ideas, please? - this is driving me crazy.

  hi jodimaca, if the bank really cannot figure on their own that they need to update the encryption configuration on their server to something contemporary, this doesn't sound particularly worthy of trusting them with your financial data.
  in particular they should provide support for TLS 1.1. and 1.2 and retire the RC4 cipher suite they seem to use exclusively - this is considered broken now and browser need to stop supporting it soon:
  https://tools.ietf.org/html/rfc7465
  https://www.ssllabs.com/ssltest/analyze.html?d=web9.secureinternetbank.com
  specifically this change in firefox 37 will cause the secure connection to the site to fail and lead to the error message you are seeing: https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
  you might want to forward this information to your bank...

• Has anyone had a problem with Sage 1.4.12 conflicting with a piece of Firefox code?

  I've had this problem before: Sage 1.4.12 downloads successfully, but doesn't appear in my add-on list, sidebar, etc. Last time it turned out there was some sort of code conflict - I needed to go into terminal mode and change a piece of code. Does anyone know what that is? (this time, I'll save the info)

  Hi SteveKatz-
  I looked around, but did not find anything. For best results I would recommend going to the Sage support forum:
  [http://getsatisfaction.com/sagerss Sage Support forum]
  Good luck!

• Mac OSX: Shortcuts with Alt for menu activation conflicts with spec. chars

  Hi!
  How can I use the Alt+N for writing "}" in my Hungarian keyboard instead of activating the Menu?
  This is very annoying since I have searched in the Accelerators, and there are no entry like "AltN".
  It is in JDeveloper 10.1.3.2.
  In OSX it is not usual that Alt activates the menu. Can I switch this function off completely somehow?

  Sorry, I'm a Mac gome, and didn't know they had function keys. Seems like it doesn't work for you however.
  Best, David.

• Possible Xcelsius conflict with IPv6

  Xcelsius and IPv6:
  We ran into an interesting issue on a client site this past week. First time implementing an install on a Windows Server 2008.
  Environment:
  Win Svr 2008
  IIS 7
  Ipv6 & Ipv4 enabled
  BOE 3.1 w/ Xcelsius 2008
  The install went flawlessly with the ability to export objects/reports to the enterprise system, etc - with no problems. However, Xcelsius had issue with trying to connect to the CMS when trying to save/export to BOE 3.1 (and ONLY Xcelsius)
  We noticed they are running a NIC with IPv4 and IPv6 simultaneously (clearly listing a long hexidecimal IP address labeled IPV6 in IPCONFIG)
  So we went into the CMC/CMS properties and there is a box to manually enter an IPv4 and IPv6 IP address, respectively. If you try to enter addresses in both boxes, when you restart the CMS -- it will reset back to the default which automatically obtains the host. Therefore, we entered purely the IPv4 address and restarted the CMS.
  First issue resolved.  We were able to then hit Enterprise from Xcelsius... until you tried to save. Then it thought the Input FRS was down. So we had to perform the same step for the Input FRS and force it to a static IPv4 address of the server.
  Using the host name didn't work (that is the other option in the server properties for each service). I imagine you could play with the host file, but then you may have to do that for each client.
  In the end forcing the IPv4 address for the CMS and Input FRS properties did the trick, but it is strange because if you used the defaults -- the publishing wizard, for example, which hits the CMS and the Input FRS when importing objects -- didn't have a single problem. Only Xcelsius appears to conflict with IPv6.
  Thoughts? We would have figured it would use the same methods to connect to communicate with enterprise as Crystal Reports client, publishing wizard, etc. However, I did notice in SAP's IPv6 documentation on the Support Portal, that although 3.1 does handle IPv6 -- Desktop Intelligence still does not. Perhaps Xcelsius should be added to that list in the documentation?
  This is fine for a server with a static IP, but if for some reason their server is using a dynamic address and relying on the host DNS -- this could be an issue.
  Thoughts?

  HI,
  I've heard this problem before, but I haven't heard of a resolution.
  The NI's GPIB driver (NI-488.2) will not work with the Measurement Computing board. Not in LabVIEW 5 or 6. If you are using the GPIB VIs in LabVIEW 5 with the Measurement Computing board is because the MC driver replaced something.
  A device driver is a software component that requires detailed knowledge of the hardware it manages. NI's driver is written to control NI's GPIB hardware ONLY. The same applies to the MC driver.
  The driver also provides a Language interface, so that you can access the driver's functionality. To program in C, a driver will provide a header file with the function declarations and a dll (or static library). For LabVIEW the driver will provide the V
  Is. These VIs are provided by the driver and developed by the driver manufacturer. Most likely these VIs are wrappers for the dll function calls. This mechanism hasn't changed between versions of LabVIEW.
  You should contact Measurement Computing. They should be able to troubleshoot the problem, since they know what their driver installs.
  DiegoF
  National Instruments.

• Font Conflict with Helvetica Neue

  I used Helvetica Neue font for about 10 years. With Leopard, there is a conflict with an existing system Helvetica Neue. But I need my old Helvetica Neue. To solve this, I have followed the steps in that article: http://discussions.apple.com/thread.jspa?messageID=6365831 but I still have conflict problem. For example, the font used in Gmail is not the good one and characters overlap. I use Suitcase Fusion.
  What can I do?

  Currently, the only way is to remove Apple's supplied versions of Helvetica. They have exactly the same internal names as the PostScript versions. Follow the instructions in section 4 of my article, Font Management in OS X, to see how to do that.
  The link, or one of the links above directs you to my personal web site. While the information is free, it does ask for a contribution. As such, I am required by Apple's rules for these discussions to include the following disclaimer.
  I may receive some form of compensation, financial or otherwise, from my recommendation or link.

• Formula Variable with User Entry

  Hi,
  I'm  confused with Formula Variable with Replacement Path and Formula Variable with User Entry.
  PLz, Explain with an example .....In which senarios  Formula Variable with Replacement Path is used and In which senarios Formula Variable with User Entry is used.

  Hi,
  Suppose you have some key figure sales.
  Now in the report you want to display 10% of sales or may be 20% of sales based on the user input.
  In this case you will define formula variable with user input. Because here percentage will be varying based on user input.
  And suppose you have a key figure price which is attribute of material and you want to use that price for calculation in the report. In this case you will define formula varible with replacement path.
  Let me know if you need more information.
  Regards,
  Mansi

• Orphan users and deleting logins but not users

  Hello there,
  First off I'm sorry if this was already posted. I've researched for the last two hours and can't seem to find the answer I'm looking for.
  So its to my understanding then when you delete a Server Login, if you have a user that uses that Login and THAT LOGIN only, once you delete the login the user is now an orphan user.
  I've been running the orphan user sp (
  USE <database_name>;
  GO;
  sp_change_users_login @Action='Report';
  GO;
  but recently I've deleted a login, the user still exists on the database, but it should now be an orphan user right? I know for a fact this user is not in any other group, and it should be an orphan user. So why isn't it? :(

  Hi Krystina,
  Your question may be that sp_change_users_login didn't detect an orphan user scenario? If so, I would recommend checking sys.server_principals and sys.database_principals to verify for certain (and if you have a reproduction of the exact issue, please post
  here).
  Here is a demo that walks through the by-design behavior (dropping login will not equate to dropping a user, and that user will be an orphaned user).  
  USE [master]
  GO
  -- Create the login
  CREATE LOGIN [TestUser] WITH PASSWORD=N'Test!!1234',
  DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF;
  GO
  -- Create a database
  CREATE DATABASE [Test];
  GO
  -- Create the user in that database
  USE [Test]
  GO
  CREATE USER [TestUser] FOR LOGIN [TestUser] WITH DEFAULT_SCHEMA=[dbo];
  GO
  -- Drop the * login * (not user)
  DROP LOGIN [TestUser];
  -- You should no longer see this long at the SQL Server instance (server) scope
  SELECT [SP].[name], [SP].[principal_id], [SP].[sid], [SP].[type],
         [SP].[type_desc], [SP].[is_disabled], [SP].[create_date],
         [SP].[modify_date], [SP].[default_database_name],
         [SP].[default_language_name], [SP].[credential_id]
  FROM sys.[server_principals] AS [SP]
  WHERE name = 'TestUser';
  -- But we didn't drop the user, so you * should * still see it within the database (by-design)
  USE [Test];
  GO
  SELECT [DP].[name], [DP].[principal_id], [DP].[type], [DP].[type_desc],
         [DP].[default_schema_name], [DP].[create_date], [DP].[modify_date],
         [DP].[owning_principal_id], [DP].[sid], [DP].[is_fixed_role]
  FROM sys.[database_principals] AS [DP]
  WHERE name = 'TestUser';
  -- And your orphan proc call will report it as well
  EXEC sp_change_users_login @Action='Report';
  Best Regards, Joe Sack, MVP, SQL MCM | SackHQ.com

• How to create a user that can login the LDAP?

  I want to create a user that can login the OID/LDAP. I know how to create a user, it is allowed to login OIDDAS, but I also want the user to grant access to ldap directly. How do i do that?
  And how can I give it read rights and or update/delete rights on a specific tree?
  Regards
  Eelco

  Eelco,
  did you see the OiD developers guide? Here you find some examples how to create users in OiD using pl/sql or java.
  http://download-west.oracle.com/docs/cd/A97329_03/manage.902/a95193/smplcode.htm#637294
  how to use directory access control can be found in
  http://download-west.oracle.com/docs/cd/A97329_03/manage.902/a95192/access.htm#1054232
  --Olaf

• Problem with creating new user in portal = portlet is not visible

  Hi,
  I've got a problem with creating new users in portal. In the Administer tab of the builder is the user portlet not visible.
  How can I make this portlet visible?
  Please Help
  thank you...
  Gilbert

  Hi..my problem slightly similar.
  I created one new user, and didn't select anything from "Public Groups Assignment" and "Privilege Assignment" for him.
  I expect the user will be a public user.
  But, when he try to logged in the portal,
  He cannot see all the PORTLETS related to database values..
  All he can see just LINKS -that all in my portal right now beside the report from database that the user cannot see :)
  So, what did i do wrong?
  Plz Advise, and thanks.

• How to login with different User in Portal

  Hi Experts,
  My requirment is quite different here, I want to login with different user in single login.
  My senario is like this for your understading...
  First I have loged in with one user and go to the one customized screens where I have list of all the portal users in a drop down.
  Here I am selecting one User from the list and Click on Submit button...then new window should open with this(selected) user login...
  Can anybody suggest me that what I suppose to do this to achieve this.
  what are parameters new user expects for login?
  what 'll be my approach for this?
  Thanks in Advance,
  Vikas

  Hi Prem,
  Thanks for your answer...
  The URL..
  http://server:50000/irj/portal?j_user=QAEmEsLAComR&j_password=Pa$$word
  it works only when, do this on fresh browser .. if someone has already Logged in and then try to open with different user name then it won't work.
  if I'll change URL with other user in the same browser like this..
  http://server:50000/irj/portal?j_user=demouser&j_password=Pa$$word
  then shows only previous page.
  But my requirement is to open different user page from the already logon user.
  Thanks, Vikas

• Problem about SSO using logon ticket  with user mapping

  Hi everyone ,
  I had done SSO with Portal , BW and R/3 system.
  I use logon ticket with user mapping .
  When user name is same in Portal as in R/3 system, or user name is same in Portal as in BW , user can access R/3 transactions and BW report without logon.
  There are some Portal users name which are different with R/3 user and  BW user. And I done the user mapping for these  user.
  But some user mapping works fine,but most of them can't work,means that most of them need to enter mapped user ID and password.
  What's the reason?
  When SSO using logon ticket with user mapping, the Portal user which is different with R/3 user and BW user,  can they access R/3 transaction iview and BW report iview without logon?

  Hi Chen,
  What you have done is correct. But the problem lies here.
  Since you are using the same system object for accessing the iview, where the ticket method is set to SAPLOGONTICKET in the user Management property of the system object.
  To avoid this create another system object like the previous one but set the logon method to UIDPW and select admin, user from the drop down box. Also create a system alias for this system.
  Now create another iview like the previous one but link this iview to the new system. Now do the user mapping for the users which are different in portal compared with R/3. Now you should be able to login without any problems.
  Another important point is login to portal with Fully qualified domain name. In the ITS property of the system object also give the FQDN.
  Hope this helps
  Regards
  Arun