Provisioning multiple Solaris servers, need consistient uid
I will be provisioning users to a number of Solaris servers using Identity Manager. However in order to accomodate some internal applications the user must have the same numeric uid for a particular user on all Solaris servers. The only way I can think of doing this is to create a database table and whenever I create a new user get the next value and use that as the uid.
Anyone else with any suggestions on how to do this? I would have liked to have the first server in the provisioning order simply assign the uid and then use that same uid for the other servres, but I can't find a way to use a value from one provisioned server on another server when they're both being provisioned in the same Identity Manager Save operation.
We had some help setting this up .. this is a rule which returns a unique uid:
<Rule name='UidDBRule' createDate='1195697964630' lastModifier='Configurator' lastModDate='1195701542165' lastMod='26'>
<block>
<defvar name='value'/>
<defvar name='type'>
<s>mysql</s>
</defvar>
<defvar name='driverClass'>
<s>org.gjt.mm.mysql.Driver</s>
</defvar>
<defvar name='url'>
<s>jdbc:mysql://%h:%p/%d</s>
</defvar>
<defvar name='host'>
<s>localhost</s>
</defvar>
<defvar name='port'>
<s>3306</s>
</defvar>
<defvar name='db'>
<s>dbname ..</s>
</defvar>
<defvar name='userName'>
<s>dbuser ..</s>
</defvar>
<defvar name='passwd'>
<s>dbpass ..</s>
</defvar>
<setvar name='value'>
<add>
<invoke name='queryString' class='com.waveset.util.JdbcUtil'>
<map>
<s>type</s>
<ref>type</ref>
<s>driverClass</s>
<ref>driverClass</ref>
<s>url</s>
<ref>url</ref>
<s>host</s>
<ref>host</ref>
<s>port</s>
<ref>port</ref>
<s>database</s>
<ref>db</ref>
<s>user</s>
<ref>userName</ref>
<s>password</s>
<ref>passwd</ref>
<s>sql</s>
<s>Select uidNumber from user</s>
</map>
</invoke>
<s>1</s>
</add>
</setvar>
<invoke name='sql' class='com.waveset.util.JdbcUtil'>
<map>
<s>type</s>
<ref>type</ref>
<s>driverClass</s>
<ref>driverClass</ref>
<s>url</s>
<ref>url</ref>
<s>host</s>
<ref>host</ref>
<s>port</s>
<ref>port</ref>
<s>database</s>
<ref>db</ref>
<s>user</s>
<ref>userName</ref>
<s>password</s>
<ref>passwd</ref>
<s>sql</s>
<concat>
<s>update user set uidNumber=</s>
<ref>value</ref>
</concat>
</map>
</invoke>
<ref>value</ref>
</block>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</Rule>The dbtable has one single attribute, called uidNumber, and I initially set it to 15000, to make sure that sim-users would not get uidnumbers allready in use on our redhat servers.
I ended up using the rule in the Redhat Linux User Form, like this:
<Field name='global.unixId'>
<Display class='Label'>
<Property name='title' value='unixId: '/>
</Display>
<Default>
<rule name='UidDBRule'/>
</Default>
</Field>
Similar Messages
-
User Account Authentication across multiple Solaris servers - Best Practice
Hi,
I am new to Solaris admin and would like to know the best practice/setup for authenticating user accounts across multiple solaris servers.
Currently we have 20 - 30 Solaris 8 & 10 servers which each have their own user accounts setup. I am planning to replace these with a similar number of Solaris 10 servers and would like to centralise the user accounts and their authentication.
I would be grateful for any suggestions on the best setup and any links to tutorials.
Thanks
Joolsi would suggest LDAP + kerberos, LDAP for name lookups and krb5 for auth. provides secure auth + extensable directory for users and other apps if needed. plus, it provides a decent spring board to add other unix plats into the mix since this will support any unix/linux/bsd plat. you could integrate this design with a windows AD env if you want as well.
[http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp] sol + ldap+ AD
[http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server] sol + ldap (openldap)
[http://aput.net/~jheiss/krbldap/howto.html] sol + ldap + krb5
now these links are all using some diff means, however they should give you some ideas as to whats out there. sol 10 comes with suns ldap server and you can use the krb5 server which comes with it as well. many many diff ways to do this. many many more links out there as welll. these are just a few. -
DMS need to send the same document to multiple content servers
Dear Experts,
We are implemeting DMS with three content servers(A,B,C locations).We have requirement that need document must save on 3 content servers and user can see document from any one of them.
As per understanding while create document ECC system ask which content server need to save,We can select one of content servers.
Kindly give me answers for below questions
- Is there any posibility to select multiple content servers which creating document?
- Is there any posiblity to shared repository for 3 servers?
Please advice on the requirement.
Thanks in advace.
Regards,
Santhosh.Dear Santhosh...
for this kind of scenario SAP Provide
Content Servers and Cache Servers
Any number of content servers can be installed in different locations. The contents are transferred directly between the client and content server. A cache is used to store copies of documents when they are accessed for the first time. As a result, the documents can be accessed again more quickly, since the contents are taken directly from the cache. Caching, however, must not be confused with replication.
With caching, the original documents are stored in one location, namely on the content server. The copies in the cache can be replaced with newer content at any time.
Follow the link ..it will help you
http://help.sap.com/saphelp_nw04s/helpdata/en/02/804d3ccd6fba74e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/7f/fba637fcf7dc39e10000009b38f8cf/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/21/f36c11389511d5992200508b6b8b11/frameset.htm
for the installation process Content Servers and Cache Servers
follow the link
[SAP Content Server for Windows Installation Guide|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/cfa73246-0a01-0010-71b4-bc21ccb45c99?quicklink=index&overridelayout=true]
or see this post...
Content Repository & Content Category
Regards
Tushar Dave -
Need help figuring out why multiple X servers screws up keyboard
This is a bit tricky to explain so I hope I can be clear enough.
Normally when running under X the key sequences like ALT-F1 or CTRL-ALT-DEL are trapped by the X server. This forces you to use CTRL-ALT-F1 and CTRL-ALT-DEL doesn't usually do anything unless you set it up in your window manager or whatever.
I'm running multiple X servers on my machine, one on the default VT7 and another on VT8 (both using the same keyboard, mouse, and video cards). The problem is when I start the second X server the first one stops trapping those special sequences. In other words, if I press ALT-F1 in the first X server it actually changes to VT1 or if I press CTRL-ALT-DEL it shutdown/reboots the machine. The second X server works like normal and traps those sequences.
Anyone know what's going on? It is some sort of problem with sharing the keyboard between two X servers? I used to run this configuration years ago and never had a problem.
Last edited by oz (2012-01-11 20:57:24)Pressing Alt-Sysreq-R ("raw" keyboard mode magic key) seems to do the same thing. Is there some way to reset the keyboard back to normal after doing that? Without restarting X.
-
Multi Seat Mode - Multiple X Servers on 1 Machine
I need to configure a SunBlade 2000 configured with an XVR1000 graphics board to be used by 2 people simultaneously with the own keyb & mouse.
To summarize :
1 Sun Blade 2000
1 Xvr1000
First Port connected to one monitor /dev/fbs/gfb0a
Second Port Connected to a second monitor /dev/fbs/gfb0b
2 Keyb & 2 mouse connected to the 4 USB ports
The 2 monitors must be handled by to istances of X server (2 dtlogin prompt) so the 2 people can work
indipendently.
I tried the following procedure with NO success.
Does anybody can help me ?
Thanks in advance
Luigi Paganini
=============================================================================
In recent versions of Solaris, the Xsun keyboard & mouse DDX modules
have been extended to support multiple keyboards and mice on Solaris.
The Xorg server on Solaris x86 has similarly been extended to support
multiple mice, but not yet multiple keyboards.
Unfortunately, this is not a very well documented feature, though it is
supported - but you must pay close attention to the configuration
instructions and Limitations described below.
There are currently two choices for configuring X on a machine with
multiple input devices:
* One X server with the extra devices available via the X Input
extension (commonly used for accessibility helper programs, or for x86
laptop users)
* Multiple X servers, each with its own set of input & output
devices ("multi-seat" mode)
The two methods can be mixed on a single machine - when configuring you
simply need to determine which X server each device is going to be
associated with.
Requirements
* Solaris 9 FCS or later (SPARC or x86)
* USB-capable machine
* For Solaris 9, USB patch 115338-01 (sparc)/115339-01 (x86) or
newer. For Solaris 10, s10_17 or newer.
Limitations
Due to the nature of USB and Sun's implementation, USB devices may get
different numbers when initialized or hot-plugged in a different order.
A partial solution is to use the full path name under the /devices
hierarchy - this is tied to the physical port a device is plugged into,
so the order is no longer a problem, but devices must always be plugged
into the same port this way.
Xsun Configuration
The following sections may be added to either
/etc/openwin/server/etc/OWconfig or /usr/openwin/server/etc/OWconfig.
Xsun reads both when starting up and merges their contents.
* 1. Run ls -l /dev/usb/hid* to see what the existing device names are.
* 2. Attach the additional input devices to the machine
* 3. ls -l /dev/usb/hid* to see what the newly attached device names
are. Note at the end of each symlink line it will list whether it is a
keyboard or a mouse.
* 4. Add lines of the following form to OWconfig, one for each
device, and each with a unique name beginning with "IMOUSE" or "IKBD":
# sun Keyboard module
class="XINPUT" name="IKBD2"
dev="/dev/usb/hid2" strmod="usbkbm"
ddxHandler="ddxSUNWkbd.so.1"
ddxInitFunc="ddxSUNWkbdProc";
# sun Mouse module
class="XINPUT" name="IMOUSE2"
dev="/dev/usb/hid3" strmod="usbms"
ddxHandler="ddxSUNWmouse.so.1"
ddxInitFunc="ddxSUNWmouseProc";
* 5. To configure multiseat mode, add a section to OWconfig to
associate each keyboard, mouse, and frame buffer with a specific display
(in this case ":1"):
class="XDISPLAY" name="1"
coreKeyboard="IKBD2" corePointer="IMOUSE2"
dev0="/dev/fb1";
* 6. Test your configuration. For multiseat mode, run an Xserver on
the display you listed (xinit :1 or add a line for :1 to
/etc/dt/config/Xservers ). For use with the X input extension, restart X
and run xinputdev -l (source code here) to list the devices the server
sees. You can also run xinputdev -k & xinputdev -m to switch your core
keyboard and mouse to the specified devices.The report gets called via the rwservlet (hope that answers your question correctly)
The application is in OAS.
The separation i require is both in the database and the reports themselves.
For example let's say i have devapp and testapp - both the exact same app. But they both need to access reports under the same key, but the report needs to get its info from its respective dev and test databases. The key is hardcoded so can't change.
If i understand correctly (a big "if"), the cgicmd.dat file tells wich report to grab and which database to connect to based on the key. Is there a way to have separate key map files (cgicmd.dat) called by separate applications? So that devapp will get Report1 using devdatabase, where testapp wil get Report1 using testdatabase?
It may not be possible to do this kind of server consolidation, I just need to know one way or another for sure - and if it is possible, how to proceed. -
How to configure multiple RAS servers?
Hi
'Crystal Reports Server Embedded XI R2 - Sizing and Configuration Guide'
It mentions that we can get more license and add the servers in ClientSDKOptions.xml.
<ServerInfos version="2" xsi:type="CrystalReports.ServerInfos" id="1">
<ServerInfo version="2" xsi:type="CrystalReports.ServerInfo" id="2">
<Server>SERVER1:1566</Server>
<Adapter>TCPIP</Adapter>
</ServerInfo>
</ServerInfos>
<ServerInfos version="2" xsi:type="CrystalReports.ServerInfos" id="1">
<ServerInfo version="2" xsi:type="CrystalReports.ServerInfo" id="2">
<Server>SERVER2:1566</Server>
<Adapter>TCPIP</Adapter>
</ServerInfo>
</ServerInfos>
I tried this and added ClientSDKOptions.xml file in the web application lib directory
Added that to PATH
Our application uses (Crystal-2008 / rasapp.jar /rascore.jar)
com.crystaldecisions.sdk.occa.report.application.ReportClientDocument
When i commented out rcd.setReportAppServer(sn); it is not picking up from the XML file.
I am getting the below error
com.crystaldecisions.sdk.occa.report.lib.ReportSDKServerException:
There is no server specified.---- Error code:-2147217390 Error code name:serverNotFound
at com.crystaldecisions.sdk.occa.report.lib.ReportSDKServerException.throwReportSDKServerException(Unknown Source)
at com.crystaldecisions.sdk.occa.report.application.ReportAppSession.a(Unknown Source)
at com.crystaldecisions.sdk.occa.report.application.ReportAppSession.int(Unknown Source)
at com.crystaldecisions.sdk.occa.report.application.ReportAppSession.initialize(Unknown Source)
at com.crystaldecisions.sdk.occa.report.application.ClientDocument.for(Unknown Source)
at com.crystaldecisions.sdk.occa.report.application.ReportClientDocument.for(Unknown Source)
at com.crystaldecisions.sdk.occa.report.application.ClientDocument.open(Unknown Source)
at com.crd.report.crystal.CrystalFile.makeRcd(CrystalFile.java:65)
at com.crd.report.crystal.CrystalReportUtil.makeRcd(CrystalReportUtil.java:892)
Please help me how to set up multiple RAS servers.
Thanks
SumathiYou are running an internal DNS server presumably but don't have these hostnames (A-NAME or C-NAME records) set on external DNS servers.
If you run a whois on your domain you can find our who hosts the DNS for the domain if you don't already know. Often DNS hosting companies will have web based tools for you to edit the DNS entries yourself or alternatively you may need to email them and ask them to create the records.
It sounds like you would like to point the addresses ubuntu.domain.com and win.domain.com to the IP address 92.62.26.10 as well. To do this you will have to make sure the services running on each box use a different port to one another. (I.e. You cannot have something running on port 80 on both servers).
Depending on your router also you may only be able to do basic forwarding (I.e. Port 80 forwards to Mac.domain.com; port 443 forwards to ubuntu.domain.com; port 25 forwards to win.domain.com).
If you need more flexibility you may need to get more external IP addresses. -
How to configure single web server instance to multiple application servers..
Hi all,
we are running single instance of IWS6.0 SP2 on solaris, we want to comfigure this single instance to multiple application servers(JRun). Can any one advise me whether it is possible to do.
Thanks
RajHi Raj,
"how to configure single web server instance to multiple application servers.."
It's not possible for setting up multiple applicataion servers for Single iWS instance.
Thanks,
Dakshin. -
Multiple LDAP servers on single System
hi,
Would like to know if its a good idea to have multiple LDAP servers running on a single System (Hardware) ..
100,000 user base
We would like to run the old and new LDAP databases on the same server till we phase out the old LDAP database after migrating all applications..
System:
2 x V880 4CPU 8GB RAM --multi-master configuration
4 x V420R 4CPU 8GB RAM -- read only replicasShouldnt be an issue - thats not a particularly large user base and thats some heft y HW. Keep in mind though that they will be on different ports so any software you migrate may eventually need tweaking to the default port when the new takes over.
-
Multiple Database Servers Question
Hi,
Please forgive this ignorant question, but can someone tell
me how one would go about using multiple database servers?
Just as there comes a time where one would need more than
one web server and would need to use a load balancing
solution, what happens when one would need more than one
Database Server?
How does one go about implementing that solution?
Is there some way to have two database servers carrying the
same information with some kind of load balancing solution
in front of it(?) or does one place some tables on one
Database
server, and other tables on the other database server?
(I have no clue as to how things would work.)
Thanks in advance,
JoeMicrosoft SQL allows for clustering of SQL databases, so for
instance two servers connected to a fileshare and a virtual address
shared across the two physical boxes. Database connections are made
to the virtual addres which will then be handled by the active
node. Becuase a database is ultimately a file(s) on a disk it can
only be attached to one node at a time so you end up with an
active/inactive cluster. -
Can I setup multiple SMTP servers / emails with one IMAP servers on the iPh
All my email arrives at one place, on one IMAP server. However I have 2 email addresses, and need to use a different SMTP server for each one. How to setup this on the iPhone? This is what I considered so far:
1. I don't see how to enter multiple addresses for the same account, and map each address to a SMTP server.
2. If I create multiple accounts, I have to enter multiple IMAP server, and the iPhone doesn't let me enter the same IMAP server information for different accounts.
3. I could create a second account with a dummy IMAP/POP server, and a real SMTP server. But then most likely if I respond to mails that arrive on my IMAP server (1st account), Mail will always use my 1st email address when responding. Instead I'd like it to automatically pick as From the To address of the mail I am responding to (as the desktop Mail.app does).
AlexIf you have multiple SMTP servers available, you can select from one of the available SMTP servers for a particular account.
After you've entered the SMTP server for the first account when creating the 1st account and you've entered the SMTP server for a 2nd account when creating the 2nd account, you'll have both SMTP servers available to use with either or both accounts. -
Precautions to be taken From Oracle end While Flaring Solaris Servers
Hi
In the context of moving our Solaris servers to the new location We are flaring our servers.We have Oracle 10g being installed on the servers.
The db would be shutdown before taking the flar and after the restore of the image the DB would be brought up.
All the CRD files would be in the scope for the Flar.
Request you to highlight if there are any issues that could be foreseen during this activity.
Regards
PavanHi Everybody
Thanks for your valuable inputs.Last weekend we had the upgrade for the first group of servers.The mode of upgrade is "Live Upgrade".
One interesting point here is------
1)Kernel Parameters are automatically ported.No need to change the Kernel parameters explicity using "projmod" or "prctl" commands.
Coming to Relink yes we have followed "Doc-Id-131321.1".
Everything went fine this week and keeping my fingers crossed over the coming weekend.
Having said that, There is an ambiguity over the Backup & Strategy Process, whether i need to take the cold up or hot back up should be fine.
Appreciate your comments on the same.
Thanks & Regards
Pavan -
Creating multiple http servers on one machine
I created multiple http servers on one machine.
I did this in the following way:
Created a http service as nt service with the following command:
apache -i -n Testservice -f d:\oracle\isuites\apache\apache\conf\httpd2.conf.
When I start the service, I always get an error:
Didn't return an error. Cannot start service.
Can someone help me.
I need two httpd services as nt service. Because, I want to use oracle fail safe. So I need a service.
Alternative : I can create batch files. But I want to start these batch files as nt service. Is there a possibility on
Windows nt to do this, or an available tool.
Thanks in advance,
Iloon"Jason Rosenberg" <[email protected]> wrote:
>Hello,
>
>I am wondering about having multiple servers on one machine.
>I take it, each server will require a unique ip address, which can
>be done either by using multiple NIC's or using multi-homing.
If you want to have multiplie servers in the same machine and you want to cluster them then you need ip for each instance.
If you want multiple instances without clustering, then you can have them run on the same ip but each one should have a different port.
>
>I am asking because I am wondering whether it will always be valid
>for me in servlet code to identify my current server instance by
>ip address (InetAddress). Or is there a better way to do this?
If you are accessing the ejb/services on the same server using a servlet. You can get the context, simply using the default getInitialContext(). This should return the context to the local machine. This shoudnt require any ip information.
>
>Jason
>
>
-
Running a Select query against multiple sql servers using SSIS script task.
Hi Guys,
I need to fetch data from multiple sql servers using SSIS scirpt task inside a foreach container.
is there anyway i can build dynamic sql connections using ssis variables inside SSIS script task in each loop
Please guide me or refer any blogs so that i will try..
Thanks in advance.Your only options is using .net code, then it will be no different than using a console app in a loop.
using (SqlConnection connection = new SqlConnection(connectionString))
connection.Open();
Console.WriteLine("ServerVersion: {0}", connection.ServerVersion);
Console.WriteLine("State: {0}", connection.State);
and so forth for each connection string
the connection string would come from the ForEach loop
Arthur My Blog -
Question on installing Multiple Directory Servers
Hello All,
I seem to be having a problem installing multiple directory servers, and I was hoping that somebody could help me. Here is what I am trying to do:
I install DS 2005Q4 on HostA. I have it be the User/Group and Configuration Server. This install goes ok and I can use the administration server and console to manage the servers.
I then go to HostB and install DS 2005Q4 and tell it to use the configuration server on HOSTA. I use the the passwords for Admin and Directory Manager and tell it to store User/Group information. I also install the admistration server.
The problem is when I go to manage this second ldap server throught either administration server it tells me that I have insufficient rights. That is if I click on the configuration tab and try and look at anything.
The second adminsitration server can see and manage the DS on HOSTA fine, but not the DS on HostB. The same thing goes for the administration server on HostA. It can manage the DS on HostA but not the DS on HostB. It keeps saying insufficient rights.
The end goal is to setup these DS in multimaster replication and have the o=netscaperoot replicated to HostB.
I am sure I must be doing something stupid, but I have banged my head on the wall all week and I thought I would see if somebody had any suggestions.
The hardware is a pair of v210's with 4GB of memory and I am running Solaris 10 01/06 fully patched.
Thanks for any help,
Garyjust for completness, when you have installed the consumer, you have manually started the admin server up haven't you??? if not, do so!
also ensure that the host file holds the correct IP and host/host domain name.
ensure you can contact the config server from your consumer etc.
ensure you can connect to the consumer from the config server etc.
if using the GUI from a machine other than the config server, ie pc based. ensure connectivity and host look up is acheivable from the PC.
HTH -
Multiple LDAP Servers and Attribute-Based Data Partitioning
Hello
We currently want to implement following szenario on Netweaver 2004s. From the
following SAP Help documentation we want attribute based data partitioning:
http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
The difference to the SAP document is that we want a distribution of attributes over
multiple LDAP servers. So we tried to fit that concept into xml. see attached xml source.
The Portal finds both LDAP Systems but it is NOT that the useres are beeing merged
but they appear as two distict users in the portal UME. If you do a lookup in the portal
usernamagent system you get and see two users.
User1: unique ID = USER.Datasource1.uid
User2: unique ID = USER.Datasource2.uid
Obviously the UME system was not able to merge that information of the two distict
LDAP Systems. MSADS and Lotus Notes.
Hence my questions:
1) is it possible to distribute attributes over multiple ldap data sources
2) any ideas why UME constructs two different users based in Datasource ID's specified in XML
Thanks for any contributions or ideas,
Ulrich Scherb
<?xml version="1.0" encoding="UTF-8"?>
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection>
</privateSection>
</dataSource>
<dataSource id="NOTES_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user"/>
<attribute name="logonalias"/>
<attribute name="j_password"/>
<attribute name="userid"/>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal"/>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="email"/>
<attribute name="uniquename" populateInitially="true"/>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER"/>
</nameSpace>
</principal>
</responsibleFor>
<attributeMapping>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user">
<physicalAttribute name="uid"/>
</attribute>
<attribute name="logonalias">
<physicalAttribute name="uid"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal">
<physicalAttribute name="uid"/>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="uid"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="*null*"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</nameSpace>
</principal>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.server_name>ldap1</ume.ldap.access.server_name>
<ume.ldap.access.server_port>389</ume.ldap.access.server_port>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.user>xxxxx</ume.ldap.access.user>
<ume.ldap.access.password>xxxxx</ume.ldap.access.password>
<ume.ldap.access.base_path.user>O=SMT_TEST</ume.ldap.access.base_path.user>
<ume.ldap.record_access>TRUE</ume.ldap.record_access>
<ume.ldap.unique_uacc_attribute>uid</ume.ldap.unique_uacc_attribute>
<ume.ldap.unique_user_attribute>uid</ume.ldap.unique_user_attribute>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>person</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>person</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>uid</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>uid</ume.ldap.access.auxiliary_naming_attribute.uacc>
</privateSection>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user"/>
<attribute name="logonalias"/>
<attribute name="j_password"/>
<attribute name="userid"/>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal"/>
<attribute name="realm"/>
<attribute name="domain"/>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER"/>
</nameSpace>
</principal>
<principal type="group">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="displayname" populateInitially="true"/>
<attribute name="description" populateInitially="true"/>
<attribute name="uniquename"/>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attribute name="dn"/>
</nameSpace>
</principal>
</responsibleFor>
<attributeMapping>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="logonalias">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.authentication">
<attribute name="principal">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="realm">
<physicalAttribute name="*null*"/>
</attribute>
<attribute name="domain">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="facsimiletelephonenumber"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="*null*"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephonenumber"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetaddress">
<physicalAttribute name="postaladdress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="memberof"/>
</attribute>
</nameSpace>
<nameSpace name="$usermapping$">
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</nameSpace>
</principal>
<principal type="group">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="uniquename" populateInitially="true">
<physicalAttribute name="cn"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="member"/>
</attribute>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="memberof"/>
</attribute>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attribute name="dn">
<physicalAttribute name="*null*"/>
</attribute>
</nameSpace>
</principal>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.server_name>ldap2</ume.ldap.access.server_name>
<ume.ldap.access.server_port>389</ume.ldap.access.server_port>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.user>yyyyy</ume.ldap.access.user>
<ume.ldap.access.password>yyyyy</ume.ldap.access.password>
<ume.ldap.access.base_path.user>O=SMT_TEST</ume.ldap.access.base_path.user>
<ume.ldap.access.base_path.grup>O=SMT_TEST</ume.ldap.access.base_path.grup>
<ume.ldap.record_access>TRUE</ume.ldap.record_access>
<ume.ldap.unique_uacc_attribute>samaccountname</ume.ldap.unique_uacc_attribute>
<ume.ldap.unique_user_attribute>samaccountname</ume.ldap.unique_user_attribute>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
</privateSection>
</dataSource>
</dataSources>Hi Ulrich,
Hope your problem is resolved. We are using EP7 and SP18. We are doing some study on your first issue. i.e. Distributing a user attribute into multiple LDAPs. Can you please let me know the feasibility? If yes, what are all step do I have to follow? Expecting your valuable answer. Thanks in advance!
Regards,
Kabali
Maybe you are looking for
-
Can't download Adobe Flash Player - but it tells me it has
I'm running Windows Vista and using Internet Explorer. I am downloading Adobe Flash Player. I go through the whole process without any apparent problems, bugs, etc. At the end of the process it tells me that the download was successful. But after thi
-
I provide path in String form Example: /home/fsloke/chemistry/1.txt /home/fsloke/physic/2.txt /home/fsloke/physic/general/3.txt Expected output in the tree +Home + fsloke +chemistry - 1.txt +physic -2.txt +general -3,txt I headache now. How I should
-
SEND PR data from ECC to SRM using PI
Hi PI Guru's Please advise if there is any documentation to send the PR's from ECC to SRM using PI. If not PRs in general if need to exchange any documents from ECC6.0 to/from SRM using PI. Can we use ABAP proxys or IDOCs. Any help would be greatly a
-
Error says: There was an error opening this document. Acrobat cannot open this file because a tast is still active in Acrobat. It was happening on Acrobat Pro and now it's still happing on the newly purchased Acrobat X1Pro
-
Hi Friends, I need customer number(KUNNR). I have the following information G/L account No, Company Code, Fiscal Year. From BSIS table I got all the document numbers corresponding to G/L Account No..... Now I need to display Customer Numbers(KUNNR) c