Pulling groups from MSAD in WebLogic

The security structure I am pulling from uses OU. I have the following:
GroupBaseDN: OU=SecurityGroups,DC=lab,DC=com
All Group Filters: ou
Group from name filter: ou
Static Group Name Attribute: ou
Dynamic Group Name Attribute: ou
I am not able to pull groups in from MSAD, so obviously something is incorrect.

Duplicate question
Pulling groups from MSAD in WebLogic
J.A.M... Please close this one to prevent people replying to it.

Similar Messages

How to pull groups from more than one OU using weblogic "All Groups Filter" from AD.

Hi,
Please help me for pulling groups from more than one OU using weblogic "All Groups Filter" from AD.
AD structure is:
c001639domain.local
       ||
       ||
    OU=Security_Groups
                  ||
                  ||
                  >> OU=CORP_ECM---> n number of group
                  >> OU=CORP_hodata--> n number of group
                  >> OU=CORP_citrix--> n number of group
                  >> OU=CORP_driver --> n number of group
                  >> OU=CORP_temp --> n number of group
Requirement is i want to filter groups from OU=CORP_ECM and OU=CORP_hodata.
Thanks,
Jagan.

I used below option but its not working getting zero groups.
(&(objectClass=group)(|(ou=CORP_ECM,dc=Domain,dc=com)(ou=CORP_hodata,dc=c001639domain,dc=local)))

Not able to display users from Opneldap in Weblogic 8.1 Portal Admin

Hi
          I had configured openldap for multiple authentication in weblogic 8.1. I am able to see users and groups from openldap in weblogic admin console but when i go to Portal Administration i am not able to see those users and groups. Also as per weblogic documentation it says that Authentication provider selection is shown automatically in Portal Admin. Also i am able to log to portal application from openldap users.
          I want set entitlements using Portal Admin for openldap users
          Can anyone suggest how to make it work.

Hi
          I had configured openldap for multiple authentication in weblogic 8.1. I am able to see users and groups from openldap in weblogic admin console but when i go to Portal Administration i am not able to see those users and groups. Also as per weblogic documentation it says that Authentication provider selection is shown automatically in Portal Admin. Also i am able to log to portal application from openldap users.
          I want set entitlements using Portal Admin for openldap users
          Can anyone suggest how to make it work.

Get All Groups from Weblogic

Hello everyone,
Well i'm having little problem to get all groups that exists in Weblogic. I already search but the only thing i can get is the groups from the user that is autenticated in the application.
Best regards,
Tiago Marques

See if this helps - http://weblogic-wonders.com/weblogic/2010/11/10/list-users-and-groups-in-weblogic-using-jmx/

How does Oracle AIA pull details from SOA Suite on installation?

Quite urgent help:
How does Oracle AIA pull details from SOA Suite during installation?
We're encountering an issue with installation of Oracle AIA at step 4. This when providing the SOA Server Details, and the managed server shows:
"Cannot Connect to Server" error.
However at the weblogic console, the Admin server and manage server: soa_server1 are running. Please provide us help on this.
For further details, here are the apps and versions we installed:
* Oracle Fusion Middleware 11g
* SOA suite
* Oracle AIA 11g
* Weblogic 10.3.4.0
Thanks!
-tristan
Edited by: user8089513 on May 16, 2011 4:58 AM

Hello,
Thanks for the reply!
On my end, i haven't started it yet today, it just leads me to this message when running node manager:
+<May 17, 2011 3:40:51 PM GMT+08:00> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>+
+<May 17, 2011 3:40:52 PM> <INFO> <Secure socket listener started on port 5556, host /10.234.182.26>+
May 17, 2011 3:40:52 PM weblogic.nodemanager.server.SSLListener run
INFO: Secure socket listener started on port 5556, host /10.234.182.26
Should you need to check the nodemanager.properties, here are the details:
#Fri May 13 10:56:04 GMT+08:00 2011
DomainsFile=C\:\\Oracle\\MIDDLE~1\\WLSERV~1.3\\common\\NODEMA~1\\nodemanager.domains
LogLimit=0
PropertiesVersion=10.3
DomainsDirRemoteSharingEnabled=false
#javaHome=C\:\\Oracle\\MIDDLE~1\\JROCKI~1.1-3
#JavaHome=C\:\\Oracle\\MIDDLE~1\\JROCKI~1.1-3\\jre
JavaHome=C\:\\Oracle\\MIDDLE~1\\JDK160~21\\jre
javaHome=C\:\\Oracle\\MIDDLE~1\\JDK160~21
AuthenticationEnabled=true
NodeManagerHome=C\:\\Oracle\\MIDDLE~1\\WLSERV~1.3\\common\\NODEMA~1
LogLevel=INFO
DomainsFileEnabled=true
StartScriptName=startWebLogic.cmd
ListenAddress=10.234.182.26
NativeVersionEnabled=true
ListenPort=5556
LogToStderr=true
SecureListener=true
LogCount=1
DomainRegistrationEnabled=false
StopScriptEnabled=true
QuitEnabled=false
LogAppend=true
StateCheckInterval=500
CrashRecoveryEnabled=false
StartScriptEnabled=true
LogFile=C\:\\Oracle\\MIDDLE~1\\WLSERV~1.3\\common\\NODEMA~1\\nodemanager.log
LogFormatter=weblogic.nodemanager.server.LogFormatter
ListenBacklog=50
When I check the weblogic console, i manually run the managed server using startManagedWebLogic.cmd.
Please advise. Do really need help on this.
Thanks!
-tristan

Read user groups from realm. Admin rights to each user ??

Greetings to ALL,
I am reading users, groups from realm. If I give the user admin priviliges I am
able to get the information else I get the error weblogic.management.NoAccessRuntimeException:
Access not allowed for subject: principals=[ruser1, B10AP01, B10MP01, B10MP03A,
B10MP03], on ResourceType: Security:Name=myrealmDefaultAuthenticator Action: execute,
Target: listGroups
Is there more effective way to read the information.
I can execute the program standalone ( from DOS PROMPT) and read all information
if I do the following
adminHome = (MBeanHome) Helper.getAdminMBeanHome (username,password,url);
But when calling from the application I get the above error.
Any code, suggestion will be very helpful.
Fred

"Fred Boon" <[email protected]> wrote in message
news:3fa7cb98$[email protected]..
>
Greetings to ALL,
I am reading users, groups from realm. If I give the user admin priviligesI am
able to get the information else I get the errorweblogic.management.NoAccessRuntimeException:
Access not allowed for subject: principals=[ruser1, B10AP01, B10MP01,
B10MP03A,> B10MP03, on ResourceType: Security:Name=myrealmDefaultAuthenticatorAction: execute,
Target: listGroups
Is there more effective way to read the information.
Commo mbeans require admin role in order to be able to invoke methods.
I can execute the program standalone ( from DOS PROMPT) and read allinformation
if I do the following
adminHome = (MBeanHome) Helper.getAdminMBeanHome (username,password,url);
But when calling from the application I get the above error.
Try doing a runAs with a subject that has admin role.

Migrate the users, groups from essbase 7.1.6 to shared services

Hi
Our current production is essbase version 7.1.6 and we are planning to migrate to EPM 11.1.2 . We would like to move the security administration from Essbase to Shared Services (want to use Native Directory).
can somebody please suggest
1) An utility that Oracle provides with EPM 11.1.2 that helps to migrate the users and groups from 7.1.6 to shared services?
2) After bringing the users groups from 7.1.6 to 11.1.2, do we need to externalize these users and groups or no need?
Appreciate the help. Thanks,

if you have LDAP/MSAD try to configure it first .That will get your users
Now using maxl
spool on to GROUP.txt
display gruoup all;
spool on to USER.txt
display user in group all;
for test purpose create a test group and a test user from the shared services.
Now using GROUP.txt
make up maxl statements to create groups(use any advanced text editor or MS excel to get your work done fast)
create group 'groupname';
now login into that shared services
go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select export for edit.THat will save you Groups.csv file.
Now
1.Open that Groups.csv file
2.Using USER,txt ,paste the users in that file under their respective group.(Look for test group created that should give you an idea!!!)
3.Paste user correctly and save it to the same file Groups.csv
4.go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select IMPORT for edit.
5.that will get your users into the groups.
________filters_______
Using maxl again
spool on to FILTER.txt
display filter row all;
spool on to GRPRIVILEGE.txt
display privilege group all;
Now using FILTER.txt
create maxl statements
(use any advanced text editor or MS excel to get your work done fast)
Ex: create filter app.database.filtername read/write/none/metaread on 'AREA ' ;
Using GRPRIVILEGE.txt
create maxl statements
grant filter app.databse.filtername to 'groupname';
that should get your filters created and assigned.
else you can use Advanced Security Manger
http://www.appliedolap.com/free-tools/advanced-security-manager
hope that should give you an idea!!!!!!!

Data Level Security from rpd to Weblogic Server

Hi,
Req: To implement data level security through weblogic or external authenticator OID
Current implementation: Created a grop in rpd UserG and configured permission settings with respect to subject area and assigned this group to users.
such that, When User1 log in he will see his data and when User2 log in repective data
New implementaion: We have to achive this data level security through weblogic or external authenticator OID
How to acheive this?
Thanks in advance!
Satheeshkumar

You can choose where to get the groups from either database or any provider and map them to Application roles in EM, but you would have to set up your data restrictions thru Application roles in RPD on your Facts and Dims based on your requirement.
Now if your looking for bringing External groups using BISQLGroupProvider then refer to:
How-to: OID Authentication with Groups Stored in an External Database Table - OBIEE 11g ~ Ask John OBIEE - Oracle Busine…
For database groups with users mapped in it those tables then you can refer to:
Jonathan's Tech Journey: OBIEE 11g Security part 1
Hope this helps.
SVS

Using case pull infor from one of two columns

how can I use the case statement to pull data from rows that are grouped together from a table? or is there a way to use if..then?
my incorrect , unfinished query.....
select t1.col1 from tab1 t1,tab2 t2
where
t1.col1= t2.col1 and
t1.col1= < if I find an 'x' in t2.col2 then return all t1 rows from that group that have x's in corresponding t2.col2
else return all rows that have an x's in corresponding t2.col3>
group by t1.col1

One table has data like this:
STG_CLAIMANT_XREF
SRC_EVENT_NUMBER     SRC_CLAIM_NUMBER     SRC_CLMT_NO     STG_CLAIM_TYPE
0040283362              00402833620001                 0001          112
0040283362              00402833620002                 0002          111
0040283362              00402833620003                 0003          112
0040283362              00402833620050                 0050          115The above represents one group of data from a group by SRC_EVENT_NUMBER,
a subset of groups from the whole table.
The other has data like this:
CLAIMTYPE_X_BI_PD
CODE_ID     PD_TYPE     BI_TYPE
110       -1
111            -1
112       -1
119            -1I want to run through the 1st table and match the STG_CLAIM_TYPEs to the CODE_IDs
in the second table.
I'm going to join STG_CLAIM_TYPE = CODE_ID.
If ANY rows in the first table have STG_CLAIM_TYPEs with values in the PD_TYPE col in the second table than for that group I can ONLY return the rows that have STG_CLAIM_TYPEs = 111 for example.
However, if No rows of type 111 exist but rows STG_CLAIM_TYPEs = 111 exist (STG_CLAIM_TYPEs with values in the BI_TYPE col) Than I can only return rows that have STG_CLAIM_TYPEs = 112
my first try was a query that worked but returned both type out of each group. It was
select xr.SRC_EVENT_NUMBER, xr.SRC_CLAIM_NUMBER, xr.STG_CLAIM_TYPE
from STG_CLAIMANT_XREF xr, CLAIMTYPE_X_BI_PD BP
where
xr.STG_CLAIM_TYPE = bp.CODE_ID
and
(bp.PD_TYPE = -1 or bp.BI_TYPE = -1)
group by xr.SRC_EVENT_NUMBER, xr.SRC_CLAIM_NUMBER, xr.STG_CLAIM_TYPE;
will return rows 1,2,& 3. I need only 1 & 3 or just 2.
I figured using a case statement would help me solve this issue but I am usure of how to
implement it.
What would you suggest?
Message was edited by:
user623359

Admin Console not displaying new Users and Groups from LDAP

We created a new Realm in WebLogic, which specifies the location of the Netscape
LDAP server. Our Weblogic application, called TGSLC, is able to find the ldap
server to use for authentication. My problem is this- the Admin Console is not
displaying the new users and groups from the LDAP server. Shouldn't the WebLogic
Admin Console display any users and groups specified in the ldap server, which
is referenced in the customized Realm?

Hi Andy,
I am not sure why you are unable to see the users and groups through the
console., you should be able to. Can you post the config.xml?
thanks,
-satya
Andy Levy <[email protected]> wrote in message
news:3b700c36$[email protected]..
>
We're running WLS 6.0 Sp2 on Windows 2000 Professional.
"Satya Ghattu" <[email protected]> wrote:
Andy,
Could you please tell us what Version of Weblogic you are running?
thanks,
-satya
Andy Levy <[email protected]> wrote in message
news:[email protected]..
We created a new Realm in WebLogic, which specifies the location ofthe
Netscape
LDAP server. Our Weblogic application, called TGSLC, is able to findthe
ldap
server to use for authentication. My problem is this- the Admin
Console
is not
displaying the new users and groups from the LDAP server. Shouldn'tthe
WebLogic
Admin Console display any users and groups specified in the ldap
server,
which
is referenced in the customized Realm?

Eliminating a Group from Contacts

How do I eliminate a group from my contacts?

Sorry, Patrick. I wrote that without checking, trusting my memory.
Select the Group you want to delete in the left hand window, pull down on Edit, and select Delete Group.
That will not delete the entries in that group. If you want to delete all members of a group and the group itself, first select all of the entries in the group and delete them. (Edit, Delete Card.)
-fred

How do I delete a contact group from my iphone

How do I delete a contact group from my iphone?

Download Easy Group. It is totally free. Lauch it. Click on Edit. Click on red-cross next to your unwanted group. That's all. http://itunes.apple.com/fr/app/easy-group/id461469079?mt=8
Rémi
Note: As I am Easy Group developper, I may receive some form of compensation, financial or otherwise,from my recommendation or link.

Get all groups from an AD Server

Hi everyone,
I'm trying to get all groups from and AD server.
Here's how I'm doing it:
DirContext ctx = new InitialDirContext( (Hashtable<String,String>) env);
          Name n2 = new CompositeName().add(groupsContainer);
          NamingEnumeration<Binding> contentsEnum = ctx.listBindings(n2);
          int i = 1;
          while ( contentsEnum.hasMore() && (i++) < 1000 )
               Binding binding = contentsEnum.next();
               groups.add(binding.getName().substring(3));
          return groups; The problem is, I always get an error if I don't restrict the results number to below 1000.
The error is the following *javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded];*
After googling, I found it it's due to a field in the AD Server, that restrict the result number.
So there is no way that I can obtain all groups without changing that field?
Regards,
Nuno.

Hi Nuno,
You have to increase the MaxPageSize value at ActiveDirectory level to retrieve results more than 1000. By default the MaxPageSize value is 1000. There is no option other than increasing the MaxPageSize value.
Thanks & Regards,
Murali.
============

Problem with errorPage in page directive tag while proxying request from iPlanet to WebLogic

          Hi,
          We are using iPlanet 4.0 as the webserver and WebLogic 5.1 as the application server on different solaris machines. We have put our JSPs in the weblogic application server and proxy the requests from iplanet to weblogic.
          We are facing a problem with the errorPage in the 'Page Directive' tag of the JSP. We have given xxx.jsp as an 'errorpage' parameter in the page directive tag. If we directly access the JSP from the WebLogic, and there is an system error, the error page specified in the JSP is getting displayed. But if we access the JSP from iPlanet and there is an system error, instead of displaying the error page, iPlanet is asking whether we want to download the file. If we say yes it downloads the actual JSP code itself. We have defined the mime types in obj.conf file as well as mime.types for the iPlanet.
          If anyone knows how this can be solved, it would be of great help
          Regards,
          Krish


How did you configure the obj.conf file? proxy by mime type or ppath? It
          seems errorPage.jsp was not proxyed and treated as a unknown mime type.
          Krishnaraja <[email protected]> wrote in message
          news:3a372d79$[email protected]..
          >
          > Hi,
          >
          > We are using iPlanet 4.0 as the webserver and WebLogic 5.1 as the
          application server on different solaris machines. We have put our JSPs in
          the weblogic application server and proxy the requests from iplanet to
          weblogic.
          >
          > We are facing a problem with the errorPage in the 'Page Directive' tag of
          the JSP. We have given xxx.jsp as an 'errorpage' parameter in the page
          directive tag. If we directly access the JSP from the WebLogic, and there is
          an system error, the error page specified in the JSP is getting displayed.
          But if we access the JSP from iPlanet and there is an system error, instead
          of displaying the error page, iPlanet is asking whether we want to download
          the file. If we say yes it downloads the actual JSP code itself. We have
          defined the mime types in obj.conf file as well as mime.types for the
          iPlanet.
          >
          > If anyone knows how this can be solved, it would be of great help
          >
          > Regards,
          > Krish

Problem with servlet after migrating from OC4J to WebLogic 10.3

I come across a problem when I was migrating from jDev 11g TP4 to production version in that step also server got changed from OC4J to webLogic.
I am running java http servlet along other jspx pages. When everything was on OC4J there was no problem whit security on this servlet ( servlet was under same authorization automatically, and I was able to create new application module on this servlet by createRootApplicationModule
) but when I changed to WebLogic 10.3 I come across a numerous problems. First one is solved i managed to put the servlet under same authorization as jspx pages by
*<servlet>*
*<servlet-name>report</servlet-name>*
*<servlet-class>path.to.class</servlet-class>*
*<security-role-ref>*
*<role-name>name</role-name>*
*<role-link>valid-users</role-link>*
*</security-role-ref>*
*</servlet>*
but when I trying to create new application module I get JBO-30003 error which is Caused by:
oracle.adf.share.security.ADFSecurityAuthenticationException: JAAS login error.
Invalid null input: name
Has anybody any idea what I am doing wrong?
Thank you for your help, Rok Kogov&scaron;ek

for example:
web.xml
<security-role>
<role-name>yourrole</role-name>
</security-role>
weblogic.xml
<security-role-assignment>
<role-name>yourrole</role-name>
<principal-name>wlsuser</principal-name > 
</security-role-assignment>

Pulling groups from MSAD in WebLogic

Similar Messages

Maybe you are looking for