R/3 users Authntication to LDAP?

Similar Messages

• Urgent : How to create Manager and Reportee of a User in Embedded LDAP in W

  Hi All,
  I have created user in Weblogic Server Embdeed LDAP (Console-->SecurityRealm)
  however how can I assign another user as Manager of this user and some other user as reportee of this user.
  Basically how to create Manager and Reportee of a User in Embedded LDAP in Weblogic 10.3.5
  ie I have a user A and user B created in Security Realm.
  Now I want user A to be as Manager of User B so that when I use getManager() function in Human Task,I get A as Manager of B.
  Thanks
  Edited by: Vivek on 28 Sep, 2011 3:54 AM

  To get an idea check these links.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/aaa1a890-0201-0010-eb93-ae3d2bb74a78
  BSP/HowTo - Customizing the design of System Logon page in NetWeaver '04
  -Aman

• How to create Users/Roles for ldap in weblogic without using admin console

  Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
  or is there any ant script for creating USers/Roles?
  Regards,
  Raghu.
  Edited by: user9942600 on Jul 2, 2009 1:00 AM
  Edited by: user9942600 on Jul 2, 2009 1:58 AM

  Hi..
  You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
  .e.g. wlst create user
  ..after connecting to admin server
  serverConfig()
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
  cmo.createUser("userName","Password","UserDesc")
  ..for adding/configuring a role
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
  cmo.createRole('','roleName', 'userName')
  ...see the mbean docs for all the different attributes, operations etc..
  ..Mark.

• Provision a user into an LDAP Group/Organisation

  Is it possible to provision a user into a Role that is mapped to an LDAP Group/Organisation through Identity Manager? I've seen that you can add users directly into LDAP groups, but we would like to add users into groups where they already have an account in the Resource/Directory.
  For example I want to allow an existing user;
  uid=User1,ou=Users,o=mycompany
  to access a resource protected by LDAP Group;
  cn=AppGroup1,ou=Groups,o=mycompany
  this group would be mapped to an Application or Business Role within Identity Manager.
  Is this possible?

  If I understand your problem correctly then there is no need for customizing the resource adapter java source code at all. You can "calculate" in which OU or O a user is created by customizing the resource's identity template. Just add a variable to the identity template DN and "calculate" that variable in either your form or map it to IGNORE_ATTR on the resource and then you could even set that value in a role.
  Same for adding a user into a directory group. Map the respective groups attribute and create a role for that resource, then configure the role to set the group attribute or merge the values - as simple as that. Or did I misunderstand what you are trying to do?

• How to add user to external LDAP programmatically?

  Hello.
  I have portal application in JDeveloper. Here is code that adds user to WLS embedded LDAP:
  JpsContextFactory jps = JpsContextFactory.getContextFactory();
  JpsContext jpsContext = jps.getContext();
  IdentityStoreService storeService = jpsContext.getServiceInstance(IdentityStoreService.class);
  IdentityStore is = storeService.getIdmStore();
  UserManager mn = is.getUserManager();
  RoleManager rm = is.getRoleManager();
  Principal p = mn.createUser(username,password.toCharArray()).getPrincipal();
  Role r = is.searchRole(is.SEARCH_BY_NAME, "Administrators");
  rm.grantRole(r, p);
  But I also have external LDAP on my WLS. How can I add users to external LDAP programmaticaly?

  System Preferences > Users & Groups > Unlock the lock on the bottom left > click the plus sign on the bottom left

• User attributes for LDAP

  Hi guys,
  Currently we have an error for LDAP attribute .
  distinguishedName = (String) user.getTransientAttribute("ldap.distinguished_name");
  user is of type IUser.
  and it return null
  where could i find the list of user attributes in LDAP? currently we have LDAP 8.8.1.

  Don,
  you might should have a look at a LDAP Browser (eg. http://www-unix.mcs.anl.gov/~gawor/ldap/ ) which helps a lot to find out how the structure of your LDAP server is and which attributes you can access.
  1) Start the tool
  2) click onto the "Quick Connect"
  3) enter you LDAP server
  4) press "Fetch DNs"
  5) Uncheck "Anonymous bind"
  6) Enter your user credentials
  7) Browse your LDAP structure
  It helped me a lot to get the correct settings for the DBMS_LDAP calls.
  Patrick
  My APEX Blog: http://www.inside-oracle-apex.com
  The ApexLib Framework: http://apexlib.sourceforge.net
  The APEX Builder Plugin: http://apexplugin.sourceforge.net/ New!

• FAQ: BC-LDAP-USR (Directory Interface for User Management via LDAP )

  Version: 20060317
  Q: Where can i find more information to the BC-LDAP-USR interface ?
  A: Have a look on our ICC webpage in the SDN:
  SAP NetWeaver AS - Directory Interface for User Management via LDAP (BC-LDAP-USR)[1] [original link is broken]
  Q: What costs a arising when we want our product to be certified ?
  A: See also our SDN page under the headline "Price List".
  Q: Is there a link/page for the already certified products for this interface ?
  A: Sure, have a look on our ICC page under the headline "Certified Solutions"
  Q: Who can we ask in case of general question ?
  A: Have a look at our general ICC forum:
  SAP Integration and Certification Center (SAP ICC)
  Of course, if you have urgent requests you can send them also directly to our local ICC's:
  ICC Walldorf in Germany: [email protected]
  ICC Palo Alto in USA: [email protected]
  ICC Bangalore in India: [email protected]
  Q: Who can we ask in case of technical questions ?
  A: This depends on the state of your certification project.
  1.) If the certification contracts have been signed then you can ask in this forum and if this does not solve your question go back to your assigned integration consultant.
  2.) When the certification contracts have not been signed then you can ask questions in this forum.

  I distinguish it using the passwordExpirationTime(or something like that, i don't have code here with me).
  This is possible if after password is expired user has at least one more access.It is a user policy that can be set in the Ldap server.
  If it is possible, user can still login and perform operations.You chan search the passwordExpirationTime attribute and determine if password is expired, and the send a message to the user, telling him to change it.(If only one access is allowed and you change the password with the same application or service then do not close context, else you should not be able to connect again.) Instead, if you use an external script, then the last acces should not give you problems.
  Hope i made myself clear.

• Trying to setup im to store user props in ldap

  I am running the im/sbin/configure script. I'm trying to setup im to store user props in ldap. Can someone tell me what bind dn, I need to specify. It will be whatever the default is. I'm not sure how to find this.

  The default bind dn is normally "cn=Directory Manager".

• Push user accounts to LDAP

  Hello Experts,
  We have setup E-Sourcing 5.1 connected to a MS AD server as LDAP. This LDAP was created exclusively for E-Sourcing application.
  We want to try a scenario where the user administration is handled only by E-Sourcing system, and credentials and passwords are stored in the LDAP. Note that this means that there won't be any user Administration in LDAP, it would be done through e-Sourcing. Is this possible?
  We tried creating "New Accounts" in the LDAP by creating a new user in E-Sourcing, but so far it's been unsuccessful. We get a "driver error" in the ESO UI. It seems the system requires the account to be previously created in LDAP so it can be created in E-Sourcing.
  Has anybody tried doing this?
  Your help is appreciated.
  Regards,
  Gilberto Gallardo

  Hi Gilberto,
  If I understand correctly, when you create a new user account in Sourcing, you want Sourcing to create that account in LDAP as well. This should be possible. I would check if the right Driver is selected in the Directory Configuration. Also, make sure the LDAP related fields on the Directory Configuration such as Host, Port, Directory User Name, Password, BASE DN, etc. has the right values.
  Also, can you provide more details on the error message? I would check the Sourcing logs, it should contain more information on the error.
  Once the account is successfully created in LDAP, the attributes on the directory configuration can be set to push or pull depending on what is desired.
  Regards,
  Vikram

• JAZN user entries in LDAP

  Can JAZN-LDAP deal with user entries in LDAP that are not all under a single context? For example, suppose I have LDAP entries like
  cn=foo,cn=Users,o=abc.com
  cn=bar,cn=Users,o=abc.com
  cn=baz,ou=unit,cn=Users,o=abc.com
  and, for dn: cn=myrealm, cn=Realms, cn=JAZNContext, cn=Products, cn=OracleContext, the attribute
  orcljaznsubscriberdn: cn=Users,o=abc.com
  Will JAZN-LDAP be able to find the user "baz" as easily as it can find "foo" and "bar"?

  According to Oracle's documentation we can have only one realm specified for an application, surprisingly the JAZN manager will only look for the DN's of "Users" and "Roles" to formulate a Realm. The out of the box JANZ don't have the capability to search for Users in more than one subtree. Any suggestions from Oracle on improving the JAZN to make it to look for all the user objects starting from a top level tree, just have one more question, can we specify roles for all users in one DN?
  Thank you
  H.M.Mallik
  Can JAZN-LDAP deal with user entries in LDAP that are not all under a single context? For example, suppose I have LDAP entries like
  cn=foo,cn=Users,o=abc.com
  cn=bar,cn=Users,o=abc.com
  cn=baz,ou=unit,cn=Users,o=abc.com
  and, for dn: cn=myrealm, cn=Realms, cn=JAZNContext, cn=Products, cn=OracleContext, the attribute
  orcljaznsubscriberdn: cn=Users,o=abc.com
  Will JAZN-LDAP be able to find the user "baz" as easily as it can find "foo" and "bar"?

• Authenticate Users Using an LDAP Server

  Hi,
  I did implement 'Authenticate Users Using an LDAP Server' according the link blow below.
  [http://www.oracle.com/technology/products/database/application_express/howtos/how_to_ldap_authenticate.html]
  It works OK to specific DN String, example 'cn=%LDAP_USER%,OU=Menahel,OU=Cmp,DC=ho,DC=discount'.
  We have a lot of domain rules, mean the users not located at the same DN.
  Is it possibale to use general DN string (base root) like 'cn=%LDAP_USER%,*,*,DC=ho,DC=discount?
  Thanks in advance,
  Shay

  Augusto, one thing to check (since it caught me out) is that your LDAP entries conform to the right format, namely
  "cn=Bob" etc
  When I was integrating HTMLDB LDAP against a Sun One Directory Server, it had me scratching my head for ages, until I realised that the LDAP entries had been created in the format of -
  "uid=bob" rather than "cn=bob"
  This might not be your problem, but it's worth checking anyway ;)

• CUCM 8.6.2 LDAP User Delete Pending LDAP Sync Status Inactive

  BE6K ver 8.6.2
  Client has a user who recently got married.  They changed her account information in Active Directtory to reflect her new last name. At that point CUCM shows her as
  Delete Pending
  LDAP Sync Status Inactive
  CUC shows
  LDAP User has been deleted.
  The user still exists in both CUC and CUCM and is actively takign and receiving calls.  User has VM access.
  Shorrt of deleting the user in AD and recreating her, is there a way to force this to re-sync?
  Thanks
  Matt

  Then that's expected to happen, for all purposes to CUCM/CUC eyes, msmith no longer exists and will be deleted, and a new user mjones now will be imported.
  Depending on when the change was done and when CUCM detected this, it might take up to 48 hours maximum to delete the user
  You'll need to associate everything to the new user, and also add that new user into CUC.
  Or switch back her userID to the old one, and just change the surname for directory purposes.
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• How to get user attributes from LDAP authenticator

  I am using an LDAP authenticator and identity asserter to get user / group information.
  I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
  Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
  Any help would be appreciated

  Hi Julián,
  in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
  A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
  Beginner
  Medium
  Advanced
  Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
  Hope it helps
  Detlev

• How i get user info from ldap using java after authenticating user with SSO

  Hi
  I have one jsp/bean application as a partner application with SSO.
  It works fine.
  Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
  using SSO java APIs i only get username, userDN, subscriber info.
  To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
  so here i my question, how do i get user password after he has logged in thro SSO.
  regards..
  and thanking u in advance
  samir

  Valentina,
  there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• How to get user information from ldap - bpm11g

  hi all,
  i need know how to do get information from ldap, but using adf bean for show user data in adf form.
  anyone knows about this ?
  tks.

  Neal wrote:
  >
  Hi,
  I am using WLS default authentication to protect my JSP pages. Can someone tell
  me if it is possible to add more fields to the default login box (in addition
  to login and password boxes, I want to ask user the department name). In additional,
  can WLS propogate this information (department name) along with other security
  credentails to other J2EE components such as EJBs? In my EJBs I want to be able
  to get the department name that user provided during login and then use that for
  conditional business logic.
  Any insights on this subject will be greatly appreciated.
  TIA,
  -NealYou can't do this with the default simple authentication. That can only handle a
  username / password combination.
  You should be able to do this with JAAS. You could write a LoginModule that
  populates the department as a Principal or public Credential on the Subject in
  addition to the normal authentication. You would have to do a callback handler
  that passed through the department info to it.
  This link has more on WLS's stab at JAAS:
  http://e-docs.bea.com/wls/docs61/security/prog.html#1039659
  Once you have associated the Subject with the access control context by invoking
  a doAs() you should be able to get it back at any point with
  Subject.getSubject(AccessController.getContext()) to get access to the
  department info.
  It will all be a bit of a chore, mind.