Read 'userPassword' attribute via LDAP?

Similar Messages

• Read userPassword value using ldap code

  can i read the value of userPassword attribute value
  Author: srinivas.pappu Jun 21, 2005 8:43 AM
  Hi,
  am using sun one directory server 5.1. Is it possible to read the value of the userPassword attribute through the Ldap code.
  Thanks in advance
  Regds
  srini

  If i store the password in clear text, is it poossible to retrieve the password value ?
  Regds
  srini

• Using UME to read binary attribute from LDAP (objectSID)

  Hi,
  I am trying to read the ObjectSID of an LDAP user (from MS Active directory) from an IUser object. This attribute is binary retrieved from the LDAP and if I defined a normal extra attribute in the datasourceconfiguration file and retrieve it as a String the value is wrong.
  So my question is how can I define this as a binary attribute?
  From the file C:\usr\sap\EWD\JC00\j2ee\configtool\dataSourceConfiguration.dtd you get the specification of the xml format for the datasourceconfiguration.
  The Attribute element  has the following specification:
  <!ATTLIST attribute name CDATA #REQUIRED          populateInitially (true|false) #IMPLIED
  readonly (true|false) #IMPLIED
  type (string|blob) #IMPLIED
  cacheTime CDATA #IMPLIED>
  Since you have type here, I tried setting it to blob under the user object as such:
  For user:
  <attribute name="guid" type="blob" populateInitially="true"/>
  For attribute mapping:
  <attribute name="guid">
  <physicalAttribute name="objectSid"/>                    </attribute>     
  However, I still get the following error when calling
  iuser.getBinaryAttribute(UME_NAMESPACE,UME_GUID_NAME ):
  Caused by: com.sap.security.api.UMRuntimeException: String attribute "com.sap.security.core.usermanagement"-->"guid" must be read using IPrincipal.getAttribute(com.sap.security.core.usermanagement,guid)
       at com.sap.security.core.imp.AbstractPrincipal.getBinaryAttribute(AbstractPrincipal.java:300)
       at com.sap.security.core.imp.UserWrapper.getBinaryAttribute(UserWrapper.java:261)
       at com.bouvet.portal.login.UserIntegrityLoginModule.getStatoilUser(UserIntegrityLoginModule.java:430)
       at com.bouvet.portal.login.UserIntegrityLoginModule.login(UserIntegrityLoginModule.java:255)
       at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
       ... 41 more
  This error indicates that the attributes is a string and not a binary attribute.
  Anyone?

  Create OSS and initial message is that this is not supported eventhough some of the configuration files point that direction. It's really easy to implement so maybe if I am lucky I'll get a hotfix.
  Dagfinn
  btw the field was objectGUID not objectSID

• SASL, LDAP userPassword attribute always being updated

  Environment:
  Sun Identity Manager 8.0.0.4
  OpenLDAP 2.2.30
  Issue:
  At my institution, OpenLDAP delegates authentication to another source via SASL, and the userPassword attribute for user "uid=jsmith" is "{SASL}jsmith". In order to avoid the built-in password processing, I renamed the LHS of the attribute in the resource schema from "password" to "ldapPassword", changed the map type to "string" and set the Password Hash Algorithm on the resource to "NONE".
  This is basically working:
  1. The userPassword attribute is being set correctly when the resource is created, and LDIFs of the user objects confirm that.
  2. When I view a user and look at the resource attributes, the userPassword attribute looks good.
  But whenever the SIM user goes through a checkin/checkout process (say, via edit or active sync on a resource), the userPassword attribute in LDAP is updated, and the process results say it is being updated from "" to the value I would expect. Often, this is the only update required for this particular LDAP resource.
  Any ideas why at checkin time it thinks the old value is null (or empty, hard to tell which) and therefore making it think that it needs to do a resource update?
  Thanks in advance. -Les

  Did you end up with a solution for this? its exactly where i am at now?

• FAQ: BC-LDAP-USR (Directory Interface for User Management via LDAP )

  Version: 20060317
  Q: Where can i find more information to the BC-LDAP-USR interface ?
  A: Have a look on our ICC webpage in the SDN:
  SAP NetWeaver AS - Directory Interface for User Management via LDAP (BC-LDAP-USR)[1] [original link is broken]
  Q: What costs a arising when we want our product to be certified ?
  A: See also our SDN page under the headline "Price List".
  Q: Is there a link/page for the already certified products for this interface ?
  A: Sure, have a look on our ICC page under the headline "Certified Solutions"
  Q: Who can we ask in case of general question ?
  A: Have a look at our general ICC forum:
  SAP Integration and Certification Center (SAP ICC)
  Of course, if you have urgent requests you can send them also directly to our local ICC's:
  ICC Walldorf in Germany: [email protected]
  ICC Palo Alto in USA: [email protected]
  ICC Bangalore in India: [email protected]
  Q: Who can we ask in case of technical questions ?
  A: This depends on the state of your certification project.
  1.) If the certification contracts have been signed then you can ask in this forum and if this does not solve your question go back to your assigned integration consultant.
  2.) When the certification contracts have not been signed then you can ask questions in this forum.

  I distinguish it using the passwordExpirationTime(or something like that, i don't have code here with me).
  This is possible if after password is expired user has at least one more access.It is a user policy that can be set in the Ldap server.
  If it is possible, user can still login and perform operations.You chan search the passwordExpirationTime attribute and determine if password is expired, and the send a message to the user, telling him to change it.(If only one access is allowed and you change the password with the same application or service then do not close context, else you should not be able to connect again.) Instead, if you use an external script, then the last acces should not give you problems.
  Hope i made myself clear.

• Issue Setting Resource Attributes via Workflow Process

  I'm currently trying to set resource attributes via a workflow process, but for whatever reason the attribute is not detected as "changed" and the update object has nothing about the attribute. I'm wondering if I'm just doing something wrong with the way I'm setting it, or if I'm missing a piece to apply the upate.
  What I'm doing is...
  1. Checking out the user view
  2. updating the attribute via code something like this...
  <set name='user.accounts[ldap].attributeIWantToChange'>
  Logic in here
  </set>
  3. then I'm checking the view back in.
  Anyone know why this isn't working(I can set other attributes like waveset.roles fine this way)?
  Edited by: UNO-AD-HM on Jul 6, 2009 12:54 PM

  Figured it out, have to load a different form in when I check the view out, the tabbed user's form will not update resource attributes.

• Update the proxyaddresses attribute via rsldapsync_user

  Dear Gurus,
  i configured a ldap-scenario and tested it by reading different attributes from the directory and updating the user information.
  It worked well!
  Now i want to write the proxyaddresses-attribute into the directory. i configured an exporting mapping from the e-mail address of the sap-user to the mentioned dir.-attr.. In this mapping i call a function module. For simple testing i call an ldap-module to read the actual values of the directory-attribute and write them back to the directory:
    Read table attributes with Key var = 'USERNAME' fld = 'BAPIBNAME' assigning <hybral>.
    READ TABLE <hybral>-vals index 1 ASSIGNING <vals>.
    CONCATENATE '(&(objectclass=user)(samaccountname=' <vals>-val '))' into filter.
    CALL FUNCTION 'LDAP_READ'
       EXPORTING
  *   BASE                = ''
       base_string         = 'ou=test-ou,dc=test-domain1,dc=test-domain2'
       scope               = 2
       filter              = filter
  *   FILTER_STRING       =
  *   TIMEOUT             =
       attributes          = it_attr
       IMPORTING
         ldaprc              = ldaprc
         entries             = ldapetab
       EXCEPTIONS
         no_authoriz         = 1
         conn_outdate        = 2
         ldap_failure        = 3
         not_alive           = 4
         other_error         = 5
         OTHERS              = 6
    READ TABLE ldapetab INDEX 1 ASSIGNING <ldape>.
    READ TABLE <ldape>-attributes WITH KEY name = 'PROXYADDRESSES' INTO ls_attribute_ldap.
    ls_attribute_ldap-typ = 'C'.
    INSERT ls_attribute_ldap INTO TABLE attributes_ldap.
  at the end of the module i export the values into attributes_ldap. When i debug the folowing steps, the values are cummincated throughout the ldap-function-modules that are used by rsldapsync_user. The ldap_modify module exports a returncode 53.
  Now i want to know if it is possible to update the proxyaddresses-attribute in this manner. Are there any mistakes in my thinking or in the posted function-module. Does anyone of you have some experience updating multiple line entries in Active Directory via SAP-LDAP?
  Thanks in advance

  Now i wrote a function module which reads an attribute and tries to write it back to the active directory.
  *"*"Lokale Schnittstelle:
  *"  IMPORTING
  *"     REFERENCE(IP_UNAME) TYPE  XUBNAME
  *"  EXPORTING
  *"     VALUE(EP_MAIL) TYPE  STRINGVAL
    DATA: wa_attr TYPE ldapas,
          it_attr TYPE ldapastab,
          ldapetab TYPE ldapetab,
          ldaprc TYPE ldapdefs-ldrc,
          filter TYPE ldap_filt.
    FIELD-SYMBOLS:
          <ldape>   TYPE ldape.
    wa_attr-typ = 'C'.
    wa_attr-name = 'SAMACCOUNTNAME'.
    APPEND wa_attr TO it_attr.
    wa_attr-name = 'PROXYADDRESSES'.
    APPEND wa_attr TO it_attr.
    CONCATENATE '(&(objectclass=user)(samaccountname=' ip_uname '))' INTO filter.
    CALL FUNCTION 'LDAP_SYSTEMBIND'
     EXPORTING
       serverid            = 'WSWACTIVEDIR'
     writeread           = 'W'
  *   WAIT_TIME           = 0
     IMPORTING
       ldaprc              = ldaprc
  *   BASEDN              =
  *   BASEDN_STRING       =
  * CHANGING
  *   HOLDSESS            = 0
  * EXCEPTIONS
  *   NO_AUTHORIZ         = 1
  *   CONFIG_ERROR        = 2
  *   NOMORE_CONNS        = 3
  *   LDAP_FAILURE        = 4
  *   NOT_ALIVE           = 5
  *   OTHER_ERROR         = 6
  *   OTHERS              = 7
    IF sy-subrc <> 0.
  * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
    CALL FUNCTION 'LDAP_READ'
     EXPORTING
  *   BASE                = ''
     base_string         = 'ou=wsw-benutzer,dc=stadtwerke,dc=loc'
     scope               = 2
     filter              = filter
  *   FILTER_STRING       =
  *   TIMEOUT             =
     attributes          = it_attr
     IMPORTING
       ldaprc              = ldaprc
       entries             = ldapetab
     EXCEPTIONS
       no_authoriz         = 1
       conn_outdate        = 2
       ldap_failure        = 3
       not_alive           = 4
       other_error         = 5
       OTHERS              = 6
    IF sy-subrc <> 0.
  * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
    READ TABLE ldapetab INDEX 1 ASSIGNING <ldape>.
    CALL FUNCTION 'LDAP_UPDATE'
      EXPORTING
        entry              = <ldape>
     IMPORTING
       ldaprc             = ldaprc
  * EXCEPTIONS
  *   NO_AUTHORIZ        = 1
  *   CONN_OUTDATE       = 2
  *   PARAM_ERROR        = 3
  *   LDAP_FAILURE       = 4
  *   HEXVAL_ERROR       = 5
  *   NOT_ALIVE          = 6
  *   OTHER_ERROR        = 7
  *   OTHERS             = 8
    IF sy-subrc <> 0.
  * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
  After LDAP_READ the ldaprc = 0.
  After LDAP_READ ldaprc is 53.
  So i can exclude a wrong mapping in transaction ldap.
  Edited by: Jan Martin Müller on Jun 9, 2010 3:17 PM

• Multi level attribute form LDAP

  multi level attribute form LDAP
  I am trying to write an custom mapping to use to retrieve a value from a multialued field in LDAP (nsRole). Has anyone done this before?
  Rigth now all my mappings are 1:1. However the goal is to get a 1 : M and parse thru it till i get the desied value (1:1)

  Darwin Hammons - Assurant 
  2:44pm, May 17 
  Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location)  queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
  Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location)  queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
  Anthony Erickson
  2:52pm, May 18  
  Hi Darwin,
  We're about to embark on a piece of work with newScale which would be similar to this to support our Multilingual catalogue.  I'll provide any updates I'm able. 
  Thanks,
  Ant 
  Darwin Hammons - Assurant 
  3:25pm, May 18 
  Great, Thanks Anthony ! I hope our bringing up this topic will spark a bit of interest. The Custom Java Mapping  / Directory integration is documented more with RC 9.1. It will be good to hear more about your project and use of Java mappings with LDAP Directories. 

• Unable to Retrieve Attributes from LDAP Server

  I have a problem. I was wondering if anyone can assist me. I am new to LDAP servers and JNDI. I cannot retrieve any attributes from the users listed in my data entry. Any assistance would be greatly appreciated! Thanks.
  I created an entry in the LDAP server that looks like this:
  �o=somedn�
  |
  �ou=people, o=somedn�
  The �ou=people, o=somedn� entry contains fictitious users. The LDAP server is connected to a MySQL database. When I write Java code to read the attributes of a given user whose fullname (cn) is �Vinny Luigi�, as listed in the database, I receive an error that starts with the following:
  javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=Vinny Luigi,ou=people'
  The code I used is based on the Sun JNDI tutorial. Sun�s code is at http://java.sun.com/products/jndi/tutorial/basics/directory/src/GetattrsAll.java. My version of the code is below:
  * @(#)GetattrsAll.java     1.5 00/04/28
  * Copyright 1997, 1998, 1999 Sun Microsystems, Inc. All Rights
  * Reserved.
  * Sun grants you ("Licensee") a non-exclusive, royalty free,
  * license to use, modify and redistribute this software in source and
  * binary code form, provided that i) this copyright notice and license
  * appear on all copies of the software; and ii) Licensee does not
  * utilize the software in a manner which is disparaging to Sun.
  * This software is provided "AS IS," without a warranty of any
  * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
  * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
  * HEREBY EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE
  * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING,
  * MODIFYING OR DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN
  * NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
  * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL,
  * CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
  * CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT
  * OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS
  * BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  * This software is not designed or intended for use in on-line
  * control of aircraft, air traffic, aircraft navigation or aircraft
  * communications; or in the design, construction, operation or
  * maintenance of any nuclear facility. Licensee represents and warrants
  * that it will not use or redistribute the Software for such purposes.
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.Hashtable;
  * Demonstrates how to retrieve all attributes of a named object.
  * usage: java GetattrsAll
  class GetattrsAll
       static void printAttrs(Attributes attrs)
            if (attrs == null)
                 System.out.println("No attributes");
            else
                 /* Print each attribute */
                 try
                      for (NamingEnumeration ae = attrs.getAll(); ae.hasMore();)
                           Attribute attr = (Attribute) ae.next();
                           System.out.println("attribute: " + attr.getID());
                           /* print each value */
                           for (NamingEnumeration e = attr.getAll(); e.hasMore(); System.out.println("value: " + e.next()) )
                 } catch (NamingException e) {
                      e.printStackTrace();
       public static void main(String[] args) {
            // Set up the environment for creating the initial context
            Hashtable env = new Hashtable(100);
            env.put(Context.INITIAL_CONTEXT_FACTORY,
                      "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, "ldap://localhost:10389/o=somedn");
            try {
                 // Create the initial context
                 DirContext ctx = new InitialDirContext(env);
                 // Get all the attributes of named object
                 System.out.println("About to use ctx.getAttributes()");
                 Attributes answer = ctx.getAttributes("cn=Vinny Luigi,ou=people");
                 // Print the answer
                 printAttrs(answer);
                 // Close the context when we're done
                 ctx.close();
            } catch (Exception e) {
                 e.printStackTrace();
  The primary key of the database is id_pk. Below is a copy of the mapping.xml file which maps the LDAP server entry to the database:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE mapping PUBLIC "-//Penrose/DTD Mapping 1.2//EN" "http://penrose.safehaus.org/dtd/mapping.dtd">
  <mapping>
  <entry dn="o=somedn">
  <oc>organization</oc>
  <oc>top</oc>
  <at name="o" rdn="true">
  <constant>somedn</constant>
  </at>
  <aci>
  <permission>rs</permission>
  </aci>
  </entry>
  <entry dn="ou=people,o=somedn">
  <oc>inetOrgPerson</oc>
  <oc>organizationalPerson</oc>
  <oc>organizationalUnit</oc>
  <oc>person</oc>
  <oc>top</oc>
  <at name="cn">
  <constant>"fullname"</constant>
  </at>
  <at name="ou" rdn="true">
  <constant>people</constant>
  </at>
  <at name="sn">
  <constant>"lastname"</constant>
  </at>
  </entry>
  <entry dn="id_pk=...,ou=people,o=somedn">
  <oc>inetOrgPerson</oc>
  <oc>organizationalPerson</oc>
  <oc>person</oc>
  <oc>top</oc>
  <at name="Position_">
  <variable>usertable9.Position_</variable>
  </at>
  <at name="id_pk" rdn="true">
  <variable>usertable9.id_pk</variable>
  </at>
  <at name="fullname">
  <variable>usertable9.fullname</variable>
  </at>
  <at name="lastname">
  <variable>usertable9.lastname</variable>
  </at>
  <at name="cn">
  <variable>usertable9.fullname</variable>
  </at>
  <at name="sn">
  <variable>usertable9.lastname</variable>
  </at>
  <source name="usertable9">
  <source-name>usertable9</source-name>
  <field name="Position_">
  <variable>Position_</variable>
  </field>
  <field name="id_pk">
  <variable>id_pk</variable>
  </field>
  <field name="fullname">
  <variable>cn</variable>
  </field>
  <field name="lastname">
  <variable>sn</variable>
  </field>
  </source>
  </entry>
  </mapping>
  Thanks.

  The complete name (Distinguished Name) of the user you're searching is 'cn=Vinny Luigi,ou=people,o=somedn'.
  Regards,
  Ludovic.

• User attributes for LDAP

  Hi guys,
  Currently we have an error for LDAP attribute .
  distinguishedName = (String) user.getTransientAttribute("ldap.distinguished_name");
  user is of type IUser.
  and it return null
  where could i find the list of user attributes in LDAP? currently we have LDAP 8.8.1.

  Don,
  you might should have a look at a LDAP Browser (eg. http://www-unix.mcs.anl.gov/~gawor/ldap/ ) which helps a lot to find out how the structure of your LDAP server is and which attributes you can access.
  1) Start the tool
  2) click onto the "Quick Connect"
  3) enter you LDAP server
  4) press "Fetch DNs"
  5) Uncheck "Anonymous bind"
  6) Enter your user credentials
  7) Browse your LDAP structure
  It helped me a lot to get the correct settings for the DBMS_LDAP calls.
  Patrick
  My APEX Blog: http://www.inside-oracle-apex.com
  The ApexLib Framework: http://apexlib.sourceforge.net
  The APEX Builder Plugin: http://apexplugin.sourceforge.net/ New!

• Read application item from LDAP

  We are using OpenLDAP authorization. The configuration data resides in the APEX authorization definition.
  Now my question: should it be feasible to read further attributes from the user logging in, without the need to redundantly define host, base dn etc. on page level?
  I imagine a LDAP authorization that gives me back more than only the APP_USER.
  Comments welcome.
  Tom

  The user and password are still available in the post-authentication part of the authentication. You could fetch more values here into application items without having to prompt the user for credentials again. If you do need to connect at a later point then you're out of luck really, since the password is blanked out after the authentication.
  I implemented a solution before where i connected to the ldap directory in post-authentication to retrieve the user's groups: {message:id=10197833}
  I'm also not sure since i haven't tried yet, but you could probably use the apex_ldap package to reduce the amount of code

• Ldif import change the userPassword attribute

  Hi all,
  I post a message here because i am facing an obstacle.
  I made an migration from Sun directory server 6 on sun sparc server to an linux server with directory server 7.
  I have got an issue about the ldif import.
  When i export ldap data from my old server, i have got ldif-export.ldif file and when i import it i have no error :
  Started initialization of "xxx.xxx.xxx.xxx:389"; Apr 29, 2013 10:14:12 AM
  Sent 1314 entries...
  Sent 3794 entries...
  Sent 3795 entries.
  Completed initialization of "xxx.xxx.xxx.xxx:389"; Apr 29, 2013 10:14:16 AM
  But when i do an ldap search i can see that my new dsee server does not contain the same password than my old server for the users password attribute .
  and this in spite of the ldif-export file contain exacly the same password than the old server in production.
  I think when i do an import the new server change the pasword or something like this.
  for example on my old server my user teo
  userPassword:: teo
  cn: neo
  uid: neo
  objectClass: top
  objectClass: neoDevice1
  and on my new server i have got :
  userPassword:: bmVv
  cn: neo
  uid: neo
  objectClass: top
  objectClass: neoDevice1
  i took the precaution to change the server propertie with this command to be sure to respect the same config than the old server
  ./dsconf set-server-prop pwd-storage-scheme:CLEAR
  I can't find where the issue is or what propertie to change for fix it.
  Otherwise there is no other problem in my ldif import all seems to be correct except userPassword attibute.
  Thanks for your help

  Hello,
  sorry for this late reply...
  as far as I understand, you would like to use the export/import mechanism to turn in clear all the passwords, is that correct?
  Unfortunately I'm afraid that what you're asking is not possible...
  If the userPassword attribute is "encrypted" in the original Directory Server instance database, then regardless of what you set in the 'encryption-scheme', in the export.ldif file you will still have the attribute encrypted.
  The same thing happens when you try to import from an ldif file: regardless of what you have set in the 'encryption-scheme' in the Directory Server, if the attribute in the ldif file is 'encrypted', it will stay 'encrypted' also in the database.
  The only way to have the userPassword attribute in clear is change the encryption-scheme and update the userPassword field of every entry.
  HTH,
  Marco

• Updating attributes in LDAP during a disable

  I am having trouble with a disable workflow for an LDAP resource. I need to modify an attribute in LDAP when performing the disable.
  So, I have a modified disable user form that adds a "reason" from a textbox and also sets the date of the disble.
  The account is being disabled in LDAP, but the attributes "reason" and "date" are not being pushed.
  I am looking for the specific order in which I should call workflow to accomplish this task.
  Should I:
  checkout a userview
  modifiy attributes
  checkin userview
  checkout disable view
  checkin disable view
  reprovision???
  notification
  Thanks for your help in advance.
  C.

  The reason they aren't being pushed is because they are not attributes associated with the Disable View.
  You can extend the view to include these attributes and then the disable form can include reference these as fields as
  resourceAccounts.currentResourceAccounts[ResourceTypeName].attribute.
  The view can be extended globally for all all resources of a specified type (e.g. LDAP 1, LDAP2) or for a specific resource.
  The Deployment Guide has a chapter on Views and how to extend them. Refer there first, and if you have any followup questions post them here.

• Import X.509 certificate via LDAP

  Hello,
  I have an iPad running iOS 5 and I'd like to know if it's possible to import people's X.509 certificates via LDAP. I have my corporate LDAP set up in Settings>Mail, Contacts  and I can search for people fine. The LDAP also has X.509 certificates that I'd like to use for encryption when sending emails from the iPad.
  regards,
  Tex

  I think if you select security profile in the channel then you can do sign and verify the certificate in the reciever agreement. THat is only for Security parameters. For just configure certificate authentication,  you will not see anything in the receiver agreement.

• How can i extended attribute of user and add attribute to ldap

  how can i extended attribute of user and add attribute to ldap
  1.
  i use spe to modified "Default User Library":add Field like
  title:nation name:accounts[Lighthouse].nation
  2.
  modified "IDM Schema Configuration"
  add <IDMAttributeConfiguration name='nation' description='default attribute from UserExtendedAttributes/UserUIConfig' syntax='STRING'/>
  in <IDMAttributeConfigurations>
  and
  add <IDMObjectClassAttributeConfiguration name='nation' queryable='true' summary='true'/> in<IDMObjectClassConfiguration>
  there is extended attribute when i create new user
  3.
  i create new resource to ldap,and i add nation in "Account Attributes" tab
  but the new attribute not add to ldap
  i am beginner,how to extended attirbute add add to ldap attribute?

  So, if I want to fill in blanks on a form where I need to add more pages to fill history, what program do I need? In Adobe Reader, I can edit and fill in blanks, but I cannot duplicate more blank pages.