Regarding LDAP

hi guys,
need clarification on LDAP. I know LDAP is Light weight Directory access protocol.
but no idea how its used for EP and Java.
Please correct my understanding if its wrong.
LDAP is protocol and this protocol accesses LDAP directories(need Software to be installed like Active directory, openLDAP etc).
Now In EP, what do you mean by changing UME to LDAP as datasource. I know UME is Repository for Java Users. But Changing datasource to LDAP means adding LDAP directory(like ADS) and add Java Users to it?
I am confused with LDAP, LDAP Directory, LDAP Datasource and LDAP(users,Groups) . How it can be really accessed and confirm it?
regards
Jaichan

Java supports the access to an active directory over LDAP to store its users. Basically all you have to do is specify the ldap server and its port and you need a user with at least read permissions on the ldap server.
I further suggest you check out the official SAP documentation: [UME - LDAP Directory as Data Source|http://help.sap.com/erp2005_ehp_04/helpdata/DE/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm]
Best regards, Michael

Similar Messages

Question regarding LDAP and SSO Authentication

Hello,
We have Oracle Portal as our intranet and by default all users are authenicated against OID when the access intranet page.
My question how I make use of the OID authentication in apex application? I do not want users to re-enter their login credentials if they want to access the apex application.
How can I acheive this?
Thanks

What exactly do you mean by "the apex application", the development and administration interface to Application Express, or the applications you develop?
For the former case, you cannot change the way authentication is done. For your own apps, that's up to you.
Scott

Changing LDAP System from AD to ADAM in CUCM 7.1.5

Hello Guys,
First time poster here, so be gentle...
We have a query regarding LDAP Synchronisation in CUCM 7.1.5.
A brief background :
Our CUCM environment has expanded since we first put it in a couple of years ago. We originally had, and continue to have, a single LDAP System configured on CUCM for only one of our AD forests.
We have a multi-forest AD environment, with us rolling out more and more CUCM enabled sites from our differing AD forests.
1 x CUCM 7.1.5 Pub (+ 2 x Subs)
1 x Presence
1 x MP
1 x UCCX
1 x Unity Connection
3 x Unity
We are building an AD LDS (ADAM) server to enable our multi-forest integration and LDAP synchronisation from CUCM. This is built based of this Cisco doco :
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml
Our question :
Changing the CUCM LDAP System (and thus also changing the LDAP Directory and Authentication)
From : "Microsoft Active Directory"
To : "Microsoft Acive Directory Application Mode" (ADAM)
AND : After running the first CUCM sync with the new ADAM server.
What impact will this have on the existing user accounts in CUCM (in terms of their Associated Devices and their Permissions Groups and Roles)?
Will they be overwritten and thus the above fields be blank? Leaving us having to manually add all that back in to our existing user base.
Or, (which we feel is most likely), will there be duplicate accounts created in CUCM?
The reason we feel there will be duplicates is due to the nature of multi-forest deployments and the issue of having the same usernames in two or more forests. All authentication requests must be performed using their User Principal Name (UPN), such as [email protected], rather than the standard way of just using your userid : jdoe
Sorry for the long winded query.
Appreciate any thoughts/opinions on this.
Cheers,
Rick.

Rick,
I haven't done this myself, so keep that in mind. As you say, be gentle.
Putting ADAM aside for the moment, in an LDAP sync configuration when you establish a sync agreement the CUCM does the following:
1. All user objects in the CUCM db are marked inactive
2. CUCM begins sync'ng with LDAP
3. For each user object learned from LDAP: The LDAP attribute chosen to map to the user ID in CUCM is compared to existing CUCM user objects.
- If a match is found, the account is activated
- attributes for first name, last name, telephoneNumber, etc. are then overwritten with the LDAP values (based on attribute mappings)
4. After the sync completes, any CUCM user object that did not have a LDAP object with the same user ID are still marked inactive. These objects will be purged during the next clean up interval
To give an example, I had a project where the customer was doing an upgrade from 4.1 to 7.1(3). As part of the upgrade, user objects were moved over to CUCM 7.1(3). Then we enabled LDAP sync. User objects were not deleted, nor were there duplicates. Configurations such as device associations were unaffected. The only thing we needed to do was check the CUCM user DB against LDAP user objects (running scripts against both) to find any mismatches between sAMAccountName and the CUCM user ID.
Assuming the sync process and behavior for activating/deactivating accounts is the same with an ADAM integration, then I wouldn't expect you to have an issue.
HTH.
Regards,
Bill

Problem with LDAP configuration in Enterprise Manager

Hi all,
I'm new at Java CAPS. After install some pieces of Java CAPS now I'm trying to install and configure a Sun Java System Directory Server 5.2 in our environment.
I've already configured the Repository and the Logical Host to work with the ldap, but I have some troubles to do it with the Enterprise Manager.
I followed the instructions of the Administrator guide about the changes to do in web.xml and ldap.properties of the sentinel app but when I do login the Enterprise Manager I can't see the options of the tree to manage servers or users.
It seems that the app don't recover the user roles. I think so becouse I tried to create one user without roles (in normal authentication, without ldap configured) and when I did login in the result was the same.
At the beginning of the process I created the roles 'all', 'administration' and 'management'. However I tried to copy de roles of the Tomcat authentication from 'tomcat-users.xml' to ldap roles, but it doesn't work.
Anyone could help me?
Thanks in advance, and sorry for my rudimentary English

Check that you have the correct Preferred Credentials with Logon as batch job if this is windows. Also check the correct configuration with regards LDAP integration for you platform.

LDAP failover - what happens when the primary LDAP server returns...?

Hi,
Got a question regarding LDAP failover...
I`m running IMS5.2hf2.09 and when our corporate LDAP server has a hiccup the IMS box succesfully fails over to the next one according to the 'local.ugldaphost' configutil entry and the following entry is recorded in the http log:
[05/Feb/2006:21:00:02 -0500] ******** [29882]: General Error: ldappool: ldap1.***.***.*** : Can't connect to the LDAP server - failover to ldap2.***.***.***However my question is when does it recover back to the original LDAP server (ldap1) or does it stay on the failover LDAP server (ldap2) until that has a problem and so on? In this instance (where it has failed over to ldap2) there are no other log entries saying it has returned back to the original LDAP server (ldap1) yet NETSTAT shows LDAP connections to ldap1.
Our LDAP team have got some changes planned and so I want to understand the failover process better.
Thanks,
Tom
iPlanet Messaging Server 5.2 HotFix 2.09 (built Nov 18 2005)
libimta.so 5.2 HotFix 2.09 (built 10:35:58, Nov 18 2005)
SunOS ******** 5.8 Generic_108528-19 sun4u sparc SUNW,Ultra-80

Thanks Jay - that makes quite a difference!
Our failover LDAP server (ldap2) is over in Asia so if the primary LDAP server (ldap1 in US) has a hiccup - ALL LDAP traffic is going to go to Asia until ldap2 has a problem.
The majority of our IMS servers are in the US so I guess we`ll need to watch out for delays whilst in failover mode.

Troubleshoot ldap-ISR configuration

Hello
i am testing ScanSafe features and was setup a ISR (C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T) to use ldap authentication to AD following http://www.cisco.com/en/US/docs/security/web_security/ISR_SS/ISR_ScanSafe_SolutionGuide.pdf.
Unfortunatelly when user try to access the Internet any credentials i typed in do not work.
Below is debug ldap all output from the ISR:
Oct 1 20:28:43.160: LDAP: Received timer event
Oct 1 20:28:43.160: LDAP: Connection timeout occured. Retrying
Oct 1 20:28:43.160: LDAP: Opening ldap connection ( 10.1.1.1, 3268 )ldap_open
ldap_init libldap 4.5 18-FEB-2000
open_ldap_connection
ldap_connect_to_host: 10.1.1.1:3268
Oct 1 20:28:43.160: LDAP: socket 1 - connecting to 10.1.1.1 (3268)
Oct 1 20:28:43.160: LDAP: socket 1 - connection in progress
Oct 1 20:28:43.160: LDAP: socket 1 - local address 10.3.206.33 (54052)
Oct 1 20:28:43.160: LDAP: Connection on socket 1
Oct 1 20:28:43.160: LDAP: Connection to LDAP server (CDC02.domain.net, 10.19.146.14) attempted
Oct 1 20:28:43.160: LDAP: Connection state: DOWN => CONNECTING
Oct 1 20:28:43.176: LDAP: Received socket event
Oct 1 20:28:43.176: LDAP: Checking the conn status
Oct 1 20:28:43.176: LDAP: Socket read event socket=1
Oct 1 20:28:43.176: LDAP: Found socket ctx
Oct 1 20:28:43.176: LDAP: ldap tcp transport closing on socket 1
Oct 1 20:28:43.176: LDAP: Protocol received transport down notification
Oct 1 20:28:43.176: LDAP: Server-CDC02.domain.net connection going down !!!
Oct 1 20:28:43.176: LDAP: Clearing all ldap transactions
Oct 1 20:28:43.176: LDAP: Connection state: CONNECTING => DOWN
Oct 1 20:28:43.176: LDAP: Connection state: DOWN => DOWN
Oct 1 20:28:43.176: LDAP: Connection timer started for 30 seconds for CDC02.domain.netldap_unbind
ldap_free_connection lc=0x2CAFBEF0
ldap_free_connection: actually freed
Oct 1 20:28:43.180: LDAP: socket 1 - CONN_WAIT->CONN_CLOSE
Oct 1 20:28:43.180: LDAP: Received socket event
Oct 1 20:29:13.176: LDAP: Received timer event
Oct 1 20:29:13.176: LDAP: Connection timeout occured. Retrying
Oct 1 20:29:13.176: LDAP: Opening ldap connection ( 10.1.1.1, 3268 )ldap_open
ldap_init libldap 4.5 18-FEB-2000
open_ldap_connection
ldap_connect_to_host: 10.1.1.1:3268
Oct 1 20:29:13.176: LDAP: socket 1 - connecting to 10.19.146.14 (3268)
Oct 1 20:29:13.176: LDAP: socket 1 - connection in progress
Oct 1 20:29:13.176: LDAP: socket 1 - local address 10.3.206.33 (48488)
Oct 1 20:29:13.176: LDAP: Connection on socket 1
Oct 1 20:29:13.176: LDAP: Connection to LDAP server (CDC02.domain.net, 10.19.146.14) attempted
Oct 1 20:29:13.176: LDAP: Connection state: DOWN => CONNECTING
Oct 1 20:29:13.192: LDAP: Received socket event
Oct 1 20:29:13.192: LDAP: Checking the conn status
Oct 1 20:29:13.192: LDAP: Socket read event socket=1
Oct 1 20:29:13.192: LDAP: Found socket ctx
Oct 1 20:29:13.192: LDAP: ldap tcp transport closing on socket 1
Oct 1 20:29:13.192: LDAP: Protocol received transport down notification
Oct 1 20:29:13.192: LDAP: Server-CDC02.domain.net connection going down !!!
Oct 1 20:29:13.192: LDAP: Clearing all ldap transactions
Oct 1 20:29:13.192: LDAP: Connection state: CONNECTING => DOWN
Oct 1 20:29:13.192: LDAP: Connection state: DOWN => DOWN
Oct 1 20:29:13.192: LDAP: Connection timer started for 30 seconds for CDC02.domain.netldap_unbind
ldap_free_connection lc=0x2CAFBEF0
ldap_free_connection: actually freed
from the router i do have connectivity to AD controller configured in ISR config (ping works) and there is no firewall that will prevent ldap traffic.
Any good troubleshooting ideas that will help getting this setup running?

I have a similar problem as well with Scansafe, on a 3945 ISR with IOS 15 (C3900-UNIVERSALK9-M). LDAP binding to the LDAP Server when authenticating any domain user, except for the default Scansafe Bind Root-DN user, is failing. Which I believe could also be your problem, unless, from the logs you presented, it appears as connection to the LDAP Server itself is failing; post your LDAP configuration.
Try running:
# sh ldap server all   (to see if any LDAP server exists)
Try testing the Scansafe AAA LDAP server via:
# test aaa group new-code
In my case, testing any user's sAMaccount name, is failing, and it defaults to the default usergroup.
My config is exactly as the link you posted and I am using NTLM PASSIVE AUTHENTICATION.
In that PDF, there is this paragraph that describes exactly what is happening to my Scansafe.
Configuring a Default User Group
You can configure a default user group to assign to each client when the ISR cannot determine the
credentials for a user. Define a default user group using the following CLI command:
[no] user-group default
The ISR uses the default user group name here to iden
tify all clients connected to a specific interface on
the ISR when it cannot determine the user’s credenti
als. You might want to define a default user group
so that all traffic redirected to
the ScanSafe proxy servers are assigned a user group so particular
ScanSafe policies can be applied a
ppropriately. For example, you might want to create a default user
group for guest users on the wireless network.
Only one user group can be defined per interface.
Here is what my logs show regarding LDAP BINDING OPERATION, from # debug ldap all:
-- Testing with jltestuser (this is just any random user, as all users are failing anyway)
barra-gate#
barra-gate#
051646: Aug 23 23:10:34.983 BRST: LDAP: LDAP: Queuing AAA request 0 for processing
051647: Aug 23 23:10:34.983 BRST: LDAP: Received queue event, new AAA request
051648: Aug 23 23:10:34.983 BRST: LDAP: LDAP authentication request
051649: Aug 23 23:10:34.983 BRST: LDAP: Invalid hash index 512, nothing to remove
051650: Aug 23 23:10:34.983 BRST: LDAP: New LDAP request
051651: Aug 23 23:10:34.983 BRST: LDAP: Attempting first next available LDAP server
051652: Aug 23 23:10:34.983 BRST: LDAP: Got next LDAP server :
051653: Aug 23 23:10:34.983 BRST: LDAP: First Task: Send bind req
051654: Aug 23 23:10:34.983 BRST: LDAP: Authentication policy: bind-first
051655: Aug 23 23:10:34.983 BRST: LDAP: Bind: User-DN=cn=jltestuser,CN=Users,DC=,DC=,DC=com ldap_req_encode
Doing socket write
051656: Aug 23 23:10:34.983 BRST: LDAP: LDAP bind request sent successfully (reqid=92)
051657: Aug 23 23:10:34.983 BRST: LDAP: Sent transit request to server
051658: Aug 23 23:10:34.983 BRST: LDAP: LDAP request successfully processed
051659: Aug 23 23:10:35.539 BRST: LDAP: Received socket event
051660: Aug 23 23:10:35.539 BRST: LDAP: Process socket event for socket = 0
051661: Aug 23 23:10:35.539 BRST: LDAP: Conn Status = 4
051662: Aug 23 23:10:35.539 BRST: LDAP: Non-TLS read event on socket 0
051663: Aug 23 23:10:35.539 BRST: LDAP: Found socket ctx
051664: Aug 23 23:10:35.539 BRST: LDAP: Receive event: read=1, errno=11 (Resource temporarily unavailable)
051665: Aug 23 23:10:35.539 BRST: LDAP: Passing the client ctx=1855243Cldap_result
wait4msg (timeout 0 sec, 1 usec)
ldap_select_fd_wait (select)
ldap_read_activity lc 0x1AADABD8
Doing socket read
LDAP-TCP:Bytes read = 110
ldap_match_request succeeded for msgid 7 h 0
changing lr 0x11A14BFC to COMPLETE as no continuations
removing request 0x11A14BFC from list as lm 0x1AAB8494 all 0
ldap_msgfree
ldap_msgfree
051666: Aug 23 23:10:35.539 BRST: LDAP: LDAP Messages to be processed: 1
051667: Aug 23 23:10:35.539 BRST: LDAP: LDAP Message type: 97
051668: Aug 23 23:10:35.539 BRST: LDAP: Got ldap transaction context from reqid 92ldap_parse_result
051669: Aug 23 23:10:35.539 BRST: LDAP: resultCode:    49     (Invalid credentials)
051670: Aug 23 23:10:35.539 BRST: LDAP: Received Bind Responseldap_parse_result
ldap_err2string
051671: Aug 23 23:10:35.539 BRST: LDAP: Ldap Result Msg: FAILED:Invalid credentials, Result code =49
051672: Aug 23 23:10:35.539 BRST: LDAP: LDAP Bind operation result : failed <<<<<<<<<<-----------------------LOOK!!!!!
051673: Aug 23 23:10:35.539 BRST: LDAP: Connection 0 already exist for reuseldap_msgfree
051674: Aug 23 23:10:35.539 BRST: LDAP: Closing transaction and reporting error to AAA
051675: Aug 23 23:10:35.539 BRST: LDAP: Transaction context removed from list [ldap reqid=92]
051676: Aug 23 23:10:35.539 BRST: LDAP: Notifying AAA: REQUEST FAILED
051677: Aug 23 23:10:35.539 BRST: LDAP: Received socket event
--- Testing with the scansafe assigned user that binds to the Bind DN. This is the only user that succeeds authentication!!!!
barra-gate#
barra-gate#
barra-gate#
051684: Aug 23 23:13:57.664 BRST: LDAP: LDAP: Queuing AAA request 0 for processing
051685: Aug 23 23:13:57.664 BRST: LDAP: Received queue event, new AAA request
051686: Aug 23 23:13:57.664 BRST: LDAP: LDAP authentication request
051687: Aug 23 23:13:57.664 BRST: LDAP: Invalid hash index 512, nothing to remove
051688: Aug 23 23:13:57.664 BRST: LDAP: New LDAP request
051689: Aug 23 23:13:57.664 BRST: LDAP: Attempting first next available LDAP server
051690: Aug 23 23:13:57.664 BRST: LDAP: Got next LDAP server :
051691: Aug 23 23:13:57.664 BRST: LDAP: First Task: Send bind req
051692: Aug 23 23:13:57.664 BRST: LDAP: Authentication policy: bind-first
051693: Aug 23 23:13:57.664 BRST: LDAP: Bind: User-DN=cn=,CN=Users,DC=,,DC=comldap_req_encode
Doing socket write
051694: Aug 23 23:13:57.664 BRST: LDAP: LDAP bind request sent successfully (reqid=93)
051695: Aug 23 23:13:57.664 BRST: LDAP: Sent transit request to server
051696: Aug 23 23:13:57.664 BRST: LDAP: LDAP request successfully processed
051697: Aug 23 23:13:58.164 BRST: LDAP: Received socket event
051698: Aug 23 23:13:58.164 BRST: LDAP: Process socket event for socket = 0
051699: Aug 23 23:13:58.164 BRST: LDAP: Conn Status = 4
051700: Aug 23 23:13:58.164 BRST: LDAP: Non-TLS read event on socket 0
051701: Aug 23 23:13:58.164 BRST: LDAP: Found socket ctx
051702: Aug 23 23:13:58.164 BRST: LDAP: Receive event: read=1, errno=11 (Resource temporarily unavailable)
051703: Aug 23 23:13:58.164 BRST: LDAP: Passing the client ctx=1855243Cldap_result
wait4msg (timeout 0 sec, 1 usec)
ldap_select_fd_wait (select)
ldap_read_activity lc 0x1AADABD8
Doing socket read
LDAP-TCP:Bytes read = 22
ldap_match_request succeeded for msgid 8 h 0
changing lr 0x11A14BFC to COMPLETE as no continuations
removing request 0x11A14BFC from list as lm 0x1AAB9D14 all 0
ldap_msgfree
ldap_msgfree
051704: Aug 23 23:13:58.164 BRST: LDAP: LDAP Messages to be processed: 1
051705: Aug 23 23:13:58.164 BRST: LDAP: LDAP Message type: 97
051706: Aug 23 23:13:58.164 BRST: LDAP: Got ldap transaction context from reqid 93ldap_parse_result
051707: Aug 23 23:13:58.164 BRST: LDAP: resultCode:    0     (Success)
051708: Aug 23 23:13:58.168 BRST: LDAP: Received Bind Responseldap_parse_result
051709: Aug 23 23:13:58.168 BRST: LDAP: Ldap Result Msg: SUCCESS, Result code =0
051710: Aug 23 23:13:58.168 BRST: LDAP: LDAP Bind successful for DN:cn=CN=Users,DC=,DC=,DC=com
Now, what does this problem affect? I cannot enforce the application of filters from the Scansafe site to specific user groups. Users can use the internet under the default usergroup. Everyone defaults to the default filter. I have a filter established for say Purchasing, allowing them extra leeway on what they can view, but the members of that group cannot authenticate, and thus their filter is not applied.
Application of filters is essential to Scansafe, without them, it defeats the purpose.
I appreciate all the help I can get on this.

Error in LDAP Search QPAC

Hi..
i am trying to use LDAP search qpac.I have the provider url and i gave the username as admin and password as password.when i drag the ldap search qpac into my workflow and refreshing for the baseDN, it is giving an error saying that "cannot instantiate class com.sun.jndi.ldap.LdapCtxFactory"
wht do the DC,CN mean?
plzz help me if there are any demos for understandin the ldap search qpac more.. have already read the topic given by marc szulc regarding ldap search qpac.
thanks..
Raghava Kumar V.S.S.

I started getting this error when I mistakenly changed a search filter from (&(uid=james)(objectclass=Staff)) to (uid=james)(objectclass=Staff)). It is complaining about the unbalanced parenthesis.

LDAP for Linux

Hi All,
I have 3 questions regarding LDAP on linux.
1. How can we start LDAP(OpenLdap) on linux machine?
2. How can we check LDAP is started or not ?
3. How can we uninstall Ldap on linux?
If any body have any solution for that , could please share with me?
It's very very urgent.please send your feedback. Ihope I'll get response very soon
Regards
Pattanaik

pattanaikhr wrote:
If you don't know , simply tell you don't know.Please don't coloring this forum.I'm sorry (no I'm not), but, you can't tell me what to post. And telling you that this was the wrong forum for your post, and providing you with another example of how it was wrong, is perfectly applicable.
I've some hope over this forum so that's why I have posted my questions here.And? I have a lot of "hope" for this forum, too. But, I don't expect to get applicable, informed answers on topics that have nothing to do with the advertised purpose of the forum.
IOW, if you want relevant, quality answers to a question, post it in the right place, and this isn't it.

Snow Leopard Server reset LDAP Admin password

Hi,
I have taken over the maintenance of a Mac Mini server. The previous persone left the Server Admin crudentials but no information regarding LDAP Admin.
Could not find the information in the Keychain non of the known usernames and passowords work either.
Any idea how to reset the LDAP Admin password?
Thanks!
Rogier

The typical user created for managing Open DIrectory LDAP is Directory Administrator (diradmin), though it's possible to have a different user.
Launch Workgroup Manager and authenticate to the server, and have a look around for that user. (If necessary, click Accounts head-and-shoulders icon on the top, and then the other head-and-shoulders icon. This will get you to the accounts, and specifically to the users that are in Open Directory)
If you find that user, or any other users that has a checkmark for "administer this server" for that matter, then those are the passwords you'll be changing.
If Workgroup Manager shows the user as locked, click on the padlock.
(All of this assumes that you have access to Workgroup Manager through some user that can administer the Open Directory server. If not, then you'll want to ask your predecessor, or you'll be breaking into the database.)
The password is on the same display as the user accounts.
I'd strongly recommend getting a backup of everything before making any changes. Boot the DVD installation disk, and use Disk Utility from the Utilities menu to create disk images to external disks from there. Probably two copies, on two disks. Mistakes here can be bad, and you'll want to have a good copy regardless.

Difference between LDAP & oracle DB

Hi..All,
I am totally new to the LDAP concepts. I attended a small training regarding LDAP. As far I I learned , its allows you to autheticate a user against the LDAP db. THe db is well tuned to do heavy weight read . My question is how does it differ from directly doing to a Oracle database to autheticate the user instead of going thru LDAP.
TIA,
Praveen

LDAP is a directory access protocol. It doesn't provide all the capabilities of an RDBMS like Oracle. It is a specialized protocol for accessing data that is more often read than updated. It is typically used to store user information and as such is used a lot for security infrastructure. A general relational DBMS may not have such specific built-in support for authentication and authorization. LDAP provides significant security support built-in.
In fact, Oracle (the company) has an LDAP offering which uses Oracle as the underlying data repository.

RTMT LDAP

We are getting this alert everyday regarding LDAP monitor service . Looks like it happens when the system runs a backup job is this normal that service has to stop while running backup. It happen on both servers environment is HA.
> At Fri Apr 04 01:36:42 EDT 2014 on node USHICUCCX02, the following SyslogSeverityMatchFound events generated:
> SeverityMatch : Alert
> MatchedEvent : Apr 4 01:36:19 USHICUCCX02 local7 1 : 68:
> USHICUCCX02.corp.hgicnet.net: Apr 04 2014 05:36:19.140 UTC :
> %UC_GENERIC-1-ProcessStop: %[UNKNOWN_PARAMTYPE:Process Identifier=25533][ModuleName=Cisco Desktop LDAP Monitor Service][AppID=Cisco Unified CCX Cluster View Daemon][ClusterID=][NodeID=USHICUCCX02]: Process Stopped AppID : Cisco Syslog Agent ClusterID :
> NodeID : USHICUCCX02
> TimeStamp : Fri Apr 04 01:36:20 EDT 2014

We are getting this alert everyday regarding LDAP monitor service . Looks like it happens when the system runs a backup job is this normal that service has to stop while running backup. It happen on both servers environment is HA.
> At Fri Apr 04 01:36:42 EDT 2014 on node USHICUCCX02, the following SyslogSeverityMatchFound events generated:
> SeverityMatch : Alert
> MatchedEvent : Apr 4 01:36:19 USHICUCCX02 local7 1 : 68:
> USHICUCCX02.corp.hgicnet.net: Apr 04 2014 05:36:19.140 UTC :
> %UC_GENERIC-1-ProcessStop: %[UNKNOWN_PARAMTYPE:Process Identifier=25533][ModuleName=Cisco Desktop LDAP Monitor Service][AppID=Cisco Unified CCX Cluster View Daemon][ClusterID=][NodeID=USHICUCCX02]: Process Stopped AppID : Cisco Syslog Agent ClusterID :
> NodeID : USHICUCCX02
> TimeStamp : Fri Apr 04 01:36:20 EDT 2014

Configuring LDAP

Hi,
I am trying to configure LDAP for my portal server (EP 6 SP 15) with Sun ONE directory server as user store.
(there is a blog for Novell eDirectory server but not for SunONE or Windows ADS)
Is there any blog or documents for it?
It will be very helpful for me to continue with the task.
Thanks in advance
swarna

Hi,
I went through the blog regarding "LDAP configuration with Novell eDirectory server".
I installed both edirectory and iManager in my system without any errors.
But when i try to create a user using iManager,i am not able to login,inspite of giving the correct user id and password which i gave during installation---
User-Admin.O=company
Password-********
Tree-novelltree
I get the following error-
<b>
(Error -634) The target server does not have a copy of what the source server is requesting. Or, the source server has no objects that match the request and has no referrals on which to search for the object. </b>
Since this is the first step,am unable to proceed further!!
If someone has tried this,can u please help?
Regards
SwarnaDeepika
Message was edited by: SwarnaDeepika

Active Directory Integration with OBIEE 11.1.1.6.0

Hi all,
I have a wierd issue, might be due to my lack of understanding regarding LDAP, but here is the problem.
When I use the Principal for configuring AD Authenticator, I use something like
Principal:             CN=test test,OU=Groupe,DC=abc,DC=com
User Base DN:      OU=Groupe,DC=abc,DC=com
This fetches users successfully, I could see a user named "test" in the Users and Groups Screen.
I have multiple authenticators, and CONTROL FLAG for all is set to SUFFICIENT.
Refreshed the GUIDs too.
But when I try to login using the username test    it throws out error saying
Error Message From BI Security Service: SecurityService::authenticateUserWithLanguage [OBI-SEC-00015] Unable to find user in identity store
[2013-12-10T06:35:54.000+00:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 19498f464dc721aa:7ff6bd7a:142dc1e4b45:-8000-0000000000000660] [tid: ec4] [nQSError: 43126] Authentication failed: invalid user/password.
NOTE: The install is an OBIEE Simple Install. Does it have a limitation on the No. of Authenticators? (just a wild guess)
Could any one help in resolving this login issue?
Regards,
Kiran P

Hi,
Verify that your Oracle EBS OLTP DbAuth Connection Pool executes on connect Physical SQL :
call /* valueof(NQ_SESSION.ACF) */ APP_SESSION.validate_icx_session('valueof(NQ_SESSION.ICX_SESSION_COOKIE)')
Best,
Ark

Configure UME

Hi All,
I have done implementation ESS+MSS using UME configured ABAP system, it is working fine.
Now I have to change UME configuration LDAP or JAVA stack database.
Case 1: IF I am going to use LDAP
I have to map employee personal number to the user in LDAP and I am goinng maintain same user ID in portal.
Case 2: If I am going to use JAVA Stack
I have to maintain same user id in JAVA and ABAP stack or user mapping.
But client don't want to create user in ABAP (Mapping the personal number same as LDAP)
Could you please help me, best way to proceed and what are the things do I need to change in existing project.
Thanks in advance...
Regards
Ben

Hi Sunil,
Thank you very much.
Many to one scenario: (just imagination)
I will maintain user Id details in JAVA stack including employee personal number.
and fetch the data based on personal number.
I red some document regarding LDAP using as UME ...
Ex:
Data extraction in SAP HR
The extraction report in the appendix is based on the SAP report RPLDAP_MANAGER.
It uses the logical database PNP. The macro RP_PROVIDE_FROM_LAST is used to
retrieve the last entry of the current period in the table header entry from an internal
infotype table (here p0001 and p0002). The data is transmitted to the function module
SPLDAP_RECEIVE_ATTRIBUTES.
CALL FUNCTION 'SPLDAP_RECEIVE_ATTRIBUTES'
DESTINATION LDAPDEST
EXPORTING
LOGSYS = LOGSYS
SERVERID = LDAPSRV
ATTRIBUTES_S = attributes[]
INITIAL_RUN = LDAPINITIALRUN
IMPORTING
RETURN = ERRORS[].
The function module SPLDAP_RECEIVE_ATTRIBUTES is part of the ABAP stack in a
Web Application Server and is remote enabled. If the extraction report runs in a SAP HR
system having the release 4.6 or lower it can to be called remotely in separate SAP Web
Application Server that than acts as a LDAP Gateway.
The function module SPLDAP_RECEIVE_ATTRIBUTES needs the following input
parameters:
DESTINATION RFC destination that is configured to access the SAP Web
Application Server remotely where the LDAP connector is
configured. (Only needed for a SAP HR system having a release of
4.6 or lower)
LOGSYS Logical system name of the client where the extraction report runs.
This value is retrieved using the function module
'OWN_LOGICAL_SYSTEM_GET'
SERVERID Name of the LDAP server as it is configured in transaction LDAP in
the SAP Web Application Server
ATTRIBUTES_S Internal table that receives the name and values of the Logical SAP
Data Fields that are mapped in transaction LDAP against the
directory services attributes of the user object. The internal table
has the following fields:
PERNR
ATTR_TAB
6
ATTR_FIELD
VALUE
INITIAL_RUN If this flag is set the function module first tries to create a user. It will
try to update the user if the user already exists. If the flag is omitted
the function module will first try to update the user and will then try
to create the user if it does not exist
The logical SAP data fields can be represented by freely-definable names whereas the
name of the SAP data structure is fixed to EMPLOYEE. In our example we therefore
choose meaningful names such as FIRSTNAME and LASTNAME for the SAP data
fields. The SAP data fields are mapped to the directory services attributes using
transaction LDAPMAP in the SAP Web Application Server as described later.
If the first name and the last name of the two employees Bill Smith and Bob Smith are
extracted the table ATTRIBUTES_S will have the following content.
PERNR ATTR_TAB ATTR_FIELD VALUE
0000001 EMPLOYEE FIRSTNAME Bill
0000001 EMPLOYEE LASTNAME Smith
0000001 EMPLOYEE SAMACCOUNTNAME E00000001
0000002 EMPLOYEE FIRSTNAME Bob
0000002 EMPLOYEE LASTNAME Smith
0000002 EMPLOYEE SAMACCOUNTNAME E00000002
Because we have to maintain 60000 users..
Could you please suggest me best way ?
Regards
Ben

How to use ldaprealm security in weblogic6.1

Hi,
How would I use weblogic6.1 ldaprealm to authenticate the user using
iplanet directory server 5.1

Hi Gokula,
Have you seen the documentation at
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1071872
You will want to be using the "LDAP REALM V2" and definitely not the "V1"
There have also been many postings in this newsgroup regarding LDAP setup
and problems with Netscape LDAP server -- I recommend searching through
it if you have problems. Check out
http://search.beasys.com/weblogic/gonews/
You can even search specific newsgroups (I'd recommend
weblogic.developer.interest.security ..)
Once it's hooked up correctly, WebLogic will automatically delegate to
your LDAP realm for authentication purposes.
Hope this helps.
Joe Jerry
Gokula Krishnan wrote:
Hi,
How would I use weblogic6.1 ldaprealm to authenticate the user using
iplanet directory server 5.1

Regarding LDAP

Similar Messages

Maybe you are looking for