Renaming objectclass value
Hello,
I need to change objectclass : mailReciepent to mailrecient.
What's the easiest way to do this.
export to ldif , edit the file and import
or
can i use ldapmodify ? and how do i use this ?
Tnx
Antoine Smits
Export is your only option. The Objectclass type is case-insensitive. The correct answer of course, is for clients to treat objectclass values as case-insensitive...
Similar Messages
-
GetResourceObjects returns one Objectclass value.
I am trying to use getResourceObjects to get all objectclasses for a user. However only the first objectclass is returned for the user.
for eg if the user has top;user;inetorgperson the search return only top. Please help.
The express code i use is
<block>
<defvar name='ctx'>
<ref>context</ref>
</defvar>
<defvar name='ctxmap'>
<map>
<s>searchContext</s>
<s>dc=Hawaii,dc=com</s>
<s>searchScope</s>
<s>subTree</s>
<s>searchAttrsToGet</s>
<List>
<String>memberOf</String>
<String>objectclass</String>
</List>
<s>searchFilter</s>
<s>CN=Template1 Template1</s>
</map>
</defvar>
<defvar name='ADresfound'>
<invoke name='getResourceObjects' class='com.waveset.ui.FormUtil'>
<ref>ctx</ref>
<s>User</s>
<s>AD</s>
<ref>ctxmap</ref>
</invoke>
</defvar>
<ref>ADresfound</ref>
</block>The value returned is
<List>
<Object>
<Attribute name='accountId' value='CN=Template1 Template1,CN=Users,DC=hawaii,DC=com'/>
<Attribute name='distinguishedName' value='CN=Template1 Template1,CN=Users,DC=hawaii,DC=com'/>
<Attribute name='memberOf' value='CN=mygroup,CN=Users,DC=hawaii,DC=com'/>
<Attribute name='objectclass' value='top'/>
</Object>
</List>LOL
That is not my code,just showing U what I mean.(Somewhere between an algorithm,and pseudo-code)
Below is part of the real code(Not promising it is any better!!!)
When the button in the Jframe is click button is called,which in turn calls incI().What I need is g3 to hold the value of g2,not of null.
Graphics2D g3 = null;
public void paintComponent(Graphics g)
addMouseListener(this);
addMouseMotionListener(this);
super.paintComponent(g);
Graphics2D g2 = (Graphics2D) g;
g3 = g2;
drawArc(0, g3);
void incI(int s)
i++;
drawArc(0, g3);
class Button extends JPanel
public Button(MyPanel inGraphPanel)
final MyPanel graphPanel = inGraphPanel;
JButton plusButton = new JButton(" + ");
JButton minusButton = new JButton(" - ");
JFrame frame = new JFrame("Frame");
Container cp = frame.getContentPane();
plusButton.addActionListener(new ActionListener()
public void actionPerformed(ActionEvent ce)
graphPanel.incI();
minusButton.addActionListener(new ActionListener()
public void actionPerformed(ActionEvent ce)
cp.setLayout(new FlowLayout());
add(plusButton);
add(minusButton);
} -
Renaming Valid Values of "Copy From" in Delivery
Hi,
In a delivery doc, i have selected a customer and clicked on "Copy From". I get a small popup with values "Quotations", "Sales Orders", "Returns". I want to rename these to different values.
Any ideas to accomplish this??
Best Regards, laks.Hi, thanks for the reply.
Any legal, extra - normal ways to do this?? this is a bit important for the business needs of our customer...
thanks, laks. -
Hi all,
Anyone know any side effect if we want to rename the Value Field Description ?
I know this is cross-client configuration, I just wonder SAP will rebuild the table structure or not when we change the name ?
Or just a simple action when save. Since we have 3 yrs data in there.
SPRO -> Controlling -> Profitability Analysis -> Structures -> Define Operating Concern -> Maintain Value Fields
Thanks a lotHi
You have 2 options
1. To open the production client in SCC4 and change the VF description... This is the simplest way of doing it... To have consistency across all clients like Test and Quality client, you will have to do the same there as well
2. Standard SAP recommendation : Change the description in DEV client and regenerate your operating concern in DEV client.. there after, transport the operating concern again from KE3I.. This would generate both customizing and work bench request....
In the next screen that comes, you can select what all to transport.. Ideally, I prefer to select all
When you transport this operating concern change to production, make sure that all other users are logged out and no transactions are happening... SIt with your BASIS guy and do this....
It wont impact any posted data in the prod clients.... I have done this with both the approaches and both work fine... Absolutely no issues!!
Regards
Ajay M -
Decode the values (Re-group Dimension Values) without ETL
Hello guys, i have a question which is partly triggered by me not wanting to modify the default ETLs.
I have values in a dimension table coming as:
Region A
Region B
Region C
Region D
Region E
However, i am hoping to re-org the hierarchy as below:
Region New A
Region New D
I know this can be done in ETL but is there any place else that this can be done? Possibly in the business layer? Is there a place in the business layer where we can decode the values and re-group them?
Essentially, there is a new org structure in our company where we are grouping (consolidating) old regions into new and renaming the values.
Thanks in advance for your help,In the logical column in the BMM you have two options to write expression:
1. In general tab/use existing logical columns as the source
2. In data type tab/logical table source/edit/logical column and write expression using physical tables and columns
In both cases you can write your mapping expression whether it is a case statement or something else.
Regards
Goran
http://108obiee.blogspot.com -
Decode the values without ETL (Re-group Dimension Values)
Hello guys, i have a question which is partly triggered by me not wanting to modify the default ETLs.
I have values in a dimension table coming as:
Region A
Region B
Region C
Region D
Region E
However, i am hoping to re-org the hierarchy as below:
Region New A
Region New D
Essentially, there is a new org structure where we are grouping (consolidating) old regions into new and renaming the values.
I know this can be done in ETL but is there any place else that this can be done? Possibly in the business layer? Is there a place in the business layer where we can decode the values and re-group them?
Regards and thanks in advance for your help,Hi,
You could do this at the RPD layer with a case statement on a logical column. However I wouldn't really suggest this as it means if the grouping ever changes you have to release a new RPD to get the change.
Why not build a custom ETL task which you can set to run after the vanilla ones which just takes these values, consolidates them as required (perhaps using a lookup table to find the mappings from old -> new) and then loads the new value into an extension column on the dimension or on the related dimension extension i.e. W_ORG_DX. Then you can just expose this column in the presentation layer for users. Unless the table in question has many millions off columns, just let it do this mapping for every row in the table for each ETL.
I would think that would be a very simple task, and would mean that you could change the mappings easily through the lookup table if needed. It also means that you don't need to touch the vanilla ETL mappings, and aren't changing the values in the vanilla columns, as you mentioned you didn't want to do this.
Regards,
Matt -
ASA Remote Access Authentication with LDAP Server
Thank you in advance for your help.
I am configuring an ASA to authenticate with a ldap server for ipsec vpn access. My customer has 3 networks that are to be accessed by remote users. However they want to be able to say that one user can get to 2 of the networks and not the 3rd. So basically they want control over what network behind the firewall each user can access. This seems doable from my reading and I had planned to creating a group for each network that needs accessible and either do attribute maps to each group with a separate group created on the ldap server for authentication. Basically a ldap group on the ldap server that will have the users name in the group in order for access. I can restrict access via acl's or filtering to force my group to only be allowed access to a specific network. Here is the problem I am having now.
The ldap server has been created and seems to be working fine. I have created my AAA groups and servers and I have done the ldap test with a test user vpntest and a password on the ldap server. When I run the authentication test from the ADSM or command line I get a good authentication successful message. So I configured a vpn client remotely and attempted to authenticate to this group and it says there is no user by that name. Below is a paste of the debug. The second part is when I did a successful test from the ASDM or CLI and it worked great. The first part is when I attempted from the vpn client. It all looks the same from the search criteria. What am I missing here or does anyone more knowledgeable see anything that I am doing wrong. Can this be done this way or should I try radius. The customer was just adament about using ldap.
extvpnasa5510#
[243] Session Start
[243] New request Session, context 0xd5713fe0, reqType = 1
[243] Fiber started
[243] Creating LDAP context with uri=ldaps://130.18.22.44:636
[243] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
[243] supportedLDAPVersion: value = 2
[243] supportedLDAPVersion: value = 3
[243] No Login DN configured for server 130.18.22.44
[243] Binding as administrator
[243] Performing Simple authentication for to 130.18.22.44
[243] LDAP Search:
Base DN = [ou=employees,o=msues]
Filter = [uid=vpntest]
Scope = [SUBTREE]
[243] User DN = [uid=vpntest,ou=employees,o=msues]
[243] Talking to iPlanet server 130.18.22.44
[243] No results returned for iPlanet global password policy
[243] Fiber exit Tx=386 bytes Rx=414 bytes, status=-1
[243] Session End
extvpnasa5510#
[244] Session Start
[244] New request Session, context 0xd5713fe0, reqType = 1
[244] Fiber started
[244] Creating LDAP context with uri=ldaps://130.18.22.44:636
[244] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
[244] supportedLDAPVersion: value = 2
[244] supportedLDAPVersion: value = 3
[244] No Login DN configured for server 130.18.22.44
[244] Binding as administrator
[244] Performing Simple authentication for to 130.18.22.44
[244] LDAP Search:
Base DN = [ou=employees,o=msues]
Filter = [uid=vpntest]
Scope = [SUBTREE]
[244] User DN = [uid=vpntest,ou=employees,o=msues]
[244] Talking to iPlanet server 130.18.22.44
[244] Binding as user
[244] Performing Simple authentication for vpntest to 130.18.22.44
[244] Processing LDAP response for user vpntest
[244] Authentication successful for vpntest to 130.18.22.44
[244] Retrieved User Attributes:
[244] sn: value = test user
[244] givenName: value = vpn
[244] uid: value = vpntest
[244] cn: value = vpn test user
[244] objectClass: value = top
[244] objectClass: value = person
[244] objectClass: value = organizationalPerson
[244] objectClass: value = inetOrgPerson
[244] Fiber exit Tx=284 bytes Rx=414 bytes, status=1
[244] Session EndHi Larry,
You can map AD group memberships to specific group policies on the ASA, you can find that configuration here:
- http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html
Let me know if further assistance is required!
Please proceed to rate and mark as correct the helpful Post!
David Castro,
Regards, -
Hi,
I am trying to lock groups to a specific tunnel group but unfortunitly no matter what I do the group-lock feature doesnt seem to work. Basically here is what I want to do:
1-Users detail is pulled from AD through LDAP
2-AD group is mapped to the appropriate group on the ASA using attribute mapping
3-user should only use the tunnel that he/she is locked to
4-this all should be done without the user needing to select a group the vpn portal
5-we will be using Any connect and VPN portal for communication
All works fine except the group-lock feature. If enabled and set to "group-lock value NET_ADMIN_G" I get the following error on debug webvpn and the user is not allowed in.
webvpn_auth.c:http_webvpn_post_authentication[1503]
WebVPN: user: (test) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2905]
User came in on group he wasn't supposed to come in on!
when removed no matter what I do the user is mapped to DefaultWEBVPNGroup tunnel group,
SSLVPN(config-group-policy)# sho vpn-sessiondb webvpn
Session Type: WebVPN
Username : test Index : 132
Public IP : 10.1.1.1
Protocol : Clientless
License : AnyConnect Premium
Encryption : Clientless: (1)AES256 Hashing : Clientless: (1)SHA1
Bytes Tx : 252897 Bytes Rx : 48894
Group Policy : NET_ADMIN Tunnel Group : DefaultWEBVPNGroup
Login Time : 11:18:13 EDT Fri Mar 22 2013
Duration : 0h:01m:12s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
Asa is on 9.11.4.
group policy:
group-policy NET_ADMIN internal
group-policy NET_ADMIN attributes
wins-server none
dns-server value 2.2.2.2
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-session-timeout alert-interval 25
vpn-filter value VPN_SPLIT_TUNNEL
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
password-storage disable
ip-comp enable
re-xauth disable
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_SPLIT_TUNNEL
default-domain value brightstarcorp.com
split-dns value brightstarcorp.com
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
client-bypass-protocol disable
gateway-fqdn value svgmelb.au.brightstarcorp.com
leap-bypass disable
nem disable
backup-servers clear-client-config
msie-proxy method no-modify
vlan none
nac-settings none
address-pools value SSL_POOL
ipv6-address-pools none
scep-forwarding-url none
client-firewall none
client-access-rule none
webvpn
url-list value NETADMIN_BOOKMARK
filter value INTERNAL_WEBACL
homepage use-smart-tunnel
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ssl compression lzs
anyconnect dtls compression lzs
anyconnect modules value posture
anyconnect profiles value net_admin_p type user
anyconnect ask none default webvpn
customization value NETADMIN_PORTAL
hidden-shares visible
activex-relay enable
file-entry enable
file-browsing enable
url-entry enable
deny-message value Login was successful, but because certain criteria have not been met, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
anyconnect ssl df-bit-ignore disable
always-on-vpn profile-setting
auto-signon allow uri * auth-type all
Tunnel Group:
tunnel-group NET_ADMIN_G type remote-access
tunnel-group NET_ADMIN_G general-attributes
address-pool SSL_POOL
authentication-server-group LDAP
authorization-server-group LDAP
accounting-server-group RGROUPADMIN
default-group-policy NET_ADMIN
authorization-required
tunnel-group NET_ADMIN_G webvpn-attributes
customization NETADMIN_PORTAL
group-alias infra_network enable
group-url https://x.x.x.x/network enable
dns-group DNSGROUP
Any ideas?
Thanks in advanceHi Portu,
Heres debug Ldap:
SLVPN#
[553] Session Start
[553] New request Session, context 0x00007fff33beb228, reqType = Authentication
[553] Fiber started
[553] Creating LDAP context with uri=ldap://1.1.1.13:389
[553] Connect to LDAP server: ldap://1.1.1.13:389, status = Successful
[553] supportedLDAPVersion: value = 3
[553] supportedLDAPVersion: value = 2
[553] Binding as bind
[553] Performing Simple authentication for test to 1.1.1.13
[553] LDAP Search:
Base DN = [OU=xx ENTERPRISE,DC=xxx,DC=com]
Filter = [sAMAccountName=test]
Scope = [SUBTREE]
[553] User DN = [CN=test,OU=Users,OU=xx,OU=Australia,OU=APAC,OU=ENTERPRISE,DC=xxx,DC=com]
[553] Talking to Active Directory server 1.1.1.13
[553] Reading password policy for test, dn:CN=test,OU=Users,OU=xxx,OU=Australia,OU=APAC,OU=ENTERPRISE,DC=xxx,DC=com
[553] Read bad password count 0
[553] Binding as test
[553] Performing Simple authentication for test to 1.1.1.13
[553] Processing LDAP response for user test
[553] Message (test):
[553] Authentication successful for test to 1.1.1.13
[553] Retrieved User Attributes:
[553] objectClass: value = top
[553] objectClass: value = person
[553] objectClass: value = organizationalPerson
[553] objectClass: value = user
[553] cn: value = test
[553] sn: value =
[553] c: value = AU
[553] l: value = xxx
[553] st: value = xxx
[553] title: value = test user / IT
[553] description: value = Network
[553] postalCode: value = xxx
[553] physicalDeliveryOfficeName: value = xxx
[553] telephoneNumber: value = xxx
[553] givenName: value = test
[553] distinguishedName: value = CN=test,OU=Users,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=br
[553] instanceType: value = 4
[553] whenCreated: value = 20110327224420.0Z
[553] whenChanged: value = 20130319223953.0Z
[553] displayName: value = test
[553] uSNCreated: value = 84454809
[553] memberOf: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=
[553] mapped to IETF-Radius-Class: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=xxx,DC=com
[553] mapped to LDAP-Class: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=xxx,DC=com
[553] memberOf: value = CN=Networks,OU=Distribution Groups,OU=xxx,OU=Australia,OU=APAC,OU=
[553] mapped to IETF-Radius-Class: value = NET_ADMIN
[553] mapped to LDAP-Class: value = NET_ADMIN
[553] memberOf: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate
[553] mapped to IETF-Radius-Class: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate,OU=US & Canada,OU=BS ENTERPRISE,DC=xxx,DC=com
[553] mapped to LDAP-Class: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate,OU=US & Canada,OU=BS ENTERPRISE,DC=xxx,DC=com
aaa common debug:
AAA API: In aaa_open
AAA session opened: handle = 3
AAA API: In aaa_process_async
aaa_process_async: sending AAA_MSG_PROCESS
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 0
AAA FSM: In AAA_StartAAATransaction
AAA FSM: In AAA_InitTransaction
Initiating authentication to primary server (Svr Grp: LDAP)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server: 1.1.1.13
AAA FSM: In AAA_SendMsg
User: test
Resp:
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authentication Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = ACCEPT
AAA_NextFunction: authen svr = BSTAR_LDAP, author svr = LDAP, user pol = NET_ADMIN, tunn pol = DfltGrpPolicy
AAA_NextFunction: New i_fsm_state = IFSM_USER_GRP_POLICY,
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(NET_ADMIN)
Got server ID 0 for group policy DB
Initiating user group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: NET_ADMIN
Resp:
grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
grp_policy_ioctl: Looking up NET_ADMIN
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
User Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_USER_GRP_POLICY, auth_status = ACCEPT
AAA_NextFunction: New i_fsm_state = IFSM_AUTHORIZE,
AAA FSM: In AAA_InitTransaction
Initiating authorization query (Svr Grp: LDAP)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server: 1.1.1.13
AAA FSM: In AAA_SendMsg
User: test
Resp:
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authorization Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_AUTHORIZE, auth_status = ACCEPT
AAA_NextFunction: author svr = BSTAR_LDAP, user pol = NET_ADMIN, tunn pol = DfltGrpPolicy
AAA_NextFunction: New i_fsm_state = IFSM_AUTH_GRP_POLICY,
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(NET_ADMIN)
Got server ID 0 for group policy DB
Initiating authorization group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: NET_ADMIN
Resp:
grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
grp_policy_ioctl: Looking up NET_ADMIN
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authorization Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_AUTH_GRP_POLICY, auth_status = ACCEPT
AAA_NextFunction: New i_fsm_state = IFSM_TUNN_GRP_POLICY,
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(DfltGrpPolicy)
Got server ID 0 for group policy DB
Initiating tunnel group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: DfltGrpPolicy
Resp:
grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
grp_policy_ioctl: Looking up DfltGrpPolicy
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Tunnel Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_TUNN_GRP_POLICY, auth_status = ACCEPT
Class attribute created from LDAP-Class attribute
AAA_NextFunction: New i_fsm_state = IFSM_DONE,
AAA FSM: In AAA_ProcessFinal
Checking simultaneous login restriction (max allowance=3) for user test
AAA FSM: In AAA_Callback
user attributes:
1 User-Name(1) 6 "test"
2 User-Password(2) 10 (hidden)
3 Group-Policy(4121) 9 "NET_ADMIN"
4 AAA-AVP-Table(4243) 11268 "[04],[00][00]t[00][00][00][F8][03][00][00][0F][04][00]"
5 LDAP-Class(20520) 10 "NET_ADMIN[00]"
6 LDAP-Class(20520) 11 "USERS[00]"
user policy attributes:
1 Filter-Id(11) 8 "VPN_SPLIT_TUNNEL"
2 Session-Timeout(27) 4 0
3 Idle-Timeout(28) 4 30
4 Access-Hours(4097) 0 0x00007fff35d685e0 ** Unresolved Attribute **
5 Simultaneous-Logins(4098) 4 3
6 Primary-DNS(4101) 4 IP: 1.1.1.13
7 Secondary-DNS(4102) 4 IP: 1.1.1.30
8 Primary-WINS(4103) 4 IP: 0.0.0.0
9 Secondary-WINS(4104) 4 IP: 0.0.0.0
10 Tunnelling-Protocol(4107) 4 52
11 Banner(4111) 446 "This is a PRIVATE computer system, which may be acces"
12 Store-PW(4112) 4 0
13 Split-Tunnel-Inclusion-List(4123) 8 "VPN_SPLIT_TUNNEL"
14 Default-Domain-Name(4124) 18 "xxxxcorp.com"
15 Secondary-Domain-Name-List(4125) 18 "xxxxcorp.com"
16 Nat-Enabled-IPSec(4130) 4 0
17 IPSec-UDP-Port(4131) 4 10000
18 IPComp(4135) 4 1
19 Authentication-On-Rekey(4138) 4 0
20 Required-Firewall-Vendor-Code(4141) 0 0x0000000002e006b0 ** Unresolved Attribute **
21 Required-Firewall-Product-Code(4142) 0 0x0000000002e006b0 ** Unresolved Attribute **
22 Required-Firewall-Description(4143) 0 0x00007fff35d687fa ** Unresolved Attribute **
23 Secure-unit-config(4144) 4 0
24 Individual-user-auth-config(4145) 4 0
25 User-auth-idle-timeout(4146) 4 0
26 Cisco-IP-telephony-config(4147) 4 0
27 Split-Tunneling-Policy(4151) 4 1
28 Required-Firewall-Capability(4152) 0 0x0000000002e006b0 ** Unresolved Attribute **
29 Client Firewall Optional(4154) 0 0x0000000002e006b0 ** Unresolved Attribute **
30 Backup-Ip-Sec-Peers-Enabled(4155) 4 2
31 Network-Extension-Mode-Allowed(4160) 4 0
32 URL list name(4167) 17 "NETADMIN_BOOKMARK"
33 ACL-like filters(4169) 8 "INTERNAL_WEBACL"
34 Cisco-LEAP-Passthrough-config(4171) 4 0
35 IKE Client Type and Version Limiting policy rules(4173) 0 0x00007fff35d68835 ** Unresolved Attribute **
36 IE-Proxy-Server-Method(4177) 4 1
37 The tunnel group that tunnel must be associated with(4181) 11 "NET_ADMIN_G"
38 User ACL for inbound traffic(4182) 8 ""
39 User ACL for outbound traffic(4183) 8 ""
40 Indicates whether or not PFS is required for IPSec(4184) 4 0
41 WebVPN URL Entry enable(4189) 4 1
42 WebVPN File Server Entry enable(4191) 4 1
43 WebVPN File Server Browsing enable(4192) 4 1
44 WebVPN SVC Keep enable(4201) 4 1
45 WebVPN SVC Keepalive interval(4203) 4 20
46 WebVPN SVC Client DPD period(4204) 4 30
47 WebVPN SVC Gateway DPD period(4205) 4 30
48 WebVPN SVC Rekey period(4206) 4 0
49 WebVPN SVC Rekey method(4207) 4 0
50 WebVPN SVC Compression(4208) 4 2
51 WebVPN Customization(4209) 15 "NETADMIN_PORTAL"
52 WebVPN Deny message(4212) 180 "Login was successful, but because certain criteria ha"
53 WebVPN SVC DTLS Compression(4213) 4 2
54 Extended Authentication-On-Rekey(4218) 4 0
55 WebVPN SVC DTLS enable(4219) 4 1
56 WebVPN SVC MTU(4221) 4 1406
57 CIFS hidden shares(4222) 4 1
58 CVC-Modules(4223) 7 "posture"
59 CVC-Profile(4224) 17 "net_admin_p#user,"
60 CVC-Ask(4227) 4 4
61 CVC-Ask-Timeout(4228) 4 0
62 WebVPN ActiveX Relay(4233) 4 1
63 VLAN ID(4236) 4 0
64 NAC Settings(4237) 0 0x00007fff35d68985 ** Unresolved Attribute **
65 WebVPN Session timeout alert interval(4245) 4 25
66 List of address pools to assign addresses from(4313) 13 "SSL_POOL"
67 List of IPv6 address pools to assign addresses from(4314) 0 0x00007fff35d68998 ** Unresolved Attribute **
68 Smart tunnel on home page enable(4324) 4 1
69 Disable Always-On VPN(4325) 4 0
70 SVC ignore DF bit(4326) 4 0
71 Client Bypass Protocol(4331) 4 0
72 Gateway FQDN(4333) 29 "xxx.xxxxcorp.com"
73 CA URL for SCEP enrollment(20530) 0 0x00007fff35d689c7 ** Unresolved Attribute **
tunnel policy attributes:
1 Filter-Id(11) 8 "VPN_SPLIT_TUNNEL"
2 Session-Timeout(27) 4 0
3 Idle-Timeout(28) 4 30
4 Access-Hours(4097) 0 0x00007fff351cddd0 ** Unresolved Attribute **
5 Simultaneous-Logins(4098) 4 0
6 Primary-DNS(4101) 4 IP: 10.125.3.7
7 Secondary-DNS(4102) 4 IP: 10.125.3.5
8 Primary-WINS(4103) 4 IP: 0.0.0.0
9 Secondary-WINS(4104) 4 IP: 0.0.0.0
10 Tunnelling-Protocol(4107) 4 124
11 Banner(4111) 446 "This is a PRIVATE computer system, which may be acces"
12 Store-PW(4112) 4 0
13 Group-Policy(4121) 13 "DfltGrpPolicy"
14 Split-Tunnel-Inclusion-List(4123) 8 "VPN_SPLIT_TUNNEL"
15 Default-Domain-Name(4124) 18 "xxxxcorp.com"
16 Secondary-Domain-Name-List(4125) 0 0x00007fff351cdfc7 ** Unresolved Attribute **
17 Nat-Enabled-IPSec(4130) 4 0
18 IPSec-UDP-Port(4131) 4 10000
19 IPComp(4135) 4 0
20 Authentication-On-Rekey(4138) 4 0
21 Secure-unit-config(4144) 4 0
22 Individual-user-auth-config(4145) 4 0
23 User-auth-idle-timeout(4146) 4 30
24 Cisco-IP-telephony-config(4147) 4 0
25 Split-Tunneling-Policy(4151) 4 1
26 Client Firewall Optional(4154) 0 0x00007fff351cdfec ** Unresolved Attribute **
27 Backup-Ip-Sec-Peers-Enabled(4155) 4 1
28 Group-giaddr(4157) 4 IP: 0.0.0.0
29 Intercept-DHCP-Configure-Msg(4158) 4 0
30 Client-Subnet-Mask(4159) 4 IP: 255.255.255.255
31 Network-Extension-Mode-Allowed(4160) 4 0
32 WebVPN Content Filter Parameters(4165) 4 0
33 WebVPN Parameters configuration(4166) 4 1
34 URL list name(4167) 0 0x00007fff351ce008 ** Unresolved Attribute **
35 Forwarded ports(4168) 0 0x00007fff351ce009 ** Unresolved Attribute **
36 ACL-like filters(4169) 8 "INTERNAL_WEBACL"
37 Cisco-LEAP-Passthrough-config(4171) 4 0
38 Default WebVPN homepage(4172) 0 0x00007fff351ce016 ** Unresolved Attribute **
39 IKE Client Type and Version Limiting policy rules(4173) 0 0x00007fff351ce017 ** Unresolved Attribute **
40 Application Access Name(4175) 18 "Application Access"
41 IE-Proxy-Server(4176) 0 0x00007fff351ce02b ** Unresolved Attribute **
42 IE-Proxy-Server-Method(4177) 4 1
43 IE-Proxy-Server-Exceptions(4178) 0 0x00007fff351ce030 ** Unresolved Attribute **
44 IE-Proxy-Server-Bypass-Local(4179) 4 0
45 The tunnel group that tunnel must be associated with(4181) 0 0x00007fff351ce035 ** Unresolved Attribute **
46 Indicates whether or not PFS is required for IPSec(4184) 4 0
47 NAC Enable/Disable(4185) 4 0
48 NAC Status Query Timer(4186) 4 300
49 NAC Revalidation Timer(4187) 4 36000
50 NAC Default ACL(4188) 8 ""
51 WebVPN URL Entry enable(4189) 4 0
52 WebVPN File Server Entry enable(4191) 4 0
53 WebVPN File Server Browsing enable(4192) 4 0
54 WebVPN Port Forwarding enable(4193) 4 0
55 WebVPN Port Forwarding Exchange Proxy enable(4194) 4 0
56 WebVPN Port Forwarding HTTP Proxy enable(4195) 4 0
57 WebVPN SVC enable(4199) 4 0
58 WebVPN SVC Required enable(4200) 4 0
59 WebVPN SVC Keep enable(4201) 4 0
60 WebVPN SVC Keepalive interval(4203) 4 20
61 WebVPN SVC Client DPD period(4204) 4 30
62 WebVPN SVC Gateway DPD period(4205) 4 30
63 WebVPN SVC Rekey period(4206) 4 0
64 WebVPN SVC Rekey method(4207) 4 0
65 WebVPN SVC Compression(4208) 4 2
66 WebVPN Customization(4209) 0 0x00007fff351ce08a ** Unresolved Attribute **
67 Single Sign On Server Name(4210) 0 0x00007fff351ce08b ** Unresolved Attribute **
68 WebVPN SVC Firewall Rule(4211) 17 "private#,public#,"
69 WebVPN Deny message(4212) 180 "Login was successful, but because certain criteria ha"
70 WebVPN SVC DTLS Compression(4213) 4 2
71 HTTP compression method(4216) 4 0
72 Maximum object size to ignore for updating the session timer(4217) 4 4
73 Extended Authentication-On-Rekey(4218) 4 0
74 WebVPN SVC DTLS enable(4219) 4 1
75 WebVPN SVC MTU(4221) 4 1406
76 CIFS hidden shares(4222) 4 0
77 CVC-Modules(4223) 20 "dart,vpngina,posture"
78 CVC-Profile(4224) 15 "IPSEC_VPN#user,"
79 CVC-IKE-Retry-Timeout(4225) 4 10
80 CVC-IKE-Retry-Count(4226) 4 3
81 CVC-Ask(4227) 4 2
82 CVC-Ask-Timeout(4228) 4 0
83 IE-Proxy-Pac-URL(4229) 0 0x00007fff351ce1a4 ** Unresolved Attribute **
84 IE-Proxy-Lockdown(4230) 4 1
85 WebVPN Smart Tunnel(4232) 0 0x00007fff351ce1a9 ** Unresolved Attribute **
86 WebVPN ActiveX Relay(4233) 4 1
87 WebVPN Smart Tunnel Auto Download enable(4234) 4 0
88 WebVPN Smart Tunnel Auto Sign On enable(4235) 0 0x00007fff351ce1b2 ** Unresolved Attribute **
89 VLAN ID(4236) 4 0
90 NAC Settings(4237) 0 0x00007fff351ce1b7 ** Unresolved Attribute **
91 MemberOf(4241) 0 0x00007fff351ce1b8 ** Unresolved Attribute **
92 WebVPN Idle timeout alert interval(4244) 4 1
93 WebVPN Session timeout alert interval(4245) 4 1
94 Maximum object size for download(4253) 4 2147483647
95 Maximum object size for upload(4254) 4 2147483647
96 Maximum object size for post(4255) 4 2147483647
97 User storage(4256) 0 0x00007fff351ce1cd ** Unresolved Attribute **
98 User storage objects(4257) 19 "cookies,credentials"
99 User storage shared key(4258) 0 0x00007fff351ce1e2 ** Unresolved Attribute **
100 VDI configuration(4259) 0 0x00007fff351ce1e3 ** Unresolved Attribute **
101 NAC Exception List(4312) 4 0
102 List of address pools to assign addresses from(4313) 0 0x00007fff351ce1e8 ** Unresolved Attribute **
103 List of IPv6 address pools to assign addresses from(4314) 0 0x00007fff351ce1e9 ** Unresolved Attribute **
104 IPv6 filter-id(4315) 8 ""
105 WebVPN Unix user ID(4317) 4 65534
106 WebVPN Unix group ID(4318) 4 65534
107 Disconnect VPN tunnel when a Smartcard is removed(4321) 4 1
108 WebVPN Smart Tunnel Tunnel Policy(4323) 0 0x00007fff351ce1fe ** Unresolved Attribute **
109 Disable Always-On VPN(4325) 4 1
110 SVC ignore DF bit(4326) 4 0
111 SVC client routing/filtering ignore(4327) 4 0
112 Configure the behaviour of DNS queries by the client when Split tunneling is enabled(4328) 4 0
113 Client Bypass Protocol(4331) 4 0
114 IPv6-Split-Tunneling-Policy(4332) 4 0
115 Gateway FQDN(4333) 0 0x00007fff351ce217 ** Unresolved Attribute **
116 CA URL for SCEP enrollment(20530) 0 0x00007fff351ce218 ** Unresolved Attribute **
Auth Status = ACCEPT
AAA API: In aaa_close
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 3
In aaai_close_session (3)
Thanks, -
Poor network performanc​e Pavilion 500
Has anyone ran into and solved an ethernet performance issue on the HP Pavillion 500 (500-047cb) where the nic is unable to acheive speeds of 20MB/sec or higher? The max download performance of my current card is in 5MB range.
The same computer gets 16MB/sec (downloads) running wifi. Other computers on the same network get more than 25MB/sec. Maybe its a driver or OS related issue because the last speed test had a download speed that was lower than the upload speed. Any ideas?Hello @pops10009,
Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums I would like to direct your attention to the HP Forums Guide First Time Here? Learn How to Post and More.
I understand that you are not getting the speed out of your wireless that you should on your HP computer. There could be an issue with your Wifi Adapter. I could be corrupt or not as update to date as it should. To ensure this is not the case follow the steps below:
These steps are for computers running Windows 8 or Windows 8.1.
First we need to determine what your product number is. You can do this by following the HP Support document that pertains to your computer type
Notebook - How Do I Find My Model Number or Product Number?
All-In-One - How Do I Find My Model Number or Product Number?
Desktop - How Do I Find My Model Number or Product Number?
Once you have your product number you can use it at HP's Drivers & Downloads page. You should see your computer listed click on it and you will be brought to your computer's drivers page. Select your operating system from the drop-down box. If you are unsure as to what operating system you are running or what version it is you can use Which Windows operating system am I running? to determine what your operating system is and Is the Windows Version on My Computer 32-bit or 64-bit? to determine what version the operating system is. Once you have your operating system selected click 'Next' and scroll down you will see Driver - Network. Click on Driver - Network and you will see your Wireless driver. Download and save it to your Desktop or a location you will remember on your computer.
Now that you have your wireless driver downloaded follow the instructions I have set out below:
Step 1. At the Tiles Menu type "device manager"
Step 2. Click on Device Manager
Step 3. Click on Network Adapters
Step 4. Right-click on your Wireless Adapter and select Uninstall
***Ensure you delete the driver when the option is presented
Step 5. Go to the wireless drivers you downloaded earlier and install them
Step 6. Restart your computer
Next we are going to check to see what is using your internet. There are a variety of applications that will connect themselves to your internet slowing you down without notifying you. There is a simple way of seeing what applications are connected slowing you down. To do this follow the instructions below:
Step 1. At the Tiles Menu type "command prompt"
Step 2. Right-click on Command Prompt
Step 3. Click on "Run as administrator"
Step 4. Type "netstat –b 5 > activity.txt" and hit Enter
***Be patient while the computer creates a file on your computer
Step 5. Close down the Command Prompt
Step 6. At the Tiles Menu type "activity.txt"
Step 7. Click on activity.txt
Step 7. Review activity.txt thoroughly
Step 8. If you see applications that do not need to be running you can close them down.
If you do not know how to close out applications running in Windows 8 follow the instructions I have set out below:
Step 1. Press Alt+Tab simultaneously and hold them down
***A window will pop up with all the apps, and their icons, that are running on your PC.
Step 2. Guide your mouse over the icons
Step 3. Right click on the icon representing the application you wish to close
Step 4. Click “Close”
Next we are going to look for Processes that are using your internet that may be slowing you down. Once again follow the steps I have set out below:
Step 1. Right click your Taskbar
Step 2. Click Start Task Manager
Step 3. Click on the Networking tab
*** Processes consuming internet speed are shown here
Step 4. Under the Network Utilization column you will see processes with a higher percentage of network usage
*** Processes you do not need can be closed by looking them up in the Processes tab
Step 5. Select the process in the Process Tab you wish to close
Step 6. Click End Process
Next we are going to clear the cache, cookies and browser history. I have again set out some steps below to follow:
Step 1. At the Tiles Menu type "internet options"
Step 2. Click on Internet Options
Step 3. On General tab click the Browsing history section
Step 4. Click Settings
Step 5. On Temporary Internet Files tab of Website Data Settings window, type 0 as Disk space to use
Step 6. Click to the History tab, and specify a minimum number of days to keep pages in history
Step 7. Click on Caches and databases tab, uncheck Allow website caches and databases
***You can also reduce the cache file size in MBs to notify yourself
Next is a nifty feature where by default your system will wait for your data packets will fill up and then send them over your network this is called the Nagle-Algorithim and it can be disabled by following the steps below:
Step 1. Back up your registry by following the HP Support document: Backing Up, Editing, and Restoring the Windows Registry (Windows 8)
Step 2. At the Tiles Menu type "registry editor"
Step 3. Click on Registry Editor
Step 4. on the left pane expand your way through HKEY_LOCAL_MACHINE until you locate "SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces"
Step 5. Right-click the empty place
Step 6. Click New to create two DWORD Values
Step 7. Rename these values as ‘TcpAckFrequency’ and ‘TCPNoDelay’
Step 8. Double-click both the entries to Modify
Step 9. Put 1 as their Value data to activate them
Step 10 Click OK to save your changes
Step 10. Close Registry Editor
Step 11. Restart your Computer
Next we are going to clear/flush your DNS cache. You can do this by follow once again the steps I have set out below:
Step 1. At the Tiles Menu type "command prompt"
Step 2. Click on "Run as administrator"
Step 3. Type "ipconfig /flushdns" and hit Enter
***You will know you are successful if you see a message stating “successfully flushed the DNS Resolver Cache.”
The next thing we are going to do is disable global auto-tuning as if this is not working correctly you can experience slow internet speeds. To disable the global auto-tuning follow the steps below:
Global Auto-Tuning is related with the data transfer for HTTP traffics. You might be experiencing slowed Wi-Fi internet problem if the Auto-Tuning feature is not working properly. Simply disable it as follows:
Step 1. At the Tiles Menu type "command prompt"
Step 2. Right-click on Command Prompt
Step 3. Click on "Run as administrator"
Step 4. Type " cd C:\Windows\System32 netsh interface tcp set global autotuning=disabled" and hit Enter
Step 5. Type "netsh interface tcp show global" and hit Enter
***Does it show Auto-Tuning is disabled? If yes, you have performed everything properly. Otherwise, you need to check-out the commands you have written and try again.
Another part of Windows that can make your WiFi slow is the remote differential compression api. the remote differential compression api is is a client–server synchronization algorithm that allows the contents of two files to be synchronized by communicating only the differences between them. To uninstall this as it is not needed simply follow the steps below:
Step 1. At the Tiles Menu type "programs and features"
Step 2. Click on Programs and Features
Step 3. Click Turn Windows Features On or Off under Programs and Features
Step 4. Uncheck the box named Remote Differential Compression API Support
Step 5. Click OK
The final set that you can do is ONLY AVAILABLE ON WINDOWS 8 PROFESSIONAL AND WINDOWS 8 ULTIMATE EDITIONS as it requires the Local Group Policy Editor. What this steps does is alter the reservable bandwith in Windows 8. What this does is reserve bandwidth for multiple users and so there is bandwidth set aside that is not being used and can be. Additionally the packet scheduler reserves 20% of yoru bandwith by default even if it is disabled. This can be reduced to 0 by following the steps below:
Step 1. At the Tiles Menu type " gpedit.msc"
Step 2. Right click the search result and choose to Run as administrator
Step 3. Click on the QoS Packet Scheduler
Step 4. Navigate to Computer Configuration \ Administrative Templates \ Network \ QoS Packet Scheduler
Step 5. Double click Limit Reservable Bandwidth
Step 6. Click to Enable it
Step 7. In the Options section next to Bandwidth limit (%) reduce the number to 0
Step 8. Click OK
Step 9. Close down Local Group Policy Editor
If you have followed the steps I have set out in this post your internet speed in Windows 8 should have improved. Thank you for your time and have a great day!
Please click the "Thumbs Up" on the bottom right of this post to say thank you if you appreciate the support I provide!
Also be sure to mark my post as “Accept as Solution" if you feel my post solved your issue, it will help others who face the same challenge find the same solution.
Dunidar
I work on behalf of HP
Find out a bit more about me by checking out my profile!
"Customers don’t expect you to be perfect. They do expect you to fix things when they go wrong." ~ Donald Porter -
How to get a sub tag in xml file
As the xml file is the below thing ------
<?xml version="1.0" encoding="UTF-8"?>
<addRequest xmlns:spml="urn:oasis:names:tc:SPML:2:0">
<data>
<attributes>
<attr name="Objectclass">
<value>SafePolicy</value>
</attr>
<attr name="name">
<value>NewPolicy</value>
</attr>
<attr name="Resource">
<value>NewResourceclass</value>
</attr>
<attr name="Description">
<value>This is a New AccessPolicy</value>
</attr>
</attributes>
</data>
</addRequest>
The Schema has only the data and i was able to get the data object and the data can contain any namespace ,so i had the attributes and which inturn contain the attr and value .I have to get the Attributes , so that i can get the attr(name) and value pairs.Initially i did the unmarshal stuff and got until data but giving an error when i try to obtain the other tags .Can any body send the code for obtaining that by using the unmarshalling concept please.I need it .
Thank you,Thank you,
As i was trying to obtain the input to UI from an xml file by which the axis converts to java objects and inturn have to get the reply as xml file . The error was in the jar files ,when i loaded the jar files another time my code started working. -
MS AD in SAP EP SP12 (groups are found but not users)
Hi,
I have a problem with configuring MS AD for SAP EP SP12 (6.40). At the moment, in the portal I cannot logon with my AD users, but I can search for groups in AD. I've tried various different .xml config files, but now I am using the same settings as I did with an existing working SP2 portal.
I've looked at the documentation in http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
and if I use the config tool->UME LDAP Data <b>both the connection test and the authentication test works with my samaccountname. </b>
When I trace the authentication test I see the following packets:
1. BIND as my user defined in the settings
2. BIND successful
3. Search with BASEDN: OU=PEOPLE,DC=COMPANY,DC=NET
Filter: (&(objectclass=User)(samaccountname=dapa))
Attribute: objectclass
4. Response to search, found user
Distinguised name: CN=Dagfinn Parnas,OU=Stavanger,OU=PEOPLE,DC=COMPANY,DC=NET
Attribute: objectClass
Value:top
Value: person
Value: organizationalPerson
Value: user
5. Bind request with DN: CN=Dagfinn Parnas,OU=Stavanger,OU=PEOPLE,DC=COMPANY,DC=NET and my password
6. Bind successful
When I try to login to the portal, I can see the portal communicates with the AD server and sends the following packets:
1. 1. BIND as my user defined in the settings
2. BIND successful
3. Search with BASEDN: OU=PEOPLE,DC=COMPANY,DC=NET
Filter: (&(objectclass=User)(samaccountname=dapa))
Attribute: cn
Attribute: description
Attribute: uid
4. Response to search, found user
Distinguised name: CN=Dagfinn Parnas,OU=Stavanger,OU=PEOPLE,DC=COMPANY,DC=NET
Attribute: cn
Value: Dagfinn Parnas
5. No more traffic
So it seems that it finds the correct user, but the portal doesn't do a bind against AD with this user and log me on to the portal afterwards.
<b>Could the problem be that only the cn attribute is sent back (not the description and uid which I asked for as well)?</b>
I tried setting mapping the uniquename to cn also(as described in http://help.sap.com/saphelp_erp2004/helpdata/en/1a/2bee408a63732ae10000000a155106/content.htm), but to no avail.
Some snippets from my config file
[code]
<principal type="account">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="j_user">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="fax"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="null"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephone"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetadress">
<physicalAttribute name="postaladdress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
<attribute name="preferredlanguage">
<physicalAttribute name="preferredlanguage"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="memberof"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
[/code]Got it working by clicking twice the checkbox in front of the field "Use UME Unique with LDAP unique".
This updated the value from uid to samaccountname (which it should have read from the config xml file allready) -
How to configure SOA Suite 11g Worklist with LDAP Identity Store
Hi
Im trying to configure the worklistapp to use an ldap identity store (SOA Suite 11g)
The ldap is a open source ldap (Open DS in this case), is NOT : OID, OVD, Active Directory, WLS OVD, IPlanet.
for doing so, i did the next configurations:
workflow-identity-config.xml
<configuration realmName="realm1">
<provider providerType="JPS" name="JpsProvider" service="Identity">
<property name="jpsContextName" value="worklist" />
</provider>
</configuration>
jps-config.xml
<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" schema-major-version="11" schema-minor-version="1">
<!-- This property is for jaas mode. Possible values are "off", "doas" and "doasprivileged" -->
<property name="oracle.security.jps.jaas.mode" value="off"/>
<property name="custom.provider" value="true"/>
<serviceProviders>
<serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider">
<description>LDAP-based IdentityStore Provider</description>
</serviceProvider>
</serviceProviders>
<serviceInstances>
<serviceInstance name="idstore.ldap.opends" provider="idstore.ldap.provider">
<property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<property name="idstore.type" value="CUSTOM"/>
<property name="ldap.url" value="ldap://host:port"/>
<property name="subscriber.name" value="dc=company,dc=com"/>
<property name="search.type" value="SIMPLE"/>
<property name="security.principal" value="cn=adminuser,dc=company,dc=com"/>
<property name="security.credential" value="!adminuser_password"/>
<property name="user.login.attr" value="cn"/>
<property name="username.attr" value="cn"/>
<property name="groupname.attr" value="cn"/>
<extendedProperty>
<name>group.mandatory.attrs</name>
<values>
<value>cn</value>
<value>objectClass</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.object.classes</name>
<values>
<value>top</value>
<value>groupOfUniqueNames</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.filter.object.classes</name>
<values>
<value>groupOfUniqueNames</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.member.attrs</name>
<values>
<value>uniqueMember</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.search.bases</name>
<values>
<value>o=groups,dc=company,dc=com</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.mandatory.attrs</name>
<values>
<value>cn</value>
<value>objectClass</value>
<value>sn</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.object.classes</name>
<values>
<value>organizationalPerson</value>
<value>person</value>
<value>inetOrgPerson</value>
<value>top</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.filter.object.classes</name>
<values>
<value>inetOrgPerson</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.search.bases</name>
<values>
<value>o=users,dc=company,dc=com</value>
</values>
</extendedProperty>
</serviceInstance>
</serviceInstances>
<jpsContexts default="default">
<jpsContext name="worklist">
<serviceInstanceRef ref="credstore"/>
<serviceInstanceRef ref="keystore"/>
<serviceInstanceRef ref="policystore.xml"/>
<serviceInstanceRef ref="audit"/>
<serviceInstanceRef ref="idstore.ldap.opends"/>
</jpsContext>
</jpsContexts>
</jpsConfig>
but i get the error:
Jul 2, 2009 12:52:40 PM oracle.security.jps.internal.idstore.util.IdentityStoreUtil getIdentityStoreFactory
WARNING: The identity store factory name is not configured.
Jul 2, 2009 12:52:40 PM oracle.bpel.services.common.ServicesLogger __logException
SEVERE: <.> Error in authenticating user.
Error in authenticating and creating a workflow context for user realm1/user1.
Verify that the user credentials and identity service configurations are correct.
ORABPEL-30501
Error in authenticating user.
Error in authenticating and creating a workflow context for user sigfe.com/user1.
Verify that the user credentials and identity service configurations are correct.
at oracle.bpel.services.workflow.verification.impl.VerificationService.authenticateUser(VerificationService.java:603)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
So, anyone knows how i can specify the identity store factory?
or the correct parameters for a ldap identity store repository?
I used the 11G documentation for the security file :
http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/jpsprops.htm
thanksI am having exactly the same issue. Once I configure jps-config.xml file to use my custom authenticator and login into the worklist app, the following gets thrown. I was wondering if you need map some roles to the existing users in the Custom Authenticator.
Exception
exception.70692.type: error
exception.70692.severity: 2
exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present. -
LDAP Authentcation on Cisco ASA 8.2(1)
Dear Security Experts,
i am facing an issue while trying to configure LDAP integration on Cisco ASA firewall. The requirement is allow the remote access VPN to specific group defined on AD. When i checked the debug logs " debug ldap 255" , it shows that the authenication is sucessfull with the LDAP server , but the ldap attribute is not getting mapped and because of this reason , the tunnel-group default group policy of "NOACCESS" is getting applied ( vpn simultanous set to zero) that results zero connection.
I confirmed this by changing the value of NOACCESS from zero to one and found that the VPN is getting connected
The name of user account is testvendor that belongs to the group of Test-vendor.
Could you kindly advice me what i am missing in this configuration.Highy appreciated the help on this .
The configuration and debug output is shown below.
SHOW RUN
ldap attribute-map ABC-VENDOR
map-name memberOf Group-Policy
map-value memberOf CN=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local Allow-Vendor
aaa-server ldapvend protocol ldap
aaa-server ldapvend (INSIDE) host 10.1.141.7
ldap-base-dn DC=abc,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn CN=ldapvpn,OU=ServiceAccounts,OU=Abc,DC=abc,DC=local
server-type microsoft
ldap attribute-map ABC-VENDOR
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
group-policy Allow-Vendor internal
group-policy Allow-Vendor attributes
vpn-simultaneous-logins 10
vpn-tunnel-protocol IPSec
dns-server value 10.1.141.7
default-domain value abc.org
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_acl
tunnel-group ABC-AD-VENDOR type remote-access
tunnel-group ABC-AD-VENDOR general-attributes
address-pool vendor_pool
authentication-server-group ldapvend
default-group-policy NOACCESS
tunnel-group ABC-AD-VENDOR ipsec-attributes
pre-shared-key *
Note : I tried the below map-value under the ldap attribute ABC-VENDOR as part of troubleshooting
map-value memberOf CN=Test-vendors,CN=Users,OU=Abc,DC=abc,DC=local Allow-Vendor
map-value memberOf CN=Test-vendors,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local Allow-Vendor
map-value memberOf CN=testvendor,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local Allow-Vendor
DEBUG LDAP 255
[454095] Session Start
[454095] New request Session, context 0xb1f296b0, reqType = Authentication
[454095] Fiber started
[454095] Creating LDAP context with uri=ldap://10.1.141.7:389
[454095] Connect to LDAP server: ldap://10.1.141.7:389, status = Successful
[454095] supportedLDAPVersion: value = 3
[454095] supportedLDAPVersion: value = 2
[454095] Binding as ldapvpn
[454095] Performing Simple authentication for ldapvpn to 10.1.141.7
[454095] LDAP Search:
Base DN = [DC=abc,DC=local]
Filter = [sAMAccountName=testvendor]
Scope = [SUBTREE]
[454095] User DN = [CN=testvendor,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local]
[454095] Talking to Active Directory server 10.1.141.7
[454095] Reading password policy for testvendor, dn:CN=testvendor,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local
[454095] Read bad password count 0
[454095] Binding as testvendor
[454095] Performing Simple authentication for testvendor to 10.1.141.7
[454095] Processing LDAP response for user testvendor
[454095] Message (testvendor):
[454095] Checking password policy
[454095] Authentication successful for testvendor to 10.1.141.7
[454095] Retrieved User Attributes:
[454095] objectClass: value = top
[454095] objectClass: value = person
[454095] objectClass: value = organizationalPerson
[454095] objectClass: value = user
[454095] cn: value = testvendor
[454095] givenName: value = testvendor
[454095] distinguishedName: value = CN=testvendor,OU=Test-vendors,OU=Users,OU=Abc,DC=abc,DC=local
[454095] instanceType: value = 4
[454095] whenCreated: value = 20111019133739.0Z
[454095] whenChanged: value = 20111030135415.0Z
[454095] displayName: value = testvendor
[454095] uSNCreated: value = 20258545
[454095] uSNChanged: value = 20899179
[454095] name: value = testvendor
[454095] objectGUID: value = ).u>.v.H.6>..u.Z
[454095] userAccountControl: value = 66048
[454095] badPwdCount: value = 0
[454095] codePage: value = 0
[454095] countryCode: value = 0
[454095] badPasswordTime: value = 129644550477428806
[454095] lastLogoff: value = 0
[454095] lastLogon: value = 129644551251183846
[454095] pwdLastSet: value = 129635050595360564
[454095] primaryGroupID: value = 513
[454095] userParameters: value = m: d.
[454095] objectSid: value = ...............n."J.h.0.....
[454095] accountExpires: value = 9223372036854775807
[454095] logonCount: value = 0
[454095] sAMAccountName: value = testvendor
[454095] sAMAccountType: value = 805306368
[454095] userPrincipalName: value = [email protected]
[454095] objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=abc,DC=local
[454095] msNPAllowDialin: value = TRUE
[454095] dSCorePropagationData: value = 20111026081253.0Z
[454095] dSCorePropagationData: value = 20111026080938.0Z
[454095] dSCorePropagationData: value = 16010101000417.0Z
[454095] lastLogonTimestamp: value = 129638228546025674
[454095] Fiber exit Tx=719 bytes Rx=2851 bytes, status=1
[454095] Session EndThankyou Jennifer for the responds.
Could you please help me on how to enable "memberOf" attribute on AD to be pushed to ASA for the OU matching.
i have already set the "Remote Dialin" property of user account name "testvendor" in AD as "Allow Access" .It can be shown in the debug output as below.
[454095] sAMAccountName: value = testvendor
[454095] sAMAccountType: value = 805306368
[454095] userPrincipalName: value = [email protected]
[454095] objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=abc,DC=local
[454095] msNPAllowDialin: value = TRUE
[454095] dSCorePropagationData: value = 20111026081253.0Z
[454095] dSCorePropagationData: value = 20111026080938.0Z
[454095] dSCorePropagationData: value = 16010101000417.0Z
Is their any other settings that i need to do it on AD ?
Kindly advice
Regards
Shiji -
ASA 8.2.5 LDAP authentication by memberof doesn't always work
I've configured LDAP authentication to allow access if members are a member of the "VPN_Users" Group. This configuration is working, but only for some users. For other users it isn't. The output of the 'debug ldap 255' shows an output of memberOf for the users that it's working for, but shows nothing for users it's not working for. I've not been able to figure out any connection or differences that are the same between those users that work and those that don't. Any idea on what might be causing this problem? Both working and non-working users will authenticate, its just some of them don't pull the memberof data in the ldap query.
Config:
aaa-server AD protocol ldap
aaa-server AD (inside) host btfs2
ldap-base-dn dc=localdomain,dc=com
ldap-scope subtree
ldap-naming-attribute samAccountName
ldap-login-password *****
ldap-login-dn [email protected]
server-type microsoft
ldap-attribute-map VPNGroup
ldap attribute-map VPNGroup
map-name memberOf IETF-Radius-Class
map-value memberOf "CN=VPN_Users,OU=Security Groups,OU=Company OU,DC=localdomain,DC=com" btvpn
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol IPSec svc
webvpn
svc ask none default svc
group-policy btvpn internal
group-policy btvpn attributes
banner value This is a private data network. All connections are logged and are subject to
banner value monitoring. Unauthorized access is prohibited and will be prosecuted.
dns-server value 10.0.0.x 10.0.0.y
vpn-simultaneous-logins 10
vpn-tunnel-protocol IPSec l2tp-ipsec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittun
default-domain value localdomain.com
webvpn
svc keep-installer installed
svc rekey time 120
svc rekey method ssl
svc ask enable default svc
tunnel-group btvpn type remote-access
tunnel-group btvpn general-attributes
address-pool vpnpool
authentication-server-group AD LOCAL
default-group-policy NOACCESS
tunnel-group btvpn webvpn-attributes
group-alias webvpn enable
tunnel-group btvpn ipsec-attributes
pre-shared-key *****
Non-working user:
[1575] Session Start
[1575] New request Session, context 0xd7fbf210, reqType = Authentication
[1575] Fiber started
[1575] Creating LDAP context with uri=ldap://10.0.0.x:389
[1575] Connect to LDAP server: ldap://10.0.0.x:389, status = Successful
[1575] supportedLDAPVersion: value = 3
[1575] supportedLDAPVersion: value = 2
[1575] Binding as [email protected]
[1575] Performing Simple authentication for [email protected] to 10.0.0.x
[1575] LDAP Search:
Base DN = [dc=localdomain,dc=com]
Filter = [samAccountName=cmcbride]
Scope = [SUBTREE]
[1575] User DN = [CN=Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=com]
[1575] Talking to Active Directory server 10.0.0.x
[1575] Reading password policy for cmcbride, dn:CN=Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=com
[1575] Binding as cmcbride
[1575] Performing Simple authentication for cmcbride to 10.0.0.x
[1575] Processing LDAP response for user cmcbride
[1575] Message (cmcbride):
[1575] Authentication successful for cmcbride to 10.0.0.x
[1575] Retrieved User Attributes:
[1575] objectClass: value = top
[1575] objectClass: value = person
[1575] objectClass: value = organizationalPerson
[1575] objectClass: value = user
[1575] cn: value = Chris McBride
[1575] sn: value = McBride
[1575] l: value = Tulsa
[1575] description: value = cmcbride non-admin test account
[1575] givenName: value = Chris
[1575] distinguishedName: value = CN=Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=co
[1575] displayName: value = Chris McBride
[1575] name: value = Chris McBride
[1575] objectGUID: value = ....5..L...[..K.
[1575] codePage: value = 0
[1575] countryCode: value = 0
[1575] primaryGroupID: value = 513
[1575] objectSid: value = ...............1...{C..2....
[1575] sAMAccountName: value = cmcbride
[1575] sAMAccountType: value = 805306368
[1575] userPrincipalName: value = [email protected]
[1575] objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=localdomain,DC=com
[1575] Fiber exit Tx=616 bytes Rx=2007 bytes, status=1
[1575] Session End
Working user:
[1585] Session Start
[1585] New request Session, context 0xd7fbf210, reqType = Authentication
[1585] Fiber started
[1585] Creating LDAP context with uri=ldap://10.0.0.x:389
[1585] Connect to LDAP server: ldap://10.0.0.x:389, status = Successful
[1585] supportedLDAPVersion: value = 3
[1585] supportedLDAPVersion: value = 2
[1585] Binding as [email protected]
[1585] Performing Simple authentication for [email protected] to 10.0.0.x
[1585] LDAP Search:
Base DN = [dc=localdomain,dc=com]
Filter = [samAccountName=cmcbride_a]
Scope = [SUBTREE]
[1585] User DN = [CN=Admin Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=com]
[1585] Talking to Active Directory server 10.0.0.x
[1585] Reading password policy for cmcbride_a, dn:CN=Admin Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=com
[1585] Read bad password count 0
[1585] Binding as cmcbride_a
[1585] Performing Simple authentication for cmcbride_a to 10.0.0.x
[1585] Processing LDAP response for user cmcbride_a
[1585] Message (cmcbride_a):
[1585] Authentication successful for cmcbride_a to 10.0.0.x
[1585] Retrieved User Attributes:
[1585] objectClass: value = top
[1585] objectClass: value = person
[1585] objectClass: value = organizationalPerson
[1585] objectClass: value = user
[1585] cn: value = Admin Chris McBride
[1585] sn: value = McBride
[1585] description: value = PTC User, cjm 05312011
[1585] givenName: value = Chris
[1585] distinguishedName: value = CN=Admin Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain
[1585] instanceType: value = 4
[1585] whenCreated: value = 20110525173004.0Z
[1585] whenChanged: value = 20110619154158.0Z
[1585] displayName: value = Admin Chris McBride
[1585] uSNCreated: value = 6188062
[1585] memberOf: value = CN=VPN_Users,OU=Security Groups,OU=Company OU,DC=localdomain,DC=com
[1585] mapped to IETF-Radius-Class: value = btvpn
[1585] mapped to LDAP-Class: value = btvpn
[1585] memberOf: value = CN=Websense Filtered Group,OU=Distribution Groups,OU=Company OU,DC=baer-t
[1585] mapped to IETF-Radius-Class: value = CN=Websense Filtered Group,OU=Distribution Groups,OU=Company OU,DC=localdomain,DC=com
[1585] mapped to LDAP-Class: value = CN=Websense Filtered Group,OU=Distribution Groups,OU=Company OU,DC=localdomain,DC=com
[1585] memberOf: value = CN=TS_Sec_Admin,OU=Terminal Server 2003,DC=localdomain,DC=com
[1585] mapped to IETF-Radius-Class: value = CN=TS_Sec_Admin,OU=Terminal Server 2003,DC=localdomain,DC=com
[1585] mapped to LDAP-Class: value = CN=TS_Sec_Admin,OU=Terminal Server 2003,DC=localdomain,DC=com
[1585] memberOf: value = CN=Domain Admins,CN=Users,DC=localdomain,DC=com
[1585] mapped to IETF-Radius-Class: value = CN=Domain Admins,CN=Users,DC=localdomain,DC=com
[1585] mapped to LDAP-Class: value = CN=Domain Admins,CN=Users,DC=localdomain,DC=com
[1585] memberOf: value = CN=Enterprise Admins,CN=Users,DC=localdomain,DC=com
[1585] mapped to IETF-Radius-Class: value = CN=Enterprise Admins,CN=Users,DC=localdomain,DC=com
[1585] mapped to LDAP-Class: value = CN=Enterprise Admins,CN=Users,DC=localdomain,DC=com
[1585] memberOf: value = CN=Schema Admins,CN=Users,DC=localdomain,DC=com
[1585] mapped to IETF-Radius-Class: value = CN=Schema Admins,CN=Users,DC=localdomain,DC=com
[1585] mapped to LDAP-Class: value = CN=Schema Admins,CN=Users,DC=localdomain,DC=com
[1585] uSNChanged: value = 6560745
[1585] name: value = Admin Chris McBride
[1585] objectGUID: value = ..Kj4..E..c.VCHT
[1585] userAccountControl: value = 512
[1585] badPwdCount: value = 0
[1585] codePage: value = 0
[1585] countryCode: value = 0
[1585] badPasswordTime: value = 129531669834218721
[1585] lastLogoff: value = 0
[1585] lastLogon: value = 129532463799841621
[1585] scriptPath: value = SLOGIC.BAT
[1585] pwdLastSet: value = 129508182041981337
[1585] primaryGroupID: value = 513
[1585] objectSid: value = ...............1...{C..2. ..
[1585] adminCount: value = 1
[1585] accountExpires: value = 9223372036854775807
[1585] logonCount: value = 90
[1585] sAMAccountName: value = cmcbride_a
[1585] sAMAccountType: value = 805306368
[1585] userPrincipalName: value = [email protected]
[1585] objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=localdomain,DC=com
[1585] dSCorePropagationData: value = 20110525174152.0Z
[1585] dSCorePropagationData: value = 16010101000000.0Z
[1585] lastLogonTimestamp: value = 129529717185508866
[1585] msTSExpireDate: value = 20110803160858.0Z
[1585] msTSLicenseVersion: value = 393216
[1585] msTSManagingLS: value = 92573-029-5868087-27549
[1585] Fiber exit Tx=633 bytes Rx=3420 bytes, status=1
[1585] Session EndAs far as your configuration is concerned it looks perfectly fine. As you mentioned that the difference between the working and non working debugs is that in the non working debugs we do not see memberof attribute being retrieved.
the main reason could be that the username "[email protected]" with which you are performing the LDAP bind does not have sufficient privileges to retreive all the attributes from all the users in the AD. This looks like permission issue at the AD user level.
One thing you can try on the AD is to "Delegate Control" to this user ([email protected]) to "Read all properties" for all users and not just a subset of users. Please get in touch with AD Admin before making such a change on the AD.
Here is an external link just to give an idea about delegation of control to "Read all properties"
http://www.advproxy.net/ldapads.html -
Export to Excel not working after upgrade to IE10
I upgraded to Internet Explorer 10. In PWA Export to Excel does not export the data. It starts up Excel but the sheet is blank. Worked fine with IE9. How to fix?
Hi All,
Use the below workaround so that clicking the export button will work similarly to how it does with previous IE versions and such.
1. Open the Windows registry editor (regedit32.exe) and take a backup of the registry
2. Go the location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe
3. Here, you’ll see a string value named “useURL”
4. Rename this value to something else. For example “useURLx”
Post this change, you should be able to use the Export to Excel functionality. When you click the button, you’ll get a message from IE asking if you want to Open, Save or Save As the XLS file and you can choose Open. You’ll then see the “normal” prompt
within Excel about whether or not you want to open the file even though the contents don’t match the file extension.
Cheers! Happy troubleshooting !!! Dinesh S. Rai - MSFT Enterprise Project Management
Please click Mark As Answer; if a post solves your problem or Vote As Helpful if a post has been useful to you. This can be beneficial to other community members reading the thread.
Maybe you are looking for
-
Hi , We use the GOS in material transaction....(mm01, mm01,mm03 ) (material number have a photo ). Is there any FM or other way to display the photo...or get list of all the attachments of requested material . We want to display the photos in the ou
-
Possible? masking a car with windows | mask with lots of holes
hi all, newbie here. i am very fresh to motion and maybe its quite stupid for all expert here. my suitation is my company asked me to produce a series of animated video. which i perfered the adobe products, ie premier + after effect, but soon i found
-
REQUEST STATUS YELLOW WHILE MONITOR STATUS GREEN - BI7
Hellow, I try to load data with 0CO_OM_OPA_1, 0CO_OM_WBS_1 into Z cubes which are similar to the business content cubes 0OPA_C11 and 0WBS_C11 respectively. ETL is BW3.5 (transfer rule and update rules). When I look at the request in the monitor, I se
-
Screen flashes when i start need for speed carbon and flatout 2
hi... i have a macbok pro 15" mid 2012 with intel i7 4 gb ram intel hd graphics4000 384 mb 500 gb harddisk osx 10.8 when i run nfs carbon and faltout 2 my mac screen starts flashing rapidly.. anyone pls help
-
Screen Broke in Mini what will apple do for me?
WEll i just purchused an i pod mini in october, i still have the warrenty on it but my screen craked