Reportees search using embedded ldap provider
I am trying to use the embedded ldap server to find a person's reportees by using the inetorgperson attribute "manager". I have imported a number of users using an ldif file.
Here is my search:
Search DN: ou=people,ou=myrealm,DC=myproject
Filter: (&(objectclass=inetOrgPerson)(manager=uid=mgrID,ou=people,ou=myrealm,DC=myproject))
where mgrID is the name of the manager. This search returns no results. I do get results back if I remove the second condition of the filter, i.e. do:
objectclass=inetOrgPerson
Thus, I think the browser is connecting to the ldap server ok. I assume the manager search filter is not working because the manager attribute is not searchable? Is there any way to make it searchable? I couldn't find anything in the documentation about this.
Search filters are composed of attribute match requirements. For example, to construct a search filter to return all the entries in a directory that contain an attribute called uid with one value equal to testuser, the filter would be:
(uid = testuser)
Similar Messages
-
How to configure human workflow using embedded ldap in standalone weblogic
I am trying to use embedded ldap to select users for a human workflow. I have created an application server instance using soa server details but the realm field in human workflow remains empty.
Please let me know what would be right steps.Can you provide more details about the context of where this happens? Are you selecting users in the Organization editor in BPM studio? Is this on 11.1.1.3 or 11.1.1.4?
-
Can we detect the user first time he logs in ( appln uses embedded ldap )
Hi,
We are using weblogic embedded ldap for authentication in our application
The first time the user logs in to our applicaiton, we need to detect he is log-in the first time,
so take him to change password page.
Can we do like that ?
Regards,
Harsha
Edited by: harsha.karthigai on Aug 28, 2009 5:50 AMHi,
By default when you open a report it displays the report exactly as it was last saved. So even if you user views the report
drills down
then closes the report without saving
then views the report immediately
the report will open in its original state. There is no setting which can be amended to change this. It is possible to write your own viewer but that would be a significant piece of work
Regards
Alan -
Weblogic 9.2 Embedded LDAP Login denied!
Hi,
I am trying to put together users/ groups in the Embeded ldap for LDAP authentication. I saw in the embedded LDAP, the tree as
domainName->myrealm->groups,people etc by default.
Now, under the LDAP root domainName, I created a directory structure as:
domainName->myorg->groups,users.
In the weblogic console ( myrealm is the default security realm.)
under myrealm, I created LDAP Authentication Provider and gave all the LDAP provider specific info for searching etc.
I was able to see the users using the console screen.
Now in my Web Application, using the "FORM based Authentication"(using j_username etc) I tried to login.
I saw the AdminServer log:
--getDNForUser search("ou=people,ou=myrealm,dc=domainA", "(&(uid=ldapuser2)(objectclass=person))", base DN & below)
with the following exception:
--javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User ldapuser2 denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:191)
which means, Weblogic was trying to use the LDAP params which were pointing to 'myrealm'.
I was expecting weblogic to search as I specified in the provider:
"ou=users,ou=myorg,dc=domainA" rather than "ou=people,ou=myrealm,dc=domainA".
Remember I am using Embeded LDAP.
Please let me know whether what I am trying to achieve is something that Weblogic is capable of.
By the way, when I put my users under the 'myrealm' directory it does authenticate.
Please let me know
Thank you in advance.
AzimThese are the steps that I followed to connect weblogic 9.2 with LDAP Port 636(SSL Enabled) and it worked fine.
Steps for Installation of SSL
1. Modify the Provider Specific configuration in the Admin Console to use port 636 and ‘SSL Enabled’ (OR Modify config.xml)
<wls:port>636</wls:port>
<wls:ssl-enabled>true</wls:ssl-enabled>
2. Back up the D:\apps\bea\wls92\weblogic92\server\lib directory
3. Copy the certificate (xxxx.cer) to that directory
4. Import the certificate into the keystore:
5. D:\apps\bea\wls92\jrockit_150_12\bin\keytool -v -import -alias ldapcert -keystore DemoTrust.jks -file entrust_ssl_ca.cer -storepass DemoTrustKeyStorePassPhrase
6. Add the following parameter to the JAVA_OPTIONS in the start script (setDomainEnv.cmd):
a. -Dweblogic.security.SSL.allowSmallRSAExponent=true
7. Restart WebLogic (Admin) Server -
What's inside server_inst/ldap/ldapfiles/EmbeddedLDAP?
Is there anyway to refresh this file so it can clean all the old data?
This is the problem:
A role is not currently assigned to a user. But in the bean code, when this client
with the pricipal(username) access the bean, the "context.isCallerInRole" always
returns true. Searched the whole directory under bea with the "username", only
EmbeddedLDAP contains the name. But there is no configuration in the admin console
with this name.
THX.
-JohnYes, weblogic server is shipped with embedded ldap. This is the default ldap used with in the wls. You can configure new ldap servers as per need.
I am not sure if I understood this sentence "Can we connect this directly to jazn in adf application and oracle 11g database......... ?", but yes if you have your application deployed on wls, you can take advantage of using embedded ldap. This is the default authenticator if you have configured wls domain. -
How do I use Generic LDAP Authentication in JDeveloper?
I have an existing JSP/Java Servlet application that uses a generic LDAP server for user authentication. Each JSP page checks the user name against a database entry for authorization to that page (itâs a legacy app).
The following web.xml fragment describes the
security/login configuration:
<security-constraint>
<display-name>I Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>ALL</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>I</description>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>I Enterprise Server</realm-name>
</login-config>
I want to use JDeveloper and the built-in OC4J environment for development/debugging. I have tried configuring jazn.xml to use a LDAP provider (both in **\j2ee\home\config\ and **\jdev\system9.0.3.1035\oc4j-config\)
1) How do I configure the internal OC4J environment to use the generic LDAP service?
2) Does the JAZN LDAP only work with Oracle OID?
3) Is there a document or list-of-documents that consolidates the JDeveloper OC4J server administration functions? The existing OC4J administrative documentation is splattered about various web documents.
Thanks
JakeTodd,
This how-to may help answer some of your questions
http://otn.oracle.com/tech/java/oc4j/htdocs/how-to-jazn.html
If you have additional questions on configuring jazn.xml for LDAP and OiD, I think your best bet is post to 9iAS J2EE forum.
Thanks,
Yvonne -
URGENT : Add & Retrieve properties from Embedded LDAP in Weblogic 9.2
I am using Embedded LDAP WebLogic 9.2 and i followed the steps mentioned in the URL below.I have nt changed anything except Server URL which points to localhost:7001.
http://e-docs.bea.com/wlp/docs92/users/appendixa.html#wp1055363
Questions:
1)How to add additional attributes to embedded LDAP? (eg email, phone etc).
2)How to read those properties from embedded LDAP using WebLogic Portal API? Any code samples?
Any help is appreaciated.this problem is due to hard-coded user/pwd in installation scripts. Here are steps
1) open file AIA_HOME/Infrastructure/install/wlscripts/FPWLCommonConfig.xml
2) reach to target CreateStartupClasses
3) there are three java tasks for com.oracle.oems.weblogic.AQJMSPasswordUtility
4) in the task for oraesb, password is hardcoded as 'oraesb' in clear text.
5) this should be password of 'ORAESB' database user.
6) change this password value; and restart the installation.
Regards,
Vaibhav -
WLS 9.2.1 keeping huge no of opn Embedded LDAP connections
Hello All,
While using Embedded LDAP, we see a huge no of open LDAP connections through Admin console.
We checked the following options:
GroupMembershipSearching=limited
MaxGroupMembershipSearchLevel=5
But still the same issue persists.
Any idea?
/edAre all these sockets actually listening or are they waiting to be closed? You can use netstat -a to find the status of these LDAP sockets.
May be they are not being closed properly. -
WLS 9.2.1 embedded LDAP keeping huge open connection
Hello All,
While using Embedded LDAP, we see a huge no of open LDAP connections through Admin console.
We checked the following options:
GroupMembershipSearching=limited
MaxGroupMembershipSearchLevel=5
But still the same issue persists.
Any idea?
/edAre all these sockets actually listening or are they waiting to be closed? You can use netstat -a to find the status of these LDAP sockets.
May be they are not being closed properly. -
Urgent : How to create Manager and Reportee of a User in Embedded LDAP in W
Hi All,
I have created user in Weblogic Server Embdeed LDAP (Console-->SecurityRealm)
however how can I assign another user as Manager of this user and some other user as reportee of this user.
Basically how to create Manager and Reportee of a User in Embedded LDAP in Weblogic 10.3.5
ie I have a user A and user B created in Security Realm.
Now I want user A to be as Manager of User B so that when I use getManager() function in Human Task,I get A as Manager of B.
Thanks
Edited by: Vivek on 28 Sep, 2011 3:54 AMTo get an idea check these links.
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/aaa1a890-0201-0010-eb93-ae3d2bb74a78
BSP/HowTo - Customizing the design of System Logon page in NetWeaver '04
-Aman -
"ming qin" <[email protected]> wrote in message news:[email protected]..
I would like to have entries as users.There are a few issues that arise as the number of users increases. The
first is management
of all these users. Will you be able to load/update/manage all of the users
via the WLS console?
You can certainly use external LDAP tools to manage the data in the WLS
embedded LDAP
server, but using an external LDAP server may offer better tools for
management than those
offered in WLS.
The second is performance. Since the ldap server embedded within WLS uses
in-memory
indices, the time to load the indices and the memory required for storing
them increases as
the number of users increases. 20-50K seems to have reasonable performance.
The last is extensibility. The WLS default authenticator stores user,
description, and password.
You may have different requirements and want to store additional
information. -
Searching for Easy DMS documents using embedded search
Dear Experts,
we are using easy dms to manage documents. As far as I know it should be possible to index these documents using TREX.
-it is possible to perform a search for these documents using Embedded Search an get the search results as XML (a documentation would be very helpful)?
-how can the security be taken into account? Is there a method like AUTHORITHY_CHECK by SeS to perform security check?
thanks a lot for your help
kind regards
NicolaiI found that authorization checks can be performed using the following authorization objects:
-Authorization Object C_DRAW_TCD (Activities for Documents)
-Authorization Object C_DRAW_TCS (Status Dependent Authorization)
-Authorization Object C_DRAW_STA (Document Status)
-Authorization Object C_DRAW_BGR (Authorization Group)
-Authorization Object C_DRAW_DOK (Document Access)
-Authorization Object C_DRAD_OBJ (Object Link)
I could not find any information regarding my first question -
WCAP - Calendar search using LDAP ?
Hi,
Calendar 6.3 (WCAP) allows to search/subscribe other users calendars.
There is this configuration setting in the ics.conf
! Calendar searches are done using LDAP or UserPreferene plugin
service.calendarsearch.ldap = "yes"
When i set this to yes, i have the following behaviour :
- lightning : the service sometimes returns entries 3 times
- Convergence : i can't search for secondary calendars.
I made a simple test page to run "search_calprops.wcap" tests, and the server is really returning entries 3 times (it's not a lightning bug).
For Convergence, there is an exception in the Error console, due to Convergence trying to create an object this an id that already exists (this can easily be fixed).
When i comment the configuration setting, everything works fine.
The question is :
Is it harmful not to rely on the LDAP for calendar subscription ? Will it decrease the server's performance ?
Thank you.
For the Convergence "this can easily be fixed", here is an example of customization :
Class:
iwc.widget.calendar.Subscribe
Method : showCals
Body :
Replace
this.currentCalIds.push(calid);
this._makeRow({id:calid, n:cal[c.NAME], p:perm}, cnt);
With
// BEGIN PATCH
//this.currentCalIds.push(calid);
//this._makeRow({id:calid, n:cal[c.NAME], p:perm}, cnt);
// No, the calendar may (and DOES) return duplicates, so check if the calid has
// already been added
var exists = false;
dojo.forEach(this.currentCalIds, function(nm){
if(calid == nm){ exists = true; }
if(!exists){
this.currentCalIds.push(calid);
this._makeRow({id:calid, n:cal[c.NAME], p:perm}, cnt);
// END PATCH
Edited by: diesmo on 29 mars 2012 08:47Well, Either :
- i enable this, and my front-end server runs searches on the LDAP server, meaning that my back-end server is less loaded
- i disable this, and my front-end server relies on the back-end server (using DWP) for calendar searches, which may (or may not) result in slower responses and/or heavier load on both my front-end and back-end server
Anyway, we'll try to disable it, and monitor the service during some time to see what happen. -
Settting embedded LDAP password using WLST
Hi All,
I have a requirement where I need to automate some setup on weblogic server. As part of these scripts, I need to set the embedded ldap password using WLST . I tried recording the actions through Admin console. But, I wasn't able to use the generated script for the same. Any pointers on this would be really helpful.Do you mean you need to change a users password in embeded LDAP? If so here's the link Configuring Existing WebLogic Domains - 12c Release 1 (12.1.1) look for
Changing a Password -
Can I use your Embeded LDAP Server?
Hi,
WebLogic Server 7.0 and 8.1 comes with an embedded LDAP Server?
I have an application that requires iPlanet Directory Server for 7000 entries.
Can I use the embedded LDAP Server to put my own entries and use it?
Regards,
Shanmugavel R PAre these videos on mozilla.org somewhere? Please see the last section of the following page, on "Site Licensing": http://www.mozilla.org/about/legal.html
Maybe you are looking for
-
Problem getting Multiple Values From BPEL.
I have created the BPEL process (jdeveloper 11g) R1 which reads the data from database adapter and I have to iterate the values one by one from while loop. I have created while activity and I want to assign my column value to one variable , I am foll
-
How to find groups in domain based on input file of groups
Hi, I want to find if groups exist in the domain based on a list of groups in a text file as follows. My Get-AdGroup doesn't work, so Im looking for suggestions. $MyGroups = Get-Content -path c:\MyGroups.txt Foreach ($Group in $MyGroups)
-
Bypassing authority check in function module
hi experts I have developed an abap report on material bom explosion using function module cs_bom_explosion Its working fine and all data are coming ok since I HAVE THE AUTHORITY OF T CODE CS03.. pls note all bom fn modules checks for authorization
-
Hi experts, Our client is on EHP4 and implemented the Apraisal system on Portal. I had checked the WD used to display the appraisal documents on ESS/ MSS is HAP_START_PAGE_POWL_UI. It is using the component configruation HAP_START_PG_POW_ESS_UI_CC &
-
Error exporting to CSV with groups
Post Author: HuskerSkip CA Forum: Exporting Iu2019m having a problem exporting reports to the CSV format. Iu2019m seeing the problem both in the report designer and in my C# code. Here are the conditions under which the problem appears: Report cont