Retrieving user and group information from LDAP using j_securrity_check

Hi
I am using j_security_check to authenticate users
against LDAP. I have made all necessary configuration
for the server to perform LDAP group search as well
as mentioned in the WAS documentation of LDAP
settings. Now, how can I retrieve the user and the
user group info after the j_secuirty_check.
Apart
from the UserPrincipal object which I can get from
the request which just has the user name, is there
any other object which will give me the user and user
group info by which I need to connect to LDAP using
my java code to retrieve these informations?Hmm, you don't need the user group info to connect to the LDAP server, right? You would need the user's Id (which you have) and password (which you don't). You could use the LDAP credentials and bind as that to look up the user info via the user id. Or if the server is set up to allow anonymous bind you could do it without credentials. But if all you want is group info then you should be able to call Security.getCurrentSubject().getPrincipals() to get the user principal as well as all groups (this is true in BEA WebLogic at least).
Good Luck
Lee

Similar Messages

How to get the user and groups information from http header

Hi All,
In my current scneario, we are using Siteminder for SSO setup.. And in this process, after authentication and authorization, they are going to append the user information and group information of the user into a HTTP header and it will be sent back to our presentation services.. We have to extract the user information and group information from the http header.
My HTTP header will look like as follows..
SM_USER XYZ
SM_USERDN CN=Firstname\, Lastname\, xyz, OU=GPO-Low Level Security,OU=Domain Users,OU=BU FDT,
SM_USERGROUPS CN=GG-CA-SiteminderAdmins, OU=Global,OU=Domain Groups, DC=com^CN=GG-ServiceDeskAdmin-TCCORPCEFS
And also if anyone explain me the overall working of SSO in detail like how presentation services will make a connection to BI server( I guess using Impersonator User), and also how our BI server will read the URL from presentation services and the over all working flow in our OBIEE..
Thanks a lot....

Please use the search! this topic has come up lots of times already.

Creating OAAM users and groups in external LDAP i.e. OID

Hi Experts,
I am looking for the procedure to create OAAM users and groups in external LDAP i.e. OID.
I am using 11gR2.
Any pointers would be appreciated.
Regards,
Subin

Check this link http://docs.oracle.com/cd/E27559_01/dev.1112/e27206/lcm.htm#autoId3

Importing user and group database from 2.6 to 4.0

Hi,
I need to import the user and groups from version 2.6 ACS to version 4.0. The 2.6 online documentation talks of using the CSUtils to create a .txt back up of the users and group. But I cannot see how to import that into 4.0. Has anyone done this. Any info would be appreciated,
cheers,

Hi Darran,
I looked at what I had imported using the instructions you had supplied me and it looked fine, all users and group, tacacs privelege levels had been imported. I modified a router on our network to point at the ACS 4.0. on testing it looks like the passwords hadn't been copied across successfully. Logins are failing with 'invalid CS password' in the failed authentication log. If I changed the password manually it was fine.
Have you seen that before?
Thanks for your help on this.
Rgds,
Russell.

User and group handling in LDAP Realm

Hi,
I'm currently using an LDAP Realm for storing users and groups, which I need to be able to add, amend and remove at runtime.
I understand that in earlier versions of Weblogic, the methods to do the add/remove/modify were not implemented but I was told that this may change in WL6. If so, is there any documentation or examples about these methods ? If not, would I need to extend ManageableRealm to create a custom realm ?
Any help much appreciated.
Dave

Hi Dave:
In our project, we use security realm (LDAP realm) for Users and Groups authentication. We turned the CacheRealm on to optimize performance. To add and amend Users and Groups, we use a stateless EJB to talk to LDAP server. This kind of partition works fine for us to separate the user authentication
logic and user management logic.
Fun
Dave Horner wrote:
Hi,
I'm currently using an LDAP Realm for storing users and groups, which I need to be able to add, amend and remove at runtime.
I understand that in earlier versions of Weblogic, the methods to do the add/remove/modify were not implemented but I was told that this may change in WL6. If so, is there any documentation or examples about these methods ? If not, would I need to extend ManageableRealm to create a custom realm ?
Any help much appreciated.
Dave

User and Group Externalization from EAS console Fails!!

Hi All, I am trying to externalize users and groups from EAS and once its done, all the login Id's (including admin and essadmin) fail. We cant log in into the server anymore because the logins are disabled.
The shared services is running fine and is talking pretty well with Essbase, but the externalization thing is not working.
The Essbase is on Linux server and shared services is on windows server and all the products are 9.3.1.
If any one faced a similar problem or have any idea regarding this issue, please let me know ASAP and would highly appreciate that as we will have to move to production soon.
Message was edited by:
user639077

You might want to Try Re-run the Config utility from the Linux-Essbase server and Re-register the Essbase with HSS.
Start the Essbase in Foreground and check if it is running
Now log on to the EAS/AAS with default admin/password if you havent changed it :); add your Essbase server using the Super user/Owner of essbase i mean the id..if you are succesful; i would always create a Test user as before Externalisation i can create users at EAS/AAS and then using Admin id ; i will push the Users/groups to the HSS by Externalising.. let me know if that helped you. GUd Luck..
Sriram

User and Group information not updated in Sharepoint 2010

Hi,
Recently, our orgnisation has maked update of user and group in the Active Diractory. The information was not update in the site collection. I was try to :
-recreate and synchronize a new service application ( no effect)
- Delete old database synchronisation( stsadm -o sync -deleteolddatabases 5)
- stsadm -o sync -synctiming m:5 and stsadm -o sync -sweeptiming m:5 (No effect)
-I have no error or warning whn i make the synchronisation, all data bases is started.
Anyone can help me please??
Thks

Is User Profile to SharePoint Full Synchronization job up and running? Do you see any errors when this job runs? Turn on verbose logging to see details when this job runs.
This post is my own opinion and does not necessarily reflect the opinion or view of Slalom.

How to log the user and group setup from weblogic console

If I use the file realm to setup my acls, does it possible to log these
action?
Our customer ask us must to log which user or group you added, deleted.
Thanks and Best Regards,
Tom Hsu
³\®aºa (Tom Hsu)
Project Manager
Banking Solution Dept.
Bull Information Systems Taiwan Ltd.
8F, 2, Min-Sheng E. Road, Sec. 3,
Taipei, Taiwan
E-mail: [email protected]
TEL¡G02-25013090 Ext:205
FAX¡G02-25055439
Mobil: 0939-869-316

You might want to Try Re-run the Config utility from the Linux-Essbase server and Re-register the Essbase with HSS.
Start the Essbase in Foreground and check if it is running
Now log on to the EAS/AAS with default admin/password if you havent changed it :); add your Essbase server using the Super user/Owner of essbase i mean the id..if you are succesful; i would always create a Test user as before Externalisation i can create users at EAS/AAS and then using Admin id ; i will push the Users/groups to the HSS by Externalising.. let me know if that helped you. GUd Luck..
Sriram

Anyconnect tunnel-group and group-policy from LDAP

Recently we've changed from LOCAL to LDAP authentication and added additional group-policies for different users to increase security.
To prevent users from selecting an incorrect group-policy, the LDAP server provides a IETF-Radius-Class value which matches the different group-policy names.
It is my understanding that the authentication method is provided by the tunnel-group.
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group LDAP_AD
This all works, but for _one_ of the group policies i'd like to enable (external) two factor authentication. Two enable two factor auth a 'secondary-authentication-server-group' needs to be set in the tunnel-group.
Creating a tunnel-group which maches the name of the group-policy doesn't seem to have any effect. When listing the connected users via "show vpn-sessiondb anyconnect", it always states the correct Group Policy but also always DefaultWEBVPNGroup.
When enabling the listing of tunnel-groups for webvpn, thus allowing users to select their own tunnel-group, the two factor auth does work.
To summarize, is it possible to let LDAP decide which tunnel-group is used or is there another way to have different group policies without users being able to choose ?

Fabian,
Your connection lands on a tunnel group and picks a group policy.
A typical way to overcome the problem you're indicating is by using group-url.
a URL is bound to a specific tunnel-group and allows you to land directly on the one you desire.
vide:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html
M.

How can I retrieve the col data size and Null information from table using labview connectivity toolset

Hi, there,
I am wondering how to get the table information by labview database
connectivity toolset. The table list vi comes with the toolset can get
only col name, data type and data size. And I found the the data size
always gives back -1, even though it is a string type. Do somebody has
some idea about it?
Thanks.
JJ

JJ,
Go into the diagrams of the DBTools List Columns and DBTools Get Properties respectively. When you inspect this diagram, you will see the raw ActiveX properties and methods called to get the size information. The value of -1 means the requested recordset is already closed. This is the sort of thing that is controled by the driver (ODBC, OLE DB, Jet, etc) you are using. Notice that you can right click on the property and invoke nodes and get more information about these specific items directly from the ADO online help.
Crystal

LDAP Users and Groups

Hi,

I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:

com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.


It seems that this needs to be setup. How do I do this?


Some general notes on LDAP:

I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.

Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.

It would be interesting to read what Bea and other developer think about this.

Kind regards,

Kai


Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)

How to change default /Users and /Groups to different Volume?

Users are created in /Volumes/<boot>/Users and groups in /Volumes/<boot>/Groups.
We need these to be created on a different volume, eg., /Volumes/External/Users, and /Volumes/External/Groups.
Setup Assistant correctly put user Backups into */Volumes/External/Shared Items/Backups* and also correctly put web services on /Volumes/External/ServiceData -- we want to do the same for Groups and Users.
Groups are the most critical, as the group needs bulk storage. Users we could leave as is if it can't be done.
How can this be configured? We've read File Server Admin, Open Directory Admin, and Advanced Server admin from http://www.apple.com/server/macosx/resources/documentation.html without finding an answer.
Thanks in advance.

1. Create new folders on the external volume to hold users and groups, but to prevent confusion name them something other than "Users" and "Groups". /Volumes/External/NetUsers and /Volumes/External/NetGroups would be reasonable choices.
2. Share both of these folders (in Server Admin -> server name in sidebar -> File Sharing -> Volumes & Browse modes -> select each folder -> click Share near the top right).
3. Enable both folders for automounting on clients (Server Admin -> server name in sidebar -> File Sharing -> Share Points-> select each folder -> Share Point tab under that -> Enable Automount option) with the default options (Directory: /LDAPv3/127.0.0.1, Protocol: AFP, Use for: User home folders and group folders). Be sure to click Save (not just OK in the dialog).
4. To migrate users, run Workgroup Manager, and change the home location for the users you want to move (select Accounts in the toolbar -> /LDAPv3/127.0.0.1 from the hidden pop-up menu under that -> User icon tab at the left -> select the user(s) you want to change -> Home tab on the right -> select the NetUsers option from the "Where" list). Then, for each user, run this command on the server: "sudo cp -Rp /Users/username /Volumes/External/NetUsers".
5. Similarly, move Group folders in WGM (Accounts -> /LDAP... -> Groups icon on left -> select groups to move -> Group Folder tab on right -> NetGroups in the list). Then, for each group, run "sudo cp -Rp /Groups/groupname /Volumes/External/NetGroups".
6. Test to make sure all is working before deleting the old user and group folders from /Users and /Groups (do NOT delete /Users and /Groups themselves, just the individual folders from under them).

Using users and groups from LDAP in ADF application

Hi there,
I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
But I can't find proper/up-to-date info about how to do this.
I tried 2 major things:
1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
Any help or documentation that could help me?

Since we aren't using EM I had to find an other way. And I found it.
In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
Thanks for the help.

Admin Console not displaying new Users and Groups from LDAP

We created a new Realm in WebLogic, which specifies the location of the Netscape
LDAP server. Our Weblogic application, called TGSLC, is able to find the ldap
server to use for authentication. My problem is this- the Admin Console is not
displaying the new users and groups from the LDAP server. Shouldn't the WebLogic
Admin Console display any users and groups specified in the ldap server, which
is referenced in the customized Realm?

Hi Andy,
I am not sure why you are unable to see the users and groups through the
console., you should be able to. Can you post the config.xml?
thanks,
-satya
Andy Levy <[email protected]> wrote in message
news:3b700c36$[email protected]..
>
We're running WLS 6.0 Sp2 on Windows 2000 Professional.
"Satya Ghattu" <[email protected]> wrote:
Andy,
Could you please tell us what Version of Weblogic you are running?
thanks,
-satya
Andy Levy <[email protected]> wrote in message
news:[email protected]..
We created a new Realm in WebLogic, which specifies the location ofthe
Netscape
LDAP server. Our Weblogic application, called TGSLC, is able to findthe
ldap
server to use for authentication. My problem is this- the Admin
Console
is not
displaying the new users and groups from the LDAP server. Shouldn'tthe
WebLogic
Admin Console display any users and groups specified in the ldap
server,
which
is referenced in the customized Realm?

Need help in retrieving attributes from LDAP using JNDI

I am trying to retrieve attributes from LDAP using JNDI, but I'm getting the following error when I try to run my Java program.
Exception in thread "main" java.lang.NoClassDefFoundError: javax/naming/NamingException
I have all the jar files in my classpath: j2ee.jar, fscontext.jar and providerutil.jar. The interesting thing is that it gets compiled just fine but gives an error at run-time.
Could anyone tell me why I'm getting this error? Thanks!
Here's my code:
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
import java.io.*;
class Getattr {
public static void main(String[] args) {
// Identify service provider to use
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// user     info
String userName = "username";
String password = "password";
// LDAP server specific information
String host = "ldaphostname";
String port = "portnumber";
String basedn = "o=organization,c=country";
String userdn = "cn=" + userName + "," + basedn;
env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port + "/" + basedn);
env.put(Context.SECURITY_PRINCIPAL, userdn);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
System.setErr(new PrintStream(new FileOutputStream(new File("data.txt"))));
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of the object
Attributes attrs = ctx.getAttributes("cn=" + userName);
NamingEnumeration ne = attrs.getAll();
while(ne.hasMore()){
Attribute attr = (Attribute) ne.next();
if(attr.size() > 1){
for(Enumeration e = attr.getAll(); e.hasMoreElements() ;) {
System.err.println(attr.getID() + ": " + e.nextElement());
} else {
     System.err.println(attr.getID() + ": " + attr.get());
// Close the context when we're done
ctx.close();
} catch(javax.naming.NamingException ne) {
     System.err.println("Naming Exception: " + ne);
} catch(IOException ioe) {
     System.err.println("IO Exception: " + ioe);

That doesn't work either. It seems its not finding the NamingException class in any of the jar files. I don't know why? Any clues?

Retrieving user and group information from LDAP using j_securrity_check

Similar Messages

Maybe you are looking for