Steps to connect an external LDAP
Dear Gurus,
What are the steps to connect an external LDAP like ADS.
Pls let me know the step by step procedure e.g.
creating the admin,guest and ??? users in Portal.Deleting the same from the LDAPs and so on.
Thanks for the help.
Nirmal
Hi,
Check the below link for LDAP connectivity...
Integrated Windows Authentication with SAP EP 6.0 SP 3 and higher Part 1 of 2
Regards
Vasu
Similar Messages
-
Error -14002 -- connecting to external LDAP server -- HELP!
Hi all,
I did a clean install over an exisiting 10.4 Server that was connected via LDAP to our eDirectory. I exported and imported our custom mappings into /System/Library/DirectoryServices/Templates/LDAPv3 . (Which we can do on any of our 10.4 servers and its fine).
However it appears that the 10.5 server can't properly see the eDirectory server. We've tried all combinations of SSL on/off, port 636 or 389, using authentication or not. Whatever we do, Workgroup manager gives the following when trying to browse and will lock up if run from a client system. WGM will not lock up on the server but will still give the attached error.
"Error of type eDSOpenNodeFailed (-14002) on line 3873 of /SourceCache/WorkgroupManager/WorkgroupManager-319/PMMUGMainView.mm"
Interestingly, using an LDAP-browsing application like LDapper from the server is completely successful in browsing eDirectory.
Any takers??Assuming you meant /etc/openldap/ldap.conf I changed mine, which now reads
something similar to the following (there doesn't seem to be any way to
get the forum to not apply some sort of wiki-style markup)
arbela:~ nw$ cat /etc/openldap/ldap.conf
# LDAP Defaults
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_REQCERT never
arbela:~ nw$
But I still get the same error. -
Hello,
I am trying to connect to external domain via UPS Account having "Replicate Directory changes" permission on external domain while creating sync connection in UPSA.
I have checked below URLS :
http://social.technet.microsoft.com/Forums/en-US/1912bf88-8fec-4b5d-9d1e-a42db8318e33/ldap-server-is-unavailable-sharepoint-2010-user-synchronization?forum=sharepointadminprevious
http://social.technet.microsoft.com/Forums/en-US/6525d3aa-9197-42a2-aea0-190b84ac8356/the-ldap-server-is-unavailable?forum=sharepointadminprevious
And looks like its network connectivity issue - and hence I have verified that port 389 is open by infra team.
Note : I am able to connect to local AD , does it make sense that port is not open for external domain ?
Can anyone please let me know what can be the issue ?
Your help will be highly appreciated as I am struggling to fix this issue since quite long time but no luck yet.
Thank you in advance.
Kind regards,
Dipti ChhatrapatiHi Dipti,
If you have Two-Way trust relationship then not sure if you have tried below:
Create a folder on the SharePoint server
Go to Folder properties - Security tab
Try adding user of the external domain on the folder
Please let us know if you are able to add the user or not. If you are able to add then it means that the connection and trust is proper and you should be able to create sync connection in UPA without any issues or else there is some issue with the connectivity
or the trust which is configured.
Please also make sure that you have given permissions to sync account as per below TechNet:
http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
Replicate Directory changes permissions are also required on cn=configuration container, below are the steps:
Grant Replicate Directory Changes permission on the cn=configuration container
Use this procedure to grant Replicate Directory Changes permission on the cn=configuration container to an account.
To grant Replicate Directory Changes permission on the cn=configuration container
On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
If the Configuration node is not already present, do the following:
In the navigation pane, click ADSI Edit.
On the Action menu, click Connect to.
In the Connection Point area of the Connection Settings dialog box, click Select
a well know Naming Context, select Configuration from the drop-down list, and then click OK.
Expand the Configuration node, right-click the CN=Configuration... node, and then click Properties.
In the Properties dialog box, click the Security tab.
In the Group or user names section, click Add.
Type the name of the synchronization account, and then click OK.
In the Group or user names section, select the synchronization account.
In the Permissions section, select the Allow check box next to the Replicating
Directory Changes (Replicate Directory Changes on Windows Server 2003) permission, and then click OK.
Kind regards,
Bhavik K Jain
Please ensure that you mark a question as Answered once you receive a satisfactory response. -
Custom user name mapper needs external LDAP connection.
I have a custom user name mapper that needs to connect to our external LDAP. Our security realm is configured to connect to the external LDAP for users and groups. Is there a way to reuse this connection in the custom user name mapper?
I have a custom user name mapper that needs to connect to our external LDAP. Our security realm is configured to connect to the external LDAP for users and groups. Is there a way to reuse this connection in the custom user name mapper?
-
External LDAP connection for Jive forum webcenter Discussion
Hi All,
We could successfully configure external LDAP with Webcenter Discussion forum. In turns Jive forum.
Problem we are facing : It is authenticating for display name instead of actual userid.
EX:
John Paul (display name)
[email protected] (email id)
John.paul (userid)
It is accepting John Paul as username instead of john.paul. This is issue as there can be duplicate display names.
Which parameter and where to configure to make sure Authentication is done for userid only.I think jive is used in webcenter discussions?
You may have the wrong forum... this is for Webcenter Interaction Products.
For help with Webcenter Discussion, blogs, and wiki's (part of webcenter services), you want to ask your question here:
http://forums.oracle.com/forums/forum.jspa?forumID=733 -
Error while configuring external LDAP user store with weblogic
Hi,
I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
To do this, I have configured authentication provider and provided all the required details to connect to ldap.
For example:
Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
User DN: ou=People,dc=test,dc=com
Group DN: ou=Groups,dc=test,dc=com
This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
password=xxxxxxx
username=admin
Now while starting the admin weblogic server, I am getting the below error:
<Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
<Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
>
<Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
Regards,
Neeraj Tati.Hi,
Please refer the below content that I found for Oracle 11g in the docs.
"If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
Here not sure what to do.
Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
Regards,
Neeraj Tati. -
Hi
My application is an interface to ldap directory. I have not used any ldap open source api to retrieve data from ldap. I have written connection pool that will help the application to connect to the ldap. It's working fine, but it's creating threads which are not invited.
ConnectionPool class takes care of the connection storage and creation, while Housekeeping thread relases these connection when idle after a given time.
Can someone please help in finding the problem in the code that creates additional threads.
package com.ba.cdLookup.manager;
import com.ba.cdLookup.exception.CDLookupException;
import com.ba.cdLookup.server.CdLookupProperties;
import java.util.Vector;
import javax.naming.Context;
import javax.naming.NamingException;
public class HouseKeeperThread extends Thread {
* Apache Logger to log erro/info/debug statements.
protected static org.apache.commons.logging.Log log = org.apache.axis.components.logger.LogFactory
.getLog(HouseKeeperThread.class.getName());
private static HouseKeeperThread houseKeeperThread;
* Close all connections existing.
* @param connections
* void
private void closeConnections(Vector connections) {
String methodIdentifier = "closeConnections";
int numOfConn = connections.size();
try {
for (int i = 0; i < numOfConn; i++) {
Context context = (Context) connections.get(i);
if (context != null) {
context.close();
context = null;
connections.remove(i);
numOfConn--;
log.info(" connection name:" + context
+ " removed. Threadcount =" + (connections.size()));
} catch (NamingException e) {
String errMsg = "CDLdapBuilder connect() - failure while releasing connection "
+ " Exception is " + e.toString();
log.error(errMsg);
} catch (Exception e) {
String errMsg = "CDLdapBuilder connect() - failure while releasing connection "
+ " Exception is " + e.toString();
log.error(errMsg);
* Thread run method
public void run() {
String methodIdentifier = "run";
try {
while(true){
log.debug("house keeping :" + this + " ---sleep");
//sleep(100000);
log.debug("house keeping :" + this + " startd after sleep");
sleep(CdLookupProperties.getHouseKeepConnectionTime());
ConnectionPool connectionPool = ConnectionPool
.getConnectionPool();
Vector connList = connectionPool.getAvailableConnections();
closeConnections(connList);
} catch (CDLookupException cde) {
log.error(methodIdentifier + " " + cde.getStackTrace());
} catch (InterruptedException ie) {
log.error(methodIdentifier + " " + ie.getStackTrace());
* @param connectionPool
* @return
* Thread
public static Thread getInstance() {
if(houseKeeperThread==null){
houseKeeperThread = new HouseKeeperThread();
return houseKeeperThread ;
package com.ba.cdLookup.manager;
import com.ba.cdLookup.exception.CDLookupException;
import com.ba.cdLookup.server.CdLookupProperties;
import com.ba.cdwebservice.schema.cdLookupPacket.LookupFailureReasons;
import java.util.Properties;
import java.util.Vector;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
* ConnectionPool class manages, allocates LDAP connections. It works as a lazy
* binder and retrieves connections only when required. It doesn't allow
* connection greater then the maximum connection stated.
* To retrieve a connection the singelton method getConnectionPool is to used,
* which retruns thread safe singleton object for the connection.
public class ConnectionPool implements Runnable {
private int initialConnections = 0;
private int maxConnections = 0;
private boolean waitIfBusy = false;
private Vector availableConnections, busyConnections;
private boolean connectionPending = false;
private static int threadCount = 0;
* classIdentifier
private final String classIdentifier = "ConnectionPool";
* Apache Logger to log erro/info/debug statements.
protected static org.apache.commons.logging.Log log = org.apache.axis.components.logger.LogFactory
.getLog(CDLdapBuilder.class.getName());
* To get the attribute a systemaccessfor out of the search result
private String vendorContextFactoryClass = "com.sun.jndi.ldap.LdapCtxFactory";// "com.ibm.jndi.LDAPCtxFactory";
* context factory to use
private String ldapServerUrl = "LDAP://test.ldap.com"; // default ldap
* server live used by default
private String searchBase;
* environment properties.
private Properties env;
* DirContext
private javax.naming.directory.DirContext ctx;
* default search base to be used in Corporate Directory searches
private String defaultSearchBase = "dc=Pathway";
* search criteria
private String searchAttributes;
* search filter to retrieve data from CD
private String searchFilter;
* CorporateDirectoryLookup Constructor
* <p>
* loads the setup parameters from the properties file and stores them
* Makes a connection to the directory and sets default search base
* @throws CDLookupException
* @throws CDLookupException
private ConnectionPool() throws CDLookupException {
this.maxConnections = CdLookupProperties.getMaxConnection();// maxConnections;
this.initialConnections = CdLookupProperties.getInitialConnection();
this.waitIfBusy = CdLookupProperties.isWaitIfBusy();
this.searchBase = CdLookupProperties.getDefaultSearchBase();
//for local env testing
// this.maxConnections = 5;
// this.initialConnections = 1;
// this.waitIfBusy = true;
* For keeping no of connections in the connection pool if
* (initialConnections > maxConnections) { initialConnections =
* maxConnections; }
availableConnections = new Vector(maxConnections);
busyConnections = new Vector(maxConnections);
for (int i = 0; i < maxConnections; i++) {
availableConnections.add(makeNewConnection());
* ConnectionPoolHolder provide Thread safe singleton
* instance of ConnectionPool class
private static class ConnectionPoolHolder {
* connection pool instance
private static ConnectionPool connectionPool = null;
* If no ConnectionPool object is present, it creates instance of
* ConnectionPool class and initiates thread on that.
* @return ConnectionPool Returns singleton object of ConnectionPool
* class.
* @throws CDLookupException
private static ConnectionPool getInstance() throws CDLookupException {
if (connectionPool == null) {
connectionPool = new ConnectionPool();
new Thread(connectionPool).start();
// Initiate house keeping thread.
HouseKeeperThread.getInstance().start();
return connectionPool;
* Returns singleton object of ConnectionPool class.
* @return ConnectionPool
* @throws CDLookupException
public static ConnectionPool getConnectionPool() throws CDLookupException {
return ConnectionPoolHolder.getInstance();
* getConnection retrieves connections to the corp directory. In case
* there is no available connections in the pool then it'll try to
* create one, if the max connection limit for the connection pool
* reaches then this waits to retrieve one.
* @return Context
* @throws CDLookupException
public synchronized Context getConnection() throws CDLookupException {
String methodIdentifier = "getConnection";
if (!availableConnections.isEmpty()) {
int connectionSize = availableConnections.size() - 1;
DirContext existingConnection = (DirContext) availableConnections
.get(connectionSize);
availableConnections.remove(connectionSize);
* If connection on available list is closed (e.g., it timed
* out), then remove it from available list and repeat the
* process of obtaining a connection. Also wake up threads that
* were waiting for a connection because maxConnection limit was
* reached.
if (existingConnection == null) {
notifyAll(); // Freed up a spot for anybody waiting
return (getConnection());
} else {
busyConnections.add(existingConnection);
return (existingConnection);
} else {
* Three possible cases: 1) You haven't reached maxConnections
* limit. So establish one in the background if there isn't
* already one pending, then wait for the next available
* connection (whether or not it was the newly established one).
* 2) You reached maxConnections limit and waitIfBusy flag is
* false. Throw SQLException in such a case. 3) You reached
* maxConnections limit and waitIfBusy flag is true. Then do the
* same thing as in second part of step 1: wait for next
* available connection.
if ((totalConnections() < maxConnections) && !connectionPending) {
makeBackgroundConnection();
} else if (!waitIfBusy) {
throw new CDLookupException("Connection limit reached", 0);
* Wait for either a new connection to be established (if you
* called makeBackgroundConnection) or for an existing
* connection to be freed up.
try {
wait();
} catch (InterruptedException ie) {
String errMsg = "Exception raised =" + ie.getStackTrace();
log.error(errMsg);
throw new CDLookupException(classIdentifier, methodIdentifier,
errMsg, ie);
// connection freed up, so try again.
return (getConnection());
* You can't just make a new connection in the foreground when none are
* available, since this can take several seconds with a slow network
* connection. Instead, start a thread that establishes a new
* connection, then wait. You get woken up either when the new
* connection is established or if someone finishes with an existing
* connection.
private void makeBackgroundConnection() {
connectionPending = true;
try {
Thread connectThread = new Thread(this);
log.debug("background thread created");
connectThread.start();
} catch (OutOfMemoryError oome) {
log.error("makeBackgroundConnection ="+ oome.getStackTrace());
* Thread run method
public void run() {
String methodIdentifier = "run";
try {
Context connection = makeNewConnection();
synchronized (this) {
availableConnections.add(connection);
connectionPending = false;
notifyAll();
} catch (Exception e) { // SQLException or OutOfMemory
// Give up on new connection and wait for existing one
// to free up.
String errMsg = "Exception raised =" + e.getStackTrace();
log.error(errMsg);
* This explicitly makes a new connection. Called in the foreground when
* initializing the ConnectionPool, and called in the background when
* running.
* @return Context
* @throws CDLookupException
private Context makeNewConnection() throws CDLookupException {
String methodIdentifier = "makeNewConnection";
Context context = null;
env = new Properties();
log.debug("inside " + methodIdentifier);
try {
env.put(Context.INITIAL_CONTEXT_FACTORY,
getVendorContextFactoryClass());
env.put(Context.PROVIDER_URL, getLdapServerUrl());
env.put("com.sun.jndi.ldap.connect.pool", "true");
context = new InitialDirContext(env);
} catch (NamingException e) {
String errMsg = "CDLdapBuilder connect() - failure while attempting to contact "
+ ldapServerUrl + " Exception is " + e.toString();
throw new CDLookupException(classIdentifier, methodIdentifier,
errMsg, e, LookupFailureReasons.serviceUnavailable);
} catch (Exception e) {
String errMsg = "CDLdapBuilder connect() - failure while attempting to contact "
+ ldapServerUrl + " Exception is " + e.toString();
throw new CDLookupException(classIdentifier, methodIdentifier,
errMsg, e, LookupFailureReasons.serviceUnavailable);
log.info("new connection :" + (threadCount++) + " name =" + context);
log.debug("exit " + methodIdentifier);
return context;
* releases connection to the free pool
* @param context
public synchronized void free(Context context) {
busyConnections.remove(context);
availableConnections.add(context);
// Wake up threads that are waiting for a connection
notifyAll();
* @return int give total no of avail connections.
public synchronized int totalConnections() {
return (availableConnections.size() + busyConnections.size());
* Close all the connections. Use with caution: be sure no connections
* are in use before calling. Note that you are not <I>required</I> to
* call this when done with a ConnectionPool, since connections are
* guaranteed to be closed when garbage collected. But this method gives
* more control regarding when the connections are closed.
public synchronized void closeAllConnections() {
closeConnections(availableConnections);
availableConnections = new Vector();
closeConnections(busyConnections);
busyConnections = new Vector();
* Close all connections existing.
* @param connections
* void
private void closeConnections(Vector connections) {
String methodIdentifier = "closeConnections";
try {
for (int i = 0; i < connections.size(); i++) {
Context context = (Context) connections.get(i);
if (context != null) {
log.info(" connection name:" + context
+ " removed. Threadcount =" + (threadCount++));
context.close();
context = null;
} catch (NamingException e) {
String errMsg = "CDLdapBuilder connect() - failure while attempting to contact "
+ ldapServerUrl + " Exception is " + e.toString();
log.error(errMsg);
public synchronized String toString() {
String info = "ConnectionPool(" + getLdapServerUrl() + ","
+ getVendorContextFactoryClass() + ")" + ", available="
+ availableConnections.size() + ", busy="
+ busyConnections.size() + ", max=" + maxConnections;
return (info);
* @return the defaultSearchBase
public final String getDefaultSearchBase() {
return defaultSearchBase;
* @param defaultSearchBase
* the defaultSearchBase to set
public final void setDefaultSearchBase(String defaultSearchBase) {
this.defaultSearchBase = defaultSearchBase;
* @return the ldapServerUrl
public final String getLdapServerUrl() {
return ldapServerUrl;
* @param ldapServerUrl
* the ldapServerUrl to set
public final void setLdapServerUrl(String ldapServerUrl) {
this.ldapServerUrl = ldapServerUrl;
* @return the vendorContextFactoryClass
public final String getVendorContextFactoryClass() {
return vendorContextFactoryClass;
* @param vendorContextFactoryClass
* the vendorContextFactoryClass to set
public final void setVendorContextFactoryClass(
String vendorContextFactoryClass) {
this.vendorContextFactoryClass = vendorContextFactoryClass;
* @return the availableConnections
public final Vector getAvailableConnections() {
return availableConnections;
}Hi,
As the connection pool implmentation has the bug of not extending more than the min size, workaround I use is MIN_CONN=100 and MAX_CONN=101,and just waiting for the bug to get fixed. (using Netscape SDK for java4.0) -
I am unable to get my hp pavilion entertainment pc to recognize an external monitor - orion
please help
is it my resolution settings?
I am using windows vista
thanksHello lindalou63,
Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums I would like to direct your attention to the HP Forums Guide First Time Here? Learn How to Post and More.
I understand you are having issues when trying to connect an external monitor to your computer running Windows Vista. I am providing you with an HP Support document: Connecting Monitors and TVs to Your PC (Windows Vista and XP), which will walk you through the steps required to correctly connect a monitor to a computer running both Windows Vista and XP. I would suggest you review the document and ensure you have followed all the steps provided. This should resolve your issue and let you get back to enjoying your computer again.
Please re-post if you require additional assistance. Thank you for posting on the HP Forums. Have a great day!
Please click the "Thumbs Up" on the bottom right of this post to say thank you if you appreciate the support I provide!
Also be sure to mark my post as “Accept as Solution" if you feel my post solved your issue, it will help others who face the same challenge find the same solution.
Dunidar
I work on behalf of HP
Find out a bit more about me by checking out my profile!
"Customers don’t expect you to be perfect. They do expect you to fix things when they go wrong." ~ Donald Porter -
Server App not seeing external LDAP users & groups
I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
This is all so much more opaque than our superbly reliable Snow Leopard servers!
TIAOk, and again:
You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
Connect the third party ldap to your server
Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
Feel lucky
And there ist ist; now you are able to use The accounts taken from an external LDAP. -
I am connecting an external USB HDD and I can see it on my Apple Macbook Air. BUT this drive is READ only. How can I write to it?
Drive Partition and Format
1.Open Disk Utility in your Utilities folder.
2. After DU loads select your hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Click on the Partition tab in the DU main window.
3. Under the Volume Scheme heading set the number of partitions from the drop down menu to one. Click on the Options button, set the partition scheme to GUID then click on the OK button. Set the format type to Mac OS Extended (Journaled.) Click on the Partition button and wait until the process has completed.
4. Select the volume you just created (this is the sub-entry under the drive entry) from the left side list. Click on the Erase tab in the DU main window.
5. Set the format type to Mac OS Extended (Journaled.) Click on the Security button, check the button for Zero Data and click on OK to return to the Erase window.
6. Click on the Erase button. The format process can take up to several hours depending upon the drive size.
Steps 4-6 are optional but should be used on a drive that has never been formatted before, if the format type is not Mac OS Extended, if the partition scheme has been changed, or if a different operating system (not OS X) has been installed on the drive. -
Use of external LDAP server in Weblogic Commerce Server
I'm using the following software:
Iplanet Directory Server v5
Weblogic Application Server v6
Weblogic Commerce v3.5
I need to configure Weblogic Commerce Server to use Iplanet Directory Server directory
services. How do I do that?
I have a couple of questions related to this:
1) As Weblogic Commerce Server runs on top of Weblogic v6, does it mean that to
use an external LDAP server, I need to configure weblogic v6 to do that and not
Weblogic Commerce Server?
2) Whatever may be the case above, how do I do that?
3) config.xml (weblogic application server v6) contains information that needs
to be modified to point to an external JNDI source provider but what information
do I need to modify?
I'd really appreciate if someone can help me out here. Thanks!"JP" <[email protected]> wrote in message news:[email protected]..
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
Try setting the com.netscape.ldap.trace property.
\* When -D command line option is used, defining the property with
* no value will send the trace output to the standard error. If the
* value is defined, it is assumed to be the name of an output file.
* If the file name is prefixed with a '+' character, the file is
* opened in append mode.
This will create a ldap trace file of the requests that WLS is making on the
LDAP server. You can then see
where the filters are not returning the correct value for the group
membership. -
Can't connect to external network
Switched from a Netgear router to a Cisco E2500 and now my Samsung blue ray won't connect to internet.
It says physical connection established but can't connect to external network.
Thank you for any help in this matterBefore I suggest you for any kind of troubleshooting steps, I would like to ask few questions. Let me know the name of the ISP. Leaving Samsung TV, do you have any computer which can access the internet wired and wireless? If yes, what IP address do you get in the computers?
-
Grey screen when connected to external monitor / projector
I have a 13" Macbook Pro (OS 10.6.7, 2.4 GHz Intel, NVIDIA GeForce 320M) that is freezing up when connected to an external monitor or projector. The monitor or projector works fine when initially connected, but after an hour or so of use, both screens will suddenly turn grey or black and the computer is totally unresponsive (the sleep light is not on). I have to do a hard shut down using the power button. This problem only occures when connected to a monitor / projector.
This freeze up happens in various use cases; watching a movie, web surfing, editing docs, or even when i'm away from the computer, it seems entirely random.
I'm connecting to a Dell U2711 external monitor using a HDMI cable. I've tried 3 different HDMI cables / adaptors, so I'm pretty sure it's not the cable that's the problem. The problem also occures when connected to an Epson Powerlite HD 705 projector (again using HDMI)
I've called Applecare and run a Hardware Test (no issues found), I've also re-installed the operating system and ran all updates. The problem still occures.
Idea ideas on what's wrong?Found the solution here: http://apple.stackexchange.com/questions/152203/osx-10-10-yosmite-turn-off-macbo ok-pros-display-while-connect-to-external-moni
In terminal:
Enable: sudo nvram boot-args="niog=1"
To undo: sudo nvram -d boot-args
This works brilliantly!
Steps I use:
1) After putting in the terminal command, reboot and close the lid immediately
2) Keep the lid closed during boot up and once logged in, open the lid
3) The MacBook Pro's screen is off -
Fetching properties from external LDAP
Hi,
I have configured ActiveDirectoryAunthenticator to link to my external LDAP
provider. I am trying to fetch some properties/attributes related to the
profile such as company and other contact details.
I have not configured UUP as Im using weblogic's default user store.
Now, when I access "com.bea.p13n.controls.profile.UserProfileControl", to
fetch the properties I get null values.
Is there some other configuration required ?
Please let me know the solution or the approach.
Thanks in advance ,
Regards,
ArunHi Arun
Migration of data is possible
Export the data from external server and import into your domain server
Here is the steps
To export and import security data:
1. Expand the Security-->Realms nodes.
2. Click the name of the realm you are configuring (for example, TestRealm).
3. Click the Migration-->Export tab.
4. Specify the directory and filename in which to export the security data in
the Export Directory on Server attribute.
Note: You can specify a directory and file location on another server.
5. Click Export.
6. Expand the Realms node.
7. Click the name of the security realm in which the security data is to be imported.
8. Click the Migration-->Import tab.
9. Specify the directory location and file name of the file that contains the
exported security data in the Import Directory on Server attribute.
10. Click Import.
To verify the security data was imported correctly:
1. Expand the Security-->Realms nodes.
2. Click the name of the realm into which the security data was imported.
3. Click Users.
4. Users from the security realm from which you exported the security data should
appear in the Users table.
Cheers
Surya
"Arun A.G." <[email protected]> wrote:
Hi,
I have configured ActiveDirectoryAunthenticator to link to my external
LDAP
provider. I am trying to fetch some properties/attributes related to
the
profile such as company and other contact details.
I have not configured UUP as Im using weblogic's default user store.
Now, when I access "com.bea.p13n.controls.profile.UserProfileControl",
to
fetch the properties I get null values.
Is there some other configuration required ?
Please let me know the solution or the approach.
Thanks in advance ,
Regards,
Arun -
RoleMapper with an external LDAP
Dear friends,
We use an external LDAP to store information related to users, groups and roles. We have managed to configure an out of box LDAP Authenticator within our realm for authentication. We wanted some guidance on configuring or writing RoleMapper.
1) What is good practise in terms of storing and managing roles? Is it a common practise to store roles in an external LDAP or do people use Admin console to created roles within the embedded LDAP? The advantage with the Embedded LDAP is definitely that you could use out of the box RoleMapper and the disadvantage is that we could not extend LDAP schema to store hierarchical roles.
2) If we store and manage roles in an external LDAP store, the same one where we store users and groups, could we still use the out of the box role mapper? If not, could someone provide a sample role mapper that uses an external LDAP store.
3) Why WebLogic doesn't provide an out of the box Role Mapper that connects to an external LDAP?All Users Filter: (&(&(uid=*)(objectclass=person))(!(quitdate=*)))
User From Name Filter: (&(&(uid=%u)(objectclass=person))(!(quitdate=*)))
User Name Attribute: uid
Here you're configuring that uid is the key of your users in OID. And in your case user A and B has the same uid, so the webcenter can login using user B, but when realize a search uid=jack ldap returns the first one.
Make any sense for you?
Hope that I help you
Maybe you are looking for
-
In Mini SAP when clicking Start SAP MBS before calling SAPLogon-it is giving errors as- Call clean-up function... ***ERROR=>SigICallExitRoutine: not initialized[Signt.C0239] return from clean-up function... (1)disp+work.exe has encountered a problem
-
Hi friends I am currently using Oracle 9.2.0.1.0 version. I need to upgrade to 9.2.0.8.0. Is there any patch available or oracle stop the support to 9.2.0.1.0. If so to change to a new version what to do? Please help me with a specific answer. Please
-
Help with installing photoshop elements
I went to download adobe elements, given instructions to download adobe assistant, did that then i found myself downloading ms6 master's collection. i just wanted to download adobe elements, it is now downloading and states it will take 6 more hours.
-
Keynote 6 is down to 3-stars at the Mac App Store
As of this post, the 1-star reviews of Keynote 6 are approaching the 5-star reviews in quantity at the Mac App Store. The overall average is down to 3-stars. So... progress.
-
Sequence of requests when acitvating requests in DSO
Dear all, I did a data load into a DSO and wanted to activate the request. I got this error message: Request REQU_D34HNJC8RC1HEPTA1E2E1DEKI (244.929) for DataSource 2LIS_11_VAITM from source system GEN has the status green and a lesser SID (and is th