Sun idm LDAP Search Filter, logical operations.
Hi
Can any body please give me the solution on LDAP Search Filter
I need to get all the users from a LDAP
Whose attribute1 contains any of the values like (abc, bbc)
OR
Whose attribute2 contains any of the values like (xyz, yxz)
we got the solution
(|(|(attr1=abc)(attr1=bbc))(|(attr2=xyz)(attr2=yxz)))
finally this worked.
Similar Messages
-
LDAP Search filter Jabber for Android
Hi,
I have this LDAP Filter which only shows me active users:
<BaseFilter>(&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2))</BaseFilter>
I have the same line for Jabber for Android, but it doesn't work.
<BDIBaseFilter>(&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2))</BDIBaseFilter>
I get 0 results for any search on Jabber Andorid. When I delete the "BDI" Line for the filter all together, then I get correct results - with photos and everything.
I also tried a simple filter e.g:
<BDIBaseFilter>(!UserAccountControl:1.2.840.113556.1.4.803:=2))</BDIBaseFilter>
No search results either.
Any ideas how to get Filter for Android working?
Versions:
Jabber for Android: 10.6
CUCM: 9.1.2I think I found the coresponding messages in the log:
csf.person.ldap: [LdapSearchQueryHandler.cpp(51)] [start] - reqId = 2
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1482)] [sendSearchQuery] -
02-26 09:18:59.851 15477 15477 I csf.person.xmpp: [XMPPPersonRecordSource.cpp(268)] [fetchContacts] - Entering.
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1531)] [sendSearchQuery] - filter = (&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2)(|(sAMAccountName=at1sath))), baseDN=OU=Organization,DC=at,DC=customer,DC=net
02-26 09:18:59.851 15477 15477 D services-dispatcher: [ServicesDispatcher.cpp(147)] [pumpNext] - pumpNext.executed (ContactsAdapter::LoadContactsFromSource)
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1576)] [sendSearchQuery] - ldap search error. rc= -7 ,msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1675)] [notifyListenersSearchRequestCompleted] - errorCode=-7
02-26 09:18:59.851 15477 15477 D services-dispatcher: [ServicesDispatcher.cpp(145)] [pumpNext] - pumpNext.executing (ContactsAdapter::LoadContactsFromSource)
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1258)] [mapErrorNo] - Code = -7, Msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapSearchQueryHandler.cpp(84)] [onSearchRequestCompleted] - reqId = 1, errcode = 9
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1531)] [sendSearchQuery] - filter = (&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2)(|(sAMAccountName=at1hafr))), baseDN=OU=Organization,DC=at,DC=customer,DC=net
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1576)] [sendSearchQuery] - ldap search error. rc= -7 ,msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1675)] [notifyListenersSearchRequestCompleted] - errorCode=-7
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1258)] [mapErrorNo] - Code = -7, Msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapSearchQueryHandler.cpp(84)] [onSearchRequestCompleted] - reqId = 2, errcode = 9
The next question is now: Why is it a bad search filter? And what is the correct one? The same filter works on jabber for windows...
BR, Dave -
Smart Album & search filter logic
Has anybody found a way to do more sophisticated Smart Album creation or search filters within Aperture other than the very simplistic methodology we appear to be limited to of for example keyword search with only two choices of "containing one or more", or "contains all"? I have tried hard to find a better way and am concluding it is a limitation in the current release.
I'm thinking hear of some of the multiple criteria smart folder/album/search options that even an relatively modest product like iPhoto offers, for example keyword "contains xxx", "does not contain yyy", "begins with aaa" etc.
Thanks
Dave
G5 Dual 2.3Ghz, 6Mb RAM, NV6800 Ultra Mac OS X (10.4.4)Has anybody found a way to do more sophisticated
Smart Album creation or search filters within
Aperture other than the very simplistic methodology
we appear to be limited to of for example keyword
search with only two choices of "containing one or
more", or "contains all"? I have tried hard to find
a better way and am concluding it is a limitation in
the current release.
Yes - what you do is add a new "CUstom Metadata" criteria (I forget the exact name but it's something like that). You then change the dropdown for the metadata type to "IPTC"...
You can then use keywords in searches with much more complex logic around them, like the "contains" and "begins with" you are looking for. It does not fill in keywords for you but it offers a lot more options for criteria. -
SUN One LDAP Retrieving Dynamic group
Hi, I would like to know how can I retrieve the groups a user belongs to, if the groups are of dynamic type.
can I use the attribute memberOf?
//Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,*null*);
//Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter = "(&(objectClass=user)(CN=Andrew Anderson))";
//Specify the Base for the search
String searchBase = "DC=antipodes,DC=com";
//initialize counter to total the group members
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={"*memberOf*"};
searchCtls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);Hello Vinay,
when configuring multiple Ldap directories, There are a number of prerequisities that you need to
consider.
For example, One prerequisite for Multi domains is that logon IDs must be unique across mutliple LDAP datasources. This will cause issue if duplicate IDs exist.
Please see the following Documentation and notes for more information on this.
Examples of Data Source Configuration Files - Identity Management - SAP Library
Example: Configuration of Multiple LDAP Data Sources - Identity Management - SAP Library
1618342 - Multiple LDAP Datasources - Active Directories where logon IDs
are not unique
762419 - Multi-Domain Logon Using Microsoft Active Directory
Please have a look at the above notes which documet this and also tells
you what to do in these situations.
Regards,
David -
Use wildcard in LDAP search with filter and filter args fails
Hi,
I'm writing a function that receives the search filter and the filter arguments and returns the attributes of the found entries but I'm having problems when I pass the wildcard '*' as argument. For example I'm looking for cn=* but instead it looks for cn=\2a (searches for cn containing *).
I'm using the InitialLdapContext function:
public NamingEnumeration<SearchResult> search(String name,
String filterExpr,
Object[] filterArgs,
SearchControls cons)
throws NamingException
The problem occurs in the class com.sun.jndi.toolkit.dir.SearchFilter format method where it replaces the filter place holders with the filter arguments. There it calls getEncodedStringRep to the arguments and that function returns the wildcard '*' escaped.
Is it supposed to behave like that? I don't have problems using the search function search(String name, String filterExpr,Object[] filterArgs, SearchControls cons) but I'd like to be able to separate the filter and the filter arguments.That's a forum artefact, as the boldface should make obvious.
My point is that you should specify the wildcard in the filter string, not as an argument. See http://download.oracle.com/javase/6/docs/api/javax/naming/directory/DirContext.html#search(javax.naming.Name,%20java.lang.String, java.lang.Object[],%20javax.naming.directory.SearchControls). (The forum will break that link too.) The argument asterisk is being escaped in accordance with what it says there. Or maybe you can escape it yourself as an argument as \0x2a. -
Expert pls help: Sun IDM with ldap active sync
Hi all,
Currently i am configuring Sun IDM 6.0 SP1 to active sync with Sun directory server. I have enabled Retro Change Log but yet i cant find my changeNumber in directory server. Could anyone show me a way (search?) to get what changeNumber directory server currently running?Check the account used by IDM to access DS can search cn=changelog branch. If he is not Directory Manager, you probably need to set an ACI on that branch.
HTH -
LDAP error 53002 (LDAP search failre operations error)
Good day all,
When implementing LDAP authentication, I've received this error while configuring LDAP authentication. Here's how it happens:
A) I created LDAP servers in security settings - they test successfully with the settings that I put in ("LDAP server connected successfully")
B) Then I created a variable USER (with blank default initialization and LDAP variable user - (which I created in advanced LDAP server's settings) and Initialization Block - Authentication - after that I wasn't able to successfully test it - I would get the 53002 error.
C) If I check "Use bind parameters" box - I get 53002 error with "Bad Search Filter" message
Can anyone please advice me on which steps i could take to troubleshoot?
Thank youAre you using OID or MSAD? If OID, check my blog entries here
http://oraclebizint.wordpress.com/2007/10/10/oracle-bi-ee-101332-using-ldapoid-authentication/
http://oraclebizint.wordpress.com/2007/10/12/oracle-bi-ee-101332-and-oid-user-and-group-phase-2/
I think your variable for the LDAP user is not correct.
Thanks,
Venkat
http://oraclebizint.wordpress.com -
cm:search is not returning any result when logical operator '!' is used.
<cm:search is not returning any result when logical operator '!' is used.
I am using BEA 9.1 content management services API. When I run the following query I am not receiving any results. Also no error or exceptions are seen in the weblogic or cmspi log.
The query is <cm:search id="docs" query="!(object_name like 'Sport*')" />HI cam
Thanks for your reply, but i found the problem it was because my server administrator password has changed by network guys... and because of it crawler unable to access the content
I wrote my solution here i hope it will help other people
http://bvs-sharepoint.blogspot.com/2015/03/sharepoint-search-is-not-returning.html
RB -
Managing LDAP groups and roles through SUN IDM
Hi Guys,
We have a requirement to build the following functionality in our Sun IDM tool.
1. Ability to create/manage Static LDAP group.
2. Ability to create/manage filtered LDAP group.
3. Ability to create/manage Static LDAP roles.
4. Ability to create/manage filtered LDAP roles.
Can anyone let us know any pointers as to how to accomplish this or any ideas for the path to follow for this.
Any reply will be appreciated.http://myidm.blogspot.com/2009/06/how-to-create-groups-in-ldap-or-active.html
-
Hi All,
Not sure if anyone encountered this issue.
I m using Sun Idm version 7.1 and sun one directory server 5.2 as corp ldap. I want to configure failover for ldap. I have setup master-master replication between ldaps. Now in idm on resource configuration page for ldap, I specified url of failover server. I brought down current ldap server and checked the connection. It shows successful because it picked failover one.
Now, after this stage I am not able to create/modify accounts on ldap (now running on failover) and its giving me the error "javax.naming.NameNotFoundException. [LDAP error code 32- No such object]"
Any suggestions, please provide.Hi
Came across this issue myself (just now) and fixed it so thought I'd comment. I appreciate this post is quite old now but this might help anyone else who has this issue.
We are using IDM 8.1 and have 2 DSEE 6.3 instances - one master and one replica. In the help description for Failover Server on the LDAP resource configuration page it says:
"List all servers in the form of "ldap://ldap.example.com:389/o=LdapFailover" which follows the standard LDAP v3 URLs described in RFC 2255. Only the host, port, and dn parts of the URL are relevant in this setting."
We originally listed our second server as above and included the "/o=LdapFailover" bit on the end and we got the same error. We removed the "/o=LdapFailover" and just left "ldap://<host>:<port>" there and it all works.
Hope this helps someone. -
Ldap search query takes more than 10 seconds
LDAP query takes more than 10 seconds to execute.
For validating the policy configured, the Acess Manager(Sun Java System Access Manager) contacts the LDAP (Sun Java System Directory Server 6.2) to get the users in a dynamic group. The time out value configured in Access Manager for LDAP searches is 10 seconds.
Issue : The ldap query takes more than 10 seconds to execute at some times .
The query is executing with less than 10 seconds in most of the cases, but it takes more than 10 seconds in some cases. The total number of users available in the ldap is less than 1500.
7 etime =1
6 etime =1
102 etime=4
51 etime=5
26 etime=6
5 etime=7
4 etime=8
From the ldap access logs we can see the following entry,some times the query takes more than 10 seconds,
[28/May/2012:14:21:26 +0200] conn=281 op=41433 msgId=853995 - SRCH base="dc=****,dc=****,dc=com" scope=2 filter="(&(&(***=true)(**=true))(objectClass=vfperson))" attrs=ALL
[28/May/2012:14:21:36 +0200] conn=281 op=41434 msgId=854001 - ABANDON targetop=41433 msgid=853995 nentries=884 etime=10
The query was aborted by the access manger after 10 seconds.
Please post your suggestions to resolve this issue .
1.How we can find out , why the query is taking more than 10 seconds ?
2.Next steps to resolve this issue .Hi Marco,
Thanks for your suggestions.
Sorry for replying late. I was out of office for few weeks.
1) Have you already tuned the caches? (entry cache, db cache, filesystem cache?)
We are using db cache and we have not done any turning for cache. The application was working fine and there was no much changes in the number of users .
2) Unfortunately we don't have direct access to the environment and we have contacted the responsible team to verify the server health during the issue .
Regarding the IO operations we can see that, load balancer is pinging the ldap sever every 15 seconds to check the status of ldap servers which yields a new connection on every hit. (on average per minute 8 connections - )
3) We using cn=dsameuser to bind the directory server. Other configuration details for ldap
LDAP Connection Pool Minimum Size: 1
LDAP Connection Pool Maximum Size:10
Maximum Results Returned from Search: 1700
Search Timeout: 10
Is the Search Timeout value configured is proper ? ( We have less than 1500 user in the ldap server).
Also is there any impact if the value Maximum Results Returned from Search = set to 1700. ( The Sun document for AM says that the ideal value for this is 1000 and if its higher than this it will impact performance.
The application was running without time out issue for last 2 years and there was no much increase in the number of users in the system. ( at the max 200 users added to the system in last 2 years.)
Thanks,
Jay -
Import netscape.ldap.* ; is it not supported in Sun one LDAP server
import netscape.ldap.*;
is the above line not supported n Sun One LDAP directory Server
if that is the case what should i do
wenever i compile my code the error tat comes up is : package netscap.ladp does not exists
need help immediately
my code is as follows
import netscape.ldap.*;
import java.util.*;
* Simple search program to experiment with filters
public class SearchFilter {
* Do a subtree search using a specified filter
* @parm args host, port, authDN, password, baseDN, filter
public static void main(String[] args) {
if (args.length != 6) {
System.out.println("Usage: java FilterSearch " + "<host> <port> " + "<authdn> <password> " + "<baseDN> <filter>");
System.out.println("Example:");
System.out.println(" java FilterSearch " + "localhost 389 " + "\"\" \"\" " + "\"o=airius.com\" " + "\"(|(cn=sam*)(cn=b*))\"");
System.exit(1);
}Couldn't you download the netscape.ldap package (iPlanet LDAP SDK) and put its jars in your app classpath?
The suggested way to replace netscape.ldap package is to use only JNDI calls, but maybe they can not fulfill all your needs.
By the way, you can get the source code for that package in Mozilla.org site.
(Note: if you are using Netscape LDAP SDK for parsing/generating ASN.1 streams including X.509 certificates, try using BouncyCastle instead of netscape.ldap.ber.stream package - I had to modify several classes from Netscape's package that is not meant to handle certificates, but LDAP streams...) -
Authentication getting failed in sun one Ldap
HI,
Any one please can assist me for sun one ldap.
My application developed(ldap related) based on lotus domino ldap server and webspere.
now we are trying to deploy the same code with Websphere and sun one ldap server at our local environment.
Iam getting the prblem of authentication fail.
please follow the logs as.
My question is what ever the code written for lotus domino is compatible with sun one ldap.Iam new to LDAP .
pls any one give the suggestions.
LDAP Interface: Performing LDAP authentication for user [NYilmaz]
17 Dec 2007 18:43:13,359 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. The username and password are transmitted in clear text form which is very insecure. Consider replacing the LDAP protocol with LDAPS (SSL).
17 Dec 2007 18:43:13,359 [DEBUG] NABLDAP: Establishing a new authenticating connection to [ldap://gpat.bsdev.com]
17 Dec 2007 18:43:13,375 [INFO ] NABLDAP: Failed to authenticate with the remote server on [ldap://gpat.bsdev.com] because of error '[LDAP: error code 34 - Invalid DN]'
17 Dec 2007 18:43:13,375 [WARN ] LDAP Interface: Unsuccessful authentication attempt for user [NYilmaz]
17 Dec 2007 18:43:13,375 [DEBUG] LDAP Interface: Writing the value {javax.naming.InvalidNameException:[LDAP: error code 34 - Invalid DN]} to General[1].OnionErrorMessage
17 Dec 2007 18:43:13,390 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. Consider replacing the LDAP protocol with LDAPS (SSL).
17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Establishing a new anonymous connection to [ldap://gpat.bsdev.com]
17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Connection established.
17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Searching remote LDAP directory using the filter of [(&(objectclass=person)(&(cn=NYilmaz)))]Hello Vinay,
when configuring multiple Ldap directories, There are a number of prerequisities that you need to
consider.
For example, One prerequisite for Multi domains is that logon IDs must be unique across mutliple LDAP datasources. This will cause issue if duplicate IDs exist.
Please see the following Documentation and notes for more information on this.
Examples of Data Source Configuration Files - Identity Management - SAP Library
Example: Configuration of Multiple LDAP Data Sources - Identity Management - SAP Library
1618342 - Multiple LDAP Datasources - Active Directories where logon IDs
are not unique
762419 - Multi-Domain Logon Using Microsoft Active Directory
Please have a look at the above notes which documet this and also tells
you what to do in these situations.
Regards,
David -
Logical Operator list to end users
Hi,
Is there any way that we can provide Logical operator also in the filter/prompt, for the end user in WebI on top of a SAP BW universe?
Ex: User has to select a logical operator(like <,<=,>,>=,= etc) and value for a 'Net Due Date' filter
Tried searching the forum, but did not get the proper work around.
Thank you in advance.
---Veeraare you talking about adding filters in webi reports?
i think its easy,
just in the query itself you can add filter and make it as prompt.
but you have to select the operator, case this is something you have to do into the query itself.
users can not do this when they are running the report.
but there is another option which is "Quick Filter" in there users can add quick filters and select operators as they like.
good luck -
Logical Operator list t oend users
Hi,
Is there any way that we can provide Logical operator also in the filter/prompt, for the end user in WebI on top of a SAP BW universe?
Ex: User has to select a logical operator(like <,<=,>,>=,= etc) and value for a 'Net Due Date' filter
Tried searching the forum, but did not get the proper work around.
Thank you in advance.
---VeeraHi,
Yes it is possible.
Here is a sample based on @CALYEAR characteristic
<FILTER KEY="@Select(Calendar Year\L01 Calendar Year).[TECH_NAME]">
<CONDITION OPERATORCONDITION="@Prompt('Select operator','A:A',{'Equal':'Equal','Not Equal':'NotEqual','Greater':'Greater','Less':'Less','Greater or Equal':'GreaterOrEqual','Less or Equal':'LessOrEqual'},mono,primary_key,persistent,{'Equal':'Equal'})">
<CONSTANT TECH_NAME="@Prompt('Select year','A','Calendar Year\L01 Calendar Year',Mono,Primary_Key,Persistent)"></CONSTANT>
</CONDITION></FILTER>
Here is the prompt definition you have to create instead of a static value for the OPERATORCONDITION:
@Prompt('Select operator','A:A',{'Equal':'Equal','Not Equal':'NotEqual','Greater':'Greater','Less':'Less','Greater or Equal':'GreaterOrEqual','Less or Equal':'LessOrEqual'},mono,primary_key,persistent,{'Equal':'Equal'})
Regards
Didier
Maybe you are looking for
-
I can't log-in to Premiere Pro & keep getting stuck in an Adobe Application Manager sign-in loop
I am currently unable to load Adobe Premiere Pro or After Effects. When I click to open them the Adobe Application Manager opens up, asks me to sign-in (which I do) and then it tries to open PP (the PP icon on my Mac bounces up and down) but then it
-
Document wont print on wireless or wired
I have a HP Photosmart6520 e-All-in-One. I have had it for about 6 months with no problems until today I am trying to print a document and it wont print. I tried it both ways from my Dell laptop, wireless and wired this document will not print. So I
-
How to revert back the changes that are moved to Production
Hi all, We have done changes to my DC.We moved the activity into production.We need to revert back the changes in all the systems. Is there any procedure to acheive this? Thanks and Regards, Rajesh.A
-
What happens when I press 'erase iphone' in the icloud?
If I lose my phone and erase it on the icloud via find my iphone, does that erase everything including photos, contacts and facebook? and what does the lost mode do? thanks
-
[SOLVED] AMD/ATI Catalyst 11.4 and version issue
i installed catalyst 11.4 from aur pkgbuild... also before i had catalyst 11.2 ! now when i check catalyst version from ATI control center i see 11.2 but with pacman -Qi catalyst command i have catalyst 11.4-1 ! which one is correct ? how can i have