SUN One LDAP Retrieving Dynamic group
Hi, I would like to know how can I retrieve the groups a user belongs to, if the groups are of dynamic type.
can I use the attribute memberOf?
//Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,*null*);
//Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter = "(&(objectClass=user)(CN=Andrew Anderson))";
//Specify the Base for the search
String searchBase = "DC=antipodes,DC=com";
//initialize counter to total the group members
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={"*memberOf*"};
searchCtls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
Hello Vinay,
when configuring multiple Ldap directories, There are a number of prerequisities that you need to
consider.
For example, One prerequisite for Multi domains is that logon IDs must be unique across mutliple LDAP datasources. This will cause issue if duplicate IDs exist.
Please see the following Documentation and notes for more information on this.
Examples of Data Source Configuration Files - Identity Management - SAP Library
Example: Configuration of Multiple LDAP Data Sources - Identity Management - SAP Library
1618342 - Multiple LDAP Datasources - Active Directories where logon IDs
are not unique
762419 - Multi-Domain Logon Using Microsoft Active Directory
Please have a look at the above notes which documet this and also tells
you what to do in these situations.
Regards,
David
Similar Messages
-
Import netscape.ldap.* ; is it not supported in Sun one LDAP server
import netscape.ldap.*;
is the above line not supported n Sun One LDAP directory Server
if that is the case what should i do
wenever i compile my code the error tat comes up is : package netscap.ladp does not exists
need help immediately
my code is as follows
import netscape.ldap.*;
import java.util.*;
* Simple search program to experiment with filters
public class SearchFilter {
* Do a subtree search using a specified filter
* @parm args host, port, authDN, password, baseDN, filter
public static void main(String[] args) {
if (args.length != 6) {
System.out.println("Usage: java FilterSearch " + "<host> <port> " + "<authdn> <password> " + "<baseDN> <filter>");
System.out.println("Example:");
System.out.println(" java FilterSearch " + "localhost 389 " + "\"\" \"\" " + "\"o=airius.com\" " + "\"(|(cn=sam*)(cn=b*))\"");
System.exit(1);
}Couldn't you download the netscape.ldap package (iPlanet LDAP SDK) and put its jars in your app classpath?
The suggested way to replace netscape.ldap package is to use only JNDI calls, but maybe they can not fulfill all your needs.
By the way, you can get the source code for that package in Mozilla.org site.
(Note: if you are using Netscape LDAP SDK for parsing/generating ASN.1 streams including X.509 certificates, try using BouncyCastle instead of netscape.ldap.ber.stream package - I had to modify several classes from Netscape's package that is not meant to handle certificates, but LDAP streams...) -
Authentication getting failed in sun one Ldap
HI,
Any one please can assist me for sun one ldap.
My application developed(ldap related) based on lotus domino ldap server and webspere.
now we are trying to deploy the same code with Websphere and sun one ldap server at our local environment.
Iam getting the prblem of authentication fail.
please follow the logs as.
My question is what ever the code written for lotus domino is compatible with sun one ldap.Iam new to LDAP .
pls any one give the suggestions.
LDAP Interface: Performing LDAP authentication for user [NYilmaz]
17 Dec 2007 18:43:13,359 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. The username and password are transmitted in clear text form which is very insecure. Consider replacing the LDAP protocol with LDAPS (SSL).
17 Dec 2007 18:43:13,359 [DEBUG] NABLDAP: Establishing a new authenticating connection to [ldap://gpat.bsdev.com]
17 Dec 2007 18:43:13,375 [INFO ] NABLDAP: Failed to authenticate with the remote server on [ldap://gpat.bsdev.com] because of error '[LDAP: error code 34 - Invalid DN]'
17 Dec 2007 18:43:13,375 [WARN ] LDAP Interface: Unsuccessful authentication attempt for user [NYilmaz]
17 Dec 2007 18:43:13,375 [DEBUG] LDAP Interface: Writing the value {javax.naming.InvalidNameException:[LDAP: error code 34 - Invalid DN]} to General[1].OnionErrorMessage
17 Dec 2007 18:43:13,390 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. Consider replacing the LDAP protocol with LDAPS (SSL).
17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Establishing a new anonymous connection to [ldap://gpat.bsdev.com]
17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Connection established.
17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Searching remote LDAP directory using the filter of [(&(objectclass=person)(&(cn=NYilmaz)))]Hello Vinay,
when configuring multiple Ldap directories, There are a number of prerequisities that you need to
consider.
For example, One prerequisite for Multi domains is that logon IDs must be unique across mutliple LDAP datasources. This will cause issue if duplicate IDs exist.
Please see the following Documentation and notes for more information on this.
Examples of Data Source Configuration Files - Identity Management - SAP Library
Example: Configuration of Multiple LDAP Data Sources - Identity Management - SAP Library
1618342 - Multiple LDAP Datasources - Active Directories where logon IDs
are not unique
762419 - Multi-Domain Logon Using Microsoft Active Directory
Please have a look at the above notes which documet this and also tells
you what to do in these situations.
Regards,
David -
SUN ONE Ldap - Default value is not getting displayed
Hello,
I have created an attribute in slapd.user_at.conf and it is associated in slapd.user_oc.conf.
The default value for the attribute has been given in the SUN ONE Ldap. But it is not getting displayed in our application.
Can any one help me in this for this issue.
Regards,
K. Senthil KumarI assume that you are referring to a brand new field on the second step that was not on the form of the first step. If this is the case, then you should put the field in a hidden block of the first steps form. Default values and Auto-population from shells/single record BPs only occur of the create step, even if they are not used on that step. As long as you put them on the create step (even in a hidden block) they should initialize.
-
Online Availability of Sun ONE Application Server User Groups
The Sun ONE Application Server User Group community is now available online at
http://developer.iplanet.com/usergroups/appserverhome.jsp
Sanjayfrom the standard download pages (on www.sun.com, simply select download...)
then you end up here:
http://www.sun.com/download/products.xml?id=42ae317c
but why would you want 7.0 ?? thats getting old now. You really should be looking at the very least at 7.1; and better yet at 8.1
cheers
Tom -
Identity Service LDAP with dynamic grouping
Hi all,
We are developing an enterprise application with oc4j and bpel.
First we managed to handle user management with XML based JAZN tool.
After that,we managed to connect identity service with iPlanet LDAP server and get users and roles(with static groups defined.)
But our client wanted static and dynamic groups together in their LDAP server,because of the complexity of their current user base.
When we try this,we cannot get the roles that are assigned with dynamic groups.But we can get the roles that are statically defined.
We check the roles from the worklist application (integration/worklistapp... thing..) and we se the static groups where we cannot see dynamic one's.
There is a section in is_config.xml like:
<roleControls>
<property name="nameattribute" value="cn"/>
<property name="objectclass" value="groupOfUniqueNames"/>
<property name="membershipsearchscope" value="onelevel"/>
<property name="memberattribute" value="uniquemember"/>
<search searchbase="ou=Groups,dc=dummy,dc=com,dc=tr" scope="onelevel" maxSizeLimit="1000" maxTimeLimit="120"/>
</roleControls>
I think the property uniquemember has an effect in this situation but I cannot find any sample configurations using dynamic groups in LDAP.
Hope somebody has already done that..I find a solution here:
http://download.oracle.com/docs/cd/E15523_01/integration.1111/e10226/hwf_config.htm
I am currently using weblogic's defaultAuthentication to test BPM 11g.
I do not know if this approach works in production environment. -
Problem instaliing sun one LDAP server on windows server 2008 r2
Hi all ,
I am trying to install Ldap server (Sun ONE Directory Server) on windows server 2008
I am using apache-tomcat-7.0.28 and java jdk1.7.0_05
I am following this manual for installing :
https://blogs.oracle.com/marginNotes/entry/installing_directory_server_enterprise_edition1
I have a problem with the cacao agent and how to install it .
I've got this error message :
c:\Program Files\Sun\dsee7\bin>dsccsetup cacao-reg
Configuring Cacao...
## Failed to run "c:/Program Files/Sun/dsee7/ext/cacao_2/bin/cacaoadm.bat" set-
aram "jdmk-home=c:/Program Files/Sun/dsee7/lib/private"
#### Cannot create service for instance: [cacao.instance.name].
#### Cannot perform firstime inialisation and configuration.
## Exit code is 1
Failed to configure Cacao.
I stuck and with no other solutions . I hope if you could to help with this issue .
i will glad to know if there is any other ways to install this specific Ldap server ,
Thanks,
AlonYou most likely skipped the step of starting the installed server prior to trying to access admin URL. Please check this document:
http://docs.sun.com/source/817-1830-10/win.html
Relevant section is:
You can start the Administration Server in either of the following ways:
# Select Start Menu -> Programs -> Sun ONE Web Server, and choose Start Web Server Administration Server.
# From the Control Panel�s Services item.
HTH... -
LDAP- large dynamic groups - performance
A dynamic group is to a static group what a view is to a table
A group is to its members what a table or view is to its records.
When the memebrs of a dynamic group is very large are there any performance problems or is that eliminatable by some indexing means?Just an FYI ...
I found out from iPlanet that this is a bug in SP3 and will be fixed in SP4.
In the meantime, you can call tech support and get a patch.
Matt
"Matt Raible" <[email protected]> wrote in message
news:9nldgs$[email protected]..
I discovered today that the dynamic group does not seem to work for
form-based authentication with iPlanet App Server. I have a group,
Employees, in my LDAP server, and it has a dynamic group configured as
ldap:///o=douglas.co.us??sub?dcRoles=ttEmployee, where each user has a
custom attribute, dcRoles. I can test this dynamic group and expectedusers
are found.
However, I cannot authenticate with a user in this group when "Employees"is
my configured role to authenticate with.
If I open the group Employees in my LDAP Server, and under the Members,
Static Group tab - I add a user, I can authenticate with them.
I also tried adding "ttEmployee" as well as "Employee" to my deployment
descriptors - but no luck. The method of adding a user (above) is the only
way I found to work.
Can someone shed some light on this?
Thanks,
Matt -
Default Value is not getting displayed in SUN ONE Ldap
Hello,
I have created an attribute in slapd.user_at.conf and it is associated in slapd.user_oc.conf.
The attribute default value is given through SUN ONE Console. But, In our application the default value is not getting displayed.
We need the default value to run our applicatin. Can anyone help me for this issue
Regards,
K. Senthil KumarHi anandkumar,
I belive this issue can be resolved by changing the Query proprties for the perticular field.
Kindly check the Field proerties in query designer and ensure that Text is enabled ather than Key.
__Field property check up:__Go to query designer->click onn the field-> Right hand side in properties click on display tab-> select Text in drop down menu of Display as tab.
FURTHER CHECK UP: check the master data avaiulability for the perticular info object, if masterdata is not available, do the text data for txt data availability in report level.
Hope this helps you!!
Best Regards,
Maruthi -
PasswordMustChange Attribute missing on Sun One LDAP 5.2.4
Hi,
I've install DS 5.2.4 build 2005.230.0301 on NT and set up the system to act as a directory server for my java application.
everything works fine except that no controls are ever return via
LDAPControl[] controls = ld.getResponseControls();
I have resort to using attributes to detect certain password Attribute like time to expiry .
One of the issue is that I need to know when the user is loggin in for the first time after reset. passwordMustChange checkbox is check in password policy (but after the IDs have been created)
Since no controls are return, I was looking for passwordMustChange attribute but could not find it in the ID entries.
Can anyone tell me how to get the passwordMustChange attrinbute created in each of the user entry?
Or better still, what I am doing wrong.
thanks
HansThe issue is fixed. Damned productregistry was found in /var/adm/sw.
-
Java programming guide for Sun ONE
Where can I find the "Sun ONE LDAP SDK for Java Programming Guide" for version 5.2. ?
I have the programming guide for Netscape Directory SDK 4.0 for Java. Will that do?
Thanks for your help.
[email protected]this to also create and manage the LDAP groups. We
are using the Sun ONE 5.2 LDAP directory server. Are
there significant advantages to using JNDI over the
SunONE directory SDK, or vice versa?JNDI (bundled with J2SE) in combination with the Booster Pack release version 1.0, provides API support for accessing both static and dynamic Groups. It also provides API support for the new extensions and controls that are made available in Sun ONE DS 5.2.
The Booster Pack can be downloaded from:
http://java.sun.com/products/jndi/
You can also check the LDAP trail of the JNDI Tutorial that contains detailed descriptions and examples of how to use JNDI . It is available at:
http://java.sun.com/products/jndi/tutorial/ldap/index.html -
Configuring more than one LDAP as data source
Hi Portal Gurus,
We have requiremnt to configure MS ADS LDAP-> DEEP HIERARCHY & Sun one LDAP->FLAT HIERRARCHY as PORTAL Datra Source.we have already configured MS ADS LDAP.
for merging these 2 LDAPS as a data source can anybody having experiece ...
we tried to configure with the below server parameters for 2nd lDAP merging as per below reference
Configuration of More Than One LDAP Data Source"http://help.sap.com/saphelp_nw04/helpdata/en/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm".But
we could not suceeded.
Server parameters:
Server: xxxx:23xx
LDAP Search root: dv=hub, o=vds
Connection ID: cn=Directory Manager
password: xxxxx
we dont have user path or group path for the above 2nd LDAP.
anybody can help in this ..
Regards
TagTag,
It sounds like this issue might be releated to the fact that your second LDAP connection is to SUN One. Maybe one of these links will help
http://help.sap.com/saphelp_erp2005vp/helpdata/en/aa/8f10f1e2bae346bef2853aa0f88f4c/frameset.htm
or
http://help.sap.com/saphelp_erp2005vp/helpdata/en/43/4c3725aeaf30b4e10000000a11466f/frameset.htm
Regards,
Keith
Message was edited by: Keith Crossett -
How to retrieve members of ldap dynamic groups?
Hi,
Can any one provide me the java-code snippet for listing the members(users) of a LDAP-dynamic group?
Regards.How is this different from [your previous question|http://forums.sun.com/thread.jspa?threadID=5434523&messageID=10965220#10965220]? If it is the same queston, then please stay in the same thread.
-
How do i query a sun one server for a member of a group
Hi Folks
I would like to know if any one know how to query a sun one directory server to list all members of the group.
currenty i have this
LDAP://SERVERNAME.test.com:5221/ou=people,dc=testrelsec,dc=com>;(&(objectclass = person)& adsPath;subTree"
this query gives me all users in the directory ,
Now I have created a static group called GROUPONE using sunone console GUI and made 2 people member of that group
I need the ldap query which can list the members of GROUPONE
thanks
g4hbk
thanks in advance
g4hbkhttps://www.redhat.com/archives/fedora-directory-users/2005-September/msg00010.html
Useful script to extract LDAP based user posixGroup memberships information
===
Assuming you are using posixGroup objectclass and memberUid attribute to
store your membership information, you may find my shell script useful
and handy.
It works on Solaris LDAP Client with "ldapaddent" and "ldaplist"
commands, and works against FDS, SUN DS or OpenLDAP.
===
Gary -
Hi,
I have been trying to do some coding around - fetching members of dynamic ldap groups. In both these code snippets.. I get the same exception:
java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtx
no matter whatever i tried. Can anyone please - let me know what could be causing this exception.
Regards.
String filter = LDAPRealm.DYNAMIC_GROUP_FILTER;
String[] targets = new String[] { target, "memberUrl" };
try {
SearchControls ctls = new SearchControls();
ctls.setReturningAttributes(targets);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctls.setReturningObjFlag(true);
NamingEnumeration e = context.search(baseDN, filter, ctls);
while(e.hasMore()) {
SearchResult res = (SearchResult)e.next();
Object searchedObject = res.getObject();
//if(searchedObject instanceof com.sun.jndi.ldap.obj.GroupOfURLs){ // dynamic group
com.sun.jndi.ldap.obj.GroupOfURLs gurls = (com.sun.jndi.ldap.obj.GroupOfURLs) searchedObject;
Principal x500principal = new X500Principal(userDN);
if (gurls.isMember(x500principal)) {
and
java.security.acl.Group obj = (java.security.acl.Group)ctx.lookup(groupDN);
Enumeration members = obj.members();
Principal member = null;
while (members.hasMoreElements()) {
member = (Principal)members.nextElement();
memberDNs.add(member.getName());
}How is this different from [your previous question|http://forums.sun.com/thread.jspa?threadID=5434523&messageID=10965220#10965220]? If it is the same queston, then please stay in the same thread.
Maybe you are looking for
-
What's the difference between BB10 London and Liverpool?
What is the difference between BlackBerry London and BlackBerry Liverpool? I'm having a hard time with this. Thanks! Solved! Go to Solution.
-
Table Maintenance Generator : Editable Entry after validation fails
Hi, I have created a Z table and a table maintenance generator to maintain the data. I have to carry out certain validations when user enters data on Key and Non- key fields. This is working fine, but the issue is with the key fields. If validation f
-
I tried to use javax.faces.context.FacesContext calss in my application but JDeveloper 10.1.3.2 can not find this class ( the same problem also in 10.1.3) I checked the jar file of this library (jsf-api.jar ), it is in folder [jsf-ri] in Jdev home wh
-
Can Apple tv talk to airport express??
Hi, Wondering if the ATV can talk to airport express. Might be nice to stream the movie audio to the AE. Any Ideas??
-
Wsdl problem - why do i need to name output vars?
I have a web service that is working (WSDL: http://getanagram.com/wsdevel.wsdl). I can access it from ColdFusion but not in the standard way. See below for examples. The problem is that I don't want to specify the output variables up front inside the