Teststand api Creating/deleting Users

Similar Messages

• Does OAM IdentityXML API supports deleting users in LDAP?

  We have evaluated OAM IdentityXML WebServices for creating and managing user and group records in LDAP. One of our requirement is to be able to delete any user record and reuse the username for creating another user record.
  Hence, we are looking for an IdentityXML function for deleting a user record from the identity store. We have seen the "canIDeleteUser" webservice, and hence assume that there should be an API to delete the user as well.
  Also, we can not use the "workflowDeactivateUserSave" as our testcase is to delete and reuse the username.

  Yes. You can do this. Proceed on the path with the workflowDeactivateUserSave approach - just build the workflow to perform a 'delete' rather than a 'disable' step (usually the second step to achieve what you describe).
  Do you have the workflow working that performs the delete?
  As with all IDXML - get things working in the UI style0 first - then move to your IDXML development.
  Hope that helps,
  Mark

• Not able to create, deleted user again in OIM

  Hi,
  As part of our porcess we susped the user on the next day of his/her last working day. And after 20 days we are deleting that user from OIM.
  Now the deleted user again re-hire into the organization. So we need to re-create the user in OIM.
  But we are unable to create the user in OIM 11g. And it is showing error as "user already exist".
  Then we found there is an entry for this user in OIM repository as usr_status as deleted. And also we are not able to see this user in the OIM admin console even there is an entry in repository.
  Please help us how to solve this issue in creating the identity in OIM.
  Thanks in advance
  Siva

  If you want to re-create a deleted user with the same user id then you need to set the re-use id property to true and also drop the unique key contraint from the USR table.
  Ref: Re: Steps for re-using the same user id of a deleted user in OIM 11g ?
  -Bikash

• MPR for helpdesk to create / delete users with authZ

  Hi everybody,
  I'm facing a strange situation with two MPRs. I'm setting up 6 policies for the IT helpdesk to manage users with and without authZ workflows in place, and so far I managed the grant really granular rights depending on the target and modified attributes.
  Today I wanted to create my last 2 simple policies for the create resource and delete resource operations, having:
  - Policy disabled unchecked
  - IT Helpdesk as requestor
  - Grants permission unchecked
  - Create / delete resource checked
  - All Active People for create / All Non-Administrators for delete as target resources, All attributes selected.
  - The 2 authZ workflows checked; they are the same as for 2 other policies
  When a helpdesk user is creating/deleting a user trough the portal it gets an Access Denied error on submit, when I search the request as admin I see the create/ delete policies are the only ones applied. When I check the Grants permission the user is created/deleted
  without authZ, but this is not what I want.
  Does anyone has an clue why the workflows are not triggered in these 2 cases, and why are they fired in the other two?
  Thanks for helping me out.
  Cristian

  Even though this post is old I think it worthwhile to answer for others. Hopefully, Christian has already found his solution.
  A key to troubleshooting these issues is to go to "Search Requests" and look at the request and see what MPR's were applied. Then look to see if the workflows started requests.
  Request Processing
  http://msdn.microsoft.com/en-us/library/windows/desktop/ee652475(v=vs.100).aspx
  David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

• Cannot create additional user in Essbase Adminstration Services

  I have created the admin user in Admin Services but cannot create any additional users; the option to "create user" is grayed out. It doesn't allow me to use the wizard as well. Can anybody tell me what the problem is and how to resolve it.

  First if you have created the Admin user when you first installed Hyperion, you can't create another user Admin user on the same server. Second, if you created the Admin user without supervisor or create/delete users privileges you can't create other users if you logged in with this user. You mentioned the create/delete is grayed out that means you don't have privileges to create or delete a user if you logged in with that user.
  Also, you may have a problem with your EAS, so try using MaxL or ESSCMD to create users and assign them to groups, check the Tech reference for more details:
  create user Guest identified by 'password' member of group Visitors;

• Active Directory User which can Create a User but not Allowed to Enable Disabled Users

  Hi Guys, we have a requirement to create a User Group in Active Directory which will grant its members permission to 'Create Users' but not be allowed to 'Enable' 'Disabled Users'.
  We have tried delegating control and assigning permissions by going to 'Security Tab>Advanced'.
  It seems like when a group is granted permission to create users, it will also be allowed to enable, disabled users.
  Kindly advise if it is possible to create a user group with permissions to 'Create Users' but not be allowed to 'Enable', 'Disabled Users'.

  Hi,
  According to my experience, you can assign permission with create/delete user objects. If you want to disable/enbale
  a user, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority.
  In general, if you just give a user group the permission to create user objects, it cannot disable or enable user accounts. Please make sure that the permission you assigned is correct and the
  user group are not the member of Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory.
  Best regards,
  Susie

• Creating and deleting users using AM Client SDK

  Hi,
  I was wondering if anyone could tell me how to create and/or delete users from Access Manager from a standalone application using the AM Client SDK? From what I have read this can be done using the AMStoreConnection class but I can't find any examples on how to use this class to add and delete users. The only examples I have found is how to retrieve data from AM. I need to keep AM and the underlying directory server in sync with another identity datastore so I need to build a process in Java to do this. Any help is appreciated.
  Thanks
  -Jeff

  Lets assume we have a HR system and the user has got deleted in the system, the HR system drop a CSV file to a specified location with the details of the user to be deleted from the IDM system . Now the CSV GTC connector would need to read the record and delete the user .
  This can be done , I have done this using API calls , but i assume that there would be someway of doing this using the OOB GTC .I think we need to set the correct value for the status field to do this ..
  I am not sure what status to set.

• I use migrate assistant to move files from my old pc to the new Mac , but it creates the user account. How can i delete the unwanted user account.

  i use migrate assistant to move files from my old pc to the new Mac , but it creates the user account. How can i delete the unwanted user account.

  Welcome to Apple Support Communities
  That's the classic behaviour after using Migration Assistant and that's normal.
  To transfer the data from the new user account to your old user account, you can follow some steps. Here is all the information you need to do this > https://discussions.apple.com/docs/DOC-5472

• How to create a user in Opensso Identity Service Webservices api?

  Hi All,
  I am getting struck with the creation of user in OpenSSO through the webservices api they are providing.
  I used the following wsdl link to create the API's. http://localhost:8080/opensso/identityservices?WSDL
  Now my requirement is, i have to create a user profile through the program which has the api create(identity,admin) created by the WSDL link.
  Here identity is the com.sun.idsvcs.IdentityDetails and admin is the com.sun.idsvcs.Token. I want to append givenName,cn,sn,userPassword in that. But dont have any idea how to given these details in IdentityDetails. If anyone give any sample solution i can follow.
  Any Help Greatly Appreciated.
  Thanks in Advance.
  With Regards,
  Nithya.

  Hey, I've managed to implement OpenSSO user registration through SOAP.
  My code is:
  package ru.vostrets.service.implementation.helper.opensso;
  import ru.vostrets.model.person.Person;
  import org.springframework.beans.factory.annotation.Autowired;
  import org.springframework.stereotype.Service;
  import ru.vostrets.dao.PropertiesDao;
  import ru.vostrets.exception.FatalError;
  import com.sun.identity.idsvcs.opensso.*;
  import java.util.HashMap;
  import java.util.Map;
  import org.slf4j.LoggerFactory;
  import org.slf4j.Logger;
  import ru.vostrets.exception.ConfigurationError;
  * @author Kuchumov Nikolay
  * email: [email protected]
  @Service
  public class OpenSsoPersonServiceHelper
       private enum AttributeName
            USER_NAME("uid"),
            PASS_WORD("userpassword"),
            GIVEN_NAME("givenname"),
            FAMILY_NAME("sn"),
            FULL_NAME("cn"),
            EMAIL("mail");
            private final String name;
            AttributeName(String name)
                 this.name = name;
            public String getName()
                 return name;
       private static final Logger LOG = LoggerFactory.getLogger(OpenSsoPersonServiceHelper.class);
       private PropertiesDao propertiesDao;
       public void create(Person person)
            try
                 IdentityServicesImplService service = new IdentityServicesImplService();
                 IdentityServicesImpl servicePort = service.getIdentityServicesImplPort();
                 java.util.List<java.lang.String> attributeNames = null;
                 Token subject = new Token();
                 subject.setId(request.getParameter("token"));
                 UserDetails results = servicePort.attributes(attributeNames, subject);
                 for (Attribute attribute : results.getAttributes())
                      LOG.info("************ Attribute: Name = " + attribute.getName() + ", Values = " + attribute.getValues());
                 LOG.info("Roles = " + results.getRoles());
                 IdentityDetails identity = newIdentity
                           person.getCredentials().getUserName(),
                           getAttributes(person)
                  * Creates an identity object with the specified attributes.
                  * @param admin Token identifying the administrator to be used to authorize
                  * the request.
                  * @param identity object containing the attributes of the object
                  * to be created.
                  * @throws NeedMoreCredentials when more credentials are required for
                  * authorization.
                  * @throws DuplicateObject if an object matching the name, type and
                  * realm already exists.
                  * @throws TokenExpired when subject's token has expired.
                  * @throws GeneralFailure on other errors.
                 servicePort.create
                           identity,
                           authenticateAdministrator()
            catch (DuplicateObject_Exception exception)
                 throw new UserAlreadyExistsError();
            catch (Exception exception)
                 //GeneralFailure_Exception
                 //NeedMoreCredentials_Exception
                 //TokenExpired_Exception
                 throw new FatalError(exception);
       private Token authenticateAdministrator()
            try
                 IdentityServicesImplService service = new IdentityServicesImplService();
                 IdentityServicesImpl servicePort = service.getIdentityServicesImplPort();
                 if (propertiesDao.get().getAuthentication().getOpenSso().getAdministrator().getUserName() == null
                           || propertiesDao.get().getAuthentication().getOpenSso().getAdministrator().getPassWord() == null)
                      throw new ConfigurationError("OpenSSO administration properties not initialized");
                  * Attempt to authenticate using simple user/password credentials.
                  * @param username Subject's user name.
                  * @param password Subject's password
                  * @param uri Subject's context such as module, organization, etc.
                  * @return Subject's token if authenticated.
                  * @throws UserNotFound if user not found.
                  * @throws InvalidPassword if password is invalid.
                  * @throws NeedMoreCredentials if additional credentials are needed for
                  * authentication.
                  * @throws InvalidCredentials if credentials are invalid.
                  * @throws GeneralFailure on other errors.
                 Token token = servicePort.authenticate
                           propertiesDao.get().getAuthentication().getOpenSso().getAdministrator().getUserName(),
                           propertiesDao.get().getAuthentication().getOpenSso().getAdministrator().getPassWord(),
                 LOG.info("******************************** Admin token: " + token.getId());
                 return token;
            catch (Exception exception)
                 throw new FatalError(exception);
            com.sun.identity.idsvcs.opensso.IdentityServicesImplService service = new com.sun.identity.idsvcs.opensso.IdentityServicesImplService();
            QName portQName = new QName("http://opensso.idsvcs.identity.sun.com/" , "IdentityServicesImplPort");
            String request = "<authenticate  xmlns=\"http://opensso.idsvcs.identity.sun.com/\"><username>ENTER VALUE</username><password>ENTER VALUE</password><uri>ENTER VALUE</uri></authenticate>";
            try
                 // Call Web Service Operation
                 Dispatch<Source> sourceDispatch = null;
                 sourceDispatch = service.createDispatch(portQName, Source.class, Service.Mode.PAYLOAD);
                 Source result = sourceDispatch.invoke(new StreamSource(new StringReader(request)));
            catch (Exception exception)
                 // TODO handle custom exceptions here
       private Attribute newAttribute(AttributeName name, Object value)
            Attribute attribute = new Attribute();
            attribute.setName(name.getName());
            attribute.getValues().add(value.toString());
            return attribute;
       private Map<AttributeName, Object> fillAttributes(Map<AttributeName, Object> attributes, Person person)
            attributes.put(AttributeName.USER_NAME, person.getCredentials().getUserName());
            attributes.put(AttributeName.PASS_WORD, person.getCredentials().getPassWord());
            attributes.put(AttributeName.GIVEN_NAME, person.getPersonal().getGivenName());
            attributes.put(AttributeName.FAMILY_NAME, person.getPersonal().getFamilyName());
            attributes.put(AttributeName.FULL_NAME, person);
            attributes.put(AttributeName.EMAIL, person.getContacts().getEmail());
            return attributes;
       private Map<AttributeName, Object> getAttributes(Person person)
            return fillAttributes(new HashMap<AttributeName, Object>(), person);
       private IdentityDetails newIdentity(Object name, Map<AttributeName, Object> attributes)
            IdentityDetails identity = new IdentityDetails();
            identity.setName(name.toString());
            return fillAttributes(identity, attributes);
       private IdentityDetails fillAttributes(IdentityDetails identity, Map<AttributeName, Object> rawAttributes)
            for (Map.Entry<AttributeName, Object> rawAttribute : rawAttributes.entrySet())
                 identity.getAttributes().add(
                           newAttribute(rawAttribute.getKey(), rawAttribute.getValue()));
            return identity;
       @Autowired
       public void setPropertiesDao(PropertiesDao propertiesDao)
            this.propertiesDao = propertiesDao;
  }

• Error while creating new user via new MDM API

  Hi
  I have two questions:
  1) Is it possible to create a user in MDM via MDM4J?
  2) I am trying to create a user through new MDM API (not the MDM4J). When I execute the command CreateUserCommand, I get following error:
  com.sap.mdm.commands.CommandException: com.sap.mdm.internal.protocol.manual.ServerException: MDM repository data is out-of-date or is locked by another MDM Server. Refresh the data and try the operation again. If the error persists, contact the system administrator.
       at com.sap.mdm.security.commands.CreateUserCommand.execute(CreateUserCommand.java:93)
       at demo.dm.GetRoleList.main(GetRoleList.java:206)
  Here is the code that I execute:
            CreateUserCommand createusercommand =
                 new CreateUserCommand(connections);
            createusercommand.setSession(repsessionId);
            UserProperties userpp = new UserProperties();
            userpp.setName("Vijendra");
            //userpp.setRoleIds(roleids);
            createusercommand.setUser(userpp);
            //createusercommand.setInChangeStamp(-1);
            //System.out.println(createusercommand.getOutChangeStamp());
            try {
                 createusercommand.execute();
            } catch (CommandException e) {
                 e.printStackTrace();
                 return;
  Thanks
  Vijendra
  Edited by: Vijendra Bhanot on Feb 22, 2008 6:42 PM
  Edited by: Vijendra Bhanot on Feb 22, 2008 6:49 PM

  Hi
  I am also getting same exception.
  com.sap.mdm.internal.protocol.manual.ServerException: MDM repository data is out-of-date or is locked by another MDM Server. Refresh the data and try the operation again. If the error persists, contact the system administrator.
  Please help me.
  Thanks & Regards
  Vinit

• Creating a User Table via DI API

  Hi all,
  I'm using
  SAP Business One 2004A (6.70.185) SP: 00 PL: 07
  and corresponding SAP Business One DI API 2004
  I want to create a user table.
  I try to create it this way:
  I have two functions
  First function to create the table
  Private Function AP_AddOn_CreateTable() As Boolean
     AP_AddOn_CreateTable = True
     Dim oUDT As SAPbobsCOM.UserTablesMD
     Dim sErrMsg As String
     Dim iErrCode As Integer
     Dim iReturn As Integer
     oUDT = oDIComp.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oUserTables)
     oUDT.TableName = "AP_tbItemCalc"
     oUDT.TableDescription = "ItemCalculation"
     iReturn = oUDT.Add
     If iReturn <> 0 Then
        oDIComp.GetLastError(iErrCode, sErrMsg)
        Message…
        AP_AddOn_CreateTable = False
     End If
     oUDT = Nothing
  End Function
  This works fine
  Then I call a second function to create the user fields
  Private Function AP_AddOn_CreateFields() As Boolean
     AP_AddOn_CreateFields = False
     Dim oUDF As SAPbobsCOM.UserFieldsMD
     Dim sErrMsg As String
     Dim iErrCode As Integer
     Dim iReturn As Integer
     oUDF = oDIComp.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oUserFields)
     oUDF.TableName = "@AP_tbItemCalc"
     'Field1
     oUDF.Name = "ItemCode"
     oUDF.Description = "ItemCode"
     oUDF.Type = SAPbobsCOM.BoFieldTypes.db_Alpha
     oUDF.Size = 20
     iReturn = oUDF.Add()
     If iReturn <> 0 Then
        oDIComp.GetLastError(iErrCode, sErrMsg)
        Message…
        Exit Function
     End If
     'Field2
     oUDF.Name = "ItemName"
     oUDF.Description = "ItemName"
     oUDF.Type = SAPbobsCOM.BoFieldTypes.db_Alpha
     oUDF.Size = 100
     iReturn = oUDF.Add()
     If iReturn <> 0 Then
        oDIComp.GetLastError(iErrCode, sErrMsg)
        Message
        Exit Function
     End If
        next fields …
     AP_AddOn_CreateFields = True
  End Function
  The second function returns on adding the first field, an error, errCode -1120, errMsg ‚Ref count for this object is higher than 0’
  If i close the application after creating the table and then restart the application only executing the second function it works.
  I also tried the example as provided in ‚MetaDataOperations’ and it shows the same behaviour.
  Besides, I’m the only user on the system and no other application is running.
  Kind regards,
  Eduard

  Hi,
  See Add  userfield to usertable 1120 Error  SOLUTION
  HTH
  Ribeiro Santos

• How do I create a user, in my context in OID using the Java API

  How do I create a user, with subschema, in my context in OID using the JAVA API
  I need to be able to create new users in my OID, I was doing it in our old iPlant Directory, but I don't seem to see the same methods in the Oracle LDAP API. I figured out how to get and modify the attributes of a user, but I can't seem to figure out how to add a new one.

  Try this code , modify it accordingly
  ------- cut here -------
  import oracle.ldap.util.*;
  import oracle.ldap.util.jndi.*;
  import javax.naming.NamingException;
  import javax.naming.directory.*;
  import java.io.*;
  import java.util.*;
  public class NewUser
  final static String ldapServerName = "yourLdapServer";
  final static String ldapServerPort = "4032";
  final static String rootdn = "cn=orcladmin";
  final static String rootpass = "welcome1";
  public static void main(String argv[]) throws NamingException
  // Create the connection to the ldap server
  InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx(ldapServerName,
  ldapServerPort,
  rootdn,
  rootpass);
  // Create the subscriber object using the default subscriber
  Subscriber mysub = null;
  String [] mystr = null;
  try {
  RootOracleContext roc = new RootOracleContext(ctx);
  mysub = roc.getSubscriber(ctx, Util.IDTYPE_DN, "o=dec", mystr);
  catch (UtilException e) {
  e.printStackTrace();
  // Create ModPropertySet with user information
  ModPropertySet mps = new ModPropertySet();
  mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"cn", "Steve.Harvey");
  mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"sn", "Harvey");
  mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"uid", "SHarvey");
  mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"givenname", "Steve");
  mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"mail", "[email protected]");
  mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"userpassword", "welcome1");
  // Create the user
  User newUser = null;
  try {
  newUser = mysub.createUser(ctx, mps, true);
  System.out.println("New User DN: " + newUser.getDN(ctx));
  catch (UtilException e) {
  e.printStacktrace();
  ------- end cut --------
  Enjoy.
  Suhail

• Create a user through the API and "Prompt user to change password after next login".

  Using the Adobe Connect Interface, I can create a user and check the checkbox to "Prompt user to change password after next login".
  Can I achieve the same result using the API? The principal-update action doesn't offer such an option and, as far as I can tell, there isn't another action to do so either.
  Thank you.

  You can achieve it as part of your application functionality, but not as a configuration option on WLS.

• Can't create, delete or edit users in /LDAPv3/127.0.0.1 via WGM

  Hi guys,
  I have followed Mike Bombiches guide to 'Leveraging AD on Mac OSX.' All was fine yesterday...
  But today I cannot create, delete or edit users in the OD Directory. The New User/Group etc.. icons are greyed out... And yes I am authenticated...
  Any ideas?

  Check the logs.
  Also use dscl for authenticated reading and writing. Its error reporting might be easier to corelate. See man dscl.
  HTH
  -Ralph

• AUDIT action (create, delete, privilege escalation, set and change password from users account and group) users and admins in Solaris 10

  Hello.
  in Solaris 10 i need auditing process create, delete, privilege escalation, set and change password and etc... from users account and group.
  I set settings:
  in file syslog.conf:
  *.info;mail.none;cron.none;audit.notice            @IP-Remote-syslog-server-SIEM
  in file   /etc/security/audit_control:
  dir:/var/audit
  flags:lo,ad,ex,cc,am,no,fc,fd
  minfree:20
  naflags:lo
  plugin:name=audit_syslog.so;p_flags=lo,ad,ex,cc,am,no
  in file   /etc/security/audit_user:
  root:lo,ad:no
  Now I see in the logs only the fact of a connection via SSH and run processes on behalf of users. Creation. delete users, change passwords for some reason do not is logged.
  Many users. For each individual write permissions in the file /etc/security/audit_user not possible, it is likely to forget any new user (or there is a possibility in this file one line to describe the audits for all accounts?)
  Where is the mistake?

  You are most likely hitting Bug 15779000 user/role/groupadd/mod/del don't audit their use.
  And the fix is only available in S11.2.
  -- Renaud