Time gestion with LDAP

Similar Messages

• Automatic upload of roles from ECC to portal (UME with LDAP)

  Hi experts,
  This thread reopen the question asked on the following message : automatic upload of roles from BI to portal
  However, it concerns this time "UME with LDAP".
  Problematic :
  SAP Library 04s tells us that is not yet possible to automate role replication (or role assigment replication) from ABAP Based back-end to Netweaver Portal. Only manual process for initial upload is possible.
  Source = http://help.sap.com/saphelp_nw04s/helpdata/en/41/5e4d40ecf00272e10000000a155106/frameset.htm
  Questions :
  1 - Did anyone ever try to implement such an automatic tool ?
  2 - What if I'm not able to write on the Active Directory ? I am still able, at least, to automate role assignment replication from ABAP Based back-end to Netweaver Portal (ie. UME with LDAP) ? Directly from SAP R/3 to EP through UME, without passing through Active Directory since the group field is not maintained in AD.
  Many thanks for your inputs
  Alexis MARTIN

  Hello,
  As I did not read the previous thread I don't know what exactly you are trying to achieve, but I can tell you about what we have done - as far as it is not too late yet.
  We use the portal with integration to a BI system. In the ABAP stack we have lots of roles with menu items for hundreds of reports. We want the users to see these roles in the portal.
  First we have used the role migration tool of the portal to upload these roles. There is a Java API for executing role uploads from code. You need to create a webservice in the java stack to call this api, and can call the webservice from ABAP.
  However it is just a question of time and role size until this will not work at all. Standard role migration is more or less crap, stability is a problem. It also creates a lot of logs in the PCD and thus fills the database with trash. (After a few OSS messages there is now a program for deleting logs + you can turn of logging.) Also upload of larger roles takes up to an hour, and you alwasy have the problem that your portal roles are not up to date during the day.
  When I got completely fed up, I have implemented an own navigation connector. When you log on to the portal it will connect to the ABAP stack via RFC, load the role, and generate the portal menu from it. It uses caching, but on every logon it checks whether the role has been updated in ABAP since the last time it was loaded. It is up to date, faster then PCD navigation, and you need absoluetely no periodical synching at all. I cant even understand why this is not offered by SAP per standard!
  Drawback is that it will of course only work for the menu items, and only menu items with an "URL-type" are supported. I'm prettry sure however that it would be possible to implement a few other types as well.
  Let me know if you are interested in the solution, I can give you a few additional details: oliverDOTsvisztATwienerbergerDOTcom
  Oliver

• Real time synchronisation of sap hr employee data with LDAP

  Hi friends,
  I wanted to synchronize sap hr employee data with ldap. I have written a abap program for the same which is using ldap connector interface for creation/modification/deletion of employees. I am planning to put this as a scheduled job.
  But I want to do it  in real time i.e. when the employee is getting created/modified/deleted in sap hr, my program should receive all the values and do the changes in ldap at the same time.
  What all options do i have to do this?
  I am new to sap hr.
  Regards,
  Nilz

  Hi Nilesh
  U can take help of Standard Events in SAP.
  Go to Tcode SWELS.Then Activate Event trace.
  Go and do creation/modification/deletion for employees and Check which allevents are getting triggered in Tcode SWEL.
  This might give U an Initial idea how to go about this.
  ~BiSu

• Error in authentication with ldap server with certificate

  Hi,
  i have a problem in authentication with ldap server with certificate.
  here i am using java API to authenticate.
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
  I issued the new certificate which is having the up to 5 years valid time.
  is java will authenticate up to one year only?
  Can any body help on this issue...
  Regards
  Ranga

  sorry i am gettting ythe same error
  javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
  here when i am using the old certificate and changing the system date means i can get the authentication.
  can you tell where we can concentrate and solve the issue..
  where is the issue
  1. need to check with the ldap server only
  2. problem in java code only.
  thanks in advance

• EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

  Hello everyone,
  Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
  Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
  I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
  Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
  However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
  This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
  Here's what happens:
  1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
  2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
  3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
  4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
  5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
  Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
  http://discussions.apple.com/thread.jspa?messageID=5967023
  http://discussions.apple.com/message.jspa?messageID=5982070
  these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
  If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
  Thanks,
  Andrew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• Forte integration with LDAP

  Hi.
  Has anyone successfully integrated with LDAP using the C library from
  LDAP SDK?
  Currently I'm facing a problem when I tried to generate the C++ wrapper
  for the C library. The compiler is unable to resolved the data type of
  some data structs. This is because the definition for these structs are
  not defined in any of the include files provided. According to the LDAP
  SDK doc, this is because the fields for those data structs are not
  intended to be accessible to the clients.
  That is why in my wrapper project, I defined these struct, each has the
  property Opaque = TRUE.
  The following is the error message:
  BEGIN FILE
  Working directory is d:\forte\tmp\cg13\pc_nt\ldapsrch
  Processing BOM file: LDAPSrch.bom
  Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 11.00.7022 for
  80x86
  Copyright (C) Microsoft Corp 1984-1997. All rights reserved.
  LDAPSrch.cc
  LDAPSrch.cc(70) : error C2027: use of undefined type 'BerElement'
  LDAPSrch.cc(127) : error C2027: use of undefined type 'LDAP'
  LDAPSrch.cc(184) : error C2027: use of undefined type 'LDAPMessage'
  LDAPSrch.cc(203) : error C2733: second C linkage of overloaded function
  'ldap_init' not allowed
  LDAPSrch.cc(204) : error C2733: second C linkage of overloaded function
  'ldap_simple_bind_s' not allowed
  LDAPSrch.cc(205) : error C2733: second C linkage of overloaded function
  'ldap_perror' not allowed
  LDAPSrch.cc(206) : error C2733: second C linkage of overloaded function
  'ldap_search_s' not allowed
  LDAPSrch.cc(207) : error C2733: second C linkage of overloaded function
  'ldap_first_entry' not allowed
  LDAPSrch.cc(208) : error C2733: second C linkage of overloaded function
  'ldap_next_entry' not allowed
  LDAPSrch.cc(209) : error C2733: second C linkage of overloaded function
  'ldap_get_dn' not allowed
  LDAPSrch.cc(210) : error C2733: second C linkage of overloaded function
  'ldap_first_attribute' not allowed
  LDAPSrch.cc(211) : error C2733: second C linkage of overloaded function
  'ldap_next_attribute' not allowed
  LDAPSrch.cc(212) : error C2733: second C linkage of overloaded function
  'ldap_get_values' not allowed
  LDAPSrch.cc(213) : error C2373: 'ldap_value_free' : redefinition;
  different
  type modifiers
  LDAPSrch.cc(214) : error C2733: second C linkage of overloaded function
  'ldap_ber_free' not allowed
  LDAPSrch.cc(215) : error C2733: second C linkage of overloaded function
  'ldap_msgfree' not allowed
  LDAPSrch.cc(216) : error C2373: 'ldap_memfree' : redefinition; different
  type modifiers
  LDAPSrch.cc(217) : error C2733: second C linkage of overloaded function
  'ldap_unbind' not allowed
  cl /W3 /Gf /GX /MD /c /Ob1 /vmg /DSTRICT /DWIN32 /D__WIN32__
  /DLIBOO_DLL
  WIN32_LEAN_AND_MEAN /Id
  :\forte\install\inc\cmn /Id:\forte\install\inc\os
  /Id:\forte\install\inc\ds
  /Id:\forte\install\inc\handles /Id:\forte :\forte\LdapAPIs\include
  /FoLDAPSrch.obj /Tp LDAPSrch.cc
  So, please advise on how should I proceed.
  Thanks in advance.
  from: suen
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

  Hi Anoop,
  To adapt an SAP Workflow, you can create a configuration. In this configuration you can redefine values for steps of the workflow definition. These values are evaluated at runtime instead of the values originally defined.
  You can configure the following step types:
  Activity
  User decision
  Document from template
  Wait
  Moreover,Features
  You can set the following data individually in the step definition of the configurable step types:
  1)Responsible agents
  2)Excluded agents
  3)Message recipient for completion
  4)Priority
  5)Requested start
  6)Indicator denoting whether the step is included in the    workflow log
  7)Activation of a latest end, a latest start, or a requested end with the reaction Send mail
  This URL privides info about various workflow codes http://help.sap.com/erp2005_ehp_02/helpdata/en/9b/572614f6ca11d1952e0000e82dec10/content.htm
  Regds,
  Krutarth
  ·        Reference date/time for latest end, latest start, and requested end
  ·        Message recipient for missed deadline
  ·        Information about the work item display

• 4402 Integration with LDAP

  I need to integrate 4402 Controller with Active Directory.
  If I have two distinguished names, can I use two OU like:
  OU=HQ,OU=Branch1,DC=DC1,DC=com
  Is it OK???
  shall I use spaces between the patrs?
  Please any useful points I should consider them?

  Thank you,
  I already have the configuration guide,
  but this is the first time that I need to do the configuration between the LDAP and controller. and I did not find information about many things like:
  how to got the distinguished names?
  if I have more than one distinguished name, how I should deal with this issue?
  what about EAP configuration? Is there any recommended EAP with LDAP??

• NAC integration with LDAP

  Is possible this integration?. The idea is that the agent will do authentication with LDAP directly

  Hi Anoop,
  To adapt an SAP Workflow, you can create a configuration. In this configuration you can redefine values for steps of the workflow definition. These values are evaluated at runtime instead of the values originally defined.
  You can configure the following step types:
  Activity
  User decision
  Document from template
  Wait
  Moreover,Features
  You can set the following data individually in the step definition of the configurable step types:
  1)Responsible agents
  2)Excluded agents
  3)Message recipient for completion
  4)Priority
  5)Requested start
  6)Indicator denoting whether the step is included in the    workflow log
  7)Activation of a latest end, a latest start, or a requested end with the reaction Send mail
  This URL privides info about various workflow codes http://help.sap.com/erp2005_ehp_02/helpdata/en/9b/572614f6ca11d1952e0000e82dec10/content.htm
  Regds,
  Krutarth
  ·        Reference date/time for latest end, latest start, and requested end
  ·        Message recipient for missed deadline
  ·        Information about the work item display

• Upgrade to 3.0.8 with LDAP failure

  Has anyone managed to upgrade Portal on W2000 from 3.0.7 to 3.0.8 and use LDAP. Our site was working with LDAP before the upgrade, and now we are getting the WWC-40100 error on attempting to login. The directory is not getting the connection.
  We have re-copied the ssoxldap.dll and created the library again to no avail. We have checked that the install works when not using LDAP. Does anyone have this working, or know where we may look to find errors.
  Thanks for your time
  null

  Have you verified that the external procedure
  listener is up and running. If it is could you please enable debugging?
  null

• Untrusted server cert chain - while connecting with ldap

  Hi All,
  I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
  javax.naming.CommunicationException: hostname:636 [Root exception is ja
  vax.net.ssl.SSLException: untrusted server cert chain]
  javax.naming.CommunicationException: hostname:636. Root exception is j
  avax.net.ssl.SSLException: untrusted server cert chain
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
  275)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
  at java.io.OutputStream.write(Unknown Source)
  at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
  at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
  at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
  at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
  at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
  at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
  at javax.naming.InitialContext.init(Unknown Source)
  at javax.naming.InitialContext.<init>(Unknown Source)
  at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
  at Test2.getProxyDirContext(Test2.java:66)
  at Test2.main(Test2.java:40)
  Any help would be appreciated
  Thanks in Advance
  Somu

  This got resolved when in the code the following
  System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
  where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
  in X509 format

• How can I use my time capsule with Ethernet cable? How is it also possible to use time capsule as a normal external hard drive?

  My problem is that I don't know how to use my Time Capsule with Ethernet Cable, as when I use wireless it is really slow.

  Make sure that there is an Ethernet cable from one of the LAN <-> ports on your modem/wireless router to the WAN port on the Time Capsule
  Click on the Wireless tab at the top of the page
  Change the setting for Wireless Mode to Off (I assume that you do not want the Time Capsule to provide a wireless network since you already have a wireless network)
  Next, click the Internet icon at the top of the screen, then click the Internet Connection tab
  Connect Using = Ethernet
  Connection Sharing = Off (Bridge Mode)
  Click the Update button at the bottom and wait 30 seconds for the Time Capsule to restart and display a green light
  Then, you must power off your entire network...all devices....in any order that you want
  Wait a minute
  Start your modem/router first and let it run a minute
  Start the Time Capsule and let it run a minute
  Keep starting devices one at a time until everything is powered up
  If you are using Time Machine for backups, you will need to reset the connection because you have changed the way in which the Time Capsule connects to your network
  Open System Preferences (gear icon) on the dock
  Open Time Machine
  Click Select Disk
  Click the Time Capsule to highlight it
  Click Use for Backup or, it might be Use Disk
  Now you can connect your Mac using an Ethernet cable to one of the LAN <-> ports on the Time Capsule to back up using Ethernet. Be sure to turn off the wireless on your Mac before you start the backup.
  If you want to backup using wireless, disconnect the Ethernet cable from the Mac to the Time Capsule and turn on the wireless and connect to your wireless network. Your computer will now backup using wireless.

• How do I connect my time capsule with a Lynksis wi fi netwotk?

  How do I connect my time capsule with a Lynksis wi fi netwotk?

  You cannot extend or repeat a non-apple router in an apple router..
  You must plug it in via ethernet and then setup roaming network (or if you like a completely separate network.. makes no difference from the TC point of view). TC is in bridge mode. That is router bridge not wireless bridge.. I gave the info on the other thread you are running.. very confusing when you ask in multiple threads.

• How can I use my time capsule with windows7

  How can I use my time capsule with windows7?

  This is asked regularly.
  https://discussions.apple.com/message/10978060#10978060
  Look at the more like this. On the right column next to the post.
  Load airport utility for windows.. which will also load bonjour for windows.
  In windows explorer type \\TCname or \\TCipaddress (replacing with the actual values.. names with spaces will give you trouble so change all names in the TC to SMB compatible or actual ip address).

• How do I substract an image at the time t with an image at t-1 to detect move in a grab acquisition

  After the VI acquire in a grab acquisition, how do I substract an image at the time t with an image at t-1 to detect the movement in the scene?

  Hello,
  One way of doing that is to do a ring acquisition with two buffers. At anytime one of your buffers will be the most current frame and the other will be one before the most current. Having both buffers available at anytime in your code you can call IMAQ Subtract.
  Hope this helps!
  Yusuf C.
  Applications Engineering
  National Instruments

• Problem with LDAP in BEA Portal

  Problem with LDAP in BEA Portal
  I have a list of 50 user which should be cerated in portal staging(devlopment) machine and should be transfered to
  production machine using LDAP
  Steps which i followed to create Users
  1.Create User Profile with 2 parameters branch and Role
  2.I have list user in the Xls file with Username,password ,branch and Role
  3.Write a java File which will read the Xls File
  4.The users are created in the staging machine for the portal
  Steps which i followed in LDAP to tranfer the created User form Devlopment to Production
  1.Export the created user from Devlopment (which was moved as .DAT in my local directory)
  2.import the user from local direcory to production machine
  The Users are imported in the production machine with username and password but the role and branch values are empty
  We need a solution for importing the user with role and branch corresponding to each user.
  Thanks in Adv
  Suresh

  In Portal 8.1, user name and password in stored in LDAP where as user profile values are stored in database. That is the reason you are not able to see the user profile values.
  Check once again whether you can see these values through admin tool. In case,it is not(after confirmation again),you might have to use APIs to do this for you incase you dont want to manage through Admin Tool.
  Thanks,
  Prashanth Bhat.