Transparent logon to Oracle Portal for Win2000 users with Active Directory

Similar Messages

• Oracle Portal for LDAP Authentication using Iplanet directory server

  I have oracle portal on solaries machine and Iplanet directory server 5.1 on windows NT,
  Can i user portal user authentication Iplanet LDAP.
  Regards
  srinivas

  Yes You can. You have to provide the necessary info while running the ssoldap.sql.
  Vinodh R.

• Setting the logonHours attribute for a user in Active Directory

  Hi Anyone,
  I'm a brasilian guy and I need your help. How can I set the logonHours attribute on my Active Directory?
  I have this code but it doesn't works good:
      public void setLogonHours(boolean[] logonHoursBits){
          int i;
          int j;
          int k;
          int index21 = 0;
          int index24 = 0;
          byte[] byteLogonHour = new byte[21];
          byte byte8Hours = 0;
          for(i=0; i <= 6; i++){
              for(j=1; j <= 3; j++){
                  for(k=7; k >= 0; k--){
                      if (i < 6){
                          if (logonHoursBits[i] == (boolean)(index24 == 0) ? true : false){
                              byte8Hours += (byte)Math.pow(2,k);
                      else{
                          if (logonHoursBits[0] == (boolean)(index24 == 0) ? true : false){                           
                              byte8Hours += (byte)Math.pow(2,k);
                      index24++;
                  byteLogonHour[index21] = byte8Hours;
                  index21++;
              index24 = 0;
          try{
              String nome = "CN=Dryelle,OU=Pesquisa,DC=cifya,DC=com,DC=br";
              ctx = new InitialLdapContext(env,null);
              ModificationItem logonHours[] = new ModificationItem[1];
              logonHours[0]= new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("logonHours",byteLogonHour));
              ctx.modifyAttributes(name,logonHours);
              System.out.println("Atributo logonHours alterado com sucesso.");
          catch (NamingException e) {
             System.err.println("Problema na altera??o " + e);
      }the code set the attribute but wrong. Can anyone help-me? It's making me crazy.
  Sorry about my poor english.
  Tks.
  Edited by: th_slopes on Aug 15, 2008 5:50 PM

  DirContext ctx = new InitialDirContext(pr);
            BasicAttributes entry = new BasicAttributes(true);
            String entryDN = "cn=CharbelHad,ou=test users,dc=test,dc=dev";
            Attribute cn = new BasicAttribute("cn", "ChHad");
            Attribute street = (new BasicAttribute("streetAddress", "Ach"));
            Attribute loginPreW2k = (new BasicAttribute("sAMAccountName", "[email protected]"));
            Attribute login = (new BasicAttribute("userPrincipalName", "[email protected]"));
            Attribute sn = (new BasicAttribute("sn", "Chl"));
            Attribute pwd = new BasicAttribute("unicodePwd", "\"Ch@341\"".getBytes("UTF-8"));
  Attribute userAccountControl = new BasicAttribute("userAccountControl", "512");
            Attribute oc = new BasicAttribute("objectClass");
            oc.add("top");
            oc.add("person");
            oc.add("organizationalPerson");
            oc.add("user");
            // build the entry
            entry.put(cn);
            entry.put(street);
            entry.put(sn);
            entry.put(userAccountControl);
            entry.put(pwd);
            entry.put(login);
            entry.put(loginPreW2k);
            entry.put(oc);
            ctx.createSubcontext(entryDN, entry);

• Managed users with Active Directory?

  Hi guys
  I was wondering if any of you can help me out. I'm looking to get a OS X Server 10.4 to act as a managed user server, with all the pros of Open Directory (ie Finder restrictions etc) and user home directories on the Xserve's HD, but to authenticate through a Windows 2003 Active Directory Server.
  I have been reading a number of sites and there seams to be two ways to do it.
  1) Bind the Xserve and the client Macs to the Active Directory and then on the PC server specify the home folders as a share point on the Xserve. Ie \\Xserve\Users\Tom
  This way the Xserve is basically a file server.
  2) And I'm cutting this story short because I've only briefly read this one. But you can set the Xserve as an Open Directory master, some how import the users and then remove the directory master roll.
  I really need to be able to have the usernames and passwords live from the Windows Server due to passwords being changed every 30 days blah blah blah so I guess point 2 is out of the question.
  To be honest a yay or nay to the above would be a good start, could obviously save a lot of wasted time, but if anyone can recommend me a website or a pdf that will walk me through it.
  I've managed to get my laptop to authenticate to AD but cant get the home directories to work. Every time I log in with a user account it creates it locally on my HD. I do not have "Force local home directory" checked. I guess I need to configure LDAP to the AD server as well? I gave it a go an managed to get Address Book pulling users and emails from the AD sever. I then preformed a lookupd lookup on a user bob and found that the home directory was set to /Users/bob even though on my AD server I've set it to \\Xserve\Users\bob is this something I'm doing wrong with LDAP? If thats all it is I'll be able to get point 1 above working and it will all be good.
  I hope I've made this clear enough for someone to be able to help me.
  Thanks in advance for any help you might be able to give me.
  Tom
  1.25GHz PowerBook G4   Mac OS X (10.4.4)  

  With an OD master you could manage your clients at the group and computer list level.
  So when you setup the user's profile in AD, you mapped a network drive and provided the UNC path \\Xserver\Users\bob. You did bind the OD Master with the name Xserve? Also, by default it will use smb to connect, which you can change to afp instead in the AD plugin. smb will not create the home folder for you. You could try to create the home folder yourself in advance. (sudo createhomedir -a may do the trick)
  For troubleshooting purposes, you could create a share on the AD server and adjust the user's profile to point to it instead of the OD Master. Try and login and see what you get.

• Oracle Portal for win98?

  Is oracle portal for Win98 available for download? Will it work with Microsoft PWS?

  This is really not the forum for this type of question.
  However, Oracle Portal is available for Solaris and will be available shortly for Windows NT. It will be ported to platforms that 9i Application Server is ported. I do not believe that Windows 98 is on that list.
  Second answer. Microsoft PWS is not currently supported with 9i Application Server.
  null

• Implementing Language Change in Portal for annoymous users

  Hi
  i want to implement Language change option in portal for annoymous users
  can anyone help me with the procedure i need to follow for implementing the change of language
  Regards
  JM

  Currently there are 2 ways to do this.
  1. with URL iViews
  These iViews have the "Language specific URLs"-Option. There you can specify which html file schould be displayed depending on the language.
  But this works only for html files.
  This would work fine together with the things i explained above.
  2.switch between different anonymous user
  This is a little bit tricky. You need an application, that is able to switch between different user. For example: Switching from user german to user english.
  In this case you would have to assign the language specific contents to these users.Here is a blog that describes how to implement this application.
  Blog Link
  I am working currently on this to get it running. So if you manage to do so, you could help me maybe.:)
  Regards,
  Marcus
  Message was edited by:
          Marcus Böhm

• Hide The Content Reference from Portal For specific users.

  Hello Everyone
  I am new to peoplesoft and want to hide the content reference from the main portal for specific users
  Can anyone help me on this?
  Thanks in advance...

  the users should have roles which do not contain the permission lists to which your current component is added.
  This is the way security is maintained!
  Vikas

• Need MBAM 2.5 Helpdesk and selfservice sites to open for authenticated users with no password prompt

  I Need MBAM 2.5 Helpdesk and self service sites to open for authenticated users with no password prompt. I just cant seem to get this to work. The account used in the application pool has its SPN registered and delegation set. I can use that account to login
  to the sites but am prompted for a password. That said anyone I add into the helpdesk users group cannot negotiate the sites. Only the account I have set in the application pool can. I want domain authenticated users that have been added to the MBAM Help Desk
  Users group to negotiate the site with NO password challenge at all.
  tconners

  This generally means that your SPN is not set up correctly.  Let's say the web server you installed the SSP on is lance.contoso.com and your app pool creds are corp\lance.  You should set an SPN similar to setspn -s http/lance.contoso.com
  corp\lance.  In your browser, you should now be able to access the SSP without prompts.  However, if you still get prompted, generally that means that your local intranet zone in IE does not have an entry for *.contoso.com.  Since you are entering
  an FQDN in your browser, IE interprets the "." to mean "on the internet" which breaks Kerberos authentication.  By adding *.contoso.com to your local intranet zone, you are telling it that lance.contoso.com is on the intranet, so use
  Kerberos.
  I can confirm, that I have exact configuration and I always get the password promt for the very first time. We have 2 server (1xIIS and 1xSQL) infrastructure in production with SPN set like it should and I get the password prompt.

• MM01 tcode for SD user with restriction to SD related codes only

  Dear Experts
  How can we assign MM01 Authorisation for SD user with a restriction that he can access only <b><u>SD RELATED MATERIAL ONLY</u></b> ?,     Why because the material master is same for   <u>MM Module</u>   and   <u>SD Module Product Master</u> also.
  There is no listing for Material Group parameter in the Material Object
  Material Type Object : M_MATE_MAR
  Material         Object : M_MATE_MAT
  Thanks in advance
  Please advise me.
  Regards
  PS Prasad

  Dear Corinne Müller 
  First of all, let me say Sorry for the late reply to your post.
  I have gone through the objects you have told to that particular SD User.
  He have been already assigned those objects.    But one thing I have observer
  here is the authorisation object you have given    M_MATE_WGR
  contains 2 parameters those are
  (01) Activity                       01, 02, 03
  (02) Authorization Group
  The above said (02) parameter does not contains any data to select in its dropdown box.   I think functional people does not created material groups
  while doing configuration part.
  So, here I can not distinguish the material whether it related to SD Module OR MM Module. And can not restrict user's to access TCode MM01 basing on their module related material only. Am I right ????
  Any further suggetions ?????
  Thanks for your reply.
  I am just learner in BASIS.   Kindly be in touch with my e-mail id.
  My E-Mail id : [email protected]
  Thanks once again
  PS Prasad

• Default User Template for AD users with Win home dirs

  Hi all,
  Can anyone tell me if it's possible for AD users with Windows based home directories to get a default user template given to them the first time they login to a Mac bound to AD?
  I can give local users and users with home dirs on our Xserve my default user settings via the English.lproj template, but I cannot for the life of me get this to work for those users with Windows based home directories.
  This is a biggie since my boss has mandated that ALL our student home directories are to be hosted under Windows from now on...
  Thanks in advance.

  So you are using roaming profiles on AD and when they log into a Mac you want to setup their default, is that what I am hearing?
  You will need to modify the English.lproj on the local machine to setup the default template. Since the mac server is not involved in the authentication and hosting of a roaming AD account with windows home folder, the client creates the home folder initially. Modify the default English.lproj on the clients.

• For iphone users with att, can you block incoming texts all together? After paying $20 for data i dont want to pay as i go/pay more for texts

  For iphone users with att, can you block incoming texts all together? After paying $20 for data i dont want to pay as i go/pay more for texts

  SMS is exchanged over the same network as calls - no data involved.
  MMS requires data.
  iMessage requires the same as email - internet access via an available wi-fi network or via your carrier's cellular data network.
  You can disable SMS/MMS altogther with your account by requesting this with AT&T. You can turn iMessage off unless your iPhone is connected to an available wi-fi network.

• Creating a windows user in Active Directory

  I am trying to create a user in Active Directory that can log on as any other Windows user, but when I try to log into Windows, I get the following error message:
  "The local policy of this system does not allow you to logon interactively".
  Are there any attributes or objectclass settings that must be set for the user to allow interactive logons?
  Thanks in advance!

  This has nothing to do with JNDI, the object class or attributes.
  I assume that you are trying to logon locally to the domain controller with the new user that you have just created.
  By default, the domain controller's policy only allows specific users or members of a group to logon locally at the domain domain controller's console.
  Either edit the domain controller'sgroup policy and add your newly created user to the list of users permitted to logon locally, or add the user to a group which has already been granted permission to logon locally.

• Oracle 9i/10G DB authentication using Active Directory (with out OID)

  Hello All,
  We want to use a Single-Password authentication scheme using the Active
  Directory as the primary source for userId/Password.
  We don't want to use the Active Directory and OID bridge.
  As we have many databases and would like to configure all Databases to use Active
  Directory for Authentication. Our goal is to have single id/password across all
  the databases and any user should be able to login from any computer using their
  windows id/password, note that we don't want to use the OSAuthentication.
  We have read the documents provided by oracle for authentication using Active
  Directory, we were able to create Oracle Schema in Active Directory and were
  also able to register a DB with Active Directory and then created user as global
  user in Oracle Database and provided the DN of the user. When we tried
  authenticate with all this setup it comes back and says invalid ID/Password !!!
  And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
  Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
  Envoirnment:
  Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
  Operating System: Windows 2000/ Windows 2000 Server
  Constraint: We don't want to user OID ( as we don't have license for this
  product ! )

  I have a thread started similar to your request.
  OS Authenication on Windows
  Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
  SHOW PARAMETER OS_AUTHENT_PREFIX;
  SHOW PARAMETER REMOTE_OS_AUTHENT;
  CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
  GRANT CREATE SESSION TO OPS$SOMEUSER;
  For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
  CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
  I really wish Oracle or somebody created a guide or book on how to do this.

• Add user to Active directory using SAP ABAP

  Hi Experts,
  I am currently working on a security refractor project where we are planning on automating the user creation process in business object and Oracle Hyperion using GRC-BW.
  Our Hyperion user management is based on active directory/LDAP groups.
  So say for example - we have a new user say ABC and in GRC he select the SAP-BW role 'HYP_FINANCE_USA' then I want to write a program in BW which will see who all users are assigned to 'HYP_FINANCE_USA' role and will go an update the active directory distribution list group named 'HYP_FINANCE_USA'.
  Has anyone written a ABAP program or used standard function modules/BADI's etc to add/delete user from active directory/LDAP group ?

  Would you post your code? I have yet to see any working jndi code to add a user to AD. Thanks.

• Oracle forms authentication with active directory without OID

  Hi Gurus,
  I need to implement active directory authentication in oracle forms.
  My scenario is this:
  1. The user is created in active directory
  2. The user is imported in our aplication, and then I assign the roles in Oracle, and create the user in my aplicattion.
  When the user logs, the system have to validate the password with MS-AD. If the password is right, then, the system start a session in Oracle.
  My questions are:
  1. How can I validate the password in AD ? Is it in clear text, unix crypt, AES ?
  2. In case the user has changed the password in AD, how can obtain he logs in oracle with the new password ?
  We use oracle enterprise edition, but we don't have oracle applications, so i can't use identity management.
  Thanks in advance for your help

  You will need Oracle SSO and OID to implement Active Directory authentication for Oracle Forms. It comes with Oracle Application Server. You will need to read up on how to use AD instead of OID as the user store for Oracle Single Sign-on (SSO). Forms will use SSO to login not really knowing which user store is used so there is no config needed on the Forms side (except enabling SSO).