UME - Creating users in LDAP via Anonymous account

Similar Messages

• Error while create user in LDAP - LDAP: error code 1

  Hi Guy's, I am getting below error while creating user in LDAP MS AD.
  cn=3001,ou=sAP_IDM,dc=springswf,dc=comcn<mx:TEXT>putNextEntry failed storingOU=SAP_IDM,DC=springswf,DC=com</mx:TEXT>
  <mx:LTEXT>Exception from Add operation:javaxnaming.NamingException: {LDAP: error code 1 = 00000000: LdapErr: DSID-OC090AE2, coment: In order to perform this operation a successful bind must be completed on the connection.,data0,vece
  Steps I am following:
  1. create a job through wizard and pick from (IC->jobs->Active Directory->Create Active Directory User)
  2. Destination tab values that I am passing:
  dn: cn=Dummyuser,ou=SAP_IDM,dc=<main domain>,dc=com
  objectClass: top|person|organizationalPerson|user
  sn: Surname
  givenName: GivenName
  displayName: Dummy user displayname
  Under <main domain> an OU has been created called SAP_IDM for testing user creation from IDM.
  Admin user account created called <XYZ> and has full control over SAP_IDM OU.
  I am passing <XYZ> credentials into my job for user creation.
  Thanks for you help!

  Farhan,
  Based on the error message presented,
  In order to perform this operation a successful bind must be completed on the connection
  Make sure that you're using the correct information to do the AD Bind.  User name should be something like cn=administrator,cn=users,dc=xxx,dc=xxx and the proper password.
  Matt

• How to create user credit control via customization

  Hi !
  I have to create user credit control via Transaction :
  SPRO.
  path:
  Sales and Distribution->Basic Functions->Credit Management/Risk Management->Credit Management->Define Automatic Credit Control.
  I want to check the user checkbox, and create my logic
  of credit control.
  In the help of credit control screen, it says that i have
  to use user exits LVKMPTZZ and LVKMPFZ1.
  However when i looked for that user exits at SMOD
  that user exit don't exist !!!
  How do i use those user exits ? Why can't i find those user exit ?
  Can you give me please  a code example of how to use
  the user checkbox to change the logic of credit control ? or any material about the issue.
  thanks
  moshe

  Hi,
    You dont find the programs LVKMPTZZ and LVKMPFZ1 in SMOD transaction, check in SE38 by typing the program names, there you have the provision to write your custom code,
    As user exits are specific to the business, it would be difficult to send the sample code to cater the functionality expected by your business,
  Hope this helps,
  Rgds,

• Creating User Defined Fields via DI API

  Hello,
  Has anyone tried creating User Defined Fields via DI without direct database intervention ? My add on relies on some UDF's that have to be created on install.
  Thank you

  I regularly use the UI API to do this.  You can find several discussions on this forum.  I have not put this in my installation program, but I use UserFieldsMD in the DI API and a CSV file from Excel to store the information about the fields.

• Creating user in LDAP using Oracle Identity Store API

  We are trying to create users in LDAP (open LDAP) using Oracle's Fusion Middleware's Oracle Identity Service API. Here is my code snippet to create user,
            final IdentityStoreService identityStoreService = jpsContextFactory
                      .getContext().getServiceInstance(IdentityStoreService.class);
            IdentityStore idmStore = identityStoreService.getIdmStore();
            final Property statusProperty = new Property("status", Arrays.asList("active"));
            final PropertySet propertySet = new PropertySet();
            propertySet.put(statusProperty);
            idmStore.getUserManager().createUser("userid", new char[0], propertySet);
  but I am getting this error
  Caused by: oracle.security.idm.IMException: Mandatory attribute missing :status
       at oracle.security.idm.providers.stdldap.util.LDAPRealm.createUser(LDAPRealm.java:139)
  even though I am clearly adding the attribute as mentioned above, am I missing any thing?
  Thanks for your help :)
  Full stack trace:
  oracle.security.idm.OperationFailureException: oracle.security.idm.IMException: Mandatory attribute missing : status
       at oracle.security.idm.providers.stdldap.util.LDAPRealm.throwException(LDAPRealm.java:785)
       at oracle.security.idm.providers.stdldap.util.LDAPRealm.createUser(LDAPRealm.java:153)
       at oracle.security.idm.providers.stdldap.LDUserManager.createUser(LDUserManager.java:170)
       at oracle.security.idm.providers.stdldap.LDUserManager.createUser(LDUserManager.java:121)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:173)
       at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:89)
       at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:61)
       at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:75)
       at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
       at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
       at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
       at java.util.concurrent.FutureTask.run(FutureTask.java:138)
       at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
       at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)
       at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
       at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:118)
       at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:208)
       at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
       at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:205)
       at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:113)
       at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184)
       at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
       at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
  Caused by: oracle.security.idm.IMException: Mandatory attribute missing :status
       at oracle.security.idm.providers.stdldap.util.LDAPRealm.createUser(LDAPRealm.java:139)
       ... 52 more
  Edited by: 940837 on Jun 14, 2012 5:00 PM

  URGENT** How to change  OIM user password from outside OIM

• Create user in LDAP subtrees via UME

  Hi all,
  We have different user types (public, employee, ...) in our LDAP server. Each user type has its own subtree under the ou=User node which is configured in UME. It is possible to create users via UME which are places under the according subtree?
  Best Regrads,
  Daniel

  Hi Stuart,
  we had exactly the same problem.
  Defining the additional attributes in the sapum.properties only makes them "visible" in the User Admin iViews.
  We also had to define the Attributes in our DataSource COniguration File in the section for the corresponding Datasource with:
  <attribute name="uniquename" populateInitially="true"/> (SAP Standard Attribute)
  e.g.
  <attribute name="FavouriteAnimal" populateInitially="true"/>
  Furthermore you should create a mapping to an LDAP Attribute. E.G. the Exchange Extension for MSADS offers 9 extensionattributes for free use.
  this is made in the section
  <attributemapping>
  <attribute name="displayname">     (-> Portal Attribute)     <physicalAttributename="displayname"/> (> LDAP)
  </attribute>
  (SAP Standard)
  so for your own attribute you can use e.G.
  <attribute name="FavouriteAnimal">
       <physicalAttributename="extensionattribute1"/>
  </attribute>
  Regards,
  Jochen
  Message was edited by: Jochen Spieth

• Error while creating user in LDAP (MS ADS) from SAP Portal 7.0

  Hi,
  Is it obliged to use SSL connection to create new user in LDAP (MS ADS) from SAP Portal 7.0 ?
  I've configured the UME with ldap server adress and port 389. And use configuration file "dataSourceConfiguration_ads_writeable_db.xml"
  I succeed to view users existing in LDAP but when I try to create new user I've the following error message:
  LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0)
  Thanks and regards

  check this link
  http://help.sap.com/saphelp_nw70/helpdata/EN/37/cfd93f130f9115e10000000a155106/frameset.htm
  and at the end of the page there is a qoute "We strongly recommend that you configure SSL between the UME and the LDAP directory. Some LDAP directories, such as Microsoft Active Directory Server, require an SSL connection if you want to create users on the LDAP directory"
  hence follow this link to configure SSL
  http://help.sap.com/saphelp_nw70/helpdata/EN/7d/77fa735e5f47a2a50b5336fd1b5a61/frameset.htm
  hope this helps..
  [Rahul|http://rahulursportal.blogspot.com/]

• Creating user with LDAP Intergrated

  Hi Guys,
  I just sync with LDAP with SAP (ABAP) and its came out nicely.But there's still some questions about how to use this (FYI, the LDAP Server are the leading systems) :
  - How to create a new user from SAP, is it SU01 or from LDAP tcode?
  - As for mapping , do I need to run the RSLDAPSCHEMAEXT on SE38 if LDAP Server is the leading system? Our LDAP server are running on Tivoli
  - If I have to create user from tcode LDAP, do I need to put these syntax: dn=,cn=,sn=...etc?
  Thank You in return

  Hi,
  You can use SU01 or U can create the user in LDAP not using LDAP tocde.Yuo can create the user in LDAP directory and then sync the users by running the report.
  Regards,
  Vamshi.

• UME Create user not  possible

  Portal 7.0 sp10 2004s
  ECC 6.0 sp 10  ERP 2005
  Portal is connected to ABAP backend for user authenticity,
  Data source configuration file is dataSourceConfiguration_abap.xml which should allow users created in the portal to be in the UME database only.
  Problem, When creating users on the Portal they are automatically being created with a datasource of ABAP and are created in the ECC abap backend.
  I have tried creating the users using the Visual Admin tool and it also created the users in the ECC abap backend
  I have in the past been able to create users in the UME only in fact I could not create Backend ABAP users from the POrtal
  Any help would be appreciated.
  Thanks
  sarah

  Haydn
  Thanks for your suggestion, I am still having problems
  I changed the SAPJSF user that communicates from the portal to the abap backend to read only. I got an error, it is still trying to create an ABAP backend user
  An error occurred in the persistence. The original message (possibly not translated) was: "BAPI_USER_CREATE1@RS2CLNT100: ID=01, NUMBER=491, MESSAGE=You are not authorized to create users in group". Contact your system administrator
  From the SAP Note 718383 it states the following:
  Supported changes to the data source configuration
  The allowed change options depend on the currently active data source configuration. You can determine the current data source configuration with the J2EE ConfigTool.
  In "cluster-data -> Global server configuration -> services -> com.sap.security.core.ume.service" check the property "ume.persistence.data_source_configuration".
  Depending on the data source configuration file you use, the following changes are possible:
  dataSourceConfiguration_abap.xml
  No change is possible.
  This configuration supports all usages (especially SAP Exchange Infrastructure and SAP Enterprise Portal) by making ABAP users and ABAP roles available as users and groups in the UME, and supports the creation of new groups in the UME (which are then stored in the local database) as well.
  Any other suggestions would be appreciated,
  Thanks
  Sarah

• Creating users in Active Directory through LDAP connector

  Hello,
  If we need to create users in Active directory using LDAP connector, what are the options for the following:
  1) Update back into SAP from AD. LDAP connector updates only in one direction i.e from SAP to Active directory.
  2) Can we add additional fields in LDAPMAP which are not standard e.g can we we write our own code to extract data from HR to map the value with an attritube within Active directory?
  Regards,
  Ahmad

  Hello!
  I noticed the email in my inbox and understand the reason for deleting it - checked the rules again - no problem with that.
  Here is the posting again - sanitized this time.
  You can create users in LDAP/AD from SAP without a problem. SAP provides function modules to create/maintain/delete users with LDAP attributes in the correct ou path.
  You can also perform group membership assignment in LDAP from SAP if needed.
  I have done this quite a few times at different companies that use SAP HCM.
  A userid in SAP is created automatically during hiring action with default password e.g. birthday of employee and certain authorization roles based on configured information.
  The userid is then created right away in LDAP in the correct ou path (controlled via custom configuration table) and LDAP group membership is assigned.
  A job runs every 8 hours to perform delta updates in LDAP.
  The userid in SAP and LDAP are locked automatically if the user is terminated using termination action in HR.

• How to create user in local datasource when UME is already switched to LDAP

  HI,
  Info : I have portal ( NW 700),  recently i switched the datasource of portal to LDAP from local datasource.
  issue: if i create user in portal it get created in LDAP, i want create few users in Local datasource.
  how to create user in local datasource when UME is already switched to LDAP?
  one solution is change the ume back to local datasource > create user > then switch back to LDAP.
  do you know any other sol?
  Regards
  Shridhar Gowda

  Please let me know the Datasource file name .. i.e. the .xml filename.
  try to analyze this name and see whether you get a solution or post it here.
  Reward points if helpful -

• Creating User account via SQL query

  Hi,
  Is it possible to create a user account programmatically?
  thanks,
  Dekel

  In SQL, use the CREATE USER statement. In PL/SQL, see Re: Creating user in PL/sql procdure.

• Trouble Creating Users Via Web Form

  I'm having trouble creating user in a 9i database via web front end.
  I use the following sql to create the user
  strSQL="CREATE USER"""+strUser+"""PROFILE ""DEFAULT"" IDENTIFIED BY ""HELLO"" DEFAULT TABLESPACE ""DATA"" TEMPORARY TABLESPACE ""TEMP"" ACCOUNT UNLOCK"
  I then execute another two sql statments to grant "connect" thus
  strSQL="GRANT ""CONNECT"" TO "+strUser+""""
  strSQL="ALTER USER """ strUser"""DEFAULT ROLE ALL"
  Whenever I try connecting using the new users details, but get an error message that the server had problems accessing the LDAP directory service(ORA-28030).
  I'm happy that the SQL is correect as I created the account that I wanted using Enterprise Console and coppied the SQL it produced. I'm assuming that there's something in the background that is not being triggered when creating the user via the web front end.
  Can anyone tell me where I'm going wrong?
  Thanks
  Jason

  My apologies, I didn't realise HTML DB was a product. I thought it was a forum for questions regarding HTML and databases.
  Doh!!!
  Jason

• How Do I Create User Account with "limited admin rights"?

  Hello;
  I would like to give a handful of users the ability to login to the DCC and enable them to add/delete/modify users and or hosts only, I.e. People and/or hosts.
  Is there anyway to:
  1.  Make a user with this admin capability?
  2.  Segregate the containers they are able to modify?
  Thanks to all in advance.

  BobM53, That would be needed regardless of what front end my users log in with, in my case I was looking for them to access the DIT via the DSCC/DCC, which is not possible.  Regardless, thank you for your reply, it is reassuring to know I am headed in the right direction.
  I am now looking towards installing something else like Apache Directory Studio, or some other GUI for users to manage the directory. 
  I will most likely create one or more ACI's to build groups, adding members to those groups as needed; each group being allowed to perform functions such as create users, lockout users, add/modify hosts, etc.
  I will most likely follow the steps outlined in:
  Directory Server Groups, Roles, and CoS - 11g Release 1 (11.1.1.7.0)
  Slightly OT, does anyone have a suitable and similar proven method to "lockdown" root accounts, and who has root access?
  Thank you

• Create users via the CLI interface on a SX20

  Hi 
  Are there some who know how to create users via the CLI interface on a SX20. You can do this via the web interface but I have many video installations where I need to create a user account. Therefore, it would be easiest if I can make it through the CLI interface. 
  Best regards 
  Jesper

  Unless there's a very well hidden command somewhere, then no. As far as I know, this can only be done for the remote supportuser account;
  xcommand UserManagement ?
  xCommand UserManagement RemoteSupportUser Create
      ExpiryDays: <1..31>
  xCommand UserManagement RemoteSupportUser Delete
  xCommand UserManagement RemoteSupportUser DisablePermanently
      Confirm(r): <Yes>
  xCommand UserManagement RemoteSupportUser GetState
  /jens
  Please rate replies and mark question(s) as "answered" if applicable.