URGENT : EP LDAP Search Problem

Guys....any inputs ?????
Dear Portal Gurus,
We have connected LDAP To EP 6.0 SP12.
LDAP is ADS 2003 with two forests.(Deep Hierarchy)
I have created a XML config file for LDAP (UME Config. file) which connects to both the forests.
Everything works fine except when I navigate to Groups (say GROUPABC) and then from inside the group search for a USER (say USER001)who shows up as being in that group from a LDAP Browser (like Softerra) the search does NOT result in any match.
The group displays only 200 users even though there are more than 5000 users in it.The message we get is " the search hit is limited to 200 hits."
This user (USER001) does NOT show up in those 200 users.Now if I search for another user (say USER002) who is not in those 200 users but can be still seen from LDAP Browser (exactly like the last user I.E. USER001),that user (002) is being found as a result of a search from inside that group (GROUPABC).
There is a parameter in UME Properties file where we can change the max. search hits value from 200 to anything.
Will changing this value make EP to find USER001 in groupABC.
Pls note when USER001 and USER002 are searched as USERs (search users link) in EP they are seen to be assigned to the group GROUPABC.
Am told that windows has a limitation of showing only 1500 users inside a group.
To summarise : <b>my questions are :
1) How to find USER001 from inside GROUPABC &
2) How to display more than 1500 users inside that
GROUP in EP.</b>
Greatly appreciate your inputs.
Thanks.
Josh
Message was edited by: Josh Mannings
Message was edited by: Josh Mannings

Hi,
What you can do is
Go to -->config tool.bat
-->click on pencil icon
-->cluster_data
-->server
-->cfg
-->services
-->property sheet of com.sap.security.core.ume.service
-->find the property ume.superadmin.activate = TRUE
Now logon to your portal with admin credentials and once you logged in again come here and make this property = FALSE
This is known as SAP* user
NOTE: Please keep atleast one user with super admin role assigned when such thing happens again so that you can unlock it from portal itself and your work wont get stopped.
Regards,
Ameya

Similar Messages

Outlook ldap search problem

Hi Sun,
I able to search contact list using Mozilla thunder bird. with search base dn
ou=people,dc=xxx,dc=xxx,dc=xxx
but this doesn`t work in OUTLOOK 2007.
May i know is it required outlook connect ?
Sun Java System Connector for Microsoft Outlook ?
Cheer
Sam

Hello,
Although the lists and memberships are listed in the GAL (generated by the calendar server through LDAP calls to OID), there still aren't any 'hooks' into the email server to allow for DL management. We have plans to expose DL management in the future, but not in the short or middle term. For the time being, you'll have to go through webmail to manage DLs.
Hope that helps,
--Marc

Open Directory, third party LDAP search path problem on Snow Leopard

Happy new year folks,
I ran into an interesting problem this past week in regards to a third party LDAP directory in the Search path (which used to work on previous versions). The issue brings the server to its knees eventually. I'm still digging through the logs, but here's the general breakdown...
1. Add third-party LDAP to the OD node list. This has always worked on previous versions, and appears to still work at the most basic level. I can navigate the node with DSCL, read records, etc.
1. Add third-party LDAP to the OD search path.
2. Wait a few minutes....
3. The server begins to slow down. Apache, SSH, ServerAdmin service stop responding. I'm able to run "top" briefly, which shows an increase of threads.
4. Restart the server and quickly remove the directory from the OD search path
5. Server goes back to being rock solid with very nice response times for Apache, SSH, ServerAdmin, etc.
If anyone has any debugging suggestions, or has seen this before, let me know.
Jaime
--- Below is some console output leading up to the chaos. Before adding to search path, everything looks good --------------------
bash-3.2# dscl
Entering interactive mode... (type "help" for commands)
read /LDAPv3/ldap.itd.umich.edu/Users/jaimelm cn
dsAttrTypeNative:cn:
Jaime Magiera
Jaime L Magiera 1
Jaime L Magiera
--- Add to Search Path, which hangs ------------------------------------------------------------------------------
bash-3.2# dscl /Search -append / CSPSearchPath /LDAPv3/ldap.itd.umich.edu
--- DSCL in debug mode contains the following ----------------------------------------------
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: ipfw, PID: 1097, API: libinfo, Server Used : libinfomig DAR : Procedure = getprotobynumber (13) : Result code = 0
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: sso_util, PID: 1103, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779669 : Requested nodename = /Search
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Plug-in call "dsDoPlugInCustomCall()" failed with error = -14292.
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Port: 27151 Call: dsDoPlugInCustomCall() == -14292
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
707 : Requested nodename = /LDAPv3/ldap.itd.umich.edu
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779707 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 167797072010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707
: Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAC : Dir Ref 16779707 :
Data buffer size = 1282010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
707 : Requested nodename = ConfigNode2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779
707 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: Requesting dsOpenDirNode with PID = 1114, UID = 0, and EUID = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAC : Dir Ref = 16779707 : Node Name = /Configure
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAR : Dir Ref = 1677970
7 : Node Ref = 33556926 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 16779707
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAC : Node Ref = 33556926 : Requested Attrs = dsAttrTypeStandard:OperatingSystemVersion : Attr Type Only Flag = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAR : Node Ref = 33556926 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33556924 : Requested Attrs = dsAttrTypeStandard:LSPSearchPath : Attr Type Only Flag = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAR : Node Ref = 33556924 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsDoPlugInCustomCall(), Search Used : DAC : Node Ref = 33556924 : Request Code = 444
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Checking for Search Node XML config file:
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfig.plist
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Have written the Search Node XML config file:
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfigBackup.plist
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Setting search policy to Custom search
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CSearchPlugin::SwitchSearchPolicy: switch - reachability of node </LDAPv3/127.0.0.1> retained as <true>
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: checking network node reachability on search policy 0x0000000000002201
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CCachePlugin::EmptyCacheEntryType - Request to empty all types - Flushing the cache
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/127.0.0.1
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAR : Dir Ref = 16777216 : Node Ref = 33556929 : Result code = 0
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: calling dsOpenDirNode succeeded on node </LDAPv3/127.0.0.1>
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAC : Node Ref = 33556929
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAR : Node Ref = 33556929 : Result code = 0
2010-01-01 19:26:36 EST - T[0x0000000103181000] - mbr_mig - dsFlushMembershipCache - force cache flush (internally initiated)
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
2010-01-01 19:26:36 EST - T[0x0000000103181000] - Membership - dsNodeStateChangeOccurred - flagging all entries as expired
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/ldap.itd.umich.edu
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::InternalEstablishConnection - Node ldap.itd.umich.edu - Connection requested for read
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::FindSuitableReplica - Node ldap.itd.umich.edu - Attempting Replica connect to 141.211.93.133 for read
2010-01-01 19:26:36 EST - T[0x0000000102481000] - CCachePlugin::SearchPolicyChange - search policy change notification, looking for NIS
2010-01-01 19:26:36 EST - T[0x0000000102481000] - Internal Dispatch, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:SearchPath : Attr Type Only Flag = 0
------- From another screen, I do "id jaimelm", which hangs ------------------------------------------------------------------------
: Requested Rec Names = jaimelm : Rec Name Pattern Match:8449 = eDSiExact : Requested Rec Types = dsRecTypeStandard:Users
2010-01-01 19:36:55 EST - T[0x00000001082A2000] - Internal Dispatch, API: dsGetRecordList(), Search Used : DAC : 2 : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:RecordName;dsAttrTy peStandard:Password;dsAttrTypeStandard:UniqueID;dsAttrTypeStandard:GeneratedUID; dsAttrTypeStandard:PrimaryGroupID;dsAttrTypeStandard:NFSHomeDirectory;dsAttrType Standard:UserShell;dsAttrTypeStandard:RealName;dsAttrTypeStandard:Keywords : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = 0
2010-01-01 19:37:03 EST - T[0x0000000108325000] - Client: httpd, PID: 157, API: mbr_syscall, Server Used : process kauth result 0x0000000102022B30
2010-01-01 19:37:03 EST - T[0x00000001083A8000] - Client: httpd, PID: 151, API: mbr_syscall, Server Used : process kauth result 0x0000000102022C50
2010-01-01 19:37:05 EST - T[0x000000010842B000] - Client: httpd, PID: 203, API: mbr_syscall, Server Used : process kauth result 0x0000000102022D70
2010-01-01 19:37:15 EST - T[0x00000001084AE000] - Client: httpd, PID: 994, API: mbr_syscall, Server Used : process kauth result 0x0000000102023890
2010-01-01 19:37:26 EST - T[0x0000000108531000] - Client: httpd, PID: 198, API: mbr_syscall, Server Used : process kauth result 0x0000000102023980
2010-01-01 19:37:31 EST - T[0x00000001085B4000] - Client: httpd, PID: 161, API: mbr_syscall, Server Used : process kauth result 0x0000000~

Hi
I'm in agreement with harry here but what I'm struggling to understand is why you are seeing this as a problem? I'm also struggling to see this as being a possibility in a single server environment if I understand your post correctly?
Promotion to OD Master with all that entails absolutely rests on a properly configured and tested internal DNS Service. The Kerberos Realm's foundation (and with that the ability of the server to perform its function as KDC and offer LDAP services) entirely depends on what is configured in the DNS Service. This will include the server name, domain name and tld. The Kerberos Realm automatically configures itself using that information. Likewise the searchbase.
Its more than possible to change the Realm name and with it the LDAP search base (in certain circumstances) and have an OD Master, however Kerberos won't start it won't need to as the KDC will be elsewhere. You generally see this when augmenting Windows AD with MCX. In that situation Realm name and search base will reflect what is set on the Active Directory. Client computers will use what is set there for contact and authentication information before looking at the OD Master for anything else.
Does this help? Tony

URGENT HELP ! Search did not help !

*URGENT HELP ! Search did not help !*
I bought my new iPod classic three days ago and until yesterday it worked OK. Every time I plug iPod to my computer I get message "CONNECTED" and I hear that sound in Windows that is saying that something is connected, but almost amidiadly I get the message "EJECTING" and it ejects. I don't see anything in iTunes or My Computer and everything lasts for a few seconds. I reinstalled Windows, so I'm using a fresh copy without any bugs, well if you can call Windows bug free lol USB port to which I'm connecting iPod is 2.0...
I can't even see iPod in My Computer - Properties - Hardware - Device Manager.. And when I leave this windows on and then connect iPod I can see that "xx Apple iPod" appears for a few seconds...
I read that people had similar and same problems, but there is for instance no connected device in Device Menager for me to update and even Disk Mode does not work... I also did not read that someone solved this problem...
Scould I call them and ask them to get another one or what ?
PLEASE HELP ! And Thank You...
Message was edited by: Samael54

No I downloaded the fix, but it won't not even install.. I sow that that fix was replaced with a new one, so I subscribed to get that fix, but nothing so far, but I remember installing that fix yesterday and it did not help as well.. I will try to get it to some other computer and restore it without iTunes somehow, but I don't know if this is posible or if it does not work with my PC does not mean it will work on some other

Concurrent ldap search in the same thread

Hi,
I try to send in parallel several ldap search request to an iDS5.0 SP1 ldap server. The ldap client is java coded using LDAP SDK.
To emphasis my problem, I wrote a very simple ldap client:
A first request is sent to the ldap server. 200 entries matches the search criteria;
searchListener = _ld.search("ou=city0, ou=region0, ou=LoadTest, o=surpass.com",1,"(cn=*)",attrs,false,null, searchConstraints);
I read the 5 first messages sent back by the ldap server:
while (true) {
ldapMessage=searchListener.getResponse();
nbEntries++;
if (nbEntries>5) break;
Without waiting for the resultCode message, I send a new ldap search:
ldapSearchResults = _ld.search("ou=city1, ou=region1, ou=LoadTest, o=surpass.com",1,"(cn=*)",attrs,false,searchConstraints);
This search locks the java process. A timeout message is generated in the ldap server logs:
[27/Jan/2003:14:13:35 +0100] conn=60660 op=2 fd=48 closed error 11 (Resource temporarily unavailable) - B4
Is it a bug? Or is it mandatory, in a single thread process, to wait for the resultCode message before sending any other search request?
Yannick

Thank's for answering
You'r right, there are many ways to overcome the problem in my very simple ldap client:
- Send an abandon
- Wait for the resultCode message
- Use the search constraint BATCHSIZE=0
But my question is: is it possible to run several concurrent ldap requets in the same thread (like a pool of ldap search) and check their results in a asynchronous way?
Any idea?

Cant Edit Ldap Search Base in Open Directory

Greetings ,
My ldap search base wrong in my open directory . I have tried converting the server to standalone and back to a directory master and it still retains the old search base. How do i get rid of this, as it is causing problems.
Thanks In Advance

Any resolution to this? I am trying to configure OD and it's NOT using our FQDN for the server as the search base... instead of server.domain.NET it is putting in server.domain.COM - pretty sure that will cause problems.
I ran host <ip address> and checked our DNS settings on the server and everything is configured as .NET - cannot find this .COM anywhere. Am NOT in a position to do an uninstall and re-install as many folks have seemed to have done.
Mike

DHCP LDAP search base

Hi,
What setting should be put in the search base box in the LDAP tab of DHCP? I would like users to be able to access the OD database in tools such as the Address Book.
(I currently have the dc=<name>,dc=<suffix> where these are the name.suffix of my domain). In this configuration, the users can not see the LDAP database.
Thanks,
Dave

Hi Hiya,
Thank you for taking the time to look at my question. Here's my problem. We're setting up a VOIP phone system and one of the questionnaire is to provide LDAP Search Base String of my AD. I'm not sure if I need
to provide all this search base (DC, CN and OU) all I want to know is which of the element I should provide.
I think my LDAP search base string is "OU=xxx,DC=mydomain,DC=local. (I'm still not sure but if you have an idea please help).
Thank you.
Jay
aja

Change LDAP search path

When I built our CallManager 8.6 enviornment, I mirroed the way our 7.3 was set up. We had set up our LDAP search space at the root of our domain. The problem is that includes all kinds of sub directories we dont want. I want to now change our LDAP to look deeper in our hiarchy. What I dont know though is will it then see every person as a new user. If so, it would break UCCX and Presence.

Yep they do stay the same. And the way I know it worked is if I look up a user I wanted to keep it shows "Ldap Active". For the users I wanted gone they now show "delete pending".

LDAP Search filter Jabber for Android

Hi,
I have this LDAP Filter which only shows me active users:
<BaseFilter>(&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2))</BaseFilter>
I have the same line for Jabber for Android, but it doesn't work.
<BDIBaseFilter>(&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2))</BDIBaseFilter>
I get 0 results for any search on Jabber Andorid. When I delete the "BDI" Line for the filter all together, then I get correct results - with photos and everything.
I also tried a simple filter e.g:
<BDIBaseFilter>(!UserAccountControl:1.2.840.113556.1.4.803:=2))</BDIBaseFilter>
No search results either.
Any ideas how to get Filter for Android working?
Versions:
Jabber for Android: 10.6
CUCM: 9.1.2

I think I found the coresponding messages in the log:
csf.person.ldap: [LdapSearchQueryHandler.cpp(51)] [start] - reqId = 2
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1482)] [sendSearchQuery] -
02-26 09:18:59.851 15477 15477 I csf.person.xmpp: [XMPPPersonRecordSource.cpp(268)] [fetchContacts] - Entering.
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1531)] [sendSearchQuery] - filter = (&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2)(|(sAMAccountName=at1sath))), baseDN=OU=Organization,DC=at,DC=customer,DC=net
02-26 09:18:59.851 15477 15477 D services-dispatcher: [ServicesDispatcher.cpp(147)] [pumpNext] - pumpNext.executed (ContactsAdapter::LoadContactsFromSource)
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1576)] [sendSearchQuery] - ldap search error. rc= -7 ,msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1675)] [notifyListenersSearchRequestCompleted] - errorCode=-7
02-26 09:18:59.851 15477 15477 D services-dispatcher: [ServicesDispatcher.cpp(145)] [pumpNext] - pumpNext.executing (ContactsAdapter::LoadContactsFromSource)
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1258)] [mapErrorNo] - Code = -7, Msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapSearchQueryHandler.cpp(84)] [onSearchRequestCompleted] - reqId = 1, errcode = 9
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1531)] [sendSearchQuery] - filter = (&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2)(|(sAMAccountName=at1hafr))), baseDN=OU=Organization,DC=at,DC=customer,DC=net
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1576)] [sendSearchQuery] - ldap search error. rc= -7 ,msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1675)] [notifyListenersSearchRequestCompleted] - errorCode=-7
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1258)] [mapErrorNo] - Code = -7, Msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapSearchQueryHandler.cpp(84)] [onSearchRequestCompleted] - reqId = 2, errcode = 9
The next question is now: Why is it a bad search filter? And what is the correct one? The same filter works on jabber for windows...
BR, Dave

How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird?

How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird? We have a super awesome contacts server that works great for our Mac users. About 30% of our company are on PCs, and I would like to use the Mozilla Thunderbird mail client for them. I see that in Thunderbird I can set up LDAP searching, and would like to have this feature point to our contacts server. I've tried several different settings, and looked all over the web, but could not find the proper way to configure this. Does anyone know if this can be done, or if not, would have a better suggestion? Thank you for your time!!

try double clicking keychain acces should launch and ask if you want to install login, system, System roots
A dialog box will launch asking where to install the cert since your configuring a vpn I would put the certificate it in system.

Sun idm LDAP Search Filter, logical operations.

Hi
Can any body please give me the solution on LDAP Search Filter
I need to get all the users from a LDAP
Whose attribute1 contains any of the values like (abc, bbc)
OR
Whose attribute2 contains any of the values like (xyz, yxz)

we got the solution
(|(|(attr1=abc)(attr1=bbc))(|(attr2=xyz)(attr2=yxz)))
finally this worked.

Ldap search query takes more than 10 seconds

LDAP query takes more than 10 seconds to execute.
For validating the policy configured, the Acess Manager(Sun Java System Access Manager) contacts the LDAP (Sun Java System Directory Server 6.2) to get the users in a dynamic group. The time out value configured in Access Manager for LDAP searches is 10 seconds.
Issue : The ldap query takes more than 10 seconds to execute at some times .
The query is executing with less than 10 seconds in most of the cases, but it takes more than 10 seconds in some cases. The total number of users available in the ldap is less than 1500.
7 etime =1
6 etime =1
102 etime=4
51 etime=5
26 etime=6
5 etime=7
4 etime=8
From the ldap access logs we can see the following entry,some times the query takes more than 10 seconds,
[28/May/2012:14:21:26 +0200] conn=281 op=41433 msgId=853995 - SRCH base="dc=****,dc=****,dc=com" scope=2 filter="(&(&(***=true)(**=true))(objectClass=vfperson))" attrs=ALL
[28/May/2012:14:21:36 +0200] conn=281 op=41434 msgId=854001 - ABANDON targetop=41433 msgid=853995 nentries=884 etime=10
The query was aborted by the access manger after 10 seconds.
Please post your suggestions to resolve this issue .
1.How we can find out , why the query is taking more than 10 seconds ?
2.Next steps to resolve this issue .

Hi Marco,
Thanks for your suggestions.
Sorry for replying late. I was out of office for few weeks.
1) Have you already tuned the caches? (entry cache, db cache, filesystem cache?)
We are using db cache and we have not done any turning for cache. The application was working fine and there was no much changes in the number of users .
2) Unfortunately we don't have direct access to the environment and we have contacted the responsible team to verify the server health during the issue .
Regarding the IO operations we can see that, load balancer is pinging the ldap sever every 15 seconds to check the status of ldap servers which yields a new connection on every hit. (on average per minute 8 connections - )
3) We using cn=dsameuser to bind the directory server. Other configuration details for ldap
LDAP Connection Pool Minimum Size: 1
LDAP Connection Pool Maximum Size:10
Maximum Results Returned from Search: 1700
Search Timeout: 10
Is the Search Timeout value configured is proper ? ( We have less than 1500 user in the ldap server).
Also is there any impact if the value Maximum Results Returned from Search = set to 1700. ( The Sun document for AM says that the ideal value for this is 1000 and if its higher than this it will impact performance.
The application was running without time out issue for last 2 years and there was no much increase in the number of users in the system. ( at the max 200 users added to the system in last 2 years.)
Thanks,
Jay

Error in LDAP Search QPAC

Hi..
i am trying to use LDAP search qpac.I have the provider url and i gave the username as admin and password as password.when i drag the ldap search qpac into my workflow and refreshing for the baseDN, it is giving an error saying that "cannot instantiate class com.sun.jndi.ldap.LdapCtxFactory"
wht do the DC,CN mean?
plzz help me if there are any demos for understandin the ldap search qpac more.. have already read the topic given by marc szulc regarding ldap search qpac.
thanks..
Raghava Kumar V.S.S.

I started getting this error when I mistakenly changed a search filter from (&(uid=james)(objectclass=Staff)) to (uid=james)(objectclass=Staff)). It is complaining about the unbalanced parenthesis.

How can I perform LDAP searches in BPEL?

Hello,
I'm trying to search an LDAP directory from a BPEL process.
There is a "ldap:search" XPath extension which appears to do this, but how do I specify which server to use. Just calling this function in an Assign produces an error message referring to a file called "directories.xml". Can anyone tell me what format this file should have (or how I automatically generate it)? I can't see it mentioned anywhere in the documentation.
Thanks for your help.

Did you ever get to know the location of this file?-directories.xml?

LDAP Search Context filtering in Presence

Hi all,
I'm trying to reduce my contacts results in presence to users with the IPPHONE filed populated. Is there a way to do this in the LDAP search context field.
I'm able to do this in CUCM with custom filter. (&(objectCategory=user)(objectClass=user)(ipPhone=*))
thanks
Mal

Hi
Yep - I think you can.
See this thread where it's kind of hinted at near the end:
https://supportforums.cisco.com/thread/2009542
Also it's mentioned in the shoutbox section of this page, but the response by the man who knows has been edited out helpfully (search the page for filter):
http://htluo.blogspot.com/2009/01/ldap-integration-with-cups.html
Aaron

URGENT : EP LDAP Search Problem

Similar Messages

Maybe you are looking for