Use AGENT through dynamic attribute access

I'm working with some persistent objects, but don't know the actual persistent class until runttime. To get the agent, I've coded this
DATA: l_agntclass TYPE classname,
lr_det_agent TYPE REF TO cl_os_ca_common.
FIELD-SYMBOLS <lr_det_agent> TYPE any.
l_agntclass = me->derive_agent_classname( ).
ASSIGN (l_agntclass)=>agent to <lr_det_agent>.
lr_det_agent ?= <lr_det_agent>.
Now I can call the methods of lr_det_agent. All well and good, and it works, but is this the right way? I tried defining <lr_det_agent> as TYPE REF TO. But that failed in the assign. And I tried CASTING TYPE on the assign, but that doesn't accept classes.
Am I missing something obvious?
Thanks
matt

Hello Matt
The solution is quite simple (see below):
*& Report ZUS_SDN_PERSISTENT_CLASS
*& Thread: Use AGENT through dynamic attribute access
*& <a class="jive_macro jive_macro_thread" href="" __jive_macro_name="thread" modifiedtitle="true" __default_attr="1143122"></a>
REPORT zus_sdn_persistent_class.
DATA: gd_clsname    TYPE classname,
      gd_method     TYPE string,
      gd_attribute TYPE string.
DATA: go_obj        TYPE REF TO object, " root object
      go_os_common TYPE REF TO cl_os_ca_common.
DATA: go_persist    TYPE REF TO cb_alert,
      go_agent      TYPE REF TO ca_alert.
FIELD-SYMBOLS <go_det_agent> TYPE ANY.
START-OF-SELECTION.
BREAK-POINT.
gd_attribute = 'CA_ALERT=>AGENT'.
" In your case: CONCATENATE l_agntclass '=>AGENT' ...
ASSIGN (gd_attribute) TO <go_det_agent>.
go_os_common ?= <go_det_agent>.
BREAK-POINT.
END-OF-SELECTION.
Regards
Uwe

Similar Messages

JSTL pass through dynamic-attributes

Folks,
Hi. I'm just learning Java, JSP & JSTL, and I've hit a bit of a curly one.
What's the best way to pass dynamic-attributes from a JSTL tag to another JSTL tag? Is there a way to pass them directly as a Map?
I wrote a generic-html-table-maker custom JSTL tag called "tabulator.tag" (based on one of the examples in JavaServer Pages by Hans Bergsten).
"tabulator.tag"
<%-- format contents as a HTML table --%>
<%@ tag body-content="empty" dynamic-attributes="dynattrs"
      import="java.util.*" %>
<%@ attribute name="content" required="true" type="java.util.Map" %>
<%@ attribute name="caption" %>
<%@ attribute name="headers" type="java.lang.Boolean" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<table
<c:forEach items="${dynattrs}" var="a">
    ${a.key}="${a.value}"
</c:forEach>
>
<c:if test="${!empty caption}">
    <caption>${caption}</caption>
</c:if>
<c:if test="${headers}">
    <tr>
      <th>Name</th>
      <th>Value</th>
    </tr>
</c:if>
<c:forEach items="${content}" var="row">
    <tr>
      <td>${row.key}</td>
      <td>${row.value}</td>
    </tr>
</c:forEach>
</table>This works fine when called from directly from jsp as below:
"tabulator_test.jsp"
<%-- format request headers as a HTML table --%>
<%@ page contentType="text/html" %>
<%@ taglib prefix="my" tagdir="/WEB-INF/tags/mytags" %>
<my:tabulator
headers="true" caption="Tabulated Request Headers" content="${header}"
border="1" cellspacing="0" cellpadding="2"
/>BUT... Now I'm trying to write a "requestHeaders.tab" just to "centralise" the table attributes... but I can't figure out how to pass the dynamic-attributes (containing the html table attributes) from "requestHeaders.tab" through to tabulator.tab
"headers2.tab" (aka "requestHeaders.tab")
<%-- format request headers as a HTML table --%>
<%@ tag body-content="empty" dynamic-attributes="dynattrs" %>
<%@ attribute name="caption" required="true" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@ taglib prefix="my" tagdir="/WEB-INF/tags/mytags" %>
<%-- build a string of the dynamic-attributes --%>
<c:set var="s">
<c:forEach items="${dynattrs}" var="a">
    ${a.key}="${xmlEncode(a.value)}"
</c:forEach>
</c:set>
s: ${s}
<%-- and pass them to tabulator --%>
<my:tabulator content="${header}" caption="${caption}" ${s} />... throws the below Tomcat Error when called by ...
"headers2.jsp"
<%@ page contentType="text/html" %>
<%@ taglib prefix="my" tagdir="/WEB-INF/tags/mytags" %>
<html>
<body>
    <my:headers2 caption="Request Headers"
      border="1" cellspacing="0" cellpadding="5"
    />
</body>
</html>
Apache Tomcat/5.5.17 - Error report
exception
org.apache.jasper.JasperException: /WEB-INF/tags/mytags/headers2.tag(14,55) Unterminated <my:tabulator tag
     org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510)
     org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:375)
     org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
     org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
     javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
root cause
org.apache.jasper.JasperException: /WEB-INF/tags/mytags/headers2.tag(14,55) Unterminated <my:tabulator tag
     org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:39)
                       ....This is just an intellectual exersice, but it's sucked me in... any help be greatly appreciated.
Thanx. KRC>

This always requires some work around. I have done two things in the past:
1) Create a variable on the page or request scope that contains the dynamic attributes you want to use:

<my:requestHeader content="${header}" border="0" cellspacing="1" cellpadding="2" />

<%@ tag body-content="empty" dynamic-attributes="dynamicAttributes" %>
<%@ attribute name="content" required="true" type="java.util.Map" %>
<c:set var="HtmlTableDynamicAttributes" value="dynamicAttributes" scope="page"/>
<my:htmlTable content="${content}" />

<%@ tag body-content="empty" dynamic-attributes="dybamicAttributes" %>
<%@ attribute name="content" required="true" type="java.util.Map" %>

<c:if test="dynamicAttributes == null">
<c:set var="dynamicAttributes" value="HtmlTableDynamicAttributes"/>
</c:if>
//then do table work using "dynamicAttributes"Another way I had done it was to create a tag that needs to be nested in the <my:htmlTable> tag that assigns attributes as needed. So the my:htmlTable tag might need to be called like this:
<my:htmlTable content="${content}">
<my:htmlTableAttribute name="${key}" value="${value}"/>
</my:htmlTable>Finally, after thinking about this in this email, I wonder what scope the variable created by dynamic-attributes="dybamicAttributes" is stored in. I assumed it was a scope too small for the next tag to see. But maybe you could just try to see if the variable is present:

<my:requestHeader content="${header}" border="0" cellspacing="1" cellpadding="2" />

<%@ tag body-content="empty" dynamic-attributes="dynamicAttributes" %>
<%@ attribute name="content" required="true" type="java.util.Map" %>
<my:htmlTable content="${content}" />

<%@ tag body-content="empty" %>
<%@ attribute name="content" required="true" type="java.util.Map" %>
Dynamic Attributes Seen? da="${dynamicAttributes}"</br>
//then do table work using "dynamicAttributes"

Access dynamic attributes BPM; error while activating the process in sxi

hi everybody,
I have to access dynamic attributs in a BPM condition. I thought I could achive this when I click the radiobutton "contextobject" in the condition editor.
When using the value-help button on the contextobject a huge list of objects is shown for selection.
Strange to me is that also the radionbutton "interface-variable" is checked. I can not uncheck this radiobutton. But this makes the error while activating:
"Containerelement 'IDOC_'MyContainerelement'{XSDSIMPLE::xsd:string;SHeaderSUBJECT:ht' does not exist".
Has anybody expirience using the dynamic attributes/contextobjekts in BPM?
Thanks, Regards Mario

Hi all,
it seems to be impossible to access the attributes:
Technical Context Object in ccBPM
Regards Mario

Need Dynamic attributes for XI adapter to use in Dynamic Configuration ..!!

Hi Friends,
We are planning send message to different receivers through XI adapter by using Dynamic Configuration.
Can anyone please tell me what are the dynamic attributes used for XI adapter.
In my scenario, I want to pass the Service Number and Path prefix of XI adpater dynamically by using sender ID from Idoc payload.
I know how to use the dynamic configuration UDF in message mapping. But I don't know the dynamic attributes which we can pass to Service Number and Path prefix of XI adpater.
Kindly suggest ..
Thanks
Deepthi.

Hi Sourabh,
>> You need to set these attributes explicitly in the adapter configuration..
Can you please elaborate on this like how to implement this? Do we need to use any module configuration in the adapter?
We will use XI adapter only while sending the data directly from IE without using any feautures of AE (like adapters, modules etc). It is like directly sending data from ABAP stack without using J2EE stack. That is the reason we can't use any Modules in XI adpater and it is in disabled by default.
When I checked in SXMB_MONI.. as you said details are found in
- <SAP:Attribute>
<SAP:Name>host</SAP:Name>
<SAP:Value>10.190.25.16</SAP:Value>
</SAP:Attribute>
- <SAP:Attribute>
<SAP:Name>httpDestination</SAP:Name>
<SAP:Value />
</SAP:Attribute>
- <SAP:Attribute>
<SAP:Name>path</SAP:Name>
<SAP:Value>/rcvA/receiver</SAP:Value>
</SAP:Attribute>
- <SAP:Attribute>
<SAP:Name>port</SAP:Name>
<SAP:Value>8210</SAP:Value>
</SAP:Attribute>
XI adapter uses mainly three parameters Host, Port and Path.
I want to pass any two of these values dynamically to achieve my solution. Can you please suggest your solution how we can implement it.
-Deepthi.

Error in committing data while using dynamic attributes

Hi,
Module: Performance Management
Page: Give Final Ratings: Main Appraiser
Here, I have used dynamic attributes to show the competency name without segments.
I have added this attribute through controller and i passed value to this attribute in the same ProcessRequest method.
But, when the manager tries to complete the appraisal for his employee by pressing the continue button in the above mentioned page, the following exception is throwing.
"This competence already exists within the assessment."
Is this dynamic attribute will be the problem for this?
can any one please tell me?
Thanks in advance,
SAN

Hi,
If you added the column from Extended Controller. It should be a transient attribute to the VO and I think it should not create any issues.
Error "This competence already exists within the assessment." looks like from an FND Message , You can try to debug this issue by finding the FND Message Name corresponding to the error and search the Message Name in the seeded code.
-Idris

Spec oversight? Using dynamic-attributes in XML tag files

I have a couple of tagfiles that generate form elements with specific conventions for the 'name' and 'value' attribute. Basically, a data binding framework.
Dynamic attributes are useful because you can delegate all the usual html attributes to the generated HTML form element: SELECT, INPUT, id, class etc.
The usual way to do this is to concatenate all the "pass-through" attributes to a string, and append this string to the element generated:
<input type="hidden" name="foo" ${dynattrs}/>I'm wondering how to do this in a tagfile in XML format (mytag.tagx), since the XML format forbids syntax like in the example above.
jsp:attribute won't help much, if it's nested inside a c:forEach: it won't apply to the right element.

Ran into the same problem with 'optional attributes'. (see post "JSP 2.0 Tag files outputting elements with conditional attributes" http://forum.java.sun.com/thread.jspa?forumID=45&threadID=681033)
Found a solution that is not very elegant but does work and saves you the trouble of reverting to Java Tags. Consider the following tag-file that outputs an html input-tag with conditional attributes:
<?xml version="1.0" encoding="utf-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2"
     xmlns:c="http://java.sun.com/jsp/jstl/core">
     <jsp:directive.attribute name="name" required="true" type="java.lang.String"/>
     <jsp:directive.attribute name="id" required="false" type="java.lang.String"/>
     <jsp:directive.attribute name="value" required="false" type="java.lang.String"/>
     <jsp:directive.attribute name="disabled" required="false" type="java.lang.Boolean"/>
     <jsp:directive.attribute name="hint" required="false" type="java.lang.String"/>
     <jsp:directive.attribute name="cssClass" required="false" type="java.lang.String"/>
     <jsp:text><![CDATA[<input type="text" name="]]><c:out value="${name}"/><![CDATA["]]></jsp:text>
     <c:if test="${!empty id}"><![CDATA[ id="]]><c:out value="${id}"/><![CDATA["]]></c:if>
     <c:if test="${!empty cssClass}"><![CDATA[ class="]]><c:out value="${disabled?(cssClass + '-disabled'):cssClass}"/><![CDATA["]]></c:if>
     <c:if test="${disabled}"><![CDATA[ disabled="disabled"]]></c:if>
     <c:choose>
          <c:when test="${!empty value}"><![CDATA[ value="]]><c:out value="${value}"/><![CDATA["]]></c:when>
          <c:when test="${!empty hint}"><![CDATA[ value="]]><c:out value="${hint}"/><![CDATA[" onfocus="if(this.value==']]><c:out value="${hint}"/><![CDATA[')this.value='';"]]></c:when>
     </c:choose>
     <jsp:text><![CDATA[/>]]></jsp:text>
</jsp:root>In answer to your question: Yes, it looks like an oversight. Using the jsp:attribute tag in a c:forEach doesn't work because the attribute is then applied to the forEach tag. You would have to put the attribute-tag inside a jsp:body tag (inside the forEach). Then it would apply not to the forEach tag but to the tag enclosing the forEach. However, this doesn't work either, or at least it doesn't work in Tomcat 5.5. Could be a bug though, JSP 2.0 is still very buggy (for instance, using a tagfile inside another tagfile from the same taglib doesn't seem to work either...)
Anyway, if you ever find a good solution please let me know by posting to this topic!
TIA

How to create Exchange dynamic distribution list using multivalue extension custom attribute

I am trying to create a dynamic distribution list using an ExtensionCustomAttribute. I am in hybrid mode with Exchange 2013. The syntax I have is this:
New-DynamicDistributionGroup -Name "DG_NH" -RecipientFilter {(ExtensionCustomAttribute2 -eq 'NH')}
This works correctly on-prem. But hosted always results in an empty list. I can see in dirsync the attribute is in the hosted environment, but for whatever reason, the distribution group gets created but always come up null.
If I create a group looking at the single valued attributes, such as CustomAttribute6 -eq 'Y', it works correctly on-prem and hosted.
If anyone has any suggestions I would appreciate it.

I don't think I provided enough information about the problem. Let me add some and see if it makes sense.
I have an Exchange 2013 on-premise configured in hybrid mode with Office365. For testing purposes, I have 2 users, Joe and Steve, one with the mailbox on-prem, and the other with the mailbox in the cloud. Each of them has CustomAttribute6 = 'Y'
and ExtensionCustomAttribute2 = 'NH'. Dirsync shows these users and these attributes are synced between on-prem and cloud.
Using on-prem Exchange powershell, I run the following command:
New-DynamicDistributionGroup -Name "DG_NH" -RecipientFilter {((RecipientType -eq UserMailBox) -or (RecipientType -eq MailUser) -and (CustomAttribute6 -eq 'Y')}
This correctly finds the 2 users when I query for them as follows:
$DDG = Get-DynamicDistributionGroup DG_NH
Get-Recipient -RecipientPreviewFilter $DDG.RecipientFilter | FT alias
So I then delete this DG, and recreate it this time looking at the multi-value attribute ExtensionCustomAttribute2, as follows:
New-DynamicDistributionGroup -Name "DG_NH" -RecipientFilter {((RecipientType -eq UserMailBox) -or (RecipientType -eq MailUser) -and (ExtensionCustomAttribute2 -eq 'NH')}
Replaying the query above, I can see this also works fine and finds my two users.
Next I open a new powershell and connect to Office 365 and repeat the process there.
New-DynamicDistributionGroup -Name "DG_NH" -RecipientFilter {((RecipientType -eq UserMailBox) -or (RecipientType -eq MailUser) -and (CustomAttribute6 -eq 'Y')}
This correctly finds the 2 users when I query for them.
And then delete the group and recreate it using the multi-value attribute:
New-DynamicDistributionGroup -Name "DG_NH" -RecipientFilter {((RecipientType -eq UserMailBox) -or (RecipientType -eq MailUser) -and (ExtensionCustomAttribute2 -eq 'NH')}
When I run the query this time it produces no result. Every test I try results in an empty group if I am using a multi-valued attribute in the search criteria in the cloud. If I use single valued attribute, it works fine.
I really need to be able to get multi-valued DDG's working in the cloud. If anyone has done this and has any suggestions, I would appreciate seeing what you did. And if this is the wrong forum to port this, if you can point me to a more suitable
forum I will report there.
Thanks,
Richard

TS2972 my apple tv devices and other apple devices can access my library but using my library, i cant access any of the apple tv devices through airplay

my apple tv devices and other apple devices can access my library but using my library, i cant access any of the apple tv devices through airplay

Home sharing isn't working either
Which is why you can not use the remote app. Did you turn on home sharing on your computer and on ATV?
eve though they have the same Apple ID.
Did you enter the ApplieID in the home sharing login though? Or just in for the iTunes store, or iCloud, or photo sharing, or something else?
Home sharing isn't working either, I can't play or transmit any video from my iPad to the Apple TV because it doesn't recognize it
That would be AirPlay, not homesharing. THey are not related. Did you enable air play on all the devices?
Have you run the network test tools on ATV? Can ATV access the iTunes store, Netflix, etc?

Using multiple agents through one webgate

How can we use multiple agents through one webgate.when i copy a file OBACESSCLIENT.XML its gets overwritten what should i do.

This is trivial to do - just don't use Finder aliases.
Aliases are Mac OS X-specific and UNIX-based applications like apache don't know how to deal with them.
The solution is to use symbolic links, the original UNIX equivalent of the Mac's aliases.:
<pre class=command>$ cd /Library/WebServer/Documents
$ ln -s /Volumes/User1Drive user1
$ ln -s /Volumes/User2Drive user2
...</pre>
etc.
This will create a symbolic link from user1 to /Volumes/User1Drive. Now when anyone hits /user1 on your server they'll given the content on /Volume/User1Drive.
There is an alternative solution which doesn't use directory paths, but hostnames. It's possible to configure Apache's virtual hosts so that 'http://user1.server.com/' is based on /Volumes/User1Drive while 'http://user2.server.com/' is based on /Volumes/User2Drive, and so on.
This takes some configuration in DNS to point all the hostnames to the same IP address, but it's another option that can scale without the need of more IP addresses.

Extended receiver determination and Dynamic attributes

Hello,
is it possible to access dynamic attributes within an extended receiver determination? Can I modify / set dynamic attributes of an XI message within an UDF in the extended receiver determination mapping?
In detail: In my scenario I want to use an extended rec. determination, make a lookup in a DB inside the determination in order to define the receiver, and based on the lookup result I want to add some information as dynamic attributes to the XI message, which then can be accessed in the interface determination as conditions.
Thanks,
Chris

Hi,
In my scenario I want to use an extended rec. determination, make a lookup in a DB inside the determination in order to define the receiver, and based on the lookup result I want to add some information as dynamic attributes to the XI message, which then can be accessed in the interface determination as conditions - See you can do a DB lookup in a msg mapping........but by the time you have reached msg mapping your receiver determination will be done......so your receiver is already decided............Extended recever determination is for dynamically choosing a recever based on source msg's data.........
Regards,
Rajeev Gupta

Deferred EL in dynamic attributes

According to the Sun Java EE 5 tutorial, using deferred EL ( #{} syntax) is forbidden for usage in a tag's dynamic attributes.
What's the exact use of making this illegal? (what problem does this rule solve?)
Anyway, I'm asking since I have developed lots of JSF 1.1 components with dynamic attributes that accept EL expressions. Technically it's not a problem. In the tag handler, I just itterate over all collected attributes, check if they're EL using the JSF API and if so create a value binding for them.
However, in JSP 2.1/JSF 1.2 the container prevents the "#{...}" string from reaching my tag handler code. This is very nasty. I can of course disable container evaluation for the entire page, but this is quite an ugly solution.
Is there any neat workaround for this problem?

When in doubt, check
the 2.1 spec. I'm guessing that the tutorial has a
doc error.You're right, I checked the (may 2006) JSP 2.1 spec, and on page 2-72, section 3 it says:
Dynamic attributes must be considered to accept request-time expression values
as well as deferred expressions.So, the tutorial is definitely wrong.
Maybe someone should notify Sun about this? It seems most people would resort to reading tutorials first instead of wading through the spec. Especially if a Sun tutorial states something, many people will probably consider it 'official'. Perhaps even the Tomcat folks have read said tutorial instead of the spec. Using an EL value in a dynamic attribute in Tomcat 6 causes a translation error.
Btw, I'm not 100% sure how to interpret this note from the spec:
Note that passing a String literal as a dynamic attribute will never be considered
as a deferred expression.What other way is there to pass a deferred expression than through a String litteral?

Custom Dynamic Attributes

Hello Experts:
Does anyone knows if it is possible to create a Custom Dynamic Attribute for Bid Comparison where this custom Attribute can be automatically filled through a function module or program with some calculated value?
My requirement is to provide an automatic supplier qualification which can be used as a comparison attribute, the qualification could be calculated using supplier information from previous POs, Confirmations, etc.
Hope you can help me out
Hugo

Hi,
Dynamic Attributes for Bid Invitation can be created using customization.
SPRO-> SRM Server->Bid Invidation - > Dynamic Attributes.
Generally the response to the dynamic attributes are given by Bidder when submitting the Bid.
For automaic population of response to the bidder do you want to do through report ?
you can implement "BBP_DOC_CHANGE" BADI metod "BBP_QUOT_CHANGE" for pupulating the response of dynamic attribute while submitting BId.
Regards
Kalandi
PS : Reward points if it helps you.

NPAS: How do I use Cisco ASA RADIUS attribute 146?

We have a Cisco ASA 5520 running firmware 8.4.5 and are using it for AnyConnect SSL VPN. We are using Microsoft Network Policy and Access Services (NPAS) as a RADIUS server to handle authentication requests coming from the ASA.
We have three tunnel groups configured on the ASA, and have three Active Directory security groups that correspond with each one. At this time, we are using Cisco's vendor-specific RADIUS attribute 85 (tunnel-group-lock) to send back to the ASA a string
that corresponds to a policy rule in NPAS based on the matched group membership. This works in the sense that each user can only be a member of one of the three AD security groups used for VPN, and if they pick a tunnel group in the AnyConnect client
that doesn't correspond to them, the ASA doesn't set up the session for them.
Well, Cisco added vendor-specific RADIUS attribute 146 (tunnel-group-name) in firmware 8.4.3. This is an *upstream* attribute, and is one that is sent by the ASA to the RADIUS server. We would like to use this attribute in our policies in NPAS
to help with policy matching. By doing this, we could allow people to be in more than one VPN group and select more than one of the tunnel groups in the AnyConnect client, each of which may provide different network access.
The question becomes, how can I use this upstream RADIUS attribute in my policy conditions? I tried putting it in the policy in the Vendor-Specific section under Policies (the same place where we had attribute 85 defined), but this doesn't work.
These are just downstream attributes that the NPAS server sends back to the RADIUS client (the ASA). The ASA seems to ignore attribute 146 if it is sent back in this manner and the result is that the first rule that contains a group the user is a member
of is matched and authentication is successful. This is undesirable, because it means the person could potentially select a tunnel group and successfully authenticate even though that isn't what we desire.
Here is Cisco's documentation that describes these attributes: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ref_extserver.html

Philippe:
Thank you for the response, but I am already aware how to use Cisco's group-lock or tunnel-group-lock with RADIUS and, in fact, we are already using tunnel-group-lock (attribute 85).
Using tunnel-group-lock works in the sense that you have three RADIUS policies and three AD security groups (one per tunnel group configured on the ASA). Each AD group basically is designed to map to a specific tunnel group. Each RADIUS policy
contains vendor-specific attribute 85 with the name of the tunnel group. So when you connect and attempt authentication through NPAS, it goes down the RADIUS policies until the conditions match (in this case the conditions are the source RADIUS client
- the ASA - and membership in a particular AD security group), it determines if your authentication attempt is successful, and if so it sends the tunnel group name back to the ASA. If the tunnel group name matches the one associated to the user group
you selected from the list in the AnyConnect client, a VPN tunnel is established. Otherwise, the ASA rejects the connection attempt.
Frankly, tunnel-group-lock works fine so long as it is only necessary for a given individual to need to connect to only a single tunnel group. If there is a need for an individual to be able to use two out of the three or all three tunnel groups in
order to gain different access, using tunnel-group-lock or group-lock won't work. This is because the behavior will be when the RADIUS server processes the policies, the first one in the list that has the AD security group that the user is a member of
will be matched and the tunnel group name associated with that policy will be sent back to the ASA every time. If that name doesn't match the one they picked, the tunnel will not be established. This will happen every time if the tunnel group is
associated with the second or third AD group they are a member of in terms of order in the NPAS policy list.
Group-lock (attribute 25) works similarly. In such a case, the result won't be a failure to connect if the user group chosen is associated with the second or third AD group in the policy list; rather, it will just always send the ASA the first group
name and the ASA will establish the session but always apply the same policy to the client rather than the desired one.
We upgraded to firmware 8.4.5 on our ASA 5520 specifically so that we could make use of attribute 146 (tunnel-group-name). Since this is an upstream attribute sent by the ASA to the RADIUS server (rather than something send by the RADIUS server
to the ASA as part of the authentication response), we were hoping to be able to use it as an additional condition in the NPAS policies. In this way, people could be members of more than one of the AD security groups related to VPN at a time. The
problem is, I just do not know how to leverage it in the NPAS policy conditions or if it is even possible.

Use of Incremental Recon Attribute in SearchReconTask

I am attempting to implement Incremental Recon for a custom connector. I am using the oracle.iam.connectors.icfcommon.recon.SearchReconTask and wish to implement an Incremental Recon using the Incremental Recon Attribute. I have added that and Latest Token in the XML when I create my custom Scheduled Task with my custom attributes.
The JavaDoc for this class states:
The following task parameters are supported:
Filter - Filter to be used in SearchApiOp call
Incremental Recon Date Attribute, Incremental Recon Attribute - if the connector supports some attribute which is a good candidate for usage by incremental reconciliation, the attribute name can be specified by one of these parameters, if specified then the SearchApiOp will be executed with Filter containing GreaterThen(${IncrementalReconAttribute}, ${LatestToken}), the difference between these two paramters is that if Incremental Recon Date Attribute is specified, then Latest Token will be formatted as String
Latest Token - If Incremental Recon Date Attribute or Incremental Recon Attribute it will be holding the latest value of the attribute which is specified as incremental
When I define the connector I include the org.identityconnectors.framework.spi.operations.SearchOp interface and the executeQuery as follows:
public void executeQuery(ObjectClass oclass, Object filter,
ResultsHandler resultsHandler,
OperationOptions operationOptions) {
When I execute, the filter is always null. I have attempted this with valid values for Latest Token. I am not seeing either the Incremental Recon Attribute or the Latest Token in the OperationOptions list. Nothing is coming through in the Filter value either.
When I look at the FlatFileConnector.java class in the example, I am seeing an attempt to get a value of LatestToken (no space) which I assume is an error?? Was this tested?
Can anyone provide a real concrete example of using the SearchReconTask with Incremental Recon and explain the process flow?

You will have to implement FilterTranslator as well. If you look at SearchOp at http://docs.oracle.com/cd/E21764_01/apirefs.1111/e24834/toc.htm you will see 2 methods to be implemented. One createFilterTranslator and second executeQuery.
You will have to implement FilterTranslator. ICF provides [AbstractFilterTranslator for you to use. Just extend this class and provide implementation for createGreaterThanExpression and createGreaterThanOrEqualExpression APIs.
These methods will be called for filter object. See GreaterThanFilter for more information.
Your implementation should take the attribute and construct a query in string format which your target can understand and return it. This query will sent to your executeQuery API. Without these only null will be sent.
Edited by: 855254 on Apr 19, 2013 5:24 PM
Edited by: 855254 on Apr 19, 2013 5:27 PM

Airport Utility won't accept password, though it's the same that I'm using for my wi-fi access.

Hello,
First-time asker, multi-time reader. Could not find this situation exactly in other posts.
I’m having trouble accessing two different Airports.
I have an Apple Airport Extreme 802.11n (4th generation) handling the wi-fi for 3 laptops and 2 iPhones, but I needed to extend the range within the home one room so I got a Airport Express.
It’s showing up in the Airport Utility when I try to set it up, but each time I try it asks me to “enter the password for the selected airport wireless device.”
I type in the password I use when I need to access the wifi (the “WEP” password I guess?), but it’s never accepted. I’ve tried this on 3 of the Macs.
After reading some relevant comments here, I confirmed this as the “Airport network password” with the Keychain on 2 Macs. My Keychain does not show a “Base station password” at all.
I typed it in on 3 different keyboards, no caps lock, etc.
I’ve tied adding “$” and using “public,” to no avail.
I’m assuming that the password it’s asking for is the same password same as WEP password, the one that’s used when a friend visits and wants to use my wi-fi instead of 3G. It’s my network password. Is that right? Or is there some other password needed? My Keychain does not show a “Base station password” at all.
It does this for the existing Extreme as well as the Express.
It asks for the password whether I try to update the firmware as directed (7.4.2 to 7.6.1 for the Express, 7.5.1 to 7.6.1 for the Extreme), or if I click “Manual” to set up the Express.
Same thing happens using the Apple Airport Utility App on my iPhone.
I did the factory res-et thing on the Express, and it showed up with a generic name described as “with factory-default settings” so then I clicked Continue. This brought up the box saying “Are you sure you want to switch wireless networks? Setting up this AirPort wireless device requires switching wireless networks. Switching wireless networks may interrupt your connection to the Internet.”
I don’t want to switch, I want to add the Express to the existing Extreme network, so I’m (ignorantly) hesitant to say yes. Besides, it will probably just ask for a password, so I’m back to square one.
I’m mainly working on a Second Gen MacBookAir (3,2), Intel Core 2 Duo with AirPort Extreme (0x14E4, 0xD1), Firmware Version: Broadcom BCM43xx 1.0 (5.10.131.42.4) 802.11 a/b/g/n. But this situation is the same on multiple Macs and iPhones.
All my devices work fine on w-fi, but none can access the Airports using the password as mentioned above with the goal of updating firmware and setting up the Express.
So anyone have any suggestions for this issue the password problem?
Just Wonderin.
Thanks so much.

Jaime...
Open Keychain Access /Applications/Utilities
Select Passwords on the left.
type base station in the search field top right corner of the window.
Right or control click the base station keychain then click Get Info
Select the Attributes tab.
Click: Show Password
Now, you can use that password or set up one of your own. If you want to create a new password right or control click the current base station keychain then click Delete.
Now open Airport Utility /Applications/Utilities
Select the base station on the left.
Click Manual Setup then select AirPort from the menu then select the Wireless tab
Type in a new password, then type it in again to verify.
Then select: Remember this password in my keychain
Then click Update.
If at some point you forget the password for your wireless network just follow the instructions for Keychain Access above.

Use AGENT through dynamic attribute access

Similar Messages

Maybe you are looking for