User and Group management in ADF Application?

Hello,
I have successfully integrated my weblogic server with MS AD Ldap Server. I have all the users and groups from AD inside weblogic.
Now, I would like to create an ADF application with the ability to manage identity. For example, I could navigate to a page in my ADF application containing a list of users and groups from AD, and I could for instance create a new user, remove a group or change an attribute for the user (and all these changes reflect in the LDAP server).
Is this possible? Is there any documentation for this? I am using MS Active Directory, is there an API to integrate AD to ADF?
Thank you!
Joao Moreira

Hi,
if your LDAP server is MS Active Directory then you need to check for samples of how to access this directory server from Java. This code then would go into a managed bean to be used with the ADF application.
Frank

Similar Messages

  • LDAP user and group configuration in ADF application

    Hi All,
    I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
    However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
    Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
    Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
    I am using JDeveloper 11.1.1.5.
    Thanking you all in advance.
    Mukesh.

    I have below changes in files
    1] In jps-config.xml
    -- Added identity store and selected it from drop down in Security Context tab.
    2] In weblogic-application.xml
    In Security tab --> Role assignment mapped valid-users to principle name.
    <security>
    <realm-name>myrealm</realm-name>
    <security-role-assignment>
    <role-name>valid-users</role-name>
    <principal-name>DERDev</principal-name>
    </security-role-assignment>
    </security>
    3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
    4] Added security role "DERDev" along with the default/automatically added role "valid users"
    <security-role>
    <role-name>DERDev</role-name>
    </security-role>
    Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
    Mukesh

  • User and group management

    I just installed an evaluation version of weblogic commerce and personalization server. I understand we can create users and groups and assign users to different groups. But I am wondering who has the privilege to do this, developer or end-user? In paticular, is it possible for a super user (should be end-user) in one group to manager all other users in the same group. This feature would be especially useful for B2B portal because usually we would allow a company administrator manage all users within that company. Thanks in advance.Zhe

    Hi Steve,
    What's the plan to provide ASP support in WLPS in the future ? Is there
    any examples of WLPS that uses a 3rd party user management server (such
    as LDAP)?
    Thanks,
    Leo
    6th Dimension-
    Steve Willcox wrote:
    >
    We only support a single administrator for a 'realm' of users. We don't have an admin permission mechanism on a group of users basis. The feature you are looking for more fits the ASP model and not an enterprise application model.
    However, since WLPS/WLCS uses the WebLogic security realm to access users and groups, you can use a 3rd party user management tool that supports the permissions you are looking for in order to create users and groups. This would require the 3rd party user management tool to have an implementation of the WebLogic Security Realm class that works with this 3rd party user management server.
    Zhe Liu wrote:
    I just installed an evaluation version of weblogic commerce and personalization server. I understand we can create users and groups and assign users to different groups. But I am wondering who has the privilege to do this, developer or end-user? In paticular, is it possible for a super user (should be end-user) in one group to manager all other users in the same group. This feature would be especially useful for B2B portal because usually we would allow a company administrator manage all users within that company. Thanks in advance.Zhe--
    Steve Willcox
    BEA Systems, Inc.
    ECommerce Application Components R&D
    Architect
    mailto:[email protected]
    http://www.bea.com

  • Administration Portal user and group managent performace issue

    Hi
    I have implemented a custom IPlanet LDAP authentication provider which provides
    a realization for the needed authentication, group and user management interfaces
    (UserReader, UserEditor, GroupReader, GroupEditor).
    The authentication provider itself seems to work fine, but I think I found a possible
    performance problem in the WebLogic Administration Portal, when I studied the
    authentication framework by remote debugging. Response times (with just one simultaneous
    user) are quite long (over 8 seconds) with 40 groups on the same hierarchy level
    on the Users, Groups and Roles tree. I'm developing with P4 processor and 1 Gb
    ram (512 Mb allocated for WLS)
    After little debugging I found out that every time a node in the group tree is
    dlicked isMember() method of the authentication provider gets called n * (n -1)
    times, where n is the number of visible groups in the hierachy tree. '
    What happens is that for each group, the membership of all the other visible groups
    is checked by the isMember(group, member, recursive), method call. Even the usage
    of a membership cache in this point didn't speed up the rendering noticeably.
    By placing a break point in the isMember() method and studying the call stack,
    one can see that all the isMember() calls are made during the rendering performed
    by the ControlTreeWalker. For example if there is 40 groups visible in the tree,
    the isMember() method gets called 1600 times. This seems quite heavy. With a
    small number of groups per hierarchy level this problem might not be serious,
    but in case where there would be over 30 000 customer companies using the portal
    and each having their own user groups, it could be an issue.
    The problem does not occur with WebLogic console and browsing of groups and users
    (using the same authentication provider) is fast with it. When a user is selected
    from the user list and the Groups tab is checked, the Possible Groups and Current
    Groups list boxes will get populated. When debugging this sequence, one can see
    that only the listGroups() method of the authentication provider is called once
    per list box and the order of method calls is of order n (rather than n^2 which
    is the case with the Administrator Portal).
    Has anyone had similar problems with Administrator Portal's performance?
    Ville

    Ville,
    You're correct about the performance degradation issue. This is being
    addressed in SP2.
    Thanks,
    Phil
    "Ville" <[email protected]> wrote in message
    news:[email protected]...
    >
    Hi
    I have implemented a custom IPlanet LDAP authentication provider whichprovides
    a realization for the needed authentication, group and user managementinterfaces
    (UserReader, UserEditor, GroupReader, GroupEditor).
    The authentication provider itself seems to work fine, but I think I founda possible
    performance problem in the WebLogic Administration Portal, when I studiedthe
    authentication framework by remote debugging. Response times (with justone simultaneous
    user) are quite long (over 8 seconds) with 40 groups on the same hierarchylevel
    on the Users, Groups and Roles tree. I'm developing with P4 processor and1 Gb
    ram (512 Mb allocated for WLS)
    After little debugging I found out that every time a node in the grouptree is
    dlicked isMember() method of the authentication provider gets called n *(n -1)
    times, where n is the number of visible groups in the hierachy tree. '
    What happens is that for each group, the membership of all the othervisible groups
    is checked by the isMember(group, member, recursive), method call. Eventhe usage
    of a membership cache in this point didn't speed up the renderingnoticeably.
    >
    By placing a break point in the isMember() method and studying the callstack,
    one can see that all the isMember() calls are made during the renderingperformed
    by the ControlTreeWalker. For example if there is 40 groups visible inthe tree,
    the isMember() method gets called 1600 times. This seems quite heavy.With a
    small number of groups per hierarchy level this problem might not beserious,
    but in case where there would be over 30 000 customer companies using theportal
    and each having their own user groups, it could be an issue.
    The problem does not occur with WebLogic console and browsing of groupsand users
    (using the same authentication provider) is fast with it. When a user isselected
    from the user list and the Groups tab is checked, the Possible Groups andCurrent
    Groups list boxes will get populated. When debugging this sequence, onecan see
    that only the listGroups() method of the authentication provider is calledonce
    per list box and the order of method calls is of order n (rather than n^2which
    is the case with the Administrator Portal).
    Has anyone had similar problems with Administrator Portal's performance?
    Ville

  • Using users and groups from LDAP in ADF application

    Hi there,
    I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
    I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
    Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
    But I can't find proper/up-to-date info about how to do this.
    I tried 2 major things:
    1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
    Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
    2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
    Any help or documentation that could help me?

    Since we aren't using EM I had to find an other way. And I found it.
    In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
    Thanks for the help.

  • Manage Users and -groups

    Hi all,
    I try to manage Users and -groups not with workspace administration but by HTML_UTIL. So I need to display all of the Usergroups and select mor than one group for a user and insert/edit this groups for the user.
    How can I select mor than 1 item from a LOV? and use it with HTML_UTIL.CREATE_USER and HTML_UTIL.EDIT_USER
    Thanks for yout help
    Siegwin

    Not sure if this is what you're asking, but certainly, one of the things you'd need to do is write your own PL/SQL procedure that loops through the selected rows of your UI element (whether it be a multi-select list, checkboxes or whatever) and perform the actions that you require.
    Have you attempted anything yet? What parts of this do you need help with?
    Earl

  • I can no longer use all of the "Computer Management" tools against a remote computer. "Local Users and Groups", "Event Viewer", "Performance Logs and Alerts" and "Device Manager"

    Hello All,
    I can no longer use all of the "Computer Management" tools against a remote
    computer. "Local Users and Groups", "Event Viewer", "Performance Logs and
    Alerts" and "Device Manager"
    kindly see the below snapshot for assistance
    REGARDS DANISH DANIE

    This link may help....
    http://windowsxp.mvps.org/admintools.htm
    Freeman

  • Manage users and groups on 10.5 client like 10.5 server?

    can anyone recommend software for managing local users and groups on 10.5 client? we only need filesharing and don't need the added expense of OS X Server.
    thanks

    oh, right. we can add users with the File Sharing pref pane and can add groups under the Accounts pref pane.
    i'm assisting a friend reconfigure a 'server' (os x client box) that was damaged.
    i'd like to create a new group and then add a handful of users to that group for filesharing. these users don't really need to access the mac for local login.
    they are using Windows Vista from the clients and the way it's set up now, if a user connects and modifies/creates a file, no one else can then modify the file. we have to run chmod on the file/directory for everyone to be able to change it. i'd like to configure it so the permissions work correctly without having to do this.

  • Programmatically creating Oracle Applications users and groups....

    Hi,
    does anybody know of a way for programmatically creating Oracle Applications users and groups....
    --Arvind Ashtekar                                                                                                                                                                                                                                                       

    So my question is still unanswered:
    1)I want to add users programmatically. Can I use apps.fnd_user_pkg to do this.If I am using MS Active Directory Single sign on
    2) Are you sure it is supported ny Oracle. If yes, Can you give me the link supporting this.
    Can you add my name to ur yahoo chat friends My id is arvind_ashtekar2001
    I need urgent help.
    I am getting login pag not found error for e-buz home page. iAS Server is runnung fine.(One more thing setup is failed after 100% installation. I mean it did once more system check and the error was jsp not resonding. And no action after that just sinply close that message windoe and manually close setup dialog)
    What might me the error.
    Thanks
    --Arvind Ashtekar                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  • Error encountered initializing users and groups ... Class not found.

    Hi,
    I am trying to set up the example provided in Frank Nimphius and Duncan Mills great article about 'Declarative J2EE authentication and authorization with JAAS' (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm) on iAS 10g. My current problem is this : when I try to deploy my test application using an ear file, Enterprise Manager returns the following error message : 'Error encountered initializing users and groups using the specified user manager. User manager class oracle.sample.dbloginmodule.DBTableLM.DBTableLoginModule not found.'. This class is distributed in an archive, DBLoginModule.jar, that I have put in my IASHome/j2ee/home/applib and inside my test application /WEB-INF/lib directories. I have tried putting them in one place at a time, then both, with always the same 'class not found' error as result.
    Am I missing something ?
    Where should I put this archive for it to be seen by the server ?
    Could some mistake in web.xml, jazn-data.xml, orion-web.xml or orion-application.xml cause this error ?

    Hi Kapil G,
    Please let us know if you still need help with this post.
    Thank you.

  • Browsing users and groups on WebLogic 11g

    I'm having a following "problem". I'm trying to programmatically list out all the users and groups that are currently on WebLogic. I need this because I'm building an SOA application that manages tasks for each user. Is there an API that adresses this problem?
    Thanks for help! :)

    http://download.oracle.com/docs/cd/E12840_01/wls/docs103/jmxinst/index.html
    http://download.oracle.com/docs/cd/E12840_01/wls/docs103/jmx/accessWLS.html
    http://download.oracle.com/docs/cd/E12840_01/wls/docs103/wlsmbeanref/core/index.html
    I have not tried, but it should be possible getting those details via JMX Mbeans.
    Manoj

  • Webcenter spaces user and group and WLS security realm

    I want to configure external ORACLE DB,
    I configed the security realm in WLS, and I can see the user and group list in WLS page, But I cant find any of them in webcenter spaces,
    and also can not login with those users.
    I added a user with WLS, it works well.
    do I need to do other configrations?

    First you need to create a Administrator for this new identity stores. Weblogic user is not identified now because its not mapped by first authenticator. See Oracle WebCenter Admin Guide, section 28.4.1.1 Granting the WebCenter Spaces Administrator Role Using FusionMiddleware Control. Once you have done this step, do the same steps for other application user. For this you have to give Application role to other user so that they can login and use WebCenter Space.See Oracle WebCenter Admin Guide, Section 28.4.2.1 Granting Application Roles Using Fusion Middleware Control.
    After doing above steps, restart WC_Spaces managed server.

  • How to change default /Users and /Groups to different Volume?

    Users are created in /Volumes/<boot>/Users and groups in /Volumes/<boot>/Groups.
    We need these to be created on a different volume, eg., /Volumes/External/Users, and /Volumes/External/Groups.
    Setup Assistant correctly put user Backups into */Volumes/External/Shared Items/Backups* and also correctly put web services on /Volumes/External/ServiceData -- we want to do the same for Groups and Users.
    Groups are the most critical, as the group needs bulk storage. Users we could leave as is if it can't be done.
    How can this be configured? We've read File Server Admin, Open Directory Admin, and Advanced Server admin from http://www.apple.com/server/macosx/resources/documentation.html without finding an answer.
    Thanks in advance.

    1. Create new folders on the external volume to hold users and groups, but to prevent confusion name them something other than "Users" and "Groups". /Volumes/External/NetUsers and /Volumes/External/NetGroups would be reasonable choices.
    2. Share both of these folders (in Server Admin -> server name in sidebar -> File Sharing -> Volumes & Browse modes -> select each folder -> click Share near the top right).
    3. Enable both folders for automounting on clients (Server Admin -> server name in sidebar -> File Sharing -> Share Points-> select each folder -> Share Point tab under that -> Enable Automount option) with the default options (Directory: /LDAPv3/127.0.0.1, Protocol: AFP, Use for: User home folders and group folders). Be sure to click Save (not just OK in the dialog).
    4. To migrate users, run Workgroup Manager, and change the home location for the users you want to move (select Accounts in the toolbar -> /LDAPv3/127.0.0.1 from the hidden pop-up menu under that -> User icon tab at the left -> select the user(s) you want to change -> Home tab on the right -> select the NetUsers option from the "Where" list). Then, for each user, run this command on the server: "sudo cp -Rp /Users/username /Volumes/External/NetUsers".
    5. Similarly, move Group folders in WGM (Accounts -> /LDAP... -> Groups icon on left -> select groups to move -> Group Folder tab on right -> NetGroups in the list). Then, for each group, run "sudo cp -Rp /Groups/groupname /Volumes/External/NetGroups".
    6. Test to make sure all is working before deleting the old user and group folders from /Users and /Groups (do NOT delete /Users and /Groups themselves, just the individual folders from under them).

  • Generate report to show all users and groups in Shared Services in EPM 11x

    Hi,
    Is there any way to generate a report (like a migration report or job status report) which can be generated through workspace/shared services 11.1.1.3 so that my admin can look at all the users and groups created. Something that I can view and probably print out? Any suggestions?
    ~Adeeba

    Yes, I knew this one. This basically shows me the users and groups assigned specific provision access. Is there any way to view a report that shows which users and groups have access to dimensions of an individual planning application?
    ~Adeeba

  • Assigning Roles to Users and Groups

    Hi,
    We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
    it is an urgent assignment for me..help can be appreciated...
    sudhir

    Sudhir,
    You can assign the roles to users and groups as below.
    1. Select the System Administration in the top level navigtion
    2. Select user administration
    3. You can search for a specific user or a group from this iView.
    4. Use the edit button to edit the profie of the user or group.
    5. Search for the role in the search iView.
    6. Add the role to the user of group and save.

Maybe you are looking for

  • How do I prompt a user to enter in a string name and set it so it can be used as an input for a DLL

    I was having problems entering in a string name and setting it. Any suggestions.

  • Control accounting doc. from billing

    Hello, for my accountment department, i need that from two positions of one single bill, create two positions in the accounting document. There will be at the same account, but i need two separate postings. BILL NR. 1 POS 10 MATERIAL A 100 EUROS POS

  • How to disable the link for Credit -check at item level

    Hi Experts, I have an issue tht we want to make a block to the link available for credit-release at item level. In the view of the item, when we select the item in edit view we have a button saying MORE and in tht we have CHEC CREDIT RELEASE. We want

  • Wrong Quantity conversion while posting J1IJ [Depot sale]

    Hi, In Material master i have UoM conversion maintained as below Base UoM is CAN. 1 CRT [Carton] = 12 CAN. I have posted delivery of 20 CAN correctly. But when i posted J1IJ qty updated 1.167 CRT means 14 CAN. Can you pls suggest urgently Sameer

  • Cs3 crashes on mac

    I had Contribute 4 on my iMac and was unhappy about how it used to crash when I imported a big Word file. So I bought CS3 and expected it would work better. It still crashes if asked to do anything slightly taxing. I cant see why i bought it..it seem