User attributes for LDAP
Hi guys,
Currently we have an error for LDAP attribute .
distinguishedName = (String) user.getTransientAttribute("ldap.distinguished_name");
user is of type IUser.
and it return null
where could i find the list of user attributes in LDAP? currently we have LDAP 8.8.1.
Don,
you might should have a look at a LDAP Browser (eg. http://www-unix.mcs.anl.gov/~gawor/ldap/ ) which helps a lot to find out how the structure of your LDAP server is and which attributes you can access.
1) Start the tool
2) click onto the "Quick Connect"
3) enter you LDAP server
4) press "Fetch DNs"
5) Uncheck "Anonymous bind"
6) Enter your user credentials
7) Browse your LDAP structure
It helped me a lot to get the correct settings for the DBMS_LDAP calls.
Patrick
My APEX Blog: http://www.inside-oracle-apex.com
The ApexLib Framework: http://apexlib.sourceforge.net
The APEX Builder Plugin: http://apexplugin.sourceforge.net/ New!
Similar Messages
-
How to create Users/Roles for ldap in weblogic without using admin console
Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
or is there any ant script for creating USers/Roles?
Regards,
Raghu.
Edited by: user9942600 on Jul 2, 2009 1:00 AM
Edited by: user9942600 on Jul 2, 2009 1:58 AMHi..
You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
.e.g. wlst create user
..after connecting to admin server
serverConfig()
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
cmo.createUser("userName","Password","UserDesc")
..for adding/configuring a role
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
cmo.createRole('','roleName', 'userName')
...see the mbean docs for all the different attributes, operations etc..
..Mark. -
How to get user attributes from LDAP authenticator
I am using an LDAP authenticator and identity asserter to get user / group information.
I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
Any help would be appreciatedHi Julián,
in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
Beginner
Medium
Advanced
Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
Hope it helps
Detlev -
Trying to modify two AD User attributes for multiple users?
Hello,
I'm a newbie to Powershell and need some help.
I have a 2008 R2 AD and need to modify two attributes for multiple users.
The attributes include "homeDirectory" and "unixhomedirectory".
I have started to go through Powershell in a month of lunches but need this solution quickly.
I have been trying number of scripts that I cannot get to work in our test AD lab.
Is there anyone who can help with a simple script with explanations of each line so I know how it works please?
helpThanks clayman2,
Here is what's in my .csv below
samaccountName
homdedirectory
unixhomedirectory
testuser1
\\servername\oldhimedir\%username%
\\servername\oldhimedir\%username%
testuser2
\\servername\oldhimedir\%username%
\\servername\oldhimedir\%username%
This is the code below I'm trying to use.
Import-Module ActiveDirectory
$USERS = Import-CSV c:\users.csv
$USERS|Foreach{Set-ADUSer -Identity $_.samaccountname -homdedirectory $_.\\servername\oldhimedir\%username% -unixhomedirectory $_.\\servername\oldhimedir\%username%}
Please let me know if I have to put the pathing in any special brackets to have PS read it. I have tried {} around the field but I get "Missing property name after reference operator"
Thank you -
OPSS errors with virtualize attribute in LDAP
Hi,
I want to retrieve the user attributes for a user in ADF on weblogic PS3 , so far Ok.
I got the user attributes of the internal weblogic ldap user .
Now I also want to do this from an Active Directory user , so I configured the AD authentication provider and I can see the user and groups.
When I log in with a AD user I can see this error ( login was successful , but no user attributes )
oracle.security.idm.ObjectNotFoundException: No User found matching the criteria
at oracle.security.idm.providers.stdldap.util.DirectSearchResponse.initSearch(DirectSearchResponse.java:173)
at oracle.security.idm.providers.stdldap.util.NonPagedSearchResponse.<init>(NonPagedSearchResponse.java:52)
at oracle.security.idm.providers.stdldap.util.LDAPRealm.searchUsers(LDAPRealm.java:430)
at oracle.security.idm.providers.stdldap.LDIdentityStore.searchUser(LDIdentityStore.java:439)
at oracle.security.idm.providers.stdldap.LDIdentityStore.searchUser(LDIdentityStore.java:488)
at nl.amis.security.opss.OpssBean.<init>(OpssBean.java:47)
This is correct, so I set the virtualize attribute
<serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">
<property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/>
<property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/>
<property name="virtualize" value="true"/>
</serviceInstance>
The Virtual directory is working but now I got no user attributes with the internal wls user and the ad user
this is the error.
<VDELogger> <warn> You must use SSL port for this adapter or configure ssladapter with an adapter which uses SSL port.
oracle.security.idm.IMException: Not supported
at oracle.security.idm.providers.libovd.LibOVDIdentityStore.getUserPropertyNames(LibOVDIdentityStore.java:751)
at oracle.security.idm.providers.libovd.LibOVDUser.getAllUserProperties(LibOVDUser.java:613)
at nl.amis.security.opss.OpssBean.<init>(OpssBean.java:50)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at oracle.adfinternal.controller.beans.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:175)
My code to retrieve the attributes.
ADFContext adfCtx = ADFContext.getCurrent();
SecurityContext secCntx = adfCtx.getSecurityContext();
this.username = secCntx.getUserName();
for (String role : secCntx.getUserRoles()) {
this.roles = this.roles + role + ", ";
try {
JpsContext jpsCtx =
JpsContextFactory.getContextFactory().getContext();
IdentityStoreService service = jpsCtx.getServiceInstance(IdentityStoreService.class);
IdentityStore idStore = service.getIdmStore();
User user = idStore.searchUser(secCntx.getUserName());
if (user != null) {
UserProfile userProfile = user.getUserProfile();
PropertySet propSet = userProfile.getAllUserProperties();
Iterator it = propSet.getAll();
while (it.hasNext()) {
Property prop = (Property)it.next();
this.attributes =
this.attributes + "property: " + prop.getName();
Iterator it2 = prop.getValues().iterator();
while (it2.hasNext()) {
Object val = it2.next();
this.attributes =
this.attributes + " values: " + val.toString() +
"\n";
} catch (JpsException e) {
e.printStackTrace();
} catch (IMException e) {
e.printStackTrace();
thanksEdwin,
Can you clarify the requirement - does the ADF application need to user for user profile information from both DefaultAuthenticator and AD? If querying AD is sufficient, then virtualize=true is overkill and not needed.
Ensure that the ordering of the authn providers and the control flag settings in WLS console is correct. Refer to this blog post for more details http://fusionsecurity.blogspot.com/2011/08/couple-of-things-you-need-to-know-about.html
All you may have to do is make the AD authn provider the first one in list (as long as the control flags are the same).
The error you are seeing is because
- the AD is configured using SSL
- the code that got triggered with virtualize=true has different keystore requirements and it doesn't find the correct configuration.
-skt -
Use resource user attributes while creating a user
Hi All,
I'm developing a resource adapter for our rescource, and need to input attribute to real create that user in the rescoure. by modify skeleton resource adapter I have no where to fonud the field to input attributes for my resorce user, but for ldap there is form in tab Attribute for ldap user create, how can I do same thing in my adapter?
Thanks a lot,
Alice
Message was edited by:
Alice_1234If you are creating PO in foreground, you dont have the option of giving user id.
But if you create POs in background using a scheduled job, then when you are scheduling the job, you can overwrite the default user id and give the user id you want. In this case all the POs created by the job, will have the user id created by you.
But if you have to create a PO through background job, you have to give the inputs to PO through some programs may be BDCs or LSMW.
Reward if this helps. you -
Maintain attributes for Approval Limit
Hello friends,
I am Uptaing the USER attributes for Approval Limit, APPRV_LIM.
I am using the FM - BBP_UPDATE_ATTRIBUTES.
I am confused how would I pass the value and the format.
I am passing 123 USD, Its Updating but when I see in T-CODE, pposa_bbp, I see some diffrent value being uploaded.
I mean 123 is converted to 31003200330.02
Any Idea as whats the issue and how should I handle this
Ster.Hi
What is the input file format you used?
and check any currency definition in CUR (currency) attribute in PPOMA_BBP.
BR
Muthu -
Hello friends,
Question 1,
I am Uptaing the USER attributes for Approval Limit, APPRV_LIM.
I am using the FM - BBP_UPDATE_ATTRIBUTES.
I am confused how would I pass the value and the format. I am passing 100USD, Its Updating but when I see in T-CODE, pposa_bbp, I see some diffrent value being uploaded.
Any Idea as whats the issue and how should I handle this.
Question 2,
I have updated many other attributes, Like Companu Code (BUK) usint the FM - BBP_UPDATE_ATTRIBUTES.
The issue is it Uploaded the new ones from the Text file I had, but the concern is it deleted the existing records. ANy idea as why it deleted the existing and how can I upload the new attributes without deleting the old attributes.
Any Suggestions,
SterPlease find the below code,
Thanks for all the suggestions.
and the file format.
orgunitid,companycode,sourcesystem
50000186;2350;TD6510
REPORT zs_srm_BUK.
TABLES: bbp_attributes.
DATA : BEGIN OF t_orgunit OCCURS 0,
orgunit TYPE objec-objid,
END OF t_orgunit.
DATA : l_value TYPE bbp_attributes-value,
l_orgunit TYPE objec-objid,
l_ccode TYPE bbps_om_p5502_exp-co_code,
l_logsys TYPE bbps_om_p5502_exp-backend.
DATA : BEGIN OF t_bbp_attributes OCCURS 0,
orgunit TYPE objec-objid,
attr_id TYPE bbp_attributes-attr_id,
logsys TYPE bbps_om_p5502_exp-backend,
value TYPE bbp_attributes-value,
END OF t_bbp_attributes.
DATA : tmp_bbp_attributes LIKE bbp_attributes OCCURS 0 WITH HEADER LINE.
DATA : gv_file TYPE string.
* Parameters
SELECTION-SCREEN BEGIN OF BLOCK b_file WITH FRAME TITLE text-001.
PARAMETERS: filename TYPE text255 OBLIGATORY.
SELECTION-SCREEN END OF BLOCK b_file.
SELECTION-SCREEN BEGIN OF BLOCK b_switches WITH FRAME TITLE text-002.
PARAMETERS: testmode AS CHECKBOX DEFAULT 'X'.
PARAMETERS: inheritv AS CHECKBOX DEFAULT 'X'.
SELECTION-SCREEN END OF BLOCK b_switches.
* At Selection Screen On Value Request
AT SELECTION-SCREEN ON VALUE-REQUEST FOR filename.
* Call Function Module /SAPDMC/LSM_F4_FRONTEND_FILE
CALL FUNCTION '/SAPDMC/LSM_F4_FRONTEND_FILE'
CHANGING
pathfile = filename
EXCEPTIONS
canceled_by_user = 1
system_error = 2
OTHERS = 3.
IF sy-subrc > 0. "#EC NEEDED
ENDIF.
*=======================================================================
START-OF-SELECTION.
*=======================================================================
PERFORM read_cnt_file.
*=======================================================================
END-OF-SELECTION.
*=======================================================================
PERFORM update.
*======================================================================*
* Form read_cnt_file
*======================================================================*
FORM read_cnt_file .
DATA: lt_file TYPE TABLE OF bbptab WITH HEADER LINE.
gv_file = filename.
* Read data from file
CALL FUNCTION 'GUI_UPLOAD'
EXPORTING
filename = gv_file
has_field_separator = ';'
header_length = 0
TABLES
data_tab = lt_file
EXCEPTIONS
invalid_type = 1
no_authority = 2
access_denied = 3
bad_data_format = 4
header_not_allowed = 5
separator_not_allowed = 6
OTHERS = 7.
IF sy-subrc <> 0.
ENDIF.
LOOP AT lt_file.
CLEAR : l_orgunit, l_ccode, l_logsys, l_value.
SPLIT lt_file AT ';' INTO l_orgunit
l_ccode
l_logsys.
CALL FUNCTION 'CONVERSION_EXIT_ALPHA_INPUT'
EXPORTING
input = l_ccode
IMPORTING
output = l_ccode.
t_orgunit-orgunit = l_orgunit.
APPEND t_orgunit.
t_bbp_attributes-orgunit = l_orgunit.
t_bbp_attributes-attr_id = 'BUK'.
t_bbp_attributes-logsys = l_logsys.
t_bbp_attributes-value = l_value.
APPEND t_bbp_attributes.
ENDLOOP.
DELETE ADJACENT DUPLICATES FROM t_orgunit.
ENDFORM. "read_cnt_file
*& Form UPDATE
FORM update .
LOOP AT t_orgunit.
REFRESH : tmp_bbp_attributes.
LOOP AT t_bbp_attributes
WHERE orgunit = t_orgunit-orgunit.
tmp_bbp_attributes-attr_id = t_bbp_attributes-attr_id.
tmp_bbp_attributes-value_logsys = t_bbp_attributes-logsys.
tmp_bbp_attributes-value = t_bbp_attributes-value.
APPEND tmp_bbp_attributes.
ENDLOOP.
CHECK tmp_bbp_attributes[] IS NOT INITIAL.
CLEAR : tmp_bbp_attributes.
CALL FUNCTION 'BBP_UPDATE_ATTRIBUTES'
EXPORTING
orgunit_id_p = t_orgunit-orgunit
replace_p = ' '
TABLES
it_attr_p = tmp_bbp_attributes
EXCEPTIONS
object_id_missed = 1
no_active_plvar = 2
object_not_found = 3
no_attributes = 4
times_invalid = 5
inconsistent_values = 6
update_error = 7
ambiguous_position = 8
OTHERS = 9.
IF sy-subrc = 4 OR sy-subrc = 7.
CALL FUNCTION 'BBP_UPDATE_ATTRIBUTES'
EXPORTING
orgunit_id_p = t_orgunit-orgunit
replace_p = 'X'
TABLES
it_attr_p = tmp_bbp_attributes
EXCEPTIONS
object_id_missed = 1
no_active_plvar = 2
object_not_found = 3
times_invalid = 5
inconsistent_values = 6
update_error = 7
ambiguous_position = 8
OTHERS = 9.
ENDIF.
IF sy-subrc <> 0.
MESSAGE e001(aq_ad_hoc) WITH ' ' 'BBP_UPDATE_ATTRIBUTES'.
* &1 Interner Fehler: &2
ELSE.
WRITE : / 'Records Updated'.
ENDIF.
ENDLOOP.
ENDFORM. " UPDATE -
I am trying to integrate to a J2EE application from a webdynpro and want to store connection parameters for a role. Is there a way to add a custom attribute for a role.
Thanks
SachinAndrew,
This spec does not specify any methods to set user attributes. So,
you'll have to use vendor specific APIs to set user attributes. In the
case of WLP, you can use the p13n user profile APIs.
Subbu
Andrew Jones said the following on 12/03/2003 06:33 AM:
Hi
Can you point me in the direction of some documentation that shows how to programatically
set user attributes for JSR168 portlets?
Thanks
Andrew -
User interface for updating/adding attributes in OID
Hello,
I have not done the develop work in OAS10g (web, oid, +) though I have years experiences as DBA in OAS and Oracle database servers.
I need to develop a user interface for users to add or update the user's attributes such as sn, manager etc.
The IDM system is working in prod: OAS 10g r2, installed (upgraded to) with infrastructure and oid 10.1.4.3.
OID: user attributes have been loaded with: CN, UID, mail and etc.
The requirement
User interface: an app based Ohttp web 10g
I'd like the interface works like:
The user accessing the web interface, is prompted with UID and mail. if the user correctly fills the fields, then will be prompted with the attributes which user can add or update.
Because I have Not done any development in OAS (web, oid), I need know what skills I need to aquire. ANd how should I proceed?
I may know the skills would be Ohttp development and OID API (LDAP), but I need these be specific as much as possible.
Can any point the direction with examples and docs?
TIA
GAajaybabu007 wrote:
For managing the user related activities (create,update,lock,unlock,delete and so on) through an Web UI interface can be administrated with the Oracle Identity Management Self Service Console (http://infra_host_name:7777/oiddas) which is an inbuild component of OID/OSSO. Please provide orcladmin/<password> credentials for accessing this Web UI.
---ABP thanks.
1) the app for user to add/update the attributes. we cannot give orcladmin to them
2) though the users as their own can access the oiddas, there are only limit of user info could be updated, which cannot serve the attributes we customized and loaded in OID. -
Setting Application Context Attributes for Enterprise Users Based on Roles
Hello,
We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
-- For each record in my RoleSitePrivileges table, set
-- an attribute named 'SITE_PRIVILEGE_<SiteID>'.
-- If the current user has been assigned a role matching
-- the value in the 'RoleName' field, set the corresponding
-- attribute to 'Y'... otherwise, set it to 'N'.
FOR iPrivRec IN (SELECT RoleName, SiteID
FROM RoleSitePrivileges
ORDER BY SiteID)
LOOP
SELECT COUNT(*)
INTO roleExists
FROM dba_role_privs
WHERE granted_role = UPPER(iPrivRec.RoleName)
AND grantee = USER;
IF roleExists > 0 THEN
DBMS_SESSION.set_context(
namespace => 'my_ctx',
attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
value => 'Y');
ELSE
DBMS_SESSION.set_context(
namespace => 'my_ctx',
attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
value => 'N');
END IF;
END LOOP;To finish things off, I created a security policy function for the table which returns the following:
RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
FROM session_context
WHERE attribute LIKE ''SITE_PRIVILEGE_%''
AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
Thank you!Hello,
We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
-- For each record in my RoleSitePrivileges table, set
-- an attribute named 'SITE_PRIVILEGE_<SiteID>'.
-- If the current user has been assigned a role matching
-- the value in the 'RoleName' field, set the corresponding
-- attribute to 'Y'... otherwise, set it to 'N'.
FOR iPrivRec IN (SELECT RoleName, SiteID
FROM RoleSitePrivileges
ORDER BY SiteID)
LOOP
SELECT COUNT(*)
INTO roleExists
FROM dba_role_privs
WHERE granted_role = UPPER(iPrivRec.RoleName)
AND grantee = USER;
IF roleExists > 0 THEN
DBMS_SESSION.set_context(
namespace => 'my_ctx',
attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
value => 'Y');
ELSE
DBMS_SESSION.set_context(
namespace => 'my_ctx',
attribute => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
value => 'N');
END IF;
END LOOP;To finish things off, I created a security policy function for the table which returns the following:
RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
FROM session_context
WHERE attribute LIKE ''SITE_PRIVILEGE_%''
AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
Thank you! -
Editing LDAP User attributes from UME interface
Hi Gurus,
We want to develop a solution with user management screens in WD. These screens will provide password reset and unlock functionality for users. Our users are stored in LDAP. Current connection to LDAP is in Read Only manner.
I want to know
1. How to enable the connection from UME to LDAP in read/write manner?
2. What certificates need to be exchanged for write access? if any?
3. What changes needs to be done in config file of UME?
4. Which permissions should be granted for communication user to edit LDAP user attributes?
Even after performing the change to read LDAP in read/write manner, will it be sure: If we lock user from UME, it will lock LDAP user? please comment.
regards
Kedar KulkarniHi,
We are half way into our application between UME and LDAP. We have developed screens and tested in our internal server. In internal landscape, UME is connected to LDAP in read only fashion. So when we try to create User, it gets created in UME.
But when we deploy same application into client landscape, we receive error as below:
No data source feels responsible for principal. Please check the data source configuration
Now we are not sure why this error is getting displayed.
In client landscape there are 2 LDAPs connected to UME, with only one LDAP in read/ write access.
Is there any way we can check which LDAP is being accessed by our code? Is there any concept of Default LDAP?
Any code to access LDAP details will help us lot.
regards
Kedar Kulkarni -
With the USER DATA object in VC, I am able to get a list of user attributes available to the model (uniquename, first name, last name, address etc). One of the attributes we want is currently not in the list that shows up OTB. How can I add more LDAP attributes to show up in the USER DATA so that I can use them in my model?
Can't you use the default Identity Service functions for this ?
When you add an assign you have for example one like :
lookupUser
Gets the user object. If the user doesnt exist it returns null.
The signature of this function is ids:lookupUser(userName, realmName). The arguments to the function:
1) userName - a user name
2) realmName - The realm name. This is optional and if not specified default realm is assumed
Should be ok? -
FAQ: BC-LDAP-USR (Directory Interface for User Management via LDAP )
Version: 20060317
Q: Where can i find more information to the BC-LDAP-USR interface ?
A: Have a look on our ICC webpage in the SDN:
SAP NetWeaver AS - Directory Interface for User Management via LDAP (BC-LDAP-USR)[1] [original link is broken]
Q: What costs a arising when we want our product to be certified ?
A: See also our SDN page under the headline "Price List".
Q: Is there a link/page for the already certified products for this interface ?
A: Sure, have a look on our ICC page under the headline "Certified Solutions"
Q: Who can we ask in case of general question ?
A: Have a look at our general ICC forum:
SAP Integration and Certification Center (SAP ICC)
Of course, if you have urgent requests you can send them also directly to our local ICC's:
ICC Walldorf in Germany: [email protected]
ICC Palo Alto in USA: [email protected]
ICC Bangalore in India: [email protected]
Q: Who can we ask in case of technical questions ?
A: This depends on the state of your certification project.
1.) If the certification contracts have been signed then you can ask in this forum and if this does not solve your question go back to your assigned integration consultant.
2.) When the certification contracts have not been signed then you can ask questions in this forum.I distinguish it using the passwordExpirationTime(or something like that, i don't have code here with me).
This is possible if after password is expired user has at least one more access.It is a user policy that can be set in the Ldap server.
If it is possible, user can still login and perform operations.You chan search the passwordExpirationTime attribute and determine if password is expired, and the send a message to the user, telling him to change it.(If only one access is allowed and you change the password with the same application or service then do not close context, else you should not be able to connect again.) Instead, if you use an external script, then the last acces should not give you problems.
Hope i made myself clear. -
Automating user creation for Unity Connection when sync'd with LDAP
Hi
Is it possible to automatically create users that sync with unity connection?
I have a unity connection 7.0 server that is sync'd with LDAP and i use a ldap filter so that only users with a specific attribute are sync'd. I can see the users when i try to do an import but is there anyway that they can automatically be createdNo
Check this check box so that Cisco Unity Connection gets basic information on Connection users from the LDAP directories that you specify on the LDAP Directory page. Data is synchronized only for the Connection users that you created by importing users from the LDAP directory. Connection does not automatically create new Connection users when new users are added to the LDAP directory.
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/gui_reference/guide/7xcucgrg100.html#wp1069724
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk
Maybe you are looking for
-
ADOBE DOCUMENT SERVICES: User for AdobeDocumentServices/Config
Hi Adobe Lovers, I am still in the troublesome process of activating ADOBE forms in our development system. First step was full installation of SAPGUI including ADOBE Lifecycle Designer Then the RFC destination ADS was maintained although not proven
-
Font in a Textbox changed by FormStream Filler
I am having troubles with the fonts in textboxes which are in subforms being changed to what appears to a default font and size by FormStream Filler. In LiveCycle, I set the font to Times New Roman and the size to 5.8. But when the form is displayed
-
I am hoping to transfer from Outlook Express to TB. On installing TB and importing from OE the 2 email address I have do not show as seperate accounts. The 2 are brian@IP address and shopping@IPaddress. I use the 2 address for completely seperate rea
-
Paramenter Value Case Sensitive Setting
Is there a setting in the pref.txt file (or any place else) to change the actions of the case sensitive setting for entering parameter values? Turning it off/on. Changing the case sensitive setting in the condition that contains the parameter does no
-
How to resize JPG in batch mode
I am using Premiere Pro CS5 to assemble several 60 minute videos. Each video has 20 to 30 JPG slides that need to be added to the timeline. The JPG pictures are all the wrong size, so I am resizing with a program that does not do batch mode and is