User attributes for LDAP

Hi guys,
Currently we have an error for LDAP attribute .
distinguishedName = (String) user.getTransientAttribute("ldap.distinguished_name");
user is of type IUser.
and it return null
where could i find the list of user attributes in LDAP? currently we have LDAP 8.8.1.

Don,
you might should have a look at a LDAP Browser (eg. http://www-unix.mcs.anl.gov/~gawor/ldap/ ) which helps a lot to find out how the structure of your LDAP server is and which attributes you can access.
1) Start the tool
2) click onto the "Quick Connect"
3) enter you LDAP server
4) press "Fetch DNs"
5) Uncheck "Anonymous bind"
6) Enter your user credentials
7) Browse your LDAP structure
It helped me a lot to get the correct settings for the DBMS_LDAP calls.
Patrick
My APEX Blog: http://www.inside-oracle-apex.com
The ApexLib Framework: http://apexlib.sourceforge.net
The APEX Builder Plugin: http://apexplugin.sourceforge.net/ New!

Similar Messages

  • How to create Users/Roles for ldap in weblogic without using admin console

    Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
    or is there any ant script for creating USers/Roles?
    Regards,
    Raghu.
    Edited by: user9942600 on Jul 2, 2009 1:00 AM
    Edited by: user9942600 on Jul 2, 2009 1:58 AM

    Hi..
    You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
    .e.g. wlst create user
    ..after connecting to admin server
    serverConfig()
    cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
    cmo.createUser("userName","Password","UserDesc")
    ..for adding/configuring a role
    cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
    cmo.createRole('','roleName', 'userName')
    ...see the mbean docs for all the different attributes, operations etc..
    ..Mark.

  • How to get user attributes from LDAP authenticator

    I am using an LDAP authenticator and identity asserter to get user / group information.
    I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
    Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
    Any help would be appreciated

    Hi Julián,
    in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
    A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
    Beginner
    Medium
    Advanced
    Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
    Hope it helps
    Detlev

  • Trying to modify two AD User attributes for multiple users?

    Hello,
    I'm a newbie to Powershell and need some help.
    I have a 2008 R2 AD and need to modify two attributes for multiple users.
    The attributes include "homeDirectory" and "unixhomedirectory".
    I have started to go through Powershell in a month of lunches but need this solution quickly.
    I have been trying  number of scripts that I cannot get to work in our test AD lab.
    Is there anyone who can help with a simple script with explanations of each line so I know how it works please?
    help

    Thanks clayman2,
    Here is what's in my .csv below
    samaccountName
    homdedirectory
    unixhomedirectory
    testuser1
    \\servername\oldhimedir\%username%
    \\servername\oldhimedir\%username%
    testuser2
    \\servername\oldhimedir\%username%
    \\servername\oldhimedir\%username%
    This is the code below I'm trying to use.
    Import-Module ActiveDirectory
    $USERS = Import-CSV c:\users.csv
    $USERS|Foreach{Set-ADUSer -Identity $_.samaccountname -homdedirectory $_.\\servername\oldhimedir\%username% -unixhomedirectory $_.\\servername\oldhimedir\%username%}
    Please let me know if I have to put the pathing in any special brackets to have PS read it. I have tried {} around the field but I get "Missing property name after reference operator"
    Thank you

  • OPSS errors with virtualize attribute in LDAP

    Hi,
    I want to retrieve the user attributes for a user in ADF on weblogic PS3 , so far Ok.
    I got the user attributes of the internal weblogic ldap user .
    Now I also want to do this from an Active Directory user , so I configured the AD authentication provider and I can see the user and groups.
    When I log in with a AD user I can see this error ( login was successful , but no user attributes )
    oracle.security.idm.ObjectNotFoundException: No User found matching the criteria
         at oracle.security.idm.providers.stdldap.util.DirectSearchResponse.initSearch(DirectSearchResponse.java:173)
         at oracle.security.idm.providers.stdldap.util.NonPagedSearchResponse.<init>(NonPagedSearchResponse.java:52)
         at oracle.security.idm.providers.stdldap.util.LDAPRealm.searchUsers(LDAPRealm.java:430)
         at oracle.security.idm.providers.stdldap.LDIdentityStore.searchUser(LDIdentityStore.java:439)
         at oracle.security.idm.providers.stdldap.LDIdentityStore.searchUser(LDIdentityStore.java:488)
         at nl.amis.security.opss.OpssBean.<init>(OpssBean.java:47)
    This is correct, so I set the virtualize attribute
    <serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">
    <property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/>
    <property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/>
         <property name="virtualize" value="true"/>
    </serviceInstance>
    The Virtual directory is working but now I got no user attributes with the internal wls user and the ad user
    this is the error.
    <VDELogger> <warn> You must use SSL port for this adapter or configure ssladapter with an adapter which uses SSL port.
    oracle.security.idm.IMException: Not supported
         at oracle.security.idm.providers.libovd.LibOVDIdentityStore.getUserPropertyNames(LibOVDIdentityStore.java:751)
         at oracle.security.idm.providers.libovd.LibOVDUser.getAllUserProperties(LibOVDUser.java:613)
         at nl.amis.security.opss.OpssBean.<init>(OpssBean.java:50)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
         at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
         at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
         at java.lang.Class.newInstance0(Class.java:355)
         at java.lang.Class.newInstance(Class.java:308)
         at oracle.adfinternal.controller.beans.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:175)
    My code to retrieve the attributes.
    ADFContext adfCtx = ADFContext.getCurrent();
    SecurityContext secCntx = adfCtx.getSecurityContext();
    this.username = secCntx.getUserName();
    for (String role : secCntx.getUserRoles()) {
    this.roles = this.roles + role + ", ";
    try {
    JpsContext jpsCtx =
    JpsContextFactory.getContextFactory().getContext();
    IdentityStoreService service = jpsCtx.getServiceInstance(IdentityStoreService.class);
    IdentityStore idStore = service.getIdmStore();
    User user = idStore.searchUser(secCntx.getUserName());
    if (user != null) {
    UserProfile userProfile = user.getUserProfile();
    PropertySet propSet = userProfile.getAllUserProperties();
    Iterator it = propSet.getAll();
    while (it.hasNext()) {
    Property prop = (Property)it.next();
    this.attributes =
    this.attributes + "property: " + prop.getName();
    Iterator it2 = prop.getValues().iterator();
    while (it2.hasNext()) {
    Object val = it2.next();
    this.attributes =
    this.attributes + " values: " + val.toString() +
    "\n";
    } catch (JpsException e) {
    e.printStackTrace();
    } catch (IMException e) {
    e.printStackTrace();
    thanks

    Edwin,
    Can you clarify the requirement - does the ADF application need to user for user profile information from both DefaultAuthenticator and AD? If querying AD is sufficient, then virtualize=true is overkill and not needed.
    Ensure that the ordering of the authn providers and the control flag settings in WLS console is correct. Refer to this blog post for more details http://fusionsecurity.blogspot.com/2011/08/couple-of-things-you-need-to-know-about.html
    All you may have to do is make the AD authn provider the first one in list (as long as the control flags are the same).
    The error you are seeing is because
    - the AD is configured using SSL
    - the code that got triggered with virtualize=true has different keystore requirements and it doesn't find the correct configuration.
    -skt

  • Use resource user attributes while creating a user

    Hi All,
    I'm developing a resource adapter for our rescource, and need to input attribute to real create that user in the rescoure. by modify skeleton resource adapter I have no where to fonud the field to input attributes for my resorce user, but for ldap there is form in tab Attribute for ldap user create, how can I do same thing in my adapter?
    Thanks a lot,
    Alice
    Message was edited by:
    Alice_1234

    If you are creating PO in foreground, you dont have the option of giving user id.
    But if you create POs in background using a scheduled job, then when you are scheduling the job, you can overwrite the default user id and give the user id you want. In this case all the POs created by the job, will have the user id created by you.
    But if you have to create a PO through background job, you have to give the inputs to PO through some programs may be BDCs or LSMW.
    Reward if this helps. you

  • Maintain attributes for Approval Limit

    Hello friends,
    I am Uptaing the USER attributes for Approval Limit, APPRV_LIM.
    I am using the FM - BBP_UPDATE_ATTRIBUTES.
    I am confused how would I pass the value and the format.
    I am passing 123 USD, Its Updating but when I see in T-CODE, pposa_bbp, I see some diffrent value being uploaded.
    I mean 123 is converted to 31003200330.02
    Any Idea as whats the issue and how should I handle this
    Ster.

    Hi
    What is the input file format you used?
    and check any currency definition in CUR (currency) attribute in PPOMA_BBP.
    BR
    Muthu

  • Maintain User Attributes

    Hello friends,
    Question 1,
    I am Uptaing the USER attributes for Approval Limit, APPRV_LIM.
    I am using the FM - BBP_UPDATE_ATTRIBUTES.
    I am confused how would I pass the value and the format. I am passing 100USD, Its Updating but when I see in T-CODE, pposa_bbp, I see some diffrent value being uploaded.
    Any Idea as whats the issue and how should I handle this.
    Question 2,
    I have updated many other attributes, Like Companu Code (BUK) usint the FM - BBP_UPDATE_ATTRIBUTES.
    The issue is it Uploaded the new ones from the Text file I had, but the concern is it deleted the existing records. ANy idea as why it deleted the existing and how can I upload the new attributes without deleting the old attributes.
    Any Suggestions,
    Ster

    Please find the below code,
    Thanks for all the suggestions.
    and the file format.
    orgunitid,companycode,sourcesystem
    50000186;2350;TD6510
    REPORT  zs_srm_BUK.
    TABLES: bbp_attributes.
    DATA : BEGIN OF t_orgunit OCCURS 0,
             orgunit TYPE objec-objid,
           END OF t_orgunit.
    DATA : l_value   TYPE bbp_attributes-value,
           l_orgunit TYPE objec-objid,
           l_ccode   TYPE bbps_om_p5502_exp-co_code,
           l_logsys  TYPE bbps_om_p5502_exp-backend.
    DATA : BEGIN OF t_bbp_attributes OCCURS 0,
              orgunit TYPE objec-objid,
              attr_id TYPE bbp_attributes-attr_id,
              logsys  TYPE bbps_om_p5502_exp-backend,
              value   TYPE bbp_attributes-value,
           END OF t_bbp_attributes.
    DATA : tmp_bbp_attributes LIKE bbp_attributes OCCURS 0 WITH HEADER LINE.
    DATA : gv_file        TYPE string.
    * Parameters
    SELECTION-SCREEN BEGIN OF BLOCK b_file WITH FRAME TITLE text-001.
    PARAMETERS: filename TYPE text255 OBLIGATORY.
    SELECTION-SCREEN END OF BLOCK b_file.
    SELECTION-SCREEN BEGIN OF BLOCK b_switches WITH FRAME TITLE text-002.
    PARAMETERS: testmode AS CHECKBOX DEFAULT 'X'.
    PARAMETERS: inheritv AS CHECKBOX DEFAULT 'X'.
    SELECTION-SCREEN END OF BLOCK b_switches.
    *   At Selection Screen On Value Request
    AT SELECTION-SCREEN ON VALUE-REQUEST FOR filename.
    *  Call Function Module /SAPDMC/LSM_F4_FRONTEND_FILE
      CALL FUNCTION '/SAPDMC/LSM_F4_FRONTEND_FILE'
        CHANGING
          pathfile         = filename
        EXCEPTIONS
          canceled_by_user = 1
          system_error     = 2
          OTHERS           = 3.
      IF sy-subrc > 0.                                          "#EC NEEDED
      ENDIF.
    *=======================================================================
    START-OF-SELECTION.
    *=======================================================================
      PERFORM read_cnt_file.
    *=======================================================================
    END-OF-SELECTION.
    *=======================================================================
      PERFORM update.
    *======================================================================*
    * Form  read_cnt_file
    *======================================================================*
    FORM read_cnt_file .
      DATA: lt_file    TYPE TABLE OF bbptab WITH HEADER LINE.
      gv_file = filename.
    * Read data from file
      CALL FUNCTION 'GUI_UPLOAD'
        EXPORTING
          filename              = gv_file
          has_field_separator   = ';'
          header_length         = 0
        TABLES
          data_tab              = lt_file
        EXCEPTIONS
          invalid_type          = 1
          no_authority          = 2
          access_denied         = 3
          bad_data_format       = 4
          header_not_allowed    = 5
          separator_not_allowed = 6
          OTHERS                = 7.
      IF sy-subrc <> 0.
      ENDIF.
      LOOP AT lt_file.
      CLEAR : l_orgunit, l_ccode, l_logsys, l_value.
        SPLIT lt_file AT ';' INTO l_orgunit
                                  l_ccode
                                  l_logsys.
        CALL FUNCTION 'CONVERSION_EXIT_ALPHA_INPUT'
          EXPORTING
            input  = l_ccode
          IMPORTING
            output = l_ccode.
        t_orgunit-orgunit = l_orgunit.
        APPEND t_orgunit.
        t_bbp_attributes-orgunit = l_orgunit.
        t_bbp_attributes-attr_id = 'BUK'.
        t_bbp_attributes-logsys  = l_logsys.
        t_bbp_attributes-value   = l_value.
        APPEND t_bbp_attributes.
      ENDLOOP.
      DELETE ADJACENT DUPLICATES FROM t_orgunit.
    ENDFORM.                    "read_cnt_file
    *&      Form  UPDATE
    FORM update .
      LOOP AT t_orgunit.
        REFRESH : tmp_bbp_attributes.
        LOOP AT t_bbp_attributes
           WHERE orgunit = t_orgunit-orgunit.
          tmp_bbp_attributes-attr_id       = t_bbp_attributes-attr_id.
          tmp_bbp_attributes-value_logsys  = t_bbp_attributes-logsys.
          tmp_bbp_attributes-value         = t_bbp_attributes-value.
          APPEND tmp_bbp_attributes.
        ENDLOOP.
        CHECK tmp_bbp_attributes[] IS NOT INITIAL.
        CLEAR : tmp_bbp_attributes.
        CALL FUNCTION 'BBP_UPDATE_ATTRIBUTES'
          EXPORTING
            orgunit_id_p        = t_orgunit-orgunit
            replace_p           = ' '
          TABLES
            it_attr_p           = tmp_bbp_attributes
          EXCEPTIONS
            object_id_missed    = 1
            no_active_plvar     = 2
            object_not_found    = 3
            no_attributes       = 4
            times_invalid       = 5
            inconsistent_values = 6
            update_error        = 7
            ambiguous_position  = 8
            OTHERS              = 9.
        IF sy-subrc = 4 OR sy-subrc = 7.
          CALL FUNCTION 'BBP_UPDATE_ATTRIBUTES'
            EXPORTING
              orgunit_id_p        = t_orgunit-orgunit
              replace_p           = 'X'
            TABLES
              it_attr_p           = tmp_bbp_attributes
            EXCEPTIONS
              object_id_missed    = 1
              no_active_plvar     = 2
              object_not_found    = 3
              times_invalid       = 5
              inconsistent_values = 6
              update_error        = 7
              ambiguous_position  = 8
              OTHERS              = 9.
        ENDIF.
        IF sy-subrc <> 0.
          MESSAGE e001(aq_ad_hoc) WITH ' ' 'BBP_UPDATE_ATTRIBUTES'.
    *   &1 Interner Fehler: &2
        ELSE.
          WRITE : / 'Records Updated'.
        ENDIF.
      ENDLOOP.
    ENDFORM.                    " UPDATE

  • User attributes

    I am trying to integrate to a J2EE application from a webdynpro and want to store connection parameters for a role. Is there a way to add a custom attribute for a role.
    Thanks
    Sachin

    Andrew,
    This spec does not specify any methods to set user attributes. So,
    you'll have to use vendor specific APIs to set user attributes. In the
    case of WLP, you can use the p13n user profile APIs.
    Subbu
    Andrew Jones said the following on 12/03/2003 06:33 AM:
    Hi
    Can you point me in the direction of some documentation that shows how to programatically
    set user attributes for JSR168 portlets?
    Thanks
    Andrew

  • User interface for updating/adding attributes in OID

    Hello,
    I have not done the develop work in OAS10g (web, oid, +) though I have years experiences as DBA in OAS and Oracle database servers.
    I need to develop a user interface for users to add or update the user's attributes such as sn, manager etc.
    The IDM system is working in prod: OAS 10g r2, installed (upgraded to) with infrastructure and oid 10.1.4.3.
    OID: user attributes have been loaded with: CN, UID, mail and etc.
    The requirement
    User interface: an app based Ohttp web 10g
    I'd like the interface works like:
    The user accessing the web interface, is prompted with UID and mail. if the user correctly fills the fields, then will be prompted with the attributes which user can add or update.
    Because I have Not done any development in OAS (web, oid), I need know what skills I need to aquire. ANd how should I proceed?
    I may know the skills would be Ohttp development and OID API (LDAP), but I need these be specific as much as possible.
    Can any point the direction with examples and docs?
    TIA
    GA

    ajaybabu007 wrote:
    For managing the user related activities (create,update,lock,unlock,delete and so on) through an Web UI interface can be administrated with the Oracle Identity Management Self Service Console (http://infra_host_name:7777/oiddas) which is an inbuild component of OID/OSSO. Please provide orcladmin/<password> credentials for accessing this Web UI.
    ---ABP thanks.
    1) the app for user to add/update the attributes. we cannot give orcladmin to them
    2) though the users as their own can access the oiddas, there are only limit of user info could be updated, which cannot serve the attributes we customized and loaded in OID.

  • Setting Application Context Attributes for Enterprise Users Based on Roles

    Hello,
    We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
    I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
    -- For each record in my RoleSitePrivileges table, set
    --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
    --   If the current user has been assigned a role matching
    --   the value in the 'RoleName' field, set the corresponding
    --   attribute to 'Y'... otherwise, set it to 'N'.
    FOR iPrivRec IN (SELECT RoleName, SiteID
                       FROM RoleSitePrivileges
                       ORDER BY SiteID)
       LOOP
          SELECT COUNT(*)
            INTO roleExists
            FROM dba_role_privs
            WHERE granted_role = UPPER(iPrivRec.RoleName)
              AND grantee = USER;
          IF roleExists > 0 THEN
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'Y');
          ELSE
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'N');
          END IF;
       END LOOP;To finish things off, I created a security policy function for the table which returns the following:
    RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                         FROM session_context
                         WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                            AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
    I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
    I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
    So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
    Thank you!

    Hello,
    We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
    I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
    -- For each record in my RoleSitePrivileges table, set
    --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
    --   If the current user has been assigned a role matching
    --   the value in the 'RoleName' field, set the corresponding
    --   attribute to 'Y'... otherwise, set it to 'N'.
    FOR iPrivRec IN (SELECT RoleName, SiteID
                       FROM RoleSitePrivileges
                       ORDER BY SiteID)
       LOOP
          SELECT COUNT(*)
            INTO roleExists
            FROM dba_role_privs
            WHERE granted_role = UPPER(iPrivRec.RoleName)
              AND grantee = USER;
          IF roleExists > 0 THEN
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'Y');
          ELSE
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'N');
          END IF;
       END LOOP;To finish things off, I created a security policy function for the table which returns the following:
    RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                         FROM session_context
                         WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                            AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
    I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
    I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
    So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
    Thank you!

  • Editing LDAP User attributes from UME interface

    Hi Gurus,
    We want to develop a solution with user management screens in WD. These screens will provide password reset and unlock functionality for users. Our users are stored in LDAP. Current connection to LDAP is in Read Only manner.
    I want to know
    1. How to enable the connection from UME to LDAP in read/write manner?
    2. What certificates need to be exchanged for write access? if any?
    3. What changes needs to be done in config file of UME?
    4. Which permissions should be granted for communication user to edit LDAP user attributes?
    Even after performing the change to read LDAP in read/write manner, will it be sure: If we lock user from UME, it will lock LDAP user? please comment.
    regards
    Kedar Kulkarni

    Hi,
    We are half way into our application between UME and LDAP. We have developed screens and tested in our internal server. In internal landscape, UME is connected to LDAP in read only fashion. So when we try to create User, it gets created in UME.
    But when we deploy same application into client landscape, we receive error as below:
    No data source feels responsible for principal. Please check the data source configuration
    Now we are not sure why this error is getting displayed.
    In client landscape there are 2 LDAPs connected to UME, with only one LDAP in read/ write access.
    Is there any way we can check which LDAP is being accessed by our code? Is there any concept of Default LDAP?
    Any code to access LDAP details will help us lot.
    regards
    Kedar Kulkarni

  • LDAP User attribute in VC

    With the USER DATA object in VC, I am able to get a list of user attributes available to the model (uniquename, first name, last name, address etc). One of the attributes we want is currently not in the list that shows up OTB. How can I add more LDAP attributes to show up in the USER DATA so that I can use them in my model?

    Can't you use the default Identity Service functions for this ?
    When you add an assign you have for example one like :
    lookupUser
    Gets the user object. If the user doesnt exist it returns null.
    The signature of this function is ids:lookupUser(userName, realmName). The arguments to the function:
    1) userName - a user name
    2) realmName - The realm name. This is optional and if not specified default realm is assumed
    Should be ok?

  • FAQ: BC-LDAP-USR (Directory Interface for User Management via LDAP )

    Version: 20060317
    Q: Where can i find more information to the BC-LDAP-USR interface ?
    A: Have a look on our ICC webpage in the SDN:
    SAP NetWeaver AS - Directory Interface for User Management via LDAP (BC-LDAP-USR)[1] [original link is broken]
    Q: What costs a arising when we want our product to be certified ?
    A: See also our SDN page under the headline "Price List".
    Q: Is there a link/page for the already certified products for this interface ?
    A: Sure, have a look on our ICC page under the headline "Certified Solutions"
    Q: Who can we ask in case of general question ?
    A: Have a look at our general ICC forum:
    SAP Integration and Certification Center (SAP ICC)
    Of course, if you have urgent requests you can send them also directly to our local ICC's:
    ICC Walldorf in Germany: [email protected]
    ICC Palo Alto in USA: [email protected]
    ICC Bangalore in India: [email protected]
    Q: Who can we ask in case of technical questions ?
    A: This depends on the state of your certification project.
    1.) If the certification contracts have been signed then you can ask in this forum and if this does not solve your question go back to your assigned integration consultant.
    2.) When the certification contracts have not been signed then you can ask questions in this forum.

    I distinguish it using the passwordExpirationTime(or something like that, i don't have code here with me).
    This is possible if after password is expired user has at least one more access.It is a user policy that can be set in the Ldap server.
    If it is possible, user can still login and perform operations.You chan search the passwordExpirationTime attribute and determine if password is expired, and the send a message to the user, telling him to change it.(If only one access is allowed and you change the password with the same application or service then do not close context, else you should not be able to connect again.) Instead, if you use an external script, then the last acces should not give you problems.
    Hope i made myself clear.

  • Automating user creation for Unity Connection when sync'd with LDAP

    Hi
    Is it possible to automatically create users that sync with unity connection?
    I have a unity connection 7.0 server that is sync'd with LDAP and i use a ldap filter so that only users with a specific attribute are sync'd. I can see the users when i try to do an import but is there anyway that they can automatically be created

    No
    Check this check box so that Cisco Unity Connection gets basic information on Connection users from the LDAP directories that you specify on the LDAP Directory page. Data is synchronized only for the Connection users that you created by importing users from the LDAP directory. Connection does not automatically create new Connection users when new users are added to the LDAP directory.
    http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/gui_reference/guide/7xcucgrg100.html#wp1069724
    HTH
    java
    if this helps, please rate
    www.cisco.com/go/pdihelpdesk

Maybe you are looking for

  • ADOBE DOCUMENT SERVICES: User for AdobeDocumentServices/Config

    Hi Adobe Lovers, I am still in the troublesome process of activating ADOBE forms in our development system. First step was full installation of SAPGUI including ADOBE Lifecycle Designer Then the RFC destination ADS was maintained although not proven

  • Font in a Textbox changed by FormStream Filler

    I am having troubles with the fonts in textboxes which are in subforms being changed to what appears to a default font and size by FormStream Filler. In LiveCycle, I set the font to Times New Roman and the size to 5.8.  But when the form is displayed

  • I have 2 email addresses but they are not showing in the left hand column in TB, how do I rectify this problem?

    I am hoping to transfer from Outlook Express to TB. On installing TB and importing from OE the 2 email address I have do not show as seperate accounts. The 2 are brian@IP address and shopping@IPaddress. I use the 2 address for completely seperate rea

  • Paramenter Value Case Sensitive Setting

    Is there a setting in the pref.txt file (or any place else) to change the actions of the case sensitive setting for entering parameter values? Turning it off/on. Changing the case sensitive setting in the condition that contains the parameter does no

  • How to resize JPG in batch mode

    I am using Premiere Pro CS5 to assemble several 60 minute videos.  Each video has 20 to 30 JPG slides that need to be added to the timeline.  The JPG pictures are all the wrong size, so I am resizing with a program that does not do batch mode and is