User Creation in OID outside default realm

Similar Messages

• OIM User Creation Error After OIM and OID Intregation

  Hi,
  I am new in oim and i am getting popup error message for user creation from OIM application after oim and oid intregation through libovd.
  Error message : LDAP create event failed : orclguid attribute has duplicate value.
  please guide me for resolving error.
  Thanks & Regards,
  Rajeev

  Hi,
  Thanks for reply...i checked1307549.1 in metalink, In that link they are telling us to modify some tables in the data base.i have some question regarding the following steps please help.
  === ODM Solution / Action Plan ===
  1. Use the following query to find fields with "plain text" values:
  select svr.svr_name, spd.spd_field_name, svp.svp_key, svp_field_value
  from svp
  inner join spd on spd.spd_key = svp.spd_key
  inner join svr on svr.svr_key = svp.svr_key
  2. Set these plain text values to null after making backup of table.
  *(kashyap:: Which fields values we have to change)*
  3. Edit the Directory Server to re-set values.
  *(kashyap:: could you please explain this)*
  Expected error at this stage:
  -- no "System Error call admin...", but that makes sense since the values in question pertained directly to the Directory Server --

• Using the WLS 7.0 default realm can users/groups be added/deleted within a web app?

  If I use the default realm provided in WebLogic Server 7.0,
  is it possible for me to programatically add/delete users/groups
  from within a web application? Is there an API I can use to
  add/delete users/groups from the embedded LDAP server? Or can
  you only add/delete users/groups using the WebLogic Admin Console?

  Tom,
  The below is the program for creating a new user:
  import weblogic.management.MBeanHome;
  import weblogic.management.configuration.DomainMBean;
  import weblogic.management.configuration.SecurityConfigurationMBean;
  import weblogic.management.security.RealmMBean;
  import
  weblogic.management.security.authentication.AuthenticationProviderMBean;
  import weblogic.management.security.authentication.UserEditorMBean;
  import weblogic.management.security.authentication.GroupEditorMBean;
  import weblogic.management.utils.InvalidParameterException;
  import weblogic.management.utils.AlreadyExistsException;
  import weblogic.servlet.security.ServletAuthentication;
  import javax.naming.NamingException;
  import javax.naming.Context;
  import javax.naming.InitialContext;
  MBeanHome mbh;
  try{
  Hashtable env = new Hashtable();
  env.put( Context.INITIAL_CONTEXT_FACTORY,
  "weblogic.jndi.WLInitialContextFactory" );
  // use administrator account in order to create a user
  env.put( Context.SECURITY_PRINCIPAL, "system" );
  env.put( Context.SECURITY_CREDENTIALS, "weblogic" );
  Context ctx = new InitialContext( env );
  mbh = (MBeanHome)ctx.lookup( "weblogic.management.home.localhome" );
  catch( NamingException e ){
  throw new ServletException( e.toString() );
  DomainMBean dmb = mbh.getActiveDomain();
  SecurityConfigurationMBean scmb = dmb.getSecurityConfiguration();
  RealmMBean rmb = scmb.findDefaultRealm();
  AuthenticationProviderMBean providers[] = rmb.getAuthenticationProviders();
  for( int i = 0; i < providers.length; i++ ){
  if( providers[i] instanceof UserEditorMBean ){
  UserEditorMBean uemb = (UserEditorMBean)providers;
  uemb.createUser( username, password, "dynamically created user" );
  hope this helps,
  Koji
  "Tom" <[email protected]> wrote in message
  news:[email protected]...
  >
  If I use the default realm provided in WebLogic Server 7.0,
  is it possible for me to programatically add/delete users/groups
  from within a web application? Is there an API I can use to
  add/delete users/groups from the embedded LDAP server? Or can
  you only add/delete users/groups using the WebLogic Admin Console?

• BPEL Server can not start after jazn default realm has been modified

  Hi, everyone:
  In order to customize my user task assigneeGroup, I set up a new realm in the jazn-data.xml using the shell (java -jar jazn.jar -shell). I tried to modify the jazn.xml file in %OraBPELPM%\integration\orabpel\system\appserver\oc4j\j2ee\home\config, and set the default-realm attribute to my new realm.
  After these modification, the BPEL Server can not start, the server seems to stop after loading the first two EJB.
  Does anyone ever encounter this problem? Could anyone help me?

  It appears that I had the wrong oracle home and as a result some of the steps were skipped by the Universal Installer during installation, but installation was still claimed as successful. Even by launching the 'Mobile Server Repository Wizard' manually by running 'repwizard.bat' did not provide all the necessary window boxes to provide the details such as the SID, hostname, port number. I re-installed.
  After starting the back-end database and then starting mobile server and testing in IE to see if the server was working by typing in http://<host name>:80/webtogo, I got the screen displaying mobile server.
  Many thanks for your help.
  Mark

• New sap user creation

  Hi All SAP experts,
  My company has implemented 2 Systems SAP Landscape with one development and one production server which are running on R/3 Enterprise 4.7 (Kernel Release 6.20) with Microsoft SQL 2000 as database server.
  I have the following questions regarding new sap user creation by using user copy function.
  1.When I request to create new SAP User by using user copy function ,should I just create the user acct in DEV and transport it to PROD System? If yes, how could I do that?
  2.When I request to create new SAP User by using user copy function, can I just create it on PROD System only? If yes, what is the impact?
  3.When using User copy function to create new user acct, should I select all parts (like adress ,defaults,reference user, user groups.....) of the existing user to be cloned to new user acct?
  Thanks.
  Leon

  Hi Leon,
  Answer to your questions in their respective order:
  1. You can create user in DEV and then make remote client copy to PRD system using scc9 t-code. Here you can choose user accounts and authorizations for the copy. ( Rem: Data will be overwritten in target system when copied).
  You can also use client export/import(scc8/scc7)
  But, When you do the client import from the exported files using STMS,you will have to select only one of the transport requests and then STMS automatically selects the other requests for you.
  Then it will show you the different transport requests that you have created during your export, the client copy profile and the target system and client. The customizing and application data is deleted in the target client before copying for all profiles except SAP_USER. This is technically unavoidable (and hence the data will be overwritten).
  So if you can afford overwritting of user data in target client , you can go with the above procedure.
  2. Using  user copy in su01, you can copy one user to another user only in that client and is confined to that system only. So yes, If you want 2 or more users to have same authorizations, profiles ,etc etc.. you can choose this in PROD system.
  3. It depends.. If you want user to be in same group, then you can choose user groups. If you want them to have same authorizations , you can choose roles and profiles... If you want them to have same company address and others,... you can select address.. and so on.
  Also below link provides required steps in case you choose local/ remote client copy:
  http://www.sap-basis-abap.com/bc/client-copy-by-using-scc8-and-scc7.htm
  Hope this helps...
  Thanks,
  Ajith
  Edited by: Ajith Kamath on Oct 20, 2009 8:28 AM

• Function of the default realm in security settings?

  What is the function of the default realm in the security settings of the app server?
  what is the effect of specifying "ldap" as the realm-name in the login-config in web.xml? When specifying ldap, but leaving the default realm on "file", ldap is not used. only when changing the default realm to ldap, ldap authentication is attempted.
  Is there a way to debug the actual query that is being sent to the configured ldap server? when setting the log-level to finest, some information is provided, but not enough.
  TIA
  Peter

  Hi Peter,
  Specifying the realm name in the web.xml won't help. The user will be authenticated with whatever the default realm set in the AppServer. So here the realm specified in web.xml doesn't have any use.
  If you want to use LDAP for your user authentication change the DefaultRealm to LDAP instead of File. Also configure the LDAPRealm properties to point to the correct directory server and directory name.
  Maximum information will be logged when the LOG Level is set to FINEST and Audit is enabled in the Secuirty node of the appServer adminGUI, that will contain the default realm set and any security related activities logged.
  Do the following to enabled the Maximum logging.
  Open up the AdminGUI and goto the security node under the server1 instance.Click on the General tab on the right frame and set the log level to FINEST and check the Audit checkbox . Save, apply the changes and restart the AppServer .During the startup the log will show what is the default realm set.
  While the application is running all the security messages will be logged.
  Sankar

• GRC CUP - How to change SNC Name to lower case during user creation.

  Hi All,
  We are using GRC 5.3. CUP automatically creates user in R3 but SNC p:username'@'DOMAIN.COM is in upper case.
  1. During automated user creation.
  2. How change default DOMAIN.COM to lower case "domain.com"
  Currently we have to manually change is via SU01 after user has been created.
  Thank you
  Regards,
  Jacky

  Sorry please ignore this thread. I got the wrong details. Post cancelled

• Please advice process change in Solution Manger user creation

  Hello All,
  We have like 5 systems linked to Solution manager now.
  We are trying to make some improvements in our daily activities by reducing / eliminating few steps. In our current scenario, users are LDAP authenticated, so we run a query (RSLDAPSYNC_USER) and create a user. Then assign the roles in SU01.
  So, is it possible to have user creation (by LDAP authentication - RSLDAPSYNC_USER) and role assignment in a single step?
  Or
  Can you create a user group for each type of user and have any automated jobs for automatically assigning roles to the users of that user group?
  We can use su10 for assigning roles in case of more users, but i am looking for some more options.
  Thanks in advance.
  Muzammil

  Hello Miguel,
  We are using solution manager for user maintenance.
  If any internal user requests for SAP application access we give it via solution manage. Solution manager is again connected to our LDAP server and pick the details from LDAP by running a query.
  During this user creation process we have some default roles which are supposed to be given to all the users related to one particular system. Lets say SRM users, if we are creating any SRM users then we have to give the default roles to all the users we created.
  So, is it possible to have these default roles assigned automatically when i create?
  Thanks in advance.

• New user creation in AE- user group not getting assigned

  Hi All,
  Here is a typical case, wherein when we create a new user with AE for the production system, the user gets created and the roles are also assigned but the user group is not getting assigned. The user group is being fetched from a table from the backend and all that is working fine. Infact in order to test the configurations we even created a new user in the production instance of AE giving the development system as the target system for user creation and in this case the user was successfully created and the user group is also assigned. The problem is arising only when the target system is production system.
  Connectors are all working fine, but we are unable to think of a reason. Can somebody help us on this?

  Hi Vani,
  If you are provisioning the user group using user defaults, check  that production system is selected in the user defaults configured. Configuration -> user defaults. You can define any user default system, but for perticuticular user defaults that is applicable define all the systems, in which you want user defaults to be provisioned.
  Kind Regards,
  Srinivasan

• Can we automate user creation or responsibility addition

  HI,
  I would like to know, if by any way we automate user creation in apps. or If not user creation, at least responsibility addition. Lets say we create users with some default responsibility. And after that with the use of user management or CRM HTML Admin some automation can be done like, they select the responsibility they want, it reaches next approval level, once approved it automatically gets added to user account.
  Not sure if this can be done or not. I heard someone did in his project using user managemenr or CRM HTML ADmin, not sure though

  Hi,
  You can do manually (as per your other thread).
  Creating 1000+ users in Oracle R12
  Creating 1000+ users in Oracle R12
  Not sure if this can be automated. However, refer to these manuals/docs and see if it helps.
  Oracle Applications System Administrator's Guide - Security
  http://download.oracle.com/docs/cd/B53825_03/current/acrobat/121sasg.pdf
  Note: 290525.1 - Oracle User Management FAQ
  Note: 290996.1 - Oracle User Management Additional Documentation
  Oracle HRMS Approvals Management Implementation Guide
  http://download.oracle.com/docs/cd/B53825_03/current/acrobat/121ameig.pdf
  Thanks,
  Hussein

• How to automate User creation using SCAT ?

  Hi,
  Can any body help me out in generating a script for automating User creation by SCAT ?
  I recorded the steps,but failed to upload the values from the excel sheet to SAP.How to enter the values in the excel sheet - Is it row-wise or columnwise ?
  Thanks,
  s<i><b>A</b></i>mik.

  Hi,
  SCAT includes the following main steps
  1)Recording the Steps
  (Go through the screens you want to make entries to be careful not to forget to fill in Lastname and password as they are the mandatory fields and rest are optional depends on whether u want them to be involved in the script or not. Once done save the script
  2) Now declare the values u entered in the script to variables for this go to test case created in change mode and double click TCD  then select the "Field List" in the upper left corner of the screen. Now here you can see the values u entered replace any which you feel need to entered with a & . Fields which you donot declare as variables get the values u entered as default values .
  after filling fields you wanted backout from screens and save it
  3) Download the script to your computer.
  for this Select Goto > Variants> Export and save the file with .TXT
  4) open the file with excel and fill in the values donot change any entries obtained in the excel otherwise the uploading script will be corrupted.
  5)Select Execute Button in the subsequent screen choose the file with filled in entries make sure that the file is not open.
  Select the procesing mode as background to be on the safer side
  and press execute
  it will work if you have performed the above steps correctly.
  Regards,
  Manohar

• Using not default Realm in my apllication

  Hi!
  I have created another Realm on WLS70 named ApplicativeRealm, it's not the default
  Realm, I have created some Users,Groups and Roles specifics of my Application.
  Now I wish using this user in the authentication process this is my login-config:
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>ApplicativeRealm</realm-name>
  <form-login-config>
  <form-login-page>Login.html</form-login-page>
  <form-error-page>Error.html</form-error-page>
  </form-login-config>
  </login-config>
  when i try of authenticate with a valid user of ApplicativeRealm Error.html is
  displayed, but it's possible using a not default Realm?
  Thanks for any help...
  Angelo

  there's no limit to the number users/groups in the properties file, it's all
  read into memory at startup.
  if the password is too short, an error log message is dumped, but usually
  goes unseen in the mass of startup log messages.
  .paul
  Jin Group wrote:
  Hello
  Do you know if there is any problem with the size of the default realm in
  WLS 5.1 ?
  How many users could I have in the weblogic.properties ?
  are there some problems when these users try to log-in ?
  I have some reportes from my users that in some cases the WLS 5.1 doesn't
  recognize the password ?
  is it a bug ?
  Thanks in advance

• Setting a new realm as default realm

  Hi all,
  I need to integrate weblogic server 9.2 with OAM using SSPI connector.
  I configured web logic policies in OAM and configured weglogic server.
  But I couldnt get the NetPointRealm as a realm in weblogic admin console.
  So configured a realm named NetPointRealm manually and provided required security providers.
  So to activate this realm,we need to set this realm as default realm.
  But I'm not able to set that as default realm.
  Could anyone please provide any suggestions to set the new realm as default realm.
  Thanks & Regards,
  Swathi
  Edited by: user9116523 on Apr 19, 2010 10:46 PM

  Hi Faisal,
  Thanks a lot for your reply.
  Yes,the NetPoint realm is using the default identity asserter.
  Config.xml file is as follows:
  <?xml version="1.0" encoding="UTF-8"?>
  <domain xsi:schemaLocation="http://www.bea.com/ns/weblogic/920/domain
  http://www.bea.com/ns/weblogic/920/domain.xsd" xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <name>base_domain</name>
  <domain-version>9.2.3.0</domain-version>
  <security-configuration xmlns:xacml="http://www.bea.com/ns/weblogic/90/security/xacml">
  <name>base_domain</name>
  <realm>
  <sec:authentication-provider xsi:type="wls:default-authenticatorType"/>
  <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
  <sec:active-type>AuthenticatedUser</sec:active-type>
  <sec:active-type>wsse:PasswordDigest</sec:active-type>
  <sec:active-type>X.509</sec:active-type>
  <sec:base64-decoding-required>false</sec:base64-decoding-required>
  <wls:use-default-user-name-mapper>true</wls:use-default-user-name-mapper>
  <wls:default-user-name-mapper-attribute-type>CN</default-user-name-mapper-attribute-type>
  </sec:authentication-provider>
  <sec:role-mapper xsi:type="xacml:xacml-role-mapperType"/>
  <sec:authorizer xsi:type="xacml:xacml-authorizerType"/>
  <sec:adjudicator xsi:type="wls:default-adjudicatorType"/>
  <sec:credential-mapper xsi:type="wls:default-credential-mapperType"/>
  <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"/>
  <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
  <sec:name>myrealm</sec:name>
  </realm>
  <default-realm>myrealm</default-realm>
  <credential-encrypted>{3DES}Vi5yoJAzEZYw/U5nkiNT9B8M043431Rfr/QF2dMB65KlW2rbV3d7a0uGF9YxUnfFZwBv0q0BNLhzmIi/wjJ/sGUnWQ2SvNMK</credential-encrypted>
  <node-manager-username>weblogic</node-manager-username>
  <node-manager-password-encrypted>{3DES}RCc8ftzF/irGNnXbhZ3nRA==</node-manager-password-encrypted>
  </security-configuration>
  <server>
  <name>AdminServer</name>
  <listen-address/>
  </server>
  <embedded-ldap>
  <name>base_domain</name>
  <credential-encrypted>{3DES}tYhX7HO2bVJh5Pn4ldTY45UYYd2zBw/URUs++SXMZ8U=</credential-encrypted>
  </embedded-ldap>
  <configuration-version>9.2.3.0</configuration-version>
  <admin-server-name>AdminServer</admin-server-name>
  </domain>
  Thanks & Regards,
  Swathi

• Multiple user creation in R12 and migration of users

  I would like to know how we can automate a process of user creation in R12, or is there a way to create multiple users in Ebiz with respective responsibilities.
  Second case is, migration of users from one instance to another. The problem out here is selective users not all?
  Regards

  Pl search the forums for FND_USER package - you will find several hits that show how this package can be used in a programmatic fashion to bulk create new users and assign responsibilities. Examples are also available on My Oracle Support.
  To migrate user, use FNDLOAD. See this doc - you will also find hits in these forums if you search.
  376469.1 - Can FNDLOAD Migrate User Accounts Without Forcing Users To Change Their Passwords?
  HTH
  Srini

• User Name and Password in weblogic realm while invoking a web service

  Hi,
  I deployed a rpc web service using WLS 7.0 SP2 in HP-UX 11 environment. When I
  invoke the web service through my browser (IE 6.0) using the web services url,
  it brings my service method correctly. From there, if I click the invoke button
  it asks me for a network user name and password under "weblogic" realm??? If I
  provide the admin user credentials (which I supplied while creating my domain)
  it is not accepting that it keeps popping up this network user password window
  over and over. Not sure which username/password I have to provide here to see
  the result of my service.
  If I try to invoke the web service through my client (static) I am getting a connection
  refused exception. I guess either way, I am not able to access my web service.
  In the attached file, I have cut and pasted the client stack trace as well as
  the server log trace from weblogic.
  Any ideas would be highly appreciated.
  Thanks,
  Ganesh
  [errorstacktrace.txt]

  I think the client is not able to do a HTTP POST
  to the WLS server but it can do a HTTP GET.
  I dont know why.
  http://manojc.com
  "Ganesh" <[email protected]> wrote in message
  news:3eba91bc$[email protected]..
  >
  Hi,
  I deployed a rpc web service using WLS 7.0 SP2 in HP-UX 11 environment.When I
  invoke the web service through my browser (IE 6.0) using the web servicesurl,
  it brings my service method correctly. From there, if I click the invokebutton
  it asks me for a network user name and password under "weblogic" realm???If I
  provide the admin user credentials (which I supplied while creating mydomain)
  it is not accepting that it keeps popping up this network user passwordwindow
  over and over. Not sure which username/password I have to provide here tosee
  the result of my service.
  If I try to invoke the web service through my client (static) I am gettinga connection
  refused exception. I guess either way, I am not able to access my webservice.
  In the attached file, I have cut and pasted the client stack trace as wellas
  the server log trace from weblogic.
  Any ideas would be highly appreciated.
  Thanks,
  Ganesh