User/group overview from OID

Hello,
I am wondering if there is some/method available to produce a tree overview of all groups and users which are administered in OID. I have an Oracle Portal environment and I need to be able to specifiy a list of all users and groups they are in.
Ofcourse I can just do a ldapsearch, but I wonder if anybody knows if there are tools to do this. Preferreable I'd like to export to XML.
Thanks in advance,
Albert

Try this configuration guide for group assignment RADIUS server:
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063b318.html#wp1543772

Similar Messages

How can we retrieve the Group name from oid?

Hi:
In following request object, we can get all the user related information from oid except group name where a particular user belongs to.
For instance user id, first name, last name and email etc but we could not get the group name.
PortletRenderRequest pReq = (PortletRenderRequest)
request.getAttribute(HttpCommonConstants.PORTLET_RENDER_REQUEST);
pReq.getUser()……
Please advice, how I we get the hold of group name from orcldefaultprofilegroup (oid)?
I would really appreciate your reply.
Thank you.
- Ali Raza.

I am not sure about the PDK API to get the group name. But using LDAP API its easy to get the User Group.
If you find the answer to get the group name using PDK API, Please update in forum. It will really help others.
--Balaji S

Importing Roles-User Groups Mapping from one Environment to Another

Hi,
I have this situation. I am using WLP8.1 SP4
I have two environments (E1 and E2)and I have 2 MS Active Directory server (MS1 and MS2). The LDAP authenticator in E1 is configured to use MS1 and the LDAP authenticator in E2 is configured to use MS2. The user groups are stored in the Active Directory servers and the role-user groups mappings are done within the Weblogic.
I imported the role-user groups mappings from E1 to E2 and it works. After that, if I map another user group to an existing role and do an import again from E1 to E2, it does not take any effect. Why is it so? Any kind soul can help me? I am very lost now.?:|

Hello! :)
Unfortunately, I'm already using Catalog Manager in transferring files. I'd really like to find out if there is a particular file that defines the permissions of the objects that I should also transfer, or if I should really do that manually for each of the objects?
Thanks for the reply! :)

Creation of users in OIM from OID, where OID is target resource

Hi,
I am new to OIM. We have a scenario where we have OIM and OID. The users are being created in OID. Now we need to get these users to the OIM system to use the Change Password, Forgot Password functionalities of OIM. Can we have OID as the target resource for OIM and have a reconciliation done to get all the users from OID and have them created in OIM.
Or this possible only when OID is the Trusted Source?
Thanks in advance,

Re: OIM's Trusted Source

Restricting access using groups pulled from OID Authenticator

Using the OID Authenticator provider, can access to WLS be limited to those ldap registered users who belong to a specific group (as specified in ldap) ?
I have setup an oid authenticator provider which works in terms of WLS authentication. By looking in AdminServer.log I can see that a users group is picked up however, I'd like to use the group name to restrict access. Is this possible if specif param's in the oid authenticator are used ?

Remove or replace the ACI that says "Anonymous access" with something more in line with the level of access desired

Groups vanish from OID when a new middle tier is installed for Portal - URGENT

gurus,
we had the following portal environment -
1. database tier (sun box #1) - oracle 9i database
2. middle tier (sun box #2) - oracles 9iAS portal Release 2 with webcache option
now, we installed 9iAS on a third box (sun box#3) so we can have multiple apache servers.
after the install was done i logged into the portal to do a health check but, found that all the groups were missing.
i had following groups before bringing in sun box#3 -
GRP_ADMIN
GRP_BASE_USER and many others.
after the installation of third server i lost all the groups. it looks like the groups vanished away from the OID. i found the following -
Owner.Table Groups exist ?
(Y / N)
PORTAL.WWSEC_GROUP$ Y
ORASSO.WWSEC_GROUP$ N
could anyone reply on this pls ... its very critical cause all the user privileges has been lost due to this.
thanx a bunch.

Hi,
Just to close off this thread, I got this portal installation working. I think what made it work was adding an additional 512MB of memory to the machine in addition to the original 640MB.
Jim

To sync individual users/groups- apart from MAXL

Hi,
kindly provide info on the below
1.to sync native users after creating and deleting in Essbase with HSS without using MAXL command or full sync
2.to sync individual groups after modifying users in the group(without using MAXL or full sync)
regards,
Vinee

Per John's post, you are always going to get that NONE row in the filter as that indicates the user is provisioned to that Planning application.
Users (other than the one that want to remove) will continue to have that NONE row and then get other rows that open up access as they receive read/write rights.
The fix here is to get that user out of your Planning application. Once gone, Planning should get rid of the filter.
Failing Planning removing the filter, you can delete the filter manually.
If you have deleted it, and you think you have deprovisioned the user from Planning, and the filter still comes back -- well, now you have a problem that can only be addressed by going into the HSP_USERS table and deleting the username.
I would still quadruple check to make sure that the username is well and truly deprovisioned.
The Planning admin guide details CubeRefresh, and for a different approach, have a look at my blog re CubeRefresh.cmd (I can't remember if you are 9x or 11x, but they're awfully close) here.
Regards,
Cameron Lackpour

Domain Users AD group disappearing from SharePoint security

After applying SharePoint 2010 SP2 and the September 2014 cumulative update (KB 2883103) to our SP2010 farm, we've discovered the system is automatically removing the 'Domain Users' active
directory group from SharePoint security. It's not affecting any other AD groups or users or when Domain Users is a member of a SharePoint group. Only when Domain Users has been explicitly added to a site, library, list or document.
For example, we give Domain Users access to the root of most our site collections and then break inheritance for certain libraries or lists that need more security. Now Domain Users has disappeared from every site.  I can say
with 100% confidence that this has not been done by anyone in the organization.  Nothing else changed besides SP2 and Sept2014 CU.
Yesterday we fixed a few sites by re-adding Domain Users.  This morning those were missing again, so it must be a timer job or other cleanup process that is causing this. Again, this does not affect SharePoint groups/membership or any other
AD object, only Domain Users.
Has anyone ran into this issue or have any suggestions on a resolution?  We have enabled audit logging but have not seen any related logs yet.

Sometime between noon and 1:00pm this afternoon we lost the Domain Users group again from all sites where we re-added it. Audit logging is showing this for one particular site:
{072c340a-42cb-4861-a182-38102b53bc52}
{072c340a-42cb-4861-a182-38102b53bc52}
Site
System Account <SHAREPOINT\system>
2014-10-21T18:53:52
Security Role Bind Update
SharePoint
<roleid>-1</roleid><principalid>DOMAIN\domain users</principalid><scope>67A6138A-CBFA-42BD-87EF-86D558047D63</scope><operation>ensure removed</operation>
Does anyone know if any additional logging can be enabled to see WHY this is occurring?
So far our solution has been to setup another AD security group and nest the domain users security group inside. Not exactly a solution but at least a work around.

Sharepoint 2010 get User Groups from specific site

Hello,
I was able to get all User groups from entire site Collection.
But instead of getting user groups from entire site, I want read user groups only from one specified sub site.
Please help!
Thanks

Assuming you have an SPWeb object named "web", example:
SPSite site = new SPSite(http://yourdomain/sites/yoursite);
SPWeb web = site.OpenWeb("mysubsite/subsbusite");
web.Groups will return a collection of SPGroup objects for the current subsite. If this subsite inherits permissions from a parent site (web.HasUniquePerm = False), the list is the same as the Groups property of the parent site.
SPWeb.Groups:
http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.spweb.groups(v=office.15).aspx
SPGroup:
http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.spgroup(v=office.15).aspx
You would be better results by posting coding questions in "SharePoint 2010 - Development and Programming" instead of "SharePoint 2010 - General Discussions and Questions".
Mike Smith TechTrainingNotes.blogspot.com
Books:
SharePoint 2007 2010 Customization for the Site Owner,
SharePoint 2010 Security for the Site Owner

Groups created in OID cannot be seen in Portal - Admin screen

Hi,
I'm working on an intranet application for my company, and trying to structure Groups/Users in the OID to enable role-based security.
I'm having a problem where the groups created in OID through the OID Self Services Console, cannot be viewed in the Portal Administration page. I have assigned all users to the groups I created in OID, and made the "NEW GROUPS" members of the oip_available_users, and the AUTHENTICATED USERS groups. From what I understand, if I make them members of these 2 groups, they should be available for the Portal to see. Is that correct?
Has anyone else faced this problem. How can I create a group in OID and view it through the Portal, for giving privileges to pages in my pagegroup.
Any help would be appreciated!
Thanks,
Lakshmi

Set objectclass orclPrivilegeGroup for group.

Groups created in OID - not being seen through Portal Admin

Hi,
I also posted this in the OID section.
I'm working on an intranet application for my company, and trying to structure Groups/Users in the OID to enable role-based security.
I'm having a problem where the groups created in OID through the OID Self Services Console, cannot be viewed in the Portal Administration page. I have assigned all users to the groups I created in OID, and made the "NEW GROUPS" members of the oip_available_users, and the AUTHENTICATED USERS groups. From what I understand, if I make them members of these 2 groups, they should be available for the Portal to see. Is that correct?
Has anyone else faced this problem. How can I create a group in OID and view it through the Portal, for giving privileges to pages in my pagegroup.
Any help would be appreciated!
Thanks,
Lakshmi

You cannot add groups to the OIP_AVAILABLE_USERS group. Oracle Instant Portal is designed to only read users from that group.
Also, If creating groups for use by Portal 10g, using DAS, you should create the groups under the Portal-specific instance container in the directory information tree so that the groups show up automatically in the group LOVs for the portal instance. If they don't show up, you should still be able to see them if you opt to view "All Groups" from the Group portlet. In either case, the group must be somewhere under the global group search base configured in OID.
If you use the Group Portlet to create your groups, they will automatically be created under the Portal instance group container.

How to change the groupType attribute of a user group object?

I'm trying to change the "groupType" attribute, of a user group object, from 'Distribution' to 'Security' (and the group scope is set to 'Global').
The CAD bit mask value needed would be: 0x80000002 (Decimal -2147483646).
How to change/modify the "groupType" attribute for this user group object?
Thanks,
UD

Attribute attr= new BasicAttribute("groupType", "-2147483646");
items[0]=new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
ctx.modifyAttributes(dn, items);
--does not work.
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002141: SvcErr: DSID-031A0B56, problem 5003 (WILL_NOT_PERFORM)
Is it possible to modify it?
Thanks,
UD.

Recover users/groups/passwords after an upgrade

I've just upgraded WL 6.1 sp 2 to WL 6.2 sp 4. To upgrade, I uninstalled WL first,
then installed the new version in the same directory (I have copies of all the
old files). I copied fileRealm.properties and SerializeSystemIni.dat files from
the old installation into the new. When I try to start WebLogic, the error I get
is :
"Exception raised:
COM.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad
byte.
at COM.rsa.jsafe.JA_PKCS5Padding.performUnpadding JA_PKCS5Padding.java)
at COM.rsa.jsafe.JG_BlockCipher.decryptFinal(JG_BlockCipher.java)..."
How can I recover my users/groups/passwords from the old installation?

Just as I expected. Before following my instructions, you might need to change your folder options to show hidden files. Now go to:
'''C:/windows.old/Documents and Settings/<username on XP>/Application Data'''
And copy everything inside the '''Mozilla''' folder to
'''C:/Users/<username on Vista>/AppData/Roaming/Mozilla'''
If the '''Mozilla''' folder doesn't exist, create one.
Now, go to '''C:/windows.old/Documents and Settings/<username on XP>/Local Settings/Application Data'''
And copy everything inside the '''Mozilla''' folder into
'''C:/Users/<username on Vista>/AppData/Local/Mozilla'''
Again, if the '''Mozilla''' folder doesn't exist, create one and rename it to '''Mozilla'''.
Hope this helps!
handsomeorlandoman

Users not provisioned from OIM to OID groups

I've created an Access policy such that when i create a user with role as consultant he is automatically provisioned to OID resource and OID group( cn=group1,cn=groups,dc=ad,dc=company,dc=com ).
The user is provisioned to OID users(cn=users) but not to cn=group1,cn=group....
What could be wrong?
i have run the OID group lookup tasks to generate freshly added group lookups. Theses lookups are populated in process form when i create an access policy.
For ex the lookup generated is cn=group1,cn=group,dc=ad,dc=company,dc=com and the decode value is group1
The user profile and process form are not linked. That means changes in process form are not reflected to user profile. Can this be possible reason for the hassle defined above
please help me resolve this issue.
Edited by: Chhavi Saluja on Feb 15, 2010 1:30 AM

Hi,
Today I have also done the same thing of auto provisioning of OID through access policy. Only difference is that for selecting "Container DN" and "User group" we have created two user defined fields(lookup)in the user form which will refer to the lookups "Lookup.OID.Organization" and "Lookup.OID.Group" for inputs.These lookups are already reconciled once from OID.
As far as "container DN" iam successful but while selecting "user group" iam able to select and when i click on "create user" user is getting provisioned to OID into Container DN i specified.But user is not going into that particular group i specified.Iam assuming the reason is that as User Group is a mutivalued attribute and if we observe the process form of group selection we will see the add button. But on user form we dont have the option of child form to ADD/REMOVE the groups.
Someone pls suggest how to proceed further on this.How do i push the user into particular group/groups from the create user form itself?

Delete user's groups from OID

Hello,
I did have a problem when I did delete user from OIM, this user didn't get deleted from OID. I solved this by adding this to the undo task for Create User in OID User PD. However, one additional problem remains - users group memberships doesn't get removed when user is deleted from OIM. From the log file I can see:
DEBUG,19 Jun 2009 13:10:01,405,[XL_INTG.OID],OID:tcUtilLDAPOperations -> Parameter Variables passed are: pSearchBase = [cn=external,cn=users,dc=def,dc=star,dc=co,dc=us], pFilterExpression = [cn=cn=GROUPNAME,cn=XX,cn=Groups], pIsRelative = [false], pAttrNames = [null]
DEBUG,19 Jun 2009 13:10:01,408,[XL_INTG.OID],tcUtilOIDUserOperations -> Returning with code:USER_DOESNOT_EXIST
I think the problem is with pSearchBase -field values. Groups are not located in that LDAP-path and that's why it's returning USER_DOESNOT_EXIST. How I can tell to OIM where to look?
Thanks!
Or, maybe the problem is with "cn=cn=GROUPNAME". If so, where that extra "cn=" is coming from...?
Edited by: Jakru on Jun 19, 2009 1:52 PM

EDIT: didn't realize this was for CR.. my post was for boe.
Hey Bernard,
Here's what I do:
select SI_NAME, SI_USERGROUPS from CI_SYSTEMOBJECTS where SI_NAME = 'xyz' and SI_PROGID = 'CrystalEnterprise.User'
This will bring back the group ID's that user xyz is a member of. The groups are in a nested property of SI_USERGROUPS, which I don't think you can query directly. Once you have the ID's, however, you can run another query to find out what the group names are. Say the first query brought back three results, 123, 456 and 789. Then you'd run:
select SI_NAME from CI_SYSTEMOBJECTS where SI_ID = '123' or SI_ID = '456' or SI_ID = '789'
Perhaps you could write some logic to parse the group ID's out of the first query and put them into the second query's where clause.
HTH,
Murray
Edited by: Murray Hachey on Jul 18, 2008 3:17 PM

User/group overview from OID

Similar Messages

Maybe you are looking for