User synchronization issue between Active Directory and Solution manager.
Requirement:
Synchronize the users between Active directory and solution manager system.
<u>What we did:</u>
1. Created RFC connection (LDAP_RFC) for LDAP connector.
2. Created new LDAP connector that utilize the RFC (LDAP_RFC).
3. Created new logical LDAP Server(CUA).Here we have to maintain the connection
details to the physical directory.
4. We maintained the communication user that is used by the LDAP connector to bind the LDAP Directory Server.
5. In transaction LDAPMAP specific SAP data fields, we mapped to the desired
directory attributes.
6. Testing from LDAP transaction working fine. We are able to see the attributes and
values from Active directory.
<b><u>Issue:</u></b>
When executed the program RSLDAPSYNC_USER for user synchronization from t-code se38 with below selection .
LDAP Server = CUA (created earlier)
LDAP Connector = LDAP_RFC (RFC connection created created ealier)
In the tab: (Object that exist both in the directory and in the Database:)
Selected: Compare Time Stamp.
In the tab: (Objects the only exist in the Directory.)
Selected : Create in Database.
In the tab(Objects that only Exist in the Database:
Selected: Ignore Object.
Result from the report shows that connection to LDAP server is fine and 0(zero) objects in Directory.
The program does not create any new user in the Solution Manager system.
Any help on this issue greatly appreciated.
Thanks & Regards,
Harish
where did you see this error ? is there anymore details.
i think the account you are using for Sync does not have Replicate Directory Changes permission in AD. follow below article and give Replicate directory changes permission.
http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
Thanks, Noddy
Similar Messages
-
Issue with Active Directory User Target Recon
Hi ,
I am facing an issue with Active Directory User Target Recon
My environment is OIM 11g R2 with BP03 patch applied
AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
Checked the user profile of users processed can see AD account provisioned for users
My query is why this job is not processing allthe users.Please point if i am missing some thing .
thanks in advanceCheck the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
-Bikash -
User login report in Active Directory for specific date and time
I want to get User login report in Active Directory for specific date and time e.g user logged in at15-01-2015 from 8:00am to 4:00pm
Is any query, script or any tool available?
Waiting for reply pleaseYou can identify the last logon date and time using my script here: https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771
If you would like to get back in time and see when the user did a logon / logoff then you need to have auditing enabled. Once done, you can records from Security log in the event viewer: https://social.technet.microsoft.com/Forums/windowsserver/en-US/98cbecb0-d23d-479d-aa65-07e3e214e2c7/manage-active-directory-users-logon-logoff-events
I have started a Wiki about how to track logon / logoff and it can help too: http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Store signature image in Active Directory and deploy it to each users desktop
What I am trying to achieve is to have each user a hand written signature scanned in and stored in the .jpgPhoto attribute in Active Directory and then have some sort of script, like our login script, pull that information and copy the file to the users
desktop. We are wanting to be able to allow users to apply the signature image on a signature line in Office 2010 or InfoPath forms instead of typing their name. I know there has to be a way to do this but I have not found it yet and I am
not very good at scripting. Is there anyone here that has accomplished such a task and if so, how did you go about doing it?
David HoodWe already have Outlook email signatures created from AD information deployed to all users. Someone else on my team deployed that already and it works great. But that is just basic user info pulled from fields that were manually entered in
the user account. What I want to do is have a user scribble their signature on a piece of paper or a tablet, capture an image of that to crop and resize to store in the AD user account or somewhere secure that can be queried to be pushed to that users
desktop. I work at a state government agency and I have heard of another agency doing this but I have no idea how they did it. The only thing I could think of is to have a script ran during login to query the AD attribute the image is stored in,
pull it and then copy it to the users machine so when they sign a word document or .PDF with a digital signature they also have the option to place that image in the signature line.
David Hood -
Hello all,
This topic might have been talked about before but after a lot of searching I still have not found a solution, so I ask for a bit of help.
In our Active Directory there are many OUs where users are kept. There is no one top OU where you can start your search. I don't really know why it was set up this way and I don't have an option to change that. I would really like to have ou=users like most have!
So when I try to authenticate a user (I'm installing DSpace in my uni) I cannot automatically add the OU for the user trying to log in and the users themselves don't know their OU (well, why would they!).
I'm hoping there is some simple solution to this. Maybe JNDI API allows for searching in many OUs at the same time (some fixed list in the code)? Or maybe the OU is not needed at all in the search?
Any help/hints would be appreciated.
best regards, LogiFor searching, you can issue a subtree search will search through the entire subtree, irrespective of how many levels of OU's may exist, by using SearchControls.SUBTREE_SCOPE
Have a look at the tutorial at http://java.sun.com/products/jndi/tutorial/basics/directory/scope.html
For authentication, you can either get the user to enter their:
distinguished name
(cn=Albert Eirnstein, ou=Research,dc=Antipodes,dc=com), although that is not entirely user friendly
their NT style logon name (samAccountName)
ANTIPODES\alberte, more user friendly,
or their Windows 200 style logon name (userPrincipalName),
[email protected], equally as user friendly.
You may also want to look at some of the following posts:
JNDI, Active Directory and Authentication (Part 1) (Kerberos)
http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
JNDI, Active Directory & Authentication (part 2) (SSL)
http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50
JNDI, Active Directory & Authentication (part 3) (Digest-MD5)
http://forum.java.sun.com/thread.jspa?threadID=581868&tstart=150
JNDI, Active Directory & Authentication (part 4) (SASL EXTERNAL)
http://forum.java.sun.com/thread.jspa?threadID=641047&tstart=0
JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)
http://forum.java.sun.com/thread.jspa?threadID=726601&tstart=0
JNDI, Active Directory, Referrals and Global Catalog
http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15 -
10.6 home directory mounting with active directory and open directory integration
Hi guys i am having some issues in my new mac environment. I have a windows network with an server 2008 active directory. I have just recentlly created a "magic triangle" setup with active directory and open directory. When my users login via windows their home folders mount perfect. When any user logs in to any iMac in the building it does not work. They login perfectly fine, but their home folders do not mount. When i try mounting them manually with smb, i get a prompt for credentials. I am thinking this is my issue, my Single sign on with kerbos is working but for some reason is not logging in correctly. If i type in my credentials with my domain first then my name it works.
For example DOMAIN\jsmith works, but the way i think the mac and active directory is doing it now is just jsmith without the DOMAIN.
I feel like this is the problem with the home folders not mounting.
Can anyone provide some help with this?
Thanks,
DaniHi dani190,
are you using the fully qualified domain name of the network server? ie if your server is bob. and your domain is domain.company.com. then the FQDNS would typically be bob.domain.company.com or bob.company.com.
If the FQDNS works, then have you checked in the AD to make sure the path to the network home folder uses the FQDNS?
For the contact search path, did you put the AD at the top the list? (in directory utility)
Did you set the WINS work group on your client computer to your domain?
ie:Apple Menu, System Preferences, Network, Active Network Port (ethernet and or airport) , Advanced Button, WINS Tab, set workgroup to the name of your domain. ie domain.company.com and or company.com -
Password synchronization problem between sun DS and ADS
Hi
I installed the sun one indentity synchronization 1.0. I synchronize password between one DS and one AD.It is working fine. My problem is i want to synchronize between two sun one DS and one AD , but it is ignoring the one DS in Sync , anothe DS and AD is Synchronizing. It is not synchrnonizing the two DS and one AD server.
My SUL Configuration is
SUL Name : DS1ToADS
Windows
Base DN : ou=newsync,dc=esecurity,dc=com
Filter : destinationindicator=ameer.com
Creation Expression : cn=%cn%, ou=newsync,dc=esecurity,dc=com
Sun One Directory Server
Base DN : cn=authorization2,dc=ameer,dc=com
destinationindicator=ameer.com
SUL Name : DS2ToADS
Windows
Base DN : ou=newsync,dc=esecurity,dc=com
Filter : destinationindicator=basha.com
Creation Expression : cn=%cn%, ou=newsync,dc=esecurity,dc=com
Sun One Directory Server
Base DN : cn=authorization2,dc=basha,dc=com
destinationindicator=basha.com
I am synchronizing the existing users using the following file.
<?xml version="1.0" encoding="UTF-8"?>
<UserLinkingOperationList allowLinkingOutOfScope="true">
<UserLinkingOperation parent.attr="UserLinkingOperation"
sulid="DS1ToADS">
<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="sn"/>
<AttributeDescription parent.attr="WindowsAttribute" name="sn"/>
</AttributeMap>
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="employeenumber"/>
<AttributeDescription parent.attr="WindowsAttribute" name="employeeid"/>
</AttributeMap>
</UserMatchingCriteria>
</UserLinkingOperation>
<UserLinkingOperation parent.attr="UserLinkingOperation"
sulid="DS2ToADS">
<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="givenName"/>
<AttributeDescription parent.attr="WindowsAttribute" name="givenName"/>
</AttributeMap>
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="employeenumber"/>
<AttributeDescription parent.attr="WindowsAttribute" name="employeeid"/>
</AttributeMap>
</UserMatchingCriteria>
</UserLinkingOperation>
</UserLinkingOperationList>
Should not showing the any error after synchronization.
I am giving my log files
resync log
[05/Jan/2005:17:29:12.505 +0530] INFO 66 CNN101 csi2a01 "Sent remote source entry 'dn: 'CN=actusr2,OU=newsync,DC=esecurity,DC=com' [activedirectorydomainname=esecurity.com, employeeid=11112]'." (Action ID=CNN101-10142707E24-10, SN=4)
[05/Jan/2005:17:29:12.958 +0530] INFO 66 CNN101 csi2a01 "Sent remote source entry 'dn: 'CN=actusr1,OU=newsync,DC=esecurity,DC=com' [activedirectorydomainname=esecurity.com, employeeid=11111]'." (Action ID=CNN101-10142707E24-11, SN=4)
[05/Jan/2005:17:29:13.051 +0530] INFO 66 CNN101 csi2a01 "Sent all entries for the 'DS2TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-13, SN=0)
[05/Jan/2005:17:29:14.098 +0530] INFO 66 CNN101 csi2a01 "Sent all entries for the 'DS1TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-14, SN=0)
[05/Jan/2005:17:29:17.442 +0530] INFO 71 CNN100 csi2a01 "Received all remote entries for the 'DS1TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-14, SN=5)
[05/Jan/2005:17:29:18.567 +0530] INFO 62 CNN101 csi2a01 "Received all remote entries for the 'DS1TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-14, SN=10)
[05/Jan/2005:17:29:22.098 +0530] INFO 72 CNN102 csi2a01 "The Windows entry 'dn: 'CN=actusr1,OU=newsync,DC=esecurity,DC=com' [employeenumber=11111, givenname=ameer1] [destinationindicator=[basha.com, ameer.com]]' is already linked to the Directory Server entry 'dn: 'uid=ds1ameer1,cn=Authorization1,dc=basha,dc=com' [employeenumber=11111, destinationindicator=esecurity.com]'." (Action ID=CNN101-10142707E24-11, SN=5)
[05/Jan/2005:17:29:22.098 +0530] INFO 71 CNN102 csi2a01 "The Windows entry 'dn: 'CN=actusr2,OU=newsync,DC=esecurity,DC=com' [employeenumber=11112, givenname=ameer2] [destinationindicator=[basha.com, ameer.com]]' is already linked to the Directory Server entry 'dn: 'uid=ds1ameer2,cn=Authorization1,dc=basha,dc=com' [employeenumber=11112, destinationindicator=esecurity.com]'." (Action ID=CNN101-10142707E24-10, SN=5)
[05/Jan/2005:17:29:22.520 +0530] INFO 73 CNN102 csi2a01 "Received all remote entries for the 'DS2TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-13, SN=5)
[05/Jan/2005:17:29:22.629 +0530] INFO 63 CNN101 csi2a01 "Received all remote entries for the 'DS2TOADS' Synchronization User List." (Action ID=CNN101-10142707E24-13, SN=10)
audit log
[05/Jan/2005:17:29:15.629 +0530] FINE 16 CNN102 csi2a01 "The agent has received an outbound action from MQ: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11112] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr2 destinationindicator: basha.com, ameer.com dn: CN=actusr2,OU=newsync,DC=esecurity,DC=com employeenumber: 11112 givenname: ameer2 objectclass: top, person, organizationalPerson, user dspswuserlink: tZeGDb7WM0SW72YcOMzfew== pwdlastset: 127493062677968750 samaccountname: 1234 sn: nagore2 usnchanged: 115104 whenchanged: 20050104100213.0Z}." (Action ID=CNN101-10142707E24-10, SN=3)
[05/Jan/2005:17:29:15.895 +0530] FINE 16 CNN102 csi2a01 "The controller has received the following outbound action from the agent: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11112] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr2 destinationindicator: basha.com, ameer.com dn: CN=actusr2,OU=newsync,DC=esecurity,DC=com employeenumber: 11112 givenname: ameer2 objectclass: top, person, organizationalPerson, user dspswuserlink: tZeGDb7WM0SW72YcOMzfew== pwdlastset: 127493062677968750 samaccountname: 1234 sn: nagore2 usnchanged: 115104 whenchanged: 20050104100213.0Z}." (Action ID=CNN101-10142707E24-10, SN=4)
[05/Jan/2005:17:29:16.208 +0530] FINE 16 CNN102 csi2a01 "The agent has received an outbound action from MQ: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11111] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr1 destinationindicator: basha.com, ameer.com dn: CN=actusr1,OU=newsync,DC=esecurity,DC=com employeenumber: 11111 givenname: ameer1 objectclass: top, person, organizationalPerson, user dspswuserlink: tfNQqDQ8VEigzgJjrfcVSg== pwdlastset: 127493178093125000 samaccountname: 123 sn: nagore1 usnchanged: 115147 whenchanged: 20050104131009.0Z}." (Action ID=CNN101-10142707E24-11, SN=3)
[05/Jan/2005:17:29:16.926 +0530] FINE 16 CNN100 csi2a01 "The agent has received an outbound action from MQ: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=3)
[05/Jan/2005:17:29:16.926 +0530] FINE 16 CNN100 csi2a01 "The controller has received the following outbound action from the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=4)
[05/Jan/2005:17:29:16.973 +0530] FINE 16 CNN102 csi2a01 "The controller has received the following outbound action from the agent: Type: REFRESH SUL: DS2TOADS {Data Attrs: [UNSPEC employeenumber: 11111] [UNSPEC activedirectorydomainname: esecurity.com]} {Other Attrs: cn: actusr1 destinationindicator: basha.com, ameer.com dn: CN=actusr1,OU=newsync,DC=esecurity,DC=com employeenumber: 11111 givenname: ameer1 objectclass: top, person, organizationalPerson, user dspswuserlink: tfNQqDQ8VEigzgJjrfcVSg== pwdlastset: 127493178093125000 samaccountname: 123 sn: nagore1 usnchanged: 115147 whenchanged: 20050104131009.0Z}." (Action ID=CNN101-10142707E24-11, SN=4)
[05/Jan/2005:17:29:16.973 +0530] FINE 16 CNN102 csi2a01 "The agent has received an outbound action from MQ: Type: SENTINEL SUL: DS2TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-13, SN=3)
[05/Jan/2005:17:29:16.989 +0530] FINE 16 CNN102 csi2a01 "The controller has received the following outbound action from the agent: Type: SENTINEL SUL: DS2TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-13, SN=4)
[05/Jan/2005:17:29:17.442 +0530] FINER 13 SysMgr_100 csi2a01 "Sending an acknowledgement to the console for request (ID=1104926235041)."
[05/Jan/2005:17:29:17.473 +0530] FINE 13 SysMgr_100 csi2a01 "Sent an acknowledgement to the console for request (ID=1104926235041)."
[05/Jan/2005:17:29:17.457 +0530] FINE 71 CNN100 csi2a01 "The agent has received the following inbound action from the controller: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=6)
[05/Jan/2005:17:29:17.489 +0530] INFO 71 CNN100 csi2a01 "The agent is sending the following inbound action to MQ: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=7)
[05/Jan/2005:17:29:17.504 +0530] FINER 71 CNN100 csi2a01 "The controller has acknowledged the following outbound action to the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=8)
[05/Jan/2005:17:29:18.192 +0530] FINE 16 CNN101 csi2a01 "The agent has received an outbound action from MQ: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=8)
[05/Jan/2005:17:29:18.364 +0530] FINE 16 CNN101 csi2a01 "The controller has received the following outbound action from the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=9)
[05/Jan/2005:17:29:18.676 +0530] FINER 62 CNN101 csi2a01 "The controller has acknowledged the following outbound action to the agent: Type: SENTINEL SUL: DS1TOADS {Data Attrs: } {Other Attrs: }." (Action ID=CNN101-10142707E24-14, SN=11)
Please do the needful
BashaHi Joshua,
Does this mean that I need to install the core and sub component but no need to install the DS and AD connectors. No!!! Core must only be installed on one machine! Here is a short summary of the steps during an installation having sun ONE LDAPs in multi-master replication (taking ldap2 as the machine, whrere core is installed):
1. Install core on ldap2
2. start console and configure your directory sources. For the sun directory source enter ldap2 as the preferred and ldap1 as the secondary ldap. Configure the rest: attribute-mapping, modification flow, AD-source, SULs, etc. save the configuration.
3. on ldap2 run idsync prepds untill you get the SUCCESS message in the following way (be sure to specify the secondary ldap with -j and -r options):
idsync prepds -h <ldap2> -p <ldap2port> -j <ldap1> -r <ldap1port> -D "cn=directory manager" -w <passwort> -s <configuration_registry_suffix>4. Run the install binaries again on ldap2. Install DS Connector on ldap2, install DS-Subcomponent (preferred) on ldap2. Install AD-Connector.
5. Copy over install binaries to ldap1. Run the install binaries on ldap1. Give ldap2 as configuration directory URL When you are asked, what components to install, select subcomponent. Select the suffix. When you are asked, what type of ldap, select secondary.
6. Copy over install binaries to any ldap slave in your replication topology and install the subcomponent there, choosing "other" as the ldap type.
Good luck again...
Jakob. -
Problem in provisioning user from oim to active directory using ssl
hi,
problem in provisioning user from oim to active directory using ssl i am getting following error while provisioning user to AD.
15:18:12,984 ERROR [ADCS] Communication Errorsimple bind failed: 172.16.30.35:636
15:18:12,984 ERROR [ADCS] The error occured in tcADUtilLDAPController::connectTo
AvailableAD():simple bind failed: 172.16.30.35:636
15:18:13,015 ERROR [SERVER] Class/Method: tcProperties/tcProperties encounter so
me problems: Must set a query before executing
com.thortech.xl.dataaccess.tcDataSetException: Must set a query before executing
at com.thortech.xl.dataaccess.tcDataSet.checkExecute(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.<init>(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.initialize(Unknown Source)
at Thor.API.tcUtilityFactory.getLocalUtility(Unknown Source)
at Thor.API.tcUtilityFactory.getUtility(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.co
nnectToAvailableNextAD(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.se
archResultPageEnum(Unknown Source)
at com.thortech.xl.schedule.tasks.ADLookupRecon.performReconciliation(Un
known Source)
at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Sour
ce)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionActi
on.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown S
ource)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:520)
can any one help.
Thanks and Regards,
praveen,Are you able to connect to AD over SSL through some LDAP Browser ?
Check the validity of Certificate ?
Does your certificate appear in the list ? -
How to create user in specific user group in Microsoft Active Directory ?
Hi,
I am using Nestcape LDAP, and want to create user in the user defined group. I have created a new user group "TestUsers" in the "Users" container of Active Directory, I want to add the new user to Test Users group But my problem is that whenever I create a new user
it get added to Domain Users group.
Following is the code I am using which adds user to default group Domain Users.
public LDAPResult createUserID(
String userId,
String pwd,
String pId,
boolean resetonLogOn,
LDAPConnection ldCon) {
boolean flag = false;
int code=0;
try {
String pwdLastSetVal;
String desName;
String desc;
/* Specify the DN of the new entry. */
String dn =
"CN=" + userId + ",CN=" + this.container + "," + this.baseDN; // container = "Users"
/* Create and add attributes to the attribute set. */
String objectclass_values[] =
{ "top", "person", "organizationalPerson", "user" };
// LDAPEntry findEntry=null;
/* Create a new attribute set for the entry. */
LDAPAttributeSet attrs = new LDAPAttributeSet();
/* Attribute sAMAccountName */
LDAPAttribute attr = new LDAPAttribute(LDAP_SAM_KEY, userId);
attrs.add(attr);
/* Attribute unicodePwd */ // LDAP_PASSWORD_KEY = "unicodePwd"
attr =
new LDAPAttribute(
LDAP_PASSWORD_KEY,
(byte[]) this.encodePassword(pwd));
attrs.add(attr);
/* Attribute Display Name */
desName = userId + ":" + pId;
//desName = userId ;
attr = new LDAPAttribute(LDAP_DIS_NAME_KEY, desName);
attrs.add(attr);
/** Attribute userAccountControl to enable the userid.
attr = new LDAPAttribute(LDAP_ACCOUNT_KEY, LDAP_ACCOUNT_EN_VAL); // LDAP_ACCOUNT_EN_VAL= "548"
attrs.add(attr);
/* Attribute pwdLastSet to reset the password on first logon*/
if (resetonLogOn == true) {
pwdLastSetVal = "0";
} else {
pwdLastSetVal = "-1";
attr = new LDAPAttribute(LDAP_RESET_KEY, pwdLastSetVal);
attrs.add(attr);
/* Attribute Description */
desc = " Account Created by HelpNow App";
attr = new LDAPAttribute(LDAP_DESC_KEY, desc);
attrs.add(attr);
/* Attribute objectclass */
attr = new LDAPAttribute("objectclass", objectclass_values);
attrs.add(attr);
/* Create an entry with this DN and these attributes . */
LDAPEntry myEntry = new LDAPEntry(dn, attrs);
/* Add the entry to the directory. */
ldCon.add(myEntry);
flag = true;
}catch (LDAPException e) {
flag = false;
code=e.getLDAPResultCode();
}catch (Exception e) {
flag = false;
code=LDAPException.OTHER;
}finally {
ldaprs.flag=flag;
ldaprs.code=code;
return ldaprs;
}Refer to the post titled "JNDI, Active Directory and Group Memberships" available at http://forum.java.sun.com/thread.jspa?threadID=581444&tstart=150
-
How to map active directory and wordpress ?
i want to import my existing wordpress users in Active Directory but status is not changed.
This topic first appeared in the Spiceworks Community1) I want to Import wordpress user in active Directory
2) so,I install one plugin like "Active Directory Integrate".
3) I configure this plugin and import users in Active Directory
4) I want to Enable user in Active directory and importing in Active Direcoty.
help me -
Score Issues between Captivate 4 and 5
Hi Everyone,
We are noticing an issue between Captivate 4 and 5 and we can't seem to figure out what is going on, this issue is with Captivate modules that have no quiz and the completion status is based only on a % of slide views. We publish as SCORM with complete/incomplete and report percent.
With these types of modules created in Captivate 4, the LMS would record a completion and a N/A score. Now, for those created in Captivate 5, the LMS receives a 0% score and the completion. Our end users are really confused as to why they see a 0%. Any ideas on what may be causing this? The LMS is Taleo Learn, formerly Learn.com's LearnCenter.
Any assitance would be greatly appreciated.
Thanks,
ConnorIf you can't download any old versions by logging into your account then clearly these have been discontinued. Your best bet is ask somebody to lend you their CD/DVD which you can copy for your safe keeping.
Old products are always discontinued and that is why you should always buy them on a CD/DVD so that they can installed whenever you have a new system or you have a system crash.
Good luck. -
User roles from external active directory
Hi,
I am using my own active directory and not the embedded LDAP on weblogic.
On weblogic server, there the role names and the Provider configured
at path Home >Summary of Security Realms >myrealm >Users and Groups > Groups tab
The provider is configured at path
Home >Summary of Security Realms >myrealm >Users and Groups >Providers
Under 'Provider specific' tab, I have configured the Host, Port, Principal, Credentials etc.
I want to get these roles for the user who is login to the app.
I tried to follow the steps on http://biemond.blogspot.com/2008/12/using-weblogic-provider-as.html, However, when I run the 'Configure ADF Security' wizard I don't get the 'Identity Store' and 'LDAP Identity Store'.
Can someone please guide me on this with the proper steps and some specific jars if required for this?I don't think these links are useful for me. Here is what I am trying to do. Not sure this is right way to do this. I am really stuck on this and need quick help. Please help.
public boolean isInitiatorRole(String userName) {
System.out.println("++++ Calling isInitiatorRole()");
boolean hasRole = false;
Hashtable factEnv = new Hashtable();
Hashtable storeEnv = new Hashtable();
IdentityStoreFactoryBuilder builder = new IdentityStoreFactoryBuilder();
IdentityStoreFactory adFactory =null;
IdentityStore idStore =null;
System.setProperty("javax.net.ssl.trustStore", "/xxx/local/apps/oracle/SOA/jrmc-3.1.2-1.6.0/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
String storeLocation1 = System.getProperty("javax.net.ssl.trustStore")!=null?System.getProperty("javax.net.ssl.trustStore"):"###";
String storePass1 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"###";
// creating the factory instance
factEnv.put(ADIdentityStoreFactory.ST_SECURITY_PRINCIPAL,"ABCD");
factEnv.put(ADIdentityStoreFactory.ST_SECURITY_CREDENTIALS,"*****");
factEnv.put(ADIdentityStoreFactory.ST_LDAP_URL, "ldap://xxx-xxxx-01.xxx.com:389/");
factEnv.put("java.naming.security.protocol","SSL");
// creating the store instance
storeEnv.put(ADIdentityStoreFactory.ST_SUBSCRIBER_NAME, "CN=itfusion,OU=Service Accounts,OU=Security,DC=adweb,DC=bmc,DC=com");
System.out.println("++ AFTER setting prop storeLocation1:"+ storeLocation1 + " ++ storePass1:"+ storePass1);
try {
System.out.println("++++ TRY LOOP");
// System.out.println("++++ User from context: " +ADFContext.getCurrent().getSecurityContext().getUserRoles());
adFactory = builder.getIdentityStoreFactory("oracle.security.idm.providers.ad.ADIdentityStoreFactory", factEnv);
if(adFactory != null){
System.out.println("++++ adFactory not null");
}else{
System.out.println("++++ adFactory null");
idStore= adFactory.getIdentityStoreInstance(storeEnv);
if(idStore != null){
System.out.println("++++ idStore not null");
}else{
System.out.println("++++ idStore null");
User user;
user = idStore.searchUser(userName);
if(user != null){
System.out.println("++++ User not null");
RoleManager roleManager;
roleManager = idStore.getRoleManager();
SearchResponse resp;
resp = roleManager.getGrantedRoles(user.getPrincipal(), true);
System.out.println("++++ IN WHILE LOOP");
while( resp.hasNext() ) {
System.out.println("++++ IN WHILE LOOP");
Identity id = resp.next();
String roleName = id.getName();
if(roleName != null){
System.out.println("Role Name:" + roleName);
}else{
System.out.println("Role Name is null");
// if( roleName != null && roleName.toUpperCase().indexOf("INITIATOR")>0) {
//// if( roleName != null && roleName.toUpperCase().indexOf("XXXXX")>0) {
// hasRole = true;
// break;
}else{
System.out.println("User is null");
} catch (IMException e) {
log.info("??? Error occured while checking the role for Initiator");
return hasRole;
} -
JNDI, Active Directory and Persistent Searches (part 2)
The original post of this title which was located at http://forum.java.sun.com/thread.jspa?threadID=578342&tstart=200 subsequently disappeared into the ether (as with many other posts).
By request I am reposting the sample code which demonstrates receiving notifications of object changes on the Active Directory.
Further information on both the Active Directory and dirsynch and ldap notification mechanisms can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/overview_of_change_tracking_techniques.asp
* ldapnotify.java
* December 2004
* Sample JNDI application that uses AD LDAP Notification Control.
import java.util.Hashtable;
import java.util.Enumeration;
import javax.naming.*;
import javax.naming.ldap.*;
import com.sun.jndi.ldap.ctl.*;
import javax.naming.directory.*;
class NotifyControl implements Control {
public byte[] getEncodedValue() {
return new byte[] {};
public String getID() {
return "1.2.840.113556.1.4.528";
public boolean isCritical() {
return true;
class ldapnotify {
public static void main(String[] args) {
Hashtable env = new Hashtable();
String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";
String adminPassword = "XXXXXXXX";
String ldapURL = "ldap://mydc.antipodes.com:389";
String searchBase = "DC=antipodes,DC=com";
//For persistent search can only use objectClass=*
String searchFilter = "(objectClass=*)";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
//bind to the domain controller
LdapContext ctx = new InitialLdapContext(env,null);
// Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the attributes to return
String returnedAtts[] = null;
searchCtls.setReturningAttributes(returnedAtts);
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//Specifiy the search time limit, in this case unlimited
searchCtls.setTimeLimit(0);
//Request the LDAP Persistent Search control
Control[] rqstCtls = new Control[]{new NotifyControl()};
ctx.setRequestControls(rqstCtls);
//Now perform the search
NamingEnumeration answer = ctx.search(searchBase,searchFilter,searchCtls);
SearchResult sr;
Attributes attrs;
//Continue waiting for changes....forever
while(true) {
System.out.println("Waiting for changes..., press Ctrl C to exit");
sr = (SearchResult)answer.next();
System.out.println(">>>" + sr.getName());
//Print out the modified attributes
//instanceType and objectGUID are always returned
attrs = sr.getAttributes();
if (attrs != null) {
try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
Attribute attr = (Attribute)ae.next();
System.out.println("Attribute: " + attr.getID());
for (NamingEnumeration e = attr.getAll();e.hasMore();System.out.println(" " + e.next().toString()));
catch (NullPointerException e) {
System.err.println("Problem listing attributes: " + e);
catch (NamingException e) {
System.err.println("LDAP Notifications failure. " + e);
}Hi Steven
How can I detect what change was made ? Is there an attribute that tell us ?
Thanks
MHM -
Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis
We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.Hi,
So you have N7k acting as L3 with servers connected to 4510?.
Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
This will help narrow down if issue is between server to 4510 or 4510 to N7k.
Thanks,
Nagendra -
Relation between activity , opportunity and lead
Hello
Could you please tell me relationship between activity, opportunity and lead?
How I can create opportunity based on activity? I didnt find where its possible
ThanksActivities are different from opportunity & lead. Opportunity & lead are two different stages of sales cycle. While activity is the medium through which any kind of customer interaction happenes.
Functionally, lead is start of prospecting. For example, a call center executive take a list of customers & call them up. She asks them if customer might be interested in the product. Out of 10 calls, 6 might say yes. So, these 6 leads are created in the system. Corresponding to these leads, call center executive can create 6 activities where she can assign 3 sales executives (2 leads each) these activities so that they can visit two customers each in a day.
Now a sales exec goes to these 6 customers & finds that 2 will definitely not buy. But 4 might buy. So, 4 corresponding opportunities can be created in the system.
Correspongind activities can be creatd where sales exec will again visit customer & try to initiate a sales cycle (quotation, negotiation, confirm order, deliver, billing).
To create opportunity based on activity: Go to any activity. You should find a button to create "A followup transaction". Using this button you can create any type of sales document, including opportunity.
Hope this helps.
Regards,
Kaushal
Maybe you are looking for
-
hello, I run windows 7 home premium edition x64 on my machine HP Pavilion dv6-6b20ee ... when I try to install Apple 's iTunes this error always popup and refuse to complete the installation... I had several times to contact crosoft Team and Apple Te
-
/System/Library/Extensions/USBAtTable.kext installation error (Xcode)
While installing Xcode 3.2 and iPhone SDK 3.1 for Mac OS X 10.6 Snow Leopard, the following error message is shown "/System/Library/Extensions/USBAtTable.kext installation error". Could anyone help. Regards, MKS
-
Error fetching network with same SSID, different floors
Dear, I would like help from you, because I have a problem and I can not detect. I have six devices installed in the WAP model 4410N on two different floors, and a third on each floor. Both are with the same SSID, but when I'm walking him on a quest
-
You should look at the TreeSelectionListener class. public class MyFrame extends JFrame implements TreeSelectionListner { JTree tree = ...; public MyFrame() { super(); tree.addTreeSelectionListener(this); public void valueChanged(TreeSelectionEvent e
-
I purchase happy feet one and two bundled. For some reason I only can watch happy feet one. When I try to watch happy feet two. A message comes up COULD NOT LOAD.