Using a User Store different from LDAP to identify users

Similar Messages

• Do i have to use cloud to store stuff from my iphone

  do i have to use icloud to store my iphone stuff or can i just store it to itunes on my windows computer

  Hi Ourmother,
  Please try the below link to purchase the standalone CS6 Photoshop.
  http://www.adobe.com/ca/products/catalog/cs6._sl_id-contentfilter_sl_catalog_sl_software_s l_creativesuite6.html?promoid=KFTMT
  Thanks

• Can I use iCloud to store photos from iPhone and Mac?

  I would like to use iCloud like Dropbox. I have photos that were taken on my iphone and photos that are loaded on my Mac from a camera that I would like to store in the Cloud. I would also like others be able to download their photos of this event to the same Icloud account. Is that possible?.

  The only way you can store photos in iCloud indefinitely is if you add them to a shared stream.  However, when you do this, the photo will be at a lower resolution than the originals.
  My photo stream photos only remain in iCloud for 30 days, allowing enough time for all your devices to receive them.  The only other photos in iCloud are camera roll photos stored in your backup.  However, you can't see anything in the backup unless you restore it to your device.  Also, if you delete the photos from your device and continue to back it up, the backup that contains the deleted photos will be overwritten by one that doesn't, and they wil be lost.

• Using additional userprofile attributes from LDAP

  Hi,
  my users are inside an OpenDS LDAP-Server connected to SSGD 4.41 - all works fine.
  I would like to store some additional SGD attributes like
  UserProfile.Multiple = yes/no
  (Multiple: Whether someone may log in using this user profile and whether this user profile will be shared by multiple users in the form of a "guest" account.)
  also inside the LDAP (extending my own LDAP-schema).
  Question: How can i tell SSGD to use this attribute UserProfile.Multiple from LDAP instead of looking into the
  local repository ?
  regards
  Danny

  Hi Danny,
  I don't think you can do this, as user profile data is never read from the LDAP directory. LDAP users always have to be mapped to a local profile (from the SGD datastore), meaning that any attributes on the user object from the LDAP directory wouldn't be considered when evaluating a user's profile.
  Does anyone else have a take on this?
  -- DD

• Can i use app store card from France to buy a game in US store application

  can I use mac app store card from France (Europe ) to buy a game from US app store..my account is register from US.

  No.   The country and the App store are totally related.   If that App is not in the French store then you must wait until it is.

• HT3702 My Master card card was rejected in the US store, it was issued in Jordan from Jordan Ahli Bank! However, it is accepted in the Jordanian store, any reason why? and what should i do to get to use the US store for future purchases?

  My Master card card was rejected in the US store, it was issued in Jordan from Jordan Ahli Bank! However, it is accepted in the Jordanian store, any reason why? and what should i do to get to use the US store for future purchases?

  Because they are the terms of use of the stores - terms from the US store :
  The iTunes Service is available to you only in the United States, its territories, and possessions. You agree not to use or attempt to use the iTunes Service from outside these locations. Apple may use technologies to verify your compliance.
  And similar terms apply to all other country's iTunes stores. Part of the reason is licensing (Apple can only sell content where the providers have granted them licenses to sell it), amd part might be due country's laws (some country's have restrictions as to what can be sold within their country). If there is content that you want that is not currently in the Jordanian store then you can try requesting that it be added (but the content providers might not let Apple sell it there) : http://www.apple.com/feedback/itunes.html

• How i get user info from ldap using java after authenticating user with SSO

  Hi
  I have one jsp/bean application as a partner application with SSO.
  It works fine.
  Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
  using SSO java APIs i only get username, userDN, subscriber info.
  To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
  so here i my question, how do i get user password after he has logged in thro SSO.
  regards..
  and thanking u in advance
  samir

  Valentina,
  there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• I am sonu v s from india...i am a apple id user...now i have a problem regarding this apple ID...i forget my apple ID security Qn...so i can't access and purchase any apps by using my apple ID..4 tms i frwd my reqst using itune apps store bt no solutn

  I am sonu v s from india...i am a apple id user...now i have a problem regarding this apple ID...i forget my apple ID security question...so i can't access and purchase any apps by using my apple ID..4 times i frwd my reqst using itune apps store but i can't get any solution....many times i my try to call u bt there is no response from ur custmr support group...pls kindly give me any solution

  Contact the App store for Apple ID help. Their support link is on the right of the App store window
  LN

• Can I use two different apple IDs on my iPad, one from the US and one from France? I have tried creating different logins but I received a notice that said if I used the french store that I would not be able to login into my other account for 90 days??

  I am trying to use both a french and US account so that I can utilize different apps from each store.  Is this possible, and if so am I able to go back and forth by loging in and out?

  You must be within the Country with a Valid Billing Address and Credit Card for that Country to use the iTunes Store of that Country...

• Use emails and adress book from a different user

  I bought a new Imac and start using it.
  Then when I tryed to restore the back up that I have on my other macbook, that I did on Time Machine, it went to a different user.
  Now I have 2 users.
  There are 2 apps that I can not use with me new user (Things and Email-direct) and can not acess mail and adress book from the other.
  I have already install everything on my new account. What should I do to use the email and adress from my different user account?

  No problem except for a minor nuisance when it's time to update the apps.  Depending on how you do it, you might need to log out and back in again but, in any case, you must have both passwords.
  The iTunes library can hold purchases made with multiple Apple IDs as can the iPod.

• HT5616 How can I use my apple ID to buy from different app stores (different countries)?

  How can I use my apple ID to buy from different app stores (different countries)?

  You can only use a country's store if you are in that country and have a billing address in that country on your account - are you in the country that you want to buy content from ? If you are then you can update the billing address on your account to be your address there (if using a credit card then that will need to have been issued by a bank in that country) via the Store > View Account menu option on your computer's iTunes.

• Using users and groups from LDAP in ADF application

  Hi there,
  I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
  I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
  Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
  But I can't find proper/up-to-date info about how to do this.
  I tried 2 major things:
  1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
  Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
  2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
  Any help or documentation that could help me?

  Since we aren't using EM I had to find an other way. And I found it.
  In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
  Thanks for the help.

• Using two User Stores for one relying party trust

  Hi all,
  We got a request to implement a trust with an external party. 
  Internal users should be able to make use of that application. But also external users, which have their account stored in a different user store (question is asked if its a SQL or LDAP kind of store).
  Is it possible to have a SSO effect for both internal and external users? 
  Somehow ADFS has to know if the user is internal or external. I can imagine an internal user being in the office will get a nice SSO feeling. From what i think this is not possible for external users. External users should still authenticate once on our sts
  (adfs). Lets say this is true, is it possible for ADFS to see if a user is external, and then use the User Store that belongs to that external user?
  You also must take in mind that an internal user could also be in a internet cafe, so SSO is not possible. Also this time the user should authenticate to the sts. But this time it has to use Active Directory as User Store.
  I know internal users have a username in a different format then external users. 
  Is it possible for ADFS to know which User Store to pick based on the format of the username?
  Thanks in advance for the reaction.

  Hi,
  Thank you for your posting!
  Since Active Directory Federation Service is not an extension of Active Directory schema, I suggest you refer to the following forum to get professional support:
  Claims based access platform (CBA), code-named Geneva Forum
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  Thank you for your understanding and support.
  Best Regards,
  Amy Wang

• Retrieve parameters from LDAP using authentication module

  I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
  I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
  OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
  This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
  The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
  If the forwarding is not possible what is the next best alternative ?

  OpenSSO forum is quite silent so I'm back with you guys.
  I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
  The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
  My LDAP looks like this:
  # testuser, pollo.fi
  dn: cn=testuser,dc=pollo,dc=fi
  cn: testuser
  objectClass: organizationalPerson
  objectClass: inetOrgPerson
  givenName: Test
  sn: User
  ou: People
  uid: testuser
  mail: [email protected]
  And my datastore configuration:
  LDAP server->localhost:389
  LDAP bind DN->cn=admin,dc=pollo,dc=fi
  LDAP organization DN->dc=pollo,dc=fi
  Attribute name mapping->empty
  LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
  LDAP3 Plugin search scope->scope_sub
  LDAP Users Search Attribute->uid
  LDAP Users Search Filter->(objectclass=inetorgperson)
  LDAP User Object Class->organizationalPerson
  LDAP User Attributes->uid, userpassword
  Create User Attribute Mapping->empty
  Attribute Name of User Status->inetuserstatus
  User Status Active Value->Active
  User Status Inactive Value->inactive
  LDAP Groups Search Attribute->cn
  LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
  LDAP Groups container Naming Attribute->ou
  LDAP Groups Container Value->groups
  LDAP Groups Object Class->top
  LDAP Groups Attributes->cn,description,dn,objectclass
  Attribute Name for Group Membership->empty
  Attribute Name of Unqiue Member->uniqueMember
  Attribute Name of Group Member URL->memberUrl
  LDAP People Container Naming Attribute->ou
  LDAP People Container Value->people
  LDAP Agents Search Attribute->uid
  LDAP Agents Container Naming Attribute->ou
  LDAP Agents Container Value->agents
  LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
  LDAP Agents Object Class->sunIdentityServerDevice,top
  LDAP Agents Attributes->empty
  Identity Types That Can Be Authenticated->Agent,User
  Authentication Naming Attribute->uid
  Persistent Search Base DN->dc=pollo,dc=fi
  Persistent Search Filter->(objectclass=*)
  Persistent Search Maximum Idle Time Before Restart->0
  Should I enable some setting still to get the forwarding going on? Any ideas for debugging?

• GRC 5.3 CUP SP16 - User info not loading from LDAP into CUP

  Hello,
  We have multiple LDAPS that we needed to connect to our CUP system to authenticate the userids before a request can be created for them. And also to bring in Manager ID and manager email from LDAP as the first level approver for requests.
  My client hasn't maintained the actual LDAP userids, Manager and manager email fields correctly, so we utlized three other custom fields in LDAP and then did field mapping in CUP for those fields. But even when the connection to all the LDAPs is successful, there's no user information being pulled in from LDAP into CUP.  I noticed that when I use our backend SAP QA system as 'User Data Source' while using multiple LDAPS for 'User Detail Source Data' , it only reads data from SAP QA system SU01 area and even when I'm trying to create requests, no Manager info is being pulled from LDAPS for that user id. 
  SAP does not allow the use of multiple LDAPS for the configuration-->User Data Source , top option.  So, if a client has userids in multiple systems, it can only read from one data source.  But even when I temporarily assigned one active directory LDAP to the 'user data source' option, it stated, no records found. So, something is up that no data is being pulled from LDAPs even when the connection to those systems is successful. I just asked our AD guy to temporarily assign domain admin rights to that LDAP connection ID to see if it's access issue, and still I am not getting any LDAP data to read into GRC CUP.
  Anyone else has had this issue? Is there especial access that the LDAP connection id needs access in LDAP to be able to retreive data into GRC? Is there any jobs that need to be run to read LDAP data. I thought it should be live as the system is connected to LDAPs. I don't understand if the connection is successful, why the user info is not being pulled from there and even after the LDAP custom field mapping is done, those field values are not showing up on requests.
  We need the following to happen:
  1). Authenticate the custom userid field in LDAPs to ensure this user exist as an employee b4 request can be created for the user. For this I have configured the multiple LDAPS for the 'Authentication'. But it doesn't seem to confirm that option when creating a request for a user.
  2). The user details info source should bring in the custom manager id and manager email into the request to send the first level of approval via workflow to that manager. Since SAP doesn't give the option to define approvers per user group values in CUP, we had to actually map all the User Owner approvers this way since their direct managers are not aware of  what to request as the User owner approvers per user group are.  So, we added custom fields for Manager id and Manager EMail into LDAP to be ready automatically into the request when reading user id while creating request.
  I will greatly appreciate anyone's help on how they got the LDAP field values to be read into GRC CUP for request processing and what type of encripted access can a LDAP connection id have without assigning it complete domain admin rights on an open port 389 for LDAP and GRC CUP connection.
  Thanks and Regards,
  Alley

  Hi Alley,
  1). Authenticate the custom userid field in LDAPs to ensure this user exist as an employee b4 request can be created for the user. For this I have configured the multiple LDAPS for the 'Authentication'. But it doesn't seem to confirm that option when creating a request for a user.
  This is not possible. You can have only 1 LDAP. Why you want to authenticate the user in different sources?? CUP looks at only one user source, not many. The below wiki explains you the configuration part:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b089fb71-a3b7-2a10-64a2-8c77243b0664
  2). The user details info source should bring in the custom manager id and manager email into the request to send the first level of approval via workflow to that manager. Since SAP doesn't give the option to define approvers per user group values in CUP, we had to actually map all the User Owner approvers this way since their direct managers are not aware of what to request as the User owner approvers per user group are. So, we added custom fields for Manager id and Manager EMail into LDAP to be ready automatically into the request when reading user id while creating request.
  Based on user group is not possible. However, if you wish to maintain the Manager's Field, ensure that the CUP mapping is done correctly from the Configuration, Field Mapping, LDAP Mapping.
  While defining the workflow, take the approver determinator as Manager. This will route the request to the users manager. Also, ensure that LDAP is the source in all the confiuration areas in CUP.
  Check note 1228996 for more information.
  Hope this helps!!
  Regards,
  Raghu