Using additional userprofile attributes from LDAP
Hi,
my users are inside an OpenDS LDAP-Server connected to SSGD 4.41 - all works fine.
I would like to store some additional SGD attributes like
UserProfile.Multiple = yes/no
(Multiple: Whether someone may log in using this user profile and whether this user profile will be shared by multiple users in the form of a "guest" account.)
also inside the LDAP (extending my own LDAP-schema).
Question: How can i tell SSGD to use this attribute UserProfile.Multiple from LDAP instead of looking into the
local repository ?
regards
Danny
Hi Danny,
I don't think you can do this, as user profile data is never read from the LDAP directory. LDAP users always have to be mapped to a local profile (from the SGD datastore), meaning that any attributes on the user object from the LDAP directory wouldn't be considered when evaluating a user's profile.
Does anyone else have a take on this?
-- DD
Similar Messages
-
Need help in retrieving attributes from LDAP using JNDI
I am trying to retrieve attributes from LDAP using JNDI, but I'm getting the following error when I try to run my Java program.
Exception in thread "main" java.lang.NoClassDefFoundError: javax/naming/NamingException
I have all the jar files in my classpath: j2ee.jar, fscontext.jar and providerutil.jar. The interesting thing is that it gets compiled just fine but gives an error at run-time.
Could anyone tell me why I'm getting this error? Thanks!
Here's my code:
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
import java.io.*;
class Getattr {
public static void main(String[] args) {
// Identify service provider to use
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// user info
String userName = "username";
String password = "password";
// LDAP server specific information
String host = "ldaphostname";
String port = "portnumber";
String basedn = "o=organization,c=country";
String userdn = "cn=" + userName + "," + basedn;
env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port + "/" + basedn);
env.put(Context.SECURITY_PRINCIPAL, userdn);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
System.setErr(new PrintStream(new FileOutputStream(new File("data.txt"))));
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of the object
Attributes attrs = ctx.getAttributes("cn=" + userName);
NamingEnumeration ne = attrs.getAll();
while(ne.hasMore()){
Attribute attr = (Attribute) ne.next();
if(attr.size() > 1){
for(Enumeration e = attr.getAll(); e.hasMoreElements() ;) {
System.err.println(attr.getID() + ": " + e.nextElement());
} else {
System.err.println(attr.getID() + ": " + attr.get());
// Close the context when we're done
ctx.close();
} catch(javax.naming.NamingException ne) {
System.err.println("Naming Exception: " + ne);
} catch(IOException ioe) {
System.err.println("IO Exception: " + ioe);That doesn't work either. It seems its not finding the NamingException class in any of the jar files. I don't know why? Any clues?
-
Unable to Retrieve Attributes from LDAP Server
I have a problem. I was wondering if anyone can assist me. I am new to LDAP servers and JNDI. I cannot retrieve any attributes from the users listed in my data entry. Any assistance would be greatly appreciated! Thanks.
I created an entry in the LDAP server that looks like this:
�o=somedn�
|
�ou=people, o=somedn�
The �ou=people, o=somedn� entry contains fictitious users. The LDAP server is connected to a MySQL database. When I write Java code to read the attributes of a given user whose fullname (cn) is �Vinny Luigi�, as listed in the database, I receive an error that starts with the following:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=Vinny Luigi,ou=people'
The code I used is based on the Sun JNDI tutorial. Sun�s code is at http://java.sun.com/products/jndi/tutorial/basics/directory/src/GetattrsAll.java. My version of the code is below:
* @(#)GetattrsAll.java 1.5 00/04/28
* Copyright 1997, 1998, 1999 Sun Microsystems, Inc. All Rights
* Reserved.
* Sun grants you ("Licensee") a non-exclusive, royalty free,
* license to use, modify and redistribute this software in source and
* binary code form, provided that i) this copyright notice and license
* appear on all copies of the software; and ii) Licensee does not
* utilize the software in a manner which is disparaging to Sun.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
* HEREBY EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE
* FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING,
* MODIFYING OR DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN
* NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
* REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL,
* CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT
* OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS
* BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* This software is not designed or intended for use in on-line
* control of aircraft, air traffic, aircraft navigation or aircraft
* communications; or in the design, construction, operation or
* maintenance of any nuclear facility. Licensee represents and warrants
* that it will not use or redistribute the Software for such purposes.
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
* Demonstrates how to retrieve all attributes of a named object.
* usage: java GetattrsAll
class GetattrsAll
static void printAttrs(Attributes attrs)
if (attrs == null)
System.out.println("No attributes");
else
/* Print each attribute */
try
for (NamingEnumeration ae = attrs.getAll(); ae.hasMore();)
Attribute attr = (Attribute) ae.next();
System.out.println("attribute: " + attr.getID());
/* print each value */
for (NamingEnumeration e = attr.getAll(); e.hasMore(); System.out.println("value: " + e.next()) )
} catch (NamingException e) {
e.printStackTrace();
public static void main(String[] args) {
// Set up the environment for creating the initial context
Hashtable env = new Hashtable(100);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:10389/o=somedn");
try {
// Create the initial context
DirContext ctx = new InitialDirContext(env);
// Get all the attributes of named object
System.out.println("About to use ctx.getAttributes()");
Attributes answer = ctx.getAttributes("cn=Vinny Luigi,ou=people");
// Print the answer
printAttrs(answer);
// Close the context when we're done
ctx.close();
} catch (Exception e) {
e.printStackTrace();
The primary key of the database is id_pk. Below is a copy of the mapping.xml file which maps the LDAP server entry to the database:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapping PUBLIC "-//Penrose/DTD Mapping 1.2//EN" "http://penrose.safehaus.org/dtd/mapping.dtd">
<mapping>
<entry dn="o=somedn">
<oc>organization</oc>
<oc>top</oc>
<at name="o" rdn="true">
<constant>somedn</constant>
</at>
<aci>
<permission>rs</permission>
</aci>
</entry>
<entry dn="ou=people,o=somedn">
<oc>inetOrgPerson</oc>
<oc>organizationalPerson</oc>
<oc>organizationalUnit</oc>
<oc>person</oc>
<oc>top</oc>
<at name="cn">
<constant>"fullname"</constant>
</at>
<at name="ou" rdn="true">
<constant>people</constant>
</at>
<at name="sn">
<constant>"lastname"</constant>
</at>
</entry>
<entry dn="id_pk=...,ou=people,o=somedn">
<oc>inetOrgPerson</oc>
<oc>organizationalPerson</oc>
<oc>person</oc>
<oc>top</oc>
<at name="Position_">
<variable>usertable9.Position_</variable>
</at>
<at name="id_pk" rdn="true">
<variable>usertable9.id_pk</variable>
</at>
<at name="fullname">
<variable>usertable9.fullname</variable>
</at>
<at name="lastname">
<variable>usertable9.lastname</variable>
</at>
<at name="cn">
<variable>usertable9.fullname</variable>
</at>
<at name="sn">
<variable>usertable9.lastname</variable>
</at>
<source name="usertable9">
<source-name>usertable9</source-name>
<field name="Position_">
<variable>Position_</variable>
</field>
<field name="id_pk">
<variable>id_pk</variable>
</field>
<field name="fullname">
<variable>cn</variable>
</field>
<field name="lastname">
<variable>sn</variable>
</field>
</source>
</entry>
</mapping>
Thanks.The complete name (Distinguished Name) of the user you're searching is 'cn=Vinny Luigi,ou=people,o=somedn'.
Regards,
Ludovic. -
Using UME to read binary attribute from LDAP (objectSID)
Hi,
I am trying to read the ObjectSID of an LDAP user (from MS Active directory) from an IUser object. This attribute is binary retrieved from the LDAP and if I defined a normal extra attribute in the datasourceconfiguration file and retrieve it as a String the value is wrong.
So my question is how can I define this as a binary attribute?
From the file C:\usr\sap\EWD\JC00\j2ee\configtool\dataSourceConfiguration.dtd you get the specification of the xml format for the datasourceconfiguration.
The Attribute element has the following specification:
<!ATTLIST attribute name CDATA #REQUIRED populateInitially (true|false) #IMPLIED
readonly (true|false) #IMPLIED
type (string|blob) #IMPLIED
cacheTime CDATA #IMPLIED>
Since you have type here, I tried setting it to blob under the user object as such:
For user:
<attribute name="guid" type="blob" populateInitially="true"/>
For attribute mapping:
<attribute name="guid">
<physicalAttribute name="objectSid"/> </attribute>
However, I still get the following error when calling
iuser.getBinaryAttribute(UME_NAMESPACE,UME_GUID_NAME ):
Caused by: com.sap.security.api.UMRuntimeException: String attribute "com.sap.security.core.usermanagement"-->"guid" must be read using IPrincipal.getAttribute(com.sap.security.core.usermanagement,guid)
at com.sap.security.core.imp.AbstractPrincipal.getBinaryAttribute(AbstractPrincipal.java:300)
at com.sap.security.core.imp.UserWrapper.getBinaryAttribute(UserWrapper.java:261)
at com.bouvet.portal.login.UserIntegrityLoginModule.getStatoilUser(UserIntegrityLoginModule.java:430)
at com.bouvet.portal.login.UserIntegrityLoginModule.login(UserIntegrityLoginModule.java:255)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
... 41 more
This error indicates that the attributes is a string and not a binary attribute.
Anyone?Create OSS and initial message is that this is not supported eventhough some of the configuration files point that direction. It's really easy to implement so maybe if I am lucky I'll get a hotfix.
Dagfinn
btw the field was objectGUID not objectSID -
Dynamic Attributes from LDAP Authentication
Is it possible to have attributes pulled directly from an LDAP V3 Directory and made available as HTTP Headers instead of from the Data Store? Reason I ask is that I have an existing 2 Million end users in an eDirectory that I can not make a schema change to accomodate a Data Store so i have Sun DS for Config. So I have created a new LDAP Auth Module anc have that working with eDirectory, however AM wants a profile. If I choose to "ignore" it in the Core Authentication module I can authenticate but get an Error 500 if I try to fetch attributes.
The current workaround I have is to Dynamically create profile and define all the attributes I want copied in the new profile. Problem is this information is static. it never gets updated by AM id the eDirectory is updated. The only option is to delete the user profile.
Is there a way around this? Would this entail a custom Response Provider that obtains attributes directly from the eDirectory? Would I still need a profile if I have a custom response provider?
Thanks in advanceI don't believe you have to add any attributes to a directory server's schema in order to use it as an LDAPv3 data store. This config works fine for me:
<!DOCTYPE Requests
PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN" "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>
<Requests>
<ServiceConfigurationRequests serviceName="sunIdentityRepositoryService" realm="/MyRealm">
<AddSubConfiguration serviceName="sunIdentityRepositoryService" subConfigId="LDAPv3" priority="0" subConfigName="ALDAPv3DataStore"/>
</ServiceConfigurationRequests>
<ServiceConfigurationRequests serviceName="sunIdentityRepositoryService" realm="/MyRealm">
<ModifySubConfiguration serviceName="sunIdentityRepositoryService" subConfigName="ALDAPv3DataStore">
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-ldap-server"/>
<Value>someserver.com:389</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-connection_pool_min_size"/>
<Value>20</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-connection_pool_max_size"/>
<Value>90</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-organization_name"/>
<Value>dc=someserver,dc=com</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-authid"/>
<Value>uid=someuser,ou=people,dc=someserver,dc=com</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-authpw"/>
<Value>somepassword</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-users-search-attribute"/>
<Value>uid</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name=""sun-idrepo-ldapv3-config-users-search-filter"/>
<Value>(objectclass=inetorgperson)</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sunIdRepoSupportedOperations"/>
<!-- set according to LDAPv3Repo loadSupportedOps() -->
<Value>user=read,service</Value>
<!-- need this so we can assign services to the subrealm -->
<Value>realm=read,service</Value>
<Value>role=read</Value>
<Value>filteredrole=read</Value>
<Value>group=read</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-user-objectclass"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-user-attributes"/>
<Value>cn</Value>
<Value>entrydn</Value>
<Value>entryid</Value>
<Value>somecustomuserstatusattr</Value>
<Value>objectclass</Value>
<Value>sn</Value>
<Value>givenname</Value>
<Value>uid</Value>
<Value>userpassword</Value>
<Value>mail</Value>
<Value>telephonenumber</Value>
<Value>manager</Value>
<Value>somecustomattr</Value>
<Value>somecustomattr2</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-people-container-name"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-people-container-value"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-search-attribute"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-container-name"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-container-value"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-search-filter"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-objectclass"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-agent-attributes"/>
<Value/>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-isactive"/>
<Value>somecustomuserstatusattr</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-psearchbase"/>
<Value>dc=someserver,dc=com</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-cache-enabled"/>
<Value>false</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="sun-idrepo-ldapv3-config-errorcodes"/>
<Value>80</Value>
<Value>81</Value>
<Value>91</Value>
<Value>85</Value>
</AttributeValuePair>
</ModifySubConfiguration>
</ServiceConfigurationRequests>
</Requests>
{code}
Note that sun-idrepo-ldapv3-config-user-attributes is configurable and you can add/remove attributes your are interested in. Also I don't know if eDirectory supports persistent searches so you might need to leave that value blank -
How to retrieve null-valued attributes from LDAP server.
I am using JNDI api to do search operations on a Java Directory Server( part of SunOne).
However, I found all the attributes that do not have values are automatically filtered out from the search result.
NamingEnumeration answer = ctx.search(ctxName, filterExpr, cons);
while(answer.hasMore()){
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
for(NamingEnumeration ne = attrs.getIDs();ne.hasMore();){
System.out.println("ids:"+ne.next());
System.out.println("-------------------------------------------------------");
for (NamingEnumeration ae = sr.getAttributes().getAll(); ae.hasMore();) {
Attribute attr = (Attribute)ae.next();
System.out.println("attrName:"+attr.getID());
//System.out.println("attribute: " + attr.getID());
NamingEnumeration e = attr.getAll();
while(e.hasMore()){
System.out.println(" attrVal:"+e.next());
}Is there anything I did wrong here?
Here are a couple of things I noticed,
1. in a Softerra LDAP browser, those no-valued attributes are not present either. But in JXplorer, I can see the full list that includes the attributes that do not have a value.
2. I had Schema disabled in the server console.
Thank you in advance.There are only two ways to read data from Directory Server:
1. a. just fetch the entry
b. display the content
2. a. fetch the entry
b. parse the entry and figure what object classes it is of
c. lookup each object class definition in the schema and retrieve the attribute list
d. combine the attributes of the entry with all the "possible" attributes of its object classe(s)
e. display the content
Here's for an easy example we can relate to:
I have the following entry in my DS
cn=the_duuuuuude,dc=forum,dc=sun,dc=com
objectClass: person
cn: the_duuuuuude
sn: arnaudIf you use method 1, you will get just what is stored in the db. That is:
cn=the_duuuuuude,dc=forum,dc=sun,dc=com
objectClass: person
cn: the_duuuuuude
sn: arnaudif you use method 2, you will get:
cn=the_duuuuuude,dc=forum,dc=sun,dc=com
objectClass: person
cn: the_duuuuuude
sn: arnaud
description:
seeAlso:
telephoneNumber:
userPassword:because when you looked up the 'person' object class you got this:
objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' )Now the important thing to note is that physically in the database, the attributes description, seeAlso, telephoneNumber and userPassword are NOT stored. It's not that they have a 'null' value. They're just not there. It doesn't stop you from looking up the schema.
Optimally, in your client, you would fetch the whole server schema and cache it so you have to do the extra round trip for every entry you process.
The difference you observe with various LDAP browsers might simply be that one uses method 1 and the other method 2.
Hope this helps wrap your mind around this.
-=arnaud=- -
How to get user attributes from LDAP authenticator
I am using an LDAP authenticator and identity asserter to get user / group information.
I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
Any help would be appreciatedHi Julián,
in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
Beginner
Medium
Advanced
Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
Hope it helps
Detlev -
How can I get the people's attribute from LDAP?
The LDAP Server is Netscape Directory Server 4.1.
I have been trying to connect to my LDAP server from WLS, but when I try to get an Attributes , I get a "No attributes".
The source code is following:
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.0.1.253:389/o=rl.com");
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of object
Attributes attrs = ctx.getAttributes("uid=joe,ou=People");
// Find the surname ("sn") and print it out
System.out.println("sn: " + attrs);
dn: uid=joe,ou=People, o=rl.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe Ken
uid: joe
givenName: Joe
sn: KenWhen you initialize the context, you must have read priviledges.
I have resolve it.
Cui Qiang <[email protected]> wrote in message
news:39fe94ac$[email protected]..
>
The LDAP Server is Netscape Directory Server 4.1.
I have been trying to connect to my LDAP server from WLS, but when I tryto get an Attributes , I get a "No attributes".
The source code is following:
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.0.1.253:389/o=rl.com");
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of object
Attributes attrs = ctx.getAttributes("uid=joe,ou=People");
// Find the surname ("sn") and print it out
System.out.println("sn: " + attrs);
dn: uid=joe,ou=People, o=rl.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe Ken
uid: joe
givenName: Joe
sn: Ken -
Using users and groups from LDAP in ADF application
Hi there,
I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
But I can't find proper/up-to-date info about how to do this.
I tried 2 major things:
1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
Any help or documentation that could help me?Since we aren't using EM I had to find an other way. And I found it.
In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
Thanks for the help. -
Accessing custom attributes in LDAP using WD Java - UME APIs
Hello Friends,
I am trying to access a custom attribute from LDAP in WebDynpro Java. I am using bellow code.
IWDClientUser clientUser = WDClientUser.getCurrentUser();
IUser sapUser = clientUser.getSAPUser();
if (sapUser != null) {
String[] str_emp = sapUser.getAttribute(<Name Space>,"Attribute Name");
if (str_emp == null || str_emp.length == 0) {
wdComponentAPI.getMessageManager().reportSuccess(" NULL ");
return;
} else {
strEmpID = str_emp[0];
wdComponentAPI.getMessageManager().reportSuccess(strEmpID);
The name space is "$usermapping$". I am not sure why it is like that only for this attribute i am trying to access.
I am getting null value if i run this code.
Can any one help
thanks
ShobhanHi,
Are you sure this is the right namespace? The default namespace is com.sap.security.core.usermanagement.
You can get all namespaces and the names of all attributes defined for a user using methods getAttributeNamespaces and getAttributeNames : [Interface IPrincipal|http://help.sap.com/javadocs/NW04S/current/se/index.html].
Regards,
Pierre -
Presence the phone and mobile field entries not coming from LDAP
I tested by changing name and all...working fine changes happening
But the phone field is not coming at all
ANY IDEA????I'm sorry if I misunderstood you. But it looks like there's some confusion here.
Confusions and mistakes are usually caused by false assumptions.
CUPC gets LDAP attributes from LDAP directly. CUPC does not retrieve those attributes from CUPS.
If you're troubleshooting double-click on CUPC, the CUPS presence viewer doesn't help at all.
When you double-click a contact in CUPC, CUPC dials the number in "BusinessPhoneNumber". By default "BusinessPhoneNumber" is mapped to "telephoneNumber" in Active Directory.
If you cannot double-click a contact to dial, that's because "BusinessPhoneNumber" was blank.
Michael
http://htluo.blogspot.com -
SPNego login using additional attribute in LDAP
Hello experts,
We have a situation here to implement SPNego login for portal.
We have integrated LDAP with portal and the j_user is mapped to an additional parameter (for ex, employee number) to enable the user to use this as a login-id instead of the default user-id.
Say if the user is logged in with user-id : XYZ and for portal we are picking up the additional parameter (ex ,. ABC) from LDAP for login.
But SPNego takes only the default user-id (XYZ) from windows. Can we cusomize SPNego to pick up additional attribute (ABC) to authenticate portal?
Regards,
Nirmal Sivakumar G
Edited by: Nirmal G on Feb 3, 2009 12:47 PMHi,
pls. check steps provided in documentation:
http://help.sap.com/saphelp_nwce711/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
Best regards,
Johannes -
How i get user info from ldap using java after authenticating user with SSO
Hi
I have one jsp/bean application as a partner application with SSO.
It works fine.
Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
using SSO java APIs i only get username, userDN, subscriber info.
To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
so here i my question, how do i get user password after he has logged in thro SSO.
regards..
and thanking u in advance
samirValentina,
there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
--Olaf -
Getting User Attributes from an Active Directory LDAP
Hello all.
I want to extract attributes assigned to a user in the Active Directory LDAP and make them available through the getPropertyValue property in Javascript. I know that a user's System Attributes can be accessed with getPropertyValue but I have not found a way to get specific attributes from the LDAP and make them available as specific attributes in xMII. System attributes like "EmailAddress1" seem to transfer from the LDAP but others don't. Anyone have any ideas?
Thanks.
...SparksSparks,
If you're using 11.5 or 12 actually they should all map into the system as session properties. You can use the following URL to verify your session properties:
http://<xMIIServer>/Lighthammer/PropertyAccessServlet?Mode=List
If you are not seeing the attributes you expect then your Attribute Query for User or Role is incorrect for your LDAP system and you need to change the LDAP configuration queries.
-Sam -
Retrieve parameters from LDAP using authentication module
I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
If the forwarding is not possible what is the next best alternative ?OpenSSO forum is quite silent so I'm back with you guys.
I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
My LDAP looks like this:
# testuser, pollo.fi
dn: cn=testuser,dc=pollo,dc=fi
cn: testuser
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Test
sn: User
ou: People
uid: testuser
mail: [email protected]
And my datastore configuration:
LDAP server->localhost:389
LDAP bind DN->cn=admin,dc=pollo,dc=fi
LDAP organization DN->dc=pollo,dc=fi
Attribute name mapping->empty
LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
LDAP3 Plugin search scope->scope_sub
LDAP Users Search Attribute->uid
LDAP Users Search Filter->(objectclass=inetorgperson)
LDAP User Object Class->organizationalPerson
LDAP User Attributes->uid, userpassword
Create User Attribute Mapping->empty
Attribute Name of User Status->inetuserstatus
User Status Active Value->Active
User Status Inactive Value->inactive
LDAP Groups Search Attribute->cn
LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
LDAP Groups container Naming Attribute->ou
LDAP Groups Container Value->groups
LDAP Groups Object Class->top
LDAP Groups Attributes->cn,description,dn,objectclass
Attribute Name for Group Membership->empty
Attribute Name of Unqiue Member->uniqueMember
Attribute Name of Group Member URL->memberUrl
LDAP People Container Naming Attribute->ou
LDAP People Container Value->people
LDAP Agents Search Attribute->uid
LDAP Agents Container Naming Attribute->ou
LDAP Agents Container Value->agents
LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
LDAP Agents Object Class->sunIdentityServerDevice,top
LDAP Agents Attributes->empty
Identity Types That Can Be Authenticated->Agent,User
Authentication Naming Attribute->uid
Persistent Search Base DN->dc=pollo,dc=fi
Persistent Search Filter->(objectclass=*)
Persistent Search Maximum Idle Time Before Restart->0
Should I enable some setting still to get the forwarding going on? Any ideas for debugging?
Maybe you are looking for
-
I just got an ipod touch 4g and it isn't being recognized in my computer or itunes?
I just bought an Ipod touch and it is not being recognized by my computer or in itunes????
-
*** 16:9 NTSC DV sequence settings?
I have HDV footage that I'd like to drop into a SD sequence in order to render it out and create a DVD. What do I set the sequence settings to in order to create a 16:9 SD sequence? Do I click anamorphic? What dimmensions do I put in (i.e. 720x480 fo
-
Am I even using the correct cd's?
Hello, I'm a new Mac User so here goes. I have a Mac Book Pro too. I wanted to install Windows XP on my Mac using Boot Camp of course. Now, I've been told that the CD's that came with my Mac wont work when I'll try to install Windows. Is this true? O
-
How do I save pictures from text messages to my albums?
I'm trying to save pictures from a text message my sister sent. I don't use photo stream-- I just want to save it to my pictures the way I could with iOS6. The only options I'm given is to delete or send it as a text message to someone else-- there i
-
Can anyone tell me a postal address to allow me to...
Good evening folks, I've had a pretty horrible time dealing with BT customer services recently. I've needed to contact them because my broadband has for quite a few months now has been dropping constantly, and even when it recovers it's often at a di