Using LDAP with query on groups

Similar Messages

• How do I use LDAP with iMQ 2.0?

  I am looking for an example to see how to use LDAP with iMQ 2.0.
  I was able to set up the config settings to access a local LDAP,
  but iMQ authentication still rejects valid logins.
  Let me know if I can find more info someplace.

  You can also find an example I put togther in the Sun One knowledge base.
  If you go here:
  http://knowledgebase.iplanet.com/NASApp/ikb/index.jsp
  Search for article 7772
  Alternatively here is the direct link
  http://knowledgebase.iplanet.com/ikb/kb/articles/7772.html

• How to use LDAP with Oracle forms 10g on Oracle application server

  Hi,
  I need some help on this. I have developed oracle forms 10g on application server 9iAS. The client want to use the existing LDAP authentication to the software we wrote. I do not know how I could configure to use the existing LDAP authentication . If anyone know how would I use the existing LDAP on different server to use when they logon to our menu in 10g to validate the user. Do I need to add any varibales in formweb.cfg or any other method. Please help.
  Thanks
  Luksh

  I am not quite sure if this works out of the box. According to an Oracle FAQ:
  4.2 Can I use LDAP to authenticate Forms Services?
  Not directly. However, Oracle Login Server is able to authenticate against a LDAP directory and thus a Forms application can take advantage of this in a SSO environment. But you cannot use access control information stored in a LDAP directory with Forms.

• Can anyone guide me of using LDAP with JSP?

  I am a beginner in java. Plz post your answers in a simple and easy manner and explain it clearly. I am doing a project for which I require to use LDAP in JSP.

  I assume he wants to use LDAP to authenticate user logon in a JSP application.
  There are a few ways, JNDI being one. But a simpler method might be to see if this library works for you:
  http://www.mozilla.org/directory/javasdk.html
  HTH.

• EPM 11.1.2: Using LDAP with BugTracker

  Hi,
  I'm using EPM 11.1.2 as production env with NativeDirectory and I'd like to use Redmine as bugtracker for my support of EPM.
  I need for integration it's LDAP and my bugtracker (Redmine).
  I found this: http://www.redmine.org/projects/redmine/wiki/RedmineLDAP
  --Can you tell me BaseDN string to connect for LDAP? dc=users or dc=css,dc=hyperion,dc=com--
  What is port number for connect to LDAP? 389 doesn't works.
  Ohh... http://john-goodwin.blogspot.com/2010/05/epm-1112-life-after-openldap.html :(
  Does it possible to using SSO?
  Edited by: Antony NoFog on 12.01.2012 18:47

  You can't connect Redmine to the EPM native directory because it does not emulate an LDAP interface. Native user management is based on a relational database.
  But EPM can be (and usually is) integrated to one or more external LDAP directories (Microsoft Active Directory, Novell, or anything else the supports the LDAP v3 standard). In most environments there are only a handful of native administrator users on an EPM system and all the regular users are external users (although they are often grouped into native groups). Could you not integrate Redmine with the same external directory as EPM? Then your users should be able to log into both Redmine and EPM using their external directory credentials.

• Password character limit using LDAP with HPUX 10.20?

  Hi,
  I'm a little new to this, so sorry if this is a bit of a daft question - we've got an LDAP server running under HPUX 11.00 and it seems our HPUX 10.20 machines only authenticate against the first 8 characters of the users password. System security policy rules for the password in SAM are set to a higher value and HPUX 11.00 machines have no trouble with lengthy passwords at all.
  Can anyone recommend anything to check or do?
  Thanks greatly in advance,
  Neseem.

  Hi,
  The ldap server password length is 8 char this has nothing to do with the password lenght which you have set in the HP UX SAM.The ldap pasword lenght is 8 char long which ever OS it may be installed that's the standard lenght they have set in the Directory server product itself.

• Using LDAP as Naming and Directory Services of Weblogic

  Hi All,
  I wan to use LDAP(using Netscape Directory Server 4.2 as LDAP server) with weblogic5.1. I want that beans should be bound this LDAP server when they are deployed. For this what I have to change in configuration?
  Anyother suggestions related to using LDAP with weblogic are welcome. In this regard, I want to ask whether weblogic application server has LDAP server built into it or not.
  Thanks and Regards,
  sudarson

  As I understand from your reply, you are suggesting me to bind the beans to LDAP server within the bean class's setentitycontext ? Is it so ? Can we not configure even this feature in weblogic6.0 also ? One thing more, if do this kind of thing then jndiname will be hardcoded into the bean class and can't be changed by simply editing the deployment descriptor. Pls suggest.
  Regards,
  sudarson
  "Michael Girdley" <----> wrote:
  >
  >
  This is not possible through configuration at the current time. One thing
  you could do is have your EJBs make a connection to your LDAP server and
  register themselves when they are deployed.
  Michael Girdley
  BEA Systems
  Learning WebLogic? http://learnweblogic.com
  "sudarson" <[email protected]> wrote in message
  news:3a755fd5$[email protected]..
  Hi All,
  I wan to use LDAP(using Netscape Directory Server 4.2 as LDAP server)with weblogic5.1. I want that beans should be bound this LDAP server when
  they are deployed. For this what I have to change in configuration?
  Anyother suggestions related to using LDAP with weblogic are welcome. Inthis regard, I want to ask whether weblogic application server has LDAP
  server built into it or not.
  Thanks and Regards,
  sudarson

• Any issues with using LDAP on LINUX for GRC 5.2 UME?

  Our company is converting our LDAP servers from AIX to LINUX.  The DNS name used in our UME connection should not change.  Are there any issues with using LDAP on LINUX?  We are currently on GRC 5.2 SP9 (in the middle of upgrading to SP12).
  Also, I have been trying to connect our test UME system to a test LDAP box that has already been converted to LINUX but keep getting a 'connection failed' error when I try to test it. 
  Do you have to reboot the server to test changing the LDAP connections?  I've been trying it by going into UME, pulling up the LDAP tab, hitting the Modify button, entering the new userid and password for test LDAP, and hitting the Test Connection button.  I've verified that this userid and password is correct for test LDAP.
  Is there a way to get more information about why the connection failed?
  Thanks.

  I've been told by our LDAP Support group that none of the other configuration settings should have to be changed.  I should only have to change the id and password to connect to a test version of LDAP instead of our regular connection to the production LDAP.
  Can you test a connection for a different userid/password without having to reboot/restart the server?  Do I need to change these two settings, save then, reboot/restart, and then do the Test Connection button?
  Thanks.

• ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

  Hi All,
  I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
  The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
  There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
  The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
  I can only do an all or nothing scenario.
  It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
  Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
  Scenario 2 would be an ideal longer term solution.
  Any thoughts, ideas or assitance would be greatly appreciated.
  Cheers

  This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
  assert(function()
     if ( (type(aaa.ldap.distinguishedName) == "string") and
          (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
  then
         return true
     end
     return false
  end)()
  from the debug dap you can see what Users relates to;
  DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
  My admin account fails to get me in to the same profile:
  DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
  Thanks
  Andrew

• Issue with deleting a group using Request APIs in OIM 11g R1

  Hi,
  I am facing an issue with Request Based provisioning in OIM 11g R1.
  I am currently testing a scenario where i have imported a data set for 'Modify Provisioned Resource' and am able to add a group/entitlement to an already provisioned resource by using the following code :
          RequestBeneficiaryEntityAttribute childEntityAttribute= new RequestBeneficiaryEntityAttribute();
          childEntityAttribute.setName("AD User Group Details");
          childEntityAttribute.setType(TYPE.String);
          List<RequestBeneficiaryEntityAttribute> childEntityAttributeList=new ArrayList<RequestBeneficiaryEntityAttribute>();
          RequestBeneficiaryEntityAttribute attr = new RequestBeneficiaryEntityAttribute("Group Name", <group>,                                                                       RequestBeneficiaryEntityAttribute.TYPE.String);
          childEntityAttributeList.add(attr);
          childEntityAttribute.setChildAttributes(childEntityAttributeList);
          childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
          beneficiaryEntityAttributeList = new ArrayList<RequestBeneficiaryEntityAttribute>();   
          beneficiaryEntityAttributeList.add(childEntityAttribute);
          beneficiarytEntity.setEntityData(beneficiaryEntityAttributeList);
  This works fine for adding a group but if i try to remove a group by changing the action to Delete in the same code, the request fails. The only change made is in the following line:
  childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Delete);
  Could you please suggest where can this possibly be wrong.
  Thanks for your time and help

  Hi BB,
  I am trying to follow up your response.
  You are suggestng to use prepopulate adapter for to populate respource object name, that means We have to just use an sql query from obj tabke to get the resource object name. right ?? it could be like below, what should I have entity-type value here ??
  <AttributeReference name="Field1" attr-ref="act_key"
  available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true"
  entity-type="????"/>
  <PrePopulationAdapter name="prepopulateResurceObject"
  classname="my.sample.package.prepopulateResurceObject" />
  </AttributeReference>
  <AttributeReference name="Field2" attr-ref="Field2" type="String" length="256" widget="lookup-query"
  available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku
  where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.xxx.BO.Field2'
  and instr(lkv_encoded,concat('$Form data.Field1', '~'))>0" display-field="Description" save-field="Value" />
  </AttributeReference>
  Then I need think about the 'Lookup.xxx.BO.Field2' format.
  Could you please let me know if my understanding is correct?? What is the entity-type value of the first attribute reference value?
  Thanks for your all help.

• Issues with query using joins in 3 tables

  I am trying to fetch data from 3 tables (Project,RIsk and Issues) using join. There are Risks associated with some projects and Issues associated with some projects.
  ProjectID is primary key in Project table.
  RiskID is primary key in risk table. ProjectID is foreign key.
  IssueID is primary key in Issue table.ProjectID is foreign Key.
  I need the projectname, count of risks for projects, count of issues for projects. I am using joins in all the 3 tables. Issue here is, its giving me double of count of risks and issues for each project.
  Please advise how can I get the correct number. I have used the below query,
  select p.projectname,count(r.riskid),count(i.issueid) from project as p
  left outer join risk as r on p.projectid=r.projecctid
  left outer join issue as i on p.projectid=i.projectid
  group by
  p.projectname
  thanks

  Hi All,
  I got a new requirement to count, the number of high priority risks as well as high priority issues along with the other details. I modified the below table to include the changes, but I am not getting the desired result. Could you please help?
  Original query:
  select p.projectname,count(distinct r.riskid), count(distinct i.issueid) from project as p
  left outer join risk as r on p.projectid=r.projecctid
  left outer join issue as i on p.projectid=i.projectid
  group by p.projectname
  Modified query:
  select p.projectname,count(distinct r.riskid),sum(case when r.riskpriority='high' then 1 else 0 end), sum(case when i.issuepriority='high' then 1 else 0 end),count(distinct i.issueid) from project as p
  left outer join risk as r on p.projectid=r.projecctid
  left outer join issue as i on p.projectid=i.projectid
  group by p.projectnameI should get the desired result as:XYZ,8,1,4,4But I am getting:XYZ,8,4,4,32thanks for the reply.

• Buyer Account, Welcome mail with password & LDAP related query

  Hi All
  We are facing an issue with the LDAP configuration while creating Buy  side users, please see below
  If anyone of you could help, please provide your contact details or a solution to overcome this
  Background
  We have installed SAP E-Sourcing 5.1 On-premise.
  We are currently doing the post installation configuration
  -          Imported the Out of the Box enterprise Deployment Workbook (We have not modified the contents of the workbook)
  -          We have configured an SMTP mail host to send and receive all mails from the application
  Query
  Based on the enterprise Deployment Workbook, the system has created the following Directory configuration settings pointing to different LDAP system
  DISPLAY_NAME   EXTERNAL_ID
  QA SunOne 5.2 u2013 Buyside  dir.qa.sun.bs
  QA SunOne 5.2 u2013 Sellside  dir.qa.sun.ss
  QA ActiveDirectory 2003 - Buyside dir.qa.ms.bs
  QA ActiveDirectory 2003 u2013 Sellside  dir.qa.ms.ss
  QA Oracle 9.0.2 u2013 Buyside  dir.qa.ora.bs
  QA Oracle 9.0.2 u2013 Sellside  dir.qa.ora.ss
  When we are creating the Buyside users (If we use the Check Box u2013 Create Directory account), we are getting a communication error
  If we uncheck it, it creates the account but the system does not generate the welcome mail. We understand that the welcome mail has the system generated password to log-onto the application as the Buyer.
  We are also not able to create the local users, as the password.properties template isnu2019t available in the downloaded software, we donu2019t know the format thatu2019s expected by the system.
  Please let us know, if there is an alternate way to get the password even without using LDAP or Local directories.
  Incase LDAP or creation of local directory is the key, then please let us know whatu2019s happening incorrectly in our case.
  This has become a show stopper for us going any forward.
  Request your help ASAP
  Regards
  Tridip

  Hi All
  I had the same problem when I tried doing the email Set-up
  I finally realised that you need to do the configuration steps for SMTP using the enterprise user and the system user. If you have done this setting as only the system user the mails will be in Awaiting retry.
  Do this and the mails will start flowing, incase your SMTP mail server is working fine
  Please do the following settings logged in as System User and Enterprise User
  System Properties->searrch for messaging
  Set           -                Property                       -               Value                -                   Context
  messaging messaging.smtp.mailhost                replace the default with your value  System Context
  messaging messaging.smtp.port                       25                                               System Context
  Also please let me know what is the status of the messages in your Queued Messages
  This should work
  Do let me know, if it does
  Regards
  Tridip
  Edited by: Tridip Chakraborthy on May 27, 2009 11:57 AM
  Edited by: Tridip Chakraborthy on May 27, 2009 12:02 PM
  Edited by: Tridip Chakraborthy on May 27, 2009 12:02 PM

• Problem using a group which has a space in it's DN when using LDAP Group mappings in UCS 1.4

  Hey,
  We've been implementing LDAP authentication (Active Directory) using LDAP group mapping in UCS 1.4, and we've noticed that when using a group which has a DN with a space in it (such as "UCS Admins") it wouldn't authenticate the user with the appropriate role.
  Using a DN without spaces (such as "UCSAdmins"), works just fine.
  I should mention that having a base DN with spaces works just fine as well, it's just the group mappings that doesn't work.
  I should also mention that Cisco's "Quick guide to configuring ldap for ucs 1.4" shows an example in which the group's DN doesn't include a space.
  Is there a workaround available which can make it possible using a group which has a space in it's name?
  Thanks,
  Dor

  Hey Roman,
  Thanks for your prompt reply.
  We've tried putting quotes using UCSM which is not possible at all - not for the entire entry nor for the part with spaces.
  We've also tried using CLI ("scope security/ldap/ldap-group") where you have to put quotes if you use a DN with spaces, and it still doesn't work. Furthermore, we tried adding quotes only to the part with the spaces, i.e. - CN="UCS Admins",OU=TEST,DC=TEST. It adds the entry without an error, but shows like we would use "CN=UCS Admins,OU=TEST,DC=TEST". Anyway, it doesn't work either.
  Thanks again,
  Dor

• Security - using LDAP groups

  I want to protect my EJB using LDAP groups. WLS is recognizing WLS users but unable
  to recogniz groups. Here is my weblogic-ejb-jar.xml
  <security-role-assignment>
  <role-name>channel-role</role-name>
  <principal-name>system</principal-name>
  <principal-name>mygroup</principal-name>
  <principal-name>cn=mygroup,ou=groups,o=mycompany</principal-name>
  </security-role-assignment>
  It recognizes user system but not the group. LDAP group is cn=mygroup,ou=groups,o=mycompany.
  When I pass the credentials from the client of a uniquemember, WLS generates a
  security exception. It won't recognise mygroups or cn=mygroup,ou=groups,o=mycompany
  either.
  Any suggestions?
  Thanks
  -Surya

  Yes, It has impact. You create groups in the Repository & Answers and assign the object level permissions.
  You Populate Group Variable during authentication via LDAP server. Once you login with X name you see the authorized groups in the my account.
  For dashboard A - For group Executive - User X - You have given full access.
  Now you have changed the Group name to AD_Executive. When You Login variable values would be
  User - X
  Group - Ad_Executive
  Dashboard A - No permissions.
  If you have a scenario of changing the group names then get Groups from database using Init block after authorization.

• Using LDAP group to autenticate users from inside network to Internet

  Hi team, I got an asa 5510 version 7.2.3 and i need to autenticate my users from inside network to internet using a security group in the Active Directory, anyone can help me with these?

  This might not be complete for your needs but it may give you enough of what you need without having to purchase full url filtering etc.
  Authenticate with LDAP as shown earlier in this thread, then use this aaa ldap with cut-through proxy -
  PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml
  then do some filtering -
  ASA/PIX 8.x: Block Certain Websites (URLs) Using Regular Expressions With MPF Configuration Example
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml