Using Shadow Attributes in LDAP

Similar Messages

• SPNego login using additional attribute in LDAP

  Hello experts,
  We have a situation here to implement SPNego login for portal.
  We have integrated LDAP with portal and the j_user is mapped to an additional parameter (for ex, employee number) to enable the user to use this as a login-id instead of the default user-id.
  Say if the user is logged in with user-id : XYZ and for portal we are picking up the additional parameter (ex ,. ABC) from LDAP for login.
  But SPNego takes only the default user-id (XYZ) from windows. Can we cusomize SPNego to pick up additional attribute (ABC) to authenticate portal?
  Regards,
  Nirmal Sivakumar G
  Edited by: Nirmal G on Feb 3, 2009 12:47 PM

  Hi,
  pls. check steps provided in documentation:
  http://help.sap.com/saphelp_nwce711/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
  Best regards,
  Johannes

• Accessing custom attributes in LDAP using WD Java - UME APIs

  Hello Friends,
  I am trying to access a custom attribute from LDAP in WebDynpro Java. I am using bellow code.
  IWDClientUser clientUser = WDClientUser.getCurrentUser();
  IUser sapUser = clientUser.getSAPUser();
  if (sapUser != null) {
  String[] str_emp = sapUser.getAttribute(<Name Space>,"Attribute Name");
  if (str_emp == null || str_emp.length == 0) {
  wdComponentAPI.getMessageManager().reportSuccess(" NULL ");
  return;
  } else {
  strEmpID = str_emp[0];
  wdComponentAPI.getMessageManager().reportSuccess(strEmpID);
  The name space is "$usermapping$". I am not sure why it is like that only for this attribute i am trying to access.
  I am getting null value if i run this code.
  Can any one help
  thanks
  Shobhan

  Hi,
  Are you sure this is the right namespace? The default namespace is com.sap.security.core.usermanagement.
  You can get all namespaces and the names of all attributes defined for a user using methods getAttributeNamespaces and getAttributeNames : [Interface IPrincipal|http://help.sap.com/javadocs/NW04S/current/se/index.html].
  Regards,
  Pierre

• Using additional userprofile attributes from LDAP

  Hi,
  my users are inside an OpenDS LDAP-Server connected to SSGD 4.41 - all works fine.
  I would like to store some additional SGD attributes like
  UserProfile.Multiple = yes/no
  (Multiple: Whether someone may log in using this user profile and whether this user profile will be shared by multiple users in the form of a "guest" account.)
  also inside the LDAP (extending my own LDAP-schema).
  Question: How can i tell SSGD to use this attribute UserProfile.Multiple from LDAP instead of looking into the
  local repository ?
  regards
  Danny

  Hi Danny,
  I don't think you can do this, as user profile data is never read from the LDAP directory. LDAP users always have to be mapped to a local profile (from the SGD datastore), meaning that any attributes on the user object from the LDAP directory wouldn't be considered when evaluating a user's profile.
  Does anyone else have a take on this?
  -- DD

• Need help in retrieving attributes from LDAP using JNDI

  I am trying to retrieve attributes from LDAP using JNDI, but I'm getting the following error when I try to run my Java program.
  Exception in thread "main" java.lang.NoClassDefFoundError: javax/naming/NamingException
  I have all the jar files in my classpath: j2ee.jar, fscontext.jar and providerutil.jar. The interesting thing is that it gets compiled just fine but gives an error at run-time.
  Could anyone tell me why I'm getting this error? Thanks!
  Here's my code:
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.*;
  import java.io.*;
  class Getattr {
  public static void main(String[] args) {     
  // Identify service provider to use     
  Hashtable env = new Hashtable(11);     
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");      
  // user     info
  String userName = "username";     
  String password = "password";          
  // LDAP server specific information     
  String host = "ldaphostname";     
  String port = "portnumber";     
  String basedn = "o=organization,c=country";     
  String userdn = "cn=" + userName + "," + basedn;          
  env.put(Context.PROVIDER_URL, "ldap://" + host + ":" + port + "/" + basedn);     
  env.put(Context.SECURITY_PRINCIPAL, userdn);     
  env.put(Context.SECURITY_CREDENTIALS, password);     
  try {          
  System.setErr(new PrintStream(new FileOutputStream(new File("data.txt"))));     
  // Create the initial directory context     
  DirContext ctx = new InitialDirContext(env);          
  // Ask for all attributes of the object      
  Attributes attrs = ctx.getAttributes("cn=" + userName);          
  NamingEnumeration ne = attrs.getAll();                    
  while(ne.hasMore()){                         
  Attribute attr = (Attribute) ne.next();                                   
  if(attr.size() > 1){               
  for(Enumeration e = attr.getAll(); e.hasMoreElements() ;) {                                       
  System.err.println(attr.getID() + ": " + e.nextElement());                     
  } else {
       System.err.println(attr.getID() + ": " + attr.get());
  // Close the context when we're done     
  ctx.close();     
  } catch(javax.naming.NamingException ne) {
       System.err.println("Naming Exception: " + ne);     
  } catch(IOException ioe) {
       System.err.println("IO Exception: " + ioe);     

  That doesn't work either. It seems its not finding the NamingException class in any of the jar files. I don't know why? Any clues?

• Login via LDAP using "cn" attribute?

  Hi,
  I work on an LDAP client implementation, and have hit a potential problem using it with the MAC OS X LDAP server. Our device searches for user objects in the LDAP directory, looking for a match of the "uid" attribute against a login name entred by the user. Well we have a customer who is using a MAC OS X LDAP server and says that he has users configured with multiple uids (which we support) but also with a unique "cn", and that it allows login using any of those. For example a user entry would contain:
  dn: uid=joecool,cn=users,dc=xxx,dc=local
  cn: jcool
  sn: Cool
  uid: joecool
  uid: jc
  And this user supposedly can login as joecool, jc or jcool, even though there is no uid attribute with value jcool.
  So my question is, is this the case with MAC OS X LDAP server? Does it (or rather a MAC client using it) allow login with a user name that matches the cn but not a uid?
  Message was edited by: Ian Puleston
  Message was edited by: Ian Puleston

  Hi,
  The User Management guide says a fullname and 16 shortnames are permitted. However, the first shortname is used to form the LDAP distinguished name (dn). My LDAP connection lets me search for any user records based on 'cn = login name' where login name is any fullname or shortname. However, authentication only occurs when using the (dn, password) combination.
  There are significant problems when any names are duplicated. However the most critical is the first shortname which is stored with the password server file along with user id number. Note that to change the first shortname essentially deletes the user account and creates a new one. According to the manual all of the names full and short are kept in the cn listing inside the user record. This allows looking up the user record by any name (cn). During login the record is looked up, the dn retrieved and combined with the password for authentication.
  HTH,
  Harry

• Multi level attribute form LDAP

  multi level attribute form LDAP
  I am trying to write an custom mapping to use to retrieve a value from a multialued field in LDAP (nsRole). Has anyone done this before?
  Rigth now all my mappings are 1:1. However the goal is to get a 1 : M and parse thru it till i get the desied value (1:1)

  Darwin Hammons - Assurant 
  2:44pm, May 17 
  Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location)  queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
  Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location)  queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
  Anthony Erickson
  2:52pm, May 18  
  Hi Darwin,
  We're about to embark on a piece of work with newScale which would be similar to this to support our Multilingual catalogue.  I'll provide any updates I'm able. 
  Thanks,
  Ant 
  Darwin Hammons - Assurant 
  3:25pm, May 18 
  Great, Thanks Anthony ! I hope our bringing up this topic will spark a bit of interest. The Custom Java Mapping  / Directory integration is documented more with RC 9.1. It will be good to hear more about your project and use of Java mappings with LDAP Directories. 

• OAM 11gR2 Authentication using username/password/additional ldap field

  I want to add additional credential parameter along with username and password to be validated against LDAP.
  Is there any out of the box solution for authentication using username/password/additional ldap field in OAM 11gR2?
  This solutions exist in 10g and could not find any OOB feature in 11g.

  Do you need to accept additional parameter from user via login form & then use it in credential mapping step
  Not sure if %% syntax would work .. havent tried it. next option is to develop custom authentication plugin
  Additional ldap attribute against static value
  If you need to add additional ldap attribute (check against static value) that you can specify in LDAP search filter in "User Identification plugin" configuration
  Take a look at "MTLDAPPlugin" under custom authentication modules
  Hope this helps

• How can i extended attribute of user and add attribute to ldap

  how can i extended attribute of user and add attribute to ldap
  1.
  i use spe to modified "Default User Library":add Field like
  title:nation name:accounts[Lighthouse].nation
  2.
  modified "IDM Schema Configuration"
  add <IDMAttributeConfiguration name='nation' description='default attribute from UserExtendedAttributes/UserUIConfig' syntax='STRING'/>
  in <IDMAttributeConfigurations>
  and
  add <IDMObjectClassAttributeConfiguration name='nation' queryable='true' summary='true'/> in<IDMObjectClassConfiguration>
  there is extended attribute when i create new user
  3.
  i create new resource to ldap,and i add nation in "Account Attributes" tab
  but the new attribute not add to ldap
  i am beginner,how to extended attirbute add add to ldap attribute?

  So, if I want to fill in blanks on a form where I need to add more pages to fill history, what program do I need? In Adobe Reader, I can edit and fill in blanks, but I cannot duplicate more blank pages.

• Use of attributes in FIX statement w/ other mbrsets

  Hi all,I just discovered that in 6.1.4, using a FIX statement like:FIX (@ATTRIBUTE("Diet"), @LEVMBRS(Products, 0))will actually select all products, not just a subset that have the attribute "Diet" (where "Diet" is, of course, an attribute of products).Now you might think I'm ignorant, since it seems logical that the subset "Diet" might be overridden by the superset "Products". However the same problem happens if I use:FIX (@ATTRIBUTE("Diet"), @ATTRIBUTE("Discontinued"))This statement returns neither the intersection nor the union of those two subsets - I seem to get ALL products.What gives? Am I just a foolish country boy?-dan

  Does this select ALL of the products, or just the Level 0 products? The reason I ask is that the statement will not be combined using AND logic - only members of different dimensions will be combined using AND logic. Try the following:FIX (@LEVMBRS(Product, 0) AND @ATTRIBUTE(Diet))Now, if your attribute is at level 0 (I assume it is) and you want to select them, just use:FIX (@ATTRIBUTE(Diet))That will select all of the products that have a Diet attribute.Hope that helps.Regards,Jade-------------------------------Jade ColeSenior Business Intelligence ConsultantClarity [email protected]

• Error in committing data while using dynamic attributes

  Hi,
  Module: Performance Management
  Page: Give Final Ratings: Main Appraiser
  Here, I have used dynamic attributes to show the competency name without segments.
  I have added this attribute through controller and i passed value to this attribute in the same ProcessRequest method.
  But, when the manager tries to complete the appraisal for his employee by pressing the continue button in the above mentioned page, the following exception is throwing.
  "This competence already exists within the assessment."
  Is this dynamic attribute will be the problem for this?
  can any one please tell me?
  Thanks in advance,
  SAN

  Hi,
  If you added the column from Extended Controller. It should be a transient attribute to the VO and I think it should not create any issues.
  Error "This competence already exists within the assessment." looks like from an FND Message , You can try to debug this issue by finding the FND Message Name corresponding to the error and search the Message Name in the seeded code.
  -Idris

• How to use extends attribute in jsp page directive

  Can anybody tell how to extend a existing .jsp file from another .jsp file. I have tried but it gives error.
  I have used Extends attribute of page directive as below:
  <%@ page extends = "MyAnotherJsp.jsp"%>
  I also tried : <%@ page extends = "MyAnotherJsp"%>
  I am using Tomcat as a web server
  Also tell where to put those files.
  Thanks.

  Hi I am using Netbeans 5.5, Sun Java System Application Server 9.
  ABC.java
  package javapackage;
  public class ABC{
  public String show(){
  return "Sandip Gaikwad";
  index.jsp
  <%@ page extends="javapackage.ABC" %>
  <html>
  <head>
  <title>JSP Page</title>
  </head>
  <body>
  <h1>JSP Page </h1>
  </body>
  </html>
  Above code throws following exception at runtime:-
  HTTP Status 500 -
  type Exception report
  message
  description The server encountered an internal error () that prevented it from fulfilling this request.
  exception
  org.apache.jasper.JasperException: Unable to compile class for JSP
  Generated servlet error:
  [javac] F:\Sun\AppServer\domains\domain1\generated\jsp\j2ee-modules\Page_Extends_Attribute_Example\org\apache\jsp\index_jsp.java:36: getPageContext(javax.servlet.Servlet,javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.String,boolean,int,boolean) in javax.servlet.jsp.JspFactory cannot be applied to (org.apache.jsp.index_jsp,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,,boolean,int,boolean)
  [javac] pageContext = _jspxFactory.getPageContext(this, request, response,
  [javac] ^
  [javac] 1 error
  Server log
  StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
  org.apache.jasper.JasperException: Unable to compile class for JSP
  Generated servlet error:
  [javac] F:\Sun\AppServer\domains\domain1\generated\jsp\j2ee-modules\Page_Extends_Attribute_Example\org\apache\jsp\index_jsp.java:36: getPageContext(javax.servlet.Servlet,javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.String,boolean,int,boolean) in javax.servlet.jsp.JspFactory cannot be applied to (org.apache.jsp.index_jsp,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,<nulltype>,boolean,int,boolean)
  [javac] pageContext = _jspxFactory.getPageContext(this, request, response,
  [javac] ^
  [javac] 1 error
  at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:94)
  at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:384)
  at org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:461)
  at org.apache.jasper.compiler.Compiler.compile(Compiler.java:528)
  at org.apache.jasper.compiler.Compiler.compile(Compiler.java:507)
  at org.apache.jasper.compiler.Compiler.compile(Compiler.java:495)
  at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:530)
  at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
  at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:412)
  at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:318)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:397)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:278)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
  at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:240)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:179)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
  at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
  at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:239)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
  at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
  at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
  If I delete the line <%@ extends="javapackage.ABC"%> it works fine. Please tell me what is wrong with this line.

• How to use 'roles' attribute in action-mapping ?

  Hi,
  Can anybody tell me what are the steps needed to use 'roles' attribute in <action> tag of struts-config.xml file?
  I want to provide Action level security.
  Also pls post an example if u r having.
  Regards
  Veeru

  Hi,
  The RfcAdapter trys to find a Sender Agreement for this RFC call but the lookup failes. The values used for this lookup are:
  Sender Party/Sender Service: The values from Party and Service belonging to the sender channel.
  Sender Interface: The name of the RFC function module.
  Sender Namespace: The fix RFC namespace urn:sap-com:document:sap:rfc:functions
  Receiver Party/Receiver Service: These fields are empty. This will match the wildcard
  Regards,
  Suryanarayana

• 'authentication failed' using Microsoft ADSI version LDAP server

  Hi All,
  Now days i am facing some problem in authentication (i am using microsoft ADSI version LDAP Server) but am not able to authenticate the LDAP users.
  I have configured my LDAP server in the same manner as u mentioned in this blog.
  when I am trying to authenticate the user from the RPD itself i m gettig the following error:
  “authentication failed” (actually i forgot the exact message but it mean is same as i referred here)
  though i am able authenticate the bind user ( which i used to configure the LDAP Server)
  Please help me in this as i already wasted a lot of time in doing R&D to make it work..
  I have an urgent requirement to do the same..
  Your help will highly appreciated…
  thanks in advance
  PS: I have checked the 'ADSI' box in advance tab:

  Hi,
  Please have a look at the below link:
  Unknown certificate error when testing LDAP SSL connection
  Not sure whether it will help you. But have a look at it.
  Regards,
  Jithin

• Use request attributes in JSF

  Is there a way we can pass data from one form bean to the other using request attributes insted of session attributes?
  I am able to work with session attributes using
  HttpSession mySession = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(true); and setting attributes to it, but getting null pointers(occassionally) when I retrieve the atribute and work with it.
  getSession(false) isnt helping either.
  Looks like facesServlet is creating a new request when it forwards to next page. Any idea on how to get the Faces Servlet do something like request despatcher forward, for navigation so I can work with request attributes?
  Appreciate your input.

  Can I have just one backing bean and use it for all jsps in the app? App has 4 flows from home page and mutiple jsps in each flow. Each jsp has multiple form fields. Is that OK?
  Any way to passing data/objects between different backing beans - other than using session attributes? I had similar problems working on Struts app as well.