Using UME companies when user repository is LDAP-based

Similar Messages

• Use of Companies in User Administration (EP6SP2)

  Hi All,
  We had initially thought of not using the "Companies" concept in our project...I have around 200 user ids already created..but just recently we decided to go ahead with the use of Companies to aid in Delegated Administration. Now I am in a peculiar position..
  1) If I create companies, how would the earlier users be
  affected...do I need to add companies in them seperately ?
  2) Can one super user administrator upload all users for all companies or each delegated administrator needs to upload users for his companies.
  Can someone share light on the same.
  Regards,
  Rajan.K

  Hi Rajan,
  1. When you create companies in the portal, the portal itself creates groups with same names as the companies. Hence, you will not need to maintain company in each of the users you created but just add the users to the right group.
  2. I have never tried this but I believe a user with super admin rights should be able to upload users belonging to any companies.
  See link below for documentation on delegated admin
  http://help.sap.com/saphelp_nw04/helpdata/en/a9/76bd3b57743b09e10000000a11402f/frameset.htm
  Regards,
  Aniket

• Using UME to read binary attribute from LDAP (objectSID)

  Hi,
  I am trying to read the ObjectSID of an LDAP user (from MS Active directory) from an IUser object. This attribute is binary retrieved from the LDAP and if I defined a normal extra attribute in the datasourceconfiguration file and retrieve it as a String the value is wrong.
  So my question is how can I define this as a binary attribute?
  From the file C:\usr\sap\EWD\JC00\j2ee\configtool\dataSourceConfiguration.dtd you get the specification of the xml format for the datasourceconfiguration.
  The Attribute element  has the following specification:
  <!ATTLIST attribute name CDATA #REQUIRED          populateInitially (true|false) #IMPLIED
  readonly (true|false) #IMPLIED
  type (string|blob) #IMPLIED
  cacheTime CDATA #IMPLIED>
  Since you have type here, I tried setting it to blob under the user object as such:
  For user:
  <attribute name="guid" type="blob" populateInitially="true"/>
  For attribute mapping:
  <attribute name="guid">
  <physicalAttribute name="objectSid"/>                    </attribute>     
  However, I still get the following error when calling
  iuser.getBinaryAttribute(UME_NAMESPACE,UME_GUID_NAME ):
  Caused by: com.sap.security.api.UMRuntimeException: String attribute "com.sap.security.core.usermanagement"-->"guid" must be read using IPrincipal.getAttribute(com.sap.security.core.usermanagement,guid)
       at com.sap.security.core.imp.AbstractPrincipal.getBinaryAttribute(AbstractPrincipal.java:300)
       at com.sap.security.core.imp.UserWrapper.getBinaryAttribute(UserWrapper.java:261)
       at com.bouvet.portal.login.UserIntegrityLoginModule.getStatoilUser(UserIntegrityLoginModule.java:430)
       at com.bouvet.portal.login.UserIntegrityLoginModule.login(UserIntegrityLoginModule.java:255)
       at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
       ... 41 more
  This error indicates that the attributes is a string and not a binary attribute.
  Anyone?

  Create OSS and initial message is that this is not supported eventhough some of the configuration files point that direction. It's really easy to implement so maybe if I am lucky I'll get a hotfix.
  Dagfinn
  btw the field was objectGUID not objectSID

• OIM Client application development using OIM API, when user password is not available

  I am developing a cleint application for OIM. The client application is a set of services, running on a separate server from where OIM is running.
  The OIM version used is 11gR2.
  As I look into the oimClient object, the login method takes username and password. As my application is in an SSO environment, I do not have the password for the user, and just have the user's login ID.
  If I am correct, the tcUtilityFactory allowed a digital signature option, to support scenarios like the above.
  Question is, does oimClient support similar functionality? I did not find any examples in the Oracle documentation.
  I will appreciate if someone can confirm a similar usage and provide me some sample code and configuration details.
  Thanks.
  -subrata

  Check: http://www.ateam-oracle.com/authenticating-oim-apis-without-end-users-password/
  -Bikash

• Alternative of UUP, Using OVD repository (Through LDAP configuration)

  Hi All,
  if any body no the alternative approach of weblogic portal UUP . please help me .
  MY requirement is using oracle virtual directory(OVD) repository (Through LDAP configuration)
  i did ovd configuration to my weblogic server security relam . and in protal side , i have written one class to access data from we ldap and set it on .usr file .
  and i am getting user profile from weblogic portal console and in my result jsp also i am displaying .
  but when i am fetching group information . i am getting error .
  if any body know the solution please help .
  best regards
  sanjay
  Edited by: user1006007 on Jan 5, 2011 4:34 AM

  "cn=webi" is this the distinguished name for the LDAP account?
  also try using the IP instead of hostname
  and if you CMS is using oracle try to use 10.2.0.2 or earlier driver.
  Regards,
  Tim

• How to use OUD as LDAP for single db user repository?

  I have been assigned a project to add all the database users to OUD as a single repository for all our database users.  This would be similar to using Active Directory.  Could someone explain or point me in the right direction on how to add users and password (to include password policy) to OUD and then map them to global database schemas and/or roles?   I am a DBA and not familiar with OUD, but followed the instructions and got OUD up and running and have registered the databases with it.
  Part 2 of my question is after registering the database with OUD, this database is a 2 node RAC and it only registered the database and not the associated instances and/or services.  How do you add those (instances and services) into OUD?
  Thanks in advance!

  Hello,
  This is typically the EUS use case where OUD is used to store Enterprise Users and Roles + the associated mappings.
  More about EUS support in OUD at Integrating With Oracle's Enterprise User Security - 11g Release 2 (11.1.2)
  I guess you configured DB user location in the OUD directory when you configured EUS. See Integrating Oracle Unified Directory with Oracle Enterprise User Security - 11g Release 2 (11.1.2)
  You can create users in LDAP using various means e.g.
  ldapmodify (Adding, Modifying, and Deleting Directory Data - Oracle Fusion Middleware Administration Guide for Oracle Unified Direct…). Any user objectclass, including inetorgperson would fit
  import-ldif
  any graphical tool including ODSM (Managing Data With Oracle Directory Services Manager - Oracle Fusion Middleware Administration Guide for Oracle Unified …)
  To create roles and mappings, you can use the database console  or EUSM command line as described in https://blogs.oracle.com/sduloutr/entry/using_eusm_to_manage_eus
  Regarding question #2, RAC instances are not individually registsred in EUS, the global RAC DB name only need to be registered.
  Sylvain
  Please mark this response as correct or helpful when appropriate to make it easier for others to find it

• Automating user creation for Unity Connection when sync'd with LDAP

  Hi
  Is it possible to automatically create users that sync with unity connection?
  I have a unity connection 7.0 server that is sync'd with LDAP and i use a ldap filter so that only users with a specific attribute are sync'd. I can see the users when i try to do an import but is there anyway that they can automatically be created

  No
  Check this check box so that Cisco Unity Connection gets basic information on Connection users from the LDAP directories that you specify on the LDAP Directory page. Data is synchronized only for the Connection users that you created by importing users from the LDAP directory. Connection does not automatically create new Connection users when new users are added to the LDAP directory.
  http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/gui_reference/guide/7xcucgrg100.html#wp1069724
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• 0 down vote favorite share [fb] share [tw]        How to hide cut/copy/paste/Replace- menu on the UIWebView when it is being displayed over the keyboard.  Detail: I am having a HTML from, having text box, displayed using UIWebView. If user types in text b

  How to hide cut/copy/paste/Replace… menu on the UIWebView when it is being displayed over the keyboard.
  Detail: I am having a HTML from, having text box, displayed using UIWebView. If user types in text box it shows the keyboard. Now If user tap and hold on text box it shows a popup menu. Now while keyboard and pop up are being displayed user scrolls the view. At this time it shows pop up over the keyboard which I need to hide.
  I tried setMenuVisible of UIMenuController when popup rect and keyboard rect intersects each other on viewDidScroll but it didn't help me.
  Any clues will help a lot.
  Thanks.

  You are more likely to get an answer if you post programming problems to the Developer forum. This forum is intended for normal user level problems.

• Use Global Conditions when Deploying an Application to a User

  Hi,
  Use Global Conditions when Deploying an Application to a User:
  I would like to deploy App-V Application with User centic in mind. The problem is that when the user login to a specefic typ of desktop the application shall be deployed. But if the use login on there primary device or some other
  device with same SLA the Application shall not be deployed.
  I think I can use Global Conditions to solve this. I have read about GC and it looks like I could greate a GC rule that deploy the software if the computer is in an AD-group or maybe becas all this computer starts with same prefix, sp maybe
  if the computernamn starts with PC the application will get deployed.
  The issue is that there is differant SLA on the computers that the User login to. 
  Or what mor can I do?
  /SaiTech

  Just keep in mind this puts a load on AD, a Domain Controller can get tickled silly by these Global Conditions running from each of your Clients, depending on the scale of your environment it can have an impact. It's a great idea GC's, just need to consider
  what load you are putting on the infra when they run.
  Might not be an issue for\to you, worth nothing all the same.
  Robert Marshall | This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs

• Why does 'User not registered for online use' show up when I try to import a cd into itunes. None of the cd info shows up either

  Why does 'User not registered for online use' show up when I try to import a cd into itunes? None of the cd info shows up either.

  Well, the format I upload from the camera is "video clip" or "video for Windows"...sometimes I've converted them to avi format, too. But as I said, it never even lets me get that far...I never get to even select a clip. As soon as I tell the program to "import/clip" it freezes up before I can even go to the folder that the clips are in. It has only begun to do this recently, and I'd never had any problems like this before. Last night I tried it again, and I clicked "open composition", and it froze when I did that too.
  I'm not sure how much more specific I can be about the details of the clips, since I'm positive it has nothing to do with the clips themselves...I'm running Windows XP, though...Home Edition Service Pack 2, Pentium 4 CPU 2.80GHz, with 504 MB of RAM. I have had the automatic updates turned on since I did my last reformat a couple of weeks ago. Could it have something to do with some kind of an update it may have done?

• I had to do a complete system restore on my computer and now I am having issues getting all my music back. It's telling me that my account is in use with a different user but I'm the only user on my computer. When I go to sync it, it wants to delete all.

  I had to do a complete system restore on my computer and now I am having issues getting all my music back. It's telling me that my account is in use with a different user but I'm the only user on my computer. When I go to sync it, it wants to delete all my music and ringtones. What should I do? I don't want to loose all my items.

  When in recovery mode you can't backup the iPod.
  You will have to restore via iTunes. See:
  iTunes: Restoring iOS software
  To restore from backup see:
  iOS: How to back up
  If you restore from iCloud backup the apps will be automatically downloaded. If you restore from iTunes backup the apps and music have to be in the iTunes library since synced media like apps and music are not included in the backup of the iOS device that iTunes makes.
  You can redownload iTunes purchases by:
  Downloading past purchases from the App Store, iBookstore, and iTunes Store

• Abap error when user fi asset using tcode KO88

  hai gurus,
  when the user fi_asset team want to use the transaction the system give and error.
  For gurus information, we are facing the number ranges issue. when document type AA that using number ranges from 100006000 - 100006999 have been hit to maximum value in year 2007
  so the at the time is we create a another number ranges in documnet type AA using number ranges form 8000000000 - 8999999999 that for year 2007 untill the future
  but now when the user want to use this transaction the system have issue the problem.
  when the user run the test run mode is no detect any problem but when user make actual run the system give abap error like this below.
  ABAP runtime errors    MESSAGE_TYPE_X                                                     
         Occurred on     22.02.2008 at 09:58:49                                                                               
  >> Short dump has not been completely stored. It is too big.                                                                               
  The current application triggered a termination with a short dump.                                                                               
  What happened?                                                                               
  The current application program detected a situation which really                         
  should not occur. Therefore, a termination with a short dump was                          
  triggered on purpose by the key word MESSAGE (type X).                                                                               
  What can you do?                                                                               
  Note the actions and input that caused the error.                                                                               
  Inform your SAP system administrator.                                                                               
  You can print out this message by choosing "Print". Transaction ST22                      
  allows you to display and manage termination messages, including keeping                  
  them beyond their normal deletion date.                                                                               
  Error analysis                                                                               
  Short text of error message:                                                              
  Document number 1000 100060000 2007 was already assigned                                                                               
  Long text of error message:                                                               
  Diagnosis                                                                               
  Document number 100060000 in company code 1000 and fiscal year 2007                  
       has already been assigned.                                                           
  System Response                                                                               
  Termination of processing.                                                           
  Procedure                                                                               
  Check document number range 01 in company code 1000 and fiscal year                  
       2007 and correct the number range status if necessary.                                                                               
  Technical information about the message:                                                  
  Message classe...... "F5 "                                                                
  Number.............. 152                                                                  
  Variable 1.......... "1000 "                                                              
  Variable 2.......... "100060000 "                                                         
  Variable 3.......... "2007 "                                                              
  Variable 4.......... "01 "

  Hello,
  If you are facing the error during KO88, there could be a problem with settlement document number range also.
  During settlement, a settlement document is created and also related FI, CO, PA documments as applicable.
  Please go to t code SNUM, check the number range for CO settlement object:CO_ABRECHN.
  Let me know if it solves your problem.
  Sourabh

• Synchronisation problem when using iFS as Portal document repository

  Is anyone using 9iFS as the repository for their Portal documents but getting DRG-11602: URL store: access to <file name> requires authentication when synchronising the PORTAL30.WWSBR_URL_CTX_INDX index. This is run under schema CTXSYS, using ctx_schedule.
  We use a URL on the Portal folder to access the iFS document and, if the ACE on the document ACL includes World Read, then the document is indexed correctly but if it has no World Read access then synchronisation fails with the above error. These secure documents are indexed correctly, however, when synchronising IFSSYS.IFS_TEXT.
  When you put the URL for the document in the browser then you are prompted for an iFS username/password and this is obviously the problem when synchronising. Oracle Support say that the Oracle 9i Oracle Text Reference, Chapter 2: Indexing, definition of URL_DATASTORE states :The login:password@ syntax within the URL is not supported. Oracle Support have also suggested that using iFS as the Portal repository is not standard practice and that we should simply add our documents as items on the folder. Doing this means not being able to take advantage of the added functionality of iFS such as versioning and, anyway, I thought that Oracle had plans to fully integrate the two products with iFS being the default repository in a future release of Portal.
  Until then has anyone got any ideas for a workaround because we are unable to index the contents of all secure documents on our Corporate intranet? We cant be the only site using iFS and Portal in this way!

  Hello Raymond,
  I must say that I downloaded the JBoss Portal Binary and not the bundle JBoss AS + JBoss Portal, because I already had a JBoss AS working, so it was the best way to do it (as it is said in the JBossPortalReferenceGuide). I have both things (server and portal) in the same directory, but I don't know if maybe one of them should contain the other (I have seen that in the bundle, the portal directory contains the JBoss application server) When I downloaded the JBoss Portal and tried to deploy it by directing my web browser to http://localhost:8080/portal it did not work, so I decided to copy the jboss-portal.sar directory from the JBoss Portal to the deploy of my server. Maybe this was a mistake.
  But anyway I have seen that JBoss Portal 2.6 comes with the myfaces jars, and as JBoss AS 4.2 uses Sun RI by default, it is going to collapse anyway. Should I just remove these jars from the portal? As I told you before, I tried doing it and I got two errors of not found classes.
  Please, any help would be really appreciated, I am losing a lot of time with this bug, because the server keeps getting out of memory due to it.
  Thanks in advance.

• Good afternoon. My iphone 4s used in Amerke another user. When you upgrade requests id and password. I can not get it, what to do?

  Good afternoon. My iphone 4s used in Amerke another user. When you upgrade requests id and password. I can not get it, what to do?

  As the previous owner of the phone or set up your own id and passwords.
  You should have perhaps thought about all of these things before buying the phone.

• How to create Users/Roles for ldap in weblogic without using admin console

  Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
  or is there any ant script for creating USers/Roles?
  Regards,
  Raghu.
  Edited by: user9942600 on Jul 2, 2009 1:00 AM
  Edited by: user9942600 on Jul 2, 2009 1:58 AM

  Hi..
  You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
  .e.g. wlst create user
  ..after connecting to admin server
  serverConfig()
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
  cmo.createUser("userName","Password","UserDesc")
  ..for adding/configuring a role
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
  cmo.createRole('','roleName', 'userName')
  ...see the mbean docs for all the different attributes, operations etc..
  ..Mark.