Using users and groups from LDAP in ADF application

Hi there,
I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
But I can't find proper/up-to-date info about how to do this.
I tried 2 major things:
1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
Any help or documentation that could help me?

Since we aren't using EM I had to find an other way. And I found it.
In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
Thanks for the help.

Similar Messages

  • Admin Console not displaying new Users and Groups from LDAP

    We created a new Realm in WebLogic, which specifies the location of the Netscape
    LDAP server. Our Weblogic application, called TGSLC, is able to find the ldap
    server to use for authentication. My problem is this- the Admin Console is not
    displaying the new users and groups from the LDAP server. Shouldn't the WebLogic
    Admin Console display any users and groups specified in the ldap server, which
    is referenced in the customized Realm?

    Hi Andy,
    I am not sure why you are unable to see the users and groups through the
    console., you should be able to. Can you post the config.xml?
    thanks,
    -satya
    Andy Levy <[email protected]> wrote in message
    news:3b700c36$[email protected]..
    >
    We're running WLS 6.0 Sp2 on Windows 2000 Professional.
    "Satya Ghattu" <[email protected]> wrote:
    Andy,
    Could you please tell us what Version of Weblogic you are running?
    thanks,
    -satya
    Andy Levy <[email protected]> wrote in message
    news:[email protected]..
    We created a new Realm in WebLogic, which specifies the location ofthe
    Netscape
    LDAP server. Our Weblogic application, called TGSLC, is able to findthe
    ldap
    server to use for authentication. My problem is this- the Admin
    Console
    is not
    displaying the new users and groups from the LDAP server. Shouldn'tthe
    WebLogic
    Admin Console display any users and groups specified in the ldap
    server,
    which
    is referenced in the customized Realm?

  • How to create windows users and groups from Java

    Hi,
    Can any one please tell me, which Package/API will helps to create windows users and groups from Java.
    Thanks,
    M.Prem.

    You can't do it with pure Java, and it's not in the core API. You'd have to write a native function to do it, using whatever API Windows provides, and then call it with JNI. Or look for a third party native-based Java library that already does that.

  • Need to migrate Shared services users and groups from 9.3.1 to 11.1.2.2 ver

    Hi All,
    We need to migrate Shared services users and groups from 9.3.1 to 11.1.2.2 version. Any help would be appreciated. Can we use CSS import export utility?
    Thanks in advance!!

    Hi John, In my another environment I have to migrate the users and groups from Hyperion HSS 11.1.1.2 to Hyperion shared services 11.1.2.2. I am using LCM for that, when I export the users and gropus from 11.1.1.2, it exports fine but when i import it to my 11.1.2.2 using LCM, I am getting the below errors.
    Error when I try to import the groups:
    ErrorEPMIE-00051: Failed to perform operation on role. Could not locate role matching filter {0} and filter attribute {1}. Please ensure that a role exists matching the filter with filter attribute.
    EPMIE-00024: Failed to import all of the membership info for group test group. Invalid group members encountered. Please ensure the validity of members and its existence in their respective providers.
    Errors when i try to import the users:
    ErrorEPMIE-00051: Failed to perform operation on role. Could not locate role matching filter {0} and filter attribute {1}. Please ensure that a role exists matching the filter with filter attribute.
    EPMIE-00020: Failed to update user 04668162 during import. Invalid identity for user. Please ensure that the user is available in the system with the identity specified in the import file.
    Any idea?
    Thanks in advance.

  • Import user and group from dump.txt to ACS Solution Engine 3.3

    I have export the user and group using the CSUtil -d on my acs v2.6. But ACS Solution Engine 3.3 does not have the CSUtil command to import the user and group database. Can anyone advise me?

    I'm trying to do the same thing with no luck so far.
    Documentation seems to indicate you can do this using RDBMS Synchronization but we haven't got it to work yet.
    I read the doco as saying you create a csv and place it on an FTP server and ACS will read from that file. When we've tried, it rights its own file with a different extension and says it can't find the one we place in that same directory.

  • Subject area security validating users and groups from external table

    Hi all.
    I don't have practice to put question here, but there is one problem, that seems don't work correctly in OBIEE.
    I'm trying to put users in groups within external table and this works fine.
    I put security on the subject area level like this:
    SA1 -> GroupA allow, Everyone not allow
    SA2 -> GroupB allow, Everyone not allow
    External table:
    User----------Group
    A---------GroupA;GroupB
    B---------GroupB
    Users A, B and GroupA, GroupB exists in the RPD, but I didn't put users inside them, I want this from table.
    From the init block, external table I'm taking users and join them in the group. Same name users and groups are also in the presentation service.
    When i connect with user A i don't see any subject area, when go to My Account i see in Group Membership/GroupA and GroupB, so it's readed from the external table.
    Why in this case the subject area permission is not working?
    It works if I explicitly put users in groups, in the RPD.
    I have read this blog entry http://kpipartners.blogspot.com/2009/07/groups-webgroups-and-delivers.html and it is said that this works, but I'm interested how.
    What should we have in the presentation part, administration, Manage Privileges -> Access within Oracle BI Answers option for those two subject area?
    This doesn't work or something is missing:
    Re: Security on Subject Areas
    Regards
    Goran
    http://108obiee.blogspot.com

    What should we have in the presentation part, administration, Manage Privileges -> Access within Oracle BI Answers option for those two subject area?Yes, you should remove Everyone and add the relevant groups to each Subject Area. You don't need to set privileges in the RPD, in fact that's probably why it doesn't work for you. Leave your RPD Presentation Catalog as "Everyone" = Read as you will controlling access from the Presentation Services and it should work.

  • Migrating Users and Groups from Windows 2000 server to Windows 2013 Standard.

    OK...let me see if I can get this question out the way I need to....
    I inherited a Windows 2000 Server that's on it's last legs.  We have a new server, a Windows 2013 Standard machine that we just recently purchased.  I need to migrate the users and groups over to the new server, but there are two things that are
    making it difficult:
     The 2000 machine is NOT a Domain Controller
    The 2000 machine is NOT running Active Directory
    This is a file server that hangs onto another network of which I have no control of.  It has its' own IP address and there is NO WAY we can run Active Directory or make it a domain controller.
    I have close to 300 users, groups, and printers to bring over to the new server.  Rather than kill myself doing manual input, is there any other way to do this? 

    Hi,
    When you import the CSV file to new server, you need to create a new user account then import the CSV.
    http://blogs.technet.com/b/heyscriptingguy/archive/2014/10/01/use-powershell-to-create-local-users.aspx
    If you have any issue, i suggest you could ask in PowerShell forums:
    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverpowershell
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • I use stated user and group from oracle manual!

    user: oracle and apache
    group: orainv and osdba
    and now I have noticed that the using on the root directory is up to 33%..
    please tell me what is this mean??????

    open the Terminal and run the following command. Are the usernames for the accounts listed in the output?
    dscl . -list Users

  • User and Group management in ADF Application?

    Hello,
    I have successfully integrated my weblogic server with MS AD Ldap Server. I have all the users and groups from AD inside weblogic.
    Now, I would like to create an ADF application with the ability to manage identity. For example, I could navigate to a page in my ADF application containing a list of users and groups from AD, and I could for instance create a new user, remove a group or change an attribute for the user (and all these changes reflect in the LDAP server).
    Is this possible? Is there any documentation for this? I am using MS Active Directory, is there an API to integrate AD to ADF?
    Thank you!
    Joao Moreira

    Hi,
    if your LDAP server is MS Active Directory then you need to check for samples of how to access this directory server from Java. This code then would go into a managed bean to be used with the ADF application.
    Frank

  • Importing user and group database from 2.6 to 4.0

    Hi,
    I need to import the user and groups from version 2.6 ACS to version 4.0. The 2.6 online documentation talks of using the CSUtils to create a .txt back up of the users and group. But I cannot see how to import that into 4.0. Has anyone done this. Any info would be appreciated,
    cheers,

    Hi Darran,
    I looked at what I had imported using the instructions you had supplied me and it looked fine, all users and group, tacacs privelege levels had been imported. I modified a router on our network to point at the ACS 4.0. on testing it looks like the passwords hadn't been copied across successfully. Logins are failing with 'invalid CS password' in the failed authentication log. If I changed the password manually it was fine.
    Have you seen that before?
    Thanks for your help on this.
    Rgds,
    Russell.

  • User and Group Externalization from EAS console Fails!!

    Hi All, I am trying to externalize users and groups from EAS and once its done, all the login Id's (including admin and essadmin) fail. We cant log in into the server anymore because the logins are disabled.
    The shared services is running fine and is talking pretty well with Essbase, but the externalization thing is not working.
    The Essbase is on Linux server and shared services is on windows server and all the products are 9.3.1.
    If any one faced a similar problem or have any idea regarding this issue, please let me know ASAP and would highly appreciate that as we will have to move to production soon.
    Message was edited by:
    user639077

    You might want to Try Re-run the Config utility from the Linux-Essbase server and Re-register the Essbase with HSS.
    Start the Essbase in Foreground and check if it is running
    Now log on to the EAS/AAS with default admin/password if you havent changed it :); add your Essbase server using the Super user/Owner of essbase i mean the id..if you are succesful; i would always create a Test user as before Externalisation i can create users at EAS/AAS and then using Admin id ; i will push the Users/groups to the HSS by Externalising.. let me know if that helped you. GUd Luck..
    Sriram

  • How to import user and group at EPM11.1.2?

    I found a similar topic on this at User & Groups Issue
    But sounds like there is big change a tEPM11.1.2, I didn't find CSSImportExport utility at all.
    Could anyone tell me how to import users and groups from flat file at this version?
    Thanks
    Tony

    You can only use LCM from 11.1.2, it is not really that different format from the CSSImportExport utility.
    I find the best way is to set up a few users and provisioning and then use LCM to export, then you get a good feel to the format of the file.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • User and Group Database Migration

    I am installing SecureACS 4.1 from scratch on a new Server. Is there a way for me to migrate the user and groups from a previous 2.4 and 3.0 vs install? there has to be an easier way to create all those groups and users?

    Someone at Cisco decided that from 4.0 onwards they wouldnt upgrade from every previous version any more.
    I think this means you'd have to upgrade the existing server to 3.1 then create a backup.
    NExt install 3.1 on the new server and restore the backup.
    Lastly upgrade the new server to 4.1 and cross your fingers it upgrades smoothly!
    An easier (but less complete) method is simply to run csutil -d on the first server, copy the dump file to the new one and then use csutil -l. HOWEVER... this can cause problems if you're group/user config uses NDGs (eg NDG->DCS command authorisation) because only NDG indexes are in the dump file.
    When you re-create the NDGs on the new server the indexes are likely all be different.
    So in summary only use the csutil route if your just moving very simple groups or users.
    BTW there is an option for csutil to load just the users from a dump file leaving groups untouched (run csutil -x to find out more)
    Darran
    ps we're seeing more people installing ACS (and aaa-reports!) under VMWare - which then makes hardware upgrades a non-issue.

  • User and groups tables

    Hi,
    I would like to know how to obtain the list of users and groups from the database of portal in the SQL PLUS application.
    Thx Bye
    Philippe

    Hi,
    I assume you are talking about the portal users and groups. If so you can find them in wwsec_person$ and
    wwsec_group$.
    thanks,
    Sharmila

  • LDAP user and group configuration in ADF application

    Hi All,
    I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
    However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
    Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
    Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
    I am using JDeveloper 11.1.1.5.
    Thanking you all in advance.
    Mukesh.

    I have below changes in files
    1] In jps-config.xml
    -- Added identity store and selected it from drop down in Security Context tab.
    2] In weblogic-application.xml
    In Security tab --> Role assignment mapped valid-users to principle name.
    <security>
    <realm-name>myrealm</realm-name>
    <security-role-assignment>
    <role-name>valid-users</role-name>
    <principal-name>DERDev</principal-name>
    </security-role-assignment>
    </security>
    3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
    4] Added security role "DERDev" along with the default/automatically added role "valid users"
    <security-role>
    <role-name>DERDev</role-name>
    </security-role>
    Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
    Mukesh

Maybe you are looking for

  • Sync units with different Apple ID?

    Our family's iPad is linked to my AppleID, and our MacBook Air is linked to my my wife's Apple ID. Is it at all possible that GarageBand on both units could sync through the same iCloud (mine)?

  • Some users not seeing all of a web form in Smart View Excel 11.1.2?

    I am on Planning 11.1.2 and I have an end user who, when he opens a web form in Excel using Smart View, he only sees about 1/3 of the entire form. If in the Oracle/Planning web, the form is fine. When he uses my machine, he sees the entire web form i

  • Is there any way to recover a stolen Mac with iCloud?

    About less than three weeks ago, my bookbag was stolen and inside was my MacBook Pro. I have an iCloud account and OS X v10.7.3 Lion is installed on the computer. So far, the computer or bookbag has failed to show up and I have already filed a police

  • FCPX Event Library

    Hello, I have a project up in the Timeline right now.  When I click on the Film Strip at the bottom left access the Event Library, it automatically goes to Loading... and then the name of a project that I don't want to access.  I can't even get into

  • External operation in routing

    Hi In routing if I maintain controlkey with external operation, I have to enter the info record details. (I have to create info record without ref to material, the pur req/Pur ord created will be account assigned). When ever I create an order the sys