Windows active directory integeration with sap user mangement

Similar Messages

• Ms-Active Directory integration with SAP 4.7 SR2 through LDAP Connector

  Dear Gurus,
  Let me clarify the scenario:
  At our end, we are planning for SSO, we are integrating Microsoft ADS with SAP 4.7 IDES
  Following are the system details:
  SAP: IDES 4.7, on Windows 2000 Advance Server, Oracle 8.1.7.,Kernel-620
  MS-Active Directory: Windows 2003 Enterprise Edition, with Service Pack-1
  With the above mentioned landscape we have integrated
  LDAP-Connector on MS-Active Directory, on MS-Active Directory OS
  side we have tested the command (ldap_rfc –a LDAP_ADS –g
  ides.ho.com –x sapgw00) then we are testing it through an
  RFC in SAP 4.7(IDES), with result success.
  Everything is fine Im able to Log ON thru the User but when I try to search objects in LDAP(ie. ADS) thru "FIND", but getting Error message "operation Failed".
  Referred note 511141 for the error.
  Can't find anything more.
  Required help...
  Regards,
  SHAH

  Dear Juergen,
  As of we have applied the SP-level till 40.
  Through LDAP tcode we are able to Logon to the Directory server, and we
  are also able to search, through FIND,
  the system displays all entries below the specified base entry.
  After that we are trying to Synchronize it, using report RSLDAPSYNC_USER through SE38, but its showing following errors:
  Connection created to Server LDAP_ADS (successfully with Green)
  Operation Failed (Error with Red)
  Error message: LDAPRC001
  LDAP_SEARCH failed (Error with Red)
  Error message: LDAPACCESS101
  The System could not create directory objects pool (Error with Red)
  Error message: LDAPSYNC005
  Connection to LDAP_ADS server terminated
  As for first Error: Error message: LDAPRC001, we referred Note 511141,
  Response: "This error msg does not mean that the SAP System sent incorrect data".
  For Error message: LDAPACCESS101 and Error message: LDAPSYNC005, we refferred 696021 and 695026
  Response: to apply the correction change, as our SP level is above the requirement, we have
  level-40.
  Unable to get further, any solution/suggestion.
  Bye for now.
  Regards,
  Shaibaz

• MS active Directory Configuration on SAP 4.7 and ECC6.0

  Hello
  Can anybody guide the steps required for MS Active Directory Configuration with SAP 4.7 on AIX and
  and ECC 6.0 also on AIX 5.3.
  Currently we are using many different applications on client landscape.
  The requirement is for implementing the Single Sign On for all the applications
  on the client landscape.

  Please check
  /people/andre.fischer/blog/2008/06/04/windows-server-2008--active-directory-certified-for-the-bc-ldap-usr-directory-interface-for-user-management
  In Case you also have EP then
  /people/wai-hon.lam/blog/2006/04/20/windows-integrated-authentication-via-kerberos-on-an-ldap-data-source
  Also check below for SSO
  Note 121178 - NT: Installation note for SSO Single Sign On
  Note 138498 - Single Sign-On Solutions

• Windows active directory logs

  Hi,
  We are using Windows active directory to manage our users. Another company has configured the same for us.
  Currently we don't have permissions to create a new user. They have given us one account and by using that account, we are able to create new groups in AD, add users to the groups, etc. We would like to get the logs for each user removal or addition to the
  AD groups. How do we enable the same. We would like to know who  and when each user is getting added to the AD groups. Please help us in this.

  Hi Kewpin,
  To enable the complete details on user account account changes including group membership, you need enable the following audit settings,
  1. Open GPMC console, click Start --> Administrative Tools --> Group Policy Management.
  2. Right click the Default Domain Controllers Policy, and then click Edit.
  3. Navigate to Audit Policy node, “Computer Configuration/ Policies/ Windows Settings/ Security Settings/ Local Policies/ Audit Policy”.
  4. Now enable the Success auditing for - Audit Account Management and Audit Directory Service Access.
  5. Execute the command “GPUPDATE /FORCE” in the Domain Controller to force apply the GPO settings.
  For Windows Server 2008 R2 and later versions, additional configuration is required in  “Advanced Audit Policy Configuration” section in Default Domain Controller Policy.
  For additional auditing configuration of,
  1. AD Changes 
      Go to the node DS Access (Computer Configuration/Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Audit Policies/DS Access.) 
     Enable Success auditing for the following settings
      - Audit Directory Service Changes
  2. Account Management
      Go to the node Account Management (Computer Configuration/Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Audit Policies/Account Management.) 
     Enable Success auditing for the following settings
     - Audit User Account Management
     - Audit Security Group Management
     - Audit Distribution Group Management
  Once you have enabled the above audit settings, you can set an auditing SACL for the AD object.
  Checkout the below screenshot for setting the  auditing SACL,
  Checkout the below link on Security Event id list for auditing AD changes,
  http://www.morgantechspace.com/2013/08/active-directory-change-audit-events.html
  Regards,
  Gopi
  JiJi Technologies

• SAP User Authentication via Windows Active Directory

  The non-profit company I work for as an SAP Security Admin has been using SAP since 1999.  We are currently running ECC 6.0, BI 7.0, and CRM 7.0.  With fewer than 300 SAP users, we have not implemented CUA, so each of our multiple clients in these systems is managed independently. 
  The company recently licensed and implemented some non-SAP software to be used by all of our employees (~1200) in keeping track of & catagorizing their work time; a very handy feature of this software is that it depends upon Windows Active Directory for user authentication.  Therefore, each employee logs into this time-keeping package by entering his/her standard PC userID & password.  If you can log onto your PC, you can log into the time-keeping software. 
  That got me thinking & researching, because our SAP users - especially those who have access to three or more SAP clients - must maintain their passwords independently in each SAP client that they hope to access in the future.  I'm certainly not the first person who has thought of how nice it would be to permit SAP users to log into all SAP clients across the landscape in which they have defined userIDs, using the same password that they are using to log into their PCs (i.e., the password that is stored & maintained in Windows Active Directory).  My quest has led me to find presentations on this topic that typically involve modules we aren't using & very complicated configurations that we really lack the time & resources to employ; or, to third-party solution providers who claim to be certified SAP partners who would love to sell us more software to provide this convenience, usually irelated to single sign-on, LDAP, etc.  The lowest pricing tier for such software usually would cover many times the number of SAP users we have to serve here - and it feels like trying to push in a tack using a sledgehammer.  It is true that we have not used the same userID for our PCs that we have defined in SAP, so there would need to be some way to translate from one to the other, but our PC password rules are consistent with those we have configured in SAP clients, so it seems to me it should be very simple.   Can anyone lead me to a more straightforward solution?  If not, can you articulate why this has to be so complicated using SAP software when it seems so simple using relatively inexpensive timekeeping sotware?

  >
  Gagan Deep Kaushal wrote:
  > Hi Tim,
  >
  > Its nice to see video.
  >
  > Is that mean using different username on OS and SAP level still we can achieve SSO.
  >
  > Correct if if am wrong.
  > The only thing we need to maintain SNC name.
  Once installed, yes. This is all you need to maintain when users are added. You can even use LDAP if you like to sync all user info between SAP and MS AD domain, but this cannot sync the password, so using SNC authentication instead of using SAP passwords is ideal.
  >
  > So for user test1 i can manage name as p:test2.....  ??
  Yes, that is correct. The mapping is maintained using standard SAP user management, such as su01. The user in AD domain might have long account name, e.g. "firstname.verylonglastname" which is too big for use as a SAP username so you can map this long AD account name onto a SAP user called FIRSTLAST in one or more SAP clients.
  >
  > I think that is what Ronald is also looking, user name need not to be same.
  >
  > Regards,
  > Gagan Deep Kaushal

• How can I authenticate a User In Windows Active Directory?

  I need to authenticate a user in Windows Active Directory, but I found use the code below will return true if the user name and password are both correct and false if one of them is wrong. But when I input a user name which is not exist in Active Driectory with a blank password, it will also return true. What shall I do? Ask every user must input a password withnot blank?
  Please give me some help to solve this problem. Thanks a lot.
  Code:
  private Context ctx = null;
  Hashtable env = new Hashtable ();
  boolean isValid = false;
  try {
  this.setEnvironmentProperties();
  String domainName = AuthenticateResources.getString("mydomain.com");
  //set the name of domain with the user name
  String fullName = name + "@" + domainName;
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL,"ldap://mydomain:389");
  env.put(Context.SECURITY_AUTHENTICATION,"simple");
  //set user related information
  env.put(Context.SECURITY_PRINCIPAL, fullName);
  //set user password
  env.put(Context.SECURITY_CREDENTIALS, password);
  //validate user
  ctx = new InitialDirContext(env);
  isValid = true;
  }catch (AuthenticationException ex){
  isValid = false;
  catch (NamingException ex) {
  throw ex;
  }finally{
  this.freeContext();
  return isValid;

  This is usually a problem if Anonymous Binding is enabled. I have faced this in other Directory Servers, but I am not familiar with Active Directory.
  I think by default Active Directory disables Anonymous Binding, but you may want to check.

• Process flow - Active Directory integration with Enterprise Portal

  Hi
  I have seen number of documents/forum discussions on integrating Microsoft Active Directory (LDAP) with Enterprise Portal, but unable to find out the process flow for achieving the same.
  I have installed Enterprise Portal 6 (SP13) running on Web AS 640 (J2EE Standalone). The UME is currently configured to use Java database. (i.e datasourceconfiguration_database_only.xml)
  I intend to proceed as below for integrating with Active Directory and integrate with Windows authentication:
  1) Configure UME to use an LDAP Server as Data Source using Config Tool
  http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
  2) Configure Enterprise Portal UME i.e http://<host name>:50000/irj - System Administration - System Configuration - UM Configuration
  <b>Should I configure Data Sources & LDAP Server here as I have already configured these using J2EE Config tool (point no.1).</b>
  3) Integrate Windows authentication with EP using IISProxy module.
  I hope the above will enable me to logon to Portal without supplying username and password once you are logged on to the PC using your Windows user name and password.
  Also, any schema updates required to Activie Directory i.e What additional data is stored in A.D.
  I would appreciate your guidance on this.
  Thanks in advance,
  Chandu

  Hi Chandau,
  you wanted that some users are not taken into account by the User Management Engine (UME).
  This behavior can be established by specifying the
  ume.ldap.negative_user_filter property for the LDAP data sources in the data source configuration file. Using this property one can define that all users and accounts that
  match the defined conditions are filtered out by the UME API.
  A detailed documentation can be found in the SAP Online Help:
  http://help.sap.com/saphelp_nw04/helpdata/en/9a/f43541b9cc4c0de10000000a1550b0/
  content.htm
  In the following example of a data source configuration file for Microsoft Active Directory
  Server the attribute userPrincipalName is used as Logon ID of a portal user id (j_user).
  Here the user accounts that have one of the following Logon ID’s (index_service,
  notificator_service and cmadmin_service ) are filtered out.
  <dataSources>
  </dataSource>
  <dataSource id="CORP_LDAP">
  <privateSection>
  <ume.ldap.negative_user_filter>
  userPrincipalName=[index_service,notificator_service,cmadmin_service]
  </ume.ldap.negative_user_filter>
  </privateSection>
  </dataSource>
  </dataSources>

• Active Directory integration with Service Desk and Busines Partners

  We have populated the business partners in Service Desk with data from Windows Active Directory, but this was a one-time import.
  At the moment if there are any changes to Active Directory then the business partner records need to be updated manually.
  Does anybody know if anyway to integrate Active Directory with the business partner records in Service Desk?
  Thanks
  Simon

  This was also our problem.
  We have multiple user sources (an LDAP, ADS, different SAP systems). I'm not aware of any automated way of doing that.
  If you want to use issue management/service desk all the users need to also be created as SU01-users to be able to use the workcenters. The SU01-Users have also to be assigned to the appropriate business partner. There is no automation for this.
  For us this drawback was so big that we stopped using the service desk.
  Markus

• Using Active-Directory PW at SAP logon procedure

  Hello,
  I have the requirement no to use single sign on for some systems with sensitive data, but  would like to check during sap logon procedure the  from our central active directory password.
  is there any best practice configuration or SAP / AD Win Addon solution available to connect SAP NW abap 7.40 at Win2012 sever with our active directory. Nearly all win based applications can handle a PW check from application to AD. Is there any SAP or Partner implementation helpful to expand the SAP client internal User-PW check?
  Thanks in advanced for alternatives to the standard client SSO or any idea in the direction using active directory password within sap-logon.
  Please give me a short feedback if you need more details.
  regards,
  Bernhard Mair
  Goethe-Institut München

  The SAP NetWeaver ABAP app server only accepts SAP user id and password or it can use SNC to authenticate the user when SAP GUI is used on workstation. So, if you want the user to be prompted to enter their Active Directory credentials during a logon using SAP GUI, and you don't want SSO, then you need to purchase a third party product.
  Please note, that SAP is not JUST a Windows based application, as it can also be installed on Unix and Linux, so SAP have made it work in same way on all platforms without any 'special' windows authentication capabilities.
  Thanks
  Tim

• Active directory Integration with OBIEE

  Hi all,
  Can any one send me a link for active directory integration with OBIEE.
  I have imported the users succesfully and I was able to login to analytics as an AD user.
  But SSO is not possible. Kindly help me over this.
  Thanks,
  Haree.

  Thanks for reply veeravalli.
  Me too followed the same link and successfully imported all the users from AD into OBIEE and login in is also possible.
  But my requirement is to have Single Sign On ie.., users may log on to their Windows PCs and access Oracle BI EE via a standard web browser with no further authentication required on their part.
  Thanks,
  Haree

• Access 2007 integeration with SAP

  Dear All,
  We had integration with MS access to SAP. We used to access SAP through MS Access from our desktop.
  Now we are not able to do the same after SAPGUI Version upgrade.
  We are now currently using SAP GUI 710 .
  Please advice us on this issue.
  Thanks
  Gaurav

  pranav kumar wrote:
  Hi Kenneth
  >
  > I jst want to integerate the sap with windows active directory.
  >
  >
  > Regards
  > Pranav
  Hi Pranav,
  Check the article, http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/c00464ce-c974-2e10-f5be-f8f4c6dce31c
  Then, take e a look at SSO solutions at http://ecohub.sap.com/
  You can find many solutions there.
  Best regards,
  Orkun Gedik

• Oracle database and Windows Active directory authentication

  Hello,
  Our developers have created a couple of web apps which look at our oracle database. Presently they use the APPS user and the user/password is hard coded into the config files.
  Is it possible to authenticate these using Windows Active Directory instead? Is it possible to use AD authentication for all developer access to the database?
  I'm trying to research this on the web but getting very confused. Would a lot of work be involved to get this up and running?
  Is anyone able to offer and advise?
  Thank you very much
  Sarah

  I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
  Perhaps the following links are useful:
  http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
  http://www.linuxmail.info/active-directory-integration-samba-centos-5/
  http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

• Oracle Linux and Windows Active Directory

  I am looking for a good article on joining an Oracle Linux server to a Windows Active directory domain.
  We are primarily a Windows shop but need to bring up a couple of Oracle Linux servers (VM Server and VM Manager). I would like to use the existing Windows domain controller for user authentication.

  I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
  Perhaps the following links are useful:
  http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
  http://www.linuxmail.info/active-directory-integration-samba-centos-5/
  http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

• Weblogic 10.3.3 and Windows Active Directory connection error

  Hi,
  A i am trying to set up Windows AD LDAP realm.
  But the connection is not working. I have already double checked the passwords, user names and host. Everything is correct - but the only thing that i got in the log file is this (with enabled debug):
  <Debug> <JMXCore> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <Invoking method listUsers with (java.lang.String,java.lang.Integer,)>
  <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <list users, user:*,max:1001>
  <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <new LDAP connection to host 192.168.10.253 port 389 use local connection is false>
  <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <created new LDAP connection LDAPConnection { ldapVersion:2 bindDN:""}>
  <Debug> <DiagnosticContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <new localDiagnosticContext for thread [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
  <Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.management.JMXContext, | SOAP)>
  <Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.diagnostics.DiagnosticContext, | MIME_HEADER)>
  <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098144> <BEA-000000> <connection failed netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772 >
  <Error> <Console> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098160> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
       at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3479)
       at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3466)
       at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2251)
       at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
       at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:227)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
       at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
       at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
       at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
       at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
       at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
       at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
       at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
       at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
       at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
       at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
       at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
       at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
       at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
       at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
       at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
       at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
       at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
       at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
       at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
       at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
       at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
       at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
       at $Proxy149.listUsers(Unknown Source)
       at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
       at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
       at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
       at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
       at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2121)
       at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
       at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
       at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
       at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
       at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:159)
       at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:257)
       at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:416)
       at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
       at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
       at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
       at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
       at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
       at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
       at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:429)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
       at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
       at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
       at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
       at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
       at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
       at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:389)
       at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
       at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:212)
       at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
       at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:253)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
       at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
       at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:131)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused by: java.lang.reflect.InvocationTargetException
       at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4153)
       at weblogic.security.utils.Pool.newInstance(Pool.java:37)
       at weblogic.security.utils.Pool.getInstance(Pool.java:33)
       at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3474)
       ... 117 more
  Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
       at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
       at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
       at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
       at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
       at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
       at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4130)
       ... 120 more
  >
  could any one know where is the problem or do i need some patch to apply? I am running out of ideas what could be the cause to it.
  Thanks in advance!

  Hi ,
  From the error stack trace I could find the below error.
  Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
  This error occurs if there is a LDAP authentication issue for the user used to bind to Active Directory, the value
  Data 525, refers to user not found error that is used to bind to the Active Directory.
  Make sure you have the correct credentials to connect to the Active Directory.
  You can simplify the test using the LDAP Broswer, which helps you to connect to the LDAP servers.
  A sample usage of LDAP Broswer is given below.
  http://weblogic-wonders.com/weblogic/2010/05/20/connecting-to-weblogic-server-embedded-ldap-using-ldap-browser/
  Note: The LDAP Browsers help us to traverse the LDAP Tree, there are many LDAP Broswers available in the market.
  You can download a sample version of softerra.
  http://www.ldapbrowser.com/download.htm
  You can also refer the below link for details about WebLogic and Active Directory configuration.
  http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
  For more details about different LDAP Issues.
  http://weblogic-wonders.com/weblogic/2010/11/08/common-ldap-server-issues/
  Regards,
  Anandraj
  http://weblogic-wonders.com

• Windows active directory

  Hi, i want to write a windows application in LV which can have a single Sign-on concept. I want the users to be able to log into the application (exe located on the desktop) with-out any log-in prompts.
  However, if the user wants to switch his/her role in between, the application must go to the login screen and prompt for a user name and password. This username and password must be in sync with the "windows active directory". can anyone help?
  Regards

  I'm confused! You want a user to login into your application without login prompt or you want him to be able to startup the application without login? The first seems highly contradictory to me.
  The requirments about using the login credentials of a Windows domain setup are most easily met by using .Net functionality. I have used in the past Windows API functionality for this which has some extra features that seem not available in .Net at all, but that is a very complicated and cumbersome interface that I can't recommend to use to anyone.
  Rolf Kalbermatter
  CIT Engineering Netherlands
  a division of Test & Measurement Solutions