LDAP configuration

Hi,
We are in the process of configuring LDAP for our Portal system (EP 7). We have choosen the data source, Microsoft ADS (Deep Hierachy) + Database. We have generated a XML file and modified accordingly, from the data source, and we got a message "Configuration was successfully saved" and restart J2ee engine. Then we have successfully restarted the J2ee engine. But we still get the error as below
"Connection test with user path failed"
With regards

Hi Kanthi,
are you trying to connect a Microsoft ADS to the portal? (if not, what are you trying to connect?) Then you can simply take a dataSourceConfiguration file that is already present (http://help.sap.com/saphelp_nw70/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm) . Select the file from the drop down list in the configtool and enter the path to the user and group directly there.
The helpful thing is that you can check the user path and the group path right away before restarting the J2EE engine.
Regards,
Holger.

Similar Messages

Problem with LDAP configuration in Enterprise Manager

Hi all,
I'm new at Java CAPS. After install some pieces of Java CAPS now I'm trying to install and configure a Sun Java System Directory Server 5.2 in our environment.
I've already configured the Repository and the Logical Host to work with the ldap, but I have some troubles to do it with the Enterprise Manager.
I followed the instructions of the Administrator guide about the changes to do in web.xml and ldap.properties of the sentinel app but when I do login the Enterprise Manager I can't see the options of the tree to manage servers or users.
It seems that the app don't recover the user roles. I think so becouse I tried to create one user without roles (in normal authentication, without ldap configured) and when I did login in the result was the same.
At the beginning of the process I created the roles 'all', 'administration' and 'management'. However I tried to copy de roles of the Tomcat authentication from 'tomcat-users.xml' to ldap roles, but it doesn't work.
Anyone could help me?
Thanks in advance, and sorry for my rudimentary English

Check that you have the correct Preferred Credentials with Logon as batch job if this is windows. Also check the correct configuration with regards LDAP integration for you platform.

LDAP configuration using AD in EP complete details steps

Hi gurus,
            Can anybody provide me complete details
step to configur UME and LDAP configuration
THanks
Happy

Hi,
Below is the configuration for UME-LDAP. In configtool you have to do this configuration.
ume.ldap.access.server_name : <servername>
ume.ldap.access.server_port         : <enter the port>
ume.ldap.access.user                    : <user>
ume.ldap.access.password           : <password>
ume.ldap.access.base_path.user :
Ume.ldap.access.base_path.grup :
Refer the link for more info on LDAP configuration.
http://help.sap.com/saphelp_nw70/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm
Thanks
R.Murali

Embedded LDAP configuration in Portal

Hi,
I am currently working on WL10.1MP1, and need to know the probable files involved in Embedded LDAP Configuration in the domain.
Can anyone let me know.
Regards
Lakshmi

Hi Lakshmi,
Default configurations are part of config.xml, security.xml and ldif files in security folder and files in data/LDAP folder in Admin Server.
Vishnu

OBIEE Start/Stop Services failed(After LDAP Configuration)

Hi ,
We made some changes(that is we have added new OID
and configured the new OID based upon the Oracle BI security guide which is in Oracle Site
) to the LDAP configuration in OBIEE web console and it prompted for a restart of the OBIEE services . when we tried restarting the services we are not able to stop all the services . Please find the attached log files .
Note:
1.unable to kill the process ID
which is releated to OBIEE 11.1.1.6.0 services..
2.We have follwed the section 3 in the below link to configure the LDAP : http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/toc.htm.
Please find the below error details in short form and kindly find the attahced file(file name) for more details
Error:
Caused By: oracle.security.jps.service.igf.IGFException: JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one.
at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.checkIdStoreTypeLater(IdentityStoreConfigurationUtil.java:819)
at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.getLibOvdLdapPushData(IdentityStoreConfigurationUtil.java:524)
at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:232)
at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:229)
at java.security.AccessController.doPrivileged(Native Method)
Truncated. see log file for complete stacktrace
>
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Jan 29, 2013 6:39:05 AM CST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state cha
Error Codes
Problem Category/Subcategory
BI EE Platform Administration/Administration Tool
Uploaded Files
File: nohup.zip:134848
Template Question Responses
1) ### Admin Tool version ###
2) Are you running Oracle Business Intelligence Enterprise Edition using virtualization or partitioning technologies (for example, VMWare) ?
No
3) If yes, please provide the product used and its version.
4) ### Documentation Used ###
5) ### Impact on Business ###
Edited by: 919942 on Jan 31, 2013 5:10 AM

"JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one."
Looks like the config you entered was a tad off. Any chance you can roll back by restoring the original files from before the change?
$FMWH/user_projects/domains/yourdomain/config/config.xml
$FMWH/user_projects/domains/yourdomain/config/fmwconfig/jps-config.xml
In the config.xml, inside the <realm> tag yo ushould find your authenticaiton providers and there's two important things for your new one to check:
1.) xsi-type="wls:..." <-- This should be your OID type rather than a generic (or wrong) one
2.) If you're not 100% sure about the config or don't want to immediately shut out native WLS users or want to retain them (both OID and WLS LDAP considered valid), then PLEASE make sure that you run your new authenticator with <sec:control-flag>SUFFICIENT</sec:control-flag> and don't make it REQUIRED since otherwise you won't be able to bring anything up anymore if a single parameter in the authenticator config is off...
Also, check out what Tony wrote together a while back: http://www.peakindicators.com/index.php/knowledge-base/115-oracle-bi-11g-security-troubleshooting
Update:
Should have read the error message more carefully...looks like you actually just slipped by one line in the authenticator config and chose "OracleVirtualDirectory" instead of "OracleInternetDirectory" since it tries to use the libOvd rather than the OID one.
Edited by: Christian Berg on Jan 31, 2013 2:58 PM

LDAP Configuration for ECC 6.0 ( ABAP Stack only)

Hi,
Can any one guide me with the steps for the LDAP Configuration for ECC 6.0 ( Abap stack only).
Some of my observations are....
I can see the LDAP Support in the Installation master at the following path.
1. Additional Software Life cycle Tasks --> Application Server --> LDAP Support.
But the prerequisites for this task is given as "You must have extended the LDAP schema for the sap data types before.".
When i am goint thru service market place i came across the following note.
Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
Thanks,
Tanuj

Dear All,
We are trying to configure the LDAP using with active directory . In the
step of "Synchronization of SAP User Administration with LDAP
Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
error.
Please find the trace file and error screenshot in the attachment.Please help us on
priority.
Please find the Trace log in the below:
RFC destination : LDAP_LDAPSE-01
Tracelevel      :      8,704
F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
[Wed Jun 26 11:15:38 2013]
Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
[Wed Jun 26 11:15:39 2013]
Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
[Wed Jun 26 11:15:40 2013]
Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
[Wed Jun 26 11:15:43 2013]
>>>>Required attributes table
Line    0: "CREATETIMESTAMP" (length 15)
Line    1: "MODIFYTIMESTAMP" (length 15)
Line    2: "SAPUSERNAME" (length 11)
<<<<Required attributes table
Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
>>> ldap_msgfree()
<<< ldap_msgfree()
Slot 0 (WIPROTECH): >>> ldap_unbind_s()
Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
Please find the error screenshot in the below.
Regards,
Dilip Sampath.CH
+91-9619735957.

Errors in LDAP configuration with Shared Services

Dear sirs,
we are getting errors in LDAP configuration with Shared Services.
Base DN is ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East
The group cn is cn=AH
In LDAP log you can see the applications is searching the group:
"ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo"
When it should be:
“ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East”
We think the problem is with space in Base DN "o=Grupo East", it is not properly considered.
Error Codes
EPMCSS-05145
Thanks in advance

Hi.
Could you try to define the Base DN as :
ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo\ East
I don't know if will work fine.. but you can use special characteres using with the "\"
Good luck.
Best regards!

Please let me know LDAP Configuration in Oracle Weblogic Server 10.3.2

Hi,
Please let me know LDAP Configuration in Oracle Weblogic Server 10.3.2.Please give me the steps to configure the LDAP in weblogic 10.3.2.

Hi,
You can check http://download.oracle.com/docs/cd/E15523_01/doc.1111/e14142/console.htm#i1075285

MQ + OpenLdap: Any working example of LDAP configuration?

MQ + OpenLdap: Any working example of [LDAP configuration], [LDIF initial data] and [imobjmgr addTopicFactory/addTopic command] files ?
I'm using Sun MQ3.5 + OpenLdap2.2.20 as jndi remote binding mechanism.
I've unsuccessfuly tryed to add a Topic Factory!
Running the command
     imqobjmgr -i add_ldap_topic_factory.poperties
I get such an exception:
     javax.naming.OperationNotSupportedException:
     [LDAP: error code 53 - no global superior knowledge];
     remaining name 'cn=myTopicConnectionFactory'
This is the test configuration adopted using rootdn user to write to LDAP repository:
#slapd.conf
include /usr/local/etc/openldap/schema/core.schema
database     bdb
suffix          "dc=imq,dc=com"
rootdn          "cn=Manager,dc=imq,dc=com"
rootpw          secret
directory     /usr/local/etc/openldap/var/openldap-data
index     objectClass     eq
#test.ldif
dn: dc=imq,dc=com
objectClass: dcObject
objectClass: organization
dc: imq
o: imq
#add_ldap_topic_factory.poperties
version=2.0
cmdtype=add
obj.type=tf
obj.lookupName=cn=myTopicConnectionFactory
obj.attrs.imqAddressList=mq://localhost:7676/jms
objstore.attrs.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
objstore.attrs.java.naming.provider.url=ldap://localhost:389/o=imq
objstore.attrs.java.naming.security.principal=cn=Manager,dc=imq,dc=com
objstore.attrs.java.naming.security.credentials=secret
objstore.attrs.java.naming.security.authentication=simple
Thanks for any suggestion,
Silvano

Agreed.
I've been wanting to test the steps and write a tech article on this
and post it to somewhere on sunsolve.sun.com but have not had
time yet.
In any case, the instructions Ken-shi gave are below including
the 3 files (etang.ldif objectstore.properties slapd.conf). Not sure
how messy this posting can get due to size of files.
I'd much rather point you to a sunsolve article but don't want
to make you wait. When I do post the sunsolve article, this thread
will be updated with a ptr to it.
===Begin instructions===
Attached please see my working configuation files.
1.Modify your OpenLdap configuration. (see slapd.conf)
start OpenLdap: ./slapd
2.Modify you initial data.( see etang.ldif)
load initial data: ldapadd -x -D "cn=Manager,dc=etang,dc=com" -W -f
etang.ldif
3.ObjectStore properties ( see objectstore.properties )
create your object store with "Administration" GUI on windows;
while creating destinations or connection factories, be sure that the
lookup names start with "cn=".
===End instructions===
===Begin etang.ldif===
dn: dc=etang,dc=com
objectClass: dcObject
objectClass: organization
dc: etang
o: Etang Corporation
description: The etang corporation
dn: cn=Manager,dc=etang,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: o=IMQ,dc=etang,dc=com
objectClass: organization
o: IMQ
dn: ou=imqusers,o=IMQ,dc=etang,dc=com
objectClass: organizationalUnit
ou: imqusers
dn: cn=admin,ou=imqusers,o=IMQ,dc=etang,dc=com
objectClass: person
cn: admin
sn: admin
userPassword: admin
dn: cn=guest,ou=imqusers,o=IMQ,dc=etang,dc=com
objectClass: person
cn: guest
sn: guest
userPassword: guest
===End etang.ldif===
===Begin objectstore.properties===
java.naming.provider.url ldap://10.1.0.195:389/o=IMQ,dc=etang,dc=com
java.naming.factory.initial com.sun.jndi.ldap.LdapCtxFactory
java.naming.security.principal cn=admin,ou=imqusers,o=IMQ,dc=etang,dc=com
java.naming.security.authentication simple
java.naming.security.credentials admin
===End objectstore.properties===
===Begin slapd.conf===
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include          /usr/local/openldap/etc/schema/core.schema
include /usr/local/openldap/etc/schema/cosine.schema
include /usr/local/openldap/etc/schema/inetorgperson.schema
include /usr/local/openldap/etc/schema/dyngroup.schema
include /usr/local/openldap/etc/schema/java.schema
include /usr/local/openldap/etc/schema/nis.schema
include /usr/local/openldap/etc/schema/misc.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral     ldap://root.openldap.org
pidfile          /usr/local/openldap/var/run/slapd.pid
argsfile     /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules:
# modulepath     /usr/local/openldap/libexec
# moduleload     back_bdb.la
# moduleload     back_ldap.la
# moduleload     back_ldbm.la
# moduleload     back_passwd.la
# moduleload     back_shell.la
# Sample security restrictions
#     Require integrity protection (prevent hijacking)
#     Require 112-bit (3DES or better) encryption for updates
#     Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
#     Root DSE: allow anyone to read it
#     Subschema (sub)entry DSE: allow anyone to read it
#     Other DSEs:
#          Allow self write access
#          Allow authenticated users read access
#          Allow anonymous users to authenticate
#     Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#     by self write
#     by users read
#     by anonymous auth
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
# rootdn can always read and write EVERYTHING!
access to * by * write
# ldbm database definitions
database     bdb
suffix          "dc=etang,dc=com"
rootdn          "cn=Manager,dc=etang,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory     /usr/local/openldap/var/openldap-data
# Indices to maintain
index     objectClass     eq
===End slapd.conf===

Direct Ldap configuration mismatch....

I am running directory server 5.1 and messaging server 5.2.
I have one message store (msA.example.com) for users to retriew mail and it queries directory master server (dsA.exaple.com) with direct ldap configured.
I am configuring another messaging server (msB.example.com) with smtp authentication for same users to send mail through that and it queries another ldap consumer server (dsB.example.com).
dsB is replicated by dsA immediatly after any modification done to dsA. My present setup works fine if msB is configured on dirsync mode, but I want to configure it to use direct ldap from dsB.
When I try to send email via msB (with direct ldap enabled) it waits a long time after (smtp) authentication and then terminated with "server unexpectedly terminated the connection" message on outlook client. I can not see any message on mail.log_current.
All my direct ldap settings are correct and compiled properly.
Later I found that when I comment the
" $* $E$F$U%$[email protected]$V$H " line on imta.cnf file it works fine, ie. without any delay message is delivered.
(But this has to be uncomment with direct ldap mode according to the sun documentation)
Can anyone clarify this? I could see even without uncommenting the above line direct ldap works fine!

Thanks for replys...
But I tried with the way that you mentioned, but still the problem persists.
No any message on DEBUG logs.
But I have some more thing to tell....
When I first install the messaging server (msB), I used the dsA as the ldap server. So after installation I got gelow results with configutil.
local.ugldaphost = dsA.example.com
local.ldaphost = dsA.example.com
local.service.pab.ldaphost = dsA.example.com
Since I want to use ldap queries from dsB, I change user lookups to dsB
Then the output was,
local.ugldaphost = dsB.example.com
local.ldaphost = dsA.example.com
local.service.pab.ldaphost = dsB.example.com
Do you think this cause thye error?
I can not use dsB for local.ldaphost since it causes the msB not usable. What I only need here is to get the user lookups from dsB.

Alternative of UUP, Using OVD repository (Through LDAP configuration)

Hi All,
if any body no the alternative approach of weblogic portal UUP . please help me .
MY requirement is using oracle virtual directory(OVD) repository (Through LDAP configuration)
i did ovd configuration to my weblogic server security relam . and in protal side , i have written one class to access data from we ldap and set it on .usr file .
and i am getting user profile from weblogic portal console and in my result jsp also i am displaying .
but when i am fetching group information . i am getting error .
if any body know the solution please help .
best regards
sanjay
Edited by: user1006007 on Jan 5, 2011 4:34 AM

"cn=webi" is this the distinguished name for the LDAP account?
also try using the IP instead of hostname
and if you CMS is using oracle try to use 10.2.0.2 or earlier driver.
Regards,
Tim

LDAP configuration - An internal error has occurred in the secLdap plug-in

Hi,
I am trying to configure my BOE to a LDAP (Microsoft Active Directory Application).
After completing all the configuration steps, I get the following error:
"An internal error has occurred in the secLdap plug-in"
I chose "No SSL" and "No SSO" and used all the default values in the "Please configure how new LDAP users and aliases are created by BusinessObjects Enterprise" screen.
Can someone assist?
-Doron

Hi,
I'm having the same type of problem as Doran authenticating against LDAP.
The LDAP configuration is syntactically clean, not sure whether it is correct though.
Adding LDAP groups failed miserably for all listed entries, see below in Config Parms:
Configuring without LDAP groups fails with the Login Error,
Login Error Message:               Account Information Not Recognized: LDAP Authentication could not log you on.
                                      Please make sure your logon information is correct.
                                      If your account is under any root other than dc=lgc,dc=com you must enter your dn.
                                      (FWM 00007)
The DN for my local account,
uid=hb37406,ou=people,o=hou,dc=lgc,dc=com
Crystal Report Server 2008 authenticated against an Sun iPlanet LDAP Server.
Build Date:         2008/09/13:08:31:32
Build Number:      882
Product Version:      12.1.0.882
Config Parms:
                                                LDAP Host:hourdldap01.lgc.com:389,ldap.corp.halliburton.com:389
                              LDAP Server Type: Sun Directory Server
                              Base LDAP Distinguished Name:   dc=lgc,dc=com
                                                                         ou=people,o=hou,dc=lgc,dc=com
                              LDAP Referral Credentials:cn=cmldap,dc=lgc,dc=com;
                              Password:xxxxxxxx
                              Number of Hops: 1
                              SSL authentication:Basic
                              LDAP single sign-on authentication:Basic
                              Configure new LDAP users:
                                   Assign each added LDAP alias to an account
                                   Creae new aliases only when user logs on
                                   New users are created as concurrent users
                              Mapped LDAP Member Groups
                              Add LDAP group (by cn or dn)
LDAP search on local account **
                                                            uid=hb37406,ou=people,o=hou,dc=lgc,dc=com
                                   cn=dev
                                   cn=dev,ou=group,o=hou,dc=lgc,dc=com
                                   ou=people,o=hou,dc=lgc,dc=com
                                   ou=people,dc=lgc,dc=com
                                   o=hou,dc=lgc,dc=com
                                   dc=lgc,dc=com
                                   dc=lgc.com
                                                        lgc.com
                                   ou=HalUsers,dc=corp,dc=halliburton,dc=com
                                   ou=people,dc=corp,dc=halliburton,dc=com
                                   dc=halliburton,dc=com
LDAP configuration Error:          The secLdap plugin failed to get the dn for the group xxx.

Guide me how to automate UME LDAP Configuration

Hello colleagues,
I am not sure if this is the right place for putting my question.
We wanted to automate 'UME LDAP Configuration with Microsoft AD', because we have nearly 25 portals and has to be refreshed for every 3 months from different systems. Instead of configuring UME every time, we wanted to automate it such that
it can be done by one click for each portal.
I am not aware, if it can be done through Webdynpro or Java API.
Please let me know in which way we can achieve this functionality. If it is in Java then please let me know how to access UME APIs. Moreover Configtool will not save its data at O.S level, it stores in DB.
Please guide me on achieving this.
Regards,
kasi

Hi Nivas,
thank you very much for your answer.
Could you please let me know any APIs to use these functions
I googled and found APIs for User management ( creating,deleting ,etc..) only.
I could not find any APIs for LDAP settings in Configtool.
I wanted to set these values ( which are specified in above link ) from out side.
Regards,
venkat
Edited by: Venkata Kasi G on Mar 2, 2012 2:41 PM

Services- LDAP configuration

In Services, LDAP configuration I would like to add multiple entries to DN to Start User Search item. However it says that if I need to add multiple entries, these entries must be prefixed by local server name.
Does anyone know what's this local server name is?
Thanks.

The name of the server where LDAP is running.
--Stephen

How to create a user in J2ee UME, if LDAP configured?

Hi SAP Gurus,
I have a question for my J2EE engine. We configured LDAP for user storage, so that our User can use there normal LDAP user ID. Now I want to create an administrative user like J2EE_ADMIN or Administrator, these are standard users and present in the UME of the J2EE engine since the installation of my portal.
But when I go to the user admin and want to create this new admin user, I got an error message, that Im not able to create it.
I also try to create the user via the Visual Admin and the J2EE Useradmin.
So my question is, how can create this new user in the UME and NOT in the LDAP???
Thanks.

Hi Marcel Haberland ,
If your idea is to have single Sign on , I would say the process is to create the user in LDAP itself that will be the single point of entry , Since the UME is configured and connected to LDAP normally with read permission your best bet will be to create the user in LDAP.
SSO with is configured to all your backend syst ( trusts needs to be configured between Java/Portal to all your backend systems by Basis team), also the ids needs to exist in all the backends.
Now to come back to your question:
If you can login to UME of portal/Java , and create the user do not expect it to appear on your LDAP
mainly because LDAP will never be configured in a Enterprise project as bidirectional ( ie Read/Write ), it will be readonly.
Also if the Basis/Portal team allow you the option to create the user in UME , they will have to restart the machine everytime you need to point to a different data source , but I dont know if this is the case in EHP4 versions, because SAP claims with EHP4 downtimes are almost nullified.
Edited by: Franklin Jayasim on Jun 29, 2010 6:59 PM
Edited by: Franklin Jayasim on Jun 29, 2010 7:02 PM

LDAP Configuration - Multiple domains

I have a domain called SA and I have subdomains called IL,NY,TX with corresponding users in the subdomain.It is a deep hierarchy.I want to bring all the users from all these subdomains.
Below is my environment,
User path: ou=users,ou=test,dc=IL,dc=SA
User path: ou=users,ou=map,dc=NY,dc=SA
User path: ou=users,ou=temp,dc=TX,dc=SA
If I give a single path, I am able to bring all the LDAP users. What do I need to do to bring all the users from all the subdomains in EP60.

Dear Anonymous User -
Have you tried configuring the connection to the LDAP to use port 3268 instead of 389? Also, you may need to point to the domain controller instead of one of the sub-domains.
Additionally, you'll want to ensure that the users are unique amongst all of the sub-domains. If not, you'll find that users may experience intermittant behaviour.
Finally, you could also configure the portal to use multiple LDAPs, and treat each of th sub-domains as a seperate LDAP even though they physically exist on the same server.
Regards,
Kyle

LDAP configuration

Similar Messages

Maybe you are looking for