BSP LDAP

Similar Messages

• BSP with LDAP Authetication

  Hi,
  In our BSP application the user needs to be authenticated by a LDAp directory. (Lets say ADS). This because this directory contains all users and there actual passwords. The user-accounts in the LDAP Directory are the same as in the Web AS. (This is garanted by a periodical export from Web AS and import to the LDAP direcory) The passwords can be different in LDAP and Web AS.
  Well our idea is to build a public BSP Application to ask for Username and Password. After that we establish a bind to the LDAP directory and try to authenticate this user. (So far it works well ...CALL FUNCTION 'LDAP_COMMONBIND'...). Now we would like to create a SAP Logon Ticket, so that the user is also autenticated against Web AS (private BSP Application).
  Does anybody know how to create a SAP Logon Ticket with BSP?
  Thanks for any help.
  Regards,
  Beat

  If you are ok with the system prompt ,
  SICF->defaulthost->sap->bc->bsp->sap->Your BSP Application name will come,
  double clk that , there u can provide adefault user idd and password ...So that all can access.
  If u want to authenticate , just create one BSP Application with a login page and left the user id and pwd field that blank in the  above path.
  If u need cutomized login screen ,
     just chh the BSP Application SYSTEM / login.htm
  Regads,
  j
  Do Award pts for helpul answers
  Message was edited by: Jothi venkatachalam

• Login BSP with LDAP

  Hi!
  We are accesing to several BSPs through an ITS. ITS valids the user in LDAP and then create a logon to our BSP.
  We are studying to eliminate the call to ITS. We want to check the user in LDAP without ITS, but we don't find information about it.
  Anyone has implemented this in its system something like this? Where can we find information for LDAP + BSP?
  We have SAP 4.7 with WAS 6.20
  Thanks in advance.

  You might also want to check out http://help.sap.com and do a search for LDAP, you can connect LDAP and your system directly or via CUA.

• Authenticate BSP application using LDAP

  Hi,
  Thanks to Durai Raja for his earlier inputs in setting up LDAP connector in SAP. We were able to connect to our LDAP from SAP ( We use Novell eDirectory 8.5).
  I also wrote a small program as below and I am getting back results from LDAP. We want to build BSP application where users would enter LDAP User ID and password and we want to Authenticate BSP application based on this input. My questions are
  1) Is it possible to Authenticate BSP application based on LDAP user ID and password.
  2) IF so, what is the function module to use. I searched LDAP_* but did not find anything.
  3) If we authenticate using LDAP user ID and password, do we have to provide SAP User id and password in SICF and allow all users to log in using same SAP user ID and password ?
  Niranjan
  data: dns_out type table of ldap_dnii,
        ldapinfo type ldap_dnii,
        attrs_io type table of ldap_atii.
  call function 'LDAP_SIMPLEBIND'
    exporting
      serverid = 'HQLDAP'.   " Logical Server ID set in LDAP tcode
  if sy-subrc eq 0.
    call function 'LDAP_SEARCH'
      exporting
        base     = 'o=xxxxxxxx'  " Company's Base
        filter   = 'uid=xxxxxxxx'  " Novell User ID or LDAP user ID
      tables
        dns_out  = dns_out
        attrs_io = attrs_io.
    if sy-subrc eq 0.
      loop at dns_out into ldapinfo.
      endloop.
    endif.
  endif.

  Thanks Raja for your inputs. This is our requirement.
  We have about 350 SAP Users and about 700 Novell Users (computers). We want to provide Employee Personnel Information like Vacation details, Savings/Insurance details in BSP application. But half of them cannot access because they don't have access to SAP. We cannot give access to all of them since we have only 400 licenses. So, we were thinking to Authenticate against Novell Used ID and password and show them their personnel details. We have a mapping between Novell Used ID and SAP HR Empl # and so we can easily get their information. So, we want users to authenticate using Novell Used ID and password (each Novell user ID is mapped as LDAP ID) and, if it is successful, show their personnel details.
  How can we achieve this ?
  Niranjan

• How to get user attributes from LDAP authenticator

  I am using an LDAP authenticator and identity asserter to get user / group information.
  I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
  Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
  Any help would be appreciated

  Hi Julián,
  in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
  A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
  Beginner
  Medium
  Advanced
  Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
  Hope it helps
  Detlev

• Display image in BSP page,images are on a web server outside of SAP

  Hi,
  I am creating a BSP page for employee profile.The page needs to show an emp picture along with other info.The images are not in the MIME repository,they are stored in a separate web server.I am able to display the page using
  <img border="0"                     src="http://.com/xyz/xyz.bmp" >
  However this is a non secured test server. If the images are on a secured server,I am assuming,an id ,pswd authentication will be required.Can I get the authentication done automatically so that the page is rendered seamlessly for the end user?
  Would SSO help if this web server is a portal server?what if the web server is not a portal server?

  Hi Manidipa,
  The Http class in SAP can also be used in passing the required authentication information to the non-SAP portal system.
  http://searchsap.techtarget.com/whitepaperPage/0,293857,sid21_gci1084087,00.html
  There is an article written by Angeli Axel which does the same. The article has got ABAP HTTP classes and methods to get and post the parameters to the non-SAP portal system.
  The same solution can be done by passing the credentials in the url. The custom solution would be to pass the required credentials in the url and the receiving application should grab those information from the url and confirm the authentication. After that it should be able to provide you the image. After getting the image it can be simply displayed in your BSP using iframe tag.
  For eg if the receiving side is in java, then the following code can be used to receive the username and password. Once you get this you can verify the validity depending on the datasource whether LDAP(MS-ADS, Sun one, Novell edirectory) or ordinary database(Oracle, MS SQL Server .. etc) is used for storing the credentials.
  try {
            String userName = request.getParameter("username");
            String password = request.getParameter("password");
            if (validateUser(userName, password)) {
               response.sendRedirect("mainpage.jsp");
  The main page here you display the image
  } catch (Throwable t) {
  The above code should be considered as pseudo code for any server side language.
  Please let me know if this helps.
  With regards,
  Rajesh Khanna Venkatesan.

• Login in BSP (WAS) doesn't work when navigating to ITS (PAS)

  Hi,
  We have a BSP application working on WAS, clicking a tab we show a ITS application.
  We have setup Single Sign On (SSO) with the SAP Logon Ticket. On BSP application first we made log on. WAS create a SSO2 Logon Ticket.
  How can we pass any HTTP Header (for SAP-User) from BSP to ITS for PAS?
  WAS 620
  ITS 620
  Best regards.
  Thomas

  I don't know if I have a lot to add on what exactly your setup problem is, but I can tell you that what you are trying to do is possible.  We do the same thing at our facility.
  We logon to a BSP application (which generates the SSO2 ticket).  The BSP then navigates to an ITS transaction. Now when we navigate to the ITS service we always pass through a PAS Service File.  I use the following settings:
  @Copyright SAP AG 2002
  Example Service File for the Pluggable Authentication Service (PAS)
  Remark:The PAS Modul sapextauth must be included in ~xgateways in global.srvc
  There are following types for PAS on ITS:
      X509              --> ITS 4.6D
      NTLM           --> ITS 4.6D
      NTPassword     --> ITS 4.6D
      LDAP          --> ITS 6.10 (remark also note: 509237)
      HTTP          --> ITS 4.6D (see note: 493107 and 494984)
  The following settings are an example for NTLM :
  For detailed information see documentation (http://service.sap.com/security)
  ~theme                  99
  Module
  ~xgateway               sapextauth
  possible settings  -> X509 , NTLM , NTPassword , LDAP , HTTP
  ~extauthtype            NTLM
  For NTLM and NTPassword: NT , for LDAP: LD , for HTTP: define your
  own mapping in USREXTID
  Remark: extid_type UN (user name) can also be set. Then you dont have to
  map in USREXTID, but the authentication mechanism must provide the unique
  SAP System user ID. This might be useful for LDAP and/or HTTP mechanism.
  ~extid_type          NT
  predefine Domainname - only for type NTPassword
  ~ntdomain
  for LDAP connect - only for type LDAP
  #~ldaphost          ldap.sap.com
  ~ldaphost
  #~ldapport          389
  ~ldapport
  #~ldapbasedn                //Base DN
  ~ldapbasedn
  #~ldapuid                //User Attribute Name e.g. cn
  ~ldapuid
  #~ldapsapuid                //SAP User Attribute Name e.g. sapuid
  ~ldapsapuid
  Remark: ~ldapsapuid should be only set in combination with ~extid_type UN
  #~maxtrials          3        //limits the ldap logon trails
  ~maxtrials
  define which HTTP Header Variable contain the User - only for type HTTP
  #~remote_user_alias - the most common and useful value is REMOTE_USER
                      which will be set by webservers for authenticated users
  please remark here note 494984 for the WGate settings
  ~remote_user_alias
  settings for PAS service self
  ~client               088
  ~language               en
  #get a SSO2 Ticket
  ~mysapcomgetsso2cookie     1
  ~timeout                10
  #converts the login input to upper case. Might useful for LDAP and NTPassword
  #if in doubt, set to 1 and maintain USREXTID mapping in caps.
  ~login_to_upcase 1
  after external authentication
  Hostname which should redirected
  ~redirectHost          kww-d15i.kimball.com:81
  path to another service 
  ~redirectPath           /scripts/wgate/su3!
  #~redirectQS (Query String): ITS specific service parameters can be set there
  ~redirectQS             client=088&language=en
  ~redirectHttps          0
  ~login_template         login
  if 1, user get only a ticket, if there is no
  ~dont_recreate_ticket   1
  ~sncNameR3 p:[email protected]
  #~sncQoPR3 9
  ~mysapcomusesso2cookie 1
  ~mysapcomnosso1cookie 0
  ~mysapcomssonoits 1
  This way if my logon ticket already exists, it doesn't try and recreate it.  In this particular situation a Link in our BSP page lets the user change their user profile.  Therefore we launch SU3 using the ITS (WebGui).

• Urgent : How to create Manager and Reportee of a User in Embedded LDAP in W

  Hi All,
  I have created user in Weblogic Server Embdeed LDAP (Console-->SecurityRealm)
  however how can I assign another user as Manager of this user and some other user as reportee of this user.
  Basically how to create Manager and Reportee of a User in Embedded LDAP in Weblogic 10.3.5
  ie I have a user A and user B created in Security Realm.
  Now I want user A to be as Manager of User B so that when I use getManager() function in Human Task,I get A as Manager of B.
  Thanks
  Edited by: Vivek on 28 Sep, 2011 3:54 AM

  To get an idea check these links.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/aaa1a890-0201-0010-eb93-ae3d2bb74a78
  BSP/HowTo - Customizing the design of System Logon page in NetWeaver '04
  -Aman

• LDAP Reset Password

  Hi,
  How can i reset password of an user in LDAP from SAP.
  thank you

  Hi Joseph,
  I think U can acheve this by transaction LDAP.
  U could also check following link.
  /people/sap.user72/blog/2004/09/01/bsp-howto-fun-with-ldap-and-bsps
  Cheers
  Ankur
  Message was edited by: Ankur Jain

• LDAP Userid not present in Backend System

  We are trying to implement a scenario where the user are present in LDAP but are not present in the backend system "ECC".
  Case Scenario: User log into portal using "testid" and want to access the BSP view which pull up the information from the backend system. Now this "testid" is not present in ecc system so i am looking for solution to achieve this scenario where "testid" will be able to pull the information without being created in ECC system.
  This is required for our external customer which we donot want to setup in ecc system.
  Any suggestion or if some one has implemented this scenario and can share how they did it will be really appreciated

  Hi,
  1.) Licensing. Noteably the first aspect that would come from SAP themselves will be licensing. You still need to be transparent about licensing with SAP in your scenario.
  2.) Traceability. If any breaches are made or if any issues occur in yoru backend system, you will need to determine the exact time and it may be that the issue was invoked by several users acting on the system at the same time.
  3.) Locking/Synch and Session Terminations. If mulitple users (using the same backend ID) perform update tasks on the database you may find that they will incur locking issues from trying to update the same record. Synchronous jobs may also result in issues similarly when invoked by different users on the same ID. Session management on the backend systems (dependant on the application) may also result in situations where multiple users may be limited to the max number of concurrent connections under their ID or sessions be "locked" as a result of terminations on the client side - which would require to be cleaned up from time to time.
  While the above are some of the aspects that can be encountered, SAP generally handles these situations rather well, yet from a system managnment perspective you will encounter them from time to time.
  PS: Depending on how you map users - individual mapping can become cumbersome particularly if mappings need to change etc. You can also map at a group level. This will make your life easy particularly say for vendors who have several employees yet need to map to one ECC ID to transact - just create a group per vendor assign the users to the group and map the group to the ID.
  You can also us mass upload to map users efficiently - see:
  http://help.sap.com/saphelp_nw72/helpdata/en/48/a96f43db653206e10000000a42189c/frameset.htm
  https://cw.sdn.sap.com/cw/docs/DOC-107900
  example:
  [User]
  uid=user0002
  Last_Name=Johnson
  $usermapping$:BCE:user=ext_user0002
  $usermapping$:BCE:mappedpassword=initial1

• LDAP PL/SQL API

  Subject: DBMS_LDAP get ORA-06502 and ORA-06512 error msgs
  I used DBMS_LDAP in PL/SQL procedure and am getting the following error msgs. Could anyone help?
  ORA-06502: PL/SQL: numeric or value error
  ORA-06512: at "SYS.OWA_UTIL", line 315
  ORA-06512: at "SYS.HTP", line 859
  ORA-06512: at "SYS.HTP", line 974
  ORA-06512: at "SYS.HTP", line 992
  ORA-06512: at "SYS.HTP", line 40
  ORA-06512: at "IAR.AD", line 11
  ORA-06512: at line 1
  The prodecure was
  CREATE OR REPLACE procedure ad as
  hostname varchar2(256);
  my_session DBMS_LDAP.session;
  portnum PLS_INTEGER;
  BEGIN
  hostname := 'SERHO-S-001.bsp.shell.bn';
  portnum := 389;
  htp.htmlOpen;
  htp.headOpen;
  htp.title('LDAP TEST');
  htp.headClose;
  htp.bodyopen;
  my_session := SYS.DBMS_LDAP.INIT(hostname,portnum);
  htp.bodyClose;
  htp.htmlClose;
  END;
  Would appreciate any feedback.

  Hi RL:
  Can you provide me with the following information:
  1. OS and version you are using
  2. copy of the oidldapdxxx.log file
  3. complete code snippet
  4. The complete error message
  When I get this info I can start troubleshooting
  Thanks,
  Jay
  null

• Authenticating R/3 users using LDAP

  Hi,
  We are trying to authenticate SAP R/3 users using an already built Microsoft ADS.
  We have looked into configuration using trx. LDAP.
  But seems like this only helps to synchronize user data between the LDAP and the R/3 system.
  We are more looking for the authentication itself being handled by the ADS system.
  We do not want to go through the portal for authenticating these users.
  Is it possible to do this.?

  Of course, Single Sign-On implies that you are using a portal, or a cunningly-configured BSP. NTLM is only an option if using a Windows-based IIS as a proxy to your Unix box. Otherwise, you need to use the SPNEGO login module, which is not on general release (it is available on a consulting basis only - see Michael Sambeth at SAP).
  Until SAP use UME within the ABAP core, I don't see an elegant solution to this.
  - Darren

• LDAP Simple Bind - Authetication?

  Hi
  We have requirement to authenticate LDAP user id and password in a BSP.
  In function module LDAP_SIMPLEBIND we have the parameters Usr_string and pwd_string.
  Is these parameters for LDAP user id and password? If user details are incorrect it is supposed to return code LDAPRC as 49.
  I need to know whether we can use this method to authenticate LDAP user.
  Please provide your views.
  Thanks
  Rakesh

  ok got the point.
  to be able to connect to check the uid/pwd
  here is how you have to pass the password
  CALL FUNCTION 'LDAP_SIMPLEBIND'
        EXPORTING
         serverid     = p_serv                               
             usr      = wf_base
             pwd      = pwd
        IMPORTING
             ldaprc       = wf_error
  where for p_serv you pass the server alias defined in transaction LDAP
  and for wf_base (passed to parameter usr)
  you have pass it with its path
  CONCATENATE 'uid=' user_id ','  'ou=people,dc=domain,dc=com,o=internet' INTO wf_base.
  this syntax will change based on the setup of your LDAP server.
  Regards
  Raja

• Authenticate partial SSO users using LDAP

  Hi all,
  Is it possible to authenticate a group of the Portal users using an LDAP server, i.e. not to authenticate all the users using the LDAP server. I want to do this because we have a large number of customers (over 100,000) which are already defined in the LDAP server and I donot want to re-create them into the Portal login server, also I have many Portal users defined normally using the Portal "Add User". And if there is no such option, then is it smooth to move from database authentication to the LDAP server authentication (reference for the steps is appreciated)? We are using iPlanet LDAP server which is LDAP v3 compliant.
  Best to all

  Of course, Single Sign-On implies that you are using a portal, or a cunningly-configured BSP. NTLM is only an option if using a Windows-based IIS as a proxy to your Unix box. Otherwise, you need to use the SPNEGO login module, which is not on general release (it is available on a consulting basis only - see Michael Sambeth at SAP).
  Until SAP use UME within the ABAP core, I don't see an elegant solution to this.
  - Darren

• BSP for user's authentication

  Hi,
  I have two problems:
  1.- How can I do a BSP which capture an User ID and check if that user exist in my Active Directory?
  2.- I have just read weblog "/people/sap.user72/blog/2004/09/01/bsp-howto-fun-with-ldap-and-bsps" but I only can login using one user. If I try to connect using another users different that one, SAP shows an error message: "Could not logon to directory". I don't know why I can connect with one user only.
  I hope your answers.
  Thank you

  Hi,
    Go through this link....
  http://help.sap.com/saphelp_nw2004s/helpdata/en/02/4b528c2a8d11d5991f00508b6b8b11/frameset.htm
  Regards,
  Azaz Ali.