Configure LDAP to portal
Hi all,
Please could some body give me the overview stpes how the configuration takes place LDAP to Portal?
Sai
Hi Sai,
Follwing is step by step solution to configure LDAP server for EP
1) Ensure that the UM Configuration is set to Database Only or that the current
UM configuration creates new users in the database.
a) Navigate the the UM Configuration UI (System Administration -> System
Configuration -> UM Configuration) and select the Data Sources tab.
b) Choose Database Only or any
Read Only dataSource.
c) Save.
d) Restart J2EE Engine.
2) Create a new user ID in the portal and assign it to the Super Administration role. Log off and then log back on to the portal with this ID to ensure you can access the administrative function using the ID from the database. This ensures that you can logon and perform administration tasks even if the portal is unable to connect to an LDAP source.
3) Establish the initial UM configuration.
a) Navigate the the UM Configuration UI (System Administration -> System
Configuration -> UM Configuration) and select the Data Sources tab.
b) Choose the most appropriate DataSource configuration from the delivered list
(e.g. iPlanet, Novell, MS ADS, etc.)
c) Complete UM configuration for the first LDAP data source using the User
Management Configuration Tool.
d) Restart the J2EE Engine.
e) Logon to portal server with an LDAP user to test the connection. If there are
problems, use the database user ID you created in step #2 to logon to the
portal and resolve connectivity issues.
4) Capture information required for creating a new UM Configuration for Multiple
LDAP sources.
a) Log back on to the portal using an administrator ID.
b) Navigate back to the UM Configuration Tool and select the Data Sources
tab.
c) Click Download to download a copy of the appropriate XML file. Save this
file to your local filesystem for editing.
d) Navigate to LDAP Server tab and verify connection information to the LDAP
server. Click Test Connection to ensure credentials are correct. Save the
configuration before continuing to the next step.
e) Navigate to Direct Editing tab.
f) Scroll down to the LDAP Settings section and copy the contents to MS
WordPad or other text editor (configuration document).
5) Create a new UM configuration file for multiple LDAP data sources.
a) Open the dataSourceConfiguration_multiLDAP_db.xml file (previously
downloaded) using a text editor (other than Notepad) and locate the
<dataSource.../> section for the CORP_LDAP. Copy the entire section
from <dataSource
> to </dataSource> to the clipboard.
b) For each additional LDAP server, paste the copy into the document after the
original </dataSource
> ending tag for the CORP_LDAP source. Change
the name of the data source for pasted copy to CORP_LDAP_X or some
other value. This value becomes a data source identifier for UME and prefixes
the principal Ids.
c) For each LDAP data source, locate the <privateSection
> within the
<dataSource
> tag and enter the following lines if they are not present:
<i>
<ume.ldap.access.server_name>SERVER_HOSTNAME</ume.ldap.access.server_name> <ume.ldap.access.server_port>SERVER_PORT</ume.ldap.access.server_port> <ume.ldap.access.user>DS_USER_NAME</ume.ldap.access.user> <ume.ldap.access.password>DS_PASSWORD</ume.ldap.access.password> <ume.ldap.access.base_path.user>USER_ROOT_IN_DS</ume.ldap.access.base_path.user> <ume.ldap.access.base_path.grup>GROUP_ROOT_IN_DS</ume.ldap.access.base_path.grup></i>
d) Update the properties for each datasource with the correct values obtained
from the Direct Editing tab (now stored in the configuration document). An
example is shown below: <dataSource id="CORP_LDAP_2"
<i>
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="true" isPrimary="true"> ... <privateSection> <ume.ldap.access.server_name>i802895a.phl.sap.corp</ume.ldap.access.server_name> <ume.ldap.access.server_port>389</ume.ldap.access.server_port> <ume.ldap.access.user>cn=Directory Manager</ume.ldap.access.user> <ume.ldap.access.password>ksdf8SDF#%</ume.ldap.access.password> <ume.ldap.access.base_path.user>ou=people,dc=phl,dc=sap,dc=corp</ume.ldap.access.base_path.user> <ume.ldap.access.base_path.grup>ou=groups,dc=phl,dc=sap,dc=corp</ume.ldap.access.base_path.grup> <ume.ldap.access.server_type>SUN</ume.ldap.access.server_type> [more stuff] </privateSection></i>
6) Upload the new UM Configuration file.
a) Navigate back to Data Source tab and choose Other for the data source.
b) Click Upload and navigate to the new configuration file -
dataSourceConfiguration_multiLDAP_db.xml. Upload this to the server.
c) Click Save to save the new configuration.
d) Navigate to the Direct Editing tab.
e) Comment out all of the LDAP settings which begin with ume.ldap.access.*
such as server name, passwords, etc. that are now manually configured in
the XML file.
f) Click Save to save the properties. (You may also wish to make a copy of the
new settings and save them to a file for recovery purposes). g) Restart the
J2EE engine.
7) Test the configuration.
PS: Pl award points if post found useful
Similar Messages
-
Steps for configuring LDAP in Portal
hi all,
i need step by step configuration for the LDAP Server in portal
so can u please help me in that.
thanks,
sriram.Hi Sriram,
Following are few documents for configuring LDAP in portal. Have a look.
Check this to Configuring EP UME with LDAP Data Source, in the below link check the left navigation child nodes:
http://help.sap.com/saphelp_nw70/helpdata/EN/42/d7b4f47ea91635e10000000a1553f7/frameset.htm
http://help.sap.com/saphelp_nw70/helpdata/EN/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
Have a look at these BLOGS which tells you step step by approach to integrate LDAP with SAP EP.
Novell eDirectory 8.8 as UME Data Source for EP : Part I
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2937. [original link is broken]
UME Data Source: LDAP
https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
Windows Integrated Authentication via Kerberos on an LDAP data source
Check these
http://wiki.sdn.sap.com/wiki/display/EP/Setting%2bUp%2ban%2bLDAP%2bfor%2bthe%2bPortal
https://wiki.sdn.sap.com/wiki/display/HOME/ConfigureLDAPand+EP
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
I hope these links will help you.
Regards,
Gopal. -
LDAP user groups not visible for configuring a Group Portal
Hi,
We have created a Custom Security Realm(myRealm) on WebLogic 7.0 SP2 in which
I've added the Novell LDAP Authentication provider as the authentication provider
and then set "myRealm" as the default realm for the domain. I am able to start
the WLS server instance and login to portalAppTools with the "administrator" account.
We would like to configure a Group Portal. In Portal Administration interfaces,
when I click on Group Administartion, I am unable to see any of my external LDAP
groups. I know that we cannot create/delete users or groups in the external LDAP
repository thru the Admin UI but the documentation says that I should be able
to view the users/groups in the Admin UI. Authentication against the external
LDAP repository works fine. Can anybody suggest the reason why we are unable to
view any of the Users or Groups in our external LDAP repository thru the User
Administration interfactes.
Appreciate any feedback.
Thanks
VikramHi Jim,
I've configured a default LDAP V2 Compatibility Realm by modifying the Config.xml
file. I was able to restart Weblogic and see the LDAP Groups and Users thru the
WLS console. In our project we've a unique requirement wherein all Application
Groups and User Accounts would be stored in an LDAP repository and all BEA SERVICE
level accounts and groups are stored in a Database (groups like AdminEligible,
Administrators etc.). We need to be able to look at the groups in both the Database
and LDAP repositories in order to administer and configure a Group Portal. On
the outset it looks like we will not be able to do what we want to with the current
portal framework. Please suggest if there are any alternatives in order to implement
this solution. I am sure there are lot of other Clients who cannot create groups
like Administrators, AdminEligible etc in their LDAP repositories and will be
forced to think of alternatives.
I would appreciate if you can reply back at your earliest convenience.
Thanks
Vikram
Jim Litton <replyto@newsgroup> wrote:
The Weblogic 7.0 Authentication Providers (new JAAS Framework) is not
supported with Portal 7.0. You will need to configure the Compatibility
Security CustomRealm for Novell to try to get Portal working.
see defaultLDAPRealmForNovellDirectoryServices at
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1083149
In addition, remember to test functionality through the Weblogic
Console. If you can see groups and users there okay it is very likely
that Portal will operate.
-- Jim
Vikram wrote:
Hi,
We have created a Custom Security Realm(myRealm) on WebLogic 7.0 SP2in which
I've added the Novell LDAP Authentication provider as the authenticationprovider
and then set "myRealm" as the default realm for the domain. I am ableto start
the WLS server instance and login to portalAppTools with the "administrator"account.
We would like to configure a Group Portal. In Portal Administrationinterfaces,
when I click on Group Administartion, I am unable to see any of myexternal LDAP
groups. I know that we cannot create/delete users or groups in theexternal LDAP
repository thru the Admin UI but the documentation says that I shouldbe able
to view the users/groups in the Admin UI. Authentication against theexternal
LDAP repository works fine. Can anybody suggest the reason why we areunable to
view any of the Users or Groups in our external LDAP repository thruthe User
Administration interfactes.
Appreciate any feedback.
Thanks
Vikram -
SSO Configuration in the Portal - Configtool screen greyed out
Hi,
I am trying to setup SSO to our AD server in our portal system.
However, when I go into the config tool to change the settings in the UME LDAP Tab - the screen is greyed out and I cannot change anything.
Anyone know how I can modify this screen?
DaveHi ,
You can opt for SAML.
Configuration from BASIS & Portal Side.
[Setup SAML 1.1-based Web SSO from NetWeaver CE to non-SAP systems ]
Configuration from Share Point side.
[http://technet.microsoft.com/en-us/library/ff607753.aspx]
Also you can check out the third party tool u201C btexx MOSS Integratoru201D .
[http://www.btexx.com/products/btexx-collaborationmanager/MOSS-WSS]
[http://www.btexx.com/products/btexx-collaborationmanager/video]
Regards
Sahil Kohli -
Hi,
I am trying to configure LDAP for my portal server (EP 6 SP 15) with Sun ONE directory server as user store.
(there is a blog for Novell eDirectory server but not for SunONE or Windows ADS)
Is there any blog or documents for it?
It will be very helpful for me to continue with the task.
Thanks in advance
swarnaHi,
I went through the blog regarding "LDAP configuration with Novell eDirectory server".
I installed both edirectory and iManager in my system without any errors.
But when i try to create a user using iManager,i am not able to login,inspite of giving the correct user id and password which i gave during installation---
User-Admin.O=company
Password-********
Tree-novelltree
I get the following error-
<b>
(Error -634) The target server does not have a copy of what the source server is requesting. Or, the source server has no objects that match the request and has no referrals on which to search for the object. </b>
Since this is the first step,am unable to proceed further!!
If someone has tried this,can u please help?
Regards
SwarnaDeepika
Message was edited by: SwarnaDeepika -
Error at configuring LDAP Synch by using post installation steps of OIM
Hi All ,
I am getting error while configuring LDAP synch.......
i am doing LDAP synch by using following link http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm#IDMIG4357
While Running patch_weblogic.sh script i am getting following error
Error:
patch:
explode-archived-apps-was:
seed-ootb-jobs:
seed-ootb-jobs:
[echo] ----> SEEDING OUT OF THE BOX SCHEDULE JOBS AND TRIGGERS
[java] Exception in thread "main" java.lang.ClassNotFoundException: oracle.jdbc.xa.client.OracleXADataSource
BUILD FAILED
/apps/Oracle/Middleware/Oracle_IDM1/server/setup/deploy-files/setup.xml:21: The following error occurred while executing this line:
/apps/Oracle/Middleware/Oracle_IDM1/server/setup/deploy-files/setup.xml:84: The following error occurred while executing this line:
/apps/Oracle/Middleware/Oracle_IDM1/server/seed_data/seed-rcu-data.xml:37: Java returned: 1
Total time: 26 seconds
*********I can't trouble shoot this error.....because i am not able to find out oracle.iam.scheduler.seed.SeedSchedulerData class is in which jar.
Please help me to solve this problem
Regards,
idmr2Open weblogic.profile and change the value for property operationsDB.driver to oracle.jdbc.OracleDriver and retest the issue.
-
Want to delete all the mails in the mail box configured for BPM Portal
Hi All,
Do you have idea to perform this activity.
I want to delete all the mails in the Dev mail box configured for BPM Portal.
Server and mailbox details as given below :
Mail a/c = Y00123
Mail server = sap.mail.com
Thanks, Sanjayhttp://java.sun.com/developer/onlineTraining/JavaMail/contents.html
http://www.jguru.com/faq/view.jsp?EID=17035
if you know the password of the account, i think you can also access the mail using mail client, like you use outlook to deal with your company mail daily. -
How to configure mail using portal collaboration
hi Guys..,
pls tel me
how to configure mail using portal collaboration and its uses..
thanks
regards
kamalHi,
Two Configure Email, first
You have to create a System for Groupware through System Administration ->System Configuration -> system LandScape
Then create a Groupwaretransport
implement SSO between your Mail server and your EP...
and finally
Create a Mail service...
More Info is available at below link..
http://help.sap.com/saphelp_nw04/helpdata/en/7c/6a469702474146a8ef2f97fe880b2f/frameset.htm
and have a look at the thread raised by be on Calender Configuration...
Collaboration calendar : No transport has been configured for the calendar
Regards,
Srinivas -
Need info to configure SSL for Portal Server in EP6SP2
Hello,
We need to configure SSL for Portal Server. We are using J2EE 6.20 Patch 25 and EP6SP2P4. The ITS is already using https and it creats lots of Session issues since Portal is not in https.
Is there any OSS Note or How to guide to configure Portal to use SSL.
Thanks.
- PKHi Marcel,
Thanx for your Post, I have a Question, we will use CISCO for load balancing and SSL termination but I have a big issue, the URL in the portal applciation is always the same ant the URL in the borwser, I guess al the other URL´s are in the Frames, how will we configure the SSL termination for the login page in example if the URL in the Browser appears always the same?
Thanx in Advanced!!! -
Internal and External Portals be hosted & Configured on Same Portal server?
Hi Experts,
Is it possible to host and configure the Internal portal and External Portal on the same portal server?
If yes, kindly provide the inputs.
We have a scenario wherein we have to use the same portal server for both kinds of users (Internal as well as External).
We want to provide separate URLs for both the portals and the datasource for the users management would be different for both the scenarios.
The user managemnet in case of Internal Portal has to be authenticated to an AD server whereas in case of External Portal the user management would be taken care by UME.
Please suggest and share some docs if possible.
Thanks & Regards,
AnuragHi,
Can we customise the Portal logon page for both the portals differently?
I've already customised the portal logon page by modifying the UME properties in the Config Tool but that was done keeping in mind the External Portal users. Now, we want to customise the page for Intranet users but with different options at the logon page.
How can we achieve this functionality as any property that we modify in either VA or Config Tool will affect both types of portal pages.
For an eg. we have a Self Registration link for the external users which we do not want for the Intranet users. How is this possible?
If we design a webdynpro java application for the logon page and for authentication purpose, can we call a home page iview on successful authentication?
And with this customised webdynpro java application, can we connect to the AD server for the user authentication?
Best Regards,
Anurag -
Configuring BI-java portal to BW backend
Hello,
We have an existing application portal which used to display BI reports and related iviews. Now I have installed a new BI-Java portal instance. I want to configure this new portal instance to connect to my BW backend. How do I go about it?
Also, what are the changes I need to make in the existing application portal to make sure that the BI iviews point to the new BI Java instance?
Thanks,
AjayAjay,
This [wiki|http://wiki.sdn.sap.com/wiki/display/EP/HowtoConnecttoBWSystemthroughEnterprisePortal7.0UsinganIView.] should help you in creating a system and you can point your iviews to this system.
Good Luck!
Sandeep Tudumu -
After configuring LDAP Oracle BAM Server is not starting
Configured LDAP on SOA Suite PS3 (11.1.1.4.0) environment. As per the requirement create OracleSystemUser and OracleSystemGroup in external LDAP and made the user as memner to OracleSystemGroup. Followed the guide @ http://www.oracle.com/technetwork/middleware/bam/technote-bam-multiplesecurityprovid-130532.pdf
As per the BAM requirement,
1) Created user "OracleSystemUser" in the external LDAP
2) Created group "OracleSystemGroup" in the external ldap
3) Made "OracleSystemUser" as member to "OracleSystemGroup"
Post configuration, restarted SOA Admin Server and Oracle BAM Server but BAM Server failed to start and its goving following error in the logs :
[2011-08-17T13:34:38.563+00:00] [bam_server1] [NOTIFICATION] [] [oracle.bam.adc.kernel.server.DataStoreServer] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: OracleSystemUser ] [ecid: 679489bd4ac3a480:-4b8798f0:131d7f26dd0:-8000-0000000000000002,0] [APP: oracle-bam#11.1.1] BAM schema version is 2025
[2011-08-17T13:35:28.530+00:00] [bam_server1] [ERROR] [] [oracle.bam.adc.security] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: OracleSystemUser ] [ecid: 679489bd4ac3a480:-4b8798f0:131d7f26dd0:-8000-0000000000000002,0] [APP: oracle-bam#11.1.1] [15] Authenticator.createAdminContext: Exception occurred attempting to create administrator context.[[
java.lang.Exception: BAM administrator account OracleSystemUser does not m_connection-jpss null
at oracle.bam.adc.security.authentication.Authenticator.createAdminContext(Authenticator<Aug 22, 2011 2:20:00 PM GMT+00:00> <Warning> <org.apache.myfaces.trinidad.webapp.ResourceServlet> <BEA-000000> <ResourceServlet._setHeaders(): Content type for /bi/jsLibs/engine_20101227.swf is NULL! at oracle.bam.adc.kernel.server.ADCService.startService(ADCService.java:91)
Cause: Unknown file extension> erver$ServiceEntry$1.run(BamServer.java:1717)
Verified the synchronization of OracleSystemUser as I was able to login using this user to other SOA Application urls.
Any pointers to resolve this issue would be highly appreciated.Hi Raj,
Couple of points. Please check,
1. if the listener is up
2. the tnsnames.ora to check the right HOST
3. related services are up
The following thread may be of use :
Re: Not able to connect to Oracle B2B database after restart of my system
Regards,
Dheeraj -
Getting error while configuring LDAP with OEG
Hi All,
I am trying to authenticate web service using LDAP at the time of loading and invoking. I am able to configure LDAP and connection is successful, But when authentication i am getting error.
ERROR 08/Mar/2013:11:46:14.240 [4287d940] Failed to authenticate user [soaUser]
ERROR 08/Mar/2013:11:46:14.242 [4287d940] java exception:
com.vordel.circuit.authn.VordelAuthNException: Original Message - type=javax.naming.NamingException msg=failed to authenticate exactly one user (got 0)
at com.vordel.security.auth.repository.LDAPRepository.checkCredentials(LDAPRepository.java:199)
at com.vordel.security.auth.repository.RepositoryBase.checkCredentials(RepositoryBase.java:58)
at com.vordel.security.auth.HttpBasicAuthN.authenticate(HttpBasicAuthN.java:51)
at com.vordel.circuit.authn.HttpProcessor.performAuthentication(HttpProcessor.java:61)
at com.vordel.circuit.authn.HttpBasicProcessor.invoke(HttpBasicProcessor.java:41)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:154)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43)
at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:229)
at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:36)
at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:290)
at com.vordel.dwe.http.WebServicePlugin.invokeDispose(WebServicePlugin.java:102)
at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:131)
Caused by: javax.naming.NamingException: failed to authenticate exactly one user (got 0)
at com.vordel.common.ldap.LdapLookup.loginUser(LdapLookup.java:674)
at com.vordel.common.ldap.LdapLookup.checkUserExists(LdapLookup.java:605)
at com.vordel.security.auth.repository.LDAPRepository.checkCredentials(LDAPRepository.java:166)
... 11 more
Thanks,Looks like that there is something wrong with the authentication repository that you created with your LDAP connection.
Connection might be successful but for authentication, you need to create an authentication repository with that connection.
Follow the OEG user guide for this and reply v=back in case you get further issues. -
Issues when configure LDAP server in OBIEE
Hi,
I have a big issue, I configure LDAP server for authentication of users, and everything looks fine, but my problem is when I log in Interactive Dashbaords, I enter without any problem, but some parameters and some filters and some functions are NOT working, for example:
-In a parameter I have this condition for Default value: SELECT YEAR(Tiempo.Dia) FROM Finanzas WHERE Tiempo.dia = CURRENT_DATE, and returns me a null value, but if I change to this SELECT YEAR(Tiempo.Dia) FROM Finanzas WHERE Tiempo.dia = CURRENT_DATE-1, returns me "2010"
I have similar behaviors in other parameters, and some filters and some functions.
Everything happen in Development instance. I configure LDAP server in Development instance.
In Production instance nothing of this is happen, but I do not configure LDAP server yet.
What do anyone think is happen here? This happens because I configure LDAP server? What do you think that mades this behavior for my parameters, filters and functions?
Do you think is a better practice to clone Production instance to Development instance? If so, how can I do a clone instance, only for OBIEE?
Regards,
Arnulfo
Edited by: ArnulfoPA on 25-may-2010 15:35The date returned by CURRENT_DATE is determined by the system in which the Oracle BI Server is running. So, does CURRENT_DATE returns an equal values on prom and dev instances in your case?
-
Configure LDAP question in Mail Preferences
In trying to troubleshoot my question two posts down, I went to Mail Preferences to confirm I had checked the item that says to "Automatically complete addresses". It was checked. What does the toggle box next to it marked "Configure LDAP" do?
many thxLDAP is a common directory service. It's typically used for accounts in network environments (e.g. a list of everyone's username and password), but it can also be used as a contact database.
When auto-completing email addresses, Mail can query a LDAP server to find users email addresses - think of it as a central address book rather than your own personal one.
It's more common in large organizations where you don't want hundreds of people having to remember everyone else's email address - add them once to the directory and everyone who's connected to that server will see them. For individual/personal use it's less useful.
Maybe you are looking for
-
Need help in bex query designer
hi experts , Actually we had a ODS where the KPI's values for all weeks are present and also the module. in the query designer we need to show the targets for respective KPI's modulewise. the requirement is module-selections week no-selection target
-
How to and the proper way of Scheduling
Hi Everyone, I looking forward to put on scheduling for some files that I have uploaded and I wanted to confirm before doing if it is alright what I am planning to do. I am basing my scheduling on: http://www.oracle.com/webfolder/technetwork/tutorial
-
No Page Display in Portal (UWL)
Hi all, Currently, I have a user who normally can approve one employee leave request under a role. Now, although employee has submitted leave request via portal, the user (approver) couldn't load the page (where he/she normally approve the leave requ
-
Photo book not ordering in iPhoto for iOS 7
I'm trying to order a photobook in iPhoto on my iPhone 5. It looks like the order is processing but it never actually finishes placing the order for the photo book. Anyone know of a solution? Please help!
-
Killing a thread easily?
Hello, I'm working with a thread class that looks like this:public void run() { while (true) { Socket client = aServerSocket.accept(); // do stuff }The problem is kind of obvious, as it is, it never stops unless you kill the