LDAP  as Date Source

Similar Messages

• Configuring more than one LDAP as data source

  Hi Portal Gurus,
  We have requiremnt to configure  MS ADS LDAP-> DEEP HIERARCHY  & Sun one LDAP->FLAT HIERRARCHY as PORTAL Datra Source.we have already configured MS ADS LDAP.
  for  merging these 2 LDAPS as a data source can anybody having experiece ...
  we  tried to configure with the below server  parameters for  2nd lDAP merging as per  below reference
  Configuration of More Than One LDAP Data Source"http://help.sap.com/saphelp_nw04/helpdata/en/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm".But
  we could not suceeded.
  Server parameters:
  Server:  xxxx:23xx
  LDAP Search root:  dv=hub, o=vds
  Connection ID:  cn=Directory Manager
  password: xxxxx
  we dont have user path or group path for the above 2nd LDAP.
  anybody can help in this ..
  Regards
  Tag

  Tag,
  It sounds like this issue might be releated to the fact that your second LDAP connection is to SUN One.   Maybe one of these links will help
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/aa/8f10f1e2bae346bef2853aa0f88f4c/frameset.htm
  or
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/43/4c3725aeaf30b4e10000000a11466f/frameset.htm
  Regards,
  Keith
  Message was edited by: Keith Crossett

• LDAP as data source for UME

  Trying to use a SSL enabled LDAP (Sun) for data source for UME.  It seems that I can't use SSL directly from GRC CUP 5.3. Followed the instructions in saphelp, but when I test the connection, it gives me "Connection test with user path failed". The following is the connection data in UME Config:
  Server Name:  10.56.17.20
  Server Port:     62636
  User:                cn=GMACApp_001,ou=Applications,dc=gm,dc=com
  Password:       <correct one entered>
  User path:        ou=People,dc=gm.dc=com
  Group path:      ou-Groups,dc=gm,dc=com
  Use SSL for LDAP Access is checked
  Use Unique Attribute is not checked
  I can connect to the LDAP using the same credentials with Softerra browser....Any ideas?

  Opened a message with SAP....the response was less than helpful..."we don't support SSL". When I pushed them with the responses I recieved from the forum, the replay was "we have never done this".  There must be a way.  I can't be the only person on the planet that has to connect to a corp LDAP with a secure port!! I have tried the trick of conencting a LDAP as a data source for UME, but with limited success.  Seems when the LDAP + db is enabled, the UME URL is not available (error 503). So that's not working so well either. 
  Any help will be appreciated.

• GRC 10: Maintain Data Sources Config Problem

  Hi All,
  I was trying to configure the User Data Sources for:
  1. Search
  2. User Details
  During this, I went to SPRO->GRC->AC->Maintain Data Sources Configuration. Here, first I tried to configure User Search Data Sources. When I clicked on New Entries, It gave me a screen wherein I have to fill details for:
  1. Target Connector
  2. Sequence
  3. User Data Type
  In Target Connector, I could find the connector I defined for the back end system and I could select it.
  In Sequence field, it is not showing any possible values. However, we can mention any value I believe. Then I mentioned like 12.
  In User Data Type, I shows as a possible values option. But when I click F4, it says:
  No Values Found
  Can anybody help me configuring this?
  Regards,
  Faisal

  Hello Faisal,
  Please note that you can have backend connectors as LDAP, SAP HR system
  Now the question is if you are using SAP HR system (i.e. a ECC system with HR module implemented) then
  1) Target Connector --> RFC name for the SAP ECC system
  2) Sequence --> you can put it as 1 ( if multiple  then you may decide which should be 1st source , 2nd source and so on)
  3) User data Type : It can be SU01 or HR
  If you are using LDAP as data source then ,see to it that you have maintained all the details for LDAP as required in SPRO configuration.
  i.e. create LDAP connector,Register the program at OS level, make necessary settings in transaction : LDAP
  Hope this helps.
  Regards,
  Victor

• Using an LDAP server as a data source?

  I'm evaluating data services and one of our requirements is to be able to retrieve data from an LDAP server. This isn't for authentication.
  We store information about users in an LDAP directory. The workflow I'm testing retrieves a customer number from a DB2 database and then retrieves the customer information in the LDAP directory.
  Is there a way to do this without having to write a bunch of code? The "import metadata" menu doesn't list LDAP as one of the data providers.
  thanks!

  There is no point-and-click (Import Data Source Metadata) way to use an LDAP server as a datasource. You have to use the Java Function provided on dev2dev. If you need help with it, please post here.
  - Mike

• How to create JDBC data source w/o LDAP server

  I am trying to test using JDBC data source on a computer without a LDAP server. Is there an alterative JNDI solution? How about using file system or RMI registry JNDI service providers?

  Any J2EE container should be able to handle that. I use JNDI data sources with Tomcat 4.1.27. I'm sure any other J2EE app server (e.g., WebLogic, WebSphere, JBOSS, etc.) would be able to manage it, too. - MOD

• LDAP Config File - data source not initialized

  Hi,
  We have altered our LDAP config xml file to deal with an LDAP with multiple branches. This was done previously and was working fine. We have just changed again as another branch was added. Now if some enters the wrong password on the login screen they get this error message
  Unknown message (ID = data source CORP_LDAP_CONSULTANTS not initialized
  rather then the usual try again message. Looking in the ume logs there are also lots of warnings about the new data sourse id (CORP_LDAP_CONSULTANTS)not being initialized. And we also can no longer add new groups or users.
  Any thoughts?
  <b>Think we may have fixed that problem. Wrong authorizations? But now we get a whole new problem. During startup of portal our error_logs get a whole series of messages about NameNotFoundException around groups and users. Looking closely some of the user domains don't even exist in the LDAP any more.
  Also when we try and add a user we get an error saying "PersistanceException: No Data Source feels Repsonsible for principal!"</b>
  ANY PEARLS OF WISDOM
  We are on EP6 SP2
  Message was edited by: Luke Collier
  Message was edited by: Luke Collier

  Hi guys,
  I'm running into exactly the same issue. The problem seems to occur only when the report being accessed by guest is a file data source. The only other option I could think of is setting up SSO for BIP and the application issuing the URL to the report.
  Could'nt find anything else in the documentation or known issues list that might fix this without having to setup Single Sign On. Any further luck with your investigation? I'd appreciate any feedback.
  Thanks
  Jonathan Cruz

• Change of UME data source from ABAP to LDAP

  Hi all
  we are running a NW04s installation with separate ABAP and JAVA stacks. As we thought our LDAP would be available soon, we configured the JAVA stack as UME data source and of course the ABAP stack for the ABAP-users.
  Now it looks like the LDAP will take some time to come. So we would like to change the JAVA data source to the ABAP, so that we can reduce the double work needed for the user administration (JAVA + ABAP).
  Now the questions. Once the LDAP will be available we would like to configure the user administration to use the LDAP.
  Is this possible, with or without SAP support? Can we get SAP support for this?
  Thanks for your answers.
  Edmund

  I know if you install the portal with an ABAP UME it cannot be changed to something else but assuming you install as database originally then I dont see why you could change from db --> abap --> ldap if you so choose?
  There doesnt appear to be any "technical" reason why you shouldnt be able to do this but almost all SAP documentation says you cannot.  I assume it has something to do with data inconsistency once the link is broken - probably leaving you with lots of users you cannot delete.  I get the distinct impression reading between the lines that you cannot revert back to ABAP when it doesnt work either, which is presumably why SAP do not recommend you even try .....
  Haydn
  PS.  Ive never actually tried it myself - ive been frightened by SAP telling me it doesnt work!!!!

• Multiple LDAP data sources in EP7.0 SP14

  Hello,
  I am new to a site that uses portal and SSO between portal and AD LDAP. The portal version is EP7.0 SP14. The datasource is configured with 'datasourceConfiguration_ads_readonly_db_with_krb5.xml'. User path is OU=Users,OU=Finance,DC=io,DC=network and Group Path is  OU=Groups,OU=Finance,DC=io,DC=network. The flag to use the Unique ID is also set to 'samaccountname'. The problem is that we also have users in OU=Admins,OU=Finance,DC=io,DC=network and OU=Managers,OU=Finance,DC=io,DC=network in the same AD LDAP that are not visible to the portal but we would like them to be?
  It did appear to work if I changed the User Path to OU=Finance,DC=io,DC=network but I can not find any SAP document that supports doing this?
  I have seen the document 'Configure multiple LDAP data sources for the UME' with the following link https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b however this specifies EP6 so I'm not sure if it is still relevant?
  Also somebody did warn me with "If you change the xml file it will remove all current user mappings to the portal, all the groups mapped to roles will be lost and you will have to set them up again". Is this true?
  Am I supposed to be using the SPNego Wizard as described in SAP Note 994791?
  And possibly the following links for configuring and testing the SPNego...
  Configuring and troubleshooting SPNego -- Part 1
  Configuring and troubleshooting SPNego -- Part 2
  Any guidance towards the best approach to solve our problem would be greatly appreciated.
  Thanks,
  Dave

  Hi Dave,
  It did appear to work if I changed the User Path to OU=Finance,DC=io,DC=network but I can not find any SAP document that supports doing this?
  OK, I am not an LDAP expert, but if you just want to change your entry point in the structure, I do not see how this would be a problem. I do not know what kind of statement you would expect in the SAP documentation allowing this. Maybe this will answer your question: [Organization of Users and Groups in LDAP Directory|http://help.sap.com/saphelp_nw04s/helpdata/en/09/c5ee407552742ae10000000a155106/frameset.htm]
  I have seen the document 'Configure multiple LDAP data sources for the UME' with the following ... however this specifies EP6 so I'm not sure if it is still relevant?
  This function has not changed much since EP6, only the administration tools.
  Also somebody did warn me with "If you change the xml file it will remove all current user mappings to the portal, all the groups mapped to roles will be lost and you will have to set them up again". Is this true?
  It depends on how you change the XML file, but it does not sound like you need to do this, just the configuration of the connection to the LDAP, that is, higher in the structure.
  Am I supposed to be using the SPNego Wizard as described in SAP Note 994791?
  Only if you want to use SPNego for SSO.
  -Michael

• OC4J data-source password indirection LDAP

  Hi all,
  I'm trying to set up password indirection for my OC4J data-sources. If I choose my user manager as JAZN XML UserManager then it works fine using encrypted passwords from the jazn-data.xml file. However using LDAP I cannot get it to work. I get an exception (pasted below) when the container starts up. Does anyone have experience with this?
  Regards.
  Anton.
  Exception:
  06/01/05 14:26:38 java.lang.UnsupportedOperationException
  06/01/05 14:26:38 at oracle.security.jazn.oc4j.RealmUserAdaptor.getPassword(Unknown Source)
  06/01/05 14:26:38 at oracle.security.jazn.oc4j.FilterUser.getPassword(Unknown Source)
  06/01/05 14:26:38 at com.evermind.security.SecuritySensitive.lookup(SecuritySensitive.java:217)
  06/01/05 14:26:38 at com.evermind.security.SecuritySensitive.decode(SecuritySensitive.java:114)
  06/01/05 14:26:38 at com.evermind.security.SecuritySensitive.decode(SecuritySensitive.java:131)
  06/01/05 14:26:38 at com.evermind.server.DataSourceConfig.getPassword(DataSourceConfig.java:530)
  06/01/05 14:26:38 at com.evermind.server.Application.initDataSource(Application.java:1674)
  06/01/05 14:26:38 at com.evermind.server.Application.initDataSources(Application.java:2077)
  06/01/05 14:26:38 at com.evermind.server.Application.preInit(Application.java:517)
  06/01/05 14:26:38 at com.evermind.server.Application.setConfig(Application.java:166)
  06/01/05 14:26:38 at com.evermind.server.Application.setConfig(Application.java:145)
  06/01/05 14:26:38 at com.evermind.server.ApplicationServer.initializeApplications(ApplicationServer.java:1756)

  Hi Toby,
  Passsword indirection with jazn-ldap is not supported please review this link
  Cheers,
  Deepak

• DPS6 LDAP data source monitoring

  I'd like DPS 6 to detect when a directory server is unable no open a new connection (when it has no more file descriptors available for example).
  After some tests, it seems like the different kind of data source monitoring in DPS 6 always use the same connections to test the directory, while according to the reference guide, DPS 6 should, if configured to do so,
  periodically establish dedicated connections ?
  Is this a known bug ? If not, any way to detect such problems on the directory with DPS 6 ?

  DPS uses the same (dedicated) connection to monitor ds health to be able to detect (quick) ds restart. In such situation, pre opened connection in the connection pools may become invalid even when 2 subsequent ds checks are OK. A restart is detected by using the same connections for monitoring.
  DPS reuses a new connection for monitoring when there is a suspicion of problem only, that is , after the proxy failed to establish a new connection to the ds. When everything looks OK, the same connection is reused and there is no parameter to control this behaviour

• Can not retrieve data source status

  I have 3 DPS (6.3) running fine with 3 (6.2) DS downstream, running fine as well, on RHAS 4 U4 .
  I don't understand why the DPS console always report it can not retrieve the data sources status. I checked the DS access logs, and I see each DPS
  default monitoring request (on the "" DN) every 30 seconds, which returns one entry, and no obvious error in any DPS or DS error log .
  Any idea ?

  Hi,
  it looks like a a known problem to me that may appear in the following situation:
  In somes cases, the proxy and the DSCC (console) uses different hostnames: For instance, the proxy may be registered to the admin framework as myhost.sun.com and the proxy itself may use only myhost. Operation status is exposed by the proxy as an LDAP entry with dn cn=myhost,.....,cn=monitor. When there is a naming mismatch, the console search for cn=myhost.sun.com,...., cn=monitor and can't find the entry, so the status is unknown.
  Don't know if you are in this situation but it might worth checking this.
  Hope this helps
  -Sylvain

• Where is the UME data source configuration XML file stored on the server?

  I'm trying to activate windows integrated authentication in my portal server.  The java engine's UME configuration has been loaded as a deep AD read only database using the file "dataSourceConfiguration_ads_deep_readonly_db.xml" but I can't find this on my server.  I need to modify a couple of parameters in there to activate kerberos principal management.  My recent portal training course offered me a completed working example but it was for an ads_flat_writeable_db so I can't simply load that and I need to understand the changes required.
  Where to I find the configuration file on my java instance server so I can make the necessary changes to a copy and upload that?

  Try to read
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
  UME user data is stored in one or more data sources. Each type of data source has its own persistence adapter. The persistence manager consults the persistence adapters when creating, reading, writing, and searching user management data. Persistence adapters for the following types of repositories are available: 1. Database: See the Product Availability Matrix on SAP Service Marketplace (http://service.sap.com/pam60) for details on which databases are supported. 2. u2022 Lightweight Directory Access Protocol (LDAP) directory: See the Product Availability Matrix on SAP Service Marketplace (http://service.sap.com/pam60) for details on which directories are supported. 3. SAP Systems based on Web Application Server 6.20 You can configure UME to use one or more of these persistence devices in parallel. Users can also be stored in several different physical LDAP directory servers, or in different branches of the same LDAP directory server.

• Windows Integrated Authentication on an ABAP data source

  Dear Experts,
  I have to implement Windows Integrated Authentication in my portal. By using Kerberos & SPNEGO, we can implement very easily if portal user id & windows (ADS) user id is same. But my scenario is windows id & portal id is different & data source is already configured as ABAP. Can you suggest me how we can achieve this requirement.
  Regards,
  VENU

  Hi,
  isnt the property krb5principalname used to define the mapping of the user ID when you cannot use the AD standard samaccountname?
  I think that the mapped user ID (as provided by krb5principalname) must be identically with the ABAP userID. When the ABAP user ID isn't present in the LDAP information, SSO won't be possible. Somehow he needs to publish the ABAP user ID into the AD.
  SAP Help:
  http://help.sap.com/SAPHELP_NW70EHP1/helpdata/EN/43/4c363ac31e30f3e10000000a11466f/frameset.htm
  http://help.sap.com/SAPHELP_NW70EHP1/helpdata/EN/43/4c3725aeaf30b4e10000000a11466f/frameset.htm
  br,
  Tobais

• BPM and multi data sources for users??

  Hi all
  can BPM read users from more than Data source?
  my case is i want to create from BPM Admin Center a Directory Service(or more than one) , so i can read users and groups from ldap AD and DataBase ....or from 2 ldaps
  Thanks

  Federated directory support was added in 10gR3. This is done at the web application level, such as the workspace and allows the workspace to connect to multiple directories and provide a consolidated interface for users. This is configured through the workspace.properties file but I am not sure how much documentation exists.