LDAP Datasource

Similar Messages

• Configuring Multiple LDAP Datasources in VDS

  Hi,
  I'm trying to configure multiple LDAP Datasources using VDS, one talking to AD and other to Novell eDir from VDS, my LDAP connection strings works well but when I start the service in VDS the service will never startup all I see is Exception null, it does not throw any exception at the same time it doesn't start up the service. I've tried configuring with signle Datasource which works fine. This is failing  when I combine those two datasources into one configuration. Have any configured multiple datasources with in VDS. Not sure if you have encountered any problems.
  Thanks,
  Joe.P

  Are you just trying to bring in two LDAP data sources or do a join between them? 
  Actually both I believe are considered types of joins.
  You cannot just define two datasources and expect them to show up.

• Config UME with ABAP+LDAP datasource

  Hi all,
  We are implementing an EP installation. We want to reuse the abap role assignment for the portal roles and we require a SSO solution based on SPNego.
  Now we can implement each on it's own fine. The question is how we can connect the ume to use both abap and ldap datasource. I opened an OSS about it and they said it's possible, supported but I'm on my own when it comes to implementing it (or consulting offcourse).
  Anyone had experience with this configuration or can provide me with the datasource schema file?
  Thank in advance,
  Eric

  Try the following:
  1.     Download the SPNegoWizard_645.zip (for 7.0) SPNegoWizard_640 (for 6.40)from SAP Note 994791 and unzip it.
  2.     Adjust the user running the SAP system in Active Directory
  3.     Copy the EAR and XML Files from the SPNegoWizard.ZIP file to a temporary directory on the server.
  4.     Open up the Visual Administrator.  Logon with the admin ID.
  5.     SID ->Server -> Services -> Deploy
  6.     Open the Config Tool. (Yes to using DB settings)
  7.     Select UME LDAP Data
  8.     Browse to the XML file you copied earlier. (dataSourceConfiguration_ads_readonly_db_with_krb5.xml)
  Click the upload button.
  9.     Select the Configuration file you just uploaded.  Click OK on the Warning message.
  10.     Setup the Connection details as specified below:
  Server Name: xxxxxx
  Server Port: xxxxxxx
  User: SAPService<SID>@domain.com
  Password:  xxxxxx
  Use UME unique id with unique LDAP attribute (checked): samaccountname
  User Path: dc=<domain>,dc=com
  Group Path: ou=xxxxxx,ou=xxxx,dc=xxxx,dc=xxxx
  11.     Click the Test Connection button you should see:
  Click Close when done.
  12.     Click the Test Authentication button, enter NT user ID and NT password, and click the authenticate button and you should get a success message:
  13.     Select cluster-data   Global Server Configuration  services  com.sap.security.core.ume.service
  14.     Edit the ume.admin.addattrs.
  Add the values: krb5principalname;kpnprefix;dn
  Click the Set button. 
  15.     Click the Save button or File -> Apply.  
  16.     Close the Config tool and restart the JAVA engine.
  17.     After the engine is restarted, continue on with the Kerberos configuration.
  18.     Open up the SP Nego Wizard by going to the following URL: http://<server>:<port>/spnego
  19.     Logon with the Administrator user ID.
  20.     Select the check boxes for the u201CService user is created and configured in Active Directoryu201D and u201CUME configuration includes SPNego specific settingsu201D
  Click the Next button
  21.     Click the Add Kerberos Realm button and enter your domain name (e.g. company.com)
  22.     For the Realm Configurationu2019s KDCs (Key Distribution Centers) put in <KDC host> and 88 for the port (the port should already be filled in. 
  23.     In the KPN (Kerberos Principal Name) section enter the Service User Name & Password.
  Service User: SAPService<SID>          
  Password: xxxx
  Leave LDAP Host - blank
  24.     Click the Next button
  25.     Select Prefix Based for the Resolution Mode and Click Next
  26.     In Policy Configuration we want to create a new policy called spnego.  Tick Basic password Fallback (when SSO do not work) and tick SSO with Logon Tickets.  Click the Next button.
  27.     Click Finish on the Confirmation screen.
  28.     Close the browser and restart the engine.
  29.     After the engine has finished restarting, continue with the final steps.
  30.     Open up the Visual Administrator.  Logon as the Administrator ID.
  31.     SID  Server  Services  Security Provider
  32.     Go into change mode by clicking the change button.
  33.     On the Runtime tab  Policy Configurations tab  Select ticket from the Components list.
  34.     On the Authentication tab for the ticket component  select Authentication Template: spnego
  35.     Now go to the useradmin service (http://<server>:<port>/useradmin) to test the Kerberos SSO.  You should get signed on without entering a user name or password.
  You are done!

• LDAP datasource creation

  Hi
  I need an ldap datasource created for my custom use and not for UME. Hence where can i create a datasource for ldap as i donot find any option to create an ldap datsource other than in UME.
  Thanks
  Padmaja

  Hi,
  Using LDAP you can connect to external user directory. Generally in many companies they will maintain a central user data source. This datasource can be configured in portal using LDAP connectivity.  These external datasources can be microsoft Active directory or Tivoli Identity Manager etc......
  you can configure them by navigting to  System administration -> system configuraiton -> UME Configuration
  also search in SDN for LDAP connectivty, you will get step by step documents.
  Raghu

• UME with ABAP AS and LDAP Datasource

  Hello SDN´s
  We have tried very hard for the last days configuring the ume-xml for the following scenario:
  -     LDAP is used to authenticate the user
  -     AS ABAP is used to store the roles of the user (because they automatically becomes groups in the portal)
  - the portal and the ABAP-system are  on different servers
  Given facts:
  1)     we canu2019t synchronize the roles of the ABAP system to the LDAP
  2)     we have to use the open-LDAP for the authentication
  3)     DataSources are readonly
  4)     User can have similar or different userid´s on the DataSources (Mapping required)
  Therefore, we read the user and account information from the LDAP and groups/roles form the ABAP AS.
  Result:
  a)     user with similar userid on LDAP and ABAP AS: These user were no longer able to log on to the portal
  b)     user with different id´s (mapped) on LDAP and ABAP: Can log on
  Questions:
  -     Is it true that similar userid´s leads to inherent problems of the UME Persistence Manager?
  -     Did we set up a wrong config-xml?
  -     Is there any other way how we could authenticate to the LDAP and having the Roles of a user read from the ABAP system dynamically?
  Thank you very much for your help
  Sincerely, A. Hunziker

  Hi Andre,
  Not sure if my remarks below can help you but I do hope that it can shine you some light.
  We have LDAP as our main UME, which is configured in our Portal7.0. This means that security groups created in LDAP are "replicated" into the Portal. We created Portal Roles which are assigned to the security groups created in LDAP. We also use SSO and it was setup via the SPNego Wizard (http://help.sap.com/saphelp_nw70/helpdata/EN/45/40a0de773a7527e10000000a114a6b/frameset.htm). This way, the user only needs to login via Windows and access the Portal without having to login (when users have the same Windows userID as that of their SAP ID). If the users have a different userID between Windows and SAP, then they do a user map under personalization of the Portal.
  To connect our Portal to our backend systems, we created a reference system (http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm) and we have our Portal certificates in all backend systems (http://help.sap.com/saphelp_nw70/helpdata/EN/d3/41c8efb31d11d5993800508b6b8b11/frameset.htm).
  With the above, users have SSO from Windows to Portal and via the reference system, they can enjoy SSO as well into our backend systems.
  Basically we have control what the users can see from the Portal (directly from LDAP security groups with users assigned to that) and what the user can do on backend is still maintain in the backend authorisation setup.
  Hope that can help you.
  Ray

• Self Registration for UME using LDAP as the datasource

  Hi,
  Am I able to config the self registration when my UME is mapped to LDAP datasource? If yes, how am I going to do this as I'm not able to find the ume.logon.selfreg=TRUE.
  Thanks!

  Hi,
  Isn't this option there in /useradmin ? Go to http://hostname:port/useradmin and click on Configuration. Go to the tab User Admin UI and there select the option for enabling self-registration.
  Also, should be available in configtool under the core ume service.
  Regards,
  Shitij

• Can IdM be used as LDAP directory and UME datasource?

  Hi,
  I am trying to figure out what IDM can and cannot do.
  Can IDM be used as a LDAP datasource in its own right for a SAP Portal for example?
  Or do you still have to use an external LDAP directory and IDM is then only used to pull everything together from all systems?
  Thanks,
  Adriaan

  Hi Adriaan,
  it should be tecnically possible to use the Virtual Directory Server as a LDAP datasource for portal, but you probably have to edit the datasource.xml of portal and the connection.
  I'd rather use the portal database or a dedicated LDAP for that and use IdM to provision into this repository.
  Regards,
  Andreas

• Authentication getting failed in sun one Ldap

  HI,
  Any one please can assist me for sun one ldap.
  My application developed(ldap related) based on lotus domino ldap server and webspere.
  now we are trying to deploy the same code with Websphere and sun one ldap server at our local environment.
  Iam getting the prblem of authentication fail.
  please follow the logs as.
  My question is what ever the code written for lotus domino is compatible with sun one ldap.Iam new to LDAP .
  pls any one give the suggestions.
  LDAP Interface: Performing LDAP authentication for user [NYilmaz]
  17 Dec 2007 18:43:13,359 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. The username and password are transmitted in clear text form which is very insecure. Consider replacing the LDAP protocol with LDAPS (SSL).
  17 Dec 2007 18:43:13,359 [DEBUG] NABLDAP: Establishing a new authenticating connection to [ldap://gpat.bsdev.com]
  17 Dec 2007 18:43:13,375 [INFO ] NABLDAP: Failed to authenticate with the remote server on [ldap://gpat.bsdev.com] because of error '[LDAP: error code 34 - Invalid DN]'
  17 Dec 2007 18:43:13,375 [WARN ] LDAP Interface: Unsuccessful authentication attempt for user [NYilmaz]
  17 Dec 2007 18:43:13,375 [DEBUG] LDAP Interface: Writing the value {javax.naming.InvalidNameException:[LDAP: error code 34 - Invalid DN]} to General[1].OnionErrorMessage
  17 Dec 2007 18:43:13,390 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. Consider replacing the LDAP protocol with LDAPS (SSL).
  17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Establishing a new anonymous connection to [ldap://gpat.bsdev.com]
  17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Connection established.
  17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Searching remote LDAP directory using the filter of [(&(objectclass=person)(&(cn=NYilmaz)))]

  Hello Vinay,
  when configuring multiple Ldap directories, There are a number of prerequisities that you need to
  consider.
  For example, One prerequisite for Multi domains is that logon IDs must be unique across mutliple LDAP datasources. This will cause issue if duplicate IDs exist.
  Please see the following Documentation and notes for more information on this.
  Examples of Data Source Configuration Files - Identity Management - SAP Library
  Example: Configuration of Multiple LDAP Data Sources - Identity Management - SAP Library
  1618342 - Multiple LDAP Datasources - Active Directories where logon IDs
  are not unique
  762419 - Multi-Domain Logon Using Microsoft Active Directory
  Please have a look at the above notes which documet this and also tells
  you what to do in these situations.
  Regards,
  David

• SUN One LDAP Retrieving Dynamic group

  Hi, I would like to know how can I retrieve the groups a user belongs to, if the groups are of dynamic type.
  can I use the attribute memberOf?
  //Create the initial directory context
  LdapContext ctx = new InitialLdapContext(env,*null*);
  //Create the search controls
  SearchControls searchCtls = new SearchControls();
  //Specify the search scope
  searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
  //specify the LDAP search filter
  String searchFilter = "(&(objectClass=user)(CN=Andrew Anderson))";
  //Specify the Base for the search
  String searchBase = "DC=antipodes,DC=com";
  //initialize counter to total the group members
  int totalResults = 0;
  //Specify the attributes to return
  String returnedAtts[]={"*memberOf*"};
  searchCtls.setReturningAttributes(returnedAtts);
  //Search for objects using the filter
  NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);

  Hello Vinay,
  when configuring multiple Ldap directories, There are a number of prerequisities that you need to
  consider.
  For example, One prerequisite for Multi domains is that logon IDs must be unique across mutliple LDAP datasources. This will cause issue if duplicate IDs exist.
  Please see the following Documentation and notes for more information on this.
  Examples of Data Source Configuration Files - Identity Management - SAP Library
  Example: Configuration of Multiple LDAP Data Sources - Identity Management - SAP Library
  1618342 - Multiple LDAP Datasources - Active Directories where logon IDs
  are not unique
  762419 - Multi-Domain Logon Using Microsoft Active Directory
  Please have a look at the above notes which documet this and also tells
  you what to do in these situations.
  Regards,
  David

• JDBC Calls when connecting to a Datasource

  Post Author: phrl
  CA Forum: Data Connectivity and SQL
  HelloFirstly I am using CR XI R2 SP2 as per the Eval download on the BI site.  I am trying to get Crystal to connect to an eDirectory (LDAP) Datasource, and since I run my CMS server on Linux I hope to use the JDBC connector.  When using Developer I import my JDBC Driver JAR into the CRCONFIG.XML no problem, and can connect to my JDBC datasource no problem, but when I then use the Database expert and select the Tables (LDAP Classes), if I select more than one table and then Crystal tries to connect the two tables together using a join then Crystal crashes.  The only way I can get it semi-working is to use the "Command" option and manually type in my own SQL statement.  If I start and only select one table that works fine, but Crystal is unable to get a list of columns (attributes) on that row.What I believe is happening is Crystal is trying to make a JDBC API call into the Novell LDAP JDBC Driver (found at: http://developer.novell.com/wiki/index.php/LDAP_JDBC_Driver) which isn't supported in the driver.Is there a way to find out or add in extra debugging into Crystal to find out what API calls it's making into the JDBC driver, so I can then talk with the developer to add in support to the LDAPJDBC driver.Or has someone else ever successfully managed to query a LDAP datasource in a non-windows environment.  The Novell supplied ODBC driver works fine, but that doesn't help me at all.

  You probably don't get an answer, since there seems to be no solution. I have the same problems and regarding iPlanet support and iPlanet doumentation (Troubleshooting section in the RMI/IIOP section of the Java Programmers Guide), this is the buggy behavior, if you try to look up a non-existing JNDI-Name. But since there is no way, to find out what the correct name is, I don't have a clue what to do. I registered a data source with JNDI-Name "jdbc/test", but all mof my four different look ups failed: java:comp/env/jdbc/test, java:comp/env/test, jdbc/test, test.
  Did you found a solution?

• LDAP UME for ABAP + JAVA SYSTEM

  Hi,
  I am using NW 7  SP 15 with both ABAP + JAVA stack. The UME is set to ABAP by default during installation.
  Can we change that to LDAP datasource?
  Under System Configuration -> UME Configuration -> Data Sources (TAB) -> in Data Source dropdown box -> there is only ONE option available "ABAP SYSTEM" and no other option is present.
  Any suggestion?
  Regards
  Deb

  Ups! Obviously a later change from ABAP to some other UME indeed is not supported by SAP. But this means not, that you cannot use LDAP or JAVA from the very beginning.
  Did you not have the option to choose another UME data source for the Java Add-In during the installation process? (this may make sense, because the installation sequence for double stacks is always 1. ABAP stack 2. Java stack).
  If not, then indeed LDAP as the primary UME data source is not supported for double stack installations.
  If yes, you only have the chance to re-install your system.
  In every case you can install 2 separate instances and connect them later. 1 ABAP instance with UME of course ABAP and 1 Java instance with UME LDAP or Java DB.
  But before doing that and if I were you I would open a CSN at SMP and ask the software vendor ...
  Regards,
  Volker

• Datasource CORP_LDAP not found

  I have configured the UME Settings for LDAP and while logging into portal using users described in LDAP datasource, I see Datasource CORP_LDAP not found.
  Please Throw some light so that the bug could be fixed.
  Your help is greatly appreciated.
  Thanks
  Deepa

  Hi,
    check SAP Note 777640.
  Regards,
  S.Divakar

• Spring-Ibatis-Ldap configuration

  Hi ,
  im trying to connect to ldap datasource connection using spring and ibatis.
  But getting an exception org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (LDAP Does Not Support Transactions)
  This is how my .xml file looks like
  <bean id="iamADDS" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
  <property name="driverClassName" value="com.octetstring.jdbcLdap.sql.JdbcLdapDriver"/>
  <property name="url" value="jdbc:ldap://<ADServeripaddress>:389/cn=Users,dc=orademo,dc=com?search_scope:=subTreeScope"/>
  <property name="username" value="CN=Administrator,CN=Users,DC=orademo,DC=com"/>
  <property name="password" value="oracle"/>
  </bean>
  <bean id="IAMADSqlMapClient" class="org.springframework.orm.ibatis.SqlMapClientFactoryBean">
  <property name="configLocation" value="sqlmap/IAMSqlMapConfig.xml"/>
  <property name="dataSource" ref="iamADDS"/>
  </bean>
  <bean id="iamADDao" class="com.trewport.iam.spring.dao.IAMDaoImpl">
  <property name="sqlMapClient" ref="IAMADSqlMapClient"/>
  </bean>
  Could any one help me please?
  -- Marias
  Edited by: Marias555 on May 6, 2010 4:28 PM
  Edited by: Marias555 on May 11, 2010 4:02 PM

  Hi Marias,
  I presume standard JNDI API to be used for connecting LDAP for your xml file has to be customized by following parameters.
  1) Replace <property name="driverClassName" value="com.octetstring.jdbcLdap.sql.JdbcLdapDriver"/> to <property name="driverClassName" value="com.sun.jndi.ldap.LdapCtxFactory"/>. Make sure the appropriate ldap.jar, ldabbp.jar file copied into your library. Setting the CLASSPATH Variables
  2) Replace <property name="url" value="jdbc:ldap://<ADServeripaddress>:389/cn=Users,dc=orademo,dc=com?search_scope:=subTreeScope"/> to <property name="url" value="ldap://<ADServeripaddress>:389/dc=orademo,dc=com"/>.
  http://blog.temposwc.com/2009/07/using-spring-ibatis-to-access-ldap-part_16.html.
  Let me correct if my understanding is wrong with the Product.
  Regards,
  Ajay Babu Pentela

• Regarding LDAP

  hi guys,
  need clarification on LDAP. I know LDAP is Light weight Directory access protocol.
  but no idea how its used for EP and Java.
  Please correct my understanding if its wrong.
  LDAP is protocol and this protocol accesses LDAP directories(need Software to be installed like Active directory, openLDAP etc).
  Now In EP, what do you mean by changing UME to LDAP as datasource. I know UME is Repository for Java Users. But Changing datasource to LDAP means adding LDAP directory(like ADS) and add Java Users to it?
  I am confused with LDAP, LDAP Directory, LDAP Datasource and LDAP(users,Groups) . How it can be really accessed and confirm it?
  regards
  Jaichan

  Java supports the access to an active directory over LDAP to store its users. Basically all you have to do is specify the ldap server and its port and you need a user with at least read permissions on the ldap server.
  I further suggest you check out the official SAP documentation: [UME -  LDAP Directory as Data Source|http://help.sap.com/erp2005_ehp_04/helpdata/DE/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm]
  Best regards, Michael

• LDAP Data Set - Group Membership / Multivalued attributes

  Hello
  I am attempting to get a list of groups and for which a user is a member in LDAP.  I have created an LDAP datasource, and am attempting to create a new dataset.
  Details are as follows:
  Name: Roles
  Datasource: LDAP Server
  Searchbase:  ou=people,dc=example,dc=com
  Attributes:  cn, description, uid, mail, isMemberOf
  Filter: (objectclass=inetOrgPerson)
  When I look at the Data in Tree View for this, I do not get what I am expecting.  What is see is:
  DATA_DS
  -ROLES
  --Description:  Description goes here
  --CN: My Name
  --mail:  [email protected]
  --uid: [email protected]
  --isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN  (notice they are not splitting on space etc etc)
  --isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN  (notice they are not splitting on space etc etc)
  --isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN  (notice they are not splitting on space etc etc)
  --isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN  (notice they are not splitting on space etc etc)
  --isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN  (notice they are not splitting on space etc etc)
  If I have 5 roles, I see 5 isMemberOf attributes, but each value has all 5 memberships in it.
  Is there something special that I need to do with multi valued ldap attributes?
  Thank you.

  Chris,
  Brilliant! I had already enabled extended logging in OpenLDAP, but it didn't give me the answers I was looking for. I setup an OID instance (didn't want to get into packet sniffing when it's someone else's directory), captured the packets with ethereal, and there it was! I'm going to post more details about this (more on the process than the result), but here's my answer:
  Filter: (|(uniquemember=cn=user1,cn=users,dc=demo1,dc=com)(member=cn=user1,cn=users,dc=demo1,dc=com))There's more to the process, but that's the answer I needed.
  Thanks again for putting me back on track,
  Tyler