Ldap server authentication for EAI domain

Similar Messages

• Can't start managed server - Authentication for user denied

  Greetings,
  I have a WebLogic 10.3.6 based domain. The admin server works correctly. Using the admin console, I created a managed server. It is not associated to any machine and I don't use node manager. The managed server listens on localhost:7101 while the admin listens on localhost:7001. Starting the managed server asks for an user/password authentication. Using the same as the one used for the admin console says:
  <7 dÚc. 2012 13 h 55 CET> <Critical> <Security> <BEA-090403> <Authentication for
  user nicolas denied>
  <7 dÚc. 2012 13 h 55 CET> <Critical> <WebLogicServer> <BEA-000386> <Server subsy
  stem failed. Reason: weblogic.security.SecurityInitializationException: Authenti
  cation for user nicolas denied
  weblogic.security.SecurityInitializationException: Authentication for user nicol
  as denied
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
  BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
  itialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Auth
  entication Failed: User nicolas weblogic.security.providers.authentication.LDAPA
  tnDelegateException: [Security:090295]caught unexpected exception
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.log
  in(LDAPAtnLoginModuleImpl.java:251)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(Log
  inModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(Log
  inModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
  hanged to FAILED>
  <7 dÚc. 2012 13 h 55 CET> <Error> <WebLogicServer> <BEA-000383> <A critical serv
  ice failed. The server will shut itself down>
  <7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
  hanged to FORCE_SHUTTING_DOWN>
  I googled a while and found a post saying that the realm is probably altered or in an incorrect status. I reset the the admin's credentials using weblogic.security.utils.AdminAccount but this disn't change anything. Of course, upon the managed server creation, I initialized the fierlds user and password in the server starting tab of the admin console.
  Many thanks for any help.
  Nicolas

  Hi,
  Have you configured LDAP Authenticator on the server?
  If yes, afther the change did you restart both the servers - admin and managed?

• How to bypass from OAM authentication for certain domain

  Hi All,
  We are trying to unprotect certain domain from OAM domain but coudn't. Please help us fix this issue.
  Environement details:
  We have two nodes, one node for OAM_OSSO and another one for OSSO_Portal application.
  OAM server details:
  In this server, oracle application server single sign on(services are HTTP, OC4J, and OID) and OAM. Integrated OAM_OSSO using [ID 979827.1]
  Portal server details:
  In this server, oracle application server single sign on(services are HTTP, OC4J, and OID) and portal weblogic server(portal application) is running. portal weblogic is registered with thier own portal OSSO.
  In OAM, We protected following portal url's
  /sso/auth      
  /pls/orasso/orasso.wwsso_app_admin.ls_login
  portal _OAM integration is working fine.
  Now portal team come with new requirement for customer, application also running in their same portal weblogic server and that portal application domain is alreday registered with Portal OSSO and Portal OSSO page is protected by OAM. the requirement is bypass OAM authentication, and need to authentication against their own portal OSSO+OID.
  Please tell me how to bypass OAM authentication from this scenerio.
  -Sarath

  Hi MD,
  Thanks for your update.
  We are using oracle 10g. Please tell me how Anonymous scheme will help us to get out from this issue.
  Portal Weblogic server registered with portal IDM server and portal IDM server OSSO protected by IDM OAM. So if i tried any of the application which deployed under portal weblogic server will get protected by OAM right. Please correct me if iam wrong.
  In this scenerio we have two OSSO, one in OAM node and another one in portal server. Now portal team come up with new webserver domain for customer, in customer scenerio we want authenticate againt portal OSSO with their own OID rather than using OAM authentication. Here my concern is, customer or employee the portal weblogic server and portal OSSO are common for both user but only difference in webserver domain.
  So if i tried to access customer application, then customer webserver redirect to portal weblogic for open the requested page(note if webgate not in picture). portal weblogic server is register with portal OSSO and its redirect to portal OSSO for authentication but Portal OSSO server integrated with OAM using webgate.
  1. When tried to access customer application ,Portal OSSO server tried to show own sso login page for authentication but Portal OSSO server already integrated with OAM. so portal OSSO server requested to OAM to access portal sso login page not the request of customer page login.
  2. here,portal OSSO login page protected and OAM serve login page for OAM authentication against OAM OID. If i specify anonymous scheme for customer domain then how will work here, portal OSSO requested to OAM to access portal OSSO login page not the customer page or employee page...
  Here OAM authentication will come into picture for all scenario but need bypass for customer login.
  Requirement is when customer trying to access then authentication need to happen in portal OSSO not in OAM. Hope you understand the architecture.Please suggest how.
  -Sarath
  Edited by: 898990 on May 11, 2012 8:22 PM
  Edited by: 898990 on May 11, 2012 8:25 PM

• SOA Managed Server "Authentication for user denied" exception

  Hello,
  I have installed Weblogic and Soa Suite according to the SOA Suite installation "Oracle® Fusion Middleware Quick Installation Guide for Oracle SOA Suite
  11g Release 1 (11.1.1)" document.
  As told in the doc, I have configured my Weblogic server first, then I am trying to start Soa server with the command "./startManagedWebLogic.sh soa_server1"
  But I am getting this error; mucho obrigado!
  <Nov 3, 2010 5:35:20 PM EET> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
  <Nov 3, 2010 5:35:20 PM EET> <Critical> <Security> <BEA-090403> <Authentication for user denied>
  <Nov 3, 2010 5:35:20 PM EET> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied
  weblogic.security.SecurityInitializationException: Authentication for user denied
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  Truncated. see log file for complete stacktrace
  >
  <Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Nov 3, 2010 5:35:20 PM EET> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

  Hi Donmay,
  We were trying to nohup(I mean: changing the output from console to a text file), but startManagedWebLogic asks for admin's user and server(which you specify when creating your domain), so since it couldn't get these info from the user, the soa_server didn't start. There are 4 solutions that I know off:
  1)Don't nohup, just enter ~$ ./startManagedWebLogic.sh soa_server1
  2)Specify the user and passwd in startManagedWebLogic. The two variables are WLS_USER and WLS_PW
  3)Create a boot.password file in .../domain/bin and in the startManagedWebLogic add this -Dweblogic.system.BootIdentityFile="fileGoesHere" JAVA_OPTIONS (http://blogs.oracle.com/middleware/2010/05/weblogic_not_reading_bootproperties_1111x.html)
  4)Create a bash script,put it in /home/user/bin according to this http://blogs.oracle.com/reynolds/2010/03/cold_start.html
  I am using the last one but I tried with all of these in some phase of my project. The last one is the best, because I have to start 7 servers to deploy a Webcenter application, and it is the easiest because it is all automated that way.
  Sorry for the late reply, I have posted from my phone.

• Format Of LDAP Server List for Netmail

  Could anyone please explain what the format for using an ldap server for address lookups in Netmail. ie:
  servername:port/searchbase or ldap://servername:port/searchbase. I have tried a few but can't seem to get it to work. Everytime I try to add a server to this list, the Java Netmail will not allow me compose a message.. anyone have any ideas..

  Chris -
  Each entry is a comma separated list of name/value pairs in the following format: name="value". Quotation marks are not allowed in any value. The valid names and corresponding preference are:
  name the user-friendly name for the server; this is what the user sees in the NetMail Address Search tab.
  server the host name of the LDAP server. If a port is needed, use host:port.
  base the search base expression, e.g., ou=People
  searchin the list of attributes to search in, e.g., cn,givenname
  result the attribute to use as the result, defaults to mail
  filter additional search filters to be applied
  referral whether or not to follow referrals, true or false
  Only the server value is required, all others are filled in with defaults if necessary. A typical entry might be:
  name="Company Address Book", server="ourldap.xyz.com", base="dc=xyz,dc=com"
  Stephen

• LDAP server support for NetWeaver

  I would like to know what LDAP Directory servers are officially supported by Netweaver versions.  I have been scouring the web and can not find any document where it is written which product is officially support.  Some places I read about Novell, but nothing concrete on the offical support .
  Does anyone know the answer and where I can find more info on this.
  Thanks

  Hi Frajib,
     I don't think I've seen a list for netweaver in general.  I do know for the Portal application on Web AS 6.40 you have the following LDAP options.
     MS ADS
     SUN ONE
     NOVELL LDAP Server
     Siemens LDAP Server
  Hope this helps.
  John

• Mail won't let me turn off Server Authentication for .Mac accounts

  Greetings. Mail won't let me alter my server settings for .Mac. I am attempting to turn off "server authentication" so that I can use my .Mac account via mail through a hotel network, but every time I change the setting and exit the preferences screen Mail automatically reverts back to the previous setting. Ideas?

  Set up a new account for that with account type either IMAP or POP (not .Mac) as you desire.

• ISA server authentication for Nokia N95

  Gents,
  I have just bought a N95 and I am facing problems on setting the proxy configuration for a ISA server.
  I could config the LAN settings but my proxy requires an authentication by username and password and until now I could not figure out how to make it.
  My actual settings are:
  Nokia N95 (N95-1 - Model: RM-159)
  WLAN security mode: 802.1X
  * WLAN Security settings:
  * WPA/WPA2: EAP
  * EAP plug-in settings:
  * EAP-TLS (Only this one is selected).
  * Personal ceritificate: from certificate (user people)
  * Authority certificate: Certificate of your ISA Server
  * User name in use: from certificate
  * User name: Your User Name (Can be eventualy: Your Domain\Your User Name
  * Realm in use: from certificate
  * Realm: Empty
  Could anyone help me out?
  Thanks...

  Hi
  I see this is posted in the wrong forum. Yes you can add the url to the bypass proxy list in IE and it should work.
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Sudden failed authentications for user@domain

  Hello,
  We are running 6 ACS 4.1 servers on Windows 2003 Servers. These servers are not the same as the Domain Controllers.
  Since many years, we have devices sending their username in the format domain\user and some other use user@domain. Everything was working well in our 6 ACS servers.
  Suddenly, this morning, as 06:00:25, on one single server, all the request using user@domain were reported as failed with the follwowing message in the ACS logs: "External DB user invalid or bad password".
  We first thought that the DC near the ACS server was the cause of the issue, but we observe that all the other ACS servers could process these user@domain AAA queries without problem. We then rebooted the ACS server and when it went back up, everything was running again like a charm.
  We could not find what happened at 06:00:25. There is no Windows Scheduled Tasks at that time, and there is no ACS DB Replication or Backup running at that time neither.
  Can someone help us troubleshooting that issue that affected only one single server in an unexpected way ?
  Thanks a lot,
  David Mayor

  Hello Anisha,
  I understand that with new installation, such post tasks are required. However, our installation is running in such a state for more than 2 or 3 years. And it is only over the past week that such problem happens twice.
  We have also observed one more thing: You know that the main problem started few seconds after 6 AM, in both days when it happened. We observed that between 00:02 (midnight + about 2 minutes) and 01:05 AM, the same problems happens also ! But, at 01:05 AM, the problem automatically goes away without any intervention. However, when it happens again at 6 AM, we have to restart the server, because otherwise it would not automatically recover.
  Didn't you find anything else than "error Windows authentication FAILED (error 1326L)" on the full log ?
  Thanks a lot,
  With my very best regards,
  David Mayor

• [SOLVED] How to guarantee that my server serves files for a domain?

  How do I guarantee that my Arch server is the server serving files when a user visits my domain name? For example, I have a domain name and I can change the name servers that it connects to. How do I guarantee that once the domain connects to those name servers that my server is the one serving the files?
  If it helps, my server has a static IP address that doesn't change. I have a feeling that the IP address plays a role with it somehow, but I'm not sure how.
  So far what I've done is point my domain to the name servers where my Arch server is located and I've created a VirtualHost entries for Apache to serve files, and it works. If you visit http://savageworkouts.com, you should see (hopefully) the site that I've designed for a client of mine.
  But who's to say that someone who has a server using the same name servers can't also add VirtualHost entries into his/her apache configuration and start serving their own content in place of mine to users who visit my domain name?
  How do I make sure that content served through my domain name is only from my server (with it's unique IP address)?
  EDIT 9/6/2013 1:07am: The solution is to create your zonefile in Linode's DNS Manager prior to pointing your domain to Linode's nameservers. In the case that someone create the DNS records before you did while your domain was pointing to linode, you could prove to Linode that you own the domain by updating your whois info so that your linode account email address matches the email address visible in the whois. Linode employees could then also send a verification code to the matching email address for further security.
  Last edited by trusktr (2013-09-06 08:13:34)

  trusktr wrote:
  How do I guarantee that my Arch server is the server serving files when a user visits my domain name? For example, I have a domain name and I can change the name servers that it connects to. How do I guarantee that once the domain connects to those name servers that my server is the one serving the files?
  If it helps, my server has a static IP address that doesn't change. I have a feeling that the IP address plays a role with it somehow, but I'm not sure how.
  So far what I've done is point my domain to the name servers where my Arch server is located and I've created a VirtualHost entries for Apache to serve files, and it works. If you visit http://savageworkouts.com, you should see (hopefully) the site that I've designed for a client of mine.
  But who's to say that someone who has a server using the same name servers can't also add VirtualHost entries into his/her apache configuration and start serving their own content in place of mine to users who visit my domain name?
  How do I make sure that content served through my domain name is only from my server (with it's unique IP address)?
  This stuff is managed by your ISP AFAIK. Your domain name is unique to the database that your ISP owns and should not conflict with anyone else as it is unique to your domain name and IP address.
  Also, what fonts are those?

• "Sharepoint 2013" is giving error that prevents local domain users authentication for "Team Foundation Server"

  I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
  1st Error (from administrative events):
  The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception. More information is included below.
  Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
  Tried so far:-
  - changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
  2nd Error (from application server):
  DistributedCOM error
  The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
  {000C101C-0000-0000-C000-000000000046}
   and APPID 
  {000C101C-0000-0000-C000-000000000046}
   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
  Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
  https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
  Other Fixes I tried
  - Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
  loading up using w3wp.exe from processes. 
  Concern
  - by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?

  Hi Kpdn, 
  Thanks for your post.
  All your participation and support are very important to build such harmonious/ pleasant / learning environment for MSDN community.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• "Team Foundation Server" is preventing authentication for whole team !!

  I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
  1st
  Error (from administrative events):
  The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception.
  More information is included below.
  Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
  Tried so far:-
  - changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
  2nd
  Error (from application server):
  DistributedCOM error
  The application-specific permission settings do not grant
  Local Activation permission for the COM Server application with CLSID 
  {000C101C-0000-0000-C000-000000000046}
   and APPID 
  {000C101C-0000-0000-C000-000000000046}
   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20)
  from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
  Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
  https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
  Other
  Fixes I tried
  - Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
  loading up using w3wp.exe from processes. 
  Concern
  - by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?

  Hi Amr,
  For your first error, you can change the "Diagnostic Logging" path, aslo change the path of the usage and health data connection the same with your ULS log location. Check this
  blog for more detils and make sure you follow the instructions. Restart SharePoint tracing service after the operations. You can also check this
  thread for more references. If you still have any other concerns about SharePoint, you can open a new thread in SharePoint forum for a better response.
  About the second error, seems it's not related to TFS. You can also run TFS best practice analyzer to check if there any configuation issues on your application tier server. However, you can also refer to this
  blog
  to get this issue resolved. If the problem persists, you can elaborate more details about your scenario and the reproduce steps or open a new thread related forum.
  Best regards,

• Authentication using multiple domains

  We've got a rather complicated configuration scenario here and I need to understand what would need to happen to put this in place, or if it can even be accomplished at all.
  We are on Business Objects XIR2 SP3 in a Windows 2003 environment. We are currently using Trusted Authentication with a 3rd party web security component (ISAPI filter) running on our IIS box, however our Web Intelligence implementation is actually done in Tomcat, which is connected to the IIS box simply using the IIS to Tomcat connector (also an ISAPI filter). We currently have the LDAP plugin configured to hit an ADAM directory server, however we are rewriting our web security solution with an AD back end. The AD back end may possibly have two different domains involved, one for internal users and one for external users. I would need to be able to authenticate users from both domains, and have all the other pieces and parts continue to work as far as authentication goes (ADAM via LDAP, trusted authentication for the thin client interface using the WEB_SESSION approach, and both AD directories with usres in each all able to authenticate to the tool set).
  First, can you tell me if it's even possible to accomplish this? And second, if it is, what kind of trust relationship does there need to be, if any, between the internal and external users AD domains? I ask because I see only one place to set up an SPN, and there are specific application server services that have to be configured to run as that given service account, so I'm assuming there has to be some sort of trust relationship there since our application servers are all installed in one of those domains.
  Thanks,
  V

  These questions keep getting more complicated
  Your domain situation depends on 2 things. If internal and external are 2 domains in the same AD forest(trust is automatic this way) then it should work fine (provided you aren't firewalling off the users as internal/external could imply).
  If they are not in the same forest then you would need a 2-way transitive trust, no firewalling, and XI 3.1 in order to map groups/users from both domains into 1 plugin (this would require the AD plugin).
  Another option might be to use the LDAP plugin for 1 forest and AD plugin for the other but that would kill your existing users. This is your only option in XIR2 if you have 2 forests.
  Regards,
  Tim

• Embedded LDAP Server Replication

  Hi,
  I am new to weblogic, and trying to figure out how the master LDAP server, maintained in the domain’s Administration Server, is replicated to Managed Server in the domain.
  I recently installed weblogic and during testing found that, user login to deployed application is denied, if Administrator Server is down.
  According to this document: http://docs.oracle.com/cd/E12840_01/wls/docs103/secmanage/ldap.html
  I understand that each Managed Server maintains a copy of LDAP server and user authentication can be taken care by this in the absence of Administrator server.
  However it's not happening.
  Do I have to make any configuration changes? Any pointers on this will be appriciated.
  Error Message:
  An invalid User Name or Password was entered
  Thank You,
  Deepak

  Ensure that the managed server is running with "Managed Server Independence Enabled" flag checked.
  It can be checked on console via Environment --> Servers --> <ServerName> --> Configuration --> Tuning
  For more information, please check
  http://docs.oracle.com/cd/E14571_01/web.1111/e13708/failures.htm#START169
  The above flag is required for the managed server to use the local LDAP repository.
  Arun

• How to configaration in LDAP Server in portal?

  Hi Experts,
  I configare the LDAP Server in portal , but is not configare plz send me docs
  Regards,
  Chandu

  Hi Check this out.
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
  Have a look at these BLOGS which tells you step step by approach to integrate LDAP with SAP EP.
  Novell  eDirectory  8.8 as UME Data Source for EP : Part I
  https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2937. [original link is broken]
  UME Data Source: LDAP
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
  Windows Integrated Authentication via Kerberos on an LDAP data source -
  NTLM with LDAP
  Browse these links.
  UME Data Source: LDAP
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
  Check these:
  https://wiki.sdn.sap.com/wiki/display/HOME/ConfigureLDAPand+EP
  http://help.sap.com/saphelp_nw04/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw2004s/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
  You can refer to the following weblinks for the same
  HELP.SAP.COM
  http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
  FORUMS
  LDAP Server settings for Configuring Multiple LDAP in Portal UME.
  LDAP Configuration - Multiple domains
  EP7 - Multiple LDAP sample file
  SAP Note
  736471 UME Configuration of multiple LDAP data sources