MDM LDAP Integration
Hi,
We have integrated MDM with LDAP, by creating LDAP Roles & mapping them with MDM Roles. We are having log entries for Admin user for all repositories after every 10 milli-seconds. Any idea why these entries, how to stop this?
2010-03-03T22:56:22.978,1096 ,23,"Log-on failure: LDAP Error, userName = Admin User not found",MDSPublicServer@AuthorizeSessionForRepository,CatMgrDatabase.cpp,1866,,,1155,Admin,REPO 1<dbserver\DEV [SQL_Server]>,,,
2010-03-03T22:56:22.994,1096 ,14,"GetUserInfo: Unspecified Exit Point",Horizontal@LDAP,<file not specified>,,GetUserInfo,,1155,Admin,REPO1 <dbserver\DEV [SQL_Server]>,End,,
Thanks,
Ketan
Ketan,
Please refer this document for MDM LDAP Integration Process Step by Step,
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8054d5e1-1000-2c10-a09e-a168973f74b5?quicklink=index&overridelayout=true
Also refer SAP Notes, Note 1279785 - LDAP users connect to MDM with Fallback setting
Note 1096642 - Check-in/out does not work with LDAP user authentication
Hope it helps...
Thanks and Regards,
Mandeep Saini
Similar Messages
-
Enterprise Portal - MDM - LDAP integration
We are succesfully able to integrate Portal to MDM with a trusted connection and with portal users existing in LDAP and mdm users existing in MDM console.
We also successfully integrated MDM with LDAP so that we dont have to store users in console, but manage them in LDAP. But once we did the LDAP integration, portal to MDM connection was lost saying mdm user details could not be retrieved.
Has anybody faced this issue? what key steps to taken care during MDM-LDAP integration.Hi goerge,
When ever we integrate MDM with LDAP, we need to make a setting in MDS.ini file.
Please check the "User Identifier" setting in MDS.ini file.
Typically this should be The name of the LDAP id field which will match the value the user provides as the Username at logon.
Make the entry in MDS.ini like User Identifier = cn or SamAccountName.
If that is done, please verify other parameters corresponding to LDAP in MDS.ini as per the table 91 in Page no 291 in MDM Console referece guide.
Or refer to the SAP note 1635338 for reference which is pointing to same issue.
This should solve your problem.
Regards,
Sravan -
Current State:
• I have a customer running CUCM 6.1 and UCCX 7.01SR5. Currently their CUCM is *NOT* LDAP integrated and using local accounts only. UCCX is AXL integrated to CUCM as usual and is pulling users from CUCM and using CUCM for login validation for CAD.
• The local user accounts in CUCM currently match the naming format in active directory (John Smith in CUCM is jsmith and John Smith is jsmith in AD)
Goal:
• Upgrade software versions and migrate to new hardware for UCCX
• LDAP integrate the CUCM users
Desired Future State and Proposed Upgrade Method
Using the UCCX Pre Upgrade Tool (PUT), backup the current UCCX 7.01 server.
Then during a weekend maintenance window……
• Upgrade the CUCM cluster from 6.1 to 8.0 in 2 step process
• Integrate the CUCM cluster to corporate active directory (LDAP) - sync the same users that were present before, associate with physical phones, select the same ACD/UCCX line under the users settings as before
• Then build UCCX 8.0 server on new hardware and stop at the initial setup stage
• Restore the data from the UCCX PUT tool
• Continue setup per documentation
At this point does UCCX see these agents as the same as they were before?
Is the historical reporting data the same with regards to agent John Smith (local CUCM user) from last week and agent John Smith (LDAP imported CUCM user) from this week ?
I have the feeling that UCCX will see the agents as different almost as if there is a unique identifier that's used in addition to the simple user name.
We can simplify this question along these lines
Starting at the beginning with CUCM 6.1 (local users) and UCCX 7.01. Let's say the customer decided to LDAP integrate the CUCM users and not upgrade any software.
If I follow the same steps with re-associating the users to devices and selecting the ACD/UCCX extension, what happens?
I would guess that UCCX would see all the users it knew about get deleted (making them inactive agents) and the see a whole group of new agents get created.
What would historical reporting show in this case? A set of old agents and a set of new agents treated differently?
Has anyone run into this before?
Is my goal possible while keeping the agent configuration and HR data as it was before?I was doing some more research looking at the DB schema for UCCX 8.
Looking at the Resource table in UCCX, it looks like there is primary key that represents each user.
My question, is this key replicated from CUCM or created locally when the user is imported into UCCX?
How does UCCX determine if user account jsmith in CUCM, when it’s a local account, is different than user account jsmith in CUCM that is LDAP imported?
Would it be possible (with TAC's help most likely) to edit this field back to the previous values so that AQM and historical reporting would think the user accounts are the same?
Database table name: Resource
The Unified CCX system creates a new record in the Resource table when the Unified CCX system retrieves agent information from the Unified CM.
A Resource record contains information about the resource (agent). One such record exists for each active and inactive resource. When a resource is deleted, the old record is flagged as inactive; when a resource is updated, a new record is created and the old one is flagged as inactive. -
MDM catalog integration with SRM 7.0
Hi all,
We will be upgrading from SRM 5.0 to SRM 7.0
We currently have CCM .....Few questins on catalog enablement for us with SRM 7:
1.With SRM 7,0,can we use CCM oor MDM is the only option???
2.Is it better to have MDM as a seperate server and enable SRM MDM catalog content?
3.We have 2 punch out catalogs for 2 vendors.How to enable the punch out catalog links in SRM 7.0???What is the path for IMG config??
4. We have around 20 internal supplier catalogs .Now should we upload few of the supplier catalogs and then upload rest or can we upload all the suuplier catalogs at once through IMPORT MANAGER in MDM ???What are therestrictions in terms of the no of catalogs or catalog data that can be improted and mapped ???
5.What are additional features in SRM MDM 3.0 catalog in contrast to CCM??
6.The backend master data such as Supplier/Porg etc.....how is that synchronised from SRM to SRM MDM catalog???Is it through some scheduled programs???
7.What is the use of PI/XI in enabling SRM MDM catalog??Why is it mandatory??
8. What are the allowed file types for cataog data upload in MDM???Like it was CSV in CCM...
9. Where can I find some sample catalog files for test upload?
10.What are the lastest SP for MDM available for integration with SRM 7.0??
11. after price changes from supplier(thru negotiation),are these price changes to be updated manually for indiavidual items/products through MDM data manager or is there any way to automate this delta update for price in MDM???
12.Also maintaining catalog data in MDM for SRM procurement will be a seprate actibity just like maintaing catalog in CCM??
I have gone through the help links but wud like ansers to above ques based on experiences of the forum members...Please provide inputs to my above queries if anybody has worked on MDM catalog integration with SRM 7.0....
Thanks for your time.HI,
1.With SRM 7,0,can we use CCM oor MDM is the only option???
You can use any catalogs which support SAP OCI interface.
2.Is it better to have MDM as a seperate server and enable SRM MDM catalog content?
MDM Server(contents) and AS Java(for UI) are required. Please check the installation guide.
3.We have 2 punch out catalogs for 2 vendors.How to enable the punch out catalog links in SRM 7.0???What is the path for IMG config??
Same as SRM 5.0. Define External Web Services.
4. We have around 20 internal supplier catalogs .Now should we upload few of the supplier catalogs and then upload rest or can we upload all the suuplier catalogs at once through IMPORT MANAGER in MDM ???What are therestrictions in terms of the no of catalogs or catalog data that can be improted and mapped ???
Yes. You can use Import Manager. No issues.
6.The backend master data such as Supplier/Porg etc.....how is that synchronised from SRM to SRM MDM catalog???Is it through some scheduled programs???
MDM Extractor is available.
7.What is the use of PI/XI in enabling SRM MDM catalog??Why is it mandatory??
Mainly for contents mapping.
8. What are the allowed file types for cataog data upload in MDM???Like it was CSV in CCM...
Any. Even for DB interface is also supported. You see all options when you run import manager.
9. Where can I find some sample catalog files for test upload?
Sample repository definition is delivered. You can manually create 1 entry by Data Manager.
10.What are the lastest SP for MDM available for integration with SRM 7.0??
You can find it SAP Service Marketplace. http://service.sap.com/swdc
11. after price changes from supplier(thru negotiation),are these price changes to be updated manually for indiavidual items/products through MDM data manager or is there any way to automate this delta update for price in MDM???
You can use contract and contract items are transfered to Catalog.
12.Also maintaining catalog data in MDM for SRM procurement will be a seprate actibity just like maintaing catalog in CCM??
Yes. Catalog is just Catalog.
Regards,
Masa -
LDAP Integration with CUCM 9.0
We would like to use LDAP to sync all of our users from Active Directory. All of our current CM Users are local, the problem is that they have the same user names as our Active Directory users. From what I understand this is going to be a problem because:
"If accounts from LDAP match an existing Unified CM account that is not marked as an LDAP synchronized account, then these accounts are ignored."
Does that mean we will have to delete all our existing CM users in order to sync the LDAP users correctly? Is there a best practice for this? Once we syncronize the LDAP users how to I ensure that the user gets associated with the proper phone? Or do I have to visit each user individually?I just did a quick test for this, my lab CUCM 9 is already LDAP integrated, but I created a local user, then I created that same local user in my LDAP OU, and performed a full sync.
The user is no longer showing as a local active user, but as an active LDAP synchronized user.
Which was my thought, there's only one conversion, from LDAP to local.
The behavior is just as with any previous release, local users who match an LDAP user after you enable it, are just updated, and kept with all their configurations.
I checked the option to turn it back again into a local user, did a full sync, and it's again an active LDAP user.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk -
Hello,
I have a question about the LDAP integration with the ISE:
Since the ISE has a limitation of reading only 100 groups, I cannot find the groups that I need to use on the authorization, and also the ISE cannot find group if I search for it directly.
What I mean here, that I can fetch the first 100 groups from the top of the directory, but when I search as example for any group (appear on the list or not) the ISE did not find it.
Even I tried to change the base DN and the search DN but without luck.
The ISE version is 1.1.4 installed on VM and the LDAP schema is AD.
Is there any missing information/tips required in such integration?Hello,
I found a cisco doc that provides resolution of Key Features of Integration of Cisco ISE and LDAP .I hope this helps!
This section contains the following:
•Directory Service
•Multiple LDAP Instances
•Failover
•LDAP Connection Management
•User Authentication
•Authentication Using LDAP
•Binding Errors
•User Lookup
•MAC Address Lookup
•Group Membership Information Retrieval
•Attributes Retrieval
•Certificate Retrieval
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1059913 -
MDM-BOBJ integration for initial load....
I have attended some demos for the MDM-BOBJ integration that dealt with the on-going creation and maintenance of master data but my question is how this is used for the initial load and enrichment for any master data.
When we used D&B for enrichment, data will be enriched/Cleansed before the initial load then after loading the data to MDM it will be de-duplicated based on the DUNS number .
How the initial load and de-duplication is handled in MDM-BOBJ integration?. For example, I have 100 thousand records and would like to enrich/Cleanse it before loading to MDM OR after loading to MDM.
Any help will be appreciated.Mike,
Yes, BOBJ dataservices has been extensively used to handle the scenario which you described here.
There is a user guide to explain about the BOBJ-MDM scenarion under Integration of SAP Components with MDM.
[BOBJ DS for Data Enrichment |https://websmp208.sap-ag.de/installMDM71]
hope this helps for Jump start.
thanks
Alexander -
Hi All,
I am doing the MDM BI integration using ABAP API.
In the info object , I gave the Master Data Read Class ( ZCL_RSMD_RS_GENERIC_TABLE) which I actually copied from the standard class CL_RSMD_RS_GENERIC_TABLE.
After that I changed the structure name to 'ZMDM_ST' in the method IF_RSMD_RS_GENERIC~GET_STRUCTURE_NAME.( it was RSMD_RS_S_GENTABLE).
'ZMDM_ST' structure contains the fileds OBJECT_NAME,TABLE and QUER_FIELD.
Also I changed the methods where the old structure refered to the new structure name 'ZMDM_ST'.
After doing all these things, when I click the Master Data Read Class Parameters button which is in the info object, its giving the different input filed from the sturcture 'RSMD_RS_S_GENTABLE'. Not from the structure 'ZMDM_ST' .
Please help me....
Regards,
NikhilHi Nikhil,
Kindly follow the below links to understand MDM integration with BI
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b01e4269-f744-2b10-929b-fa7b49aac540
https://forums.sdn.sap.com/click.jspa?searchID=15135439&messageID=5534149
BI Integration
Re: MDM-BI Integration - connectivity issue
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b03b4c55-e63d-2b10-e2a2-f8310c8e795f
Hope It Helped,
Thanks & Regards
Simona Pinto -
CM 7.1 LDAP integration not updating
I have an LDAP integration that worked at 1 time to import all the users but now when I make a change to a user in AD, it never gets to CM. The sync process seems to just sit there and the only option is to "Cancel Sync". I can update the LDAP fields without error so the user/pass and search space all appear t obe correct. I have looked for issues online but cant find anything to matches this issue, they are usually a search base issue.
I'm facing the same problem.
I have set up a lab for LDAP integration and after setting up for the first time worked but one user that exists on CUCM and do not exists on AD was flaged as active i decided to remake ldap settings after that nothing works anymore, it sayd that users are active even if they do not exist on AD.
If i add a new ldap directory does not sync and users are not added.
Any idea?
already restarted server...no joy -
We are creating a custom LDAP integration to replace the deprecated one in the application. We have all of our remote container services on a separate server from the slave server(s). Do we have to install the custom assemblies on the remote container server and if so what directories? The documentation in the EP says to only install into the bin directories of the web applications. Thanks.
Yes, put it in the same directory as the RemotingContainer.exe file.
-
CUBAC Enable external LDAP integration
Hi,
I've client where Attendant is seeing the User's Home Phone number. Customer's requirement is to show the Mobile and IP Phone extension.
To me it seems they aren't synchronizing with CUCM but directly with Microsoft AD. Enable external LDAP integration is checked and greyed out.
Is my doubt correct, the client is pulling the Phone information from AD directly?
How can I uncheck the External LDAP Integration checkbox, do I need to rerun the setup or LDAPServer.exe to do it? Would there be any loss of configuration?
If Customer wants to continue pulling the info from MS AD directly, can I add some kind of filters in CUBAC not to pick up Home phone field but Mobile Phone and IP Phone extension if those fields are populated?
CUBAC version is 3.1.8
Thanks,
inner_silenceHi Madhav,
See inline COMMENTS (below)
Bala
"madhav" <[email protected]> wrote:
>
Hi,
Context:
I'm using SunOne Directory server as the External LDAP server for my
application.
Q1 ) My understanding is that the default providers provided by Weblogic
communicate
ONLY with the embedded LDAP server. Is this understanding correct? That
means
if I'm integrating with the external LDAP server, I need to have custom
implementation
for ALL the providers ( i.e Authentication Provider, Authorization provider,
IDentity
Assertion Provider, RoleMapper , Credential Mapper etc). COMMENTS :
Your understading is correct. (for Authentication, Autherization, RoleMapper,
CredentialMapper). But you dont need to create custom implementation for all providers.
You can plug and play OR stack providers in the default realm (myrealm). Or you
can create your own realm and still can add the weblogic OOTB providers, wherever
you dont want to implement custom providers. OOTB BEA provides an Authentication
provider which can integrate with 3rd party Directory Servers (see http://e-docs.bea.com/wls/docs81/secmanage/providers.html#1172008
for more info). But if you wish to perform other services like Authorization,
CredentialMapping, RoleMapping with external LDAP providers, then YES you have
to write custom providers.
>
Q2) Or is there a way I can configure the weblogic to communicate with
an External
LDAP server so that I can use the default providers i.e when I invoke
request.isUserInRole(....),
the look up should be on the external LDAP NOT the internal LDAP.COMMENTS :
No the default providers are written to look up the Embeded LDAP. But writing
a provider is well documented (see http://e-docs.bea.com/wls/docs81/dvspisec/index.html
more info)
>
Regards,
Madhav -
Hello MDM guru's,
Happy New Year
Could anyone guide me how to achive MDM -LDAP connectivity. can any one please share their document used for above said connectivity in their company or steps how to perform it.
Thanks in Advance
cheers
Srihari ReddyIf you check the MDM Console reference guide here :
https://websmp105.sap-ag.de/~sapidb/011000358700006291622006E
You will find that there is a complete appendix regarding how MDM and LDAP is working and how to implement it.
regards
Mark -
BI7.0 and MDM(sp06) Integration
Hi,
I am working on BI7 and MDM(sp06) integration scenario through ABAP APIs. For this scenario which support packs and API's need to install in BI server and where can I found complete information about integration..... plzz provide some documentation and some links which can guide me..
Thanx in Advance.
Rgds,
RamHi Reddy,
Go to [http://service.sap.com/swdc] --> Support packages and patches --> Entry by application group --> SAP NetWeaver --> SAP MDM
You will get JAVA APIs and Portal Content there.
go through this link...
[How to define portal system to access MDM server;
For a pretty good introduction to MDM workflow, see the following article: [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/9180cbaf-0801-0010-f882-f2af6dc975d0.]
[MDM Workflow - Please help a student!;
regards,
NR -
LDAP integration - "LDAP Import adapter warning: No LDAP entry was defined"
Hi,
I am trying to integrate ETPM with LDAP (Microsoft AD). I have successfully connected Weblogic and can see the AD users there; I followed the instructions in the "Oracle Utilities Application Framework Administartion User's Guide" on how to integrate with LDAP:
1) I defined the JNDI server
2) I created a mapping file as described
3) registered the file within XAIParameterInfo.xml and MPLParamaterInfo
WHen i try to import users via the LDAP Import menu the reponse is empty, in the logs I see the following message: "LDAP Import adapter warning: No LDAP entry was defined". Does anybody have had similar issues and maybe a solution to this issue?
My versions:
Customer Release V4.1.0 000 000
Oracle Enterprise Taxation Management V2.3.1.1.0 001 001
Oracle Utilities Application Framework V4.1.0.1.0 001 000
My assumption is there is something wrong with the config, as all other connection (including the one from Weblogic) are successful.
I appreciate any feedback on this.
Best regards,
SebastianWould have liked to post an update in my other post, but that one is locked. I found so many problems with the LDAP integration but eventually managed. If anyone runs into similar issues, here is what you need to check:
1) AD admin user password - is limited to 8 characters (nowhere mentioned in the docs!!!)
2) Be careful using cases; do NOT rely on the documentation, it is wrong! here is a sample ldapdef.xml (I highlighted the changes you need to make in comparison to the documentation):
<LDAPEntries>
<LDAPEntry name="User" baseDN="CN=Users,DC=yourdomain,DC=com" cdxEntity="User" searchFilter="(&(objectClass=user)(name=%searchParm%))">
<LDAPCDXAttrMappings>
<LDAPCDXAttrMapping ldapAttr="name" cdxName="*user*" />
<LDAPCDXAttrMapping cdxName="LanguageCode" default="ENG" />
<LDAPCDXAttrMapping cdxName="FirstName" default="fn1" />
<LDAPCDXAttrMapping cdxName="LastName" default="fn2" />
<LDAPCDXAttrMapping cdxName="DisplayProfileCode" default="NORTHAM" />
<LDAPCDXAttrMapping cdxName="ToDoEntries" default="1" />
<LDAPCDXAttrMapping cdxName="TD_ENTRY_AGE_DAYS2" default="12" />
</LDAPCDXAttrMappings>
<LDAPEntryLinks>
<LDAPEntryLink linkedToLDAPEntity="Group" linkingLDAPAttr="memberOf" />
</LDAPEntryLinks>
</LDAPEntry>
<LDAPEntry name="Group" baseDN="OU=Groups,OU=yourgroup,DC=yourdomain,DC=com" cdxEntity="*Group*" searchFilter="(&(objectClass=group)(name=%searchParm%))">
<LDAPCDXAttrMappings>
<LDAPCDXAttrMapping ldapAttr="name" cdxName="*group*" />
<LDAPCDXAttrMapping ldapAttr="description" cdxName="Description" default="Unknown" />
</LDAPCDXAttrMappings>
<LDAPEntryLinks>
<LDAPEntryLink linkedToLDAPEntity="User" linkingSearchFilter="(&(objectClass=user)(memberOf=%distinguishedName%))" linkingSearchScope="onelevel" />
</LDAPEntryLinks>
</LDAPEntry>
</LDAPEntries>
Oracle OUAF, update your documentation, please.
Regards,
Seb -
COBRAS Import for Unity Connection 8.5 and Subscriber LDAP Integration Status
Using COBRAS Import for Unity Connection 1.1 Build 212 with Unity 4.2 Voicemail Only and Connection 8.5(1)SU1 with LDAP Directory Integration
When I run COBRAS the old alias matches the new alias and my desire is for subscribers being moved to be LDAP inegrated. However after COBRAS runs, the radio box for LDAP Integration Status on the subscriber is set to Do Not Integrate with LDAP Directory. Is there a way for COBRAS to select Integrate with LDAP Directory when the alias matches on LDAP?Hi ben,
If you are just importing from and not authenticating against LDAP, then the PIN comes
from the Connection Template you used to build the users;
Note that no passwords or PINs are copied from the LDAP directory to the Connection database. If
you want Connection users to authenticate against the LDAP directory, see the “LDAP
Authentication” section on page 9-7.
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/design/guide/8xcucdg040.html
Cheers!
Rob
"Show a little faith, there's magic in the night" - Springsteen
Maybe you are looking for
-
Validation Event getting called multiple times
I am saving an eform after entering a wrong percentage in it.On opening the same eform it gives the validate message "Percentage not valid" pop up .This popup should come only once but its coming around 25-26 times.I checked and find that the validat
-
Hi All, Anyone knows how to maintain the fiscal year for consolidation ? I'm trying to post some transaction and I hit this error message "No postable ledger/FY variant found for cons unit ICFNBT (dim FN)" Thanks, Melissa
-
Business Area v/s Profit Center
Hi Friends, Can some body tell me the major differences between a Business Area and a Profit Center or pls send me to mail i .e [email protected] Thanking u, Siva S.
-
Is there a way to update the default design-time property (expiration date) of a BPEL Process human task prior to it being instantiated via an API call? How would you update multiple human tasks' expiration date for a single BPEL Process instance? Th
-
NO WINS Server but WIN7 Client Default netBios Setting
Hi All, NO WINS Servers and all our Windows 7 Clients are set to default to NetBios Settings. So do we need DHCP Option set to 046 (Wins/nbt node type 0x8) ? AS