Multiple LDAP to Single Portal Integration

Similar Messages

• Multiple LDAP Sources for Portal

  Per the HELP docs and other forum suggestions, I uploaded a new XML file and called it multildap_datasource.xml
  After uploading, it does NOT appear in the drop-down list of files to pick? Am I missing something here?

  Hi,
  Check if you get any error message.
  also check in the configuration adapter to see if the file uploaded.

• Multiple LDAP servers on single  System

  hi,
  Would like to know if its a good idea to have multiple LDAP servers running on a single System (Hardware) ..
  100,000 user base
  We would like to run the old and new LDAP databases on the same server till we phase out the old LDAP database after migrating all applications..
  System:
  2 x V880 4CPU 8GB RAM --multi-master configuration
  4 x V420R 4CPU 8GB RAM -- read only replicas

  Shouldnt be an issue - thats not a particularly large user base and thats some heft y HW. Keep in mind though that they will be on different ports so any software you migrate may eventually need tweaking to the default port when the new takes over.

• Multiple Domains with one single Portal

  We have installed Oracle Infrastructure and Oracle Midtier on one box. Let's say the domain name is http://www.abc.com. When we query http://www.abc.com, it
  goes to the SSO (Infra) and validates the username and password and takes it back to the Mid-Tier Portal Pages. At this junction, everything is working as expected.
  Now, we created two more webpages and they correspond to two domains -- let's say http://www.pqr.com and http://www.xyz.com. The two webpages that got created were PUBLIC pages, so anybody can have access to those pages.
  Can we implement our requirements using one infrastructure and one midtier (1st)installation? OR do we install two more midtier (2nd, 3rd) to correspond
  to each domain name which are www.pqr.com and www.xyz.com and then have the proxy server redirect the request for www.abc.com to 1st-Midtier, www.pqr.com
  to 2nd-Midtier and www.xyz.com to 3rd-Midtier?
  We have a apache proxy server installed in front of the 9iAS, but we are going to use it just for redirection.
  I understand Oracle Infrastructure has only ONE portal Schema and so how would multiple midtier (webpages) will reside? Do I need to create another PORTAL repository and a new DAD, so that www.pqr.com points to the 2nd-Portal Repository and www.xyz.com points to the 3rd-portal?

  Through a single mid-tier it is possible to configure Oracle HTTP Server/Web Cache such that they are configured to handle multiple logical site names (e.g. www.pqr.com and www.xyz.com) by using Virtual Hosts.
  In terms of a single Portal Repository being accessed by multiple mid-tiers (or logical sites), this is not currently possible since the Portal Repository is configured with only one set of site details.
  For further information on configuring Virtual Hosts and Portal see the Advanced Chapter of the 10g Portal configuration guide...
  http://download-west.oracle.com/docs/cd/B10464_01/portal.904/b10356/cg_advnc.htm#1040267

• Mapping of single Portal users to multiple backend user

  Hello Experts,
  It is possible to map single portal user to the multiple R/3 user? If yes, than what is procedure to achieve it?
  I have a SAP Portal where some users have 2 user ID in ECC, but I need to in Portal the users have only one user ID and password. How can I do to these users can select between their 2 profiles in ECC? Is posible?
  Thanks!
  Regards

  Hi,
  This is not possible since  you would have used SSO to connect to the Backend. Either it is SSO or User Mapping is done, Portal User can only access the Backend with one User ID.
  If you use SSO, for Example if the Portal User is UserA then you would have the UserA in the Backend too. It will use the UserA in backend to access.  (Note: Single User can't access multiple Backend. Since we would have already maintained the Backend Connection details in the System and also in JCo Destination. So it is not possible for a User to access the Backend with two different Backends)
  If you use User Mapping, then you can decide the User which it should use. (For ESS/MSS this is not recommended and it is not feasible too).
  Regards,
  Baskar.N

• Displaying multiple dynamic html pages within a single Portal folder.

  Hi all,
  Question: How can I display multiple dynamic html pages that are linked to each other, within a single portal folder?
  History:
  I have a designer/web server application (PL/SQL packakges) on Oracle
  8.1.7. Early in the development process we built it into WebDB2.2 and
  used folders on the left side as a navigation bar and the contents of my packages on the right side. This was easy, WebDB used Frames.
  Unfortunatley I could never automatically display a PL/SQL item in the folder area.
  Now I need to integrate the application into Portal 3.0 not the early adopters version, the one with 9iAS (NT for now, Unix later). I have a page/content area divided into regions and a navigation portlet on the left side containing links to PL/SQL folders whose contents are displayed on the right side. On the right side I have (for example) a Queryview. When I click on any of the buttons (i.e. Find, New), I land in a new page outside of my portal folder. This page contains a dynamically built list (from one or more DB Tables) and of course the first column contains a list of links that bring you to the individual item. How do I set my links or configure my folder to display
  within the portal folder area?

  Hi,
  One alternate is, increase the size of your screen, for this go to the layout of your screen and increase it as much you want, and also the custom container size, so that no scroll bar will appear at least.
  Other solution would be, as you said ALVs will be dynamical, it will be good to create buttons, or links on the screen based on the no of ALVs dynamically and on click of corresponding button call the corresponding ALV.
  But i dont think this will serve, first check the first option.
  Hope this helps u.,
  Thanks & Regards,
  Kiran.

• Single Portal to connect to multiple back end ECC system

  Hi Experts,
  I want to connect existing SAP Portal 7.3 to new ECC(ECC EHP 5) System for ESS MSS.
  The requirement is that my existing backend system (ECC EHP 5 ) should also exist. i.e. I should able to use current portal to connect to existing SAP ECC System as well as new ECC System with single portal .
  Please let me know how it works in ABAP Webdynpro?
  Do let me know how this can be achieved ? Is the same portal url be used to access the 2 different backend system for ESS MSS.
  -Pravesh

  Hi Pravesh,
  for using different backend systems in the same portal, just adapt these systems in your system landscape and define your system aliases in appropriate iViews or write a DSR service.
  Pravesh Deshbhratar wrote:
  Please let me know how it works in ABAP Webdynpro?
  this mechanism is not bound to a specific programming paradigm or technology.
  regards

• Integrating BIP with multiple LDAP servers

  Hi,
  my question is very simple. In Admin->Security Configuration->Security Model section i've setted Security model combobox with LDAP value. Then i've filled all LDAP information field (for example:URL). All works. But in my rpd i 've multiple LDAP servers (multiple URL) and in the form i can insert information about only one LDAP server.
  Is it possible configure BIP with multiple LDAP servers?
  Thanks
  Giancarlo
  P.S. I'm using OBIEE 10g

  Hi,
  my question is very simple. In Admin->Security Configuration->Security Model section i've setted Security model combobox with LDAP value. Then i've filled all LDAP information field (for example:URL). All works. But in my rpd i 've multiple LDAP servers (multiple URL) and in the form i can insert information about only one LDAP server.
  Is it possible configure BIP with multiple LDAP servers?
  Thanks
  Giancarlo
  P.S. I'm using OBIEE 10g

• Authentication issue with Xcelsius/Portal integration

  I am facing an issue with the way we have integrated our Xcelsius dashboard with our corporate portal. I know this probably is more of a SDK question than Administration, but I figured I will ask it here anyway since Tim and some others are diverse enough in their knowledge base. This might be LONG post but please advise if anyone has any good pointers.
  We have an Xcelsius dashboard that needs to be served up via our corporate intranet (based on MS Sharepoint 2007). Now we are NOT using the MS Sharepoint Portal Integration Kit, but just doing a basic integration of the SWF call within a web part on Sharepoint. All this means is that within a portlet (web-part) on Sharepoint, I am making a HTTP call to the openDocument URL to invoke the SWF file. So the SWF is actually served up from our Tomcat App Server, and displayed onto this frame within the portal. That is the basic idea.
  To achieve this, what I did was write some custom code using the Java SDK to modify the openDocument a little bit. By doing so, I was able to insert some behind-the-scenes-login code wherein no matter who the portal user (Win AD-based) is, he is logged in to BOE as a generic "dashboard-user" and the dashboard is served up. This worked fine for the first dashboard where all we had was SWF and some WebI linking using openDocument (no full-InfoView access).
  But in this second dashboard now, what we also have is a hyperlink for users to get to InfoView to do Ad-hoc reporting. What this does is open a child browser window from within the portal (dashboard) --- and it remembers the BOE session for the generic user id "dashboard-user" and logs the end-user in to InfoView using that. But what I actually want is that the end-users, on this new window, should only be prompted at the traditional InfoView logon screen where they can manually enter their Windows AD password and get in. Thus, I would like to keep the dashboard SWF page session separate from the InfoView ad-hoc session, which I cannot seem to do because of the browser relationship and session maintenance.
  I am trying to find a way where I can simulate a single sign-on for dashboard viewers on the portal, but at the same time let them jump off to InfoView as themselves.
  Any thoughts on how I can do this?
  Notes:
  We DO NOT have Single Sign-On enabled for InfoView
  We are using Windows AD authentication (manual, no SSO)
  We are on Tomcat

  Sarang Deshpande wrote:
  1) If the InfoView app on Tomcat (desktoplaunch) is configured with Vintela, openDocument calls from the portal with automatically work using behind the scenes SSO, correct?
  in XIR2 everything that falls under infoview should SSO when infoview is setup for SSO (not the case in XI 3.x)
  Sarang Deshpande wrote:
  2) What is the best practice when it comes to the service accounts needed? I have implemented Windows AD manual auth already so I have a service account that use for that. Should I be using the same on and making vintela/SSO-specific changes to it...or should I have a separate vintela service account and deal with two different ones..each for a diff purpose?
  There is no best practice per se but the less service account the lower your chances to duplicate an SPN, functionally everything seems to work just as well with multiple as it does with 1 (of course with 1 there is less management work) If you click the SSO link in my forum sticky post I have a section explaining this with some suggested methods of deploying a service account(s)
  Sarang Deshpande wrote:
  3) Other than some minor browser configurations that might be required, is there anything else that I should communicate to the team about what might be required to be "pushed" to users' PCs?
  Using the default config nothing should be required on the client machine (unless SSO has been disabled in the browser or you intend to use a url that contains a period ..... (i.e. FQDN or IP) with hostname URL (the default) it should just work.
  To note if you have XP SP2 or older there is a microsoft spnego bug you may need to apply a fix if you aren't patched to SP3 (about 5% of our customers run into this).
  Regards,
  Tim

• Multiple LDAP Servers in Fusion Middleware (OBIEE 11g)

  Hello,
  I have a question, regarding integration of multiple LDAP servers with single Weblogic Server of Fusion Middleware (OBIEE 11g). We are currently using OBIEE 10g. We are on verge of migrating to 11g. However, I have a question regarding the LDAP server.
  Our two applications run on two distinct LDAP servers. The plan is to provide a single sign on link for OBIEE 11g reports to the end users and depending on what application they are using, they must be authenticated against the respective LDAP server.
  So, my question, is it possible to Integrate two different LDAP servers in the Weblogic of Fusion Middleware (OBIEE 11g). If so, what would be the steps. Any helpful document will also be appreciated.
  Thank you,
  Chandu.

  Yes, you can configure multiple authentication providers one by one as you generally do.
  When you configure multiple Authentication providers, use the JAAS Control Flag for each provider to control how the Authentication providers are used in the login sequence. You can set the JAAS Control Flag in the WebLogic Administration Console.
  REQUIRED—The Authentication provider is always called, and the user must always pass its authentication test. If authentication succeeds or fails, authentication still continues down the list of providers.
  REQUISITE—The user is required to pass the authentication test of the Authentication provider. If the user passes the authentication test of this Authentication provider, subsequent providers are executed but can fail (except for Authentication providers with the JAAS Control Flag set to REQUIRED).
  SUFFICIENT—The user is not required to pass the authentication test of the Authentication provider. If authentication succeeds, no subsequent Authentication providers are executed. If authentication fails, authentication continues down the list of providers.
  OPTIONAL—The user is allowed to pass or fail the authentication test of this Authentication provider. However, if all Authentication providers configured in a security realm have the JAAS Control Flag set to OPTIONAL, the user must pass the authentication test of one of the configured providers.
  refer - http://docs.oracle.com/cd/E13222_01/wls/docs92/secmanage/atn.html
  Regards
  Mukesh Negi
  http://weblogicserveradministration.blogspot.in/

• How to configaration in LDAP Server in portal?

  Hi Experts,
  I configare the LDAP Server in portal , but is not configare plz send me docs
  Regards,
  Chandu

  Hi Check this out.
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
  Have a look at these BLOGS which tells you step step by approach to integrate LDAP with SAP EP.
  Novell  eDirectory  8.8 as UME Data Source for EP : Part I
  https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2937. [original link is broken]
  UME Data Source: LDAP
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
  Windows Integrated Authentication via Kerberos on an LDAP data source -
  NTLM with LDAP
  Browse these links.
  UME Data Source: LDAP
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
  Check these:
  https://wiki.sdn.sap.com/wiki/display/HOME/ConfigureLDAPand+EP
  http://help.sap.com/saphelp_nw04/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw2004s/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
  You can refer to the following weblinks for the same
  HELP.SAP.COM
  http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
  FORUMS
  LDAP Server settings for Configuring Multiple LDAP in Portal UME.
  LDAP Configuration - Multiple domains
  EP7 - Multiple LDAP sample file
  SAP Note
  736471 UME Configuration of multiple LDAP data sources

• EP7 - Multiple LDAP sample file

  Hi,
  I'm trying to setup multiple LDAP connections on our EP7 installation.  I found alot of SAP help information as well as a helpful tread posted by Vivek Kumar.  I am a bit stuck at one of the steps and hope that someone can please help clarify for me?
  I have followed the instructions up to point 5d in Vivek's config steps, see below:
  [The thread I'm following|LDAP Integration with Portal using MS ADS;
  i.e.
  5d) Update the properties for each datasource with the correct values obtained
  from the "Direct Editing" tab (now stored in the configuration document). An
  example is shown below:
  className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="true" isPrimary="true"> ...i802895a.phl.sap.corp389cn=Directory Manager
  ksdf8SDF#%</ume.ldap.access.password> <ume.ldap.access.base_path.user>ou=people,dc=phl,dc=sap,dc=corp</ume.ldap.access.base_path.user> ume.ldap.access.base_path.grup>ou=groups,dc=phl,dc=sap,dc=corp</ume.ldap.access.base_path.grup> <ume.ldap.access.server_type>SUN</ume.ldap.access.server_type> more stuff </privateSection>
  I've also copied the LDAP Settings section and copied the contents to wordpad from the "direct editing" tab.
  What I'm unsure of is what datasources needs to be updated with which values from direct editing.  In particular I can't find the encrypted password is in direct editing (i.e. </ume.ldap.access.password>). 
  Any assistance or examples will be of great help.
  Thank you
  Regards
  Deon Hattingh
  [email protected]

  Hi,
  did you also take a look at the example on [help.sap.com|http://help.sap.com/saphelp_nw70/helpdata/en/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm]?
  In your dataSourceConfig file you can simply specify in the ume.ldap.access.password a "location"/placeholder for your password, e.g. $ume.ldap.access.additional_password.2
  Then in the configtool under UME Ldap Data -> Additional LDAP properties you can define the "real" password in the sections ume.ldap.access.additional_password.1 (global), ume.ldap.access.additional_password.2 (global), ...
  Hope this helps,
  Holger.

• BSP Exception: Access to URL /irj/servlet/prt/portal/prtroot/com.sap.ip.bi.web.portal.integration.launcher;jsessionid= not allowed

  Dear all,
  I've created out BI system in our new Portal installation and tested the connection. Everything works fine. I added the certificate of the portal to STRUSTSSO2 in BI ABAP and assigned SAP_ALL and SAP_NEW to my Account.in BI. If I open the iView from the portal I get a BSP Exception with the message:
  The used connection by the iView is to the ABAP-Stack of the BI-system not to the JAVA-Stack. Is that correct?
  BSP Exception: Der Zugriff auf die URL /irj/servlet/prt/portal/prtroot/com.sap.ip.bi.web.portal.integration.launcher;jsessionid=IDBYatWIpt_pX4uc52ChoZqMWkm1RAFW2qsA_SAP ist untersagt.
  What can be the problem/reason?
  Thanks!

  Hi Gerrit
  In both places you have to provide a authorization access to the end users then only it will work. because your are already said that in SAP_All & SAP_New working fine
  Back end BI system access as per the word document as pasted the link
  https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&cad=rja&uact=8&ved=0CFIQFjAG&url=http%3A%2F%2Fbasisdsp.f…
  For SAP portal you have to create iview's assign the same to end user
  Assigning an Authentication Scheme to an iView - User Authentication and Single Sign-On - SAP Library
  Portal Authentication Infrastructure - Configuring the Portal for Initial Use - SAP Library
  BR
  SS

• How to use multiple projects in single application :)

  Hai ,
  I ve to use single .portal for accessing multiple projects in a application. if i create two new projects in a application i cant able to use .portlet file of one project to display in another .portal . is there any way to display both the project .portlet files in a single portal. :)

  not really.. sorry
  Kunal Mittal

• Multiple LDAPS with same username!

  Hi,
  we have a case where we need to connect to multiple LDAP servers and configure SPNego for Kerberos authentication of portal. we have a problem in case of user names. some user names are same in both LDAPs. LDAPs are portal are positioned as (Landscape convension)
  LDAP1: xxxx.yyyy
  LDAP2: ssss.yyyy
  Portal  : pppp.gggg.yyyy
  where as gggg.yyyy is a trusted domain for both xxxx.yyyy and ssss.yyyy.
  we have login problem in same user case. (same user exist in xxxx.yyyy and ssss.yyyy). I haven't gone into details yet like logs and all troubleshooting stuff. Before doing all this just want to know your views whether I can do this or not. If I can achieve any suggentions how to proceed further?
  Regards
  Ravindra

  Hi,
  Kerberose (Spnego) is possible with multiple ADS data sources. Check SAP Note 1007227 and the below link.
  http://help.sap.com/saphelp_nw70/helpdata/en/45/40a320773a7527e10000000a114a6b/content.htm
  Regards
  Deb