Portal with LDAP

Similar Messages

• How to force a new password in portal with LDAP user? external users

  With an external portal (used by agents that do not work for you or reside in your office), company policy is for password to be changed every qtr.
  If the users are creating as LDAP users how to force them to change their password when required?
  Is this a custom application that needs to be written so when they log into the portal if the qtr has expired the portal ask them to enter a new password that becomes valid for the next qtr.
  Versus internally deleting and emailing all the users a new password?

  Hi Glenn,
  We are getting one problem when we are creating user in LDAP and login with that user in  Portal that time we are getting Password change screen , but when we create a user in LDAP and change the password of that user in LDAP then when the user tries to  Login to portal that time we are not able to see the password change screen.
  But again if we change the password of that user through Portal we are able to see change password screen.
  can you help on this how we can force the user to change password when we are changing password in LDAP or in SAP System.
  Regards
  Trilochan

• Parent / Child Groups in Portal with LDAP

  Heya,
  we are using EP 7 on SP 10 (NW 7), for User Authentication we use the UME with a configured (writable) LDAP
  Server as backend with a flat hierarchie. We have a Federated Portal Landscape with
  3 Portals connected to one "main" portal and using Remote Role Assignement on the main portal for
  our right managenemt.
  Remote Roles which are added to Groups are working fine, but as soon as we try to use
  the parent/child group functionality we are facing the problem that the user who logs on
  has no access to anything in this group.
  According to http://help.sap.com/saphelp_nw04s/helpdata/en/af/0cfc3f09c2c442e10000000a1550b0/frameset.htm
  the only restriction for the use of child / parent groups is that:
  "If user management is set up with write access to an LDAP directory, the following restriction applies:
  When assigning members to a group that is stored in the LDAP directory, you can only assign users or
  groups that are also stored in the LDAP directory. You cannot assign users or groups from the database
  to groups from the LDAP directory. "
  We fullfill the above condition (everything is LDAP based) - sooo: Any Hints for me / Someone facing
  the same problem.
  Thanks,
  Marco

  Hi Murali,
  User Configuration
  A particular company has the following setup:
  ●      Two roles: External and Internal
  ●      The role Internal contains users who also belong to two user groups: N.America and Asia
  ●      User A belongs to both the role Internal and the user group N.America
  ●      User B belongs to both the role Internal and the user group Asia
  ●      User C belongs to the role External
  Conditions Defined in Portal Display Rules
  1. If Group = N.America
     Then Portal Desktop = Orange Flavor
  2. If Role = Internal
     Then Portal Desktop = Green Flavor
  3. If Group = Asia
     Then Portal Desktop = Blue Flavor
  4. If Role = External
     Then Portal Desktop = Red Flavor
  Note that user A matches conditions 1 and 2; (ii) user B matches conditions 2 and 3; and (iii) user C matches condition 4.
  Results
  According to the list of priorities, these are the results:
  ●      User A receives portal desktop "Orange Flavor" (according to condition 1 which has priority over rule 2)
  ●      User B receives portal desktop "Green Flavor" (according to condition 2 which has priority over rule 3)
  ●      User C receives portal desktop "Red Flavor" (according to condition 4)
  still any help on portal disktop rules to can see this link http://help.sap.com/saphelp_nw70/helpdata/EN/4b/29cf122f414721964269e1b675d62c/frameset.htm
  if helpful don't to give points
  thanks
  best regards
  ep

• Problem with users in portal - login conflict with LDAP.

  Hi.
  Let me describe our problem:
  We've a EP5 portal with LDAP conected to a central LDAP server, users access with the same user and password to all the different systems.
  The problem happens to users who have theyr passwords expired. We already set to 0 the password expiration days to avoid future problems but that didn't applied to the already expired ones.
  This affected users cannot change the password due to problems with the connection rights to LDAP server.
  We're trying to find the place there it's set that the user is in some kind of "password expired" status, directly in a database table if neccesary, to change the status manually, as system does not allow os to set it by user administration in portal.
  Any suggestions would be appreciated.

  Restoring expired Portal passwords
  Solved

• Problem with LDAP in BEA Portal

  Problem with LDAP in BEA Portal
  I have a list of 50 user which should be cerated in portal staging(devlopment) machine and should be transfered to
  production machine using LDAP
  Steps which i followed to create Users
  1.Create User Profile with 2 parameters branch and Role
  2.I have list user in the Xls file with Username,password ,branch and Role
  3.Write a java File which will read the Xls File
  4.The users are created in the staging machine for the portal
  Steps which i followed in LDAP to tranfer the created User form Devlopment to Production
  1.Export the created user from Devlopment (which was moved as .DAT in my local directory)
  2.import the user from local direcory to production machine
  The Users are imported in the production machine with username and password but the role and branch values are empty
  We need a solution for importing the user with role and branch corresponding to each user.
  Thanks in Adv
  Suresh

  In Portal 8.1, user name and password in stored in LDAP where as user profile values are stored in database. That is the reason you are not able to see the user profile values.
  Check once again whether you can see these values through admin tool. In case,it is not(after confirmation again),you might have to use APIs to do this for you incase you dont want to manage through Admin Tool.
  Thanks,
  Prashanth Bhat.

• Automatic upload of roles from ECC to portal (UME with LDAP)

  Hi experts,
  This thread reopen the question asked on the following message : automatic upload of roles from BI to portal
  However, it concerns this time "UME with LDAP".
  Problematic :
  SAP Library 04s tells us that is not yet possible to automate role replication (or role assigment replication) from ABAP Based back-end to Netweaver Portal. Only manual process for initial upload is possible.
  Source = http://help.sap.com/saphelp_nw04s/helpdata/en/41/5e4d40ecf00272e10000000a155106/frameset.htm
  Questions :
  1 - Did anyone ever try to implement such an automatic tool ?
  2 - What if I'm not able to write on the Active Directory ? I am still able, at least, to automate role assignment replication from ABAP Based back-end to Netweaver Portal (ie. UME with LDAP) ? Directly from SAP R/3 to EP through UME, without passing through Active Directory since the group field is not maintained in AD.
  Many thanks for your inputs
  Alexis MARTIN

  Hello,
  As I did not read the previous thread I don't know what exactly you are trying to achieve, but I can tell you about what we have done - as far as it is not too late yet.
  We use the portal with integration to a BI system. In the ABAP stack we have lots of roles with menu items for hundreds of reports. We want the users to see these roles in the portal.
  First we have used the role migration tool of the portal to upload these roles. There is a Java API for executing role uploads from code. You need to create a webservice in the java stack to call this api, and can call the webservice from ABAP.
  However it is just a question of time and role size until this will not work at all. Standard role migration is more or less crap, stability is a problem. It also creates a lot of logs in the PCD and thus fills the database with trash. (After a few OSS messages there is now a program for deleting logs + you can turn of logging.) Also upload of larger roles takes up to an hour, and you alwasy have the problem that your portal roles are not up to date during the day.
  When I got completely fed up, I have implemented an own navigation connector. When you log on to the portal it will connect to the ABAP stack via RFC, load the role, and generate the portal menu from it. It uses caching, but on every logon it checks whether the role has been updated in ABAP since the last time it was loaded. It is up to date, faster then PCD navigation, and you need absoluetely no periodical synching at all. I cant even understand why this is not offered by SAP per standard!
  Drawback is that it will of course only work for the menu items, and only menu items with an "URL-type" are supported. I'm prettry sure however that it would be possible to implement a few other types as well.
  Let me know if you are interested in the solution, I can give you a few additional details: oliverDOTsvisztATwienerbergerDOTcom
  Oliver

• Enterprise Portal - MDM - LDAP integration

  We are succesfully able to integrate Portal to MDM with a trusted connection and with portal users existing in LDAP and mdm users existing in MDM console.
  We also successfully integrated MDM with LDAP so that we dont have to store users in console, but manage them in LDAP. But once we did the LDAP integration, portal to MDM connection was lost saying mdm user details could not be retrieved.
  Has anybody faced this issue? what key steps to taken care during MDM-LDAP integration.

  Hi goerge,
  When ever we integrate MDM with LDAP, we need to make a setting in MDS.ini file.
  Please check the "User Identifier" setting in MDS.ini file.
  Typically this should be The name of the LDAP id field which will match the value the user provides as the Username at logon.
  Make the entry in MDS.ini like User Identifier = cn or SamAccountName.
  If that is done, please verify other parameters corresponding to LDAP in MDS.ini as per the table 91 in Page no 291 in MDM Console referece guide.
  Or refer to the SAP note 1635338 for reference which is pointing to same issue.
  This should solve your problem.
  Regards,
  Sravan

• Integration iLearning login with LDAP?

  Hi friends,
  Although there exists a Metalink note with this exactly title, (How To Integrate Oracle iLearning and LDAP Note:452425.1) I've searched inside documentation how exactly iLearning does this step. I mean:
  I have to install the iLearning Platform (without installing Oracle Portal) in a Windows environment. Due to customer requirements, the iLearning login must be validated with LDAP validation... I've read that it's done with iLearning WebServices.. but I can't find where exactly is described this procedure. (My knowledgements of web services are limited)
  I'm reading the "Oracle iLearning 5.0: Web Services API Technical Reference " And it's supposed all lis there.. but.. "LDAP" word is not mentioned so... any ideas?
  Thanks a lot.
  Jose L.

  If is not possible that integration, I've thinked in other solution:
  - Create/Publish a WebService in iLearning platform. That webservice woul check in LDAP contents for new users... if there exists new users it would retrieve their information and would create them as iLearning platform users ...
  This could be divided in two tasks:
  - create/publish web service in iLearning to query in LDAP
  - insert the information retrieved as a new user/s into iLearning System.
  [This one.. if is not possible to "program" in the webservice.. could be done through direct INSERT into i Learning tables.. I suppose]
  Any ideas of how to do this?
  Thanks a lot!!!!.
  Jose.

• Integrate Portal With Microsoft ADS

  Hi,
  I need to Integrate  portal with Microsoft Active Directory service, so that users can login with into Portal with ADS Authentication.
  What are the required for Configure EP To ADS.
  i have the LDAP Service User Account.Other than this what i required to configure.
  Please provide me the steps need to configure,
  Thanks
  Subbarao Chinta

  The links above should help you do the basic configuration for Portal and ADS integration.
  In addition to the links above -
  If you are planning to create users (with passwords), configure LDAPS.  This can be done by using Certificate Authority on the ADS server and importing the root certificate to the Portal server.  I would also make sure the security policies on both servers match.  The default port is 636.
  Otherwise, the default port is 389.
  If you plan to read other custom attributes from LDAP, modify the datasource configuration file.
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/44/7d188751626fb5e10000000a155369/content.htm
  If you want to create LDAP accounts with different account properties, modify the ume.ldap attributes in the com.sap.security.core property sheet in Config Tool.

• Upgrade to 3.0.8 with LDAP failure

  Has anyone managed to upgrade Portal on W2000 from 3.0.7 to 3.0.8 and use LDAP. Our site was working with LDAP before the upgrade, and now we are getting the WWC-40100 error on attempting to login. The directory is not getting the connection.
  We have re-copied the ssoxldap.dll and created the library again to no avail. We have checked that the install works when not using LDAP. Does anyone have this working, or know where we may look to find errors.
  Thanks for your time
  null

  Have you verified that the external procedure
  listener is up and running. If it is could you please enable debugging?
  null

• Login Error from Users machine into BO Desktop Applications With LDAP user

  Hi All,
  I am getting a strange error and got stucked.I have searched in the forums and tried every possible thing but the problem remains same.
  I am not able to login into any Client application using LDAP account.
  The setup is:
  Machine 1: Webserver
  Machine 2: CMS and other servers
  Machine 3: Clustered CMS server
  LDAP is implemented and SSL is enabled between Machine 2 and LDAP server.
  Now when i am into Machine2 and try to login into Client application using LDAP it works for me also for Web Application(CMC, Infoview)
  When i am into user machine I am able to login into Client Application (Designer, Desktop Intelligence etc) using enterprise account, but not with LDAP account. However i am able to login to web Application using LDAP account from users machine.
  All the ports are open and can connect to CMS machine and database repository connectivity is also OK.
  One interesting thing i would like to share that if i am login into Infoview using LDAP account and If i go for editing a report it opens Desktop Intelligence for me (LDAP user) and there is a entry in System name when i login into Deski.That entry in system name is CMS Machine name,Port number, full domain, (J2EE Portal) written in last.
  Using this entry in System I can Login using LDAP account but first should do the process (Login to Infoview, Edit The Report) for every user machine.
  Please help me out where i am getting wrong.
  The error with Client application and LDAP user is USR0013. Can not Access the repository.

  My guess would be that client apps don't have access to the SSL directory defined in the LDAP config but the web/app does. When you edit a report it launches deski in 3-tier mode still using the web/app so this isn't surprising behavior. There are SAP notes on this in SMP key words LDAP SSL deski should return  the result. The link to SMP is in the forum sticky at the top of the administration forum.
  Regards,
  Tim

• Untrusted server cert chain - while connecting with ldap

  Hi All,
  I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
  javax.naming.CommunicationException: hostname:636 [Root exception is ja
  vax.net.ssl.SSLException: untrusted server cert chain]
  javax.naming.CommunicationException: hostname:636. Root exception is j
  avax.net.ssl.SSLException: untrusted server cert chain
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
  275)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
  at java.io.OutputStream.write(Unknown Source)
  at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
  at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
  at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
  at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
  at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
  at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
  at javax.naming.InitialContext.init(Unknown Source)
  at javax.naming.InitialContext.<init>(Unknown Source)
  at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
  at Test2.getProxyDirContext(Test2.java:66)
  at Test2.main(Test2.java:40)
  Any help would be appreciated
  Thanks in Advance
  Somu

  This got resolved when in the code the following
  System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
  where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
  in X509 format

• Portal with a URL using a Web browser in java stack

  Dear all,
  I can access the portal with our URL using a Web browser from your client machines .
  i got the following option :
  SAP Library
  SAP Library contains the complete documentation for SAP Web Application Server.
  Web Services Navigator
  Web Services Navigator is a tool that gives you a short overview of a specific Web service based on its WSDL, and enables you to test your Web service by creating and sending a client request to the real end point.
  System Information
  System information provides administrators with an overview of the system configuration and its state. It shows all of the system's instances and processes, their current state and important parameters (such as ports) that may be required for support cases, as well as the versions of the components installed.
  UDDI Client
  The UDDI client provides query and publishing functions for different Web service entities (tModels, business services) to any UDDI compliant registry.
  User Management
  The user management administration console provides administrators with the functions they need to manage users, groups, roles, and user-related data in the User Management Engine (UME). Users without administrator permissions can use it to change their user profile.
  Web Dynpro
  Web Dynpro is a User Interface technology available within the SAP NetWeaver Developer Studio.
  Various Web Dynpro tools provide administrators and application developers with performance measurement and application administration capabilities. The Web Dynpro runtime is already deployed.
  SAP NetWeaver Administrator
  A tool for administration and monitoring, offering a central entry point to the whole SAP NetWeaver system landscape. The SAP NetWeaver Administrator can be used in a central scenario where it is capable of operating an entire system landscape containing ABAP and Java systems as the application platform of SAP NetWeaver.
  J2EE Engine Examples
  This section contains several J2EE application examples that run on the J2EE Engine. The examples show some of the functions of both Java and the J2EE Engine. They can be easily deployed and tested by simply clicking on a button. The full source code of the examples is also available.
  when i click System Information:
  it ask user name () J2EE_ADMINand password (Installtion master password) ,after entered , i got below error .
  You are not authorized to view the requested resource.
    Details:   No details available
  Kindly suggest .

  Hello
  It means what it sais, your J2EE_ADMIN user doesn't have enough authorization.
  Chech if the appropriate authorization is assigned in your abap stack which belongs to the java stack you logon to:
  Role SAP_J2EE_ADMIN should be assigned to user J2EE_ADMIN.
  Kind regards
  Tom
  Edited by: Tom Cenens on Dec 17, 2010 2:55 PM

• Multiple Portals with OAM

  Hello All,
  Is it possible to register multiple Portals to single OAM instance for authentication? If so is there a document available somewhere? I could only find OBE integrating single Portal with OAM.
  Thanks in advance!

  Yes, you can do that. You basically need to setup mod_osso agent in OAM.
  Oracle Portal behaves exact in the same way as any mod_osso protected application. If you are able to protect a standard HTML file on the webserver's operating system, you will be able to protect your Portal as well.
  Setup is not documented (yet).
  Thanks,
  EJ

• Error in authentication with ldap server with certificate

  Hi,
  i have a problem in authentication with ldap server with certificate.
  here i am using java API to authenticate.
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
  I issued the new certificate which is having the up to 5 years valid time.
  is java will authenticate up to one year only?
  Can any body help on this issue...
  Regards
  Ranga

  sorry i am gettting ythe same error
  javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
  here when i am using the old certificate and changing the system date means i can get the authentication.
  can you tell where we can concentrate and solve the issue..
  where is the issue
  1. need to check with the ldap server only
  2. problem in java code only.
  thanks in advance