Process flow - Active Directory integration with Enterprise Portal

Hi
I have seen number of documents/forum discussions on integrating Microsoft Active Directory (LDAP) with Enterprise Portal, but unable to find out the process flow for achieving the same.
I have installed Enterprise Portal 6 (SP13) running on Web AS 640 (J2EE Standalone). The UME is currently configured to use Java database. (i.e datasourceconfiguration_database_only.xml)
I intend to proceed as below for integrating with Active Directory and integrate with Windows authentication:
1) Configure UME to use an LDAP Server as Data Source using Config Tool
http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
2) Configure Enterprise Portal UME i.e http://<host name>:50000/irj - System Administration - System Configuration - UM Configuration
<b>Should I configure Data Sources & LDAP Server here as I have already configured these using J2EE Config tool (point no.1).</b>
3) Integrate Windows authentication with EP using IISProxy module.
I hope the above will enable me to logon to Portal without supplying username and password once you are logged on to the PC using your Windows user name and password.
Also, any schema updates required to Activie Directory i.e What additional data is stored in A.D.
I would appreciate your guidance on this.
Thanks in advance,
Chandu

Hi Chandau,
you wanted that some users are not taken into account by the User Management Engine (UME).
This behavior can be established by specifying the
ume.ldap.negative_user_filter property for the LDAP data sources in the data source configuration file. Using this property one can define that all users and accounts that
match the defined conditions are filtered out by the UME API.
A detailed documentation can be found in the SAP Online Help:
http://help.sap.com/saphelp_nw04/helpdata/en/9a/f43541b9cc4c0de10000000a1550b0/
content.htm
In the following example of a data source configuration file for Microsoft Active Directory
Server the attribute userPrincipalName is used as Logon ID of a portal user id (j_user).
Here the user accounts that have one of the following Logon ID’s (index_service,
notificator_service and cmadmin_service ) are filtered out.
<dataSources>
</dataSource>
<dataSource id="CORP_LDAP">
<privateSection>
<ume.ldap.negative_user_filter>
userPrincipalName=[index_service,notificator_service,cmadmin_service]
</ume.ldap.negative_user_filter>
</privateSection>
</dataSource>
</dataSources>

Similar Messages

  • Tutorial: Azure Active Directory integration with Igloo Software

    Click reply and tell us what you think:
    Tutorial: Azure Active Directory integration with Igloo Software
    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

    Hello
    Can you be little clear, what you have tested with Airwatch MDM cloud?.. which scenarios?.. 
    1) Device Enrollment ?
    2) Access to Airwatch console?
    3) Access to Airwatch self service portal?
    By following the steps We do not get it working at all. by the way some of the steps in this tutorial are unclear and outdated;  
    I finally personally figured out how things should look like, and  make it work but only with Device Enrollment scenarios from the mobile devices itself. not from the pc and browsers or from the Access panel.

  • Active directory Integration with OBIEE

    Hi all,
    Can any one send me a link for active directory integration with OBIEE.
    I have imported the users succesfully and I was able to login to analytics as an AD user.
    But SSO is not possible. Kindly help me over this.
    Thanks,
    Haree.

    Thanks for reply veeravalli.
    Me too followed the same link and successfully imported all the users from AD into OBIEE and login in is also possible.
    But my requirement is to have Single Sign On ie.., users may log on to their Windows PCs and access Oracle BI EE via a standard web browser with no further authentication required on their part.
    Thanks,
    Haree

  • Can Microsoft active directory integrated with Oracle Applications

    Hi,
    Can anyone provide me any document on Microsoft Active Directory Integration with Oracle Applications(12.0.6)
    Manish

    Hi,
    It is possible, please refer to the following documents for details.
    Note: 376811.1 - Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
    Note: 415007.1 - Oracle Application Server with Oracle E-Business Suite Release 12 FAQ
    Regards,
    Hussein

  • Ms-Active Directory integration with SAP 4.7 SR2 through LDAP Connector

    Dear Gurus,
    Let me clarify the scenario:
    At our end, we are planning for SSO, we are integrating Microsoft ADS with SAP 4.7 IDES
    Following are the system details:
    SAP: IDES 4.7, on Windows 2000 Advance Server, Oracle 8.1.7.,Kernel-620
    MS-Active Directory: Windows 2003 Enterprise Edition, with Service Pack-1
    With the above mentioned landscape we have integrated
    LDAP-Connector on MS-Active Directory, on MS-Active Directory OS
    side we have tested the command (ldap_rfc –a LDAP_ADS –g
    ides.ho.com –x sapgw00) then we are testing it through an
    RFC in SAP 4.7(IDES), with result success.
    Everything is fine Im able to Log ON thru the User but when I try to search objects in LDAP(ie. ADS) thru "FIND", but getting Error message "operation Failed".
    Referred note 511141 for the error.
    Can't find anything more.
    Required help...
    Regards,
    SHAH

    Dear Juergen,
    As of we have applied the SP-level till 40.
    Through LDAP tcode we are able to Logon to the Directory server, and we
    are also able to search, through FIND,
    the system displays all entries below the specified base entry.
    After that we are trying to Synchronize it, using report RSLDAPSYNC_USER through SE38, but its showing following errors:
    Connection created to Server LDAP_ADS (successfully with Green)
    Operation Failed (Error with Red)
    Error message: LDAPRC001
    LDAP_SEARCH failed (Error with Red)
    Error message: LDAPACCESS101
    The System could not create directory objects pool (Error with Red)
    Error message: LDAPSYNC005
    Connection to LDAP_ADS server terminated
    As for first Error: Error message: LDAPRC001, we referred Note 511141,
    Response: "This error msg does not mean that the SAP System sent incorrect data".
    For Error message: LDAPACCESS101 and Error message: LDAPSYNC005, we refferred 696021 and 695026
    Response: to apply the correction change, as our SP level is above the requirement, we have
    level-40.
    Unable to get further, any solution/suggestion.
    Bye for now.
    Regards,
    Shaibaz

  • Active Directory integration with call manager

    Hi,
    I am facing issues while Integrating the CCM to my Active Directory using AD Plug-in.
    SITE SETUP:
    1. Windows 2003 Parent Domain Controller located remotely with GC.
    2. Windows 2003 Child Domain for the Parent DC located Locally with GC.
    3. Cisco CallManager 4.1.3 sr3b
    My Requirement is to integrate CCM with my Windows 2003 AD.
    My Questions are:
    1. Do I need to Provide the Parent Domain name or the Child Domain name while performing the AD Plug-in Setup?
    2. Does my Call Manager need to have the Forest access of the Active Directory (i.e., Does it perform some modifications in the Parent Domain)?
    3. Does the user account (which is used for Directory Integration) need to have direct members of Schema Admins or thru some other domain admin groups (i.e., Admin user -> Child Domain Admins Groups -> Parent Domain and Schema Admin Groups)?
    Can anyone can help me on this?
    Thanks,
    V.Kumar

    1. Do I need to Provide the Parent Domain name or the Child Domain name while performing the AD Plug-in Setup?
    Use the root domain, in this case the Parent domain.
    Cisco does not recommend having a Cisco Unified CallManager cluster service users in different domains because response times while user data is being retrieved might be less than optimal if domain controllers for all included domains are not local.
    2. Does my Call Manager need to have the Forest access of the Active Directory (i.e., Does it perform some modifications in the Parent Domain)?
    Yes, actually all domains in the forest share the same Schema, which will be modified after running the AD plugin.
    3. Does the user account (which is used for Directory Integration) need to have direct members of Schema Admins or thru some other domain admin groups (i.e., Admin user -> Child Domain Admins Groups -> Parent Domain and Schema Admin Groups)?
    Account should be a member of the Schema Admins group in Active Directory, try the one in parent domain.
    Correct permissions for CCMAdministration and similar example for your setup:
    http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_implementation_design_guide_chapter09186a00806e8c04.html#wp1043057
    HTH

  • Active Directory integration with Solman 71. ITSM and Business Partners

    Good morning.
    We have 30 000 users on the Active Directory. All these users must be able to log a call via Solman 7.1. Is there a way to avoid creating the 30 000 users on the Solman system by integrating Solman & AD & automatically assigning the BP to the user(s)? What alternatives are there?
    Kind regards,
    Mojo

    Hi Mojo,
    You can setup the CuA (Central User Administration) to synchronized all your LDAP database to the cua. Then you solman will have to be declare on each ...
    Notes = CuA is a old technology which works fine  ... but SAP does not really support it. New product is called "IDM". It does request to your need I think..

  • Active Directory integration with Service Desk and Busines Partners

    We have populated the business partners in Service Desk with data from Windows Active Directory, but this was a one-time import.
    At the moment if there are any changes to Active Directory then the business partner records need to be updated manually.
    Does anybody know if anyway to integrate Active Directory with the business partner records in Service Desk?
    Thanks
    Simon

    This was also our problem.
    We have multiple user sources (an LDAP, ADS, different SAP systems). I'm not aware of any automated way of doing that.
    If you want to use issue management/service desk all the users need to also be created as SU01-users to be able to use the workcenters. The SU01-Users have also to be assigned to the appropriate business partner. There is no automation for this.
    For us this drawback was so big that we stopped using the service desk.
    Markus

  • Support Desk Integration with Enterprise Portal

    Hi Experts,
    We have a scenario to Implement Service desk with portal.
    can any buddy tell me the procedure to achieve this scenario.
    thanks in advance.
    BK

    Hi
    Are you taking about web based service desk
    this is standard called workcenters in solution manager
    https://websmp210.sap-ag.de/~sapdownload/011000358700000776062009E/Howto_ServiceDesk.pdf
    https://websmp210.sap-ag.de/~sapdownload/011000358700000150572007E/How_to_use_IC_WebClient.pdf
    Regards
    Prakhar

  • Integration with Enterprise Portal and Cognos System

    Hi Gurus,
                       I want to display the report from Cognos System, but i want to take up the Snapshot of the report in backend and while in displaying in  Portal an image of the particular report should be displayed, what's the report running.
    If anyone tell how to get the snapshot.If anycoding block , that more helpful to me.
    Awaiting for the reply..
    Best Regards
    Ganesh

    Hi Ram,
    One of the ways to do it is described in the following blog:
    https://www.sdn.sap.com/sdn/weblogs.sdn?blog=/pub/wlg/1334 [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]
    Regards,
    Sridhar

  • Active Directory Integration with OBIEE 11.1.1.6.0

    Hi all,
    I have a wierd issue, might be due to my lack of understanding regarding LDAP, but here is the problem.
    When I use the Principal for configuring AD Authenticator, I use something like
    Principal:             CN=test test,OU=Groupe,DC=abc,DC=com
    User Base DN:      OU=Groupe,DC=abc,DC=com
    This fetches users successfully, I could see a user named "test" in the Users and Groups Screen.
    I have multiple authenticators, and CONTROL FLAG for all is set to SUFFICIENT.
    Refreshed the GUIDs too.
    But when I try to login using the username test    it throws out error saying
    Error Message From BI Security Service: SecurityService::authenticateUserWithLanguage [OBI-SEC-00015] Unable to find user in identity store
    [2013-12-10T06:35:54.000+00:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 19498f464dc721aa:7ff6bd7a:142dc1e4b45:-8000-0000000000000660] [tid: ec4]  [nQSError: 43126] Authentication failed: invalid user/password.
    NOTE: The install is an OBIEE Simple Install. Does it have a limitation on the No. of Authenticators? (just a wild guess)
    Could any one help in resolving this login issue?
    Regards,
    Kiran P

    Hi,
    Verify that your Oracle EBS OLTP DbAuth Connection Pool executes on connect Physical SQL :
    call /* valueof(NQ_SESSION.ACF) */ APP_SESSION.validate_icx_session('valueof(NQ_SESSION.ICX_SESSION_COOKIE)')
    Best,
    Ark

  • Help with Active Directory Integration and kerberos

    Hello,
    I’m encountering a bug preventing me to use Active Directory integration with kerberos :
    Our domain name is CORP.DOMAIN.COM.
    When we request the GC in this domain :
    bash-3.00# nslookup -query=any gc.tcp.corp.domain.com
    Server: 1.2.1.6
    Address: 1.2.1.6#53
    ** server can't find gc.tcp.corp.domain.com: NXDOMAIN
    there is no answer.
    But when we request without corp, we find the servers :
    bash-3.00# nslookup -query=any gc.tcp.domain.com | grep sis
    gc.tcp.domain.com service = 0 100 3268 serveur02.corp.domain.com.
    gc.tcp.domain.com service = 0 100 3268 serveur01.corp.domain.com.
    bash-3.00#
    Is-it possible to add the possibility to enter the domain name where reside the gc.tcp ?
    Thank you.

    Hello
    the domain.com domain exist, but it's not our domain.
    so, when I put domain.com, it search with no result (nothing appends).
    our kdc.conf :
    [kdcdefaults]
    kdc_ports = 88,750
    [realms]
    CORP.DOMAIN.COM = {
    profile = /etc/krb5/krb5.conf
    database_name = /var/krb5/principal
    admin_keytab = /etc/krb5/kadm5.keytab
    acl_file = /etc/krb5/kadm5.acl
    kadmind_port = 749
    max_life = 8h 0m 0s
    max_renewable_life = 7d 0h 0m 0s
    default_principal_flags = +preauth
    krb.conf
    [libdefaults]
    default_realm = CORP.DOMAIN.COM
    default_checksum = rsa-md5
    [realms]
    CORP.DOMAIN.COM = {
    kdc = dc01.corp.domain.com
    kdc = dc02.corp.domain.com
    [domain_realm]
    .corp.domain.com = CORP.DOMAIN.COM
    corp.domain.com = CORP.DOMAIN.COM
    in every domain, I think the GC are in corp.domain.com. but in my company, it's in domain.com...
    Thank you,

  • Issue with Reset Password from Active Directory Integration Pack

    I seem to be having some issues with a subscription in the Reset Password activity from the Active Directory Integration Pack. The "User Password" field refuses to take a value from a subscription provided earlier in a Generate Random
    Text activity. As you will see in the screenshot below, when the Reset Password activity runs, the User Password value is blank.
    Any idea why this might be happening? It looks like a possible bug with the Active Directory Integration Pack.

    Hi John,
    I think this is not a bug, this should be by design because the password is a secure string. If you look for the Published data for Reset User Password activity at
    http://technet.microsoft.com/en-us/library/hh553463.aspx it is not listed there as well.
    If you need the the string (e.g. to send it via email) use the
    data from the "Generate Random Text" Activity.
    Regards,
    Stefan
    www.sc-orchestrator.eu ,
    Blog sc-orchestrator.eu

  • Integration of BO reports with Enterprise portal

    How can i integrate BO reports with Enterprise Portal.

    Jude, have you done this already. This is because i have checked the files for IK but it's not too specific on things like configuring the system for BO in SAP EP or where to do the things. I am stuck on configuring the area of the visor for the system that will connect to BO i already typed the domain url to leave it able to SSO but no for the visor. If anyone knows how to do this.

  • Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access

    Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority
    General: 
    Could not connect to the Active Directory.
    Active Directory Certificate Services will retry when processing requires Active Directory access.
    We have a Windows 2008 Server Enterprise with AD . I would like to enable the service  "Certificate Services"  that
    allow me to enable radius to authenticate users wireless with the active directory.

    Hi, 
    Can you please check this forum or someone from Microsoft, as we have post here dating back from October that are not being answered.
    Everything for us is exactly the same as szucsati and Racom
    NMNM, 
    Please give us an answer on this as the link provided is absolutely useless.
    Thank you.

Maybe you are looking for

  • What is this? (From 4th Gen iPod Touch dock connector)

    I recently bought a 5th Gen iPod Touch which is great. My 4th gen broke a year ago and wouldn't charge. This morning I decided I'd see what's wrong with it. I shone my flashlight in the dock connector and I realised this thing wasn't connected to any

  • Getting Error in MIRO

    Hi Gurus, I am Doing 3rd Party Scenarion in IDES system on 4.6C ,when i tried to MIRO based on PO, system gives the following Error, For Object RF_BELEG (COMPANY CODE XXXX),number Range intervals 51 does not exit. Diagnosis. The Database table NRIV h

  • You can not post to asset xyz ( investment support measure) ??

    Hi Guru's, I am trying to post some spending reclassed to an already capitalized asset. So in order to do this I have reactivated the project, resettled the spending to the asset and now I am trying to finalize the settlement to the asset by using tc

  • Tandberg C20 switch port configuration

    Is there a recommended switch port setting (3750x) for connecting a Tandberg C-Series (20,40,60)? Smartports? Port-Security? Access-port only?

  • Analyzing Clips - languages

    I am trying to learn about analyzing a clip, so I downloaded all the languages from https://helpx.adobe.com/premiere-pro.html# and then went back to Adobe Premier. I selected a clip in the Project panel and then went to Clip > Analize Content. In tha