Storing Portal Roles in LDAP server

Hi,
  I want to use an LDAP server for user authentication to my portal. The documents I got from help.sap.com says about keeping an LDAP server for storing normal user attributes and the portal db for storing roles. Is there any way to store thr portal roles also in the LDAP server and retreive them for authentication. Please help
Thanks,
Ranjith

Hi Ranjith,
   There is no way to store the roles in the LDAP. They are kept in the portal DB. Also, portal roles aren't used for authentication like roles are in R/3. They are used mainly for determining what a user can see in the portal. 
The authentication in the portal is based on the user id and password.  when you log on to the portal.  You will be assigned a role(s) for what you can see in the portal.  The actual authentication to application come from the back end systems.  For example, even if you have a portal role that lets you have access to a transaction in R/3, if you don't have the back end authorization you won't be able to get at the data.
I hope this helps
John

Similar Messages

  • Role of LDAP server in portal

    HI
    Can any one tell me what is the role of LDAP server in portal
    Thanks
    shashank

    Hi Shashak,
    if you use the LDAP Server as UME User Store, the security policy from the LDAP server is enforced. This means that if the data source has defined its own security policy, there is no standard interface to pass on any error messages received from the data source to the UME user in the same level of detail and in the correct language. The user only receives a very generic error message. Therefore, you would need to adapt the Portal security policy accordingly. You can find some further information under http://help.sap.com/saphelp_nw04/helpdata/en/7f/c52442ad9f5133e10000000a155106/frameset.htm.
    More general information on LDAP integration you can find under http://help.sap.com/saphelp_nw04/helpdata/en/3b/68ff407765ed6fe10000000a1550b0/frameset.htm.
    Best regards,
    Joerg

  • Steps for portal and Microsoft LDAP server integration

    Hi,
    Could any one guide me steps for portal and Microsoft LDAP server integration. Need it urgently.
    Thanks in advance.
    Regards,
    Niraj

    Please don't cross post in multiple forums..

  • Portal and Netscape LDAP server integration

    Hi,
    I am trying to integrate Netscape LDAP server (6.0) with portal server 7, but
    having lots of trouble doing that.
    I've followed the instructions in the developer guide and completed the following
    steps:
    1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServer in config.xml
    and modified the entries to fit my environment.
    2. Deployed ldapprofile.jar and customized the env variables.
    After these two steps, nothing happened. Then I did the third step:
    3. added a iPlanet Authenticator to the realm CompatibilityRealm, which is my
    default realm for the server.
    However, after step 3, I wasn't able to boot weblogic server. Please note I have
    create two users, system and weblogic in my LDAP server.
    I copied the stack trace below. Any suggestions will be greatly appreciated.
    Weiguo
    C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java" -hotspot
    -Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
    -Dweblogic.Name=portalDemoServer
    -Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
    assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
    lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
    weblogic.Server
    <Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting boot identity
    from user.>
    Enter username to boot WebLogic server:weblogic
    Enter password to boot WebLogic server:
    Starting WebLogic Server...
    <Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loading configuration
    C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configuration data
    was found on server portalDemoServer for realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Security initializing
    using realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Server failed
    during initialization. Exception:java.lang.SecurityException: Authentication for
    user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied at
    weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    >
    <Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342> <Unable to
    in
    itialize the server: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    >
    The WebLogic Server did not start up properly.
    Exception raised:
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    Reason: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)

    Thanks a lot Scott. I followed your instructions and got it working to a certain
    degree. I am pretty happy about the results.
    There are still a few issues:
    1. I had to create groups and users in my directory server in order to boot up
    and logon to the server. This is expected, but is it possible to export these
    user/group settings from the embedded LDAP server so that I can import them into
    my directory server? Currently, the only way is manual and it's error prone. A
    lot of trial and error has to happen to get there.
    2. It seems that using Netscape LDAP server only allows read-only access. This
    means we have to create new users/groups outside of the portal server and one
    other side effect is self-registration is impossible, unless we use custom security
    providers. Is this assessment correct? Since LDAP integration is so important,
    wouldn't it be nice if BEA have that built-in and all we need to do is to switch
    to and configure it?
    3. I got duplicate users and groups in compatibility security. Obviously, one
    set is from my LDAP server and the other is from the embedded one. I tried to
    remove to embedded LDAP authenticator, but the duplicates are still there. How
    can I get rid of the duplicates - I only want the ones from my LDAP server?
    Thanks again Scott.
    Weiguo
    Scott Dunbar <[email protected]> wrote:
    Weiguo,
    WLP 7.0 uses a compatibility realm only and will not work with the
    custom realm that you created for the Netscape directory server.
    Configuring an LDAP compatibility realm isn't too bad and its
    configuration is much like 4.0. However, it can be hard to configure
    initially from the console. One way is to shut your server down and
    modify config.xml directly - but make sure you make a backup copy first!
    Then add something like:
    <CachingRealm BasicRealm="myRealm" CacheCaseSensitive="true"
    Name="wlcsCachingRealm"/>
    <CustomRealm
    ConfigurationData="user.filter=(&(uid=%u)(objectclass=person));
    user.dn=ou=people,dc=beasys,dc=com;
    server.principal=uid=dirmanager,ou=people,dc=beasys,dc=com;
    membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
    group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
    server.host=somehost.beasys.com;
    group.dn=ou=groups,dc=beasys,dc=com"
    Name="myRealm" Password="your_password_here"
    RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
    will enable your LDAP server. After this is setup it will be much
    easier to configure via the console. Obviously you'll need to update
    the parameters above for your configuration.
    Weiguo Wang wrote:
    Hi,
    I am trying to integrate Netscape LDAP server (6.0) with portal server7, but
    having lots of trouble doing that.
    I've followed the instructions in the developer guide and completedthe following
    steps:
    1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServerin config.xml
    and modified the entries to fit my environment.
    2. Deployed ldapprofile.jar and customized the env variables.
    After these two steps, nothing happened. Then I did the third step:
    3. added a iPlanet Authenticator to the realm CompatibilityRealm, whichis my
    default realm for the server.
    However, after step 3, I wasn't able to boot weblogic server. Pleasenote I have
    create two users, system and weblogic in my LDAP server.
    I copied the stack trace below. Any suggestions will be greatly appreciated.
    Weiguo
    C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java"-hotspot
    -Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
    -Dweblogic.Name=portalDemoServer
    -Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
    assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
    lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
    weblogic.Server
    <Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting bootidentity
    from user.>
    Enter username to boot WebLogic server:weblogic
    Enter password to boot WebLogic server:
    Starting WebLogic Server...
    <Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loadingconfiguration
    C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configurationdata
    was found on server portalDemoServer for realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Securityinitializing
    using realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Serverfailed
    during initialization. Exception:java.lang.SecurityException: Authenticationfor
    user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic deniedat
    weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    <Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342><Unable to
    in
    itialize the server: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    The WebLogic Server did not start up properly.
    Exception raised:
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    Reason: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    scott dunbar bea systems,
    inc.
    [email protected] boulder, co
    303 998 2125 usa

  • EP6 : Store portal roles in AD or LDAP ?

    Hi all ,
    in EP5 you could store portal roles in an external AD ,using a AD schema extension . I don't see any docs about this in EP6 ...is it possible in EP6 ?
    If not is it possible to store that info in a LDAP directory ?
    Regards
    Daniel

    Hi Daniel,
    The portal roles are stored in the portal database starting with EP6.  This provides companies greater flexibility--as most customers did not want to extend their corporate LDAP schemas so they ended up creating a new directory server specifically for EP5.  With EP6 they can perform authentication directly against their corporate data store without the extra overhead and mgmt on the directory server.
    If I were you, I would create the roles in the portal and then assign Active Directory groups to these roles.  You then get the best of both worlds;).  Users are assigned to groups in the AD, but roles are created in the portal.
    Hope this helps.
    Marty

  • How can portal use two different LDAP Server in UME

    Hi,
    My question is Can UME in portal be configured for multiple LDAP sources.Currently i have a setting in portal
    as follows:
    Server Name : Abcd
    port : 1234
    user : CN=" ",Ou=" ",Ou=" ",Dc=AD,Dc=my company,Dc=com
    password :
    user path : DC=AD,Dc=My company,Dc=Com
    group Path : same as user path
    I want to configure one more LDAP server to my portal UME,how can give values for that in above sttings.I even want these current settings to be enabled.
    Do anyone have idea on this.
    Thanks and Regards
    Rani A

    Hi again ,
    I know it can be done. But how urgent is this for you.
    I can get back to you in couple of days, me lil busy today.
    cheers,
    Anu...

  • How do you test portal roles and/or ESS roles if testid is not in LDAP?

    We have a process but it is hard to maintain and not very secure.  I was wondering how other Security Admins solve this problem.
    For examplle, we have users who use ESS, MSS, Adobe Forms and a few other portal roles.  And, all of them are using the LDAP to authenticate users.
    Our Basis guys have created test ids in the Portal but they need to be asisgned directly to a pernr (on Infotype 0105) in order to obtain the right information in the portal.
    I'm curious as to how others maintain this process.
    All suggestions and recommendations are welcome.
    Thanks,
    Penny

    If the Basis team has created the test-id on the portal, assign the MSS/ESS role as per the business process
    make sure to create the same userid on the backend system and assign the userid to a pernr
    Assigning userid to PERNR lot of postings are available to do this please search.
    Also I remember at one of my customers project  the portal was configured to have "parameter setting" on the portal rather than the backend system.
    summary: Userid - UME/LDAP ( Basis already created it in your case )
                                  Portal roles ESS/MSS   - assigned to userid
                                  ECC/HCM system roles -assigned to userid  ( after PERNR is tied to userid)
                                  Paremeter setting to be done on portal
    Regards

  • Automatic upload of roles from ECC to portal (UME with LDAP)

    Hi experts,
    This thread reopen the question asked on the following message : automatic upload of roles from BI to portal
    However, it concerns this time "UME with LDAP".
    Problematic :
    SAP Library 04s tells us that is not yet possible to automate role replication (or role assigment replication) from ABAP Based back-end to Netweaver Portal. Only manual process for initial upload is possible.
    Source = http://help.sap.com/saphelp_nw04s/helpdata/en/41/5e4d40ecf00272e10000000a155106/frameset.htm
    Questions :
    1 - Did anyone ever try to implement such an automatic tool ?
    2 - What if I'm not able to write on the Active Directory ? I am still able, at least, to automate role assignment replication from ABAP Based back-end to Netweaver Portal (ie. UME with LDAP) ? Directly from SAP R/3 to EP through UME, without passing through Active Directory since the group field is not maintained in AD.
    Many thanks for your inputs
    Alexis MARTIN

    Hello,
    As I did not read the previous thread I don't know what exactly you are trying to achieve, but I can tell you about what we have done - as far as it is not too late yet.
    We use the portal with integration to a BI system. In the ABAP stack we have lots of roles with menu items for hundreds of reports. We want the users to see these roles in the portal.
    First we have used the role migration tool of the portal to upload these roles. There is a Java API for executing role uploads from code. You need to create a webservice in the java stack to call this api, and can call the webservice from ABAP.
    However it is just a question of time and role size until this will not work at all. Standard role migration is more or less crap, stability is a problem. It also creates a lot of logs in the PCD and thus fills the database with trash. (After a few OSS messages there is now a program for deleting logs + you can turn of logging.) Also upload of larger roles takes up to an hour, and you alwasy have the problem that your portal roles are not up to date during the day.
    When I got completely fed up, I have implemented an own navigation connector. When you log on to the portal it will connect to the ABAP stack via RFC, load the role, and generate the portal menu from it. It uses caching, but on every logon it checks whether the role has been updated in ABAP since the last time it was loaded. It is up to date, faster then PCD navigation, and you need absoluetely no periodical synching at all. I cant even understand why this is not offered by SAP per standard!
    Drawback is that it will of course only work for the menu items, and only menu items with an "URL-type" are supported. I'm prettry sure however that it would be possible to implement a few other types as well.
    Let me know if you are interested in the solution, I can give you a few additional details: oliverDOTsvisztATwienerbergerDOTcom
    Oliver

  • Link ECC roles to Portal roles (Portal is using LDAP source for UME)

    Hi all,
    If a user is assigned a certain ECC ABAP role, they should also receive a related portal role.  Our portal is using LDAP.
    If our portal ume source was an ABAP system, I think it would be easy to achieve the ECC to ABAP role linkage.
    We were thinking of developing a UME java webservice and have an ABAP proxy class consume it to allow our abap system to assign the correct portal role, and delete the portal role.
    Any other ideas?

    Rajendra,
    Thx for your reply.  Can you provide any more details as to the design of your solution with the web service?  We are thinking of running a batch job nightly with a some mapping table in ECC to determine what ABAP role should link to the portal group then call the webservice to add the user to the portal group or delete the user from the portal group. 
    A second question is...does SAP Identity Manager offer any solution for this type of requirement?
    Thanks

  • Portal Roles added to the LDAP group is not showing up for users

    Hello expert,
    I have implemented SSO for Enterprise Portal and MS LDAP.  It is working fine but when I assigned roles to the LDAP group instead of UME group, they are not taking effect when I refresh the browser.  My service account that I set up in the keytab file is a read only account for the LDAP.  Is there some permission issue that I have to do to be able to add Portal roles or groups to LDAP groups?

    Hi,
    By default the LDAP integration configuration file is readonly.
    In this case, is not possible to modify data in LDAP.
    You must to connect in read-write mode; and I think that, furthermore, you need to configure SSL between Portal and LDAP in order to use read-write mode.
    regards,

  • Usage of external LDAP server with Portal

    Hi All,
    We are in a situation to use external LDAP server with WLP 8.1. These are the
    constraints we have to deal with:
    1. Only read is allowed from this LDAP server.
    2. This would be used for authentication purpose
    If thats the case, how can we use Visitor Entitlements/Delegated Admin and Group
    creation using Portal Admin tool since this will write to the configured LDAP
    server.
    Can somebody answer my question:
    1. Can we use external LDAP server - just for authetication (I know this is possible
    by using JAAS LoginModule, but I just want to get confirmed on this ) and
    2. Use default and embedded LDAP server for all others like Group/Visitor Entitlements/DAs.
    Any relevant pointers are also welcome.
    TIA,
    Prashanth Bhat.

    Thanks for th ereply. Some of your answers are not clear. Can you pls eloborate
    on this?? Pls see my comments below.
    "Johnson" <[email protected]> wrote:
    >
    Phil,
    Can I use embedded LDAP for production?
    Thanks
    Lawrence
    "Phil Griffin" <BEA> wrote:
    "Prashanth " <[email protected]> wrote in message
    news:[email protected]..
    Hi All,
    We are in a situation to use external LDAP server with WLP 8.1. Theseare
    the
    constraints we have to deal with:
    1. Only read is allowed from this LDAP server.
    2. This would be used for authentication purpose
    If thats the case, how can we use Visitor Entitlements/Delegated Adminand
    Group
    creation using Portal Admin tool since this will write to the configuredLDAP
    server.
    Can somebody answer my question:
    1. Can we use external LDAP server - just for authetication (I knowthis
    is possible
    by using JAAS LoginModule, but I just want to get confirmed on this) and
    >
    You can add the external LDAP server just for authentication, but in
    versions through
    8.1 SP2 WLP will want to verify the user exists (via the UserReaderMBean)
    during
    the login process (this check has been removed in SP3). A work around
    is to
    duplicate
    the user in a provider that does impl UserReaderMBean.
    Prashanth : You mean to say we have to duplicate the User in embedded LDAP server
    also??
    >>
    2. Use default and embedded LDAP server for all others like Group/VisitorEntitlements/DAs.
    >
    Yes, the default/embedded LDAP can still be used for DA/visitor
    entitlements. In the current
    release, the Portal Admin Tools can only be configured to use a single
    authentication provider
    while forming entitlements. In SP3, all configured providers are
    listed/usable by the tools.Prashanth : How can we configure Portal Admin tool to use authentication provider
    for entitlements??
    >>
    Any relevant pointers are also welcome.
    TIA,
    Prashanth Bhat.

  • How to configaration in LDAP Server in portal?

    Hi Experts,
    I configare the LDAP Server in portal , but is not configare plz send me docs
    Regards,
    Chandu

    Hi Check this out.
    https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
    Have a look at these BLOGS which tells you step step by approach to integrate LDAP with SAP EP.
    Novell  eDirectory  8.8 as UME Data Source for EP : Part I
    https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2937. [original link is broken]
    UME Data Source: LDAP
    https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
    Windows Integrated Authentication via Kerberos on an LDAP data source -
    NTLM with LDAP
    Browse these links.
    UME Data Source: LDAP
    https://www.sdn.sap.com/irj/sdn/wiki?path=/display/ep/setting%2bup%2ban%2bldap%2bfor%2bthe%2bportal
    Check these:
    https://wiki.sdn.sap.com/wiki/display/HOME/ConfigureLDAPand+EP
    http://help.sap.com/saphelp_nw04/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
    You can refer to the following weblinks for the same
    HELP.SAP.COM
    http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
    FORUMS
    LDAP Server settings for Configuring Multiple LDAP in Portal UME.
    LDAP Configuration - Multiple domains
    EP7 - Multiple LDAP sample file
    SAP Note
    736471 UME Configuration of multiple LDAP data sources

  • Portal 7 and embedded LDAP server

    I searched for this on support but nothing much came up on Portal 7, so here
    goes:
    We're thinking of moving to LDAP for user authentication. LDAP 2 is
    supported by the current Portal. What LDAP version is supported by the
    embedded LDAP server that comes with WLS? Can I convert sooner or later?
    Do I have to wait on something?
    Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
    embedded LDAP?
    Thanks,
    Steve

    Ture,
    Can use LDAP for UUP without using it for authentication/authorization? If so,
    how, or at least can you kindly point to a document that descrips how?
    Thanks
    Ture Hoefner <[email protected]> wrote:
    Hello Steve,
    I think you may be confusing the LDAP v2 specification with the WLS
    6.x, 7.x
    V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
    with the
    LDAP v2 spec. It is just version 2 of the LdapRealm (
    http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
    Portal
    doesn't really care which LDAP server you are using (and it works with
    both the
    original LdapRealm and the V2 LdapRealm).
    When using Portal with LDAP, there are three things you can use it
    for:
    1) authentication/authorization, using WLS security framework, and/or
    2) read-only Unified User Profile (UUP) via LdapPropertyManager in
    ldapprofile.jar to get user properties from LDAP, and/or
    3) read/write UUP via your own custom EntityPropertyManager to get/set
    user
    properties from LDAP.
    If you are using LDAP for authentication/authorization, then just follow
    instructions from WLS for configuring it. Your Portal app is a J2EE
    app that
    will use this service from your WLS app server.
    If you are using LDAP for a UUP then it doesn't really matter which LDAP
    server
    you use, as long as it really follows the LDAP spec. Portal just uses
    JNDI to
    search for attributes in the LDAP server and provides them to you as
    user
    properties.
    Steve Lewis wrote:
    I searched for this on support but nothing much came up on Portal 7,so here
    goes:
    We're thinking of moving to LDAP for user authentication. LDAP 2 is
    supported by the current Portal. What LDAP version is supported bythe
    embedded LDAP server that comes with WLS? Can I convert sooner orlater?
    Do I have to wait on something?
    Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
    embedded LDAP?
    Thanks,
    Steve--
    Ture Hoefner
    BEA Systems, Inc.
    4001 Discovery Drive
    Suite 340
    Boulder, CO 80303
    www.bea.com

  • Using Portal Server's DS 5.1 as a general LDAP server

    Does anybody use the Portal Server's "built in" Directory Server 5.1 as a general LDAP server? For instance, using the DS to authenticate workstations?
    When I installed our Portal Server 6.0, I installed it on a seperate host so I could use it for other things besides just the Portal Server.
    Before I went this route, I spoke with a Sun engineer and he said it was just like the "full blown" DS 5.1. I figured "Why have two directory servers when one will do the job for everything?"
    Now that I am eyeball deep in this project and about to go production, a different Sun engineer says not to do this because the portal server "wants to have the dir server all to itself." That's a real technical answer.
    Does anybody else do this and have you run into any problems?
    The Directory Server should scale just fine for our portal server and the little bit of misc use elsewhere.
    Any insight would be helpful.

    Hi,
    because the portal server "wants to have the dir server >> all to itself." That's a real technical answer.- ?! Why is that?! - asked I the portal and my
    portal told me, that he wouldn't mind to share
    his user directory with other appications e.g. calendar/im/mail servers...
    Just kidding,
    It is actually nice to have one userbase in one clean directory!
    Cheers,
    Alex :-)

  • Weblogic Portal &  LDAP Server

    Hi,
    I'm currently working on a portal project, where i will need to integrate WLP
    8.1 w/ existing LDAP server(like Sun One Directory). I want to know how to..
    1. integrate WLP 8.1 w/ existing LDAP directory server (Sun One Directory). If
    so can WLP can be configured to use Sun One for authorization?
    2. If not possible, is WL LDAP server full LDAP v3 compliant? is there a way to
    synchronize WL LDAP w/ Sun One Directory?
    Thanks in advance,
    Venki

    hi venki..
    in fact i m facing the same issue..
    if u ve made any progress in this regard..please let me know
    any help will be appreciated..
    thnks

Maybe you are looking for

  • Can't install Premiere Elements 11 from a DVD

    I have a disk that has photoshop and premiere (Adobe Elements 11). The Photoshop installed with no problem but when I go to install Premiere, the Install shield Wizard comes up and runs but then cuts off when I click OK on the windows installer menu.

  • Easy cost planning - derivation rule

    Hi all. I started using the ECP tool. Can I using the characteristic derivation , such as we use in CO-PA  (KEDR) ? Can i create a "derivation rule" to decided which value the character received according to character value  chosen. Example  . If I c

  • XI Value Mapping Replication JPR Error

    Hello together, I am trying to insert items from a csv-file into XI Value Mapping by using the XI adapter. Mapping and configuration is finished, the file is picked by file-adapter and comes through the mapping. In the SXMB_MONI the message is proces

  • Is it possible to download EBS 11.5.10?

    I posted a thread last week about installing EBS on a laptop...well I now have the laptop but my manager might be standing in between me and getting it installed! So here's my new question: is there somewhere I can download all the required files fro

  • / the only supposedly "mounted" partition, fs segfaults / 3.1.0-4

    [Update: Rebooting fixed the fs segfaults (were they segfaults?) although the "mounting filesystems... [FAIL]" message is still present.] I should probably have paid closer attention to the fact that ever since I went from 2.6 to 3.0 Arch has been sa