UME/ABAP Configuration, User Duplicates

Similar Messages

• UME LDAP configuration XML file

  Dear Experts-
  I am configuring multiple LDAP as ume for EP 7.0 EHP2 . I am following the the document below.
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8036faa9-3d95-2c10-e596-c7c97082f07e?QuickLink=index&overridelayout=true
  It mentions xml file to be dowloaded is  dataSourceConfiguration_multiLDAP_db.xml file but ther eis no such file. Can you please let me know where I can find this.
  The only ones I see are.
  Microsoft ADS readonly , deep and flat
  Microsoft ADS Deep & flat
  Novell LDAP Read only flat and deep
  Novell LDAP flat & deep
  DatasourceConfiguration_simens_deep_readonly_db
  Siemes LDAP servers Read flat & deep
  Just to let you know we are using MS ADS flat. Please  let me which which file I can choose to put the second LDAP data source.
  Thanks,
  John

  John,
  There is no such file (dataSourceConfiguration_multiLDAP_db.xml) delivered for configuring multiple LDAP data sources.
  You will need to download dataSourceConfiguration_ads_readonly_db.xml and modify as per your needs and upload it with your own custom name.
  1. Open the dataSourceConfiguration_ads_readonly_db.xml file using a text
  editor (other than Notepad) and locate the <dataSource.../> section for the u201CCORP_LDAPu201D.
  2. For each additional LDAP server, paste the copy into the document after the original
  </dataSourceu2026> ending tag for the CORP_LDAP source. Change the name of the data source for
  pasted copy to u201CCORP_LDAP_Xu201D or some other value. This value becomes a data source identifier
  for UME and prefixes the principal Ids.
  For each LDAP data source, locate the <privateSectionu2026> within the <dataSourceu2026> tag and
  enter the following lines if they are not present:
  <ume.ldap.access.server_name>SERVER_HOSTNAME</ume.ldap.access.server_name>
  <ume.ldap.access.server_port>SERVER_PORT</ume.ldap.access.server_port>
  <ume.ldap.access.user>DS_USER_NAME</ume.ldap.access.user>
  <ume.ldap.access.password>DS_PASSWORD</ume.ldap.access.password>
  <ume.ldap.access.base_path.user>USER_ROOT_IN_DS</ume.ldap.access.base_path.user>
  <ume.ldap.access.base_path.grup>GROUP_ROOT_IN_DS</ume.ldap.access.base_path.grup
  >
  Save this file with your custom name and upload it.
  Thanks,
  Shanti

• UME ABAP PORTAL WITH MULTIPLE DB INSTANCES

  Hello xperts, there is a subject i would like to expose, we have a portal with UME ABAP, and we are integrating no-sap portals to the sap portal, in order to make single sign on we know is necessary todo a user mapping , using only one sap backend system,and several local portal users (ume java).
  I know it is not possible get back to ume java which is the default installed in a fresh portal installation, but what if we install a new instance with another system id and and using the same database instance? it is possible? (or some thing like that?)
  Thank a lot!!!
  Edited by: NWrscr on Jul 14, 2011 1:17 PM

  Hi,
  Hope you are doing good.
  I am not sure if i have understood the issue correctly, but you can give MCOD a shot.
  [http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/80d0613c-b806-2a10-2891-aae5bbcd1a79]
  This is still supported by SAP.
  Thank you and have a nice day :).
  Kind Regards,
  Hemanth
  SAP AGS

• Guide me how to automate UME LDAP Configuration

  Hello colleagues,
  I am not sure if this is the right place for putting my question.
  We wanted to automate 'UME LDAP Configuration with Microsoft AD', because we have nearly 25 portals and has to be refreshed for every 3 months from different systems. Instead of configuring UME  every time, we wanted to automate it such that
  it can be done by one click for each portal.
  I am not aware, if it can be done through Webdynpro or Java API.
  Please let me know in which way we can achieve this functionality. If it is in Java then please let me know how to access UME APIs. Moreover Configtool will not save its data at O.S level, it stores in DB.
  Please guide me on achieving this.
  Regards,
  kasi

  Hi Nivas,
  thank you very much for your answer.
  Could you please let me know any APIs to use these functions
  I googled and found APIs for User management ( creating,deleting ,etc..) only.
  I could not find any APIs for LDAP settings in Configtool.
  I wanted to set these values ( which are specified in above link ) from out side.
  Regards,
  venkat
  Edited by: Venkata Kasi G on Mar 2, 2012 2:41 PM

• ABAP Service Users  not working - important

  Hi,
  I installed finally BPC 75 NW, and I cannto get ito the application for the 1° time because I have several issues.... I get the error "The user ID, password  cannot be authenticated. Make sure you entered valid credentials".
  On Server Mgr. i get 2 errors " Sap server connection : database connection"  and "ms message queue:  queue name:  .private$BPCstatusmessagequeue".
  I have done eveything in order to solve this... but... after a lot of research I found a note where it is suggested to uninstall, however I still want to change some parameters as described in the installation guide, I hope you can please help me to clear this:
  Manual, page 43, installation for NW.
  - ABAP service users can be locked as a result of the install.
  - Check and unlock users, use SU01, press Ctrl + F5  (done, not a problem)
  - Check that COM + Components exist (done)
  - Check interfaces (this means changes in Pooling & Recycling?)
  - Check that librfc32.dll is set up appropiately (I had the problem during install where i needed to reassign this dll, now is not an issue  unless there is something else to check that i am not aware of)
  - IIS Port (80 by default right?)
  - ServerConfiguration.config for the correct username and system info (cant find this file)
  - Registry Entries on 32 and 64 bits (how can I do this)
  - Check C:windowssytem32driversetchosts file to ensure that a fully qualified domain and IP resolution exists (what exactly do i need to check)
  On server mgr also I have for  COM+ components " domain system administrator with which i installed  & password"   is this right?
  Thanx in advance, it is really important.
  Velázquez

  Hi,
  Thanx for the feedback !! really appreciate it. Here is the response:
  The COM components are ok, as well as the MSMQ and every other component you mentioned (also reinstalled it). I reactivated all "dictionary" to the 3 users created in ABAP, changed role to communication, and give SAP_ALL permission.
  In the machine, changed the Default web site to port 81 (to let BPC website take port 80)
  Reinstalled  NET 2.0, set all components for BPC website to Net 2.0
  Created the 3 abap users in domain and gave in both systems  the same password.
  Entered in the machine as the administrator user (also administrator in Netweaver) and started the installation without trouble.
  After that, tried to run the server diagnostic but this user was lacking permits, so I added the 3 users (abap) in the local machine as administrators, in a  new group called BPC (only giving the administrator role). Entered now in the machine as BPC_SYSADMIN and ran the Server Diagnostic without trouble.
  After doing this, I now am facing an issue trying to add users to the 1° appset... choosing the domain users... however someone mentioned that this is related to the NET tier, is it better to reinstall this tier completely or at least try with NET 1.1, but im just about to find out.
  Thanx again for the response.
  Velázquez

• Configure User Authentication on SOAP Receiver Adapter

  Hi,
  I am calling a WebService that is available over the internet.  We are on PI 7.1 and I am using a Soap Receiver Adapter.  The configuration was downloaded from SAP in a partner package.  The development in the package was done on XI3. 
  I need to call the WS with user authentication.  I've selected the "Configure User Authentication" radio button and entered the username and password.  The message fail with "HTTP 401 Unauthorized" and it is because the user details are not being send from the adapter.  If I copy the XML payload to a XML tool, like Stylus Studio, I can call the webservice successfully.  I've read through numerous blogs and messages on this Forum, including adding the adapter module (MessageTransformBean) and changing the Conversion Parameters without any luck. 
  Any suggestions please?
  Thanks

  I am calling a WebService that is available over the internet.
  I copy the XML payload to a XML tool, like Stylus Studio, I can call the webservice successfully.
  normally the webservices that we use (from internet) are freely available...meaning they dont require any username/ password.
  if no credentials are required then do not select Configure User Authentication...uncheck it....if user-details are provided by the Webservice, then use these details (not your XI/ PI user details) in the channel.
  Are you using any user-name/ password while testing from SOAP tools?
  Regards,
  Abhishek.

• [Forum FAQ]How to troubleshoot common issue when configuring user device affinity from usage data

  Symptom:
  Some clients might fail to automatically configure user device affinity from usage data if you have manually configured user device affinity before.
  When you check the UserAffinity.log, you can find the similar error messages as below:
  User 'XXXXX\XXXXX' has xxxxx usage minutes UserAffinity 
  Setting auto affinity for user 'XXXXX\XXXXX'. UserAffinity 
  Found same state message existing. (was sent before) Skip sending same state message for user 'XXXXX\XXXXX'.. UserAffinity 
  Figure 1. Error Message in UserAffinity.log
  Cause:
  As the log said, there is a user affinity state message existing in WMI which prevents client from sending new user affinity state message.
  Resolution:
  We can delete the user affinity state message in WMI to force the client to resend the user affinity state message.
  We can follow the steps below:
    1. Run Windows Management Instrumentation Tester (“Wbemtest”).
    2. In Windows Management Instrumentation Tester dialog box, click “Connect”.(Figure 2)
  Figure 2.
    3. Type “root\ccm\statemsg” under the Namespace table and then click “Connect”.(Figure 3)
  Figure 3.
    4. Click “Enum Classes”. (Figure 4)
  Figure 4.
    5. Choose “Recursive”
  in Superclass Info dialog box.(Figure 5)
  Figure 5.
    6. Double-click “CCM_StateMsg” in Query Result dialog box.(Figure 6)
  Figure 6.
    7. Click “Instances”
  in Object editor for CCM_StateMsg dialog box. (Figure 7)
  Figure 7.
    8. Choose the messages that contain "domain/user_Auto" and click “Delete” in the Query Result dialog box.(Figure 8)
  Figure 8.
  After you delete user affinity state message in WMI, the user affinity state message for the user will be resent. After a period time, we can check the UserAffinity.log to
  see if the user affinity state message has been successfully sent. The related information would be similar as below:
  Successfully sent user affinity state message for user 'xxxxx\xxxxx'.
  Successfully created pending user affinity for user 'xxxxx\xxxxx' into WMI.
  Figure 9.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  I'm not sure whether this is the appropriate place to add this but - a (possible) cause that I have seen which is not mentioned above is a request for an AAAA record (IPv6 address)
  being responded to with an A record (IPv4 address).
  DNS debug logging (Windows 2008 R2 SP1) captured requests to
  192.225.156.200 and the corresponding responses. In each case the response was followed in the debug log by the event “The DNS server encountered an invalid domain name
  in a packet from 192.225.156.200. The packet will be rejected. The event data contains the DNS packet.”
  The domain name in the response was the same as that in the query, and looks OK.
  The logged query shows an AAAA record (IPv6 address) request and the logged response returned an A record (IPv4 address).
  http://www.rfc-editor.org/rfc/rfc4074.txt “Common
  Misbehavior Against DNS Queries for IPv6 Addresses” says, under “Expected Behavior”:
     Suppose that an authoritative server has an A RR but has no AAAA RR
     for a host name.  Then, the server should return a response to a
     query for an AAAA RR of the name with the response code (RCODE) being
     0 (indicating no error) and with an empty answer section (see
     Sections 4.3.2 and 6.2.4 of [1]).  Such a response indicates that
     there is at least one RR of a different type than AAAA for the
     queried name, and the stub resolver can then look for A RRs.

• Assign SQ03 Abap Query User Group to role

  Please advise how to assign SQ03 Abap Query User Group to a role. Thanks.
  Moderator message: please do more research before asking.
  [Rules of engagement|http://wiki.sdn.sap.com/wiki/display/HOME/RulesofEngagement]
  [Asking Good Questions in the Forums to get Good Answers|/people/rob.burbank/blog/2010/05/12/asking-good-questions-in-the-forums-to-get-good-answers]
  Edited by: Thomas Zloch on May 12, 2011 5:40 PM

  Hello Sunil,
  The problem is that I have hundreds of users to maintain user groups.
  found out that it is possible to assign user group to role and role to user groups. implementing hr authorization with in-direct assignment of auth. So if I could use sq10, user groups could also be link to position in the org chart.
  sq10 does allow you to assign a user group to a role but when you assign the role to a user and the user runs a query, it reports that no user group has been assigned.
  Suspect that there must be a parameter or switch that is not turned on
  Regards

• Web Dynpro ABAP application users need a backend su01 account?

  Hello Experts
  i have been searching the forums trying to determine if all Web Dynpro  ABAP application users need a backend su01 account?
  thank you for assisting,
  regards,
  Thabiso

  Solved

• How to configure User domain in Weblogic..........

  How to configure User domain in Weblogic Application Server 8.1 from Command prompt on windows Xp?
  Thanks in Advance.

  <p>
  You can use WLST or weblogic.Admin command. WLST is the recommended appraoch. Here are a few links for both of the above:
  </p>
  <p>
  http://edocs.bea.com/wls/docs81/admin_ref/cli.html
  http://e-docs.bea.com/wls/docs91/config_scripting/using_WLST.html
  http://edocs.bea.com/wls/docs90/config_scripting/domains.html
  http://dev2dev.bea.com/blog/hoos/archive/2005/09/what_no_wlst_1.html
  http://dev2dev.bea.com/pub/a/2005/01/wlst_offline.html
  http://dev2dev.bea.com/blog/hoos/archive/2005/10/environment_pro_1.html
  </p>
  <p>
  Hussein Badakhchani
  London Middleware
  </p>
  Edited by hoos at 01/07/2007 3:50 AM
  Edited by hoos at 01/07/2007 3:51 AM

• Add user validation in create user form during Configure User Object Classe

  Hi friends,
  I like to add a user validation code (javaScript or PL/SQL) into create user form during Configure User Object Classes.
  Is any way to pick user information and role assignment for validation in Portal side?
  or pre event in OID provisioning befor loading LDAP?
  We like to make a rols assignment validation. But portal does not have this function.
  TOM, Any suggestion?
  Thanks!!

  after study, portal form --LOVGroupSearch take a  role search and display user name  for select role.
  Who know we are can find system object LOVGroupSearch in portal or OID?
  the source SCR as /oiddas/ui/oracle/ldap/das/search/LOVGroupSearch?title=Role%3Fredirect=/oiddas/ui/oracle/ldap/das/search/LOVGroupSearch%3Ftitle=Role
  When we search a role and added it. selected role appears in form Search and Select:.
  When click role name in Search and Select form. system will display Group Members and group owner.
  Who can find behind codes for this form or samilar pl/sql codes?
  Thanks!!

• Configure User Authentication in Web Service

  Hi,
  I have a receiver soap channel that consume a web service with user authentication. I am setting the user/password in Connection Parameters section, but I'm getting the error from the web service:
  Incoming message does not contain required Security header
  Any ideas about what's wrong in my channel?
  Regards,
  Ismael

  Hi,
  It doesn't work in my case (It's said in the first post).
  I have tested it using PI 7.1 using:
  - "Message Protocol=SOAP 1.1." and filling user/password in "Configure User Authentification" and I get the error:
  soap fault: WSDoAllReceiver: Incoming message does not contain required Security header
  - "Message Protocol=Axis ." I get the error:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException:
  javax.ejb.EJBException: Exception in getMethodReady() for stateless bean sap.com/com.sap.aii.axis.app*xml|com.sap.aii.adapter.axis.ejb.jar*xml|AFAdapterBean;
  nested exception is: com.sap.engine.services.ejb3.util.pool.PoolException: javax.ejb.EJBException:
  Exception raised from invocation of public void com.sap.aii.adapter.axis.modules.AFAdapterBean.ejbCreate() throws javax.ejb.CreateException method on bean instance com.sap.aii.adapter.axis.modules.AFAdapterBean@5902bd4b for bean sap.com/com.sap.aii.axis.app*xml|com.sap.aii.adapter.axis.ejb.jar*xml|AFAdapterBean; nested exception is: javax.ejb.CreateException: java.lang.NoClassDefFoundError: org/apache/axis/AxisFault
  Regards,

• Error while configuring User Management Utility

  Hi All,
  I am trying to configure User Management Utility for messaging server and calendar server. But while doing this it is failing to create service. The utility creates roles, configures with the webserver but fails to create service.
  This was the error :
  PASSED: /bin/sh -c /opt/nicp/ps62/SUNWam/bin/amadmin -u "uid=amadmin,ou=People,o=apollo" -f /opt/SUNWcomm/lib/config-template
  s/amadmin1718 -t /opt/SUNWcomm/lib/config-templates/changeComms.xml : status = 0
  PASSED: /bin/sh -c /opt/nicp/ps62/SUNWam/bin/amadmin -u "uid=amadmin,ou=People,o=apollo" -f /opt/SUNWcomm/lib/config-template
  s/amadmin1718 -t /opt/SUNWcomm/config/createroles.xml : status = 0
  FAILED: /bin/sh -c /opt/nicp/ps62/SUNWam/bin/amadmin -u "uid=amadmin,ou=People,o=apollo" -f /opt/SUNWcomm/lib/config-template
  s/amadmin1718 -t /opt/SUNWcomm/config/createservices.xml : status = 1
  PASSED: /bin/sh -c /opt/SUNWcomm/sbin/config-wbsvr : status = 0
  FAILURE: Number of task failed:1. Please check install log
  /opt/SUNWcomm/install/Iscli-config_20041021221229.log
  for further details.
  It could be useful if someone could throw some light on this.
  Thankx in Advance,
  s2810

  As I said in response to your other, smaller post, I'm not sure where you are, and this snippet of errors doesn't help me.

• SOAP REC Adapter....Configure User Authentication

  Hi
  I have a Receiver Soap Adapter parmater called "Configure User Authentication". If I check this option again we have two fileds which are to be filled with "User" and "passowrd". These user and password are used as authentication to access webservice. My webservice team claims XI is not sending those credentials to webservice during request. How can I check whether XI is sending the user and password information to webservice during requesst ??
  Regards
  Kumar

  Hi Kumar,
  there is an option :Check OSS Note no 856597
  Download the tcpgw.zip ...extract...open the aiitcpgw.jar file..and follow as expalined in the blog
  /people/varadharajan.krishnasamy/blog/2007/01/09/troubleshooting-soap-message--xi
  you will get the xml payload and there you can check the username and password is passing into the webservice.
  Cheers,
  Sunil.

• Using UME companies when user repository is LDAP-based

  I have an EP installation that is connected to an IBM Tivoli Directory Server that acts as user repository. All works fine but I want to be able to add users directly to the LDAP structure and have them to be members of one of the company groups that are definied in the UME.
  My idea was to add a LDAP-based group to a company group in the portal but that isn't allowed. If that had worked I only would have needed to make a user member of an LDAP group and instantly he/she also would be a member of the appropriate company group.
  So my question is if there is any way to do this? Can you alter the LDAP attribute schema with some property that tells the UME that a user also is member of a specific company?
  /Oskar

  Oskar, from what my developers tell me, you cannot do this with standard software. You must manage company membership in the UME.
  Sorry this answer doesn't help much.
  -Michael