UME User Attribute

Similar Messages

• How to access custom ume user attributes via VC?

  Hi guys,
  I configured a custom user attribute within the ume configuration:
  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/de/44/0316d50bbe025ce10000000a1553f7/frameset.htm">Adding Custom Attributes to the User Profile</a>
  Now, how can I access this attribute within my VC model (user data)?
  Thanks for your ideas
  Benny

  Hi,
  Regarding adding properties to user data control, i have the following information. But i am not sure, whether it will be helpful to you.
  You can add a personalise property/User mapping property into a user data control.
  Drag a User data component, go to configure and click the + sign at the bottom of User parameters.
  You can add any personalised properties to the user data (with valid data types and allowed values). Then can use the property in any formula.
  When iView is opened in portal, the personalise property of that particular iView is used to change the property value
  Hope it helps.
  Regards,
  Sooraj

• Editing LDAP User attributes from UME interface

  Hi Gurus,
  We want to develop a solution with user management screens in WD. These screens will provide password reset and unlock functionality for users. Our users are stored in LDAP. Current connection to LDAP is in Read Only manner.
  I want to know
  1. How to enable the connection from UME to LDAP in read/write manner?
  2. What certificates need to be exchanged for write access? if any?
  3. What changes needs to be done in config file of UME?
  4. Which permissions should be granted for communication user to edit LDAP user attributes?
  Even after performing the change to read LDAP in read/write manner, will it be sure: If we lock user from UME, it will lock LDAP user? please comment.
  regards
  Kedar Kulkarni

  Hi,
  We are half way into our application between UME and LDAP. We have developed screens and tested in our internal server. In internal landscape, UME is connected to LDAP in read only fashion. So when we try to create User, it gets created in UME.
  But when we deploy same application into client landscape, we receive error as below:
  No data source feels responsible for principal. Please check the data source configuration
  Now we are not sure why this error is getting displayed.
  In client landscape there are 2 LDAPs connected to UME, with only one LDAP in read/ write access.
  Is there any way we can check which LDAP is being accessed by our code? Is there any concept of Default LDAP?
  Any code to access LDAP details will help us lot.
  regards
  Kedar Kulkarni

• Custom user attribute from ABAP to Portal UME

  Hi All,
  We have choose the ABAP as the data source for portal UME. We have a custom user attribute in the abap. Now i want to bring that custom user attribute from abap to custom user attribute in the UME.
  Any help will be rewarded.
  Thanks
  Sarang.

  Any resolution to this issue?

• Attribute to lock Portal UME user

  Hi SAP Expert,
  Does anyone know the attribute for locking UME user id in Portal Batch Import?
  I am trying to use 'Portal batch import' to mass lock portal users, that is by importing a batch file with corresponding uid. I search up and down and couldn't find the attribute that responsible for the lock status in portal.
  Have anyone experience a similar issue and know where to look for the lock attribute label?
  Thanks in advance.

  Jim,
  It sounds like you already have a text list of  users, who have left the company and the list is too long to easily search for each individual user and lock them.
  One thing you could do is the following:
  1. Create a group called temporary.
  2. Add this group to all the users as follows:
  [user]
  uid=john.doe
  last_name=doe
  group=temporary
  If your SAP NetWeaver system is 7.0 or earlier, this removes all other group assignments from these users! If you have SAP NetWeaver 7.1, you can use the following syntax:
  group=+temporary
  . This add the gorup assignment without removing the others.
  3. Start identity management and display all users who are members of this group.
  4. From the Table selection menu, choose Select All.
  5. Choose Lock.
  6. Enter the reason for the lock.
  7. Choose Lock.
  This seems to be a rather roundabout way to achieve your goal. Unless you are talking about thousands of users, it still might be easier to lock each user by hand:
  1. Start identity management.
  2. Copy the user name into the search field.
  3. Search.
  4. Select.
  5. Lock.
  Repetitive, but not nearly as destructive.
  SAP NetWeaver Identity Management offers additional functions, enabling you to trigger the locking of users automatically and removing all authorizations, say if your HR system changed the users status. But it does not sound like you have that option right now.
  -Michael

• NetWeaver UME user database

  Hello Experts,
  For SAP Sourcing 7.0, In a scenario the Buy Side and Sell side users need to be authenticated against NW UME data base. So while configuring the Directory settings the driver is set to NW UME. (for both internal and external users). And attributes (NAME, F.NAME, L.NAME and EMAIL) are mapped with NW UME (Users will be createdpushed to NW  in SAP Sourcing and UME). Along with this "bypass_error_block" property is set to "TRUE". When a new user is created in SAP Sourcing 7.0, The same user is created in the NW UME sucessfully.
  But while accessing to the URL few errors were noticed;
  1) For the first time, When tried to open buyside URL; SAP Netweaver log on page is displayed asking for the user credentials and when the user credentials are provided it takes to the SAP Sourcing page. BUT Is it that when we configure with NW UME, the users need to access through Netweaver log on page (or they will access the SAP Sourcing page)
  2) For the second time, When tried to access the system portal(fssystem) on the same explorer, the SAP Sourcing log on page is displayed. And system ID log in happened successfully.
  3) Now if the same buy side URL(fsbuyer) is opened on the same explorer then SAP Sourcing log on page is displayed (not the SAP NetWeaver) asking for user credentials and when user credentials are provided it throws an error "Entry Doesn't exist".
  (NOTE:- It was verified that the URL for point 1 and point 3 are one and the same)
  4) In order to get back to the NetWeaver log on page to access the SAP Sourcing system, we need to close all the explorers and reopen the buyside portal.
  More over; For the Enterprise log in, one interesting property was found; when we try to log in for the first time it throws an error " Entry doesn't exist". But from second time onwards it successfully allows for log in.
  Is there anyone who is facing similar type of error. Or is there any other settings need to be done for cluster and directory configuration?
  Your help would be really appreciated.
  Thanks
  Jagamohan

  This tool looks interesting, and might be useful to Rao, but it would need some improvements to make it secure. I suggest using cryptographically secured session between the domain controller and the SAP system so that password changes can be send to SAP, and then captured by an RFC function module, and written into SAP user store. Since RFCs in SAP can be secured using SNC, and AD uses Kerberos, it would be good/easy to use Kerberos to secure the session between the DC and SAP ABAP when passing the password over the network. Then, the J2EE engine can be configured to use ABAP as the user store via UME. The end result is that Active Directory can be used to authenticate to SAP, and if AD is not available, or wide area network is not available the ABAP/UME password can be used locally.
  One issue worth considering, is what happens when there is no network connection from the domain controller to the SAP system ? The software would have to queue the request so that when network connection is back, the password change is pushed to SAP system, and then the two password stores will be in sync at all times. Without this queuing system there is a chance the password will get out of sync.
  Obviously, a lot of work to do in order to make this work, especially if you want it to work securely and reliably. However, it has some possibilities.
  Take care,
  Tim

• IdM 7.2 UI - link between UME "User ID" and MSKEYVALUE

  Hello together,
  if we provide somebody access to the user interface of the IdM the user has no permissions/can not see any tab in the Portal UI.
  The user has the necessary UME actions/role in the portal and the corresponding identity has the nescessary MX_PRIV* privileges in IdM.
  We are using generated MSKEYVALUEs in our IdM landscape which are not the user IDs of the employees. Therefore UME "User ID" and IdM "MSKEYVALUE" are not the same.
  Example:
  My user ID in the portal: micfra
  My MSKEYVALUE in the IdM: 0123456
  But there is another Z attribute which contains my user ID.
  If I Change my MSKEYVALUE temporary to "micfra" everything is working fine.
  Is there any possibility to configure the IdM so that another attribute will be used to link both systems? How can I provide user Access to UI when MSKEYVALUE do not contains user ID of portal?
  Thanks and best wishes
  Michael

  Hi Michael,
  I've always had MSKEYVALUE and my UME ID match when using UME as the back end.  It's just easier and provides a known, common link between my systems.
  However it seems if you wish to use another value, you can change this by going to your Identity Store, General Tab, and change the value of Unique ID.
  Hope this helps,
  Matt

• Accessing UME Custom Attributes

  Hi All,
  I am trying to access the UME custom attribute for all the users in Webdynpro. There is only one Portal and there is no LDAP.
  I used
  IUser user = UMFactory.getUserFactory().getUser(uniqeID);
  IWDClientUser wdUser1 = WDClientUser.getClientUser(user.getUniqueName());
  IUser user1 = wdUser1.getSAPUser();
  String attr= user1.getAttribute("<namespace>","<attribute name>");
  But this is only giving me the custom attribute for WD logged in users. In WD, I want to get this attribute for other UME users as well.
  if I use,
  IUser user = UMFactory.getUserFactory().getUser(uniqeID);
  String attr= user.getAttribute("<namespace>","<attribute name>");
  I get null.
  Please reply.
  Thanks,
  Anil.

  (String[]) IWDWebContextAdapter.getRequestParameterValues( String key);
  will give you all parameters under the specified key.
  nikhiL

• Exempt UME user for password expiration

  Is there a way to exempt a user from the password expiration setting? For example, passwords for all users are set to expire every 90 days, but a user id, say "monitor_user", is used in monitoring application to perform an automated logon check. Every 90 days when the password expires, the monitor fails. Is there a way to set this user's password not to expire?
  Thanks

  Glen and Giorgio,
  Let me see if I can clear things up a little bit.
  First, there is the security policy which is controlled by the UME properties. This defines password length, logon ID length, etc. These properties apply to the entire AS Java and cannot be trimmed down for individual users. How they apply to users in different data sources also varies. For example, these properties are ignored to some extent if you have an ABAP system as your user store. See the following link:
  http://help.sap.com/saphelp_nw04s/helpdata/en/7f/c52442ad9f5133e10000000a155106/frameset.htm
  Second, as of NW 04s SPS 7 a new user attribute was added, named "security policy". For individual users you can choose one of the following security policies:
  default users (user can logon, password rules apply)
  technical users (user can logon, password does not expire)
  internal service users (user cannot logon, usually do not have passwords)
  There is a fourth policy: unknown users, applies to certain users mapped from an AS ABAP.
  In SPS 7 I believe and latest in SPS 8, you have limited abilities to change the security policy of the user with identity management. You can change the policy from unknown or default to technical but not back.
  In SPS 9 and later you can change the policy from unknown or default to technical and from unknown or technical to default.
  I wonder if support misunderstood your question and thought you were referring to the first type of security policy and not the second.
  Message was edited by: Michael Shea

• Custom User Attributes stored?

  Hi,
  I would like to know which table in Database, user attributes like firstname, lastname, email, custom attributes if any are stored. I know that some of the attributes like islocked, failedlogonattempts are stored in <b>ATTR</b> field of <b>UME_STRINGS</b> and their values stored in <b>VAL</b> field  in the same table.
  Can anyone help me in identifying the table in which attributes stored and how altering the table to add extra custom attributes other than the <b>UME APIs</b>?
  Thanks in advance....
  Regards,
  Ganesh N

  Hi Ganesh
  I'm not sure why you'd want to get to the table(s) directly. Why not use the supported mechanism (APIs) rather than hope SAP never changes the underlying tables?
  Have you tried a SQL trace at the J2EE level?
  Cheers

• Custom User Attribute

  Hi All,
  We have choose the ABAP as the data source for portal UME. We have a custom user attribute in the abap. Now i want to bring that custom user attribute from abap to custom user attribute in the UME.
  Any help will be rewarded.
  Thanks
  Sarang.

  Hi Sarang,
  Check this:
  UME attributemapping for R/3 datasource
  Greetings,
  Praveen Gudapati

• UME user search with multiple search fields (AND / OR search)

  Hi,
  I'm struggling with a UME user search problem. I have multiple search fields: lastname, firstname, department
  Searching in this fields is working with the default IPrincipalSearchFilter.SEARCHMETHOD_AND (default)
  <a href="http://help.sap.com/javadocs/NW04/current/um/com/sap/security/api/IPrincipalSearchFilter.html#setSearchMethod(int)">JavaDocs SearchMethod_AND</a>
  Now I would like to add an additional search field for searching in telephone, cellphone as well. BUT searching for a phone number with searching for one of the other fields should not be a AND search. Is this possible?
  Here is the actual non-working code:
       Vector retVector = new Vector();
       //get Userdata with IUserFactory
       IResourceFactory resourceFactory = ResourceFactory.getInstance();
       IURLGeneratorService urlGen = (IURLGeneratorService)resourceFactory.getServiceFactory().getService(IServiceTypesConst.URLGENERATOR_SERVICE);
       IUserFactory userFac = UMFactory.getUserFactory();                    
       IUserSearchFilter srcFilter = null;          
       try
            srcFilter = userFac.getUserSearchFilter();
       } catch (UMException e)
            // TODO Auto-generated catch block
            e.printStackTrace();
       if(lastName.length() > 0)
            srcFilter.setLastName(lastName + "*",ISearchAttribute.LIKE_OPERATOR, false);
       if(firstName.length() > 0)
            srcFilter.setFirstName(firstName + "*",ISearchAttribute.LIKE_OPERATOR, false);
       if(department.length() > 0)
            srcFilter.setDepartment(department + "*", ISearchAttribute.LIKE_OPERATOR, false);
  //Here I need help!!!!!!! Please advice!!!
       if(telephone.length() > 0)
            srcFilter.setTelephone("*" + telephone, ISearchAttribute.LIKE_OPERATOR, false);
            srcFilter.setCellPhone("*" + telephone, ISearchAttribute.LIKE_OPERATOR, false);
       //if(mobil.length() > 0)
       //     srcFilter.setCellPhone("*" + mobil, ISearchAttribute.LIKE_OPERATOR, false);
       //Set maxium value for Result and thus limit the static variable SIZE_LIMIT_EXCEEDED
       //This method can only be used, if only one search attribute is specified -> thanks SAP
       if(srcFilter.getElementSize() <= 1)
            srcFilter.setMaxSearchResultSize(300);
       ISearchResult srcResult = null;
       try
            srcResult = userFac.searchUsers(srcFilter);
       } catch (UMException e1)
            // TODO Auto-generated catch block
            e1.printStackTrace();
  Thanks for any help...
  Stefan

  Hello,
  I could still need some help. Is there no one who could give me a tip? Could I explain my problem clearly enough or do you need some more information about my problem?
  Or is the search topic with searchFilter not a very common used thing?
  Is there a possibility to do a search in the received search result? Can anyone explain how this would work?
  Any ideas are welcome.
  Regards,
  Stefan

• How to get user attributes from LDAP authenticator

  I am using an LDAP authenticator and identity asserter to get user / group information.
  I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
  Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
  Any help would be appreciated

  Hi Julián,
  in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
  A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
  Beginner
  Medium
  Advanced
  Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
  Hope it helps
  Detlev

• How can i pass the logged in user attribute value into looku query ?

  HI,
  Is there any way to pass loggined in user attribute vallue to lookup query directrely in AD Child Group form.(Like '$Form data.UD_ADUSER_AD')
  Thanks in advance
  Edited by: 790561 on 5/12/2011 16:01

  loggined in user attribute vallue can be understood differently:
  - A requester raising a request and you want *Requestor's ID" there.
  - An approver logging in to the system for doing approvals.
  - A System admin logged in to the system for managing the *Forms, Requests' etc
  All the above cases are different and you would expect different values for all. If you requirement was the Requester then
  1) Either create a hidden attribute in the Process Form and pre-populate it from the Request Form. In your query use *$Form data.UD_ADUSER_DUMMYREQID')*
  2) Or directly capture the *$Requester Information.User Login$* attribute in the process form and do manipulations

• How to Sync User attributes between local forests?

  Hi
  We are currently migrating three AD domains to one.
  We are migrating users and distrubution groups with ADMT to the new domain, and stating to move services to the new domain. starting with sharepoint.
  But for some time, some services will remain in the three old domains. To avoid maintaining user attributes like phonenumber, address etc multiple places, I would like to schedule a sync of some user attributes from the old domains to the
  new.
  Just like DirSync between a local directory to office 365 - but how is it done with local domains and not with office365?
  So if a helpdesk user is updating a users phonenumber i one of the three old AD, it should be synced to the new domain after. I would like to run this as a schedule task every 15 minute or so.
  ADMT is like a one time migrating tool to create the users in the new domain, but I can't see that it will support user attribute
  synchronisation.
  Do you have any suggention on how I can solve this task?
  Best Regards, Steffen. 

  ADMT is like a one time migrating tool to create the users in the new domain, but I can't see that it will support user attribute
  synchronisation.
  I am not sure about the schedule task and if it is available to use in this scenario or not. You have two different security boundaries, so it is not easy as setting up a scheduled task to sync data. Even if it is possible, it would be very hard to established.
  For selected users you have to define what to sync and what not to sync and etc.
  I believe on of the things you can do is to use FIM 2010 in order to have a synchronized directory. That is the best thing you can do AFAIK.
  Sync Users between domains with Forefront 2010
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or
  to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.