WAS & LDAP ume
Hi,
Is there a possibility to enable UME on Java WAS to use database & LDAP directory even if the WAS is Developer Workplace or Java Sneak Preview ?
When I try to change UME configuration in UME configtool and save change, error ocurs. When I do that on regular Java Central instance installation, everything goes ok.
Can anyone answer my question ?
Thanks,
Best regards
Miroslav Koskar
Hi Miroslav ,
i didn'get u properly.
Config tool is for Offline Administration of SAP WAS.
just follow these links for UME LDAP Configuration.
http://help.sap.com/saphelp_nw04/helpdata/en/eb/00954081efb90ee10000000a155106/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/6f/258b2ef17d45a4afa45a00309a6a33/content.htm
Regards
Kishor Gopinathan
Similar Messages
-
Multi-Domain LDAP UME configuration
Hello
We have EP 7.0 installed and want to connect the UME to our Corporate
LDAP (MSADS) as data source.
Our ADS is as follows:
domain.pt u2013 This is our top level domain. Here we have our main users.
Gs.domain.pt u2013 This is a child domain of ren.pt. Here are some special
users that cannot be moved to domain.pt level (because of this we have to
use multi-domain configuration)
According to some documents Step 2 of Note 762419 - Multi-Domain Logon
Using Microsoft Active Directory this configuration as to be done
according to a Multiple-Domain UME LDAP Configuration.
Following is is my configuration of LDAP access:
I have set the u201CUME LDAP Datau201D in Config Tool to point to
the u201CdataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xmlu201D configuration file that has been previously change by me following previous documents. The xml is is the end of the message
Also in the u201CUME LDAP Datau201D (Directory Server) I have defined the following settings:
Server Name: dc01.domain.pt (This is the DC of domain.pt)
Server port: 389
User: j2ee-pp3 @domain.pt
Pass: ******* (ok on all configuration tests and authentication)
SSL: NO.
User Path: DC=domain,DC=pt
Group Path: DC=domain,DC=pt
Checked the u201CFlat User Group Hierarchyu201D.
Checked the u201CUse UME Unique id with unique LDAP Attributeu201D.
At u201CAdditional LDAP Propertiesu201D I have set the properties of
ume.ldap.unique_user_attribute(global) and
ume.ldap.unique_uacc_attribute(global) to userprincipalname. This was
done according to the Multi-Domain configuration.
Also ume.ldap.access.multidomain.enabled=true was set the property
sheet of the UME service. After this all checks are ok including in
User Administration in Portal.
Conclusion: We have no problem with SSO and search capabilities
at u201Cdomain.ptu201D level. All users of this domain are able to access the
portal with SSO.
Nevertheless no user from u201Cgs.domain.ptu201D is able to logon. Additionally,
using User Admninistration in Portal with option u201CAll Data Sourcesu201D
returns no results when searching for users from this child domain. It
seems the the configuration file does not recognize gs.domain.pt.
Is it possible that our xml file is incorrectly adapted? Is there any
missing or wrong configuration for multi-domain LDAP access? Please
advice.
Thanks in advance
dataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db_with_krb5_multipledomain.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->
<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection>
</privateSection>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="j_user"/>
<attribute name="j_password"/>
<attribute name="userid"/>
<attribute name="logonalias"/>
</attributes>
</nameSpace>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="email" populateInitially="true"/>
<attribute name="email"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
<attribute name="krb5principalname"/>
<attribute name="kpnprefix"/>
<attribute name="dn"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname" populateInitially="true"/>
<attribute name="description" populateInitially="true"/>
<attribute name="uniquename"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</responsibleFor>
<attributeMapping>
<principals>
<principal type="account">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="domain_j_user">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="j_user">
<physicalAttribute name="userprincipalname"/>
<attribute name="logonalias">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="facsimiletelephonenumber"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="null"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephonenumber"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetaddress">
<physicalAttribute name="postaladdress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
<attribute name="krb5principalname">
<physicalAttribute name="userprincipalname"/>
</attribute>
<attribute name="kpnprefix">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="dn">
<physicalAttribute name="distinguishedname"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="uniquename" populateInitially="true">
<physicalAttribute name="ou"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</principals>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.objectclass.grup>organizationalUnit</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>ou</ume.ldap.access.naming_attribute.grup>
<ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
<ume.ldap.access.set_pwd>true</ume.ldap.access.set_pwd>
<ume.ldap.access.multidomain.enabled>true</ume.ldap.access.multidomain.enabled>
<ume.ldap.access.extended_search_size>200</ume.ldap.access.extended_search_size>
<ume.ldap.access.domain_mapping>
[DOMAIN_PT;DC=domain,DC=pt]
[GS_DOMAIN_PT;DC=gs,DC=domain,DC=pt]
[gs;DC=DC=gs,DC=domain,DC=pt]
[domain;DC=pt]
</ume.ldap.access.domain_mapping>
</privateSection>
</dataSource>
</dataSources>
Edited by: Joaquim Pereira on Feb 7, 2009 1:34 PMHi Gaetano
I tried to set back the "uniqueid" in the XML to samaccountname.
Also, i changed the spnego to go only to domain.pt (gs.domain.pt is a child domain).
In the 1st tests this worked perfectly, but we still to do some testings with this config.
When i get confirmation, ill reply here.
Thank you.
PS:. we thought on defining the abap user for each user, but there are a lot of users...
we'll try this config, and if it doesn't work, probably, thats what we'll do.
Edited by: Joaquim Pereira on Feb 12, 2009 5:45 PM
Everything seams to be working now. setting back the uniqueid to samaccountname and configuring spnego to go to only 1 domain solved the issue.
I just need to test which change did the trick.
Edited by: Joaquim Pereira on Feb 13, 2009 1:02 PM -
Hi,
Thanks for helping!
Does anyone know how to set up a negative user filter for users in a given domain? I am using novell as LDAP server.
Ex. for a organization unit it is done like this:
<ume.ldap.negative_user_filter>ou=[unit]</ume.ldap.negative_user_filter>
What I would like to know is; what is the physical attribute name of Domain?
I have been looking for this for hours now... Any help would be very nice!
The best regards
KrisI don't think the negative user filter can be used in my case. I am going to use multible LDAP domains in UME using the same LDAP server but with different user and group paths.
This sould do the trick.
Thanks for your help!
Best regards
Kris -
MS AD LDAP+UME configuration guide
Hello
I have to implement User Management in LDAP(Deep hierachy)+UME Database mode. I am looking for Step by Step guides for the same with the requisite tools to manage MS Active Directory as a LDAP data source.
Thanks
ASRThanks for the reply.
1 more question
Which tool is used to administer LDAP users (e.g. Add a new LDAP user) from the Windows 2003 server.
Thanks
Ananda -
LDAP UME for ABAP + JAVA SYSTEM
Hi,
I am using NW 7 SP 15 with both ABAP + JAVA stack. The UME is set to ABAP by default during installation.
Can we change that to LDAP datasource?
Under System Configuration -> UME Configuration -> Data Sources (TAB) -> in Data Source dropdown box -> there is only ONE option available "ABAP SYSTEM" and no other option is present.
Any suggestion?
Regards
DebUps! Obviously a later change from ABAP to some other UME indeed is not supported by SAP. But this means not, that you cannot use LDAP or JAVA from the very beginning.
Did you not have the option to choose another UME data source for the Java Add-In during the installation process? (this may make sense, because the installation sequence for double stacks is always 1. ABAP stack 2. Java stack).
If not, then indeed LDAP as the primary UME data source is not supported for double stack installations.
If yes, you only have the chance to re-install your system.
In every case you can install 2 separate instances and connect them later. 1 ABAP instance with UME of course ABAP and 1 Java instance with UME LDAP or Java DB.
But before doing that and if I were you I would open a CSN at SMP and ask the software vendor ...
Regards,
Volker -
Hi Expert,
I have set up my user in LDAP today. Earlier it was in UME database, because of Two ID, I have deleted UME database .
Now I am getting error like
An unexpected error occurred while retrieving user mapping data for system "WebEx".
Someone can help me to resolve this error?
Thanks,
KundanHi,
the change of UME datasource went fine? Everything is working? Logon, logoff, user <-> group <-> roles?
Where do you get the error? Did you configure user mapping for your users before changing the datasource to LDAP? Have you tried to recreate the user mapping for the WebEX system?
br,
Tobias -
URGENT : EP LDAP Search Problem
Guys....any inputs ?????
Dear Portal Gurus,
We have connected LDAP To EP 6.0 SP12.
LDAP is ADS 2003 with two forests.(Deep Hierarchy)
I have created a XML config file for LDAP (UME Config. file) which connects to both the forests.
Everything works fine except when I navigate to Groups (say GROUPABC) and then from inside the group search for a USER (say USER001)who shows up as being in that group from a LDAP Browser (like Softerra) the search does NOT result in any match.
The group displays only 200 users even though there are more than 5000 users in it.The message we get is " the search hit is limited to 200 hits."
This user (USER001) does NOT show up in those 200 users.Now if I search for another user (say USER002) who is not in those 200 users but can be still seen from LDAP Browser (exactly like the last user I.E. USER001),that user (002) is being found as a result of a search from inside that group (GROUPABC).
There is a parameter in UME Properties file where we can change the max. search hits value from 200 to anything.
Will changing this value make EP to find USER001 in groupABC.
Pls note when USER001 and USER002 are searched as USERs (search users link) in EP they are seen to be assigned to the group GROUPABC.
Am told that windows has a limitation of showing only 1500 users inside a group.
To summarise : <b>my questions are :
1) How to find USER001 from inside GROUPABC &
2) How to display more than 1500 users inside that
GROUP in EP.</b>
Greatly appreciate your inputs.
Thanks.
Josh
Message was edited by: Josh Mannings
Message was edited by: Josh ManningsHi,
What you can do is
Go to -->config tool.bat
-->click on pencil icon
-->cluster_data
-->server
-->cfg
-->services
-->property sheet of com.sap.security.core.ume.service
-->find the property ume.superadmin.activate = TRUE
Now logon to your portal with admin credentials and once you logged in again come here and make this property = FALSE
This is known as SAP* user
NOTE: Please keep atleast one user with super admin role assigned when such thing happens again so that you can unlock it from portal itself and your work wont get stopped.
Regards,
Ameya -
IGroupSeachFilter/IUserSearchFilter for specific UME datasource
Hi all,
When using the "Identity Management" iview, there is an option to filter groups/users by selecting "All Data Sources"/"LDAP"/"UME Database".
How can I do this kind of filtering by code? (by using IGroupSeachFilter/IUserSearchFilter).
Thanks,
OmriHi Omri,
Once I was asked to perform similar task, and I couldn't find a way to set the DataSource in the filter.
This problem relates to the fact that UME doesn't know how many sources you have, until the XML config file is loaded, and (at least to my understanding) becuase of that standard API doesn't include anything related to source of data.
The only way to try to find it is through
UMFactory.getUserFactory().getUserSearchFilter().setSearchAttribute(blablabla);
The problem is that we don't know the technical name of the attribute...
What I did back then is looked for appearances of "LDAP" inside the user full unique name for this purpose.
Regards, Ivan. -
Would NWDI work after the UME Change ?
Hi All,
Our Dev Portal UME is going to be changed from local UME DB2 DB to ABAP UME.
The CMSAdim user is: KABA.
Would the UME Change affect the SAP NWDI ?
Would we need to lock KABA in local UME and create it ABAP UME ?
What would happen if we keep KABA in local UME.
Please let me know.
I was thinking of DTR Replication; but we have broken DC in Considilation Environment and the
Assembled code has error.
Should we go for DTR Replication to Test Portal before changing the UME in Dev Portal ?
Our Dev and Test Portal are version SAP NetWeaver 7.0 EHP1 SP6.
Thanks & Regards
Kaushik BanerjeeHi,
This is my understanding of how UME works in NWDI, if there is anything wrong do correct me:
In your case it's LDAP UME for NWDI, and the CMSADMIN user KABA exist in LDAP.
Now when you change the UME from LDAP to ABAP, here are the things you need to keep in mind:
1. While configuring NWDI you define CMSADMIN user and password at installation time. ( this need to be changed )
2. CMS Admin user will be used at the time of Import or Export of Activities in CMS.
3. When you login to NWDI CMS Web UI you login with your id ( having NWDI. Developer or NWDI.Administrator role assigned )
4. But when you do an import it internally uses CMS Admin user to do the import.
So when you change the UME you need to create CMS admin user in the ABAP UME and change the password in the configuration.
And regarding Replication, my suggestion will be to resolve all the issues before changing the UME.
Resolve the below first and then make the change to ABAP UME:
a. Broken DCs
b. And then do the import once you have everything consistent then make the UME change.
Check the links below to resolve the broken DC's
http://help.sap.com/saphelp_nw70/helpdata/en/46/14fa07c15214dce10000000a155369/frameset.htm
https://wiki.sdn.sap.com/wiki/display/TechTSG/%28NWDI%29Home
Hope this helps.
Cheers-
Pramod -
We are implementing external facing portal along with EBPP (Electronic Bill Presentment and Payment). Enterprise Portal and EBPP are on separate servers meaning they will have their own WAS. UME on both servers is configured to use AD (aka LDAP) and Database.
My question is, for User Custom attributes,
- Is it possible to share the UME database between these WAS Servers. By sharing I mean, custom attribute in the database is available to both WAS?
- If sharing is not possible, what is the recommended approach in making these custom attributes between WAS available? Interested to know how others are solving this issue. One option is to write a custom screen that would update both UME Databases but exploring to see if this can be avoidable.
Thank you in advance.Srinivas,
If I understand correctly, both AS Javas use the same LDAP as the data source, correct? I would suggest that you keep the custom attributes in the LDAP, not in the database of the AS Java.
http://help.sap.com/saphelp_nw04s/helpdata/en/44/7d188751626fb5e10000000a155369/frameset.htm
Of course you still have to configure both UMEs to display these attributes.
-Michael -
Problem with outlook connector LDAP Directory MAPI Service Provider is not
Hi,
I have very basic problem with sun outlook connector client.
I am using sun java system connector deployment tools to create client installation script, on first page I have to supply the location for web publisher and Microsoft LDAP service, I can find web publisher and I don't have any clue about location of LDAP services and without this my client instaltion script keep failing with following error.
The Microsoft LDAP Directory MAPI Service Provider is not installed.
--- 2006/09/25 14:14 ---
14:14:25 [5365] Outlook version is 11.0.5608.0.
14:14:25 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
14:14:25 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
14:14:26 [5362] Checking Windows version.
14:14:26 [5363] Windows version is 5.1.
14:14:26 [5364] Checking Outlook version.
14:14:26 [5509] Checking default mail client.
14:14:26 [5508] Default mail client is 'Microsoft Outlook'.
14:14:26 [5178] Verifying that Outlook is not running.
14:14:26 [5179] Trying to login to shared session.
14:14:26 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
14:14:28 [5502] Upgrading the Sun Java System MAPI Service Providers.
14:14:38 [5370] Finished installing Sun Java System MAPI Service Providers.
14:14:38 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
14:14:38 [5367] Sun Java System MAPI Service Providers are installed.
14:14:38 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
14:14:38 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
14:14:38 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
14:14:38 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
14:14:38 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
14:14:38 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
14:14:38 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
Thank you for your help.
Best regards
MoHi,
If memory serves, Outlook XP offered the ability to set what address-book connectors were installed, one of which was LDAP (by default enabled). It may be a similar situation with Outlook 2003 (which I assume you are using based on the version number in the debug logs). Try using the Office '03 install CD and see if you can find the LDAP addressbook option and install it.
Regards,
Shane. -
MS Active Directory 2008 as UME datasource for AS Java
Hello,
We are running SAP EP on top of a SAP AS Java using LDAP certification, so users
from MS Active Directory 2003 domain are trusted by the Portal
I've now a problem with the version upgrade of MS Active Directory from 2003 to 2008,
it seems only SAP AS ABAP supports MS AD 2008, and our instance is JAVA only
Note 983808 - "Certified LDAP servers" also confirm this
Do you know if AD 2008 is supported, if any note has been released about this and
any document to help me wiith this issue?
thanks in advance!
RafaelHi Patrick, thanks for the answer
I checked the note and it refers about Windows 2008 and a scenario with SSO, that's not our case.
We just have AD as a LDAP UME datasource, users must still pass user and password which
is then checked and then login is authorized
you mentioned AD 2008 is supported for Netweaver AS Java, could you send me any document
or note with procedures or anything for configuring it ?
kind regards,
Rafael -
Does OBIEE picks up Email Id of the user from LDAP?
Hello All,
As soon as I configured the iBot I want to send the reports output as email. I assigned them to the user. It is failing with the following errors.
" No devices for user: xxxxxx"
My understanding was LDAP where the user authentication happens would supply the email id to OBIEE I guess I'm wrong. Can some one put somelight on this.
How do go further,..!
Thanks,
VijayOk, Lets say I have a user called "ABC" he logs in and wants to send it to a group of people. Created iBot and in delivery content he looks for the people and select's them but iBot error is something like this "No devices for user"
Thanks
Vijay -
Role in UME whereas user can be created only in ABAP
Hi experts,
I want to create a user with a MDM EC Administrator role in my WAS Java UME. But i get the following exception while doing so:
1.5#001CC46BDFC200660000153C0000108000044D2CF9474AB3#1210755462890#com.sap.security.core.persistence.datasource.imp.R3PersistenceBase#sap.com/tc~wd~dispwda#com.sap.security.core.persistence.datasource.imp.R3PersistenceBase.createPrincipalDatabag()#J2EE_ADMIN#305344#SAP J2EE Engine JTA Transaction : [631ffffffd660226ffffffb5]#IWDFVM2160.wdf_ERP_103929350#J2EE_ADMIN#72cab7e0219311dd998a001cc46bdfc2#SAPEngine_Application_Thread[impl:3]_4##0#0#Error#1#/System/Security/Usermanagement#Java#An exception was thrown in the UME/ABAP user management connector. Message: {0}.##An exception was thrown in the UME/ABAP user management connector. Message: {0}.
[EXCEPTION]
{1}#2#BAPI_USER_CREATE1@ERPCLNT001: ID=01, NUMBER=491, MESSAGE=You are not authorized to create users in group#com.sap.security.core.persistence.datasource.PersistenceException: BAPI_USER_CREATE1@ERPCLNT001: ID=01, NUMBER=491, MESSAGE=You are not authorized to create users in group
at com.sap.security.core.persistence.datasource.imp.R3PersistenceBase.handleBapiRet2Table(R3PersistenceBase.java:1186)
I problem is - role is existing in UME whereas i could create users only in ABAP. This role is not even visible in the ABAP side!
Is there any way to assign this role to that user?
Thanks in advance
Swarnayou can access the users at http://<host name>:5<sys.no>00/useradmin
You will get to see all the users you created in WAS ABAP... and here you can attach the j2ee roles to him..
Please come back if this reply doesnot answer you..
Award points if this found helpful -
Hi Experts ,
I would like to know more about different User Authentication sources that could be in CUP.
Is it possible to skip the authentications like LDAP / UME / SAP provided by CUP & configure ESO authentication..
Regards,
Shailesh
Edited by: Shailesh Deshpande on Jan 13, 2009 1:32 PM
Edited by: Shailesh Deshpande on Jan 14, 2009 6:42 AMHi Shailesh,
What do you want to know about User Authentication sources? Can you be more specific?
The authentication shceme in CUP is only being used for End Users (Requesters). You can use SAP R/3, UME, HR, LDAP etc to authenticate users.
I am sorry but I don't know about ESO authentication. CUP supports only some of the authentication schemes out of the box but you can use other authentication schemes via UME.
Set up UME to talk to other authentication schemes (BASIS person should be able to do this) and set up UME as authentication scheme in CUP.
Regards,
Alpesh
Maybe you are looking for
-
when I chose an email address directly, while using firefox browser, it triggers an overflow of tabs, numbering in the hundreds. It makes me have to force quit firefox and I lose whatever I may be doing online. this is consistent for some months and
-
Can 10.5 Upgrade Kill a Powerbook G4?
Hello, Powerbook G4 1Ghz, 1GB memory - was running 10.4.10 with no problems. Tried to upgrade to 10.5. I could never get the upgrade to finish (kernel panics, core dumps, etc.). Tried every option, including a complete erase of the hard drive and fre
-
Nokia 2330 no reminder sound!!
When a reminder is added, it will never produce an alarm sound. The screen will flash and that's all. No sounds, not even vibrations. Completely useless. The phone is in normal mode, all sounds are enabled (checked and rechecked), it rings when calle
-
How do i get ipad to appear under device in itunes on computer?
any helpw getting ipad to accept torrent files?or even appear under devices in itunes?it just says "sync ipad"?
-
How can we reduced the patch time for u6394500.drv
Hi, This patch generally takes 14-15 hours to upgrade R12.0.4 , I want to If some body have pointers to reduce the patch applying time. thanks in advance Syed