WLAN and multiple AAA servers

Hello,
Our WLANs are configured with 2 AAA servers. The first authentication server is local, the 2nd authentication server is remote. I noticed that often, the 2nd server is used for the authentication even if the first server is up and available. It looks also that once the authentatication is done on the 2nd server it's stays there. Is there an option to:
- define server 1 is as the priority for authentication?
-switch authentication to server 2 when server 1 is not reachable, but switch back to server 1 as soon as server 1 reachable again?
Thanks

Hi,
I asked the question at CiscoNetworker2008.
In the version 5.0 it will be fixed.
When the first Radius is reachable again, the authentication will switched back on the first radius server.
Let see if this will be confirmed in the release notes...
Brgds.

Similar Messages

WLC 4400 and multiple authentication servers e.g. RADIUS, ACS

WLC 4400 and multiple authentication servers e.g. RADIUS, ACS
Can the WCL 4400 be set up to use multiple RADIUS servers? The user accounts for accessing wireless would use a RADIUS server. The administrative accounts for the WLC would reside on an ACS server.

Yes, that is correct. You can set acs to use both radius and tacacs.
For this you need to add WLC twice in acs-->network configuration. But you need to keep host name different.
eg 1) Host name WLC --->IP x.x.x.x -->Auth using -->radius
2) Host name WLC1--->IP x.x.x.x --->Auth using -->Tacacs.
You need to set up tacacs commands on WLC along with radius commands.
Regards,
~JG
Please rate helpful posts

Mail Adapter - Multiple mail ID and multiple mail servers config.

Hi All
I am doing BPM synch scenario in which i get the response from SAP box and send the response via email adapter. I am using mail.xsd and doing mail config. in message mapping. However in the TO field i am able to give only one email ID. If i give multiple email ID's mail is not received. I tried comma and semi-colon as separator. Still not working? I have two questions in configuring TO option:
1) How to send to multiple id's? I am using Lotus Notes.
2)How to send to multiple mail servers? I have to send to Lotus Notes id's and outlook express id's also simultaneously.
Thanks for your help in advance
Warm Regards
Samuel

Hi,
Please find here with some observations about it,
1) How to send to multiple id's? I am using Lotus Notes.
If you have specified an IMAP server under URL, the message is saved in the specified folder but is not sent to the receiver specified under To.
Then even if Under To, you had specified the e-mail address that will receive the message would be separated with a semicolon. It will not work.
Please verify about it .
The below link will also help you to verify if there is anything missing
Mail Adapter (XI) - how to implement dynamic mail address
/people/michal.krawczyk2/blog/2005/03/07/mail-adapter-xi--how-to-implement-dynamic-mail-address
BPM:Single Sender and Multiple Receivers based on synchronous
exchange(switch) part-1
/people/prasadbabu.nemalikanti3/blog/2006/03/10/bpmsingle-sender-and-multiple-receivers-based-on-synchronous-exchangeswitch-part-1
Generic Message Interface in SAP Exchange Infrastructure Email Integration Scenarios
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/00d5a235-4803-2a10-f682-889d67c69975
(If your using Alert Framework then)
If you want to send it to multiple email addresses and all email addresses are user of XI then you can define "Role" and attach that role to everyuser and make this role as receipent of alert .
Thanks
Swarup
Thanks
Swarup

7.10 installation server, load balancing and multiple installation servers

Hi
In the 7.10 GUI installation server, there is no Load balancing option anamore, also there seems to be no option to easily clone the installation server from within the nwsapsetupadmin.exe program.
If having MANY users at one location, and needing more than one installation server to accomodate the frontend installations, do you need to do this "manually" now ? grouping users and and the logon script directing different user groups to different sapgui installation servers ?
what about creating multiple installation servers easily, is it possible to simply copy the installation server directory (c:\sapinst f.ex.) to another file server, share the directory and configure the DS and IS services (if needed) ??
will configured packages and "on end install" scripts and such be copied too to the new installation server ?
I need to easily create installation servers in 15 countries, this is the reason for my question...

Hi Kim Sonny,
hope you're doing fine
Regarding your question:
The "Load Balancing" was more a fail-over service and wasn't intended to use for several locations like in your case.
So the easiest way to do this is to setup one installation server and copy the files to the other servers. On the new Installation servers you only have to setup the service again and that's it.
Cheers,
Martin

Top Essentials Cache and Multiple Application Servers

Hello,
I'm developing a new servlets/services application in Java using tomcat and playing around with toplink essentials. Is it possible, when using multiple servers, to expire cached objects? Eg I update user account info on server 1, but 2 and 3 still have old data. The documentation and blogs I have read seem to indicate you either have to force a refresh of the object or set up readAllQueries to go direct to the db (which rather defeats the purpose of having a cache?) - for fresh data. Though I agree there are some places where up to the moment data is not always required, building a system to scale with expiry caching across multiple app servers seems like something toplink essentials SHOULD be able to do.
Also, is there any work on when the new rev of Toplink Essentials would be out? I see posts about the 11G preview but that's regular toplink.
Thanks in advance!

There are several caching options in TopLink Essentials to handle stale data.

Some of the settings are available through properties in the persistence.xml, but for most you will need to use a DescriptorCustomizer or SessionCustomizer and use the API of ClassDescriptor (refer to JavaDocs for additional info).

Caching options include:
- Cache Type : (weak, hard, soft, none), a weak cache will decrease stale data.
- Isolated (shared) : You can set the descriptor to be isolated or cache not shared to avoid caching the class.
- Refresh : You can enable refreshing at the class or query level.

A ClassDescriptor does have an invalidation policy, but the policies for invalidating based on a time-to-live or time-of-day were not ported from TopLink to TopLink Essentials, however you could write your own pretty easily.

If you upgrade to using TopLink 11g (preview), which you can download and use under the Oracle OTN license, then you have support for using cache invalidation and cache coordination. This functionality is also available in the Eclipse EclipseLink project currently in incubation.

---
James Sutherland

NetBoot and Multiple DHCP Servers

Hey everyone,
We have a NetBoot machine running here at my school (where I work). It was working like a champ until a couple of weeks ago when our network got upgraded and there are now 2 DHCP servers on our network. That, for some reason, is totally screwing up our NetBooting process.
Here's what I think is happening, and maybe someone can tell me if I right or wrong. NetBoot (or BSDP protocol) is a "broadcast" protocol. (That means it's always just floating around out there on the network. ) NetBoot (BSDP) protocol gets injected into the DHCP stream, and any machine that gets DHCP can get BSDP, and essentially NetBoot.
The problem is with BSDP. BSDP protocol wants to have all of it's "broadcasts" come from the same server. So when we had 1 DHCP server, everything was fine, because client machines would get their whole NetBoot process from one machine... all of the BSDP broadcasts were coming from our 1 DHCP server.
Now, we have 2 DHCP servers. What happens is, a client will get some of it's BSDP broadcasts from one DHCP server, and some from another... which it does not like at all.
I recently read somewhere that it is possible to somehow make one of our DHCP servers the "authoritative" server, to which all of the clients will go to get their NetBooting info.
Does this sound in any way right? Are we on the right track ? Has anyone seen this before? Any help would be greatly appreciated. Thanks a million.
Mike

Now, we have 2 DHCP servers. What happens is, a
a client will get some of it's BSDP broadcasts from
one DHCP server, and some from another... which it
does not like at all.
Not unless your new DHCP server is also a NetBoot server and is set to provide NetBoot services. BSDP and DHCP are not the same thing. If what you were saying were true, it wouldn't be possible to have DHCP and NetBoot offered by different servers.
It IS possible, however, that the two DHCP servers are causing problems by both servicing DHCP requests for the same clients. If you've got multiple DHCP servers on the same subnet (or your router's configured to pass DHCP requests between subnets), you should make sure that only one of the DHCP servers answers requests from any given client. In our world, our Novell server is the default DHCP server on our subnet, but I keep a list of excluded MAC addresses on that server so that my Macintosh clients don't get addresses from it. On the Mac OS X server, I'm careful to limit my address ranges only to those machines which have static address maps in NetInfo. That way, our servers coexist, but they don't overlap.
It's not clear from your message whether your previously solitary DHCP server was your Mac OS X server, or whether one of the two DHCP servers is that box. But whatever the servers are, it might be helpful to turn off one of them to see if the same problem occurs (assuming you can, without major network disruptions). If that's not possible, can you talk to your network admins to see if there's some way to isolate your clients and one of the servers--in other words, see if there's some way to keep DHCP servers from responding to the same requests.
There may be any number of other reasons why this problem has cropped up. You may need to dust off a hub and a copy of Ethereal or EtherPeek to sniff what's happening on the network. You might also try NetBooting in verbose mode, to see where the process craps out. IIRC, there'a decent guide for this kind of troubleshooting over at Bombich's site (www.bombich.com).
Good luck.
David Walton

Sending AAA accouting log records to multiple AAA servers

IOS version c3640-a3jk9s-mz.123-18.bin
aaa group server tacacs+ cciesec
server 192.168.3.10
aaa group server tacacs+ ccievoice
server 192.168.3.11
aaa authentication login VTY group cciesec local
aaa accounting exec cciesec start-stop broadcast group cciesec group ccievoice
aaa accounting commands 0 cciesec start-stop broadcast group cciesec group ccievoice
aaa accounting commands 1 cciesec start-stop broadcast group cciesec group ccievoice
aaa accounting commands 15 cciesec start-stop broadcast group cciesec group ccievoice
tacacs-server host 192.168.3.10 key 123456
tacacs-server host 192.168.3.11 key 123456
C3640#sh tacacs
Tacacs+ Server : 192.168.3.10/49
Socket opens: 8
Socket closes: 8
Socket aborts: 0
Socket errors: 0
Socket Timeouts: 0
Failed Connect Attempts: 0
Total Packets Sent: 21
Total Packets Recv: 21
Tacacs+ Server : 192.168.3.11/49
Socket opens: 0
Socket closes: 0
Socket aborts: 0
Socket errors: 0
Socket Timeouts: 0
Failed Connect Attempts: 0
Total Packets Sent: 0
Total Packets Recv: 0
C3640#
As you can see, I can receive AAA accounting logs on server 192.168.3.10 but I am not getting logs on 192.168.3.11. I can confirm this with
tcpdump on host 192.168.3.11 and that I am not seeing any sent AAA to host 192.168.3.11.
Anyone know why?

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t1/feature/guide/dt_aaaba.html
It stated the following:
"Before the introduction of the AAA Broadcast Accounting feature, Cisco IOS AAA could send accounting information to only one server at a time. This feature allows accounting information to be sent to one or more AAA servers at the same time. Service providers are thus able to simultaneously send accounting information to their own private AAA servers and to the AAA servers of their end customers. This feature also provides redundant billing information for voice applications."

Scheduling,Email Setup in cluster environment and multiple job servers

Hello All,
I have to schedule and email instances of crystal reports to users in PDF and excel format. A Clustered environment of Business Objects 3.1 SP3 is been setup on 2 servers. There is 2 instances of crystal reports Job server been created.
My question is If there are multiple instances of job servers then should we have to configure mail settings on both instances of job server or not?
And secondly, in cluster environment the email settings and scheduling of the reports should be setup on both CMS servers( CMS server 1 and CMS server 2) or should CMS server 1 should be enough?
Thanks in advance.

You have a couple of options here.
1. You can either set up email on all of the job servers on both CMS' in the cluster. This is actually the easiest to manage.
2. You can set up email on some of the job servers on one or the other CMS. However, at this point you would also have to set up a server group that contains the job servers that are set up for email, plus the RAS server - you might also have to include the Crystal Cache server and the Crystal Processing server. Then ALL of the reports that are sent via email would have to be scheduled run ONLY on the server group that contains the email-enabled job server(s).
-Dell

WLC 5508 and Multiple DHCP servers in different sites?

Hi
I work for health authority in our region and we just purchased a Cisco wlc 5508 controller along with 25 3500 AP's. We have multiple sites with different IP subnets in each, all connected by a frame relay (owned by ISP). Each site has its own DHCP server. I have the controller in our main site. So when I take an AP to a remote site, the Ap gets an DHCP address from local DHCP server (which is great) and contacts controller and joins controller. Everything is good. BUT, when a client joins at the remote site, it gets an address from a previous site which will not work because the client is now on a different subnet. We dont use Vlans as they dont transvers the frame relay. I need those clients to obtain DHCP from the local DHCP server from the site they are on. Is that possible??
I have updated the controller to latest version as well.
Thanks
Bryan Yaciuk, CCNA
Parkland Regional Health Authority

We call this as HREAP LOCAL SWITCHING!! but here is the catch.. everytime the AP joins the new site.. we need to configure the VLAN mapping and this wil do it for you!! Here is the link which will resolve ur issue..
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml#ll
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra

MomCertImport and multiple certificates

I cannot find this information anywhere on the net. Here is the scenario.
I have a fully deployed SCOM 2012 environment and multiple gateway servers that are functioning without any issues. Agents in the untrusted domains are reporting to the gateway servers as designed. The mutual authentication is working as designed as the
certs use the same trusted Root Certificate Authority.
Here is my question:
I want to add another gateway server for a DMZ that doesnt use the same trusted Root Certificate Authority. In my lab I run the MomCertImport.exe on the gateway server. This works fine but when i run the MomCertImport.exe on the management server it replaces
the current certificate int he registry which in turns breaks the other gateways.
What is the best supported approach to resolve this? Standing up more servers? Is this documented anywhere?

I believe both the management server and gateway need to trust the same CA. However, theoretically, if these can both "see" each CA, you should be able to import the root ca chain on both machines and everything should pan out ok. If they cannot
both see each CA, then I think you're out of luck - unless you opt for a internet trusted root ca, and that costs $.
Jonathan Almquist | SCOMskills, LLC (http://scomskills.com)

How to mirror between the production server and the multiple local servers.

I am currently looking for the best way to correspond between our production server and the multiple local servers. Because the production server is the only server that holds the latest updating applications, and our local servers are located for each developer’s local machines where the all modifications and creations are done. So when the developer locally makes changes for assets or files, he creates a patch archive first, then accesses to the production side Administration console screen and imports them from Application Management screen.
We tried to find a way to see the imported date before (so we know which one has been imported as new.), but there is no show in the Administration console Application Management screen. There is Creation date but it’s set as we initially imported the full archive files, but not patch files. Since between applications have some types of the dependencies (like fragments or image files), what is the best way to keep mirroring between the production server and local servers? Or we should simply not use patch file for updating server?
Thanks,

Check out this utility : http://blogs.adobe.com/livecycle/2013/03/adobe-livecycle-configuration-migration-utility.h tml
Thanks,
Wasil

R12.1.3 Upgrade from 11.5.10 and having multiple Application Servers

Hi,
We are in the process of upgrading the 11.5.10 Instance to R12.1.3.
The 12.1.3 Instance will have multiple application servers.
I will be doing an R12.1.1 Installation with Upgrade Option.
What should be the procedure to have multiple application servers?
Finish the upgrade on one Application Node and then clone the other Application Tiers?
Please advise.
Regards,
VN

We are in the process of upgrading the 11.5.10 Instance to R12.1.3.
The 12.1.3 Instance will have multiple application servers.What services are running on each server?
Do you have shared APPL_TOP or shared application file system implemented?
I will be doing an R12.1.1 Installation with Upgrade Option.
What should be the procedure to have multiple application servers?
Finish the upgrade on one Application Node and then clone the other Application Tiers?
Please advise.Please see Chapter 3, Performing an Upgrade in the installation doc, there is an example.
Oracle E-Business Suite Installation Guide: Using Rapid Install
http://docs.oracle.com/cd/B53825_08/current/acrobat/121oaig.pdf
Thanks,
Hussein

Multiple LDAP Servers and Attribute-Based Data Partitioning

Hello
We currently want to implement following szenario on Netweaver 2004s. From the
following SAP Help documentation we want attribute based data partitioning:
http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
The difference to the SAP document is that we want a distribution of attributes over
multiple LDAP servers. So we tried to fit that concept into xml. see attached xml source.
The Portal finds both LDAP Systems but it is NOT that the useres are beeing merged
but they appear as two distict users in the portal UME. If you do a lookup in the portal
usernamagent system you get and see two users.
User1: unique ID = USER.Datasource1.uid
User2: unique ID = USER.Datasource2.uid
Obviously the UME system was not able to merge that information of the two distict
LDAP Systems. MSADS and Lotus Notes.
Hence my questions:
1) is it possible to distribute attributes over multiple ldap data sources
2) any ideas why UME constructs two different users based in Datasource ID's specified in XML
Thanks for any contributions or ideas,
Ulrich Scherb
<?xml version="1.0" encoding="UTF-8"?>
<dataSources>
 <dataSource id="PRIVATE_DATASOURCE"
 className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
 isReadonly="false"
 isPrimary="true">
 <homeFor>
 <principals>
 <principal type="group"/>
 <principal type="user"/>
 <principal type="account"/>
 <principal type="team"/>
 <principal type="ROOT" />
 <principal type="OOOO" />
 </principals>
 </homeFor>
 <notHomeFor/>
 <responsibleFor>
 <principals>
 <principal type="group"/>
 <principal type="user"/>
 <principal type="account"/>
 <principal type="team"/>
 <principal type="ROOT" />
 <principal type="OOOO" />
 </principals>
 </responsibleFor>
 <privateSection>
 </privateSection>
 </dataSource>
 <dataSource id="NOTES_LDAP"
 className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
 isReadonly="true"
 isPrimary="true">
 <homeFor/>
 <responsibleFor>
 <principal type="account">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="j_user"/>
 <attribute name="logonalias"/>
 <attribute name="j_password"/>
 <attribute name="userid"/>
 </nameSpace>
 <nameSpace name="com.sap.security.core.authentication">
 <attribute name="principal"/>
 </nameSpace>
 </principal>
 <principal type="user">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="firstname" populateInitially="true"/>
 <attribute name="lastname" populateInitially="true"/>
 <attribute name="email"/>
 <attribute name="uniquename" populateInitially="true"/>
 </nameSpace>
 <nameSpace name="$usermapping$">
 <attribute name="REFERENCE_SYSTEM_USER"/>
 </nameSpace>
 </principal>
 </responsibleFor>
 <attributeMapping>
 <principal type="account">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="j_user">
 <physicalAttribute name="uid"/>
 </attribute>
 <attribute name="logonalias">
 <physicalAttribute name="uid"/>
 </attribute>
 <attribute name="j_password">
 <physicalAttribute name="unicodepwd"/>
 </attribute>
 <attribute name="userid">
 <physicalAttribute name="*null*"/>
 </attribute>
 </nameSpace>
 <nameSpace name="com.sap.security.core.authentication">
 <attribute name="principal">
 <physicalAttribute name="uid"/>
 </attribute>
 </nameSpace>
 </principal>
 <principal type="user">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="firstname">
 <physicalAttribute name="givenname"/>
 </attribute>
 <attribute name="lastname">
 <physicalAttribute name="sn"/>
 </attribute>
 <attribute name="uniquename">
 <physicalAttribute name="uid"/>
 </attribute>
 <attribute name="loginid">
 <physicalAttribute name="*null*"/>
 </attribute>
 <attribute name="email">
 <physicalAttribute name="mail"/>
 </attribute>
 </nameSpace>
 <nameSpace name="$usermapping$">
 <attribute name="REFERENCE_SYSTEM_USER">
 <physicalAttribute name="sapusername"/>
 </attribute>
 </nameSpace>
 </principal>
 </attributeMapping>
 <privateSection>
 <ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
 <ume.ldap.access.server_name>ldap1</ume.ldap.access.server_name>
 <ume.ldap.access.server_port>389</ume.ldap.access.server_port>
 <ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
 <ume.ldap.access.user>xxxxx</ume.ldap.access.user>
 <ume.ldap.access.password>xxxxx</ume.ldap.access.password>
 <ume.ldap.access.base_path.user>O=SMT_TEST</ume.ldap.access.base_path.user>
 <ume.ldap.record_access>TRUE</ume.ldap.record_access>
 <ume.ldap.unique_uacc_attribute>uid</ume.ldap.unique_uacc_attribute>
 <ume.ldap.unique_user_attribute>uid</ume.ldap.unique_user_attribute>
 <ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
 <ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
 <ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
 <ume.ldap.access.objectclass.user>person</ume.ldap.access.objectclass.user>
 <ume.ldap.access.objectclass.uacc>person</ume.ldap.access.objectclass.uacc>
 <ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
 <ume.ldap.access.auxiliary_naming_attribute.user>uid</ume.ldap.access.auxiliary_naming_attribute.user>
 <ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
 <ume.ldap.access.auxiliary_naming_attribute.uacc>uid</ume.ldap.access.auxiliary_naming_attribute.uacc>
 </privateSection>
 </dataSource>
 <dataSource id="CORP_LDAP"
 className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
 isReadonly="true"
 isPrimary="true">
 <homeFor/>
 <responsibleFor>
 <principal type="account">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="j_user"/>
 <attribute name="logonalias"/>
 <attribute name="j_password"/>
 <attribute name="userid"/>
 </nameSpace>
 <nameSpace name="com.sap.security.core.authentication">
 <attribute name="principal"/>
 <attribute name="realm"/>
 <attribute name="domain"/>
 </nameSpace>
 </principal>
 <principal type="user">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="firstname" populateInitially="true"/>
 <attribute name="displayname" populateInitially="true"/>
 <attribute name="lastname" populateInitially="true"/>
 <attribute name="fax"/>
 <attribute name="title"/>
 <attribute name="department"/>
 <attribute name="description"/>
 <attribute name="mobile"/>
 <attribute name="telephone"/>
 <attribute name="streetaddress"/>
 <attribute name="uniquename" populateInitially="true"/>
 </nameSpace>
 <nameSpace name="com.sap.security.core.usermanagement.relation">
 <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
 </nameSpace>
 <nameSpace name="$usermapping$">
 <attribute name="REFERENCE_SYSTEM_USER"/>
 </nameSpace>
 </principal>
 <principal type="group">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="displayname" populateInitially="true"/>
 <attribute name="description" populateInitially="true"/>
 <attribute name="uniquename"/>
 </nameSpace>
 <nameSpace name="com.sap.security.core.usermanagement.relation">
 <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
 <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
 </nameSpace>
 <nameSpace name="com.sap.security.core.bridge">
 <attribute name="dn"/>
 </nameSpace>
 </principal>
 </responsibleFor>
 <attributeMapping>
 <principal type="account">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="j_user">
 <physicalAttribute name="samaccountname"/>
 </attribute>
 <attribute name="logonalias">
 <physicalAttribute name="samaccountname"/>
 </attribute>
 <attribute name="j_password">
 <physicalAttribute name="unicodepwd"/>
 </attribute>
 <attribute name="userid">
 <physicalAttribute name="*null*"/>
 </attribute>
 </nameSpace>
 <nameSpace name="com.sap.security.core.authentication">
 <attribute name="principal">
 <physicalAttribute name="samaccountname"/>
 </attribute>
 <attribute name="realm">
 <physicalAttribute name="*null*"/>
 </attribute>
 <attribute name="domain">
 <physicalAttribute name="*null*"/>
 </attribute>
 </nameSpace>
 </principal>
 <principal type="user">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="firstname">
 <physicalAttribute name="givenname"/>
 </attribute>
 <attribute name="displayname">
 <physicalAttribute name="displayname"/>
 </attribute>
 <attribute name="lastname">
 <physicalAttribute name="sn"/>
 </attribute>
 <attribute name="fax">
 <physicalAttribute name="facsimiletelephonenumber"/>
 </attribute>
 <attribute name="uniquename">
 <physicalAttribute name="samaccountname"/>
 </attribute>
 <attribute name="loginid">
 <physicalAttribute name="*null*"/>
 </attribute>
 <attribute name="mobile">
 <physicalAttribute name="mobile"/>
 </attribute>
 <attribute name="telephone">
 <physicalAttribute name="telephonenumber"/>
 </attribute>
 <attribute name="department">
 <physicalAttribute name="ou"/>
 </attribute>
 <attribute name="description">
 <physicalAttribute name="description"/>
 </attribute>
 <attribute name="streetaddress">
 <physicalAttribute name="postaladdress"/>
 </attribute>
 <attribute name="pobox">
 <physicalAttribute name="postofficebox"/>
 </attribute>
 </nameSpace>
 <nameSpace name="com.sap.security.core.usermanagement.relation">
 <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
 <physicalAttribute name="memberof"/>
 </attribute>
 </nameSpace>
 <nameSpace name="$usermapping$">
 <attribute name="REFERENCE_SYSTEM_USER">
 <physicalAttribute name="sapusername"/>
 </attribute>
 </nameSpace>
 </principal>
 <principal type="group">
 <nameSpace name="com.sap.security.core.usermanagement">
 <attribute name="displayname">
 <physicalAttribute name="displayname"/>
 </attribute>
 <attribute name="description">
 <physicalAttribute name="description"/>
 </attribute>
 <attribute name="uniquename" populateInitially="true">
 <physicalAttribute name="cn"/>
 </attribute>
 </nameSpace>
 <nameSpace name="com.sap.security.core.usermanagement.relation">
 <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
 <physicalAttribute name="member"/>
 </attribute>
 <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
 <physicalAttribute name="memberof"/>
 </attribute>
 </nameSpace>
 <nameSpace name="com.sap.security.core.bridge">
 <attribute name="dn">
 <physicalAttribute name="*null*"/>
 </attribute>
 </nameSpace>
 </principal>
 </attributeMapping>
 <privateSection>
 <ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
 <ume.ldap.access.server_name>ldap2</ume.ldap.access.server_name>
 <ume.ldap.access.server_port>389</ume.ldap.access.server_port>
 <ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
 <ume.ldap.access.user>yyyyy</ume.ldap.access.user>
 <ume.ldap.access.password>yyyyy</ume.ldap.access.password>
 <ume.ldap.access.base_path.user>O=SMT_TEST</ume.ldap.access.base_path.user>
 <ume.ldap.access.base_path.grup>O=SMT_TEST</ume.ldap.access.base_path.grup>
 <ume.ldap.record_access>TRUE</ume.ldap.record_access>
 <ume.ldap.unique_uacc_attribute>samaccountname</ume.ldap.unique_uacc_attribute>
 <ume.ldap.unique_user_attribute>samaccountname</ume.ldap.unique_user_attribute>
 <ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
 <ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
 <ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
 <ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
 <ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
 <ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
 <ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
 <ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
 <ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>
 <ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
 <ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
 <ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
 <ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
 <ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
 </privateSection>
 </dataSource>
</dataSources>

Hi Ulrich,
Hope your problem is resolved. We are using EP7 and SP18. We are doing some study on your first issue. i.e. Distributing a user attribute into multiple LDAPs. Can you please let me know the feasibility? If yes, what are all step do I have to follow? Expecting your valuable answer. Thanks in advance!
Regards,
Kabali

Recommended configuration for load balanced Portal with load balancer, multiple gateways and multiple servers.

Does anyone have a recommended network, hardware and software configuration guide for a Portal installation running with multiple gateways load balanced (ie one URL) that talk to multiple servers?

David,
We've used Resonate (software) to load balance the gateways. It allows
you to group all the gateways under 1 virtual URL and load balance the
incoming connections over each gateway depending on the rules that you
define in Resonate. Look in the SUN portal whitepapers there is one that
talks about it specifically.
As far as load balancing the calls to the portals, the gateways will
automatically load balance across all the portals that they know about
using a simple round-robin rotation. You may be able to use Resonate in
front of the portals but you may need to activate persistance within
Resonate to ensure that the user always ends up on the portal that he
established his initial connection on (if you want that), check with Sun
on this one.
David Broeren wrote:
Recommended configuration for load balanced Portal with load balancer,
multiple gateways and multiple servers.
Does anyone have a recommended network, hardware and software
configuration guide for a Portal installation running with multiple
gateways load balanced (ie one URL) that talk to multiple servers?
Try our New Web Based Forum at http://softwareforum.sun.com
Includes Access to our Product Knowledge Base!

Is it possible to deploy SharePoint or its Service Applications on: multiple DB-Servers and multiple SQL Instances?

Hello Forum,
We have a SharePoint 2013 farm (Enterprise edition) that uses one single SQL Server 2012 (Standard edition). That statement means: All my SharePoint DBs e.g. (Config, Admin, Content, and Service Apps) DBs are hosted and running onto one single instance e.g.
Server1\SQLInstance1.
We have some new requirements to install and configure BI tools such as: PerformancePoint services and PowerPivot. BI tools require either SQL Server 2012 Enterprise or BI editions, and we do NOT want to upgrade our current SQL Server1\SQLInstance1
Instead, We have other separate SQL Server instance which is enterprise edition let's name it (ServerX\InstanceX) that is running standalone, and we are thinking or using it, and my 2 questions are:
1) Can we use this other separate
SQL Server instance which is enterprise edition to host the create and hosts the DBs of PerformancePoint services and PowerPivot ?
2) My second question is the same: Can I create PerformancePoint services application in my SharePoint farm, But in the Database Server field, I fill up
the details of the other DB server ServerX\InstanceX which is the one that is SQL
enterprise edition ? Will this work ?
Any official Microsoft resources/links tell that it is possible to deploy SharePoint or its service applications on multiple DB-Servers and multiple SQL Instances?

Thank you Alex and Anil,
What are the ramifications of that?
I mean, Assuming that I have created such a farm where most of SarePoint DBs in Standard SQL instance while the PerformancePoint service application and others e.g. PowerPivot and reporting service are deployed and configured onto other Enterprise SQL instance.
Are there any recommendations or concerns that you would like to draw my attention to ?

WLAN and multiple AAA servers

Similar Messages

Maybe you are looking for