jump to navigation

How Do I Connect to an LDAP? April 28, 2008

Posted by dpermana in SAP.
add a comment

Using LDAP as the UME user store is a common activity. Here are some pointers to get started and handle known problems.

Following is step by step solution to configure LDAP server for EP

1) Ensure that the UM Configuration is set to “Database Only” or that the current
UM configuration creates new users in the database.
a) Navigate the UM Configuration UI (System Administration -> System
Configuration -> UM Configuration) and select the “Data Sources” tab.
b) Choose “Database Only” or any “… Read Only” dataSource.
c) Save.
d) Restart J2EE Engine.

2) Create a new user ID in the portal and assign it to the Super Administration role. Log off and then log back on to the portal with this ID to ensure you can access the administrative function using the ID from the database. This ensures that you can logon and perform administration tasks even if the portal is unable to connect to an LDAP source.

3) Establish the initial UM configuration.
a) Navigate the UM Configuration UI (System Administration -> System
Configuration -> UM Configuration) and select the “Data Sources” tab.
b) Choose the most appropriate DataSource configuration from the delivered list
(e.g. iPlanet, Novell, MS ADS, etc.)
c) Complete UM configuration for the first LDAP data source using the User
Management Configuration Tool.
d) Restart the J2EE Engine.
e) Logon to portal server with an LDAP user to test the connection. If there are
problems, use the database user ID you created in step #2 to logon to the
portal and resolve connectivity issues.

4) Capture information required for creating a new UM Configuration for Multiple
LDAP sources.
a) Log back on to the portal using an administrator ID.
b) Navigate back to the UM Configuration Tool and select the “Data Sources”
tab.
c) Click “Download” to download a copy of the appropriate XML file. Save this
file to your local file system for editing.
d) Navigate to “LDAP Server” tab and verify connection information to the LDAP
server. Click “Test Connection” to ensure credentials are correct. Save the
configuration before continuing to the next step.
e) Navigate to “Direct Editing” tab.
f) Scroll down to the LDAP Settings section and copy the contents to MS
WordPad or other text editor (configuration document).

5) Create a new UM configuration file for multiple LDAP data sources.
a) Open the dataSourceConfiguration_multiLDAP_db.xml file (previously
downloaded) using a text editor (other than Notepad) and locate the
<dataSource…/> section for the “CORP_LDAP”. Copy the entire section
from <dataSource…> to </dataSource> to the clipboard.
b) For each additional LDAP server, paste the copy into the document after the
original </dataSource…> ending tag for the CORP_LDAP source. Change
the name of the data source for pasted copy to “CORP_LDAP_X” or some
other value. This value becomes a data source identifier for UME and prefixes
the principal Ids.
c) For each LDAP data source, locate the <privateSection…> within the
<dataSource…> tag and enter the following lines if they are not present:

<ume.ldap.access.server_name>SERVER_HOSTNAME</ume.ldap.access.server_name> <ume.ldap.access.server_port>SERVER_PORT</ume.ldap.access.server_port> <ume.ldap.access.user>DS_USER_NAME</ume.ldap.access.user> <ume.ldap.access.password>

{encrypted}DS_PASSWORDUSER_ROOT_IN_DSGROUP_ROOT_IN_DS_ d) Update the properties for each datasource with the correct values obtained from the “Direct Editing” tab (now stored in the configuration document). An example is shown below: _className=”com.sap.security.core.persistence.datasource.imp.LDAPPersistence” isReadonly=”true” isPrimary=”true”> …i802895a.phl.sap.corp389cn=Directory Manager{encrypted}

ksdf8SDF#%</ume.ldap.access.password> <ume.ldap.access.base_path.user>ou=people,dc=phl,dc=sap,dc=corp</ume.ldap.access.base_path.user> <ume.ldap.access.base_path.grup>ou=groups,dc=phl,dc=sap,dc=corp</ume.ldap.access.base_path.grup> <ume.ldap.access.server_type>SUN</ume.ldap.access.server_type> [more stuff] </privateSection>
6) Upload the new UM Configuration file.
a) Navigate back to “Data Source” tab and choose “Other” for the data source.
b) Click “Upload” and navigate to the new configuration file –
dataSourceConfiguration_multiLDAP_db.xml. Upload this to the server.
c) Click “Save” to save the new configuration.
d) Navigate to the “Direct Editing” tab.
e) Comment out all of the LDAP settings which begin with ume.ldap.access.*
such as server name, passwords, etc. that are now manually configured in
the XML file.
f) Click “Save” to save the properties. (You may also wish to make a copy of the
new settings and save them to a file for recovery purposes). g) Restart the
J2EE engine.
7) Test the configuration.

 

note : i toke from http://www.sdn.sap.com

 

best regards

dpermana