SAP Identity Management Virtual Directory Server

User Guide PUBLIC

SAP Identity Management 8.0Document Version: 1.0 – 2015-03-27

SAP Identity Management Virtual Directory Server: Joining Data SourcesTutorial

Content

1 SAP Identity Management Virtual Directory Server Tutorial: Joining Data Sources. . . . . . . . . . . . 31.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

The Join Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Verifying the Configuration of the Virtual Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1.2 Viewing the Data Sources and Opening the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Viewing the Contents of the Directory Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Viewing the Contents of HR_Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Defining the LDAP Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Opening the Server Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10Enable Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1.3 Adding the Directory Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131.4 Building the Virtual Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Renaming the Virtual Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Creating the Nodes in the Virtual Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.5 Running the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21Specifying the Port Number. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Running the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Viewing the Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

1.6 Adding the Database Table as Data Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Adding the HR_Addresses as a Data Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Testing the Data Sources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

1.7 Creating the Join Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Adding the Join Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38Adding the Addresses as an Attribute Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Adding the Attribute Definition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44Modifying the Data Source Node. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Viewing the Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

2 P U B L I CSAP Identity Management Virtual Directory Server: Joining Data Sources

Content

1 SAP Identity Management Virtual Directory Server Tutorial: Joining Data Sources

The SAP Identity Management Virtual Directory Server can logically represent information from a number of disparate directories, databases, and other data repositories in a virtual directory tree. Different users and applications can, based on their access rights, get different views of the information.

Features like namespace conversion and schema adaptations provide a flexible solution that can continually grow and change to support demands from current and future applications, as well as requirements for security and privacy, without changing the underlying architecture and design of data stores like databases and directories.

The Reader

This manual is written for people who are to use join groups in the Virtual Directory Server.

Prerequisites

To get the most benefit from this tutorial, you should have the following knowledge:

● Basic knowledge of LDAP.● Basic knowledge of Java.● To have completed the tutorial SAP Identity Management Virtual Directory Server Tutorial: Accessing

Databases is a prerequisite for this tutorial.● Knowledge of SAP Identity Management Virtual Directory Server corresponding to the tutorials (Accessing

databases and Accessing LDAP servers).

The following software is required:

● SAP Identity Management version 8.0 SP0 or newer, correctly installed and licensed.● A Java development environment. This can be downloaded from http://www.oracle.com/technetwork/java/

index.html (version 1.6).● The source file for this tutorial:

○ The configuration file vds-join.xml, with a minimum configuration for the Virtual Directory Server, including the necessary Java classes.

○ Access to directory server created by the tutorial SAP Virtual Directory Server Tutorial: Accessing databases (connected to database table HR_Sample in the Identity Management database).

○ Database table HR_Addresses from the Identity Management database.

SAP Identity Management Virtual Directory Server: Joining Data SourcesSAP Identity Management Virtual Directory Server Tutorial: Joining Data Sources P U B L I C 3

http://help.sap.com/disclaimer?site=http://www.oracle.com/technetwork/java/index.html

http://help.sap.com/disclaimer?site=http://www.oracle.com/technetwork/java/index.html

The Manual

This document contains a tutorial for joining information from an LDAP directory and a database using the Virtual Directory Server.

Related Documents

You can find useful information in the following documents:

● The X.500 standard, which can be ordered from http://www.itu.int/en/Pages/default.aspx● LDAP v. 2, RFC1777, "Lightweight Directory Access Protocol".● LDAP v. 3, RFC 2251, "Lightweight Directory Access Protocol (V3)".● SAP Virtual Directory Server Tutorial: Accessing Databases● SAP Virtual Directory Server Tutorial: Accessing LDAP Servers

RFCs and Internet drafts can be downloaded from http://www.ietf.org/

1.1 Introduction

When performing a SEARCH request, the Virtual Directory Server normally will access the backend data source and return the result. With a join group you can extend this by adding secondary data sources that provide additional information before returning the result to the client.

This tutorial shows how you can define the necessary data sources and configure the join group.


SAP Identity Management Virtual Directory Server Tutorial: Joining Data Sources

http://help.sap.com/disclaimer?site=http://www.itu.int/en/Pages/default.aspx

http://help.sap.com/disclaimer?site=http://www.ietf.org/

The Virtual Directory Server receives the incoming SEARCH request and joins the information in the master data source with information from the external data sources. The result is then returned to the client.

Related Information

The Join Process [page 6]Verifying the Configuration of the Virtual Directory [page 6]


1.1.1 The Join Process

Context

The join process used in this tutorial can be illustrated as following:

Procedure

1. A client submits a search request to the Virtual Directory Server. In the virtual tree, the starting point of this search request is a join group.

2. First, a search toward join groups’ main data source (the master) is executed and the resulting attribute set is obtained.

3. Based on the data in the returned data set and the information that can be obtained from the incoming starting point, rules that describe how to extract the corresponding entries from additional data source(s) must be configured.

4. The configured rules are utilized through a series of new searches in additional data source(s) being executed.5. The response, an attribute set containing attributes both from the master data source and the additional data

source(s), is returned to the client.

1.1.2 Verifying the Configuration of the Virtual Directory

It is assumed that, you specified the location of the Java runtime environment, defined classpath etc when you installed the Virtual Directory Server.



The configuration may look like this when choosing Tools/Options…:

1.2 Viewing the Data Sources and Opening the Server

In this section, you look at the data sources involved in the tutorial. You also open the server configuration that contains the initial configuration.

The tutorial and the necessary files are installed in a sub-directory below the product installation directory. For a default installation, the tutorial will be located in C:\usr\sap\IdM\Virtual Directory Server\tutorials.

Copy them to another directory before you start working with the configuration so that you can repeat this tutorial if you wish to do so.

The tutorial includes the following files:

● The configuration file vds-join.xml. Copy this file to a directory where you can access it from the Virtual Directory Server.


To have completed the tutorial SAP Identity Management Virtual Directory Server Tutorial: Accessing Databases is a prerequisite for this tutorial. The directory server created in the mentioned tutorial (Accessing databases) accesses the database table HR_Sample in the Identity Management database and is used as one of the data sources in this document.

NoteThe configuration created in the Accessing Databases tutorial needs to be running in order to be used as a data source in this document.

The database table HR_Addresses in the Identity Management database is another data source in this document.

1.2.1 Viewing the Contents of the Directory Server

In this tutorial, the directory server used is the one created by the tutorial SAP Identity Management Virtual Directory Server Tutorial: Accessing Databases. The values for accessing this directory server are:

● Server: localhost● Port: 7015● Starting point: o=HRSample● LDAP authentication: Anonymous.

The database table that is used in this tutorial is the HR_Sample table in the Identity Center database. It contains employee data for a number of employees:

Note that there are no postal addresses for these entries.



1.2.2 Viewing the Contents of HR_Addresses

The second data source used in this tutorial is a database table HR_Addresses in the Identity Management database, which contains the postal addresses of the employees listed in the directory server. The employee ID will be used to join the entries in this database with the corresponding entries in the directory server.

1.2.3 Defining the LDAP Mapping

The columns in the database do not match the LDAP attributes in the clients' requests. There are several ways to perform this mapping in the Virtual Directory Server. In this case, the mapping is performed as part of the data source configuration. The tables below show the columns in the database and suggested LDAP attributes.


The Addresses data source

Table 1:

Column name LDAP attribute Comments

PostalAddress postalAddress

EmployeeID Normally, this attribute would have been converted to the LDAP attribute uid, but in this join scenario we will show a join method without converting this attribute.

1.2.4 Opening the Server Configuration

Context

To open the configuration file:

Procedure

1. Start the Virtual Directory Server by choosing Programs SAP NetWeaver Identity Management Virtual Directory Server from the Start menu.

2. Choose File Open file… . The Open server configuration dialog box is displayed:



Locate and select the configuration file vds-join.xml that accompanied this tutorial.

3. The expanded configuration tree looks like this:


1.2.5 Enable Logging

To see errors, warnings or other information when running the server we will enable the operation log:

1. Choose Configure Logging Operation log… .

Select Debug as log level, including log level for extensions.2. Choose OK to close the dialog.

You can view the log by choosing the Operation button in the toolbar.



1.3 Adding the Directory Server

Context

In this section you add the directory server created by the tutorial SAP Identity Management Virtual Directory Server Tutorial: Accessing Databases as a data source in the Virtual Directory Server.

To add the directory server as a data source:

Procedure

1. Select the entry Singles below Data sources and choose New… from the context menu. The Select template dialog box is displayed:

Select LDAP in the Group list and Generic Directory in the Template list.2. Choose OK to open the LDAP Directory wizard.


Fill in the fields:

Table 2:

Field Value

Server Enter localhost as the server's host name.

Port Enter 7015 as the directory server's port number.

Starting point Enter o=HRSample as starting point in the directory server.

User name and Password Leave empty as the authentication is anonymous.

3. Choose OK. The LDAP server properties dialog box is displayed:



Fill in the following fields:

Table 3:

Field Value

Enable Select Enable.

Display name Enter Master – directory server (HRSample) as the name of the data source.

Unique name Enter a unique name for the data source. This name is used when referencing the data source from the Java classes.

4. Select the LDAP tab:


The values you specified in the wizard are filled in.5. Choose Test connection to verify that you have specified correct parameters to the data source.6. Choose OK to close the dialog box.

1.4 Building the Virtual Tree

To be able to view the contents of the directory server, you need to create a virtual tree with a node that references the data source.

Related Information

Renaming the Virtual Tree [page 17]Creating the Nodes in the Virtual Tree [page 17]



1.4.1 Renaming the Virtual Tree

Context

The first step is to rename the default virtual tree.

Procedure

1. Select the entry Tree 1 and choose Properties… from the context menu. The Virtual tree properties dialog box is displayed:

2. Enter HR tree as the name of the virtual tree.

3. Choose OK to close the dialog box.

1.4.2 Creating the Nodes in the Virtual Tree

The next step is to define the necessary nodes in the virtual tree. It will consist of one static node (the organization) and one data source node referencing the data source, the directory server containing the person entries.

Related Information


Adding the Static Node [page 18]Adding the Data Source Node [page 20]

1.4.2.1 Adding the Static Node

Context

To add the static node, proceed as follows:

Procedure

1. Select the virtual tree and choose New… from the context menu. The Add node dialog box is displayed:

Fill in the fields with the following values:

Field Value

Relative DN Enter o=employees as the node's relative distinguished name.



Field Value

Object class Select the object class top and organization for this node.

Keep the default values for the other fields.

2. Select the Access control list tab:

Select the default user group Anonymous and the default rule FullReadAccess. This will allow anybody connecting with anonymous access read-only access to this virtual tree.



1.4.2.2 Adding the Data Source Node

Context

To add the data source node, proceed as follows:

Procedure

1. Select the node o=employees and choose New… from the context menu. The Node properties dialog box is displayed:


Field Value

Relative DN Enter * as the node's relative distinguished name. This will match all possible DNs on this level.

Data source category Select Data source in the list.

Source Select Master – directory server (HRSample) in the list.



Field Value

Object class Select inetOrgPerson in the <Append Object Class> list.

Keep the default values in the other fields.


1.5 Running the Server

In this section, you configure the service, start the server and perform a search.

Related Information

Specifying the Port Number [page 21]Running the Server [page 22]Viewing the Contents [page 23]

1.5.1 Specifying the Port Number

Context

We are going to deploy the configuration as an LDAP deployment. The port number is part of the deployment configuration:

Procedure

1. Select the entry main_listener and choose Properties… from the context menu to open the Server properties dialog box:


Enter a port number (here 4389). If the port number conflicts with an existing server, enter another port number.


1.5.2 Running the Server

Start the service by choosing the Start button in the toolbar. When the server is started, the indicator in the status bar turns green.

Use the internal LDAP client to view the virtual directory, or you can use an external LDAP client to access the Virtual Directory Server.

Configure the client using the following information:

● Server address (host name) according to your system's configuration.● The same port number as you used when configuring the server (here 4389).● LDAP version 3.● Starting point o=employees.● Anonymous login.



1.5.3 Viewing the Contents

When browsing the virtual directory, you should see the following:


When viewing the properties of the entry, you see that the person does not have the postal address:

NoteIf you have problems accessing the directory, turn on the operation log to see any error messages and correct the problem.

1.6 Adding the Database Table as Data Source

In this section you will add the database table HR_Addresses as the data source.

Related Information

Adding the HR_Addresses as a Data Source [page 25]Testing the Data Sources [page 34]



1.6.1 Adding the HR_Addresses as a Data Source

Context

To add the database table as a data source:

Procedure

1. Select entry Singles below Data sources and choose New… from the context menu. The Select template dialog box is displayed:

Select Database in the left list and Generic Database in the right.2. Choose OK to open the Generic Database template wizard.


3. Choose the … button to the right of the Database field to open the JDBC URL wizard. Here, navigate through the wizard, choosing the correct JDBC driver and entering the database connection parameters.

4. Choose Finish to return to the Generic database template dialog box.



The JDBC URL is added.5. Choose OK. The Database properties dialog box is displayed:


Fill in the following fields:

Table 4:

Field Value

Enable Make sure that Enable is selected.

Display name Enter Addresses as the data source's display name.

Unique name Enter a unique name for the data source (here ADDRESSES).

6. Select the Database tab:



The values you entered in the URL wizard are filled in.7. Choose Get database… to verify that you have access to the database and get the database schema.


The Available attributes dialog is displayed. Select the HR_Addresses table to view the columns in the table.8. Choose OK to return to the Database properties dialog box.

9. Select the Data source attributes tab:



The columns in the database table are listed in the attribute list. You can keep the values that are selected.10. It is necessary to map between the unique identifier of the database, EmployeeID and the LDAP unique

identifier, uid. This is the attribute that is used to construct the DN for the SEARCH request that joins the information from the master data source with the information from the attribute source. Choose Define… to open the Define parameters dialog box:


Select UID= from the Attribute types list.

Select EmployeeID from the Available attributes list.

Choose Add attribute to fill in the fields with the correct values.

Choose OK to return to the Database properties dialog box.11. Select the Conversion from tab:



Select Enable conversion from internal attributes.

Use the information in the table in Defining the LDAP mapping section and enter the attribute pairs as displayed above. This is necessary to be able to return the attributes to the client.

Select Add all data source attributes to fill in the To column.

Select the value in the LDAP attribute column in the From list.12. Select the Conversion to tab:


Select Enable conversion to internal attributes.

Choose Synchronize to add the conversions you defined on the Conversion from tab.13. Choose OK to close the dialog box.

Related Information

Defining the LDAP Mapping [page 9]

1.6.2 Testing the Data Sources

Context

You are able to test that you can access the data sources by running the Virtual Directory Server in test mode. When running in test mode, you can access the data sources through the internal virtual tree instead of building a separate virtual tree only to access the attribute sources.



Procedure

1. Choose Server/Test mode…:

Select Enable test mode.

The fields User name and Password contain the credentials that you must use to access the data sources. Define a user name and a password of your own choice (here we use VDSTest as the user name with password password).

The list below contains all available starting points in the internal tree, o=internal. You see the data source name to the right of the starting point.

2. Choose OK to close the dialog box.3. If necessary start the server or update the configuration if it is already running.

NoteReloading the configuration may take a few seconds. The light in the status bar turns yellow while it is reloaded and turns green when the server is running again.

4. Use the internal LDAP client and select Test user to perform a search using the credentials for the test mode.


Verify that you are able to access the data source (double-click the nodes to expand) and that the search returns the expected result.

5. Turn off test mode again and reload the server configuration when you are finished.

1.7 Creating the Join Group

You have now defined the directory server and the database table as single data sources. The next step is to create a join group where you add the information from the database table HR_Addresses to the entries in the directory server before they are returned to the client.

This involves the following steps:

● Adding the join group● Adding the attribute source



● Defining the attributesIn the final configuration, the relations will be as illustrated below:

● The data source Master – directory server (HRSample) is added as the master in the join group.● The data source Addresses is added as the attribute source.● The join group is referenced from the data source node in the virtual tree.

Related Information

Adding the Join Group [page 38]Adding the Addresses as an Attribute Source [page 39]Adding the Attribute Definition [page 44]Modifying the Data Source Node [page 46]Viewing the Contents [page 47]


1.7.1 Adding the Join Group

Context

To add the join group, proceed as follows:

Procedure

1. Choose the entry Groups/Operations/Join below Data sources and choose New… from the context menu. The Join group properties dialog box is displayed:




Table 5:

Field Value


Display name Enter Employees as the name of the group.

Unique name Enter EMPL as the data source groups unique name.

Join properties Select Join base search operations to specify that the join will be performed only on base SEARCH operations. The join operation can be time consuming, so it can be necessary to limit the join to base SEARCH operations.

2. Select … to the right of the Master field to open the Select data source dialog box:

Select Data source and select the directory server in the Source list.3. Choose OK to return to the Join group properties dialog box.

The Master field is now filled in.4. Choose OK to close the dialog box. You must confirm that you want to close the dialog box without any

attribute definitions.

1.7.2 Adding the Addresses as an Attribute Source

You already have added the database table HR_Addresses as a data source, but now you need to add it as an attribute source to the join group. There are two ways you could have referenced the data source: You could either have defined a separate virtual tree for the attribute sources, or you can reference the data source in Virtual Directory Server's internal tree, as we will do here. The nodes in this virtual tree are generated by the Virtual Directory Server based on the available data sources.

In the next step, we have to define properties of the SEARCH request that is able to find the single, unique entry that matches the entry from the master data source. The execution of this SEARCH request will retrieve the attributes that are included in the join operation.


In this tutorial we will describe two ways this can be done. Both will yield the same result. You can choose one of them or try both.

● Join by DN● Join by filter

Related Information

Join by DN [page 40]Join by Filter [page 42]

1.7.2.1 Join by DN

Context

In this example, we will find the correct entry by constructing its exact distinguished name. To achieve this, the search type will be set to BASE and the filter to (objectclass=*) (not relevant for the search result).

In order to construct the target distinguished name, we will use the uid from the incoming distinguished name. To extract the uid from the DN, we use the DN matching template feature.

To add the attribute source, proceed as follows:

Procedure

1. Select the Employees node and choose New… from the context menu. The Attribute source dialog box is displayed:




Table 6:

Field Value

Attribute source name Enter Addresses as the name of the attribute source.

DN matching template Enter uid=<valueofuid> as the uid attribute is retrieved from the SEARCH request and used in the starting point.

The value of the uid from incoming distinguished name will be stored into the temporary variable valueofuid.

VDS tree Select Internal tree as we will access the attribute source through the internal tree.

Starting point Enter uid=<valueofuid> as the starting point. The stored value of valueofuid will be used here.


Field Value

on The list contains all data sources. Select the starting point in the internal tree that corresponds to the attribute source.

Filter Enter (objectclass=*) as the filter.


1.7.2.2 Join by Filter

Context

In the second example, we will find the correct entry by performing a ONE-LEVEL (or SUB) search in the data source and specifying a filter that will result in a single entry.

In order to construct the correct filter we will use a uid from the incoming distinguished name.

NoteYou are not limited to use values from the RDN from incoming distinguished name. Any attribute value from master’s data set could be used here.

Procedure

1. Select the Employees node and choose New… from the context menu to display the Attribute source dialog box:




Table 7:

Field Value

Attribute source name Enter Addresses as the name of the attribute source.

DN matching template Enter uid=<valueofuid> as the uid attribute is retrieved from the SEARCH request and used in the filter.

VDS tree Select Internal tree as we will access the attribute source through the internal tree.

Starting point Leave the starting point empty, as this would search from the top of the data source.

on The list contains all data sources. Select the starting point in the internal tree that corresponds to the attribute source.


Field Value

Filter Enter (employeeid=<valueofuid>) as the filter as this would search for the entry with the EmployeeID matching the uid received from the SEARCH request.

Search type Select ONE-LEVEL (or SUB).


1.7.3 Adding the Attribute Definition

Context

The next step is to define how the attributes are retrieved from the attribute source:

Procedure

1. View the properties of the Employees join group and choose New… to the right of the Attribute definitions list:




Table 8:

Field Value


Attribute name Enter or select the attribute name in the list.

Original attribute set Keep the default value A – Append to original value to specify that you will append the values from the attribute source to any values that exists in the master data source.

Data sources Select S – Single data source to specify that the attribute will be found in only one data source.

Available data sources Select Addresses in the list and choose ->.

2. Choose OK to add the attribute.3. The attribute list will look like this:



1.7.4 Modifying the Data Source Node

Context

At the moment, the data source node o=employees,* in the virtual tree references the data source Master – directory server directly. To be able to view the result of the join process, this node must reference the join group you have created:

Procedure

1. View the properties of the data source node:

Modify the values in the following fields:

Data source category - Select Join group in the list.

Source - Select Employees in the list.2. Choose OK to close the dialog box.



1.7.5 Viewing the Contents

Reload (or start) the server configuration by choosing the Update button .

You can view the properties of an entry in the directory:

Here you see that the postal address has been added to the entry.

NoteUsing the internal LDAP browser you have to select Do base search on this node from the context menu for the selected node before the added attribute postaladdress appears.

If this does not happen, you can try to find the reason by inspecting the operation log. Follow the processing of the LDAP request and see if you find information that can help you solve the problem.


Important Disclaimers and Legal Information

Coding SamplesAny software coding and/or code lines / strings ("Code") included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended to better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, unless damages were caused by SAP intentionally or by SAP's gross negligence.

AccessibilityThe information contained in the SAP documentation represents SAP's current view of accessibility criteria as of the date of publication; it is in no way intended to be a binding guideline on how to ensure accessibility of software products. SAP in particular disclaims any liability in relation to this document. This disclaimer, however, does not apply in cases of wilful misconduct or gross negligence of SAP. Furthermore, this document does not result in any direct or indirect contractual obligations of SAP.

Gender-Neutral LanguageAs far as possible, SAP documentation is gender neutral. Depending on the context, the reader is addressed directly with "you", or a gender-neutral noun (such as "sales person" or "working days") is used. If when referring to members of both sexes, however, the third-person singular cannot be avoided or a gender-neutral noun does not exist, SAP reserves the right to use the masculine form of the noun and pronoun. This is to ensure that the documentation remains comprehensible.

Internet HyperlinksThe SAP documentation may contain hyperlinks to the Internet. These hyperlinks are intended to serve as a hint about where to find related information. SAP does not warrant the availability and correctness of this related information or the ability of this information to serve a particular purpose. SAP shall not be liable for any damages caused by the use of related information unless damages have been caused by SAP's gross negligence or willful misconduct. All links are categorized for transparency (see: http://help.sap.com/disclaimer).


Important Disclaimers and Legal Information

http://help.sap.com/disclaimer/

SAP Identity Management Virtual Directory Server: Joining Data SourcesImportant Disclaimers and Legal Information P U B L I C 49

go.sap.com/registration/contact.html

© 2016 SAP SE or an SAP affiliate company. All rights reserved.No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice.Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary.These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.Please see http://www.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.

https://go.sap.com/registration/contact.html

https://go.sap.com/registration/contact.html

http://www.sap.com/corporate-en/legal/copyright/index.epx

http://www.sap.com/corporate-en/legal/copyright/index.epx