Upload
others
View
26
Download
4
Embed Size (px)
Citation preview
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Applies to: SAP Netweaver Portal 7.0
SAP Composite Environment 7.1 SR5
Summary This document provides step by step guidance on how to connect LDAP as a Datasource for UME in NW 7.0 and CE 7.1. It also provides some sample configuration for the XML used for Datasource incase of Kerberos authentication. This article also provides the steps to connect to message server.
Author: Pankaj Prasoon
Company: Infosys Technologies Limited
Created on: 09 December 2008
Author Bio Pankaj has 2 years of experience in Netweaver. He has worked on JS, J2SE, J2EE, SAP-HTMLB, SAP-Portal Components, Enterprise Portal, MDM, Web Dynpro, Visual Composer, Knowledge Management, XML Form Builders, Composite Environment, ESR, Adobe Forms and ABAP. He has sound understanding of Netweaver Landscape and has been instrumental in designing them.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 1
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Table of Contents Introduction .........................................................................................................................................................3
Purpose & Scope ............................................................................................................................................3 LDAP as Data source .........................................................................................................................................4
Netweaver 7.0 .................................................................................................................................................4 Download the Data Source File ...................................................................................................................................4 Creating a LDAP Datasource using Configtool ............................................................................................................6 Creating a LDAP Datasource using Enterprise Portal..................................................................................................7
CE 7.1 SR5.......................................................................................................................................................10 Creating a LDAP Datasource using CE Enterprise Portal ............................................................................10
Message Server................................................................................................................................................11 Connecting Message Server using Visual Admin/Configtool........................................................................11 Connecting Message Server using Enterprise Portal ...................................................................................13
Defining Custom Attribute in UME....................................................................................................................14 Sample configuration file ..................................................................................................................................15
Login id mapped to Email ID.........................................................................................................................15 Mapping done for Kerberos authentication...................................................................................................20
Related Content................................................................................................................................................26 Disclaimer and Liability Notice..........................................................................................................................27
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 2
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Introduction
Purpose & Scope
Authentication is the process of verifying user credentials like user id, password etc before giving access to the set of resources. Once a user is authenticated, portal issues a logon ticket with which the user can continue to access the system till his session times out.
UME uses authentication schemes, which is an XML file. Logon ticket will contain authentication information once a user login to the portal. UME user data is stored in one or more data sources. Each type of data source has its own persistence adapter.
The persistence manager consults the persistence adapters when creating, reading, writing, and searching user management data.
The document describes only the preliminary configuration related to LDAP, UME using the XML Configuration Interfaces.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 3
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
LDAP as Data source The user management engine (UME) can use an LDAP directory as its data source for user management data. LDAP directory has a hierarchy flat or deep of users and groups that is supported by the UME.
On perquisite and constraints refer to the following link
http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
Netweaver 7.0
Following are the steps to create a Datasource file for LDAP.
Download the Data Source File
1. Login to the Server (operating system)
2. Navigate to /usr/sap/<SID>/JC<InstanceNo>/j2ee/Configtool
o For Windows Configtool.bat
o For Unix/Linux Configtool.sh
3. Navigate to
Cluster_data Server persistent com.sap.security.core.ume.service
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 4
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
4. Switch to Edit mode, click on
5. Click on the LDAP Server configuration XML for download.
6. Edit the configuration file and rename it.
7. Click on the icon to upload the edited XML file.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 5
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Creating a LDAP Datasource using Configtool
1. Navigate to /usr/sap/<SID>/JC<InstanceNo>/j2ee/Configtool
a. For Windows Configtool.sh
b. For Unix/Linux Configtool.bat
2. Start the Configtool.
3. Navigate to the UME LDAP Data.
4. Enter the following details
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 6
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
o Select the Configuration file from the dropdown.
o Enter the Server Name.
o Enter the Server port.
o Enter the user Id and Password for the LDAP.
o Enter the user path and group path in the LDAP.
5. Click on Test connection
6. Restart the Server Cluster.
Creating a LDAP Datasource using Enterprise Portal
1. Login to portal using administrative used id access.
2. Navigate to System Administration System Configuration Ume Configuration.
Note: The LDAP tab initially might not be visible.
3. Select the Tab Data Source.
4. Click on Modify Configuration to download and upload the XML configuration file.
5. In order to download the configuration file for modification we need to follow the steps as mentioned in the 1.1 as from EP 7 SP 10 onwards the GUI at times displays XML error.
6. Upload the edited XML Configuration file.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 7
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
7. Click on the LDAP Server Tab.
8. Enter the following details
o Connection Data:-
Server Name: - name of the LDAP Server.
Server Port: - Port for the LDAP Server (default 389).
User: - User id for connecting to the LDAP.
Password: - Password for the user used for connecting to the LDAP.
User Path: - User Path for the users in LDAP directory.
Group Path: - Group Path for the groups in the LDAP directory.
o Enter the Unique attribute to which UME unique ID needs to be mapped. The attribute will be used as login id for the LDAP user. (eg samaccountname )
o Connection Pool Settings :-
Refer to the following link for more details on the same.
http://help.sap.com/saphelp_nw70/helpdata/EN/6c/34ee408a63732ae10000000a155106/frameset.htm
9. Click on test connection
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 8
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
10. Restart J2ee Server Cluster for the changes to reflect.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 9
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
CE 7.1 SR5
Creating a LDAP Datasource using CE Enterprise Portal
1. Login to portal using administrative used id access.
2. Navigate to System Administration System Configuration Ume Configuration.
Note: The LDAP tab initially might not be visible.
3. Select the Tab Data Source.
4. Click on Modify Configuration to download and upload the XML configuration file.
5. In order to download the configuration file for modification we need to follow the steps as mentioned in the 1.1 as from EP 7 SP 10 onwards the GUI at times displays XML error.
6. Upload the edited XML Configuration file.
7. Click on the LDAP Server Tab.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 10
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
8. Enter the following details
a. Connection Data:-
b. Server Name: - name of the LDAP Server.
c. Server Port: - Port for the LDAP Server (default 389).
d. User: - User id for connecting to the LDAP.
e. Password: - Password for the user used for connecting to the LDAP.
f. User Path: - User Path for the users in LDAP directory.
g. Group Path: - Group Path for the groups in the LDAP directory.
h. Enter the Unique attribute to which UME unique ID needs to be mapped. The attribute will be used as login id for the LDAP user. (eg samaccountname )
i. Connection Pool Settings :-
Refer to the following link for more details on the same.
http://help.sap.com/saphelp_nw70/helpdata/EN/6c/34ee408a63732ae10000000a155106/frameset.htm
9. Click on test connection
10. Restart CE Server Cluster for the changes to reflect.
Note: Rest all the steps for CE are same as of Netweaver 7.0.
Message Server
Connecting Message Server using Visual Admin/Configtool.
1. Navigate to the following path and start the Configtool.
2. /usr/sap/<SID>/JC<InstanceNo>/j2ee/Configtool
3. For Windows Configtool.sh
4. For Unix/Linux Configtool.bat
5. In the tree, navigate to
6. Cluster-data server cfg services.
7. Switch to Edit mode, click on
8. Right click on the property com.sap.security.core.ume.service.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 11
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
9. Enter the values in the following properties and apply custom
o Ume.notification.mail_host ( The name of the Mail Server)
o Ume.notification.system_mail (Email address of the administrator).
10. Restart the cluster for the changes to get reflected.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 12
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Connecting Message Server using Enterprise Portal
1. Login to portal using administrative used id access.
2. Navigate to System Administration System Configuration Ume Configuration.
3. Click on the Notification Emails Tab.
4. Click on modification tab.
5. Enter the SMTP Server Name and the administrative Email Address.
6. Click on save all Changes.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 13
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Note: - The user id does not have a password associated with it.
Note: The user id does not have a password associated with it.
7. Restart the J2ee Cluster for the changes to get reflected.
Defining Custom Attribute in UME We would define custom attributes in UME for the Kerberos authentication and will map the same in the XML which will be used for the LDAP connection from the Datasource. Following are the steps to define the custom attributes.
1. Login to portal using administrative used id access.
2. Navigate to System Administration System Configuration Ume Configuration.
3. Click on Modify Configuration.
4. Open the User Admin UI.
5. Enter the following attributes in the custom attributes field (Currently we are using standard sap provided namespace).
• krb5principalname (Required for Kerberos authentication)
• kpnprefix; (Required for Kerberos authentication)
• dn (Domain Details)
• EmpID; (Employee ID for an Employee)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 14
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
6. Click on Save
7. Restart the server.
Note: We can define as many custom attributes.
For more details please refer to
http://help.sap.com/SAPHELP_NW04S/helpdata/EN/44/0316d50bbe025ce10000000a1553f7/content.htm
Sample configuration file
Login id mapped to Email ID
<?xml version="1.0" encoding="UTF-8"?> <!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_iplanet_not_readonly_db.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) --> <!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd"> <dataSources> <dataSource id="PRIVATE_DATASOURCE" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true"> <homeFor> <principals> <principal type="account"> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> <principal type="user"> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> <principal type="team" /> <principal type="ROOT" /> <principal type="OOOO" /> </principals> </homeFor> <notHomeFor/> <responsibleFor> <principals> <principal type="group"/> <principal type="user"/> <principal type="account"/> <principal type="team"/>
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 15
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
<principal type="ROOT" /> <principal type="OOOO" /> </principals> </responsibleFor> <notResponsibleFor/> <attributeMapping /> <privateSection/> </dataSource> <dataSource id="CORP_LDAP" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="false" isPrimary="true"> <homeFor> <principal type="account"/> <principal type="user"/> <principal type="group"/> </homeFor> <notHomeFor> <principal type="account"> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> <principal type="user"> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> </notHomeFor> <responsibleFor> <principal type="account"> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="j_user"/> <attribute name="logonalias"/> <attribute name="j_password"/> <attribute name="userid"/> </attributes> </nameSpace> </principal> <principal type="user"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="firstname" populateInitially="true"/>
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 16
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
<attribute name="displayname" populateInitially="true"/> <attribute name="lastname" populateInitially="true"/> <attribute name="fax"/> <attribute name="email"/> <attribute name="title"/> <attribute name="department"/> <attribute name="description"/> <attribute name="mobile"/> <attribute name="telephone"/> <attribute name="streetaddress"/> <attribute name="uniquename" populateInitially="true"/> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.usermanagement.relation"> <attributes> <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/> </attributes> </nameSpace> <nameSpace name="$usermapping$"> <attributes> <attribute name="REFERENCE_SYSTEM_USER"/> </attributes> </nameSpace> </nameSpaces> </principal> <principal type="group"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="displayname" populateInitially="true"/> <attribute name="description" populateInitially="true"/> <attribute name="uniquename"/> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.usermanagement.relation"> <attributes> <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/> <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.bridge"> <attributes> <attribute name="dn"/> </attributes> </nameSpace> </nameSpaces> </principal> </responsibleFor> <attributeMapping> <principals> <principal type="account"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="j_user"> <physicalAttribute name="mail"/>
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 17
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
</attribute> <attribute name="logonalias"> <physicalAttribute name="mail"/> </attribute> <attribute name="j_password"> <physicalAttribute name="userpassword"/> </attribute> <attribute name="userid"> <physicalAttribute name="*null*"/> </attribute> </attributes> </nameSpace> </nameSpaces> </principal> <principal type="user"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="firstname"> <physicalAttribute name="givenname"/> <attribute> <attribute name="displayname"> <physicalAttribute name="displayname"/> </attribute> <attribute name="lastname"> <physicalAttribute name="sn"/> </attribute> attribute name="fax"> <physicalAttribute name="facsimiletelephonenumber"/> </attribute> <attribute name="uniquename"> <physicalAttribute name="uid"/> </attribute> <attribute name="loginid"> <physicalAttribute name="*null*"/> </attribute> <attribute name="email"> <physicalAttribute name="mail"/> </attribute> <attribute name="mobile"> <physicalAttribute name="mobile"/> </attribute> <attribute name="telephone"> <physicalAttribute name="telephonenumber"/> </attribute> <attribute name="department"> <physicalAttribute name="ou"/> </attribute> <attribute name="description"> <physicalAttribute name="description"/> </attribute> <attribute name="streetaddress"> <physicalAttribute name="postaladdress"/> </attribute> <attribute name="pobox">
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 18
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
<physicalAttribute name="postofficebox"/> </attribute> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.usermanagement.relation"> <attributes> <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"> <physicalAttribute name="*null*"/> </attribute> </attributes> </nameSpace> <nameSpace name="$usermapping$"> <attributes> <attribute name="REFERENCE_SYSTEM_USER"> <physicalAttribute name="sapusername"/> </attribute> </attributes> </nameSpace> </nameSpaces> </principal> <principal type="group"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="displayname"> <physicalAttribute name="ou"/> </attribute> <attribute name="description"> <physicalAttribute name="description"/> </attribute> <attribute name="uniquename" populateInitially="true"> <physicalAttribute name="ou"/> </attribute> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.usermanagement.relation"> <attributes> <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"> <physicalAttribute name="uniquemember"/> </attribute> <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"> <physicalAttribute name="*null*"/> </attribute> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.bridge"> <attributes> <attribute name="dn"> <physicalAttribute name="*null*"/> </attribute> </attributes> </nameSpace> </nameSpaces> </principal> </principals>
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 19
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
</attributeMapping> <privateSection> <ume.ldap.access.server_type>SUN</ume.ldap.access.server_type> <ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory> <ume.ldap.access.authentication>simple</ume.ldap.access.authentication> <ume.ldap.access.flat_group_hierachy>false</ume.ldap.access.flat_group_hierachy> <ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account> <ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups> <ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory> <ume.ldap.access.objectclass.user>inetOrgPerson</ume.ldap.access.objectclass.user> <ume.ldap.access.objectclass.uacc>inetOrgPerson</ume.ldap.access.objectclass.uacc> <ume.ldap.access.objectclass.grup>groupofuniquenames</ume.ldap.access.objectclass.grup> <ume.ldap.access.naming_attribute.user>uid</ume.ldap.access.naming_attribute.user> <ume.ldap.access.auxiliary_naming_attribute.user>cn</ume.ldap.access.auxiliary_naming_attribute.user> <ume.ldap.access.naming_attribute.uacc>uid</ume.ldap.access.naming_attribute.uacc> <ume.ldap.access.auxiliary_naming_attribute.uacc>cn</ume.ldap.access.auxiliary_naming_attribute.uacc> <ume.ldap.access.naming_attribute.grup>ou</ume.ldap.access.naming_attribute.grup> </privateSection> </dataSource> </dataSources>
Mapping done for Kerberos authentication
<?xml version="1.0" encoding="UTF-8"?> <!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_iplanet_not_readonly_db.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) --> <!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd"> <dataSources> <dataSource id="PRIVATE_DATASOURCE" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true"> <homeFor> <principals> <principal type="account"> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> <principal type="user"> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value>
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 20
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
</values> </attribute> </nameSpace> </principal> <principal type="team" /> <principal type="ROOT" /> <principal type="OOOO" /> </principals> </homeFor> <notHomeFor/> <responsibleFor> <principals> <principal type="group"/> <principal type="user"/> <principal type="account"/> <principal type="team"/> <principal type="ROOT" /> <principal type="OOOO" /> </principals> </responsibleFor> <notResponsibleFor/> <attributeMapping /> <privateSection/> </dataSource> <dataSource id="CORP_LDAP" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="false" isPrimary="true"> <homeFor> <principal type="account"/> <principal type="user"/> <principal type="group"/> </homeFor> <notHomeFor> <principal type="account"> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> <principal type="user"> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> </notHomeFor>
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 21
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
<responsibleFor> <principal type="account"> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="j_user"/> <attribute name="logonalias"/> <attribute name="j_password"/> <attribute name="userid"/> </attributes> </nameSpace> </principal> <principal type="user"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="firstname" populateInitially="true"/> <attribute name="displayname" populateInitially="true"/> <attribute name="lastname" populateInitially="true"/> <attribute name="fax"/> <attribute name="email"/> <attribute name="title"/> <attribute name="department"/> <attribute name="description"/> <attribute name="mobile"/> <attribute name="telephone"/> <attribute name="streetaddress"/> <attribute name="uniquename" populateInitially="true"/> <attribute name="krb5principalname"/> <attribute name="kpnprefix"/> <attribute name="dn"/> <attribute name="EmpID" populateInitially="true"/> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.usermanagement.relation"> <attributes> <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/> </attributes> </nameSpace> <nameSpace name="$usermapping$"> <attributes> <attribute name="REFERENCE_SYSTEM_USER"/> </attributes> </nameSpace> </nameSpaces> </principal> <principal type="group"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="displayname" populateInitially="true"/> <attribute name="description" populateInitially="true"/> <attribute name="uniquename"/> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.usermanagement.relation"> <attributes>
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 22
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/> <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.bridge"> <attributes> <attribute name="dn"/> </attributes> </nameSpace> </nameSpaces> </principal> </responsibleFor> <attributeMapping> <principals> <principal type="account"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name=" samaccountname "> <physicalAttribute name="mail"/> </attribute> <attribute name="logonalias"> <physicalAttribute name="mail"/> </attribute> <attribute name="j_password"> <physicalAttribute name="userpassword"/> </attribute> <attribute name="userid"> <physicalAttribute name="*null*"/> </attribute> </attributes> </nameSpace> </nameSpaces> </principal> <principal type="user"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="firstname"> <physicalAttribute name="givenname"/> <attribute> <attribute name="displayname"> <physicalAttribute name="displayname"/> </attribute> <attribute name="lastname"> <physicalAttribute name="sn"/> </attribute> attribute name="fax"> <physicalAttribute name="facsimiletelephonenumber"/> </attribute> <attribute name="uniquename"> <physicalAttribute name="uid"/> </attribute> <attribute name="loginid"> <physicalAttribute name="*null*"/>
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 23
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
</attribute> <attribute name="email"> <physicalAttribute name="mail"/> </attribute> <attribute name="mobile"> <physicalAttribute name="mobile"/> </attribute> <attribute name="telephone"> <physicalAttribute name="telephonenumber"/> </attribute> <attribute name="department"> <physicalAttribute name="ou"/> </attribute> <attribute name="description"> <physicalAttribute name="description"/> </attribute> <attribute name="streetaddress"> <physicalAttribute name="postaladdress"/> </attribute> <attribute name="pobox"> <physicalAttribute name="postofficebox"/> </attribute> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.usermanagement.relation"> <attributes> <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"> <physicalAttribute name="*null*"/> </attribute> </attributes> </nameSpace> <nameSpace name="$usermapping$"> <attributes> <attribute name="REFERENCE_SYSTEM_USER"> <physicalAttribute name="sapusername"/> </attribute> </attributes> </nameSpace> </nameSpaces> </principal> <principal type="group"> <nameSpaces> <nameSpace name="com.sap.security.core.usermanagement"> <attributes> <attribute name="displayname"> <physicalAttribute name="ou"/> </attribute> <attribute name="description"> <physicalAttribute name="description"/> </attribute> <attribute name="uniquename" populateInitially="true"> <physicalAttribute name="ou"/> </attribute> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.usermanagement.relation">
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 24
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
<attributes> <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"> <physicalAttribute name="uniquemember"/> </attribute> <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"> <physicalAttribute name="*null*"/> </attribute> </attributes> </nameSpace> <nameSpace name="com.sap.security.core.bridge"> <attributes> <attribute name="dn"> <physicalAttribute name="*null*"/> </attribute> </attributes> </nameSpace> </nameSpaces> </principal> </principals> </attributeMapping> <privateSection> <ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type> <ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory> <ume.ldap.access.authentication>simple</ume.ldap.access.authentication> <ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy> <ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account> <ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups> <ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory> <ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user> <ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc> <ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup> <ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user> <ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user> <ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc> <ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc> <ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 25
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Related Content https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/8 302a929-0501-0010-05b5-d48f544bc572
http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
SAP NOTE :- 736471, 675633, 1124498
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 26
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2008 SAP AG 27
Disclaimer and Liability Notice This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.
SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk.
SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document.