Step By Step Guide to Connect LDAP as Datasource …...Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1 Applies to: SAP Netweaver Portal 7.0 SAP Composite Environment
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Applies to: SAP Netweaver Portal 7.0
SAP Composite Environment 7.1 SR5
Summary This document provides step by step guidance on how to connect LDAP as a Datasource for UME in NW 7.0 and CE 7.1. It also provides some sample configuration for the XML used for Datasource incase of Kerberos authentication. This article also provides the steps to connect to message server.
Author: Pankaj Prasoon
Company: Infosys Technologies Limited
Created on: 09 December 2008
Author Bio Pankaj has 2 years of experience in Netweaver. He has worked on JS, J2SE, J2EE, SAP-HTMLB, SAP-Portal Components, Enterprise Portal, MDM, Web Dynpro, Visual Composer, Knowledge Management, XML Form Builders, Composite Environment, ESR, Adobe Forms and ABAP. He has sound understanding of Netweaver Landscape and has been instrumental in designing them.
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Table of Contents Introduction .........................................................................................................................................................3
Purpose & Scope ............................................................................................................................................3 LDAP as Data source .........................................................................................................................................4
Netweaver 7.0 .................................................................................................................................................4 Download the Data Source File ...................................................................................................................................4 Creating a LDAP Datasource using Configtool ............................................................................................................6 Creating a LDAP Datasource using Enterprise Portal..................................................................................................7
CE 7.1 SR5.......................................................................................................................................................10 Creating a LDAP Datasource using CE Enterprise Portal ............................................................................10
Message Server................................................................................................................................................11 Connecting Message Server using Visual Admin/Configtool........................................................................11 Connecting Message Server using Enterprise Portal ...................................................................................13
Defining Custom Attribute in UME....................................................................................................................14 Sample configuration file ..................................................................................................................................15
Login id mapped to Email ID.........................................................................................................................15 Mapping done for Kerberos authentication...................................................................................................20
Related Content................................................................................................................................................26 Disclaimer and Liability Notice..........................................................................................................................27
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Introduction
Purpose & Scope
Authentication is the process of verifying user credentials like user id, password etc before giving access to the set of resources. Once a user is authenticated, portal issues a logon ticket with which the user can continue to access the system till his session times out.
UME uses authentication schemes, which is an XML file. Logon ticket will contain authentication information once a user login to the portal. UME user data is stored in one or more data sources. Each type of data source has its own persistence adapter.
The persistence manager consults the persistence adapters when creating, reading, writing, and searching user management data.
The document describes only the preliminary configuration related to LDAP, UME using the XML Configuration Interfaces.
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
LDAP as Data source The user management engine (UME) can use an LDAP directory as its data source for user management data. LDAP directory has a hierarchy flat or deep of users and groups that is supported by the UME.
On perquisite and constraints refer to the following link
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
o Select the Configuration file from the dropdown.
o Enter the Server Name.
o Enter the Server port.
o Enter the user Id and Password for the LDAP.
o Enter the user path and group path in the LDAP.
5. Click on Test connection
6. Restart the Server Cluster.
Creating a LDAP Datasource using Enterprise Portal
1. Login to portal using administrative used id access.
2. Navigate to System Administration System Configuration Ume Configuration.
Note: The LDAP tab initially might not be visible.
3. Select the Tab Data Source.
4. Click on Modify Configuration to download and upload the XML configuration file.
5. In order to download the configuration file for modification we need to follow the steps as mentioned in the 1.1 as from EP 7 SP 10 onwards the GUI at times displays XML error.
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
CE 7.1 SR5
Creating a LDAP Datasource using CE Enterprise Portal
1. Login to portal using administrative used id access.
2. Navigate to System Administration System Configuration Ume Configuration.
Note: The LDAP tab initially might not be visible.
3. Select the Tab Data Source.
4. Click on Modify Configuration to download and upload the XML configuration file.
5. In order to download the configuration file for modification we need to follow the steps as mentioned in the 1.1 as from EP 7 SP 10 onwards the GUI at times displays XML error.
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
8. Enter the following details
a. Connection Data:-
b. Server Name: - name of the LDAP Server.
c. Server Port: - Port for the LDAP Server (default 389).
d. User: - User id for connecting to the LDAP.
e. Password: - Password for the user used for connecting to the LDAP.
f. User Path: - User Path for the users in LDAP directory.
g. Group Path: - Group Path for the groups in the LDAP directory.
h. Enter the Unique attribute to which UME unique ID needs to be mapped. The attribute will be used as login id for the LDAP user. (eg samaccountname )
i. Connection Pool Settings :-
Refer to the following link for more details on the same.
Step By Step Guide to Connect LDAP as Datasource in NW 7.0 and CE 7.1
Note: - The user id does not have a password associated with it.
Note: The user id does not have a password associated with it.
7. Restart the J2ee Cluster for the changes to get reflected.
Defining Custom Attribute in UME We would define custom attributes in UME for the Kerberos authentication and will map the same in the XML which will be used for the LDAP connection from the Datasource. Following are the steps to define the custom attributes.
1. Login to portal using administrative used id access.
2. Navigate to System Administration System Configuration Ume Configuration.
3. Click on Modify Configuration.
4. Open the User Admin UI.
5. Enter the following attributes in the custom attributes field (Currently we are using standard sap provided namespace).
• krb5principalname (Required for Kerberos authentication)
• kpnprefix; (Required for Kerberos authentication)
Disclaimer and Liability Notice This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.
SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk.
SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document.