Search This Blog

Tuesday, May 28

Pointing UME of Portal to Active directory or LDAP

To give a background of UME : UME stands for user management engine of sap enterprise portal. It stores the user attributes like groups, roles, user names, user contact details etc.

UME can be configured to take all the above data from various data sources like active directory or LDAP, SAP CRM system, SAP J2EE engine database etc.

In this post we are going to learn the steps required to integrate Active directory or LDAP with the UME of  portal.

before you start configuring the UME to use LDAP, 4 things needs to be in place:
1. During installation of WAS ie web application server, UME was configured to use J2EE engine database as data source.
2. LDAP consists of a hierarchy of users and groups which are supported by the UME of portal.
3. Data source configuration XML file is in place. This file can be obtained from the administrator of LDAP.
4. The administrator of LDAP has created a user using which Portal UME can connect to LDAP. The user created for connection purpose must have read and search permissions. This user is called service user. UserID and password of service user can be obtained from the administrator of LDAP.
If above 4 things are in place, you are all set to go ahead and configure UME of portal to use LDAP as a user data source.

Step1. Start the configuration tool by executing \j2ee\configtool\configtool.bat.

Choose UME LDAP in the configuration tool as shown below

In the LDAP configuration tool under Data Source Configuration file, choose Browse and browse to the new configuration file dataSourceConfiguration_ads_readonly_db_with_krb5.xml

Choose upload.

Step2. Enter connection data to LDAP server. Service user provided by LDAP administrator be used in this step.
Start the config tool as explained in step1, go to connection data and enter connection data with below values

LDAP Server Type  MICROSOFT ADS – Predefined

Server Name 

Server Port   

User      Service User*

Password      Password of the Service User*

SSL   Not Selected

UME unique id with unique LDAP attribute    Samaccountname

User Path    CN=Users,DC=,DC=org

Group Path   CN=Users,DC=,DC=org

Then chose test connection to test the connection with LDAP with the data you entered above. Thats it !!! done with LDAP configuration !

Please feel free to add comments to this blog post to improve it...