cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is it possible to maintain roles in LDAP rather than the UME database

Go to solution
Former Member

on ‎08-28-2008 1:54 PM

0 Kudos

Hello,

I am using the NetWeaver CE 7.1 SP 5 and have configured the User Management to rely on an Sun One LDAP. As I have learned so far roles assigned to users from the LDAP are maintained in the UME database by default rather than the LDAP.

However, it is desirable to store (and fetch) the information somehow in (from) the LDAP. Is there any way to achieve this?

Best regards

Alexander

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

MichaelShea
Product and Topic Expert
Product and Topic Expert
‎09-02-2008 7:46 AM
0 Kudos

Hi Alexander,

UME roles (and portal roles) are object of the Application Server Java. You cannot store this information in an LDAP. The association between the LDAP user and these roles is stored in the database of the AS Java.

-Michael

Show replies
Show replies
Former Member
‎09-02-2008 8:19 AM
0 Kudos

Hi Michael,

that's what I suspected. Is there a way to map roles stored in the LDAP to the portal roles stored in the UME?

Best regards

Alexander

MichaelShea
Product and Topic Expert
Product and Topic Expert
‎09-02-2008 8:20 AM
0 Kudos

What roles are stored in the LDAP that you want to map to? UME roles and portal roles are stored in the database of the AS Java.

-Michael

Former Member
‎09-02-2008 8:28 AM
0 Kudos

As I have full access to the information stored in LDAP I can define any role I want to have. For instance I could define a role "SAP Portal User" and assign it to a user. Ideally, there is a way to map this LDAP role to the role "Standard User Role" or something like this from the AS Java. The mapping is meant to realize that the user effectively has the role "Standard Portal User" from the Portal's point of view.

Best regards

Alexander

MichaelShea
Product and Topic Expert
Product and Topic Expert
‎09-02-2008 9:16 AM
0 Kudos

When the UME resolves the roles assigned to the user it will look for UME and portal roles directly assigned to the user. Then it will check the group assignments to see if roles are assigned to the groups in the database of the AS Java. The UME is unaware of LDAP roles. You can assign roles to the LDAP groups though.

-Michael

Former Member
‎09-02-2008 9:22 AM
0 Kudos 
You can assign roles to the LDAP groups though.

What does that mean?

Does that mean that I create an LDAP group "SAP Portal user", assign all required Portal roles to this LDAP group, and each user belonging to this group implicitly carries the desired roles? That would solve my problem, won't it?

Best regards

Alexander

MichaelShea
Product and Topic Expert
Product and Topic Expert
‎09-02-2008 10:16 AM
0 Kudos

Yes, you have the idea, assuming all your users are in the LDAP. See [LDAP Directory as Data Source |http://help.sap.com/saphelp_nw04s/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm]

-Michael

Edited by: Michael Shea on Sep 2, 2008 11:16 AM

fix title

Former Member
‎09-04-2008 8:49 AM
0 Kudos

Thank you very much. That worked very well.

Best regards

Alexander

Answers (2)

Answers (2)

Former Member
‎10-10-2008 11:44 PM
0 Kudos

I read somewhere that its possible to customise role persistence to make sure that portal roles are mapped to LDAP groups. May I know if you have done this? How to customise any portal services because in the usr\sap....\server0...\ folder i only see class files for all portal services.

I need this info very uregently. Points will be given for this.

Show replies
Show replies
Former Member
‎10-13-2008 9:01 AM
0 Kudos

Hello Ritesh,

I read somewhere that its possible to customise role persistence to make sure that portal roles are mapped to LDAP groups.

I am not sure what you mean with role persistence. However, you can assign Portal roles to LDAP groups using the UME. The link between a role and the group is stored in the UME database. The benefit is that you can indirectly assign the Portal roles to users by adding the user to the LDAP group which carries the roles.

Best regards

Alexander

Former Member
‎09-25-2008 10:24 PM
0 Kudos

What is the default portal role for every user available in LDAP? During runtime in production enviornement whenver I create new user for LDAP, I want to determine its portal roles automatically and assign those roles to him/her in portal.

Can you suggest me how to do this?

Show replies
Show replies
Ask a Question