cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UME Attribute mapping

Former Member

on ‎07-04-2004 12:00 PM

0 Kudos

Hi,

via the files dataSourceConfiguration....xml it is possible to map physical user store parameters to UME attributes

<attributeMapping>

<principals>

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="firstname">

<physicalAttribute name="givenname"/>

</attribute>

<attribute name="displayname">

<physicalAttribute name="displayname"/>

</attribute>

...

Is it also possible to map attributes of the physical user store to "self defined" UME attributes?

I would like to map the physical attribute persnr (employee number) to a UME attribute "persnr" and request it in my application with IUser.getAttribute("persnr").

Is this possible?

Thanks in advance

Helmut

Message was edited by: Mary Joan Hebert

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (8)

Answers (8)

Former Member
‎08-25-2004 11:06 AM
0 Kudos

Hi Stefan,

thanks for clearing this point. I didn't know these details since I never opened a new thread in SDN.

@Helmut: sorry for pushing this a bit too much, but I'm pretty much disappointed by some SDN users who take help by people like us for granted.

Best regards

Show replies
Show replies
htammen
Active Contributor
‎08-26-2004 7:48 AM
0 Kudos

Hi Albert, hi Stefan,

thanks for information about the reward program. I´ve never heard of this before.

Regards

Helmut

Former Member
‎08-25-2004 9:43 AM
0 Kudos

Hi Helmut,

if you don't want to reward points, well, that's up to you, but remember:

/people/mark.finnern/blog/2004/08/10/spread-the-love

Please be so kind and mark your thread as closed since the problem is solved. This is just a matter of courtesy and helps other SDN users.

Best regards

Show replies
Show replies
Former Member
‎08-25-2004 10:16 AM
0 Kudos

Hi Albert,

Helmut has no chance. This is not a question thread and was opened before the reward system started, so he can't reward any points.

Regards

Stefan

Former Member
‎08-21-2004 4:11 PM
0 Kudos

Hi Helmut,

that's good news! In case you would like to apreciate my help, please use the SDN reward program:-)

Regards

Albert

Show replies
Show replies
Former Member
‎08-12-2004 10:37 AM
0 Kudos

Hi,

now I could convince the admins to do my requested changes to the UME config. We successfully prooved that it is possible to map a nonstandard UME attribute to an existing LDAP attribute and access this attribute via methods as described in the previous postings.

One only needs to add two lines to the dataSourceConfig-File (best thing is to create a new one from an existing:

<attribute name="myownattribute" populateInitially="true"/>

and

<attribute name="myownattribute">

<physicalAttribute name="displayname"/>

</attribute>

Hope that helps and in case it does please don't forget the reward program.

Best regards

Show replies
Show replies
htammen
Active Contributor
‎08-21-2004 9:58 AM
0 Kudos

Hi Albert,

I didn´t forget you. We had to test the information you gave us and that took a while.

In the end we were successful. So your help was very useful.

Thank you very much

Helmut

Former Member
‎12-20-2005 2:32 PM
0 Kudos

Hi Helmut

I have encountered the same challenge as you did, and I have recently been told by SAP, that it is not possible to map LDAP attributes into custom UME attributes.

Because of that I would really like to know how you managed to map the attributes? Which entries did you make in your dataSourceConfiguration-file? Where in KM did you need to make changes in order to make the mapping work?

And what version of KM were you running on?

Best regards,

Martin

I should mention that I tried the below stated, and we weren't succesful.

One only needs to add two lines to the dataSourceConfig-File (best thing is to create a new one from an existing:

Message was edited by: Martin Søgaard

Former Member
‎08-06-2004 2:45 PM
0 Kudos

Hello Helmut,

what kind of problem occurs if the administrator tries the desired form

<attribute name="persnr"> <physicalAttribute name="persnr"/> </attribute>

Does he get any error message in some log file? Is it possible to post the relevant datasourceConfig-File?

Did the administrator add an entry not only into <attributeMapping> but also into:

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="firstname" populateInitially="true"/>

<attribute name="displayname" populateInitially="true"/>

<attribute name="lastname" populateInitially="true"/>

<attribute name="fax"/>

<attribute name="email"/>

<attribute name="title"/>

<attribute name="department"/>

<attribute name="description"/>

<attribute name="mobile"/>

<attribute name="telephone"/>

<attribute name="streetaddress"/>

<attribute name="uniquename" populateInitially="true"/>

<attribute name="persnr"/>

</attributes>

</nameSpace>

Have a nice weekend

AE

Show replies
Show replies
Former Member
‎08-05-2004 12:30 PM
0 Kudos

Dear Helmut,

all I could find for the administrator is the following link:

http://help.sap.com/saphelp_nw04/helpdata/en/bd/e8fc3f8fc2c542e10000000a1550b0/frameset.htm

Unfortunately I can't just try it out in our portal, but I verified that it is possible to access mapped attributes not only through the UME standard methods but also by the generic method IUser.getAttribute(namespace, attributename):

user.getAttribute("com.sap.security.core.usermanagement", "firstname")[0]

gives the same result as user.getFirstName(). Our datasource-File looks like this:

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="firstname"> <physicalAttribute name="givenname"/> </attribute>

...

as I understand your problem the only thing what needs to be added to the datasource file is an entry like:

<attribute name="persnr"> <physicalAttribute name="persnr"/> </attribute>

Please let me know if you get this thing working.

Best regards

AE

Show replies
Show replies
htammen
Active Contributor
‎08-06-2004 12:55 PM
0 Kudos

Hi Albert,

thank you for this discussion. Maybe we find a solution this way.

Yes, in deed, my problem is to map a physicalAttribute "persnr" to a logical attribute "persnr".

But the first case does not work says the admin of the system.

Does anyone have experience with this?

Thanks in advance

Helmut

Former Member
‎08-04-2004 1:07 PM
0 Kudos

Dear Helmut,

according to Will Carltons article "USING THE NEW USER MANAGEMENT API IN EP 6.0" in SDN this should be possible. Here is the relevant paragraph from Wills paper:

=============>>>>>>>>>>>>>

Accessing non standard LDAP attributes

Often times a component developer needs access to information that may be contained in the corporate directory server. The UME can be configured to provide access to any number of arbitrary LDAP attributes. This is accomplished by editing the dataSourceConfiguration_xxx.xml file associated with the directory server. See the Administration Guide for details on modifying this file.

Once the XML file has been configured and uploaded, the developer has access to any of the attributes configured in the file. You can use the getAttribute() method on the user object to access the special attributes. The method requires two parameters: a Namespace, and the Attribute Name. The namespace is used provide additional flexibility in complex user management configurations. The standard namespace is “com.sap.security.core.usermanagement”. However, you can obtain a list of namespaces associated with the user by calling getAttributeNamespaces() on the user object.

response.write("<br>Attributes: ");

String namespaces[] = user.getAttributeNamespaces();

String ns = null;

for (int i = 0; i < namespaces.length; i++) {

if (i > 0)

ns = namespaces<i>;

String attrNames[] = user.getAttributeNames(ns);

if (ns != null)

response.write("<br>NS: " + ns);

for (int j = 0; j < attrNames.length; j++) {

Object attr[] = user.getAttribute(ns, attrNames[j]);

response.write("<br>" + attrNames[j] + " = ");

for (int k = 0; k < attr.length; k++)

response.write(attr[0].toString() + ", ");

}

}

<<<======================================

Hope that helps.

Albert

Show replies
Show replies
htammen
Active Contributor
‎08-05-2004 10:59 AM
0 Kudos

Thank you Albert,

that was the place I´ve found the information, that it should work, too.

We have the problem that the admin can´t match the ldap attributes to UME attributes. He says that the documentation does not describe this scenario in detail (??).

I´m the developer who needs the additional ldap attributes and hoped that someone here could give me a simple hint that I could forward to the admin.

Regards

Helmut

htammen
Active Contributor
‎07-23-2004 9:35 AM
0 Kudos

Hi,

this question hasn´t been answered yet.

Can anyone help me, please? Am I wrong in this forum? Where do I have to post the question?

Best redards

Helmut

Show replies
Show replies
Ask a Question