on 07-04-2004 12:00 PM
Hi,
via the files dataSourceConfiguration....xml it is possible to map physical user store parameters to UME attributes
<attributeMapping>
<principals>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
...
Is it also possible to map attributes of the physical user store to "self defined" UME attributes?
I would like to map the physical attribute persnr (employee number) to a UME attribute "persnr" and request it in my application with IUser.getAttribute("persnr").
Is this possible?
Thanks in advance
Helmut
Message was edited by: Mary Joan Hebert
Hi Stefan,
thanks for clearing this point. I didn't know these details since I never opened a new thread in SDN.
@Helmut: sorry for pushing this a bit too much, but I'm pretty much disappointed by some SDN users who take help by people like us for granted.
Best regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Helmut,
if you don't want to reward points, well, that's up to you, but remember:
/people/mark.finnern/blog/2004/08/10/spread-the-love
Please be so kind and mark your thread as closed since the problem is solved. This is just a matter of courtesy and helps other SDN users.
Best regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Helmut,
that's good news! In case you would like to apreciate my help, please use the SDN reward program:-)
Regards
Albert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
now I could convince the admins to do my requested changes to the UME config. We successfully prooved that it is possible to map a nonstandard UME attribute to an existing LDAP attribute and access this attribute via methods as described in the previous postings.
One only needs to add two lines to the dataSourceConfig-File (best thing is to create a new one from an existing:
<attribute name="myownattribute" populateInitially="true"/>
and
<attribute name="myownattribute">
<physicalAttribute name="displayname"/>
</attribute>
Hope that helps and in case it does please don't forget the reward program.
Best regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Helmut
I have encountered the same challenge as you did, and I have recently been told by SAP, that it is not possible to map LDAP attributes into custom UME attributes.
Because of that I would really like to know how you managed to map the attributes? Which entries did you make in your dataSourceConfiguration-file? Where in KM did you need to make changes in order to make the mapping work?
And what version of KM were you running on?
Best regards,
Martin
I should mention that I tried the below stated, and we weren't succesful.
One only needs to add two lines to the dataSourceConfig-File (best thing is to create a new one from an existing:
Message was edited by: Martin Søgaard
Hello Helmut,
what kind of problem occurs if the administrator tries the desired form
<attribute name="persnr"> <physicalAttribute name="persnr"/> </attribute>
Does he get any error message in some log file? Is it possible to post the relevant datasourceConfig-File?
Did the administrator add an entry not only into <attributeMapping> but also into:
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="email"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
<attribute name="persnr"/>
</attributes>
</nameSpace>
Have a nice weekend
AE
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Helmut,
all I could find for the administrator is the following link:
http://help.sap.com/saphelp_nw04/helpdata/en/bd/e8fc3f8fc2c542e10000000a1550b0/frameset.htm
Unfortunately I can't just try it out in our portal, but I verified that it is possible to access mapped attributes not only through the UME standard methods but also by the generic method IUser.getAttribute(namespace, attributename):
user.getAttribute("com.sap.security.core.usermanagement", "firstname")[0]
gives the same result as user.getFirstName(). Our datasource-File looks like this:
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname"> <physicalAttribute name="givenname"/> </attribute>
...
as I understand your problem the only thing what needs to be added to the datasource file is an entry like:
<attribute name="persnr"> <physicalAttribute name="persnr"/> </attribute>
Please let me know if you get this thing working.
Best regards
AE
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Albert,
thank you for this discussion. Maybe we find a solution this way.
Yes, in deed, my problem is to map a physicalAttribute "persnr" to a logical attribute "persnr".
But the first case does not work says the admin of the system.
Does anyone have experience with this?
Thanks in advance
Helmut
Dear Helmut,
according to Will Carltons article "USING THE NEW USER MANAGEMENT API IN EP 6.0" in SDN this should be possible. Here is the relevant paragraph from Wills paper:
=============>>>>>>>>>>>>>
Accessing non standard LDAP attributes
Often times a component developer needs access to information that may be contained in the corporate directory server. The UME can be configured to provide access to any number of arbitrary LDAP attributes. This is accomplished by editing the dataSourceConfiguration_xxx.xml file associated with the directory server. See the Administration Guide for details on modifying this file.
Once the XML file has been configured and uploaded, the developer has access to any of the attributes configured in the file. You can use the getAttribute() method on the user object to access the special attributes. The method requires two parameters: a Namespace, and the Attribute Name. The namespace is used provide additional flexibility in complex user management configurations. The standard namespace is com.sap.security.core.usermanagement. However, you can obtain a list of namespaces associated with the user by calling getAttributeNamespaces() on the user object.
response.write("<br>Attributes: ");
String namespaces[] = user.getAttributeNamespaces();
String ns = null;
for (int i = 0; i < namespaces.length; i++) {
if (i > 0)
ns = namespaces<i>;
String attrNames[] = user.getAttributeNames(ns);
if (ns != null)
response.write("<br>NS: " + ns);
for (int j = 0; j < attrNames.length; j++) {
Object attr[] = user.getAttribute(ns, attrNames[j]);
response.write("<br>" + attrNames[j] + " = ");
for (int k = 0; k < attr.length; k++)
response.write(attr[0].toString() + ", ");
}
}
<<<======================================
Hope that helps.
Albert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you Albert,
that was the place I´ve found the information, that it should work, too.
We have the problem that the admin can´t match the ldap attributes to UME attributes. He says that the documentation does not describe this scenario in detail (??).
I´m the developer who needs the additional ldap attributes and hoped that someone here could give me a simple hint that I could forward to the admin.
Regards
Helmut
Hi,
this question hasn´t been answered yet.
Can anyone help me, please? Am I wrong in this forum? Where do I have to post the question?
Best redards
Helmut
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.