cancel
Showing results for 
Search instead for 
Did you mean: 

5.2 Access Enforcer Data Source; UME or LDAP?

Former Member
0 Kudos

Hello All!

I have been researching all of the different options regarding a data source for AE/CUP. It looks like the best option for us is to feed from the UME (UME as our data source). But, my dilemma surrounds the lack of information regarding the field attribute mapping schema necessary to make this work. I found an old UME document (SAP® User Management Engine 3.0 Document Version 1.45 u2013March 14, 2003) that shows LDAP Mapping Fields but need some assistance from all of you to find the best method for integrating AE/CUP.

Is there a newer document out there that provides some information that helps me determine what I need to populate the UME from an LDAP? If the UME is my data source for AE/CUP is that the best option or should I populate the UME and AE/CUP from the same LDAP or a different LDAP? How do I find what 5.2 needs for LDAP mapping fields?

Am I clear as mud here? Can you guys help me?

THANK YOU!

Greg

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Greg,

I did not get your questions fully but this is what my response is after understanding part of your question.

AC 5.3 configuration guide contains information about CUP and LDAP mapping fields or you can follow this document.

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b089fb71-a3b7-2a10-64a2-8c77243b...

If you do not care about manager field then you can define user data source as UME in CUP as UME does not have manager field. If you need to pre-populate manager field and it is clearly defined in LDAP then define user data source in CUP as LDAP. UME is faster than LDAP so if you don't need to pre-populate manager field in CUP then go with UME.

I hope this makes sense.

Regards,

Alpesh

Answers (4)

Answers (4)

Former Member
0 Kudos

Did you look at the document for which I have provided the link? That document has information about all the LDAP fields which are required for mapping to work.

Regards,

Alpesh

Former Member
0 Kudos

One final question.....

What field attributes will my LDAP need to provide for the UME as well as for CUP/AE to work properly? I cannot find this information anywhere.

Our company is presently incorporating CA IdM. We need to have CA create/build an LDAP to meet our GRC AC requirements. I find documentation on how to connect to an LDAP, but where is the information that I can provide to CA on my field mapping requirements?

Former Member
0 Kudos

Hi Greg,

I need some of the help from you.

1) Is CA IDM Computer Associates Identity Manager Software ?

2) Which is your leading datasource in your landscape? Is it SAP HR or LDAP

3) Where is the complete identity information stored ? is it in CA IDM ?

4) How is the authentication handled for all the SAP java systems ? is it via LDAP ,ie authenticated once through LDAP and Single Sign on for all SAP Java products system like portal, grc etc.

5) Does CA IDM give federated Identity management support.

Thank you.

Former Member
0 Kudos

Greg,

User can enter the manager field insted of pre-populating it. It depeneds on your workflow design as some companies don't have manager in their workflow.

The bottomline is, if you need manager field pre-populated then you can not use UME as your data source.

Regards,

Alpesh

Former Member
0 Kudos

The Manager field is pretty important. How else would you generate a workflow without knowing who the manager is?

former_member366047
Contributor
0 Kudos

Greg-

Check this for more about configuring LDAP via UME:

http://help.sap.com/saphelp_nw70/helpdata/EN/48/d1d13f7fb44c21e10000000a1550b0/content.htm

Ankur

SAP BusinessObjects GRC