03-13-2009 11:29 AM
Hi All
Please help us in recovering a LDAP user which is not visible in the UME. Thus, this user is not allowed to login into the GRC Application as the user data source is UME and UME is referring the LDAP for authentication.
Error says the following:
Fri Mar 13 15:08:42 IST 2009 ERROR Principal "UACC.CORP_LDAP.40167352" is not accessible. (com.sap.security.core.tools.imp.ConsistencyCheckPluginAccessibility)
Fri Mar 13 15:08:42 IST 2009 ERROR Checking "UACC.CORP_LDAP.40167352" aborted by plugin com.sap.security.core.tools.imp.ConsistencyCheckPluginAccessibility because of severe inconsistencies.
Thanks in advance
Abhijeet
03-13-2009 1:11 PM
This seems to be the problem with LDAP connecticity .
Check the connectivity using "Test Connection" option in UME. or You can also check if you are able to telnet the LDAP server.
Regards,
Shailesh
03-13-2009 3:21 PM
Are other users able to be seen? Is it just one user that isn't showing up?
03-16-2009 9:31 AM
03-16-2009 2:40 PM
There has been a reported issue regarding LDAP search for a few users by some of our customers. The issue is planned to be fixed in SP07.
Now, I am not sure if your specific issue would fall into that mix. So I suggest opening a CSS message and receive the confirmation from SAP Support.
Ankur
SAP GRC RIG
03-16-2009 3:50 PM
Hi Ankur,
Please let us know when SAP has scheduled to release SP07.
Thanks,
Mukesh
GRC
03-16-2009 4:01 PM
03-17-2009 10:55 AM
Dear all
Thanks for your replies...the issue is sorted out automatically...i really don't have any idea HOW?
In my opinion, this was some LDAP related issue....but how did it resolve....no idea
Looking forward for some possible reasons/comments from the experts....
Thanks
Abhijeet
03-17-2009 12:15 PM
Dear Abhijeet,
I can see the errors you have recieved
com.sap.security.core.tools.imp.ConsistencyCheckPluginAccessibility
com.sap.security.core.tools.imp.ConsistencyCheckPluginAccessibility
It is kind of an LDAP connectivity issue with the UME. as the module which has thrown this exception is a security policy/component ConsistencyChecker under UME Administration Component.
I did check the same on our NW Server and found these policies are loaded as xml in temp folder. What i feel as when your server cache got refreshed the policies got reloaded properly and hence LDAP and UME were able to communicate properly.
might be just another cache issue.
keep me posted on your findings even.
--
Cheers!
Aman
03-16-2009 3:52 PM
Abhijit and Ankur,
This issue has nothing to do with Access Control. This would fall under UME component of SAP Netweaver. If your data source for UME is LDAP and if you can not see particular LDAP user in UME then the issue has to be with the connectivity of LDAP and UME.
Regards,
Alpesh