cancel
Showing results for 
Search instead for 
Did you mean: 

Portal UME data store and various options (Opinions needed!)

ChrisSolomon
Active Contributor
0 Kudos

We are currently exploring our options with connecting the portal (UME) to various data sources for user authentication. Per EP 101, we all know that yes, we can authenticate against (1) the portal db (2) the portal DB + an SAP system and (3) the portal db + a LDAP directory. Now, of course, in most cases, #3 is the standard option. But now, we want to explore another option.....what if we set up synchronization with the LDAP directoy (ie. http://help.sap.com/saphelp_nw04/helpdata/en/95/49cb3a663bfc70e10000000a114084/frameset.htm). For example, our process is such that now, within SAP R/3, a "new hire" is created and then this triggers the creation of their userid/password in the external LDAP directory as well. Is it possible to then have synchronization set up so that the LDAP directory will then synchronize with the portal db and create the user in the portal db itself? (the example given in the help file seems to suggest this but does not provide any detail). Then the portal could authenticate users against it's own db? (ie. no need to make a "trip" to the LDAP directory). Soooooo first off, is this possible and if so, how? Second, what are the pros/cons of this approach versus the standard option of simply using the LDAP directory for authentication and storing only portal specific attributes in the portal's own db? Lastly any "gotchas" to be aware of (ie such as "yes this works fine for NDS but no way will it work for MS-AD" haha)?

oh...and one more...take the LDAP directory out of the picture for a moment...is it possible to "synchronize" directly from an SAP system (such as 4.6d or ECC5.0) directly with the portal db (as well as other SAP componenet systems)? (*this one is more out of curiousity than anything...past experience with CUA. haha)

thanks BIG TIME in advance!

Chris

Accepted Solutions (0)

Answers (2)

Answers (2)

ChrisSolomon
Active Contributor
0 Kudos

@Danny

Thanks for the info about this new option....but here is the question/concern there....so if this kind of "replication" is set-up, does that mean the user info (users and/or roles from the ABAP source system) will then be copied into the portal's own db or are they simply "referenced" from the ABAP data source? Any idea?

For the LDAP synch question....still waiting on answers....haha

Former Member
0 Kudos

Hi chris, I as understand it the portal (java stack) uses the ABAP source system just as a reference, so user info stays in the ABAP system. In fact if you loose connection between the ABAP & JAVA system, java will fail to start because it cannot obtain any user information.

However the portal/java system has the ability to store more information about a user than ABAP does, this extra information resides in the JAVA system database. For example Portal Group to Portal Role mappings & User to Portal Role mappings have no relevance in ABAP so only reside at the JAVA end.

Thats my view of it, I'm about 99% sure I'm correct and all my research on help.sap.com & sap notes isn't telling me otherwise, so ignorance is bliss hey!

Cheers

Former Member
0 Kudos

Chris I can answer the second part of your question only, sorry!

It is possible to automatically sync users directly from a sap system, I currently do this for relase 4.7, so it should work ECC5 on onwards (you would think). As for 4.6c/d? I just posted a new thread asking that very question, hopefully someone helps!

with NW04 portal and about SP13 or better you get a new UME connection option - dataSourceConfiguration_abap.xml, picking this automates the link between ABAP and portal users & roles.

Any user created in 4.7 automatically appears in portal plus (this is the good bit) dataSourceConfiguration_abap.xml makes all ABAP security roles appear as portal groups. You then simply assign one of these replicated groups to your portal roles, so a user assignment to a role in ABAP seamlessly becomes assigned to a portal role, giving you portal use managment without having to go near the portal system.

So it's not really like CUA at all, just a mechanism that automatically replicates all ABAP users & roles into the portal in a useable form

hope that helps a little

danny