Hi Hiten,

Follwing is step by step solution to configure LDAP server for EP

1) Ensure that the UM Configuration is set to “Database Only” or that the current

UM configuration creates new users in the database.

a) Navigate the the UM Configuration UI (System Administration -> System

Configuration -> UM Configuration) and select the “Data Sources” tab.

b) Choose “Database Only” or any “… Read Only” dataSource.

c) Save.

d) Restart J2EE Engine.

2) Create a new user ID in the portal and assign it to the Super Administration role. Log off and then log back on to the portal with this ID to ensure you can access the administrative function using the ID from the database. This ensures that you can logon and perform administration tasks even if the portal is unable to connect to an LDAP source.

3) Establish the initial UM configuration.

a) Navigate the the UM Configuration UI (System Administration -> System

Configuration -> UM Configuration) and select the “Data Sources” tab.

b) Choose the most appropriate DataSource configuration from the delivered list

(e.g. iPlanet, Novell, MS ADS, etc.)

c) Complete UM configuration for the first LDAP data source using the User

Management Configuration Tool.

d) Restart the J2EE Engine.

e) Logon to portal server with an LDAP user to test the connection. If there are

problems, use the database user ID you created in step #2 to logon to the

portal and resolve connectivity issues.

4) Capture information required for creating a new UM Configuration for Multiple

LDAP sources.

a) Log back on to the portal using an administrator ID.

b) Navigate back to the UM Configuration Tool and select the “Data Sources”

tab.

c) Click “Download” to download a copy of the appropriate XML file. Save this

file to your local filesystem for editing.

d) Navigate to “LDAP Server” tab and verify connection information to the LDAP

server. Click “Test Connection” to ensure credentials are correct. Save the

configuration before continuing to the next step.

e) Navigate to “Direct Editing” tab.

f) Scroll down to the LDAP Settings section and copy the contents to MS

WordPad or other text editor (configuration document).

5) Create a new UM configuration file for multiple LDAP data sources.

a) Open the dataSourceConfiguration_multiLDAP_db.xml file (previously

downloaded) using a text editor (other than Notepad) and locate the

<dataSource.../> section for the “CORP_LDAP”. Copy the entire section

from <dataSource…> to </dataSource> to the clipboard.

b) For each additional LDAP server, paste the copy into the document after the

original </dataSource…> ending tag for the CORP_LDAP source. Change

the name of the data source for pasted copy to “CORP_LDAP_X” or some

other value. This value becomes a data source identifier for UME and prefixes

the principal Ids.

c) For each LDAP data source, locate the <privateSection…> within the

<dataSource…> tag and enter the following lines if they are not present:

<ume.ldap.access.server_name>SERVER_HOSTNAME</ume.ldap.access.server_name> <ume.ldap.access.server_port>SERVER_PORT</ume.ldap.access.server_port> <ume.ldap.access.user>DS_USER_NAME</ume.ldap.access.user> <ume.ldap.access.password>DS_PASSWORD</ume.ldap.access.password> <ume.ldap.access.base_path.user>USER_ROOT_IN_DS</ume.ldap.access.base_path.user> <ume.ldap.access.base_path.grup>GROUP_ROOT_IN_DS</ume.ldap.access.base_path.grup> d) Update the properties for each datasource with the correct values obtained from the “Direct Editing” tab (now stored in the configuration document). An example is shown below: <dataSource id="CORP_LDAP_2" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="true" isPrimary="true"> ... <privateSection> <ume.ldap.access.server_name>i802895a.phl.sap.corp</ume.ldap.access.server_name> <ume.ldap.access.server_port>389</ume.ldap.access.server_port> <ume.ldap.access.user>cn=Directory Manager</ume.ldap.access.user> <ume.ldap.access.password>ksdf8SDF#%</ume.ldap.access.password> <ume.ldap.access.base_path.user>ou=people,dc=phl,dc=sap,dc=corp</ume.ldap.access.base_path.user> <ume.ldap.access.base_path.grup>ou=groups,dc=phl,dc=sap,dc=corp</ume.ldap.access.base_path.grup> <ume.ldap.access.server_type>SUN</ume.ldap.access.server_type> [more stuff] </privateSection>

6) Upload the new UM Configuration file.

a) Navigate back to “Data Source” tab and choose “Other” for the data source.

b) Click “Upload” and navigate to the new configuration file -

dataSourceConfiguration_multiLDAP_db.xml. Upload this to the server.

c) Click “Save” to save the new configuration.

d) Navigate to the “Direct Editing” tab.

e) Comment out all of the LDAP settings which begin with ume.ldap.access.*

such as server name, passwords, etc. that are now manually configured in

the XML file.

f) Click “Save” to save the properties. (You may also wish to make a copy of the

new settings and save them to a file for recovery purposes). g) Restart the

J2EE engine.

7) Test the configuration.

PS: Pl award points if post found useful

Please send me ldap configuration documents to nancylam01@yahoo.com

Hii Piyush,

My Mail ID is hirenchitalia@gmail.com

Regards

Hiren K.Chitalia

Hi Hiren,

Many documents. Send me an email and I can send few i have.

Regards,

Piyush

ps: please mark for useful answers.

Hiren,

Your question is broad, as there are many LDAPs and the portal can be configured with a single or multiple ldap data stores.

Are you going to use MS ADS/eDirectory. Which data store type are you wanting to deploy?

http://help.sap.com/saphelp_nw2004s/helpdata/en/7e/a2d475e5384335a2b1b2d80e1a3a20/frameset.htm

James