cancel
Showing results for 
Search instead for 
Did you mean: 

Users in Workflow when using LDAP

Former Member
0 Kudos

Hello MDM Experts,

We are currently upgrading our MDM version from 5.5 SP06 Patch03 (5.5.63.73) to Patch 05 (5.5.65.108).

So far, we have upgraded only our sandbox environment, which was configured, before the upgrade, to work with our LDAP server with the following settings in the MDS.ini file:

- MDM Roles Algorithm=TraverseSearch

- MDM Roles Attribute=MDMRoles

With this setting we faced some issue with editing of Workflows. So SAP recommended changing these settings to:

- MDM Roles Algorithm=GroupMapping

- MDM Roles Attribute=MemberOf

On changing these settings we were unable to connect to the repository any more with the user credential we were using earlier. The Error:"User has no roles" was thrown.

Any idea how to resolve this issue???

Also, then we tried changing the settings to:

- MDM Roles Algorithm=GroupMapping

- MDM Roles Attribute=MDMRoles

Now, although we are able to login to the repository and able to edit the Workflows, but the list of users, shown in the Owner drop down of the Workflow record or the User property in workflow steps, is incomplete.

All the users with the MDMRoles attribute value are not listed. These users are still able to login to the repository now, though.

Also note, we have another MDM environment(5.5.63.73; not upgraded) running with the same LDAP configured with the older settings:

- MDM Roles Algorithm=TraverseSearch

- MDM Roles Attribute=MDMRoles

where everything is working fine, except that, only \[Launcher] is displayed in the workflow dropdowns and no other users .

I would be grateful if anyone can tell me how to resolve this issue and get the complete list of MDM users from the LDAP.

Thanks a lot in advance.

Regards,

Uday

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hello Uday

First of all:

All time you can connect to repository without LDAP

for that you should in your mds.ini file in [MDM LDAP] section set parameter:

LDAP in Use=False

and restart mdm server

We had similar problem in WF with connection to IBM LDAP. Below our [MDM LDAP] section in mds.ini file

[MDM LDAP]

LDAP in Use=True

Server=[your server name]

Server Port=389

Base DN=ou=[your dn in ldap],o=[your owner in ldap]

Admin Name=mdmldapp

Admin Identifier=uid

User Identifier=uid

MDM Roles Algorithm=GroupMapping

MDM Roles Attribute=ibm-allgroups

MDM Email Attribute=mail

Trace Level=0

Fallback in Use=False

Fallback Roles=Guest

User Identifier=

MDM Roles Attribute=*

Admin DN=

Admin Password+=[your password]

Page Size=1000

I think that, better way meet with SAP guys because LDAP connecting algorithm depends from LDAP server producer (Microsoft or IBM or somebody else)

Regards

Kanstantsin Chernichenka

Former Member
0 Kudos

Hello Kanstantsin,

Thanks for you reply.

We have our Dev environment without any LDAP. we do not have any issues there. But our Testing and Production are via LDAP only.

I checked with our LDAP guys here and we are running UNIX LDAP and not Microsoft's Active Directory. Hence I'm getting in touch with the SAP guys for their opinion.

Thanks for your reply again.

Regards,

Uday

Former Member
0 Kudos

Hi All,

The issue is resolved.

Since ours in a UNIX LDAP (SUN) and not MS Active directory, we could not use the MemberOf feature. So we kept the LDAP setting in the MDS.ini as

- MDM Roles Algorithm=GroupMapping

- MDM Roles Attribute=MDMRoles

For the incomplete list issue, we compare the list of users having a MDMRoles attribute value in the LDAP Vs the list of users being shown in the dropdown. What we found that the valid users which were not getting listed had the Role names in a different case.

So we changed the user roles to match the case as set in MDM Roles table. Then the issue go resolved.

What I think is MDM does a case sensitive match for role names for fetching users in Workflow but case insensitive match for User authorization.

Thanks & Regards,

Uday

Answers (0)