LDAP

Former Member · ‎10-19-2011

Hi,

I am trying to configure LDAP so MII can use it.

But I cannot get the connector to connect

Validation failed. Technical detail: Validation of UME configuration faled No connection to the ldap server:[LDAP: error code 49 - 80090308:LdapErr: DSD-0C090334, comment: AcceptSecurityContext error, data 525, vece]

the user/password/server are correct as they are used in xMII 11.5, but in 12.1 it is moved to Netweaver so I need to configure it there.

Andy

mvoros · ‎10-19-2011

Hi,

LDAP error 49 is for bad credentials and 525 corresponds to "User not found". As you said you are sure that user name and password are correct then probably there is some change in format and LDAP can't find that user. How do you specify user?

Cheers

Former Member · ‎10-20-2011

I am using the Administrator user management

Data sources change to MS ADS+local

then on the LDAP tab is where I enter the credentials

Andy

Former Member · ‎10-20-2011

Did you prior have the UME store as an ABAP logical system (client) and then change it to an AD and configure LDAP sync?

That is not supported and a tough nut to understand (without any support for it).

Can you confir that you changed the UME store before this LDAP problem happened?

Cheers,

Julius

Former Member · ‎10-20-2011

I am not a netweaver person, out of necessity I am learning it.

I still get lost in all the menu tabs.

It was a standalone new install netweaver server, that they installed MII on.

I am now setting it up to use LDAP so we can use AD security in MII.

To me it makes sense to set the server to use LDAP and Database from Database

And then configure the next tab, LDAP config.

Does not seem to work that way.

Andy

mvoros · ‎10-20-2011

Hi,

maybe I would try to activate logging on LDAP side to see why the passed user name and password do not match.

Cheers

Former Member · ‎10-21-2011

Even if you are new or old, you souolld reaad the release dependent installation guides and check central SAP notes.

Installation wizards on their own are not reliable (both from a programming and security perspective - the best example of this is workflow).

Cheers,

Julius

Former Member · ‎10-21-2011

I would love to have the release notes.

I did not install the netweaver server, I don't even know what was installed, feature pack etc.

A consultant installed it and installed MII.

I configured MII.

I am not a netweaver person.

I am a MII Tech-Func trying to setup the LDAP the same as on the old xMII system.

From the little bit I found out, I am realizing we are missing some programs such as LDAP_RFC, so I cannot see which ldap library is loaded.

Now I need to know what was not installed and needs to be installed to check LDAP config.

If there is a document or notes on how to set LDAP up with MS AD servers, I would like somebody to point me to it.

Former Member · ‎10-21-2011

Do you want mobile users to authenticate against the AD itself, or do you want the user store to be synchronized with the AD?

Those are two different things and it is still not clear for me which you want.

For an LDAP sync with the AD you must have the program ldaprfc.exe installed and configured, otherwise it will not go anywhere.

There is documentation on help.sap.com in the "netweaver" sections on setting the ldap sync and mapping up, but I am not sure whether that is what you want. Other comments seem to imply that you want the UME itself to point to the AD.

Please clarify with the basis folks what the setup is and let us know what you want to achieve.

Cheers,

Julius

Former Member · ‎10-21-2011

It has nothing to do with Mobile or MII.

It's basic Netweaver LDAP to AD.

That is not working.

Andy