on 09-29-2006 3:11 PM
Hi,
We're using LDAP and Portal DB as UME Source.
Here is the configuration file below we're using. Our portal is NW04s on Win/Oracle iwth SP08.
Problem is that we cannot modify password for users created in portal.
Following error is occuring:
<b>Caused by: java.lang.Exception: classname:[com.sap.security.core.persistence.datasource.PersistenceException]message:[Attribute "j_password" on namespace "com.sap.security.core.usermanagement" of principal "UACC.PRIVATE_DATASOURCE.un:xhbilgen" is not modifiable.]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at com.sap.security.core.jmx.impl.JmxServer.handleThrowable(JmxServer.java:626)
at com.sap.security.core.jmx.impl.JmxServer.modifyEntities(JmxServer.java:243)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58)
at javax.management.StandardMBean.invoke(StandardMBean.java:286)
at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944)
at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)
at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409)
at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)
at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258)
at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)
at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287)
at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:776)
at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
at com.sap.security.core.jmx._gen.IJmxServer$Impl.modifyEntities(IJmxServer.java:1036)
at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.modifyEntities(JmxModelCompInterface.java:375)
at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.modifyEntities(InternalJmxModelCompInterface.java:427)
at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface$External.modifyEntities(InternalJmxModelCompInterface.java:694)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntities(UmeUiFactoryCompInterface.java:630)
... 51 more
Caused by: com.sap.security.core.persistence.datasource.PersistenceException: Attribute "j_password" on namespace "com.sap.security.core.usermanagement" of principal "UACC.PRIVATE_DATASOURCE.un:xhbilgen" is not modifiable.
at com.sap.security.core.persistence.imp.DistributedTransaction.doCommit(DistributedTransaction.java:1886)
at com.sap.security.core.persistence.imp.DistributedTransaction.beforeCompletion(DistributedTransaction.java:806)
at com.sap.engine.services.ts.jta.impl.TransactionImpl.commit(TransactionImpl.java:220)
at com.sap.engine.services.ts.jta.impl.TransactionManagerImpl.commit(TransactionManagerImpl.java:319)
at com.sap.engine.services.ts.transaction.TxManager.commitLevel(TxManager.java:575)
at com.sap.engine.services.ts.transaction.TxManagerImpl.commitLevel(TxManagerImpl.java:63)
at com.sap.transaction.TxManager.commitLevel(TxManager.java:237)
at com.sap.security.core.persistence.imp.DistributedTransaction.commit(DistributedTransaction.java:2620)
at com.sap.security.core.imp.AbstractUserAccount.commit(AbstractUserAccount.java:2044)
at com.sap.security.core.jmx.impl.JmxModificationHelper.generatePasswordsCommit(JmxModificationHelper.java:888)
at com.sap.security.core.jmx.impl.JmxModificationHelper.modifyEntities(JmxModificationHelper.java:613)
at com.sap.security.core.jmx.impl.JmxServer.modifyEntities(JmxServer.java:239)
... 72 more
#
</b>
Our configuration File
<b>dataSourceConfiguration_ads_readonly_db.xml</b>
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->
<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection>
</privateSection>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
<homeFor/>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="j_user"/>
<attribute name="logonalias"/>
<attribute name="j_password"/>
<attribute name="userid"/>
</attributes>
</nameSpace>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="email"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname" populateInitially="true"/>
<attribute name="description" populateInitially="true"/>
<attribute name="uniquename"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</responsibleFor>
<attributeMapping>
<principals>
<principal type="account">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="j_user">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="logonalias">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="unicodepwd"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="facsimiletelephonenumber"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="samaccountname"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="null"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephonenumber"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetaddress">
<physicalAttribute name="postaladdress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="memberof"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="uniquename" populateInitially="true">
<physicalAttribute name="cn"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="member"/>
</attribute>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="memberof"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</principals>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
</privateSection>
</dataSource>
</dataSources>
Hi Huseyin,
We are having a similar issue to you. We are using the dataSourceConfiguration_ads_readonly_db.xml, have modified it to point to 2 LDAP domains and also have SPNego active. Now when we try to modify a UME Database user or create a new one, we get the message like you have posted. This worked before now. We are using NW2004s and SPS8.
TIA
Anthony
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anthony,
Our problem solved, but listen how.
First we tried to convert the UME configuration to database_only.xml but encountered many problems as j2ee_admin is an ABAP user and not much time to solve the problems.
So we decided to turn back to abap for ume and after return, we can create users, change passwods.
how?
Hi Huseyin,
Are you trying to change the passwords in the LDAP from the Portal? If so, I believe you problem is the LDAP is configured to Read Only. This was in your configuration file
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="true"
isPrimary="true">
I believe you need to change the isReadonly attribute to false. See the documentation here:
http://help.sap.com/saphelp_nw2004s/helpdata/en/af/0cfc3f09c2c442e10000000a1550b0/frameset.htm
Good Luck,
John
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.