cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP & DB as UME Source

HuseyinBilgen
Active Contributor

on ‎09-29-2006 3:11 PM

0 Kudos

Hi,

We're using LDAP and Portal DB as UME Source.

Here is the configuration file below we're using. Our portal is NW04s on Win/Oracle iwth SP08.

Problem is that we cannot modify password for users created in portal.

Following error is occuring:

<b>Caused by: java.lang.Exception: classname:[com.sap.security.core.persistence.datasource.PersistenceException]message:[Attribute "j_password" on namespace "com.sap.security.core.usermanagement" of principal "UACC.PRIVATE_DATASOURCE.un:xhbilgen" is not modifiable.]

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)

at java.lang.reflect.Constructor.newInstance(Constructor.java:274)

at com.sap.security.core.jmx.impl.JmxServer.handleThrowable(JmxServer.java:626)

at com.sap.security.core.jmx.impl.JmxServer.modifyEntities(JmxServer.java:243)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:324)

at com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58)

at javax.management.StandardMBean.invoke(StandardMBean.java:286)

at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944)

at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)

at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409)

at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)

at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258)

at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)

at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)

at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287)

at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:776)

at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)

at com.sap.security.core.jmx._gen.IJmxServer$Impl.modifyEntities(IJmxServer.java:1036)

at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.modifyEntities(JmxModelCompInterface.java:375)

at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.modifyEntities(InternalJmxModelCompInterface.java:427)

at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface$External.modifyEntities(InternalJmxModelCompInterface.java:694)

at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntities(UmeUiFactoryCompInterface.java:630)

... 51 more

Caused by: com.sap.security.core.persistence.datasource.PersistenceException: Attribute "j_password" on namespace "com.sap.security.core.usermanagement" of principal "UACC.PRIVATE_DATASOURCE.un:xhbilgen" is not modifiable.

at com.sap.security.core.persistence.imp.DistributedTransaction.doCommit(DistributedTransaction.java:1886)

at com.sap.security.core.persistence.imp.DistributedTransaction.beforeCompletion(DistributedTransaction.java:806)

at com.sap.engine.services.ts.jta.impl.TransactionImpl.commit(TransactionImpl.java:220)

at com.sap.engine.services.ts.jta.impl.TransactionManagerImpl.commit(TransactionManagerImpl.java:319)

at com.sap.engine.services.ts.transaction.TxManager.commitLevel(TxManager.java:575)

at com.sap.engine.services.ts.transaction.TxManagerImpl.commitLevel(TxManagerImpl.java:63)

at com.sap.transaction.TxManager.commitLevel(TxManager.java:237)

at com.sap.security.core.persistence.imp.DistributedTransaction.commit(DistributedTransaction.java:2620)

at com.sap.security.core.imp.AbstractUserAccount.commit(AbstractUserAccount.java:2044)

at com.sap.security.core.jmx.impl.JmxModificationHelper.generatePasswordsCommit(JmxModificationHelper.java:888)

at com.sap.security.core.jmx.impl.JmxModificationHelper.modifyEntities(JmxModificationHelper.java:613)

at com.sap.security.core.jmx.impl.JmxServer.modifyEntities(JmxServer.java:239)

... 72 more

#

</b>

Our configuration File

<b>dataSourceConfiguration_ads_readonly_db.xml</b>

<?xml version="1.0" encoding="UTF-8"?>

<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->

<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">

<dataSources>

<dataSource id="PRIVATE_DATASOURCE"

className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"

isReadonly="false"

isPrimary="true">

<homeFor>

<principals>

<principal type="group"/>

<principal type="user"/>

<principal type="account"/>

<principal type="team"/>

<principal type="ROOT" />

<principal type="OOOO" />

</principals>

</homeFor>

<notHomeFor/>

<responsibleFor>

<principals>

<principal type="group"/>

<principal type="user"/>

<principal type="account"/>

<principal type="team"/>

<principal type="ROOT" />

<principal type="OOOO" />

</principals>

</responsibleFor>

<privateSection>

</privateSection>

</dataSource>

<dataSource id="CORP_LDAP"

className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"

isReadonly="true"

isPrimary="true">

<homeFor/>

<responsibleFor>

<principal type="account">

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="j_user"/>

<attribute name="logonalias"/>

<attribute name="j_password"/>

<attribute name="userid"/>

</attributes>

</nameSpace>

</principal>

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="firstname" populateInitially="true"/>

<attribute name="displayname" populateInitially="true"/>

<attribute name="lastname" populateInitially="true"/>

<attribute name="fax"/>

<attribute name="email"/>

<attribute name="title"/>

<attribute name="department"/>

<attribute name="description"/>

<attribute name="mobile"/>

<attribute name="telephone"/>

<attribute name="streetaddress"/>

<attribute name="uniquename" populateInitially="true"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>

</attributes>

</nameSpace>

<nameSpace name="$usermapping$">

<attributes>

<attribute name="REFERENCE_SYSTEM_USER"/>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="group">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="displayname" populateInitially="true"/>

<attribute name="description" populateInitially="true"/>

<attribute name="uniquename"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.bridge">

<attributes>

<attribute name="dn"/>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

</responsibleFor>

<attributeMapping>

<principals>

<principal type="account">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="j_user">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="logonalias">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="j_password">

<physicalAttribute name="unicodepwd"/>

</attribute>

<attribute name="userid">

<physicalAttribute name="null"/>

</attribute>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="firstname">

<physicalAttribute name="givenname"/>

</attribute>

<attribute name="displayname">

<physicalAttribute name="displayname"/>

</attribute>

<attribute name="lastname">

<physicalAttribute name="sn"/>

</attribute>

<attribute name="fax">

<physicalAttribute name="facsimiletelephonenumber"/>

</attribute>

<attribute name="uniquename">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="loginid">

<physicalAttribute name="null"/>

</attribute>

<attribute name="email">

<physicalAttribute name="mail"/>

</attribute>

<attribute name="mobile">

<physicalAttribute name="mobile"/>

</attribute>

<attribute name="telephone">

<physicalAttribute name="telephonenumber"/>

</attribute>

<attribute name="department">

<physicalAttribute name="ou"/>

</attribute>

<attribute name="description">

<physicalAttribute name="description"/>

</attribute>

<attribute name="streetaddress">

<physicalAttribute name="postaladdress"/>

</attribute>

<attribute name="pobox">

<physicalAttribute name="postofficebox"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">

<physicalAttribute name="memberof"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="$usermapping$">

<attributes>

<attribute name="REFERENCE_SYSTEM_USER">

<physicalAttribute name="sapusername"/>

</attribute>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="group">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="displayname">

<physicalAttribute name="displayname"/>

</attribute>

<attribute name="description">

<physicalAttribute name="description"/>

</attribute>

<attribute name="uniquename" populateInitially="true">

<physicalAttribute name="cn"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">

<physicalAttribute name="member"/>

</attribute>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">

<physicalAttribute name="memberof"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.bridge">

<attributes>

<attribute name="dn">

<physicalAttribute name="null"/>

</attribute>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

</principals>

</attributeMapping>

<privateSection>

<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>

<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>

<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>

<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>

<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>

<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>

<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>

<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>

<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>

<ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>

<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>

<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>

<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>

<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>

<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>

</privateSection>

</dataSource>

</dataSources>

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member245181
Explorer
‎11-14-2006 5:21 AM
0 Kudos

Hi Huseyin,

We are having a similar issue to you. We are using the dataSourceConfiguration_ads_readonly_db.xml, have modified it to point to 2 LDAP domains and also have SPNego active. Now when we try to modify a UME Database user or create a new one, we get the message like you have posted. This worked before now. We are using NW2004s and SPS8.

TIA

Anthony

Show replies
Show replies
HuseyinBilgen
Active Contributor
‎11-14-2006 9:48 PM
0 Kudos

Hi Anthony,

Our problem solved, but listen how.

First we tried to convert the UME configuration to database_only.xml but encountered many problems as j2ee_admin is an ABAP user and not much time to solve the problems.

So we decided to turn back to abap for ume and after return, we can create users, change passwods.

how?

jpolus
Contributor
‎09-29-2006 8:16 PM
0 Kudos

Hi Huseyin,

Are you trying to change the passwords in the LDAP from the Portal? If so, I believe you problem is the LDAP is configured to Read Only. This was in your configuration file

<dataSource id="CORP_LDAP"

className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"

isReadonly="true"

isPrimary="true">

I believe you need to change the isReadonly attribute to false. See the documentation here:

http://help.sap.com/saphelp_nw2004s/helpdata/en/af/0cfc3f09c2c442e10000000a1550b0/frameset.htm

Good Luck,

John

Show replies
Show replies
HuseyinBilgen
Active Contributor
‎09-30-2006 8:48 AM
0 Kudos

Hi,

No, we're trying to create a user within portal and give it a password. But user is created but password cannot be assigned. Looks like the property doesn't allow us to maintain passwords within portal, but why?

Ask a Question