cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

What is the difference between LDAP and UME type data source???

Go to solution
Former Member

on ‎04-04-2012 8:59 AM

0 Kudos

Hi all,

Can anyone help me out with the difference between LDAP and UME type of data source. I came up with this in the CUP configuration -> User Data source.

Regards

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

neerajmanocha
Product and Topic Expert
Product and Topic Expert
‎04-04-2012 11:22 AM
0 Kudos

Hi James,

Both are user maintenance or repository sources where you can maintain user details (like name, email id, user group, department, phone, etc.).

UME is a portal/java based user maintenance application and LDAP is non-sap 3rd party tool for same purpose.

For UME,

http://help.sap.com/saphelp_nw04/helpdata/en/7e/a2d475e5384335a2b1b2d80e1a3a20/content.htm

For LDAP,

http://www.gracion.com/server/whatldap.html

I hope this helps.

Thanks & Regards

Neeraj

Show replies
Show replies

Answers (2)

Answers (2)

former_member541582
Participant
‎04-04-2012 7:48 PM
0 Kudos

Hi James,

A limitation in 5.3 is that you can only have one repository as a master data source. Hence you need to have a repository that include all users.

You can connect LDAP as a data source directly in Access Contol. Or you can set up UME to use LDAP as datasource . Then configure AC to use UME as data source. With that you can achieve a bit more flexibility as both LDAP and UME will serve as data sources. Having the ability to use UME as a writable data source could be useful in case your company policy makes it hard for external parties (e.g. short term consultants) to get a directory account. 

Kind Regards,

Vit

Show replies
Show replies
Former Member
‎04-04-2012 9:45 AM
0 Kudos

This is the place you configure where to look for user info(firstname, lastname,email, manager ID...). UME is portal user data source..i.e GRC UME.

If you are using LDAP in the organization, you can use LDAP as user data source provinding his user id, First name, last name, email, manager ID....

To use LDAP you need to create LDAP connector, then it will be shown in the system list.

Usually UME is used for authentication and LDAP as user detail source.

Regards,

Ajesh.

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎04-04-2012 11:39 AM
0 Kudos

Actually, using LDAP for authentication often has very positive effects:

- if WIndows logon name and SAP user ID are identical (which they should be) people can use their Windows login to log on to GRC AC. As this is often the first Java system this means you neitehr have to crate new users nor passwords, just maintain the UME roles for them.

- you might be able to configure SPNEGO SSO to GRC

- you have an authentication system you can use to use the password reset functionality for SAP in GRC AC CUP

The only thing you need to make sure is that LDAP admins understand that if they reset someones Windows password this now means they also give access to SAP; so they better make sure they know who the person is.

In the end that's a big TCO thing for customers,I have made the experience that they like this a lot.

Frank.

Ask a Question