on 09-22-2016 10:07 AM
Hello everyone,
I am trying to activate provisioning for a SAP Portal (java) system which has an ABAP system assigned as the UME datasource.
With ASJavaDB repository type, IdM tries to create the user, but the user already exists from the ABAP system. The following error is produced:
putNextEntry failed storingSPML.SAPUSER.
Exception from Add operation:com.sap.idm.ic.ToPassException: No such objectclass defined
Exception from Modify operation:com.sap.idm.ic.ToPassException: Unexpected error when processing modify request Unsupported ID found null
The ACCOUNT<JavaRepositoryname> attribute does not exist for the user, so no role assignment can be completed.
Does anyone know how to handle this scenario?
Thank you,
Konstantinos Kypris
Hello Steffi and Lambert,
Thank you for your help.
We are on version 8.0 SP03 and I tried to setup a Dual Stack repository as it seemed like the easiest solution. Unfortunately there are no jobs for initial loading in the relevant package. I found a thread with the same issue . It seems the problem hasn't been solved by SAP.
I will try Steffi's suggestion or another idea that I had. I could create dummy ABAP roles which will then be assigned to portal roles through UME (they show up as portal User Groups). It is more effort but it will surely work.
Regards,
Konstantinos
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Konstantinos, hi Steffi,
using the ABAP connector with repository type "Dual Stack (AS ABAP and AS Java) System" instead of the AS Java connector would be another possible approach.
First execute the ABAP dual stack initial load, so the account attributes of all persons who already have an account in the system are populated in IDM. Then create new users as needed from IDM and assign Java or ABAP roles. The connector is smart enough to use RFC for the ABAP parts and SPML for the Java parts.
Some documentation about this repository type can be found here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Konstantinos,
we don't use ABAP but LDAP as UME for our portal, so our base is kind of similar.
We just have a custom hook task for "create java user" and "delete java user" without any workflow behind it. This way IDM does not try to create anything in the portal backend and your get the account attribute to then provision privileges.
Regards,
Steffi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.