cancel
Showing results for 
Search instead for 
Did you mean: 

Need help - can't see groups from AD in Portal 6.0 SP11

Former Member
0 Kudos

We need help with configuring our LDAP so we can see the groups from Active Directory.

We are able to authenticate fine with our LDAP configuration but we just can't see the groups. 

What we do see is the OU's (folders) but

not the groups under the folders.

We have tried changing OrganizationUnit to groupOfUniqueNames, and we have tried

changing the naming_attribute for group

from ou to cn.  Here's what currently

have set up in the private section of

the config file:

<privateSection>

<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>

<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>

<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>

<ume.ldap.access.flat_group_hierachy>false</ume.ldap.access.flat_group_hierachy>

<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>

<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>

<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>

<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>

<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>

<ume.ldap.access.objectclass.grup>OrganizationalUnit</ume.ldap.access.objectclass.grup>

<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>

<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>

<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>

<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>

<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>

</privateSection>

We have looked through the SDN and Help and have not found any information to resolve this problem.  If anyone has information that might be useful or a link to some information, please respond.

Thank you,

Kathy Livingston

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

We are wanting to also display the AD Groups within the portal. We have configured LDAP for single signon and this works fine but the groups are not displaying. I have copied my UM configuration file below for you to look at our settings. Please let me know what needs to be changed in order to display the groups.

UM Config file for EP6 SP19:

#Tue Aug 07 15:38:40 EDT 2007

login.authschemes.default=default

login.authschemes.definition.file=authschemes.xml

login.serviceuser.lifetime=100

login.ticket_client=000

login.ticket_keyalias=SAPLogonTicketKeypair

login.ticket_keystore=TicketKeystore

login.ticket_lifetime=8

login.ticket_portalid=auto

ume.acl.validate_cached_acls=FALSE

ume.admin.account_privacy=FALSE

ume.admin.addattrs=skills;expert_area;bpo;krb5principalname;kpnprefix

ume.admin.allow_selfmanagement=TRUE

ume.admin.auto_password=TRUE

ume.admin.create.redirect=

ume.admin.debug_internal=FALSE

ume.admin.display.redirect=

ume.admin.modify.redirect=

ume.admin.nocache=FALSE

ume.admin.password.migration=false

ume.admin.phone_check=TRUE

ume.admin.search_maxhits=10000

ume.admin.search_maxhits_warninglevel=2000

ume.admin.self.addattrs=

ume.admin.selfreg_company=FALSE

ume.admin.selfreg_guest=FALSE

ume.admin.selfreg_sus=FALSE

ume.admin.selfreg_sus.adapterid=SUS

ume.admin.selfreg_sus.adminrole=

ume.admin.selfreg_sus.deletecall=TRUE

ume.allow_nested_groups=TRUE

ume.allow_nested_roles=FALSE

ume.authenticationFactory=com.sap.security.core.logon.imp.SAPJ2EEAuthenticator

ume.cache.acl.default_caching_time=1800

ume.cache.acl.initial_cache_size=10000

ume.cache.acl.permissions.default_caching_time=3600

ume.cache.acl.permissions.initial_cache_size=100

ume.cache.default_cache=distributableCache

ume.cache.group.default_caching_time=3600

ume.cache.group.initial_cache_size=500

ume.cache.notification_time=0

ume.cache.principal.default_caching_time=3600

ume.cache.principal.initial_cache_size=500

ume.cache.role.default_caching_time=3600

ume.cache.role.initial_cache_size=500

ume.cache.user.default_caching_time=3600

ume.cache.user.initial_cache_size=500

ume.cache.user_account.default_caching_time=3600

ume.cache.user_account.initial_cache_size=500

ume.company_groups.description_template=Company ume.company_groups.displayname_template= ()

ume.company_groups.enabled=FALSE

ume.company_groups.guestusercompany_enabled=TRUE

ume.company_groups.guestusercompany_name=Guest Users

ume.db.connection_pool.j2ee.is_unicode=FALSE

ume.db.connection_pool.j2ee.jta_transaction_support_enabled=FALSE

ume.db.connection_pool.j2ee.xatransactions_used=FALSE

ume.db.connection_pool_type=SAP/BC_UME

ume.db.or_search.max_arguments=50

ume.db.parent_search.max_arguments=300

ume.db.use_default_transaction_isolation=FALSE

ume.ldap.access.action_retrial=2

ume.ldap.access.auxiliary_naming_attribute.grup=

ume.ldap.access.auxiliary_naming_attribute.uacc=

ume.ldap.access.auxiliary_naming_attribute.user=

ume.ldap.access.auxiliary_objectclass.grup=

ume.ldap.access.auxiliary_objectclass.uacc=

ume.ldap.access.auxiliary_objectclass.user=

ume.ldap.access.base_path.grup=DC\=internal,DC\=rfmd,DC\=com

ume.ldap.access.base_path.uacc=

ume.ldap.access.base_path.user=DC\=internal,DC\=rfmd,DC\=com

ume.ldap.access.context_factory=com.sun.jndi.ldap.LdapCtxFactory

ume.ldap.access.creation_path.grup=

ume.ldap.access.creation_path.uacc=

ume.ldap.access.creation_path.user=

ume.ldap.access.dynamic_group_attribute=

ume.ldap.access.dynamic_groups=FALSE

ume.ldap.access.flat_group_hierachy=TRUE

ume.ldap.access.msads.control_attribute=userAccountControl

ume.ldap.access.msads.control_value=512

ume.ldap.access.msads.grouptype.attribute=grouptype

ume.ldap.access.msads.grouptype.value=4

ume.ldap.access.multidomain.enabled=FALSE

ume.ldap.access.naming_attribute.grup=

ume.ldap.access.naming_attribute.uacc=

ume.ldap.access.naming_attribute.user=

ume.ldap.access.objectclass.grup=OrganizationalUnit

ume.ldap.access.objectclass.uacc=

ume.ldap.access.objectclass.user=

ume.ldap.access.server_name=rfhqdc2.internal.rfmd.com, rfcrpdc1.internal.rfmd.com

ume.ldap.access.server_port=389, 389

ume.ldap.access.server_type=

ume.ldap.access.size_limit=0

ume.ldap.access.ssl=FALSE

ume.ldap.access.ssl_socket_factory=com.sap.security.core.server.https.SecureConnectionFactory

ume.ldap.access.time_limit=0

ume.ldap.access.user=yassa

ume.ldap.access.user_as_account=TRUE

ume.ldap.blocked_accounts=Administrator,Guest

ume.ldap.blocked_groups=Administrators,Guests

ume.ldap.blocked_users=Administrator,Guest

ume.ldap.cache_lifetime=300

ume.ldap.cache_size=100

ume.ldap.connection_pool.connect_timeout=25000

ume.ldap.connection_pool.max_connection_usage_time_check_interval=120000

ume.ldap.connection_pool.max_idle_connections=5

ume.ldap.connection_pool.max_idle_time=300000

ume.ldap.connection_pool.max_size=10

ume.ldap.connection_pool.max_wait_time=60000

ume.ldap.connection_pool.min_size=1

ume.ldap.connection_pool.monitor_level=0

ume.ldap.connection_pool.retrial=2

ume.ldap.connection_pool.retrial_interval=10000

ume.ldap.default_group_member=cn\=DUMMY_MEMBER_FOR_UME

ume.ldap.default_group_member.enabled=FALSE

ume.ldap.record_access=FALSE

ume.ldap.unique_grup_attribute=Group

ume.ldap.unique_uacc_attribute=mail

ume.ldap.unique_user_attribute=mail

ume.locking.enabled=TRUE

ume.locking.max_wait_time=30

ume.login.anonymous_user.mode=1

ume.login.basicauthentication=1

ume.login.context=ticket

ume.login.context.default=ticket

ume.login.guest_user.uniqueids=Guest

ume.login.mdc.hosts=

ume.logoff.redirect.silent=FALSE

ume.logoff.redirect.url=http\://www.rfmd.com

ume.logon.allow_cert=FALSE

ume.logon.branding_image=/logon/layout/TopImage.jpg

ume.logon.branding_text=/logon/layout/BottomImage.jpg

ume.logon.force_password_change_on_sso=TRUE

ume.logon.httponlycookie=TRUE

ume.logon.locale=FALSE

ume.logon.logon_help=TRUE

ume.logon.r3master.adapterid=master

ume.logon.security.enforce_secure_cookie=FALSE

ume.logon.security.local_redirect_only=TRUE

ume.logon.security.relax_domain.level=1

ume.logon.security_policy.auto_unlock_time=60

ume.logon.security_policy.cert_logon_required=FALSE

ume.logon.security_policy.lock_after_invalid_attempts=6

ume.logon.security_policy.log_client_hostaddress=TRUE

ume.logon.security_policy.log_client_hostname=FALSE

ume.logon.security_policy.oldpass_in_newpass_allowed=TRUE

ume.logon.security_policy.password_alpha_numeric_required=0

ume.logon.security_policy.password_change_allowed=TRUE

ume.logon.security_policy.password_change_required=TRUE

ume.logon.security_policy.password_expire_days=99999

ume.logon.security_policy.password_history=0

ume.logon.security_policy.password_last_change_date_default=12/31/9999

ume.logon.security_policy.password_max_length=14

ume.logon.security_policy.password_min_length=0

ume.logon.security_policy.password_mix_case_required=0

ume.logon.security_policy.password_special_char_required=0

ume.logon.security_policy.userid_digits=0

ume.logon.security_policy.userid_in_password_allowed=TRUE

ume.logon.security_policy.userid_lowercase=0

ume.logon.security_policy.userid_special_char_required=0

ume.logon.security_policy.useridmaxlength=20

ume.logon.security_policy.useridminlength=5

ume.logon.selfreg=FALSE

ume.logonAuthenticationFactory=com.sap.security.core.logon.imp.SAPJ2EEAuthenticator

ume.notification.admin_email=E-portaladmin@rfmd.com

ume.notification.create_approval=TRUE

ume.notification.create_by_batch_performed=TRUE

ume.notification.create_denied=TRUE

ume.notification.create_performed=TRUE

ume.notification.create_request=TRUE

ume.notification.delete_performed=TRUE

ume.notification.email_asynch=TRUE

ume.notification.lock_performed=TRUE

ume.notification.mail_host=mail3.internal.rfmd.com

ume.notification.pswd_reset_performed=TRUE

ume.notification.pswd_reset_request=TRUE

ume.notification.selfreg_performed=TRUE

ume.notification.system_email=E-portaladmin@rfmd.com

ume.notification.unlock_performed=TRUE

ume.notification.unlock_request=TRUE

ume.notification.update_by_batch_performed=TRUE

ume.notification.workflow_email=workflow@rfmd.com

ume.persistence.batch.page_size=25

ume.persistence.data_source_configuration=dataSourceConfiguration_ads_readonly_db.xml

ume.persistence.pcd_roles_data_source_configuration=dataSourceConfiguration_PCDRoles.xml

ume.persistence.ume_roles_data_source_configuration=dataSourceConfiguration_UMERoles.xml

ume.principal.cache_group_hierarchy=TRUE

ume.principal.cache_indirect_parents=TRUE

ume.principal.cache_role_hierarchy=TRUE

ume.r3.connection.001.TimeZoneMapping=

ume.r3.connection.001.ashost=

ume.r3.connection.001.client=

ume.r3.connection.001.group=

ume.r3.connection.001.gwhost=

ume.r3.connection.001.gwserv=

ume.r3.connection.001.lang=

ume.r3.connection.001.msghost=

ume.r3.connection.001.poolmaxsize=10

ume.r3.connection.001.poolmaxwait=

ume.r3.connection.001.r3name=

ume.r3.connection.001.receiverid=001

ume.r3.connection.001.receiverid_guest=001

ume.r3.connection.001.snc_lib=

ume.r3.connection.001.snc_mode=

ume.r3.connection.001.snc_myname=

ume.r3.connection.001.snc_partnername=

ume.r3.connection.001.snc_qop=

ume.r3.connection.001.sysnr=

ume.r3.connection.001.user=

ume.r3.connection.001.userole=FALSE

ume.r3.connection.002.TimeZoneMapping=

ume.r3.connection.002.ashost=

ume.r3.connection.002.client=

ume.r3.connection.002.group=

ume.r3.connection.002.gwhost=

ume.r3.connection.002.gwserv=

ume.r3.connection.002.lang=

ume.r3.connection.002.msghost=

ume.r3.connection.002.poolmaxsize=10

ume.r3.connection.002.poolmaxwait=

ume.r3.connection.002.r3name=

ume.r3.connection.002.receiverid=002

ume.r3.connection.002.receiverid_guest=002

ume.r3.connection.002.snc_lib=

ume.r3.connection.002.snc_mode=

ume.r3.connection.002.snc_myname=

ume.r3.connection.002.snc_partnername=

ume.r3.connection.002.snc_qop=

ume.r3.connection.002.sysnr=

ume.r3.connection.002.user=

ume.r3.connection.002.userole=FALSE

ume.r3.connection.003.TimeZoneMapping=

ume.r3.connection.003.ashost=

ume.r3.connection.003.client=

ume.r3.connection.003.group=

ume.r3.connection.003.gwhost=

ume.r3.connection.003.gwserv=

ume.r3.connection.003.lang=

ume.r3.connection.003.msghost=

ume.r3.connection.003.poolmaxsize=10

ume.r3.connection.003.poolmaxwait=

ume.r3.connection.003.r3name=

ume.r3.connection.003.receiverid=003

ume.r3.connection.003.receiverid_guest=003

ume.r3.connection.003.snc_lib=

ume.r3.connection.003.snc_mode=

ume.r3.connection.003.snc_myname=

ume.r3.connection.003.snc_partnername=

ume.r3.connection.003.snc_qop=

ume.r3.connection.003.sysnr=

ume.r3.connection.003.user=

ume.r3.connection.003.userole=FALSE

ume.r3.connection.master.TimeZoneMapping=

ume.r3.connection.master.abap_debug=

ume.r3.connection.master.ashost=

ume.r3.connection.master.client=

ume.r3.connection.master.group=

ume.r3.connection.master.gwhost=

ume.r3.connection.master.gwserv=

ume.r3.connection.master.lang=EN

ume.r3.connection.master.msghost=

ume.r3.connection.master.msserv=

ume.r3.connection.master.poolmaxsize=10

ume.r3.connection.master.poolmaxwait=

ume.r3.connection.master.r3name=

ume.r3.connection.master.receiverid=master

ume.r3.connection.master.receiverid_guest=master

ume.r3.connection.master.snc_lib=

ume.r3.connection.master.snc_mode=

ume.r3.connection.master.snc_myname=

ume.r3.connection.master.snc_partnername=

ume.r3.connection.master.snc_qop=

ume.r3.connection.master.sysnr=

ume.r3.connection.master.trace=

ume.r3.connection.master.user=

ume.r3.connection.tpd.adapterid=value of ume.r3.connection.tpd.systemid

ume.r3.connection.tpd.systemid=SUS

ume.r3.mastersystem=

ume.r3.mastersystem.uid.mode=1

ume.r3.orgunit.adapterid=

ume.r3.sync.sender=SAPMUM

ume.r3.use.role=FALSE

ume.replication.adapters.001.companies=

ume.replication.adapters.001.scope=

ume.replication.adapters.002.companies=

ume.replication.adapters.002.scope=

ume.replication.adapters.003.companies=

ume.replication.adapters.003.scope=

ume.replication.adapters.index_1=

ume.replication.adapters.index_2=

ume.replication.adapters.index_3=

ume.replication.adapters.master.companies=

ume.replication.adapters.master.scope=

ume.replication.crm_sup_register_check=BBP_SUS_BUPA_REGID_CHECK

ume.replication.messaging.active=FALSE

ume.replication.sync.display_all_doc=FALSE

ume.roles.pcd_roles_with_actions=

ume.roles.xml_files=*role.xml

ume.secaudit.get_object_name=FALSE

ume.secaudit.log_actor=TRUE

ume.secstore.active=TRUE

ume.spml.schema_name=schema.xml

ume.superadmin.activated=FALSE

ume.supergroups.anonymous_group.description=Built-in Group Anonymous Users

ume.supergroups.anonymous_group.displayname=Anonymous Users

ume.supergroups.anonymous_group.uniquename=Anonymous Users

ume.supergroups.authenticated_group.description=Built-in Group Authenticated Users

ume.supergroups.authenticated_group.displayname=Authenticated Users

ume.supergroups.authenticated_group.uniquename=Authenticated Users

ume.supergroups.everyone.description=Built-in Group Everyone

ume.supergroups.everyone.displayname=Everyone

ume.supergroups.everyone.uniquename=Everyone

ume.testum=FALSE

ume.tpd.classloader=

ume.tpd.companies=0

ume.tpd.imp.class=com.sap.security.core.tpd.SimpleTPD

ume.tpd.prefix=STPD_

ume.trace.debug_exception_level=1

ume.trace.external_trace_class=com.sap.security.core.util.imp.UMTrace_630

ume.usermapping.admin.pwdprotection=TRUE

ume.usermapping.key.protection=TRUE

ume.usermapping.refsys.mapping.type=internal

ume.usermapping.unsecure=TRUE

ume.users.displayname_template=,

ume.version.sapj2eeengine=630

Thanks,

Jeff

Former Member
0 Kudos

Hello,

How did you resolve your issue?

Former Member
0 Kudos

This problem has been resolved by changing the data source from deep hierarchy to flat hierarchy.

Kathy