on 05-12-2005 5:02 PM
We need help with configuring our LDAP so we can see the groups from Active Directory.
We are able to authenticate fine with our LDAP configuration but we just can't see the groups.
What we do see is the OU's (folders) but
not the groups under the folders.
We have tried changing OrganizationUnit to groupOfUniqueNames, and we have tried
changing the naming_attribute for group
from ou to cn. Here's what currently
have set up in the private section of
the config file:
<privateSection>
<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>false</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.objectclass.grup>OrganizationalUnit</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
</privateSection>
We have looked through the SDN and Help and have not found any information to resolve this problem. If anyone has information that might be useful or a link to some information, please respond.
Thank you,
Kathy Livingston
We are wanting to also display the AD Groups within the portal. We have configured LDAP for single signon and this works fine but the groups are not displaying. I have copied my UM configuration file below for you to look at our settings. Please let me know what needs to be changed in order to display the groups.
UM Config file for EP6 SP19:
#Tue Aug 07 15:38:40 EDT 2007
login.authschemes.default=default
login.authschemes.definition.file=authschemes.xml
login.serviceuser.lifetime=100
login.ticket_client=000
login.ticket_keyalias=SAPLogonTicketKeypair
login.ticket_keystore=TicketKeystore
login.ticket_lifetime=8
login.ticket_portalid=auto
ume.acl.validate_cached_acls=FALSE
ume.admin.account_privacy=FALSE
ume.admin.addattrs=skills;expert_area;bpo;krb5principalname;kpnprefix
ume.admin.allow_selfmanagement=TRUE
ume.admin.auto_password=TRUE
ume.admin.create.redirect=
ume.admin.debug_internal=FALSE
ume.admin.display.redirect=
ume.admin.modify.redirect=
ume.admin.nocache=FALSE
ume.admin.password.migration=false
ume.admin.phone_check=TRUE
ume.admin.search_maxhits=10000
ume.admin.search_maxhits_warninglevel=2000
ume.admin.self.addattrs=
ume.admin.selfreg_company=FALSE
ume.admin.selfreg_guest=FALSE
ume.admin.selfreg_sus=FALSE
ume.admin.selfreg_sus.adapterid=SUS
ume.admin.selfreg_sus.adminrole=
ume.admin.selfreg_sus.deletecall=TRUE
ume.allow_nested_groups=TRUE
ume.allow_nested_roles=FALSE
ume.authenticationFactory=com.sap.security.core.logon.imp.SAPJ2EEAuthenticator
ume.cache.acl.default_caching_time=1800
ume.cache.acl.initial_cache_size=10000
ume.cache.acl.permissions.default_caching_time=3600
ume.cache.acl.permissions.initial_cache_size=100
ume.cache.default_cache=distributableCache
ume.cache.group.default_caching_time=3600
ume.cache.group.initial_cache_size=500
ume.cache.notification_time=0
ume.cache.principal.default_caching_time=3600
ume.cache.principal.initial_cache_size=500
ume.cache.role.default_caching_time=3600
ume.cache.role.initial_cache_size=500
ume.cache.user.default_caching_time=3600
ume.cache.user.initial_cache_size=500
ume.cache.user_account.default_caching_time=3600
ume.cache.user_account.initial_cache_size=500
ume.company_groups.description_template=Company ume.company_groups.displayname_template= ()
ume.company_groups.enabled=FALSE
ume.company_groups.guestusercompany_enabled=TRUE
ume.company_groups.guestusercompany_name=Guest Users
ume.db.connection_pool.j2ee.is_unicode=FALSE
ume.db.connection_pool.j2ee.jta_transaction_support_enabled=FALSE
ume.db.connection_pool.j2ee.xatransactions_used=FALSE
ume.db.connection_pool_type=SAP/BC_UME
ume.db.or_search.max_arguments=50
ume.db.parent_search.max_arguments=300
ume.db.use_default_transaction_isolation=FALSE
ume.ldap.access.action_retrial=2
ume.ldap.access.auxiliary_naming_attribute.grup=
ume.ldap.access.auxiliary_naming_attribute.uacc=
ume.ldap.access.auxiliary_naming_attribute.user=
ume.ldap.access.auxiliary_objectclass.grup=
ume.ldap.access.auxiliary_objectclass.uacc=
ume.ldap.access.auxiliary_objectclass.user=
ume.ldap.access.base_path.grup=DC\=internal,DC\=rfmd,DC\=com
ume.ldap.access.base_path.uacc=
ume.ldap.access.base_path.user=DC\=internal,DC\=rfmd,DC\=com
ume.ldap.access.context_factory=com.sun.jndi.ldap.LdapCtxFactory
ume.ldap.access.creation_path.grup=
ume.ldap.access.creation_path.uacc=
ume.ldap.access.creation_path.user=
ume.ldap.access.dynamic_group_attribute=
ume.ldap.access.dynamic_groups=FALSE
ume.ldap.access.flat_group_hierachy=TRUE
ume.ldap.access.msads.control_attribute=userAccountControl
ume.ldap.access.msads.control_value=512
ume.ldap.access.msads.grouptype.attribute=grouptype
ume.ldap.access.msads.grouptype.value=4
ume.ldap.access.multidomain.enabled=FALSE
ume.ldap.access.naming_attribute.grup=
ume.ldap.access.naming_attribute.uacc=
ume.ldap.access.naming_attribute.user=
ume.ldap.access.objectclass.grup=OrganizationalUnit
ume.ldap.access.objectclass.uacc=
ume.ldap.access.objectclass.user=
ume.ldap.access.server_name=rfhqdc2.internal.rfmd.com, rfcrpdc1.internal.rfmd.com
ume.ldap.access.server_port=389, 389
ume.ldap.access.server_type=
ume.ldap.access.size_limit=0
ume.ldap.access.ssl=FALSE
ume.ldap.access.ssl_socket_factory=com.sap.security.core.server.https.SecureConnectionFactory
ume.ldap.access.time_limit=0
ume.ldap.access.user=yassa
ume.ldap.access.user_as_account=TRUE
ume.ldap.blocked_accounts=Administrator,Guest
ume.ldap.blocked_groups=Administrators,Guests
ume.ldap.blocked_users=Administrator,Guest
ume.ldap.cache_lifetime=300
ume.ldap.cache_size=100
ume.ldap.connection_pool.connect_timeout=25000
ume.ldap.connection_pool.max_connection_usage_time_check_interval=120000
ume.ldap.connection_pool.max_idle_connections=5
ume.ldap.connection_pool.max_idle_time=300000
ume.ldap.connection_pool.max_size=10
ume.ldap.connection_pool.max_wait_time=60000
ume.ldap.connection_pool.min_size=1
ume.ldap.connection_pool.monitor_level=0
ume.ldap.connection_pool.retrial=2
ume.ldap.connection_pool.retrial_interval=10000
ume.ldap.default_group_member=cn\=DUMMY_MEMBER_FOR_UME
ume.ldap.default_group_member.enabled=FALSE
ume.ldap.record_access=FALSE
ume.ldap.unique_grup_attribute=Group
ume.ldap.unique_uacc_attribute=mail
ume.ldap.unique_user_attribute=mail
ume.locking.enabled=TRUE
ume.locking.max_wait_time=30
ume.login.anonymous_user.mode=1
ume.login.basicauthentication=1
ume.login.context=ticket
ume.login.context.default=ticket
ume.login.guest_user.uniqueids=Guest
ume.login.mdc.hosts=
ume.logoff.redirect.silent=FALSE
ume.logoff.redirect.url=http\://www.rfmd.com
ume.logon.allow_cert=FALSE
ume.logon.branding_image=/logon/layout/TopImage.jpg
ume.logon.branding_text=/logon/layout/BottomImage.jpg
ume.logon.force_password_change_on_sso=TRUE
ume.logon.httponlycookie=TRUE
ume.logon.locale=FALSE
ume.logon.logon_help=TRUE
ume.logon.r3master.adapterid=master
ume.logon.security.enforce_secure_cookie=FALSE
ume.logon.security.local_redirect_only=TRUE
ume.logon.security.relax_domain.level=1
ume.logon.security_policy.auto_unlock_time=60
ume.logon.security_policy.cert_logon_required=FALSE
ume.logon.security_policy.lock_after_invalid_attempts=6
ume.logon.security_policy.log_client_hostaddress=TRUE
ume.logon.security_policy.log_client_hostname=FALSE
ume.logon.security_policy.oldpass_in_newpass_allowed=TRUE
ume.logon.security_policy.password_alpha_numeric_required=0
ume.logon.security_policy.password_change_allowed=TRUE
ume.logon.security_policy.password_change_required=TRUE
ume.logon.security_policy.password_expire_days=99999
ume.logon.security_policy.password_history=0
ume.logon.security_policy.password_last_change_date_default=12/31/9999
ume.logon.security_policy.password_max_length=14
ume.logon.security_policy.password_min_length=0
ume.logon.security_policy.password_mix_case_required=0
ume.logon.security_policy.password_special_char_required=0
ume.logon.security_policy.userid_digits=0
ume.logon.security_policy.userid_in_password_allowed=TRUE
ume.logon.security_policy.userid_lowercase=0
ume.logon.security_policy.userid_special_char_required=0
ume.logon.security_policy.useridmaxlength=20
ume.logon.security_policy.useridminlength=5
ume.logon.selfreg=FALSE
ume.logonAuthenticationFactory=com.sap.security.core.logon.imp.SAPJ2EEAuthenticator
ume.notification.admin_email=E-portaladmin@rfmd.com
ume.notification.create_approval=TRUE
ume.notification.create_by_batch_performed=TRUE
ume.notification.create_denied=TRUE
ume.notification.create_performed=TRUE
ume.notification.create_request=TRUE
ume.notification.delete_performed=TRUE
ume.notification.email_asynch=TRUE
ume.notification.lock_performed=TRUE
ume.notification.mail_host=mail3.internal.rfmd.com
ume.notification.pswd_reset_performed=TRUE
ume.notification.pswd_reset_request=TRUE
ume.notification.selfreg_performed=TRUE
ume.notification.system_email=E-portaladmin@rfmd.com
ume.notification.unlock_performed=TRUE
ume.notification.unlock_request=TRUE
ume.notification.update_by_batch_performed=TRUE
ume.notification.workflow_email=workflow@rfmd.com
ume.persistence.batch.page_size=25
ume.persistence.data_source_configuration=dataSourceConfiguration_ads_readonly_db.xml
ume.persistence.pcd_roles_data_source_configuration=dataSourceConfiguration_PCDRoles.xml
ume.persistence.ume_roles_data_source_configuration=dataSourceConfiguration_UMERoles.xml
ume.principal.cache_group_hierarchy=TRUE
ume.principal.cache_indirect_parents=TRUE
ume.principal.cache_role_hierarchy=TRUE
ume.r3.connection.001.TimeZoneMapping=
ume.r3.connection.001.ashost=
ume.r3.connection.001.client=
ume.r3.connection.001.group=
ume.r3.connection.001.gwhost=
ume.r3.connection.001.gwserv=
ume.r3.connection.001.lang=
ume.r3.connection.001.msghost=
ume.r3.connection.001.poolmaxsize=10
ume.r3.connection.001.poolmaxwait=
ume.r3.connection.001.r3name=
ume.r3.connection.001.receiverid=001
ume.r3.connection.001.receiverid_guest=001
ume.r3.connection.001.snc_lib=
ume.r3.connection.001.snc_mode=
ume.r3.connection.001.snc_myname=
ume.r3.connection.001.snc_partnername=
ume.r3.connection.001.snc_qop=
ume.r3.connection.001.sysnr=
ume.r3.connection.001.user=
ume.r3.connection.001.userole=FALSE
ume.r3.connection.002.TimeZoneMapping=
ume.r3.connection.002.ashost=
ume.r3.connection.002.client=
ume.r3.connection.002.group=
ume.r3.connection.002.gwhost=
ume.r3.connection.002.gwserv=
ume.r3.connection.002.lang=
ume.r3.connection.002.msghost=
ume.r3.connection.002.poolmaxsize=10
ume.r3.connection.002.poolmaxwait=
ume.r3.connection.002.r3name=
ume.r3.connection.002.receiverid=002
ume.r3.connection.002.receiverid_guest=002
ume.r3.connection.002.snc_lib=
ume.r3.connection.002.snc_mode=
ume.r3.connection.002.snc_myname=
ume.r3.connection.002.snc_partnername=
ume.r3.connection.002.snc_qop=
ume.r3.connection.002.sysnr=
ume.r3.connection.002.user=
ume.r3.connection.002.userole=FALSE
ume.r3.connection.003.TimeZoneMapping=
ume.r3.connection.003.ashost=
ume.r3.connection.003.client=
ume.r3.connection.003.group=
ume.r3.connection.003.gwhost=
ume.r3.connection.003.gwserv=
ume.r3.connection.003.lang=
ume.r3.connection.003.msghost=
ume.r3.connection.003.poolmaxsize=10
ume.r3.connection.003.poolmaxwait=
ume.r3.connection.003.r3name=
ume.r3.connection.003.receiverid=003
ume.r3.connection.003.receiverid_guest=003
ume.r3.connection.003.snc_lib=
ume.r3.connection.003.snc_mode=
ume.r3.connection.003.snc_myname=
ume.r3.connection.003.snc_partnername=
ume.r3.connection.003.snc_qop=
ume.r3.connection.003.sysnr=
ume.r3.connection.003.user=
ume.r3.connection.003.userole=FALSE
ume.r3.connection.master.TimeZoneMapping=
ume.r3.connection.master.abap_debug=
ume.r3.connection.master.ashost=
ume.r3.connection.master.client=
ume.r3.connection.master.group=
ume.r3.connection.master.gwhost=
ume.r3.connection.master.gwserv=
ume.r3.connection.master.lang=EN
ume.r3.connection.master.msghost=
ume.r3.connection.master.msserv=
ume.r3.connection.master.poolmaxsize=10
ume.r3.connection.master.poolmaxwait=
ume.r3.connection.master.r3name=
ume.r3.connection.master.receiverid=master
ume.r3.connection.master.receiverid_guest=master
ume.r3.connection.master.snc_lib=
ume.r3.connection.master.snc_mode=
ume.r3.connection.master.snc_myname=
ume.r3.connection.master.snc_partnername=
ume.r3.connection.master.snc_qop=
ume.r3.connection.master.sysnr=
ume.r3.connection.master.trace=
ume.r3.connection.master.user=
ume.r3.connection.tpd.adapterid=value of ume.r3.connection.tpd.systemid
ume.r3.connection.tpd.systemid=SUS
ume.r3.mastersystem=
ume.r3.mastersystem.uid.mode=1
ume.r3.orgunit.adapterid=
ume.r3.sync.sender=SAPMUM
ume.r3.use.role=FALSE
ume.replication.adapters.001.companies=
ume.replication.adapters.001.scope=
ume.replication.adapters.002.companies=
ume.replication.adapters.002.scope=
ume.replication.adapters.003.companies=
ume.replication.adapters.003.scope=
ume.replication.adapters.index_1=
ume.replication.adapters.index_2=
ume.replication.adapters.index_3=
ume.replication.adapters.master.companies=
ume.replication.adapters.master.scope=
ume.replication.crm_sup_register_check=BBP_SUS_BUPA_REGID_CHECK
ume.replication.messaging.active=FALSE
ume.replication.sync.display_all_doc=FALSE
ume.roles.pcd_roles_with_actions=
ume.roles.xml_files=*role.xml
ume.secaudit.get_object_name=FALSE
ume.secaudit.log_actor=TRUE
ume.secstore.active=TRUE
ume.spml.schema_name=schema.xml
ume.superadmin.activated=FALSE
ume.supergroups.anonymous_group.description=Built-in Group Anonymous Users
ume.supergroups.anonymous_group.displayname=Anonymous Users
ume.supergroups.anonymous_group.uniquename=Anonymous Users
ume.supergroups.authenticated_group.description=Built-in Group Authenticated Users
ume.supergroups.authenticated_group.displayname=Authenticated Users
ume.supergroups.authenticated_group.uniquename=Authenticated Users
ume.supergroups.everyone.description=Built-in Group Everyone
ume.supergroups.everyone.displayname=Everyone
ume.supergroups.everyone.uniquename=Everyone
ume.testum=FALSE
ume.tpd.classloader=
ume.tpd.companies=0
ume.tpd.imp.class=com.sap.security.core.tpd.SimpleTPD
ume.tpd.prefix=STPD_
ume.trace.debug_exception_level=1
ume.trace.external_trace_class=com.sap.security.core.util.imp.UMTrace_630
ume.usermapping.admin.pwdprotection=TRUE
ume.usermapping.key.protection=TRUE
ume.usermapping.refsys.mapping.type=internal
ume.usermapping.unsecure=TRUE
ume.users.displayname_template=,
ume.version.sapj2eeengine=630
Thanks,
Jeff
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This problem has been resolved by changing the data source from deep hierarchy to flat hierarchy.
Kathy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.