cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EP 60 & Lotus Domino LDAP

Go to solution
former_member318735
Participant

on ‎05-17-2005 11:55 AM

0 Kudos

Hi,

Currently we're implementing a Portal Porject. We're using NW04SR1 (Portal 60 SP9) as Portal software and Lotus 6.x.

We'll implement a SSO with a 46C SAP System and Lotus Applications such as Inotes and customer databases.

All users are defined in Domino LDAP Server and half of users have SAP access. As a result, we decided to use Domino LDAP as User Data Source. When I check documentation in IBM Interoperability section of SDN, I found that "The Lotus Domino Directory (LDAP task on Domino) can be integrated on project base." in document "Single Sign-On (SSO) from SAP Enterprise Portal to Lotus Domino – a Comparison of Alternatives-Nov.2004".

But when i check the SAP Partners for Directory Services, I see the IBM Tivoli Software as a partner for Netweaver Platform. If this means Lotus Domino LDAP can be used for DataSource in WAS UME, then why am i not seeing datasourceConfiguration_<domino/tivoli>_readonly_db.xml in configtool--> UME LDAP Data?

IF we cannot use Domino LDAP at the moment, could you please offer us another solution.

I thinking if this is not usable at the moment, can we use another LDAP server (e.g. novell edirectory) which uses domino ldap as datasource?

portal <--- edirectory/winADS <domino ldap

regards

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

MichaelSambeth
Advisor
Advisor
‎05-18-2005 12:58 PM
0 Kudos

Hello Huseyin,

on project base means that it's technically possible but that it's not shipped with the product. The reason is that Domino supports nested groups which are NOT supported by the LDAP standard. Furthermore, Domino usually lets you use groups without organization (OU, O) identifier - which are then not visible to the UME if the OU or O identifier misses.

Therefore, for example SAP Consulting can help you achieving this. SAP Consulting alredy integrated the Domino LDAP with SAP NetWeaver before. Please feel free to contact me if you need more information of such offerings.

Regards

Michael

Show replies
Show replies
former_member318735
Participant
‎05-21-2005 10:52 PM
0 Kudos

Hi Michael,

Thanks for enlightening answer. I argued this situation with my customer and they said "if the problem is nested group definitions, then i can remove nesting withing group definitions and i can give organization to group definitions. Also i can remove all group definitions". This means that they are very flaxible on donimo ldap.

At this stage, can I integrate this flexible Domino LDAP with Portal? Is it possible to copy a template file (e.g. one for novell-edirectory) for domino and edit it?

Do you have any idea about my post: /thread/41228 [original link is broken]

MichaelSambeth
Advisor
Advisor
‎05-27-2005 10:21 AM
0 Kudos

Hello Huseyin,

I usually adjust the datasource configuration template for SUN ONE Ldap server.

in the UME, simply specify "O=<your organization" as user and as group path. Typically choose O according to your notes certifier.

Example:

Michael Sambeth/WDF/SAP ---> O=SAP

Regards

Michael

Former Member
‎02-02-2006 9:37 AM
0 Kudos

Hi Michael,

I am very new. My offer is to bind an EP6.0 to Lotus Domino LDAP. I find some information here but for me it is not clear how it should work. Can you give me more Information how I should handle this. If you want also in german.

regards

Gunter

MichaelSambeth
Advisor
Advisor
‎02-05-2006 3:59 PM
0 Kudos

Gunter,

please contact me directly.

If possible, please include information regarding your Domino directory configuration (organization, certifier name, group modeling etc).

please note that the simplest way to connect Domino LDAP is to use "O=<Domino organization>" in the user and group base path of the UME configuration (e.g. "O=SAP").

Regards

Michael

Answers (1)

Answers (1)

idress
Explorer
‎06-02-2005 4:48 PM
0 Kudos

Hi Huseyin,

I would recommend using IBM Tivoli Directory Server (ITDS) as the LDAP user repository for EP.

For general product descripton just see

http://www-306.ibm.com/software/tivoli/products/directory-server/

This product is certified by SAP for the BC_LDAP_USR interface. But you wouldn't find an XML UME datasource configuration file either with your current product installation, since it is not updated with the latest release of EP. I will post a weblog later on to SDN to explicitly describe how to configure it. If you want this information earlier, just send a message.

If you're also looking for some tools to synchronize and merge the directory data in real-time, I would recommend another IBM tool that is IBM Tivoli Directory Integrator (ITDI):

http://www-306.ibm.com/software/tivoli/products/directory-integrator/

Regards,

Ingo

Show replies
Show replies
former_member318735
Participant
‎06-06-2005 8:28 AM
0 Kudos

Hi Ingo,

Thanks for your answer. Can you please send the document you refered before it is officially released as I need to explain my client.

Regards

Huseyin Bilgen

e-mail: huseyin.bilgen@fitcons.com

MichaelSambeth
Advisor
Advisor
‎06-07-2005 11:56 AM
0 Kudos

Hello Huseyin,

there exist no recommendations regarding the choice for the LDAP product for SAP NetWeaver and its components. All certified LDAP products successfully integrate with SAP NetWeaver.

Please consult the product availability matrix on SAP Service Marketplace (http://service.sap.com/pam60) to find out which LDAPs are supported by your version of SAP NetWeaver / SAP Enterprise Portal.

Regards

Michael

Former Member
‎06-08-2005 7:01 PM
0 Kudos

Hi Michael,

Has SAP ever integrated the EP6 UME with a Domino LDAP repository in such a way as to simultaneously support both "Groups as Tree" AND "Flat Heirarchy"?

We would like the portal to be able to recognize a user's membership in "Groups as Tree" constructs like LDAP Organizational Units AND in constructs like Domino Groups, concurrently.

Do you happen to know if this is achievable without implementing a custom logon module, or would the logon module be the appropriate approach to solving this problem?

Here's the reference to relevant SAP documentation: http://help.sap.com/saphelp_webas630/helpdata/en/ed/f9d6a2b41711d5993800508b6b8b11/content.htm

Thanks and Regards,

Eric

MichaelSambeth
Advisor
Advisor
‎06-10-2005 7:31 PM
0 Kudos

Hello Eric,

yes. SAP NetWeaver Consulting Germany can deliver this. This solution ("deep/flat hierarchy mixed mode") is available on project base. Please contact me regarding details.

Regards

Michael

Former Member
‎06-24-2005 9:02 PM
0 Kudos

Hi Can you send me the doc to configure ITDS with SAP EP.

Siva Anne

sivakumaranne@yahoo.com

Former Member
‎07-06-2005 4:12 PM
0 Kudos

Ingo: we are also interested in using ITDS with EP6. Would you be able to share any configuration information with us?

Douglas_E_Wegscheid (at) whirlpool.com

Former Member
‎08-04-2005 1:32 PM
0 Kudos

Hi Ingo

Could you send me the configuration file for using ITDS as user store for EP6?

I need it badly.

Thanks,

Jacob Vennervald (jave(at)ementor(dot)dk)

idress
Explorer
‎08-10-2005 1:53 PM
0 Kudos

Jacob,

you can find the basic configuration of the XML settings and description how to configure UME for use with ITDS at the following URL as a SDN weblog entry.

/people/ingo.dressler/blog/2005/08/10/ume-configuration-for-use-with-ibm-tivoli-directory-server

For some configurations it does not pull the information of LDAP Groups with the settings decribed. If that is the case make the following changes to the XML file to see the LDAP groups (thanks to Siva Anne who posted here too and found that out).

<i>Attribute Mapping Section</i> 


<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"> 
<physicalAttribute name="uniquemember"/>

<i>Private Section</i> 


<ume.ldap.access.objectclass.grup>groupOfUniqueNames</ume.ldap.access.objectclass.grup>

Regards,

Ingo

Former Member
‎11-21-2005 2:58 PM
0 Kudos

Hi Ingo,

using EP 6.40 SP11, trying to follow your instructions for creating the datasource mapping file I still fail. The portal claims the file to be not valid. If you or anyone else have a working datasource file, please send it to me at andreas.akerblad@consult.nordea.com.

Thanks in advance!

Former Member
‎02-02-2006 9:38 AM
0 Kudos

Hi,

I am very new. My offer is to bind an EP6.0 to Lotus Domino LDAP. I find some information here but for me it is not clear how it should work. Can you give me more Information how i should handle this. If you want also in german.

regards

Gunter

Ask a Question