on 05-17-2005 11:55 AM
Hi,
Currently we're implementing a Portal Porject. We're using NW04SR1 (Portal 60 SP9) as Portal software and Lotus 6.x.
We'll implement a SSO with a 46C SAP System and Lotus Applications such as Inotes and customer databases.
All users are defined in Domino LDAP Server and half of users have SAP access. As a result, we decided to use Domino LDAP as User Data Source. When I check documentation in IBM Interoperability section of SDN, I found that "The Lotus Domino Directory (LDAP task on Domino) can be integrated on project base." in document "Single Sign-On (SSO) from SAP Enterprise Portal to Lotus Domino a Comparison of Alternatives-Nov.2004".
But when i check the SAP Partners for Directory Services, I see the IBM Tivoli Software as a partner for Netweaver Platform. If this means Lotus Domino LDAP can be used for DataSource in WAS UME, then why am i not seeing datasourceConfiguration_<domino/tivoli>_readonly_db.xml in configtool--> UME LDAP Data?
IF we cannot use Domino LDAP at the moment, could you please offer us another solution.
I thinking if this is not usable at the moment, can we use another LDAP server (e.g. novell edirectory) which uses domino ldap as datasource?
portal <--- edirectory/winADS <domino ldap
regards
Hello Huseyin,
on project base means that it's technically possible but that it's not shipped with the product. The reason is that Domino supports nested groups which are NOT supported by the LDAP standard. Furthermore, Domino usually lets you use groups without organization (OU, O) identifier - which are then not visible to the UME if the OU or O identifier misses.
Therefore, for example SAP Consulting can help you achieving this. SAP Consulting alredy integrated the Domino LDAP with SAP NetWeaver before. Please feel free to contact me if you need more information of such offerings.
Regards
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michael,
Thanks for enlightening answer. I argued this situation with my customer and they said "if the problem is nested group definitions, then i can remove nesting withing group definitions and i can give organization to group definitions. Also i can remove all group definitions". This means that they are very flaxible on donimo ldap.
At this stage, can I integrate this flexible Domino LDAP with Portal? Is it possible to copy a template file (e.g. one for novell-edirectory) for domino and edit it?
Do you have any idea about my post: /thread/41228 [original link is broken]
Gunter,
please contact me directly.
If possible, please include information regarding your Domino directory configuration (organization, certifier name, group modeling etc).
please note that the simplest way to connect Domino LDAP is to use "O=<Domino organization>" in the user and group base path of the UME configuration (e.g. "O=SAP").
Regards
Michael
Hi Huseyin,
I would recommend using IBM Tivoli Directory Server (ITDS) as the LDAP user repository for EP.
For general product descripton just see
http://www-306.ibm.com/software/tivoli/products/directory-server/
This product is certified by SAP for the BC_LDAP_USR interface. But you wouldn't find an XML UME datasource configuration file either with your current product installation, since it is not updated with the latest release of EP. I will post a weblog later on to SDN to explicitly describe how to configure it. If you want this information earlier, just send a message.
If you're also looking for some tools to synchronize and merge the directory data in real-time, I would recommend another IBM tool that is IBM Tivoli Directory Integrator (ITDI):
http://www-306.ibm.com/software/tivoli/products/directory-integrator/
Regards,
Ingo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Huseyin,
there exist no recommendations regarding the choice for the LDAP product for SAP NetWeaver and its components. All certified LDAP products successfully integrate with SAP NetWeaver.
Please consult the product availability matrix on SAP Service Marketplace (http://service.sap.com/pam60) to find out which LDAPs are supported by your version of SAP NetWeaver / SAP Enterprise Portal.
Regards
Michael
Hi Michael,
Has SAP ever integrated the EP6 UME with a Domino LDAP repository in such a way as to simultaneously support both "Groups as Tree" AND "Flat Heirarchy"?
We would like the portal to be able to recognize a user's membership in "Groups as Tree" constructs like LDAP Organizational Units AND in constructs like Domino Groups, concurrently.
Do you happen to know if this is achievable without implementing a custom logon module, or would the logon module be the appropriate approach to solving this problem?
Here's the reference to relevant SAP documentation: http://help.sap.com/saphelp_webas630/helpdata/en/ed/f9d6a2b41711d5993800508b6b8b11/content.htm
Thanks and Regards,
Eric
Jacob,
you can find the basic configuration of the XML settings and description how to configure UME for use with ITDS at the following URL as a SDN weblog entry.
/people/ingo.dressler/blog/2005/08/10/ume-configuration-for-use-with-ibm-tivoli-directory-server
For some configurations it does not pull the information of LDAP Groups with the settings decribed. If that is the case make the following changes to the XML file to see the LDAP groups (thanks to Siva Anne who posted here too and found that out).
<i>Attribute Mapping Section</i>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="uniquemember"/>
<i>Private Section</i>
<ume.ldap.access.objectclass.grup>groupOfUniqueNames</ume.ldap.access.objectclass.grup>
Regards,
Ingo
Hi Ingo,
using EP 6.40 SP11, trying to follow your instructions for creating the datasource mapping file I still fail. The portal claims the file to be not valid. If you or anyone else have a working datasource file, please send it to me at andreas.akerblad@consult.nordea.com.
Thanks in advance!
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.