cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem while integrating windows file server into SAP KM using WEBDAV

Former Member

on ‎10-25-2007 10:22 AM

0 Kudos

Hi

I am trying to integrate windows file server into SAP KM using WEBDAV . I have downloaded the kerberos ini filter and included in the windows system. I am only trying to bring the files in the same system into KM but with no luck. When i check the log file in the kerberos folder i am getting

<b>12:02:22 10828/10476 E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter (&(objectCategory=person)(objectClass=user) (userPrincipalName=xxxx))</b>.

In the log i am getting the following

ERROR! Delegation Flag:Use any authentication protocol: NOT ACTIVE

Open 'Active directory Users and Computers'. Choose <domain> -> 'Computers'.

Right-click 'IDBSRV8' and choose 'Properties'.

Select 'Delegation' and 'Trust this computer for delegation to specified services only'.

Select 'Use any authentication protocol'.

ERROR! The Trusted-to-Authenticate-for-Delegation flag is not set for SPN 'HOST/idbsrv8.idbhq.org'.

Please check the SPN by calling 'setspn -l IDBSRV8'.

If the SPN is well known, configure the Trusted-to-Authenticate-for-Delegation flag:

Open 'Active directory Users and Computers'. Choose <domain> -> 'Computers'.

Right-click 'IDBSRV8' and choose 'Properties'.

Select 'Delegation' and 'Trust this computer for delegation to specified services only'.

Select 'Use any authentication protocol' and choose 'Add'.

Select 'Users or Computers' and enter IDBSRV8 as object name.

Add the ServicePrincipalName HOST/idbsrv8.idbhq.org.

Can anybody please help me in this regard???

Regards,

Ganesh N

Message was edited by:

Ganesh Natarajan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎10-25-2007 11:02 PM
0 Kudos

Hi Ganesh,

this error message tells you that there is no user in your active directory that has the userPrincipalName xxxx.

The SSO22KerbMapModule works as follows.

1. It receives a SAP Logon Ticket from the WebDAV request.

2. If valid the SAP username is extracted. In your case the SAP username is xxxx.

3. It then searches for a user in AD. It does so using the attribute in the ini-file that has been specified to contain the SAP username. In your case the SAP username should be identical with the userPrincipalName.

So you have to make sure that the portal user id (j_user) is mapped to the same AD user attribute that is specified in the ini-file .

Best regards,

Andre

Show replies
Show replies
Former Member
‎10-26-2007 5:09 AM
0 Kudos

hi Andre,

Thanks very much for your reply. I too was thinking exactly on what you said. Can you say something about the delegation which i cannot understand much in the documentation. Should i do that if IIS and the windows folder are in the same system. Where should i do the delegation part?? Does the problem anyway related to delegation as the log says to do the delegation configuration? Can you please explain me on the delegation part of configuration?

Thanks for your time!!!!

Regards,

Ganesh N

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎10-26-2007 7:55 AM
0 Kudos

Hi Ganesh,

the configuration is explained in my whitepaper

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1f93f5c-0301-0010-5c83-9681791f...

The delegation has to be configured in Active Directory for the server account IIS is running on.

Best regards,

Andre

Former Member
‎10-26-2007 8:54 AM
0 Kudos

HI Andre,

I had a detailed look at your documentation. Its great to follow and the only place i am stuck is the delegation. Can you take your time off to explain its functionality and as the log suggests should i do that? This particular part is not clear to me..

The IIS and portal runs in the same system whereas the ADS is in a different system. This is my current scenario. Please help me as it is an urgent requirement. Thanks a lot!!!!!!!

Regards,

Ganesh N

Former Member
‎11-01-2007 7:50 AM
0 Kudos

hi Andre,

The errors that were coming has been overcome by setting the delegation part as explained in your documentation. But the log again says

<b>Found 0 UserPrincipalNames for ADSI Filter (&(objectCategory=person)(objectClass=user) (userPrincipalName=xxxx)).</b>

It is identifying the user from the ticket send from sap and even if the user exist in the ADS it says <b>user not found.</b>

As you said in your previous post, where should the mapping between the userattributename in ADS and portaluser has to be done. Can you please point out?

Regards,

Ganesh N

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎11-06-2007 8:42 PM
0 Kudos

Hi Ganesh,

in the SSO22KerbMap.ini you define the mapping.

You specify the user attribute in Active Directory that contains the SAP username using the parameter SSO2AccountAttribute.

If you specify

SSO2AccountAttribute = userPrincipalName

the filter performs an LDAP search using attribute userPrincipalName as a filter.

You can verify the search using a tool like LDP.EXE that is part of the support tools.

Best regards,

Andre

Former Member
‎11-22-2007 11:59 AM
0 Kudos

hi Andre,

Thanks a lot!

That is working fine. I have another query. Now i am in the process of indexing these file shares which we have integrated into KM. Is the procedure of indexing the same like that of any other index creation or do we need to do extra activity for this repository manager. Can you explain me!!!

Ganesh.N

Ask a Question