Defining Location of User-to-Role
Assignments 
Use
In this step, you configure the portal to connect to the branch of the LDAP directory server where you store information about user and group to role assignments. The correct schema is automatically generated in the corresponding branch.
Information about user and group to role assignments is stored in the portal LDAP directory. This can either be a separate directory or simply a separate branch of your corporate LDAP directory.
Prerequisites
· You have set up a branch in your corporate LDAP directory or in a separate portal LDAP directory to store user/group to role assignment data.
· The user for connecting to the LDAP directory has schema editing and extending permissions. This is only necessary for initial configuration, afterwards you can reduce the permissions again.
The Microsoft Active Directory Server by default does not give users schema editing permissions. See SAP Note 518259 for details.
Procedure
...
1. Start the configuration tool by choosing System Configuration ® User Management Configuration.
If you are calling the configuration tool from the Unification Server, choose Unification Server ® <Unifier Project> ® User Management ® Security & Configuration
2. Choose the Portal Roles tab.
3. Enter data in the fields as follows
|
Field Name |
Field Data |
|
Role Information Type |
How the user/group to role assignment data is stored, for example in an LDAP directory or in an SAP R/3 System. At present only LDAP is possible. |
|
LDAP Server Type |
Type of LDAP directory server. |
|
LDAP Server |
Host on which the directory server is located. |
|
Server Port |
Port of the LDAP directory server. |
|
User |
Distinguished name (DN) of user that is used to connect (bind) to the LDAP directory server. This user should have read and write permissions for the user mapping and roles branch of the portal LDAP directory. It should also have schema editing and extending permissions. |
|
Password |
Password of the user specified above. |
|
Roles Root |
Branch of directory where the user/group to role assignment data is stored. |
4. If you wish to set up a secure connection to the branch of your LDAP directory in which you store user/role assignments, check SSL Connection. For more information on setting up a secure connection, see Secure Connections to Corporate and Portal LDAP Directories.
5. When you have filled all the fields, choose Apply.
You need to restart the portal Web server (Microsoft Internet Information Server) and the Java servlet engine for your changes to take effect. However, do not restart these until you have completed all the tabs of the configuration tool.
Result
The correct schema for data on user/group to role assignments is automatically generated in the branch of the LDAP directory that you specified.
When you assign users and groups to roles in the corresponding tool, the assignments are stored in the branch that you specified in this procedure.