LDAP
Directory Data Source
Property |
Value |
Description |
ume.ldap.access. |
Default value is 2. |
In a high availability scenario: Number of times UME repeats an action on the LDAP directory server, before switching to another server and reinitializing the connection pools. In a scenario with only one LDAP server: Number of times UME repeats an action on the LDAP directory server before throwing an exception. |
ume.ldap.access. |
|
When you configure multiple LDAP directory servers, you can configure up to five passwords for the respective communication users. See SAP Note 736471. |
ume.ldap.access. (where <X> = grup, uacc or user) |
|
Auxiliary naming attribute of principal type (group, user account, or user). |
ume.ldap.access. (where <X> = grup, uacc or user) |
|
Auxiliary object class of principal type (group, user account, or user). |
ume.ldap.access. |
|
Distinguished name of branch of directory where information about groups is stored If you have a ‘groups in a tree’ hierarchy, this property must have the same value as ume.ldap.access.base_path.user.
ou=CorporateGroups,c=us, |
ume.ldap.access. |
|
Distinguished name of branch of directory where information about users is stored. If you have a ‘groups in a tree’ hierarchy, this property must have the same value as ume.ldap.access.base_path.grup.
|
ume.ldap.access. |
|
Distinguished name of branch of directory where information about user accounts is stored |
ume.ldap.access. |
|
Path where new groups are created. This path must be
relative to the path defined in If this property is
not defined, groups are stored in the path defined in
If the properties are set as follows: ume.ldap.access.base_path.grup ume.ldap.access.creation_path.user New groups are created at ou=NewGroups,ou=Groups,c=us,o=mycompany |
ume.ldap.access. |
|
Path where new user accounts are created. This path must be
relative to the path defined in If this property is
not defined, user accounts are stored in the path defined in |
ume.ldap.access. |
|
Path where new users are created. This path must be
relative to the path defined in If this property is
not defined, users are stored in the path defined in |
ume.ldap.access. |
Default is TRUE. TRUE = A flat hierarchy is used. FALSE = A ‘groups as tree’ hierarchy is used. |
|
ume.ldap.access. |
Default value is FALSE. |
Set this property to TRUE to support logon in a multidomain Windows environment. If there are multiple Windows domains in your environment, your unique ID is defined through logon ID and domain. See also SAP Note 762419. |
ume.ldap.access. |
<comma-separated_ |
Naming attribute of groups. In the LDAP directory a group is uniquely identified by its distinguished name (DN). The naming attribute is the attribute used to distinguish the group from the next level above it in the LDAP directory.
If a group’s DN is ou=mygroup, ou=CorporateGroups,c=us,o=mycompany, the naming attribute for groups is ou. |
ume.ldap.access. |
<comma-separated_ |
Naming attribute of user accounts. |
ume.ldap.access. |
<comma-separated_ |
Naming attribute of users. |
ume.ldap.access. |
<comma-separated_ |
Object class of groups. |
ume.ldap.access. |
<comma-separated_ |
Object class of user accounts. |
ume.ldap.access. |
<comma-separated_ |
Object class of users. |
ume.ldap.access. |
|
Password of user that is used to connect (bind) to the LDAP directory server. |
ume.ldap.access. |
|
Name of the LDAP directory server. For a high availability scenario, you can enter a comma-separated list of LDAP directory servers. |
ume.ldap.access. |
|
Port of the LDAP directory server. For a high availability scenario, you can enter a comma-separated list of ports for the LDAP directory servers (in the same order as the servers). |
ume.ldap.access. |
NOVELL = Novell eDirectory SUN = Sun ONE Directory Server ADS = Microsoft Active Directory Server SIEMENS = Siemens DirX |
Type of the LDAP directory server. |
ume.ldap.access. |
Default value is 0. 0 = No limit. |
Defines the maximum number of entries the UME fetches from a search of a directory server. |
ume.ldap.access. |
Default value is
com.sun.jndi.ldap. |
Socket factory for the LDAP connection. |
ume.ldap.access.ssl |
Default value is FALSE. FALSE = Do not use SSL connection to LDAP server. TRUE = Use SSL connection to LDAP server. |
|
ume.ldap.access. |
Default value is
com.sap.security. |
SSL socket factory for the LDAP connection. |
ume.ldap.access. |
Default value is 0. 0 = No limit. |
Defines the maximum length of time in milliseconds, the UME allows for a search of a directory server. The UME only fetches the results it found within the specified period of time. |
ume.ldap.access.user |
|
Distinguished name (DN) of user that is used to connect (bind) to the LDAP directory server.
cn=Directory Manager |
ume.ldap.access. |
Default value is TRUE. |
Defines if the UME user and account objects point to the same object in the directory server or not. Set this property to FALSE, if the directory server treats the user and account as separate objects. |
ume.ldap.blocked_accounts |
<comma-separated list of logon IDs> Default value is Administrator,Guest. |
Specifies the logon IDs of accounts ín the LDAP directory that are ignored by the UME. |
ume.ldap.blocked_groups |
<comma-separated list of unique names> Default value is Administrators,Guests |
Specifies the unique names of groups in the LDAP directory that are ignored by the UME. |
ume.ldap.blocked_users |
<comma-separated list of unique names> Default value is Administrator,Guest. |
Specifies the unique names of users in the LDAP directory that are ignored by the UME. |
ume.ldap.cache_lifetime |
Default value is 600. |
Lifetime in seconds of search cache for LDAP directory. |
ume.ldap.cache_size |
Default value is 100. |
Size of search cache for LDAP directory. |
ume.ldap.default_group_ |
Default value is DUMMY_MEMBER_FOR_UME. |
Sets the name of
the dummy group member when the property ume.ldap.default_group_ |
ume.ldap.default_group_ |
Default value is FALSE. |
Some directory servers require that groups have a member when created. Enable this property to have the UME include a dummy member when creating a directory server group. This dummy member is filtered out in the UME user interface. If this feature is not set properly, you cannot create new groups. |
ume.ldap.record_access |
Default value is FALSE. TRUE= Trace file is created. |
Defines whether a trace file is created containing additional information about the performance of the LDAP directory, for example, which calls are made to the directory server and how long the response times are. For more information, see Logging and Tracing. |
ume.ldap.unique |
|
Attribute used to create unique ID of a group. |
ume.ldap.unique |
|
Attribute used to create unique ID of a user account. |
ume.ldap.unique |
|
Attribute used to create unique ID of a user. By default, the unique ID is the distinguished name (DN) of the user in the LDAP directory. |
The following properties occur only in the private section of the data source configuration file. For more information about the private section, see <privateSection>.
LDAP Properties of the Data Source Configuration File
Property |
Value |
Description |
ume.ldap.access. |
Default value is FALSE. |
Defines whether internal object IDs created by the UME are case sensitive or not. If your directory server requires case sensitive object IDs, set this property to TRUE. See also SAP Note 763084. |
ume.ldap.access. |
Default value is 10. |
Only configured in high-availability scenarios. Time in minutes after which the UME tries to reconnect to the main directory server. |
ume.ldap.access. |
Pair of domain alias and directory server path. Use the following syntax: [<alias>;<path>] |
Defines the domain and server path mapping for multidomain Windows environments. See also SAP Note 762419. |
ume.ldap.access. |
Default value is FALSE. |
Enable this property if your directory server immediately expires passwords set in the administrator context. This property enables the communication user temporarily to set passwords in the user context. See also SAP Note 865399. |
ume.ldap.access. |
Default value is TRUE. |
Disable this property if your directory server causes new passwords to expire immediately after a password set command. See also SAP Note 865399. |
ume.ldap.negative_ |
attribute_name=[<comma separated list of values>] |
Enables you to filter out objects from search requests based on LDAP attributes. For more information about negative attributes, see LDAP Only: Negative User Filter. |