When you add an SAP NetWeaver Application Server (AS) Java to your system landscape, you must decide whether to do the following:
You cannot configure the AS Java to access an LDAP directory and an AS ABAP as the data source simultaneously. The AS Java can also use its own database as the data source.
Use an LDAP directory as the data source for the user management engine (UME) of your AS Java if you want to manage your user passwords in the LDAP directory. This is ideal if, for example, you want to reuse Windows authentication to log on to a portal as well. Use this configuration to access non-SAP systems that share access to the LDAP directory. The LDAP directory may or may not synchronize with other AS ABAP systems.
The following figure illustrates a portal with an LDAP directory data source. Other non-SAP systems also use the LDAP directory.
Portal with an LDAP Directory
Not all logical attributes are mapped to the physical attributes of an LDAP directory. The attributes that are not mapped are stored in the database of the AS Java. If other SAP or non-SAP systems need to access the attributes stored in the database of the AS Java, consider mapping those attributes to the LDAP.
More information: <attributeMapping> .
Use an AS ABAP as the data source if your Java applications access the services and user data of the ABAP system(s). If your system landscape contains a large number of ABAP systems and these systems are managed by CUA, you must choose between either using a child system of the CUA or the CUA central system as the data source.
The ABAP system may or may not synchronize with an LDAP directory.
The user password is not transferred from the AS ABAP to the LDAP directory when the user data is synchronized. You can maintain user passwords in the following ways:
Maintain passwords in both the CUA and the directory service.
Using Single Sign-On (SSO) with an AS Java, you can avoid duplicate password maintenance altogether. Maintain passwords in the directory service. Configure the user management engine (UME) to support directory service synchronization with the AS ABAP. All systems must be configured to accept logon tickets. Users can now log on with the UME, are authenticated with the directory service, receive a logon ticket, and can then access all systems with SSO.
For more information, see Configuring the UME for Directory Service Sync with AS ABAP .
Users who log in to the ABAP system directly must maintain their passwords in both the LDAP and ABAP systems.
The figure below illustrates two possible configurations of an AS Java in a CUA landscape. One shows a portal with the CUA central system as the data source, and the CUA central system synchronized with an LDAP directory. The other shows a CUA child system as the data source of an SAP NetWeaver Exchange Infrastructure (SAP NetWeaver XI) system.
AS Java in CUA System Landscape
Use this configuration to run dedicated Java applications on an AS Java that accesses neither an ABAP-based system nor a non-SAP system, and does not use user data of an external system.
Examples of when to use the database of the AS Java as the data source:
Consider connecting the AS Java to an LDAP directory or an AS ABAP as the data source. If you do not, you must manage the user data locally.
AS Java with the AS Java Database as the Data Source