Show TOC

 Customizing a Directory Service Configuration FileLocate this document in the navigation structure

Use

Use this procedure to customize the access of the user management engine (UME) to an LDAP directory, when the data source of the UME is a SAP NetWeaver Application Server (AS) ABAP with directory server synchronization. The configuration of the access to the directory server data source is defined by the directory service configuration file.

Caution

Do not configure the connection information in the directory service configuration file except as noted below. The UMEreads this information from the AS ABAP.

Do not use the data source configuration files for directory services or attempt to configure the directory service connection from the UMEconfiguration user interface.

The table below lists the standard files that ship with the AS Java.

Standard Directory Service Configuration Files

Filename Description

dSC_addin_ads.xml

For Microsoft Active Directory servers.

dSC_addin_deep.xml

Sample configuration file for illustrating a deep hierarchy configuration for a directory service.

dSC_addin_ldap.xml

Default configuration file for when no other vendors apply.

dSC_addin_novell.xml

For Novell eDirectory servers.

dSC_addin_siemens.xml

For Siemens DirX servers.

dSC_addin_sun.xml

For Sun Java System directory servers.

Note

The table above is a partial list of the supported directory service vendors. For a list of certified LDAP vendors, visit the SAP Service Marketplace at service.sap.com/securitypartners → Partners for directory services (Interface to LDAP enabled directories).

The UME determines the directory service configuration file used in the following manner:

  1. The UME searches for a file in the database with the following name:

    dSC_addin_ <datasourceID>.xml

    The data source ID is defined in the data source configuration file used by the AS Java for the AS ABAP. The default data source ID is R3_Persistence . By default, the file dSC_addin_R3_Persistence.xml does not exist. Create this file in the procedure below to create a custom configuration.

  2. The UME reads the product name configured for the LDAP connection from the AS ABAP and chooses among the vendor-specific files available in the database of the AS Java. If the UMEcannot identity the vendor, the it uses the default file ( dSC_addin_ldap.xml ).
Prerequisites

This procedure requires you to restart the AS Java, so you should plan for the required downtime while the AS Java restarts.

Procedure
  1. Download the vender-specific directory service configuration file from the AS Java database that best matches your directory service.

    For more information about downloading configuration files, see Accessing Data Source Configuration Files Online .

  2. Rename the file you downloaded to dSC_addin_R3_Persistence.xml .

    R3_Persistence is the default data source ID of the AS ABAP. Use a different name only if you modified the UME AS ABAP data source configuration file to use a different data source ID.

    Do not modify the standard configuration files shown in the table above, as your changes will be overwritten during the next software upgrade.

  3. Modify the directory service configuration file as needed.

    In general, you can modify the configuration file as described for the data source configuration file. See Customizing a UME Data Source Configuration .

    Caution

    You can only configure the use of the Secure Sockets Layer (SSL) between the UME and the directory service with the directory service configuration file. The system ignores the setting in the UME property.

    To configure SSL between the UME and the directory service, configure the following:

    1. Set ume.ldap.access.ssl to true .
    2. Set ume.ldap.access.server_port to the port number used by your directory service for SSL. The default value for directory services is 663.
  4. Upload the directory service configuration file to the AS Java database.
  5. Restart the AS Java.

    If you are performing this procedure as part of configuring the UMEfor directory service synchronization with AS ABAP, you can wait to restart the AS Java until you are done with that procedure. The changes you make here take affect after a restart of the AS Java.

Result

You can now configure the UME with an AS ABAP data source to authenticate with the directory service. For more information, see Configuring the UME for Directory Service Synchronization with AS ABAP .

Example

Kattia Cabrera wants to configure her UME to log on to the Siemens DirX directory service. She also wants the connection to use SSL, so she must customize the directory service configuration file.

First she downloads the file dSC_addin_siemens.xml from the AS Java database. Next she renames the file to dSC_addin_R3_Persistence.xml , since she does not want her changes overwritten during the next upgrade. She also knows R3_Persistence is the data source ID for her AS ABAP and the UME always looks for this file name first.

Now Kattia opens the .xml file with her XML editor and looks at the private section. There she sets ume.ldap.access.server_port to 663 and ume.ldap.access.ssl to true .

 

  <privateSection>
   …
      <ume.ldap.access.server_port>663</ume.ldap.access.server_port>
   …
      <ume.ldap.access.ssl>true</ume.ldap.access.ssl>
   …
  </privateSection>

 

Kattia saves the file and uploads it to the AS Java database. Since she is still configuring the AS Java to support directory service synchronization with AS ABAP, she waits to restart the AS Java until she is done with that procedure.