Show TOC

 Example: Self-Managed PasswordsLocate this document in the navigation structure

Denise DeLassandros wants to read her user data from the LDAP directory, but wants to enable users to change their own passwords. She sets all user attributes to read-only, except for j_password .

Note

Some LDAP directories require you to use Secure Sockets Layer (SSL) to protect communication between the user management engine (UME) and the LDAP directory.

For more information, see Configuring SSL Between the UME and an LDAP Directory .

 

Denise modifies her data source configuration file as follows:

Example 

<dataSource id="CORP_LDAP" 
      className="<impl class>" 
      isReadonly="false" 
      isPrimary="true">
    ...
    <responsibleFor>
        <principal type="user">
            <nameSpace name="com.sap.security.core.usermanagement">
                <attribute name="uniquename" readonly="true"/>
                <attribute name="firstname" readonly="true"/>
                <attribute name="lastname" readonly="true"/>
                <attribute name="..." readonly="true"/>
        ...
            </nameSpace>
        </principal>
        <principal type="account">
            <nameSpace name="com.sap.security.core.usermanagement">
                <attribute name="j_user" readonly="true"/>
                <attribute name="j_password"/>
                <attribute name="..." readonly="true"/>
        …
            </nameSpace>
        </principal>
    </responsibleFor>
    ...
  </dataSource>