Example:
Self-Managed Passwords
Denise DeLassandros
wants to read her user data from the LDAP directory, but wants to enable users
to change their own passwords. She sets all user attributes to read-only, except for j_password.
Some LDAP
directories require you to use Secure Sockets Layer (SSL) to protect
communication between the user management engine (UME)
and the LDAP directory.
For more
information, see
Configuring SSL
Between the UME and an LDAP Directory.
Denise modifies her
data source configuration file as follows:
Example
<dataSource id="CORP_LDAP"
className="<impl class>"
isReadonly="false"
isPrimary="true">
...
<responsibleFor>
<principal type="user">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="uniquename" readonly="true"/>
<attribute name="firstname" readonly="true"/>
<attribute name="lastname" readonly="true"/>
<attribute name="..." readonly="true"/>
...
</nameSpace>
</principal>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user" readonly="true"/>
<attribute name="j_password"/>
<attribute name="..." readonly="true"/>
…
</nameSpace>
</principal>
</responsibleFor>
...
</dataSource>
|