Defining an LDAP Directory as a Data Source (SAP Library

Defining an LDAP Directory as a Data Source

Use

Use this procedure to define an LDAP directory as the data source.

To provide high availability of the LDAP data source, you can configure user management for more than one LDAP server. In this case, you cannot use the configuration tool, instead you must change the user management properties directly. For more information, see Structure link Configuring High Availability of the LDAP Data Source.

For more information on defining an LDAP directory as a data source, see Structure link Configuring UME to Use an LDAP Server as Data Source.

Note

After changing settings using the user management configuration tool, you must restart the J2EE server process for the changes to take effect.

Prerequisites

See Structure link LDAP Directory as Data Source.

Procedure

...

1. Start the user management configuration tool.

2. Choose the LDAP Server tab.

3. Choose Modify Configuration.

4. Enter data in the fields as follows:

Field Name	Field Data
Server Name	Host on which the directory server is located.
Port	Port of the LDAP directory server.
User	Distinguished name (DN) of user that is used to connect (bind) to the LDAP directory server. cn=Directory Manager
Password	Password of the user specified above.
User Path	Distinguished name of branch of directory where information about users is stored. If you have a groups in a tree hierarchy, the User Path and Group Path values must match. ou=CorporateUsers,c=us,o=mycompany
Group Path	Distinguished name of the branch of your directory where information about the groups of portal users is stored. If you have a groups in a tree hierarchy, the Group Path value must match the User Path value. ou=CorporateGroups,c=us,o=mycompany
Use SSL for LDAP Access	Set the Use SSL for LDAP Access indicator to configure a secure connection to the corporate LDAP directory. For more information, see Configuring SSL Between the UME and an LDAP Directory. If you set this indicator, testing the connection is disabled.
Use unique attribute for UME unique ID	Set the Use unique attribute for UME unique ID indicator to use a unique ID instead of a distinguished name to identify a user account. Which LDAP attribute is used as the unique ID is defined in the data source configuration file and appears as the default value, when you set this indicator. This enables you to physically move users in your LDAP directory structure and still be able to find them, because the user ID is based on the unique ID and not the distinguished name. See also SAP Note 777640.
Connection Pool Settings	The connection pool settings enable you to determine the performance of requests to the LDAP directory server. You can set the most commonly used connection pool settings here. For more information about these settings, see LDAP Directory: Connection Pooling.
Internal LDAP Cache Settings	These settings optimize access to the LDAP directory server by caching things such as previous search results. Cache size is the number of cache entries saved. Cache lifetime is the how long a search entry remains in the cache.
Record LDAP Access	Set the Record LDAP Access indicator to log LDAP requests and the response time. The log is recorded in a text file: sapum.access.audit You can find the file under the following path: <drive>:\user\sap\<SID>\<instance>\j2ee\cluster\server<n>

5. To test the connection to the LDAP directory, choose Test Connection.

If Use SSL for LDAP Access is set, the test connection function is disabled.

6. Choose Save All Changes to save the entire configuration (that is, data from all the tabs). Otherwise choose Restore Saved Settings to undo all data you have entered on this tab.

7. Restart the J2EE server process.