Configuring the UME Offline to Use an LDAP
Directory
Use
Use this procedure when the SAP NetWeaver Application Server (AS) Java cannot start and you must configure the User Management Engine (UME) to use an LDAP directory as a data source. For more information about the standard configuration procedure, see Configuring the UME to Use an LDAP Directory as Data Source.
You cannot set up the UME to use an LDAP directory as the data source during installation. You must install with the AS Java database and configure the UME manually after installation.
Prerequisites
● Stop the AS Java.
● See LDAP Directory as Data Source.
Procedure
...
1. Start the Config Tool by executing <ASJava_installation>\j2ee\configtool\configtool.bat.
2. In the Config Tool, choose UME LDAP data.
3. In the Configuration file list box, select the configuration file that best matches your LDAP directory.
If the configuration file already contains some configuration data, this data appears in the configuration tool and cannot be overwritten.
4. If your configuration file defines more than one LDAP data source, choose the one you want to configure in LDAP data source ID.
5. Enter connection data as required.
Field Name |
Value |
LDAP server type |
Type of the LDAP directory server, for example SUN. For more information on the possible values, see the ume.ldap.access.server_type property at LDAP Directory Data Source. |
Server name |
Host name of the LDAP directory server. |
Server port |
Port used by the LDAP directory. |
User |
Distinguished name (DN) of the user that is used to connect (bind) to the LDAP directory.
This user should have read and search permissions for all branches of the LDAP directory. If the UME requires write access, the user must have create and change authorizations. |
Password |
Password of the user (indicated above) that is used to connect (bind) to the LDAP directory. When you enter the password, the Config Tool hides your input on the screen. |
SSL |
This indicator determines if the UME uses a Secure Sockets Layer (SSL) connection to the LDAP directory. For more information, see the link for configuring SSL below. |
Use UME unique id with unique LDAP attribute |
Set this indicator to use a unique ID instead of a distinguished name to identify a user account. The LDAP attribute used as the unique ID is defined in the data source configuration file and appears as the default value when you set this indicator. This enables you to physically move users in your LDAP directory structure and still be able to find them, because the user ID is based on the unique ID and not the distinguished name. See also SAP Note 777640. |
User path |
Distinguished name of branch of directory where information about users is stored. If you have a groups-in-a-tree hierarchy, the User Path and Group Path values must be the same. For more information, see Organization of Users and Groups in LDAP Directory. |
Group path |
Distinguished name of branch directory where information about the groups is stored. |
6. Test the data you entered:
○ Choose Test connection to establish a connection with the user ID and password you entered.
○ Choose Test authentication to establish a connection with a user ID and password that you provide in a dialog box.
If the test fails, go back and reenter the connection data and test the connection again.
7. To save your entries, choose Apply changes.
8. Restart the AS Java.
Result
The UME can access the LDAP directory. You can perform further configuration of the LDAP directory configuration, such as the following:
● Configuring High Availability of the LDAP Data Source
● Configuring attribute mapping for the data source configuration file
For more information, see Customizing a UME Data Source Configuration.
●
Configuring SSL
Between the UME and an LDAP Directory
We strongly recommend that you configure SSL between the UME and the LDAP directory. Some LDAP directories, such as Microsoft Active Directory Server, require an SSL connection if you want to create users on the LDAP directory.