Use this procedure to customize the access of the user management engine (UME) to an LDAP directory, when the data source of the UME is a SAP NetWeaver Application Server (AS) ABAP with directory server synchronization. The configuration of the access to the directory server data source is defined by the directory service configuration file.
Do not configure the connection information in the directory service configuration file except as noted below. The UMEreads this information from the AS ABAP.
Do not use the data source configuration files for directory services or attempt to configure the directory service connection from the UMEconfiguration user interface.
The table below lists the standard files that ship with the AS Java.
Standard Directory Service Configuration Files
Filename | Description |
---|---|
dSC_addin_ads.xml |
For Microsoft Active Directory servers. |
dSC_addin_deep.xml |
Sample configuration file for illustrating a deep hierarchy configuration for a directory service. |
dSC_addin_ldap.xml |
Default configuration file for when no other vendors apply. |
dSC_addin_novell.xml |
For Novell eDirectory servers. |
dSC_addin_siemens.xml |
For Siemens DirX servers. |
dSC_addin_sun.xml |
For Sun Java System directory servers. |
The table above is a partial list of the supported directory service vendors. For a list of certified LDAP vendors, visit the SAP Service Marketplace at service.sap.com/securitypartners → Partners for directory services (Interface to LDAP enabled directories).
The UME determines the directory service configuration file used in the following manner:
dSC_addin_ <datasourceID>.xml
The data source ID is defined in the data source configuration file used by the AS Java for the AS ABAP. The default data source ID is R3_Persistence . By default, the file dSC_addin_R3_Persistence.xml does not exist. Create this file in the procedure below to create a custom configuration.
This procedure requires you to restart the AS Java, so you should plan for the required downtime while the AS Java restarts.
For more information about downloading configuration files, see Accessing Data Source Configuration Files Online .
R3_Persistence is the default data source ID of the AS ABAP. Use a different name only if you modified the UME AS ABAP data source configuration file to use a different data source ID.
Do not modify the standard configuration files shown in the table above, as your changes will be overwritten during the next software upgrade.
In general, you can modify the configuration file as described for the data source configuration file. See Customizing a UME Data Source Configuration .
You can only configure the use of the Secure Sockets Layer (SSL) between the UME and the directory service with the directory service configuration file. The system ignores the setting in the UME property.
To configure SSL between the UME and the directory service, configure the following:
If you are performing this procedure as part of configuring the UMEfor directory service synchronization with AS ABAP, you can wait to restart the AS Java until you are done with that procedure. The changes you make here take affect after a restart of the AS Java.
You can now configure the UME with an AS ABAP data source to authenticate with the directory service. For more information, see Configuring the UME for Directory Service Synchronization with AS ABAP .
Kattia Cabrera wants to configure her UME to log on to the Siemens DirX directory service. She also wants the connection to use SSL, so she must customize the directory service configuration file.
First she downloads the file dSC_addin_siemens.xml from the AS Java database. Next she renames the file to dSC_addin_R3_Persistence.xml , since she does not want her changes overwritten during the next upgrade. She also knows R3_Persistence is the data source ID for her AS ABAP and the UME always looks for this file name first.
Now Kattia opens the .xml file with her XML editor and looks at the private section. There she sets ume.ldap.access.server_port to 663 and ume.ldap.access.ssl to true .
<privateSection> … <ume.ldap.access.server_port>663</ume.ldap.access.server_port> … <ume.ldap.access.ssl>true</ume.ldap.access.ssl> … </privateSection>
Kattia saves the file and uploads it to the AS Java database. Since she is still configuring the AS Java to support directory service synchronization with AS ABAP, she waits to restart the AS Java until she is done with that procedure.