The user management engine (UME) can use a directory service as its data source for user management data. You can link the UME to the directory service as either a read-only or read-write data source.
More information: SAP Note 673824.
If you want to use an Application Server for ABAP (AS for ABAP) as the data source, but synch AS for ABAP with the directory service, see Configuring the UME for Directory Service Synch with AS ABAP .
More information: Organization of Users and Groups in LDAP Directory .
You can, however, assign users and groups stored in the LDAP directory to a group in the database.
Choose from the following options:
Data source configuration files for certified LDAP directory vendors are delivered with the AS for Java or are available from SAP Note 983808. To find the configuration file, use the Config Tool.
More information: Editing UME Configuration Files .
For recently certified LDAP directories, contact the LDAP directory vendor directly. SAP has set up a program to certify LDAP directory solutions for use with UME. For a list of certified LDAP vendors, visit the SAP Service Marketplace at service.sap.com/securitypartners → Partners for directory services (Interface to LDAP enabled directories).
Option 1: Read-Writer Directory Service
The following data is written to and read from the LDAP server:
The following data is written to and read from the database:
Use case: You have a mixed system landscape including both SAP and non-SAP systems, or you have an existing corporate LDAP directory in your system landscape. You want to store standard user data such as name, address, e-mail address, and so on in the directory, while you store application-specific data in the database.
Option 2: Read-Only Directory Service
Description: You cannot create, modify, or delete users or groups in the LDAP server. All newly created principals and additional data are stored in the database.
Use case: You have an existing corporate LDAP directory in your system landscape and have existing processes for administering user data on this directory. You are using a portal and want all users that register themselves in the portal to be stored separately from the user data on the corporate directory.