When you add an SAP NetWeaver Application Server (AS) Java to your system landscape, you must decide whether to do the following:
· Use an LDAP directory as the data source for user data.
● Use an AS ABAP as the data source for user data.
You cannot configure the AS Java to access an LDAP directory and an AS ABAP as the data source simultaneously. The AS Java can also use its own database as the data source.
Use an LDAP directory as the data source for the user management engine (UME) of your AS Java if you want to manage your user passwords in the LDAP directory. This is ideal if, for example, you want to reuse Windows authentication to log on to a portal as well. Use this configuration to access non-SAP systems that share access to the LDAP directory. The LDAP directory may or may not synchronize with other AS ABAP systems.
The following figure illustrates a portal with an LDAP directory data source. Other non-SAP systems also use the LDAP directory.
Portal with an LDAP Directory
Not all logical attributes are mapped to the physical attributes of an LDAP directory. The attributes that are not mapped are stored in the database of the AS Java. If other SAP or non-SAP systems need to access the attributes stored in the database of the AS Java, consider mapping those attributes to the LDAP.
More information: <attributeMapping>.
Use an AS ABAP as the data source if your Java applications access the services and user data of the ABAP system(s). If your system landscape contains a large number of ABAP systems and these systems are managed by CUA, you must choose between either using a child system of the CUA or the CUA central system as the data source.
● Use the CUA central system as the data source if all users in the CUA landscape need to access the AS Java, for example, through a portal. In this configuration the AS Java can have read-write access to the user master data records. This enables an administrator to use the UME to manage user data.
● Use a child system of the CUA as the data source if only some of the users need to access the AS Java, for example, through usage type PI of SAP NetWeaver Exchange Infrastructure (SAP NetWeaver XI). In this configuration the AS Java should be restricted to read-only access for user master records.
The ABAP system may or may not synchronize with an LDAP directory.
The user password is not transferred from the AS ABAP to the LDAP directory when the user data is synchronized. You can maintain user passwords in the following ways:
Maintain passwords in both the CUA and the directory service.
Using Single Sign-On (SSO) with an AS Java, you can avoid duplicate password maintenance altogether. Maintain passwords in the directory service. Configure the user management engine (UME) to support directory service synchronization with the AS ABAP. All systems must be configured to accept logon tickets. Users can now log on with the UME, are authenticated with the directory service, receive a logon ticket, and can then access all systems with SSO.
For more information, see Configuring the UME for Directory Service Sync with AS ABAP.
Users who log in to the ABAP system directly must maintain their passwords in both the LDAP and ABAP systems.
The figure below illustrates two possible configurations of an AS Java in a CUA landscape. One shows a portal with the CUA central system as the data source, and the CUA central system synchronized with an LDAP directory. The other shows a CUA child system as the data source of an SAP NetWeaver Exchange Infrastructure (SAP NetWeaver XI) system.
AS Java in CUA System Landscape
Use this configuration to run dedicated Java applications on an AS Java that accesses neither an ABAP-based system nor a non-SAP system, and does not use user data of an external system.
Examples of when to use the database of the AS Java as the data source:
§ AS Java as a development platform.
■ Platform for Java applications that are connected to an ABAP back-end system using a small number of service users, but which do not use the same user data as the ABAP back-end system.
Consider connecting the AS Java to an LDAP directory or an AS ABAP as the data source. If you do not, you must manage the user data locally.
AS Java with the AS Java Database as the Data Source