Setting

Description

Server Name

Host name of the LDAP directory server.

Server Port

Port used by the LDAP directory.

User

Distinguished name (DN) of the user that is used to connect (bind) to the LDAP directory.

This user has read and search permissions for all branches of the LDAP directory. If the UME requires write access, the user must have create and change authorizations.

cn=Directory Manager

Password

Password of the user (indicated above) that is used to connect (bind) to the LDAP directory. When you enter the password, user management configuration hides your input on the screen.

User Path

Distinguished name of the branch directory where information about users is stored. If you have a groups in a tree hierarchy, the User Path and Group Path values must be the same.

For more information, see Organization of Users and Groups in LDAP Directory.

ou=CorporateUsers,c=us,o=mycompany

Group Path

Distinguished name of the branch directory where information about the groups is stored.

ou=CorporateGroups,c=us,o=mycompany

Use SSL for LDAP Access

This indicator determines if the UME uses a Secure Sockets Layer (SSL) connection to the LDAP directory. For more information, see the link for configuring SSL below.

Use Unique Attribute for UME Unique ID

Set this indicator to use a unique ID instead of a distinguished name to identify a user account. When LDAP attribute is used as the unique ID is defined in the data source configuration file and appears as the default value when you set this indicator. This enables you to physically move users in your LDAP directory structure and still be able to find them, because the user ID is based on the unique ID and not the distinguished name.

See also SAP Note 777640.

Setting

Description

Initial Size

Minimum number of connections in the connection pool.

If set to 1, the connection pool never has less than one open connection.

Maximum Idle Size

Maximum number of idle connections in the connection pool. If the maximum number of idle connections is reached, the connection pool closes every incoming released connection.

Maximum Size

Maximum number of connections in the connection pool.

Maximum Idle Time

Maximum time in milliseconds for an idle connection in the connection pool.

Connect Timeout

Enter the number of milliseconds between connection requests sent from the UME to the LDAP directory server. By default the UME tries the connection twice. If the second attempt fails, the UME does one of the following:

●      Attempts to connect to a redundant LDAP directory (if you configured for high availability, see below)

●      Returns an error message that the LDAP directory cannot be reached.

Monitoring Interval

Enter a value larger than 999 to enable the directory server connection pool log. The monitoring interval is the interval in milliseconds at which the system records information. Any value less than 1000 disables logging.

For more information, see Directory Server Connection Pool Log.

Cache Size

Number of cache entries saved.

Cache Lifetime

How long a search entry remains in the cache.

Unique Name of Blocked Users

Enter the unique names of users in the LDAP directory that the UME should ignore. If users exist in the LDAP directory and the AS Java database with the same unique name, use this setting to prevent the UME from finding these users in the LDAP directory.

Unique Name of Blocked Groups

Enter the unique names of groups in the LDAP directory that the UME should ignore.

The AS Java database includes a default group named everyone. If there is a group in the LDAP directory with the same name, enter everyone to prevent the UME from finding the group in the LDAP directory.

Record LDAP Access

Set this indicator to enable the directory service access log. This log records LDAP requests and the response time.

For more information, see Directory Server Access Log.