Adapting the Data Source Configuration File 

Use

To store users’ ABAP user IDs in the LDAP directory, you must adapt the data source configuration file accordingly for your LDAP data source. This involves the following:

●      Defining that the logical user attribute REFERENCE_SYSTEM_USER is stored in the LDAP data source.

●      Defining the attribute mapping from the logical attribute REFERENCE_SYSTEM_USER  to the physical attribute that actually stores the ABAP user ID in your LDAP directory.

●      (Optional) Declaring an additional object class containing the ABAP user ID attribute.

Procedure

In the following steps we assume that users’ ABAP user IDs are stored in a user attribute called r3user in the LDAP directory.

       1.      Open the data source configuration file.

For more information, see Customizing a UME Data Source Configuration.

       2.      Check that the logical user attribute REFERENCE_SYSTEM_USER is in the <responsibleFor> section of the LDAP data source.

… <dataSources>   ...   <dataSource id="CORP_LDAP" ...>     …     <responsibleFor>       ...       <principal type="user">         ...           <nameSpace name="$usermapping$">             <attributes>               <attribute name="REFERENCE_SYSTEM_USER"/>             </attributes>           </nameSpace>         ...       </principal>       ...     </responsibleFor>       ...   </dataSource> </dataSources>

       3.      Define the attribute mapping from the logical attribute REFERENCE_SYSTEM_USER to the physical attribute that actually stores the ABAP user ID in your LDAP directory.

… <dataSources>   ...   <dataSource id="CORP_LDAP" ...>     …     <attributeMapping>       <principals>         ...         <principal type="user">           ...           <nameSpace name="$usermapping$">             <attributes>               <attribute name="REFERENCE_SYSTEM_USER">                 <physicalAttribute name="r3user"/>               </attribute>             </attributes>           </nameSpace>           ...         </principal>       </principals>     </attributeMapping>     …   </dataSource> </dataSources>

       4.      If the attribute for the ABAP user ID is in an additional object class, declare this object class in the data source configuration.

When you create a user using the User Management Engine, this object class is assigned to the new user. However, you should make sure that existing users in the LDAP directory are already assigned this object class.

In the following example, the sapuser object class contains the r3user attribute, which contains users’ ABAP user ID.

… <dataSources>   ...   <dataSource id="CORP_LDAP" ...>     …     <privateSection>       ...       <ume.ldap.access.auxiliary_objectclass.user>         sapuser       </ume.ldap.access.auxiliary_objectclass.user>       ...     </privateSection>   </dataSource> </dataSources>

       5.      Upload the modified file.