Field Help for Directories: Directory Configuration Page

The following provides help for the fields on the Directory Configuration page.

Features

General Directory Information

Function	Definition
External ID	Type a unique identifier for the directory. The value should not contain non-alphanumeric characters, as it must be suitable for a URL.
Display Name	Type a display name for the directory. This value appears on a query result page containing a short description of the directory.
Default	Check the box to indicate that this is the default directory. You must have one default buy-side and one default sell-side directory. The default directory is used whenever a specific directory is not indicated. For example, when importing users or contacts from a CSV file, the default directory will be assigned to each record if the DIRECTORY column is left blank. The sell-side default directory is automatically assigned to new supplier-managed contacts. Primary contacts do not have an option to select an alternate directory; the default will always be used.
Usage	Select the activation state of the directory configuration. Active Buyside: Select to flag the directory as buy-side only. It is used to authenticate activated user accounts in the database and is displayed as a valid directory to browse in the user interface. You can select this value for more than one directory. Active Sellside: Select to flag the directory as sell-side only. It is used to create new supplier contacts and authenticate them. It is also displayed as a valid directory in the Reassign to Directory Account dropdown list on the Contacts page when editing a supplier. You can select this value for more than one directory. Inactive: Select to indicate that the directory is offline and not used for any function, including Search.
Driver	Select a driver, which is a type of directory device. LDAP - iPlanet Directory Server: Select to indicate that this directory is configured to connect to an iPlanet (Sun ONE) Directory server and that it will use built-in metadata regarding this platform. Example For example, it will assume that the attribute name for static group membership is 'uniquemember'. End of the example. LDAP SDK - Microsoft Active Directory: Select to indicate that this directory is configured to connect to a Microsoft Active Directory (Win2000 server) and that it will use built-in information regarding the schema (attribute names) needed for this platform. Example For example, the attribute name to retrieve the value of an entry DN is 'distinguishedName'. End of the example. File (XML): Select to indicate that this directory service does not connect to an LDAP server but uses a local file with user information formatted in XML structure (a sample file is shipped with installation). This option is generally used for demonstration, testing, and development purposes and is not available in production mode. Local: Select to indicate that all user information is maintained within the SAP Sourcing database, with the exception of a small encrypted password file. This option is generally used for demonstration, testing, and development purposes and is not available in production mode.
Cluster	Assign a unique cluster to the directory. This defines the way that users in the directory access the system. A buy-side directory can share a cluster with a sell-side directory, but two or more directories with the same Usage value (buy-side or sell-side) cannot share a cluster. Each must have its own cluster.

LDAP Configuration

This section contains the configuration parameters needed for connection, binding, entry searching, and attribute retrieval to and from an LDAP-compliant directory server.

Function	Definition
Host	Type the address or hostname of the machine running the directory server. This field is required for all directories that use an LDAP driver.
Port	Type the port number of the LDAP service interface. For SSL support, be sure to specify the port for encrypted connections (in most cases, it is 636). This field is required for all directories that use an LDAP driver. Note This is not the port for the Administration server interface of the LDAP directory. End of the note.
Base DN	Type the root location for all searchable LDAP entries. If authentication via search is desired (see Common Authentication Scenarios for details), the base DN is used as the basis of the full DN of the account with which to authenticate. The base DN also specifies the directory location for any new entries created in SAP Sourcing. This field is required if the Browsing box is checked.
Directory Username	Type the principal name or ID of a user with administrative privileges (permission to read and, optionally, to edit all account entries in this LDAP directory). Specify the full DN of an administrative account, as it is specified in the third-party directory server admin console. This field is required if the Browse Using Stored Credentials box is checked. It should always be used for sell-side directories in which suppliers can manage their own accounts.
Directory Password	Type the password or credential of the Directory Username. Like all passwords in SAP Sourcing, this password is stored encrypted in the database.
Userid Attribute	Type the attribute name or schema of the userid attribute used to authenticate or identify a specific user. In general, user IDs in a directory server are unique. When authentication is set to use the Search method and there is no search filter specified (and the Use Full DN flag control flag is not set), the system will search the user on LDAP using the following filter: (userid=username), where username is entered during the login attempt. This field is required for all directories that use an LDAP driver.
Password Attribute	Type the attribute name or schema of the password attribute. This value is used in assigning a new random password, changing or resetting an account password, and checking to see whether a password is set. This field is required if the system is configured to allow passwords to be expired or changed.
Base Search DN	Type the relative DN to be used by the search mechanism as the basis for the search when it attempts to locate a user in the directory. It is also the root tree for LDAP browsing in the user interface.
Browse Filter	Type the LDAP-compliant search filter to use for browsing the LDAP directory on the Setup page. After submitting a keyword for browsing the LDAP directory, this filter is applied as part of an LDAP query. This field is required if the Browsing box is checked. See LDAP Searching Operations for more information on configuring LDAP browsing.
Lookup Filter	Type the LDAP-compliant search filter to use to look up a user entry during authentication and account management. The use of a group objectclass in a filter is supported. The system will internally expand the group and search its members. Since the lookup filter is expected to return a single entry, wildcards are generally not expected as part of the search criteria.

Driver Configuration

Function	Definition
Authenticator	Type the name of an alternate authentication implementer. The driver must implement the com.frictionless.api.authentication.LoginComponentIfc interface.
Features	This set of configuration switches directly affect certain user-related functions in the system. Changeable Passwords: Check this box to enable the Forgot My Password field on the Login page and the Change My Password field on the Setup page. This box should only be checked if the Expired Passwords box is checked. Expired Passwords: Check this box to enable the system to expire or change passwords when a new account is created. This box must be checked if the New Accounts box is checked. New Accounts: Check this box to enable the ability to create new accounts in the directory. Browsing: Check this box to display an option to browse the LDAP directory on the Setup page and a Search LDAP on the Contacts page for a supplier.
	SSL: Check this box to connect to the LDAP server using SSL. Expand Groups: Check this box for the lookup mechanism to expand any groups encountered in the search results generated from the filter. Lookup via Search: This field controls how accounts are located during authentication. Check this box for the system to assume that the record is in a directory below the Base DN and to perform a loose search to find the entry. Leave the box unchecked for the system to assume that the record is at a specific location in the directory (see Use Full DN, below). UPN Login Names: When a directory is configured to use a Microsoft Active Directory driver, check this box to enable the system to accept a full user principal name (userPrincipalName) in the form of `<USER-LOGON-NAME>@<ACTIVE-DIRECTORY-DOMAIN>.` Example An example of such a principal name might be: fcpurchaser@purchasing.mycompany.com. End of the example. Use Full DN: This field controls where directory entries exist and is only applicable if the Lookup via Search box is not checked. Check this box to use the directory address on each Sourcing record (the Full DN). Leave the box unchecked for the system to assume that the entry is located at the path specified by the Base DN, as detailed above. This box must be checked if the Browse Using Stored Credentials box is not checked. Browse Using Stored Credentials: This field controls the set of credentials that is used to browse the directory from the user interface. Check this box to use the stored credentials on the directory configuration. Leave the box unchecked to challenge the user for the personal directory access credentials.