Show TOC

Function documentationDirectory Configuration: Common Authentication Scenarios Locate this document in the navigation structure

 

This section describes the various authentication schemes (or modes) supported in SAP Sourcing and the corresponding settings needed to enable and configure each mode.

Search-Based

In this mode, the system conducts a search against the directory for the account with the user name given at login time. The starting point for the search is the Base DN and the search criteria uses an LDAP-compliant search filter specified in the Lookup Filter setting.

Note Note

To allow search over multiple Base DNs, you must configure multiple directories.

End of the note.

Directory Property

Setting

Directory Username

Required, since searching will be done using the stored credentials.

UserId Attribute

Required, since the search will be performed against this attribute.

Base DN

Required. This is the starting point of the search.

Directory Password

Required since searching will be done using the stored credentials.

Lookup Filter

Can be configured. If left blank, the default filters are (uid=<%CURRENT_USER_NAME%>) for iPlanet and (sAMAccountName=<%CURRENT_USER_NAME%>) for Active Directory.

Lookup via Search

Enabled
User-Based (or Direct)

In the user-based authentication scheme, the system directly applies the user name and password data (entered at the login page) as the principal/credential pair for a directory connection.

For this mode to work properly, the Full DN of a user must be stored in the account in the SAP Sourcing database. The Full DN is automatically acquired upon activating a new user account from the Administration section or when importing user account data in a CSV file.

The following are examples of Full DN for Active Directory and iPlanet (shown with its respective LDAP attribute name):

  • Microsoft Active Directory (distinguishedName): "cn=Purchaser One,cn=users,dc=qa,dc=frictionless"

  • IPlanet Directory Server (entryDN): "userid=seller1a,ou=people,dc=sellside,dc=frictionless,dc=com"

    Directory Property

    Setting

    Use Full DN

    Enabled

    Lookup via Search

    Disabled