Skip to Content
avatar image
Former Member

Is it necessary to delete the ume users before switching the ume source to LDAP?

Hi,

I have installed a portal and configured BEx with the abap stack. The source of the ume is now ldap. I did not delete the users in the ume before switching to LDAP as the source. Furthermore, the users get their roles and authorizations from the ABAP stack. Single sign on is activated. The applications are functioning properly. Single sign on is successful and the BEx configuration is successful.

Now my question is:

Is it necessary to delete the users from the UME manually before switching the source to LDAP?

According to what I see in the configured (test) portal, the manually created IDs in the portal do not appear. Only the LDAP mapped users are visible.

In the test portal it was not that critical but I am very careful with the productive portal.

Thank you for sharing your experience with the community.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Aug 19, 2013 at 11:52 AM

    Hi,

    @Marcelo

    Thanks Marcelo for the note. I started the consistency check but I did not find any inconsistency.

    I found the reason for the exception with the function module: RSRD_X_DISTRIBUTE_PROXY.

    I have configured a precalculation server for the BW landscape. After I activated SSO I restarted, of course, the abap stack and the java stack. I did not know that the precalculation service should also be restarted after activating SSO.

    After doing so, the function module call is successful.

    Regards.

    Jean Abou-Adal

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 18, 2013 at 02:52 PM

    Hi Jean,

    You have done pretty well by switching to LDAP source and configuring SSO. Its not necessary to delete the users from UME manually before switching the source to LDAP. The thing is both the users will exist , one in UME source and other in LDAP. You can view the users created previously in UME. Its always better to have a single user and get rid of redundant user data.

    Best Regards,

    Prem

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi,

      As the user id are in portal and LDAP for some user id you will see two ids in portal one with Ldap source and another as Portal once. Where ever you see this scenario SSO will not work . So its better to do cleanup in Portal before connecting it to LDAP.

      I have seen this issue.

      Thanks

      Rishi Abrol

  • Jul 18, 2013 at 08:28 PM

    Hi,

    How have you changed the source? In the UME Admin?

    I dont believe it is going to affect your BEx, however the users will remains in your UME. If it is ok for you I think there is no problem...

    Is there a special reason for this question?

    Regards,

    Fabio

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi,

      Thank you for your responses.

      My practical experience shows that I can still see the old (ume) users and the LDAP users in the productive portal but I did not see any ume users in the test portal. I am still wondering about the reason.

      @Rishi

      SSO is functioning properly in the productive portal although the users have sometimes duplicates. I am deleting the ume users manually.

      BEx is functioning properly.

      @Fabio,

      I changed the ume from the portal

      http://host:port/irj

      system administration/configuration/ume configuration/Tab data sources. The reason for the question, are the different results between Test Portal and Production Portal.

      With the broadcaster we are having an issue if the users start a query

      and try to write the result to a mounted folder under Solaris.

      Publishing the result of the query via Email or other means is

      working though. The exception is with function module

      RSRD_X_DISTRIBUTE_PROXY to ProgId

      We have checked the JCO connection WD_ALV_METADATA_DEST.

      It uses a specific user that is not locked. The test of the Jco connection

      is successful. I tried to change the setting to SSO and to assertion ticket.

      The result of the test is always successful but the function module is still

      failing.

      Regards,

      Jean

  • Jul 31, 2013 at 11:11 PM

    Hi Jean,

    this is not necessary, but this kind of changes should be made carefully once can cause many inconsistency in your landscape. If you have the same user and same unique ID in two datasources you can get an error during the search of even in login proccess.

    You can see more about it at note 718383.

    Thanks,

    Marcelo Pinheiro

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 02, 2013 at 03:44 PM

    Hi,

    The most probable answer is that I switched the data source from UME (java) to ABAP in the test system before switching to LDAP. In the productive system, I switched the source from UME to LDAP directly.

    The users from the UME were deleted manually. Only the LDAP users are visible now.

    Everything is functioning properly. BEx, SSO, etc.

    Best regards,

    Jean

    Add comment
    10|10000 characters needed characters exceeded

    • hi Jean,

      you shouldn't face any issue if you do this changes before populate the datasource. But if you migrate after this, you can face some issue as I have mentioned before.

      After do the changes, run the UME consistency check to make sure that everything is ok (Note 1016283).

      Thanks,

      Marcelo Pinheiro