I use SAP EP 6 SPS14 with one LDAP Server as data source using this flat LDAP structure:
dn: dc=example,dc=com objectClass: dcObject objectClass: organization dc: example o: example.com dn: ou=user,dc=example,dc=com objectClass: organizationalUnit description: All Users ou: user dn: cn=Max Mustermann,ou=user,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Max Mustermann givenName: Max sn: Mustermann uid: 0001 userPassword:: bWF4 dn: cn=Max Meier,ou=user,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Max Meier givenName: Max sn: Meier uid: 0002 userPassword:: bWF4 dn: ou=groups,dc=example,dc=com objectClass: organizationalUnit description: All Groups ou: groups dn: cn=internal,ou=groups,dc=example,dc=com objectClass: groupOfNames objectClass: top cn: internal member: uid=0001,ou=user,dc=example,dc=com dn: cn=external,ou=groups,dc=example,dc=com objectClass: groupOfNames objectClass: top cn: external member: cn=Max Meier,ou=user,dc=example,dc=com
The private section of the LDAP entry in the dataSourceConfiguration.xml looks like:
<privateSection> <ume.ldap.access.server_type>openLDAP</ume.ldap.access.server_type> <ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory> <ume.ldap.access.authentication>simple</ume.ldap.access.authentication> <ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy> <ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account> <ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups> <ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory> <ume.ldap.access.objectclass.user>inetOrgPerson</ume.ldap.access.objectclass.user> <ume.ldap.access.objectclass.uacc>inetOrgPerson</ume.ldap.access.objectclass.uacc> <ume.ldap.access.objectclass.grup>groupofnames</ume.ldap.access.objectclass.grup> <ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user> <ume.ldap.access.auxiliary_naming_attribute.user>uid</ume.ldap.access.auxiliary_naming_attribute.user> <ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc> <ume.ldap.access.auxiliary_naming_attribute.uacc>uid</ume.ldap.access.auxiliary_naming_attribute.uacc> <ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup> </privateSection>
The pointers in the portal are:
User Path: ou=user,dc=example,dc=com
Group Path: ou=groups,dc=example,dc=com
If I log in as SuperUser, all users and all groups of the LDAP directory are there and I could log on as one of the LDAP provided users. But the relationship between the users and the groups, defined in the member of the objectClass groupOfNames, is missing.
Whats wrong???
Message was edited by: Holger Wohlhüter