Skip to Content
0
Former Member
Mar 10, 2006 at 09:40 AM

relationship between groups and their members in LDAP directory missing

656 Views

I use SAP EP 6 SPS14 with one LDAP Server as data source using this flat LDAP structure:

dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: example.com

dn: ou=user,dc=example,dc=com
objectClass: organizationalUnit
description: All Users
ou: user

dn: cn=Max Mustermann,ou=user,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Max Mustermann
givenName: Max
sn: Mustermann
uid: 0001
userPassword:: bWF4

dn: cn=Max Meier,ou=user,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Max Meier
givenName: Max
sn: Meier
uid: 0002
userPassword:: bWF4

dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
description: All Groups
ou: groups

dn: cn=internal,ou=groups,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: internal
member: uid=0001,ou=user,dc=example,dc=com

dn: cn=external,ou=groups,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: external
member: cn=Max Meier,ou=user,dc=example,dc=com

The private section of the LDAP entry in the dataSourceConfiguration.xml looks like:

<privateSection>
			<ume.ldap.access.server_type>openLDAP</ume.ldap.access.server_type>
			<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
			<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
			<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
			<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
			<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
			<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
			<ume.ldap.access.objectclass.user>inetOrgPerson</ume.ldap.access.objectclass.user>
			<ume.ldap.access.objectclass.uacc>inetOrgPerson</ume.ldap.access.objectclass.uacc>
			<ume.ldap.access.objectclass.grup>groupofnames</ume.ldap.access.objectclass.grup>
			<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
			<ume.ldap.access.auxiliary_naming_attribute.user>uid</ume.ldap.access.auxiliary_naming_attribute.user>
			<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
			<ume.ldap.access.auxiliary_naming_attribute.uacc>uid</ume.ldap.access.auxiliary_naming_attribute.uacc>
			<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
</privateSection>

The pointers in the portal are:

User Path: ou=user,dc=example,dc=com

Group Path: ou=groups,dc=example,dc=com

If I log in as SuperUser, all users and all groups of the LDAP directory are there and I could log on as one of the LDAP provided users. But the relationship between the users and the groups, defined in the member of the objectClass groupOfNames, is missing.

Whats wrong???

Message was edited by: Holger Wohlhüter