Skip to Content
0
Former Member
Mar 14, 2006 at 01:58 PM

Using UME to read binary attribute from LDAP (objectSID)

194 Views

Hi,

I am trying to read the ObjectSID of an LDAP user (from MS Active directory) from an IUser object. This attribute is binary retrieved from the LDAP and if I defined a normal extra attribute in the datasourceconfiguration file and retrieve it as a String the value is wrong.

So my question is how can I define this as a binary attribute?

From the file C:\usr\sap\EWD\JC00\j2ee\configtool\dataSourceConfiguration.dtd you get the specification of the xml format for the datasourceconfiguration.

The Attribute element has the following specification:

<!ATTLIST attribute name CDATA #REQUIRED		populateInitially (true|false) #IMPLIED
readonly (true|false) #IMPLIED
type (string|blob) #IMPLIED
cacheTime CDATA #IMPLIED>

Since you have type here, I tried setting it to blob under the user object as such:

For user:
<attribute name="guid" type="blob" populateInitially="true"/>
For attribute mapping:
<attribute name="guid">
 <physicalAttribute name="objectSid"/>				</attribute>	

However, I still get the following error when calling

iuser.getBinaryAttribute(UME_NAMESPACE,UME_GUID_NAME ):

Caused by: com.sap.security.api.UMRuntimeException: String attribute "com.sap.security.core.usermanagement"-->"guid" must be read using IPrincipal.getAttribute(com.sap.security.core.usermanagement,guid)

at com.sap.security.core.imp.AbstractPrincipal.getBinaryAttribute(AbstractPrincipal.java:300)

at com.sap.security.core.imp.UserWrapper.getBinaryAttribute(UserWrapper.java:261)

at com.bouvet.portal.login.UserIntegrityLoginModule.getStatoilUser(UserIntegrityLoginModule.java:430)

at com.bouvet.portal.login.UserIntegrityLoginModule.login(UserIntegrityLoginModule.java:255)

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)

... 41 more

This error indicates that the attributes is a string and not a binary attribute.

Anyone?