on 05-26-2006 7:56 PM
I am having difficulty configuring EP to pull my Active Directory groups correctly. Currently, it is pulling a list of objects that have an objectClass of 'organizationalUnit', instead of 'group' which is how it is set-up inn Active Directory. I have tried setting the objectClass = group in the direct editing of the UM Configuration, but that does not seem to matter. Each time I change the configuration, I am re-starting the J2EE engine.
Any suggestions would be greatly appreciated
ume.acl.validate_cached_acls=FALSE
ume.admin.account_privacy=FALSE
ume.admin.addattrs=
ume.admin.allow_selfmanagement=TRUE
ume.admin.auto_password=TRUE
ume.admin.create.redirect=
ume.admin.debug_internal=FALSE
ume.admin.display.redirect=
ume.admin.modify.redirect=
ume.admin.nocache=FALSE
ume.admin.password.migration=false
ume.admin.phone_check=TRUE
ume.admin.search_maxhits=1000
ume.admin.search_maxhits_warninglevel=200
ume.admin.self.addattrs=
ume.admin.selfreg_company=FALSE
ume.admin.selfreg_guest=TRUE
ume.admin.selfreg_sus=FALSE
ume.admin.selfreg_sus.adapterid=SUS
ume.admin.selfreg_sus.adminrole=
ume.admin.selfreg_sus.deletecall=TRUE
ume.allow_nested_groups=TRUE
ume.allow_nested_roles=FALSE
ume.authenticationFactory=com.sap.security.core.logon.imp.SAPJ2EEAuthenticator
ume.cache.acl.default_caching_time=1800
ume.cache.acl.initial_cache_size=10000
ume.cache.acl.permissions.default_caching_time=3600
ume.cache.acl.permissions.initial_cache_size=100
ume.cache.default_cache=distributableCache
ume.cache.group.default_caching_time=3600
ume.cache.group.initial_cache_size=500
ume.cache.notification_time=0
ume.cache.principal.default_caching_time=3600
ume.cache.principal.initial_cache_size=500
ume.cache.role.default_caching_time=3600
ume.cache.role.initial_cache_size=500
ume.cache.user.default_caching_time=3600
ume.cache.user.initial_cache_size=500
ume.cache.user_account.default_caching_time=3600
ume.cache.user_account.initial_cache_size=500
ume.company_groups.description_template=Company ume.company_groups.displayname_template= ()
ume.company_groups.enabled=FALSE
ume.company_groups.guestusercompany_enabled=TRUE
ume.company_groups.guestusercompany_name=Guest Users
ume.db.connection_pool.j2ee.is_unicode=FALSE
ume.db.connection_pool.j2ee.jta_transaction_support_enabled=FALSE
ume.db.connection_pool.j2ee.xatransactions_used=FALSE
ume.db.connection_pool_type=SAP/BC_UME
ume.db.or_search.max_arguments=50
ume.db.parent_search.max_arguments=300
ume.db.use_default_transaction_isolation=FALSE
ume.ldap.access.action_retrial=2
ume.ldap.access.auxiliary_naming_attribute.grup=
ume.ldap.access.auxiliary_naming_attribute.uacc=
ume.ldap.access.auxiliary_naming_attribute.user=
ume.ldap.access.auxiliary_objectclass.grup=
ume.ldap.access.auxiliary_objectclass.uacc=
ume.ldap.access.auxiliary_objectclass.user=
ume.ldap.access.base_path.grup=DC\=left,DC\=sand
ume.ldap.access.base_path.uacc=
ume.ldap.access.base_path.user=DC\=sand
ume.ldap.access.context_factory=com.sun.jndi.ldap.LdapCtxFactory
ume.ldap.access.creation_path.grup=
ume.ldap.access.creation_path.uacc=
ume.ldap.access.creation_path.user=
ume.ldap.access.dynamic_group_attribute=
ume.ldap.access.dynamic_groups=FALSE
ume.ldap.access.flat_group_hierachy=MIXED
ume.ldap.access.msads.control_attribute=userAccountControl
ume.ldap.access.msads.control_value=512
ume.ldap.access.msads.grouptype.attribute=grouptype
ume.ldap.access.msads.grouptype.value=4
ume.ldap.access.multidomain.enabled=FALSE
ume.ldap.access.naming_attribute.grup=ou
ume.ldap.access.naming_attribute.uacc=
ume.ldap.access.naming_attribute.user=
ume.ldap.access.objectclass.grup=group
ume.ldap.access.objectclass.uacc=
ume.ldap.access.objectclass.user=
ume.ldap.access.server_name=myserver
ume.ldap.access.server_port=3232
ume.ldap.access.server_type=
ume.ldap.access.size_limit=0
ume.ldap.access.ssl=FALSE
ume.ldap.access.ssl_socket_factory=com.sap.security.core.server.https.SecureConnectionFactory
ume.ldap.access.time_limit=0
ume.ldap.access.user=domain
svc_user
ume.ldap.access.user_as_account=TRUE
ume.ldap.blocked_accounts=Administrator,Guest
ume.ldap.blocked_groups=Administrators,Guests
ume.ldap.blocked_users=Administrator,Guest
ume.ldap.cache_lifetime=300
ume.ldap.cache_size=100
ume.ldap.connection_pool.connect_timeout=0
ume.ldap.connection_pool.max_connection_usage_time_check_interval=120000
ume.ldap.connection_pool.max_idle_connections=5
ume.ldap.connection_pool.max_idle_time=300000
ume.ldap.connection_pool.max_size=10
ume.ldap.connection_pool.max_wait_time=60000
ume.ldap.connection_pool.min_size=1
ume.ldap.connection_pool.monitor_level=0
ume.ldap.connection_pool.retrial=5
ume.ldap.connection_pool.retrial_interval=10000
ume.ldap.default_group_member=cn\=DUMMY_MEMBER_FOR_UME
ume.ldap.default_group_member.enabled=FALSE
ume.ldap.record_access=FALSE
ume.ldap.unique_grup_attribute=
ume.ldap.unique_uacc_attribute=samaccountname
ume.ldap.unique_user_attribute=samaccountname
ume.persistence.batch.page_size=25
ume.persistence.data_source_configuration=dataSourceConfiguration_ads_deep_readonly_db.xml
ume.persistence.pcd_roles_data_source_configuration=dataSourceConfiguration_PCDRoles.xml
ume.persistence.ume_roles_data_source_configuration=dataSourceConfiguration_UMERoles.xml
ume.principal.cache_group_hierarchy=TRUE
ume.principal.cache_indirect_parents=TRUE
ume.principal.cache_role_hierarchy=TRUE
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Doug,
I request your help on this. I am faced with a similar issue.
In my WinAD system, one user can be stored in multiple groups. However, the tree-structure is also present in my Windows AD hierarchy. Hence I am either using a Flat hierarchy or a Mixed hierarchy.
Changing the Datasource Configuration file to a Flat Readonly didn't solve the issue. The AD group path mentioned is correct and hence the group is visible in EP. However, I am not sure what should the UserPath be (As for now, I have kept it the same as the Group path).
Request you to please let me know what should the userpath be.
Rgds,
Sree
Hi
Do u want user use the field in ldap as login userid in Portal to enable singel sign-on ?
Or you only need to change the display name ?
Perhaps it can help you
http://help.sap.com/saphelp_nw04/helpdata/en/1a/2bee408a63732ae10000000a155106/content.htm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.