Skip to Content
0
Jun 30, 2006 at 12:18 PM

Using two directory servers for User Management and Single Sign On

24 Views

Hi all,

I'm facing the scenario where a customer uses MS ADS for authentication of users but uses Novell eDirectory for Identity Management purposes. They want to connect eDir to a CUA system for ABAP role upload and user synchronisation and in addition use the groups and ou's in eDir to bind the users to Portal roles.

The users should access the Portal via SSO (so in my opinion ADS Kerberos authentication should be used) but all the additional info should be taken from the eDir (such as group memberships, ou's). So this is NOT the scenario for two LDAP servers as stated in help.sap.com

I know how to configure Kerberos SSO (via SPNego) but this means to modify dhe datasourceADS.xml file for the ADS, while all other details should be read from eDir.

Is it possible to configure the UME so it takes the Kerberos from ADS but all user related data from eDir, other than using IISProxy?

much obliged

Marcel Rabe