07-27-2006 8:30 PM
I have configured our Portal UME LDAP to use Microsoft Active Directory (AD) with the ads_readonly_db. To test, we created a service account user. The test worked and allowed me to see the users in the service account ou via the User Administration, Identity Management. The example of the configuration for this test:
OU=ServiceAccounts,OU=ADMIN,DC=ActiveDirectory
We want to use this to access our employees in AD, but cannot see any of the users in AD when we view under User Administration, Identity Management. We changed the configuration to the CN where the employee IDs are in AD. The example is:
CN=EMPLOYEES,OU=ADMIN,DC=ActiveDirectory
Can anyone offer suggestions to help us get AD working in our portal?
Thanks.
07-30-2006 12:02 PM
Hi Wally,
Let me see if I'm getting you right: You tested the scenario once when the users store was the ServiceAccount OU and once with Employees OU?
You can configure the ume to look for users at OU=Admin,DC=ActiveDirectory. The search is recursive, so both the users under ServiceAccounts and Employees will be viewable in user management.
Eric
07-30-2006 12:02 PM
Hi Wally,
Let me see if I'm getting you right: You tested the scenario once when the users store was the ServiceAccount OU and once with Employees OU?
You can configure the ume to look for users at OU=Admin,DC=ActiveDirectory. The search is recursive, so both the users under ServiceAccounts and Employees will be viewable in user management.
Eric
08-10-2006 7:09 PM
We tested users in the Service Account OU and could see the users there. However, the Employees are a CN (group), not an OU. We did get it working by pointing to the root of Active Directory, but we see all the accounts, machines, service accounts. All we really want to access is the Employee GROUP. We also defined UME with DEEP instead of FLAT. Finally, if an ID exists in LDAP (active directory), the same ID could not exist in the SAP Portal. The user received a login error and couldn't log onto the portal.
10-15-2006 6:41 PM
Hi Wally,
Check what type of hierarchy you have under the directory server:
http://help.sap.com/saphelp_nw04/helpdata/en/09/c5ee407552742ae10000000a155106/frameset.htm
Depending on that, you can configure UME to use the DEEP or FLAT hierarchy. The main difference is in the objectclass that UME uses in order to search for the users, i.e.
(&(objectclass=[the one you use])(samaccountname=[user id]))
The given above is a sample search filter, where it is asumed that you have configured UME to use for the unique user ID the 'samaccountname' attribue.