cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

uniquename in LDAP Configuration

Former Member

on ‎12-19-2006 11:47 AM

0 Kudos

Hello,

we have successfully implemented SPnego and have our AD Forest (Global Catalog) available in the portal (selectively by setting the AD field we defined for UME unique ID in ConfigTool).

Now: In the Datasource-Configuration XML there is a mapping for "uniquename" to a physical attribute (in our case samaccountname). What does this exactly do? I can see the attribute in the Portal in the User Management as "LogonID". Is there any rule to which attribute I should map uniquename? If I search for users, I can find them anyway, I do not need to search for the samaccountname.

Any help appreciated.

Regards,

Markus

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎12-22-2006 8:38 AM
0 Kudos

Hi,

The uniquename can be mapped to any attribute in AD which is unique between all user.

samaccountname is the most usual, but some people use userPrincipalName. UserPrincipalName is samaccountname@<domain>. If you have users from multiple domains which should logon to the portal(you can have multiple LDAP connection in SAP systems), you basically need to use userPrincipalName, because samaccountname is not guranteed to be unique between the domains.

SPNEGO is done using userPrinicipalName (since this is the way kerberos is done), but internally in your SAP system, the samaccountname is extracted from the userPrincipalName in the kerberos ticket and used onwards.

Regards

Dagfinn

Show replies
Show replies
Former Member
‎12-28-2006 11:12 PM
0 Kudos

Hello,

just to get things clear: I didnt mean the "use UME unique ID with unique LDAP attribute" field in the UME LDAP data settings in Configtool but the uniquename attribute in the datasource config XML. I thought, the definitive mapping between portal and LDAP is done via the unique UME ID <-> unique LDAP attribute thing. That's why we created a new real unique, never changing and non-semantic LDAP attribute (employeeID) in Active Directory. So, why do I need the uniquename in the XML?

We didnt use multiple LDAP connections (maximum 5) but only one that goes to the global catalog of our forest. Considering this, is there even greater importance for the uniquename attribute mapping? At the moment, it is samaccountname and we dont experience problems with that. Except that sometimes (for whatever reason), search actions in the Portal User Administration take quite a long time.

Regards,

Markus

Ask a Question