cancel
Showing results for 
Search instead for 
Did you mean: 

How to connect the combined WAS to an LDAP server?

Former Member
0 Kudos

Hello,

When we installed the Combined AS ABAP + Java installation we have configured the dataSourceConfiguration_abap.xml as the datasource, meaning the users are being created on the ABAP Database.

We would like to connect now the WAS to our LDAP server in order to benefit from managing the users over there and in order to allow users SSO to the portal, meaning: Once they are logged in to their station and browse to the portal they won't need to enter their credentials on a login screen but will be logged-in automatically.

I have previously successfully configured SSO like this but when the WAS was Java only and not a double stack where the ABAP feeds the Java with it's users.

Given this, what are the options we have to implement this, since according to SAP Note 718383: "Once you have chosen this data source configuration, you cannot change to any other data source configuration".

Roy

Accepted Solutions (1)

Accepted Solutions (1)

former_member185954
Active Contributor
0 Kudos

To allow the use of directory services for SAP systems, the SAP Web Application Server is delivered with the LDAP Connector. The LDAP Connector controls the information flow between the SAP Web Application Server and a directory server.

Check the following link for the LDAP connector:

http://help.sap.com/saphelp_erp2005vp/helpdata/en/e6/0bfa3823e5d841e10000000a11402f/frameset.htm

Regards,

Siddhesh

Former Member
0 Kudos

Thank you for the link Siddhesh.

I have few questions:

1. When I configured a Java only WAS I didn't need to implement the information on this link. Does this information valid only when you want to connect the ABAP WAS?

2. After implementing this the WAS will take it's users from the LDAP Server and this mean (correct me if I'm wrong) that the Datasource will change. Doesn't this contradicts SAP Note 718383 I have mentioned before?

Roy

former_member185954
Active Contributor
0 Kudos

Hi Roy,

It depends on how you install the Java only WAS. I believe in the installation steps, you are allowed to choose your UME data source, if you select the LDAP as the source, no further configuration is required.

However if you installed a ABAPJava instance I am not sure whether such option is available cause with an ABAPJava instance you have the SAP database which stores user information.

The link i gave you is for synchronizing existing users in your ABAP instance with your LDAP server.

Check this link:

http://help.sap.com/saphelp_erp2005vp/helpdata/en/95/49cb3a663bfc70e10000000a114084/frameset.htm

Regards,

Siddhesh

Former Member
0 Kudos

Hi Siddhesh,

Thanks again, What happen to the users we already created with the same login name and password as their LDAP credentials after the synchronization process? Will we need to delete these users before that?

Roy

former_member185954
Active Contributor
0 Kudos

Hi,

The note that you mentioned says that if you have already installed your UME and are now trying to change it to point to LDAP, you need to take care of some restrictions.

It further asks you to check what is the entry present in your In "cluster-data -> Global server configuration -> services -> com.sap.security.core.ume.service" the property "ume.persistence.data_source_configuration".

If you have dataSourceConfiguration_database_only.xml:

....

if you have dataSourceConfiguration_abap.xml:

....

and so on..

So the note tells you what options you have if you did not select LDAP as UME source while installing.

However the link I gave you talks about using the LDAP connector to synchronize existing ABAP users with the LDAP directory service.

Regards.

Siddhesh

former_member185954
Active Contributor
0 Kudos

Hi Roy,

Honestly speaking I haven't implemented this and so I do not know exactly what happens, although I have studied this option for an implementation so its all theory

I suggest you can try a test system and see how it goes, or wait on this thread and hope that someone who has implemented this feature replies.

Regards,

Siddhesh

Answers (1)

Answers (1)

Former Member
0 Kudos

Roy,

Were you able to get this solution to work? I am researching for the same and looking for documentation/steps for the same. Do you have anything handy that you would be able to share?

Regards

Amish