Skip to Content
0
Jul 10, 2007 at 05:18 PM

UME: Multiple DataSource (LDAP and System ABAP)

249 Views

Hi gurus,

We have installed in our environment the following systems:

Solution Manager 4.0 SP6 (AS ABAP - CUA)

Enterprise Portal 7.0 SP6 (AS Java)

LDAP Active Directory

We want that when a user access to the Portal, check the existence of this user in the LDAP and system ABAP; we use multiple dataSource.

In order to do it, we imported the following file:

[code]<?xml version="1.0" encoding="UTF-8"?>

<!-- dataSourceConfiguration_abap.xml from SAP Note 718383 -->

<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">

<dataSources>

<dataSource id="PRIVATE_DATASOURCE"

className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"

isReadonly="false" isPrimary="true">

<homeFor>

<principals>

<principal type="account">

<nameSpace name="$serviceUser$">

<attribute name="SERVICEUSER_ATTRIBUTE">

<values>

<value>IS_SERVICEUSER</value>

</values>

</attribute>

</nameSpace>

</principal>

<principal type="user">

<nameSpace name="$serviceUser$">

<attribute name="SERVICEUSER_ATTRIBUTE">

<values>

<value>IS_SERVICEUSER</value>

</values>

</attribute>

</nameSpace>

</principal>

<principal type="group"/>

<principal type="team"/>

<principal type="ROOT"/>

<principal type="OOOO"/>

</principals>

</homeFor>

<notHomeFor/>

<responsibleFor>

<principals>

<principal type="account"/>

<principal type="user"/>

<principal type="group"/>

<principal type="team"/>

<principal type="ROOT"/>

<principal type="OOOO"/>

</principals>

</responsibleFor>

<notResponsibleFor/>

<privateSection/>

</dataSource>

<dataSource id="R3_DATASOURCE"

className="com.sap.security.core.persistence.datasource.imp.R3Persistence"

isReadonly="false" isPrimary="true">

<homeFor>

<principals>

<principal type="user"/>

<principal type="account"/>

</principals>

</homeFor>

<notHomeFor>

<principal type="user">

<nameSpace name="$serviceUser$">

<attribute name="SERVICEUSER_ATTRIBUTE">

<values>

<value>IS_SERVICEUSER</value>

</values>

</attribute>

</nameSpace>

</principal>

<principal type="account">

<nameSpace name="$serviceUser$">

<attribute name="SERVICEUSER_ATTRIBUTE">

<values>

<value>IS_SERVICEUSER</value>

</values>

</attribute>

</nameSpace>

</principal>

</notHomeFor>

<responsibleFor>

<principals>

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="uniquename"/>

<attribute name="firstname"/>

<attribute name="lastname"/>

<attribute name="salutation"/>

<attribute name="title"/>

<attribute name="jobtitle"/>

<attribute name="department"/>

<attribute name="email"/>

<attribute name="telephone"/>

<attribute name="mobile"/>

<attribute name="fax"/>

<attribute name="locale"/>

<attribute name="timezone"/>

<attribute name="referenceuser"/>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="account">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="j_user"/>

<attribute name="j_password"/>

<attribute name="validfrom"/>

<attribute name="validto"/>

<attribute name="islocked"/>

<attribute name="lockreason"/>

<attribute name="passwordchangerequired"/>

<attribute name="userid"/>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

</principals>

</responsibleFor>

<notResponsibleFor/>

<attributeMapping/>

<privateSection/>

</dataSource>

<dataSource id="R3_ROLE_DS"

className="com.sap.security.core.persistence.datasource.imp.R3RoleDataSource"

isReadonly="true" isPrimary="true">

<homeFor/>

<notHomeFor/>

<responsibleFor>

<principals>

<principal type="group">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="description"/>

<attribute name="displayname"/>

<attribute name="uniquename"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

</principals>

</responsibleFor>

<notResponsibleFor/>

<attributeMapping/>

<privateSection>

<ume.r3.roles.user_datasource_id>R3_DATASOURCE</ume.r3.roles.user_datasource_id>

</privateSection>

</dataSource>

<dataSource id="SPAIN_LDAP"

className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"

isReadonly="true"

isPrimary="true">

<homeFor>

<principals>

<principal type="group"/>

<principal type="user"/>

<principal type="account"/>

<principal type="team"/>

<principal type="ROOT" />

<principal type="OOOO" />

</principals>

</homeFor>

<notHomeFor/>

<responsibleFor>

<principals>

<principal type="group"/>

<principal type="user"/>

<principal type="account"/>

<principal type="team"/>

<principal type="ROOT" />

<principal type="OOOO" />

</principals>

</responsibleFor>

<privateSection>

<ume.ldap.access.server_name>host</ume.ldap.access.server_name>

<ume.ldap.access.server_port>389</ume.ldap.access.server_port>

<ume.ldap.access.user>user</ume.ldap.access.user>

<ume.ldap.access.password>password</ume.ldap.access.password>

<ume.ldap.access.base_path.user>path_user</ume.ldap.access.base_path.user>

<ume.ldap.access.base_path.grup>path_group</ume.ldap.access.base_path.grup>

<privateSection>

</dataSource>

</dataSources>[/code]

In configtool those data are saved correctly (configuration LDAP and System ABAP)

Also, modify the properties:

[code]ume.persistence.data_source_configuration = mydataSource.xml

ume.superadmin.activated = TRUE

ume.superadmin.password = pass[/code]

In the System ABAP create 2 user: TEST1 (rol: "SAP_BC_JSF_COMMUNICATION_RO") and TEST2 (rol: "SAP_J2EE_ADMIN")

There aren't users duplicated in systems (All users of Portal, Solution Manager and LDAP are diferent)

When we restart the J2EE Engine (stopsap - startsap), the server doesn't run ("Error: 503 Service unavailable, Dispatcher running but no server connected"). What's happening??

Is correct the file that we imported??

I hope to explain itself correctly...

King regards